diff --git a/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml b/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml index 0792c000..01ffc8a5 100644 --- a/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml +++ b/ansible/roles/openshift-4-cluster/tasks/post-install-storage-nfs.yml @@ -19,7 +19,7 @@ - name: Set nfs_server ansible.builtin.set_fact: nfs_server: "nfs-server" - when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '8' + when: ansible_os_family == "RedHat" and (ansible_distribution_major_version == '8' or ansible_distribution_major_version == '9') - name: Ensure nfs is running. ansible.builtin.service: diff --git a/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-9.yml b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-9.yml new file mode 100644 index 00000000..fad10b9b --- /dev/null +++ b/ansible/roles/openshift-4-cluster/tasks/prepare-host-Rocky-9.yml @@ -0,0 +1,73 @@ +--- +- name: Installing KVM Packages + ansible.builtin.package: + name: + - "@virtualization-hypervisor" + - "@virtualization-client" + - "@virtualization-platform" + - "@virtualization-tools" + # ansible virt need lxml + - python3-lxml + - firewalld + state: present + +- name: Upgrade all packages + ansible.builtin.package: + name: '*' + state: latest + register: update + +- name: Check if new kernel has been installed and local execution + ansible.builtin.set_fact: + hetzner_ocp4_prepare_host_reboot_needed: true + when: + - update.changed + - update.results | select('match','Installed:.*kernel.*') | length > 0 + tags: + - skip_ansible_lint + +- name: Enable & Start firewalld + ansible.builtin.service: + name: firewalld + state: started + enabled: true + +- name: Allow NFS traffic from VM's to Host + ansible.posix.firewalld: + zone: libvirt + state: enabled + permanent: yes + service: "{{ item }}" + with_items: + - nfs + - mountd + - rpc-bind + notify: 'reload firewalld' + +- name: Allow OpenShift traffic from VM's to Host + ansible.posix.firewalld: + zone: libvirt + state: enabled + permanent: yes + port: "{{ item }}" + with_items: + - 80/tcp + - 443/tcp + - 6443/tcp + - 22623/tcp + notify: 'reload firewalld' + +- name: Allow OpenShift traffic from public to Host + ansible.posix.firewalld: + zone: public + state: enabled + permanent: yes + port: "{{ item }}" + with_items: + - 80/tcp + - 443/tcp + - 6443/tcp + notify: 'reload firewalld' + +- name: firewalld reload + ansible.builtin.command: firewall-cmd --reload diff --git a/docs/release-notes.md b/docs/release-notes.md index 2483797f..b559b1df 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -12,7 +12,7 @@ * Handling reboot after new kernel is installed * [Added support for remote execution (execute playbooks on your laptop)](remote-execution.md) * Added `install_config_capabilities` configuration - + * Added Rocky Linux 9 support ## 2022-06-19