From b50b3430bec32d1ca7997e70154ca90c2e19c1ba Mon Sep 17 00:00:00 2001
From: JohnZheng <johnzhengaz@gmail.com>
Date: Wed, 15 Aug 2018 02:42:16 +0800
Subject: [PATCH] Disable locksmithd on CoreOS if coreos_auto_upgrade set to
 false (#3088)

* Disable locksmithd on CoreOS if coreos_auto_upgrade set to false

* change when format to support multiple-condition
---
 inventory/sample/group_vars/all.yml           | 3 +++
 roles/bootstrap-os/defaults/main.yml          | 3 +++
 roles/bootstrap-os/tasks/bootstrap-coreos.yml | 5 +++++
 3 files changed, 11 insertions(+)

diff --git a/inventory/sample/group_vars/all.yml b/inventory/sample/group_vars/all.yml
index d856d064c..65e8c6590 100644
--- a/inventory/sample/group_vars/all.yml
+++ b/inventory/sample/group_vars/all.yml
@@ -131,3 +131,6 @@ bin_dir: /usr/local/bin
 
 # The read-only port for the Kubelet to serve on with no authentication/authorization. Uncomment to enable.
 #kube_read_only_port: 10255
+
+# Does coreos need auto upgrade, default is true
+#coreos_auto_upgrade: true
\ No newline at end of file
diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml
index c191ebd2b..5d2f7321a 100644
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -4,3 +4,6 @@ pip_python_coreos_modules:
   - six
 
 override_system_hostname: true
+
+
+coreos_auto_upgrade: true
diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
index d446cf282..ef82b7bde 100644
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -62,3 +62,8 @@
   with_items: "{{pip_python_coreos_modules}}"
   environment:
     PATH: "{{ ansible_env.PATH }}:{{ bin_dir }}"
+
+- name: Bootstrap | Disable auto-upgrade
+  shell: "systemctl stop locksmithd.service && systemctl mask --now locksmithd.service"
+  when:
+    - not coreos_auto_upgrade
-- 
GitLab