From e22bad1f8d43715e8f5d1a6ca79bd62bbfd7a8a0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 14 Jan 2024 22:59:46 +0100
Subject: [PATCH 001/365] test workflows release

---
 .github/workflows/release.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0f52fd332..f5634d3a1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,8 +1,9 @@
 name: Release on Ansible Galaxy
 on:
   workflow_dispatch:
-  push:
-    branches: ["main"]
+  # Not needed anymore, since branch protection
+  #push:
+  #  branches: ["main"]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ "develop" ]

From e8bd5c8937c17ec5472272b1d451cc1ba34f938d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 14 Jan 2024 23:45:23 +0100
Subject: [PATCH 002/365] readme

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e4a039c18..0ef1199d5 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,10 @@ With Ansible:
 
 * OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)   
 
-Add-on from my part:   
-* Some part which were manual in Clemenko procedure are automated with Ansible (like the upload or NFS mount)  
+
+Add-on from my part, some part which were manual in Clemenko procedure are automated with Ansible like:
+
+* the upload or NFS mount  
 
 * Some flexibility about path (possible to export or mount NFS in choosen place)  
 
@@ -65,8 +67,6 @@ Add-on from my part:
      
     * Complete directory inside `./plugins/inventory/hosts.yml`.   
 
-NB: `make` alone display options and descriptions. 
-
 2. Build your package by running (works on Debian-like and Redhat-like):  
 ```sh 
 ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory

From a85f0e03742a5dd94695569b9664aae3704e7eb3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 12:26:05 +0100
Subject: [PATCH 003/365] workflow lint

---
 .github/workflows/lint.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/workflows/lint.yml

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 000000000..e0b469bf1
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,13 @@
+name: ansible-lint
+on:
+  pull_request:
+    branches: ["develop"]
+jobs:
+  build:
+    name: Ansible Lint # Naming the build is important to use it as a status check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
\ No newline at end of file

From 26d01fa3c0ce679e45d434f8fbdb3462b478534c Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Mon, 15 Jan 2024 11:26:20 +0000
Subject: [PATCH 004/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2639086eb..3288f0fc1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.2 (2024-01-14)
+## 1.0.2 (2024-01-15)
 
 Versions:
   - rke2 version: 1.26.11

From e006362a9f4e6624845b6d987dfdc62be54170fb Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 12:37:30 +0100
Subject: [PATCH 005/365] workflow lint

---
 .github/workflows/lint.yml    | 6 +++++-
 .github/workflows/version.yml | 4 +++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index e0b469bf1..92288e28a 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,13 +1,17 @@
 name: ansible-lint
 on:
+  workflow_dispatch:
+  #push:
+  #  branches: ["develop"]
   pull_request:
     branches: ["develop"]
+
 jobs:
   build:
     name: Ansible Lint # Naming the build is important to use it as a status check
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      
+
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
\ No newline at end of file
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index 219442b04..1b820af35 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -1,7 +1,9 @@
 name: Release on Ansible Galaxy
 on:
   workflow_dispatch:
-  push:
+  #push:
+  #  branches: ["develop"]
+  pull_request:
     branches: ["develop"]
 
 jobs:

From ce34f9a5553ac7e0d8ba40a350bb19259735a235 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 12:48:08 +0100
Subject: [PATCH 006/365] release 1.0.3

---
 CHANGELOG.md | 4 ++--
 galaxy.yml   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3288f0fc1..39d51f7b3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,11 +19,11 @@ Features ✨
     - Deploy local registry and images loaded inside.
     - Setup firewalld rules if needed.
     - Make "master_ip" and "domain" parametrable.
-  - Script to uninstall everything. 
   - Deploy longhorn with custom datapath.
   - Deploy Rancher with custom password.
   - Deploy Neuvector.
   - Script to containerize in an Execution-Env.
+  - Script to uninstall everything
 <!-- End Features -->
 
 <!-- Fix -->
@@ -40,5 +40,5 @@ Bugfix 🐞
 <!-- Security -->
 Security 🔒️
   - Branch protect
-  - Github Workflows to release.
+  - Github Workflows to release and lint.
 <!-- End Security -->
diff --git a/galaxy.yml b/galaxy.yml
index eea78bfd9..e426a0ca0 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -2,7 +2,7 @@
 ### REQUIRED
 namespace: mozebaltyk
 name: rkub
-version: 1.0.2
+version: 1.0.3
 
 readme: README.md
 

From 0d9d6ac6a732219df6338a3f97897c775d950c6c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:13:34 +0100
Subject: [PATCH 007/365] test lint

---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 92288e28a..afaef9b2f 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -4,7 +4,7 @@ on:
   #push:
   #  branches: ["develop"]
   pull_request:
-    branches: ["develop"]
+    branches: ["main"]
 
 jobs:
   build:

From 258df9608d9af3fc3d416b47fd26366aefdda951 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:21:23 +0100
Subject: [PATCH 008/365] test versionning

---
 .github/workflows/lint.yml    | 3 +--
 .github/workflows/release.yml | 7 ++++---
 .github/workflows/version.yml | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index afaef9b2f..c3158f87e 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,8 +1,7 @@
 name: ansible-lint
 on:
   workflow_dispatch:
-  #push:
-  #  branches: ["develop"]
+
   pull_request:
     branches: ["main"]
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f5634d3a1..716454881 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,9 +4,10 @@ on:
   # Not needed anymore, since branch protection
   #push:
   #  branches: ["main"]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "develop" ]
+  
+  # The branches below must be a subset of the branches above  
+  #pull_request:
+  #  branches: [ "main" ]
 
 jobs:
   release:
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index 1b820af35..8dde527bf 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -4,7 +4,7 @@ on:
   #push:
   #  branches: ["develop"]
   pull_request:
-    branches: ["develop"]
+    branches: ["main"]
 
 jobs:
   readme:

From e7776dc87ddf42c773e2d166224cfef8a95f6527 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:26:58 +0100
Subject: [PATCH 009/365] test versionning

---
 .github/actions/update-readme/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index af92ab847..ebed92a1f 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -53,4 +53,4 @@ runs:
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md
         [[ -z $(git status -uno --porcelain) ]] && echo "No need to commit..." || git commit -m "⚡ Update README & CHANGELOG"
-        git push origin
\ No newline at end of file
+        git push origin HEAD:${{ github.ref_name }}
\ No newline at end of file

From 0bdf2160364384a6c79bb4e9fbf4cd697a51dc05 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:30:24 +0100
Subject: [PATCH 010/365] test versionning

---
 .github/actions/update-readme/action.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index ebed92a1f..afbd1cd3e 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -47,10 +47,17 @@ runs:
         sed -i -n -e "1,/<\!-- Release -->/ p" -e"/<\!-- End Release -->/,$ p" -e "/<\!-- Release -->/ r version.txt" CHANGELOG.md
 
     # Git push 
+    - name: Set env.BRANCH
+      run: echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3)" >> $GITHUB_ENV
+
+    - name: Is develop branch?
+      if: env.BRANCH == 'develop'
+      run: echo "This is 'develop' branch"
+
     - shell: bash
       run: |
         git config user.name github-actions
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md
         [[ -z $(git status -uno --porcelain) ]] && echo "No need to commit..." || git commit -m "⚡ Update README & CHANGELOG"
-        git push origin HEAD:${{ github.ref_name }}
\ No newline at end of file
+        git push origin HEAD:$(echo $GITHUB_REF | cut -d'/' -f 3)
\ No newline at end of file

From 4d38d5bfe9c7fb8274b26061d55fa061e0fb5b2d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:34:37 +0100
Subject: [PATCH 011/365] correct actions update-readme

---
 .github/actions/update-readme/action.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index afbd1cd3e..f826438c3 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -48,10 +48,12 @@ runs:
 
     # Git push 
     - name: Set env.BRANCH
+      shell: bash
       run: echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3)" >> $GITHUB_ENV
 
     - name: Is develop branch?
       if: env.BRANCH == 'develop'
+      shell: bash
       run: echo "This is 'develop' branch"
 
     - shell: bash

From c7de58823c7bc0551ccbe31a5b3f729e05b20dc4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:45:03 +0100
Subject: [PATCH 012/365] correct actions update-readme

---
 .github/actions/update-readme/action.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index f826438c3..f683a2dc6 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -52,9 +52,11 @@ runs:
       run: echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3)" >> $GITHUB_ENV
 
     - name: Is develop branch?
-      if: env.BRANCH == 'develop'
       shell: bash
-      run: echo "This is 'develop' branch"
+      run: |
+        echo "${{ github.head_ref || github.ref_name }}"
+        echo "$GITHUB_REF"
+        echo "${{ env.BRANCH }}"
 
     - shell: bash
       run: |
@@ -62,4 +64,4 @@ runs:
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md
         [[ -z $(git status -uno --porcelain) ]] && echo "No need to commit..." || git commit -m "⚡ Update README & CHANGELOG"
-        git push origin HEAD:$(echo $GITHUB_REF | cut -d'/' -f 3)
\ No newline at end of file
+        git push origin HEAD:${{ github.head_ref || github.ref_name }}
\ No newline at end of file

From 53e45a8b2ed75eb25e90ea72e758ba9e37bd5c4d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:49:12 +0100
Subject: [PATCH 013/365] correct actions update-readme

---
 .github/actions/update-readme/action.yml | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index f683a2dc6..074557dc6 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -47,19 +47,14 @@ runs:
         sed -i -n -e "1,/<\!-- Release -->/ p" -e"/<\!-- End Release -->/,$ p" -e "/<\!-- Release -->/ r version.txt" CHANGELOG.md
 
     # Git push 
-    - name: Set env.BRANCH
-      shell: bash
-      run: echo "BRANCH=$(echo $GITHUB_REF | cut -d'/' -f 3)" >> $GITHUB_ENV
-
-    - name: Is develop branch?
+    - name: Which branch?
       shell: bash
       run: |
         echo "${{ github.head_ref || github.ref_name }}"
-        echo "$GITHUB_REF"
-        echo "${{ env.BRANCH }}"
 
     - shell: bash
       run: |
+        git pull
         git config user.name github-actions
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md

From bb0033d8d93e1ab2474dd7051abec38f6d65fc08 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 13:55:50 +0100
Subject: [PATCH 014/365] correct update-readme 1

---
 .github/actions/update-readme/action.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index 074557dc6..a607d0df5 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -54,7 +54,8 @@ runs:
 
     - shell: bash
       run: |
-        git pull
+        git checkout ${{ github.head_ref || github.ref_name }}
+        git pull remove ${{ github.head_ref || github.ref_name }}
         git config user.name github-actions
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md

From 6788b7bf815d95e34f6a83ecf24f80c9a4d40ab0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:05:58 +0100
Subject: [PATCH 015/365] correct update-readme 2

---
 .github/actions/update-readme/action.yml | 18 +++++++++++-------
 .github/workflows/version.yml            |  4 +---
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index a607d0df5..e353b3260 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -5,6 +5,16 @@ description: Update Readme and Changelog
 runs:
   using: composite
   steps:
+    # Checkout on branch where pull request
+    - name: Which branch?
+      shell: bash
+      run: |
+        echo "${{ github.head_ref || github.ref_name }}"
+
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref || github.ref_name }}
+
     # Update Readme 
     - shell: bash
       run: |
@@ -47,15 +57,9 @@ runs:
         sed -i -n -e "1,/<\!-- Release -->/ p" -e"/<\!-- End Release -->/,$ p" -e "/<\!-- Release -->/ r version.txt" CHANGELOG.md
 
     # Git push 
-    - name: Which branch?
-      shell: bash
-      run: |
-        echo "${{ github.head_ref || github.ref_name }}"
-
     - shell: bash
       run: |
-        git checkout ${{ github.head_ref || github.ref_name }}
-        git pull remove ${{ github.head_ref || github.ref_name }}
+        git pull remote ${{ github.head_ref || github.ref_name }}
         git config user.name github-actions
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index 8dde527bf..d7b561f1a 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -7,7 +7,7 @@ on:
     branches: ["main"]
 
 jobs:
-  readme:
+  version:
     runs-on: ubuntu-latest
     name: Update Versions
 
@@ -18,7 +18,5 @@ jobs:
       contents: write
 
     steps:
-      - uses: actions/checkout@v4
-
       - name: Update Readme and changelog
         uses: ./.github/actions/update-readme

From 8b113a132232ea97cede1e9726718442e8edcbfc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:07:16 +0100
Subject: [PATCH 016/365] correct update-readme 3

---
 .github/actions/update-readme/action.yml | 10 ----------
 .github/workflows/version.yml            | 10 ++++++++++
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index e353b3260..f42094084 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -5,16 +5,6 @@ description: Update Readme and Changelog
 runs:
   using: composite
   steps:
-    # Checkout on branch where pull request
-    - name: Which branch?
-      shell: bash
-      run: |
-        echo "${{ github.head_ref || github.ref_name }}"
-
-    - uses: actions/checkout@v4
-      with:
-        ref: ${{ github.head_ref || github.ref_name }}
-
     # Update Readme 
     - shell: bash
       run: |
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index d7b561f1a..b83626519 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -18,5 +18,15 @@ jobs:
       contents: write
 
     steps:
+      # Checkout on branch where pull request
+      - name: Which branch?
+        shell: bash
+        run: |
+          echo "${{ github.head_ref || github.ref_name }}"
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+
       - name: Update Readme and changelog
         uses: ./.github/actions/update-readme

From 70ff6b953f16b6d75e498ca3b11b558827476c78 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:08:51 +0100
Subject: [PATCH 017/365] correct update-readme 4

---
 .github/actions/update-readme/action.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index f42094084..9de73cadc 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -49,7 +49,6 @@ runs:
     # Git push 
     - shell: bash
       run: |
-        git pull remote ${{ github.head_ref || github.ref_name }}
         git config user.name github-actions
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md

From 07c037e681226d79a0ddedc208948ccf522bc93d Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Mon, 15 Jan 2024 13:09:10 +0000
Subject: [PATCH 018/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 39d51f7b3..7ebbb4bea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.2 (2024-01-15)
+## 1.0.3 (2024-01-15)
 
 Versions:
   - rke2 version: 1.26.11

From 6597e708a3233fed1e6b1bee64c3f8f45ebb0cab Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:17:53 +0100
Subject: [PATCH 019/365] correct lint

---
 .github/workflows/lint.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index c3158f87e..f8e85cbe8 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -10,7 +10,14 @@ jobs:
     name: Ansible Lint # Naming the build is important to use it as a status check
     runs-on: ubuntu-latest
     steps:
+      - name: Which branch?
+        shell: bash
+        run: |
+          echo "${{ github.head_ref || github.ref_name }}"
+
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
\ No newline at end of file

From 8e732559478d35e99fe3cdfa8a2f901a7add4def Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:30:21 +0100
Subject: [PATCH 020/365] correct lint 2

---
 .github/workflows/lint.yml    | 2 +-
 .github/workflows/version.yml | 2 +-
 galaxy.yml                    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index f8e85cbe8..70c71229a 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,4 +1,4 @@
-name: ansible-lint
+name: Lint
 on:
   workflow_dispatch:
 
diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml
index b83626519..d22eadae1 100644
--- a/.github/workflows/version.yml
+++ b/.github/workflows/version.yml
@@ -1,4 +1,4 @@
-name: Release on Ansible Galaxy
+name: Update README
 on:
   workflow_dispatch:
   #push:
diff --git a/galaxy.yml b/galaxy.yml
index e426a0ca0..eea78bfd9 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -2,7 +2,7 @@
 ### REQUIRED
 namespace: mozebaltyk
 name: rkub
-version: 1.0.3
+version: 1.0.2
 
 readme: README.md
 

From 49e69211800c5371c81d1917a45c9252bec60dfd Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Mon, 15 Jan 2024 13:30:38 +0000
Subject: [PATCH 021/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ebbb4bea..39d51f7b3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-15)
+## 1.0.2 (2024-01-15)
 
 Versions:
   - rke2 version: 1.26.11

From 77141b693f1a23990eff41390b58d74525ce1ad1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:34:53 +0100
Subject: [PATCH 022/365] correct workflows

---
 .github/{workflows => old}/lint.yml    |  0
 .github/{workflows => old}/version.yml |  0
 .github/workflows/build.yml            | 47 ++++++++++++++++++++++++++
 3 files changed, 47 insertions(+)
 rename .github/{workflows => old}/lint.yml (100%)
 rename .github/{workflows => old}/version.yml (100%)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/lint.yml b/.github/old/lint.yml
similarity index 100%
rename from .github/workflows/lint.yml
rename to .github/old/lint.yml
diff --git a/.github/workflows/version.yml b/.github/old/version.yml
similarity index 100%
rename from .github/workflows/version.yml
rename to .github/old/version.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..3ef40dbfa
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,47 @@
+name: Build
+on:
+  workflow_dispatch:
+
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Which branch?
+        shell: bash
+        run: |
+          echo "${{ github.head_ref || github.ref_name }}"
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
+
+  update:
+    runs-on: ubuntu-latest
+    name: Update Versions
+
+    if: github.repository == 'mozebaltyk/rkub'
+    permissions:
+      actions: write
+      checks: write
+      contents: write
+
+    steps:
+      # Checkout on branch where pull request
+      - name: Which branch?
+        shell: bash
+        run: |
+          echo "${{ github.head_ref || github.ref_name }}"
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+
+      - name: Update Readme and changelog
+        uses: ./.github/actions/update-readme
\ No newline at end of file

From 7db681464c22bb75d5dd29a428692b72c7cf4d30 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:35:31 +0100
Subject: [PATCH 023/365] correct workflows

---
 galaxy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/galaxy.yml b/galaxy.yml
index eea78bfd9..e426a0ca0 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -2,7 +2,7 @@
 ### REQUIRED
 namespace: mozebaltyk
 name: rkub
-version: 1.0.2
+version: 1.0.3
 
 readme: README.md
 

From 34bf1d376c4776b18a0089b47924f7b58ec7610a Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Mon, 15 Jan 2024 13:35:50 +0000
Subject: [PATCH 024/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 39d51f7b3..7ebbb4bea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.2 (2024-01-15)
+## 1.0.3 (2024-01-15)
 
 Versions:
   - rke2 version: 1.26.11

From 2737fcb48ebd16bf8fb34232f839e2bda11017a6 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 14:59:24 +0100
Subject: [PATCH 025/365] correct workflows

---
 .github/workflows/build.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3ef40dbfa..798a8969a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -19,12 +19,15 @@ jobs:
         with:
           ref: ${{ github.head_ref || github.ref_name }}
 
+      # step to install prerequis
+
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
 
   update:
-    runs-on: ubuntu-latest
     name: Update Versions
+    needs: lint
+    runs-on: ubuntu-latest
 
     if: github.repository == 'mozebaltyk/rkub'
     permissions:

From 337a477da33d35f3015a17f9bc1605decd6778f6 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 19:49:40 +0100
Subject: [PATCH 026/365] correct workflow and lint

---
 .github/old/lint.yml                         | 23 --------------
 .github/old/version.yml                      | 32 --------------------
 .github/workflows/build.yml                  |  6 ++++
 .github/workflows/release.yml                |  2 +-
 roles/build_airgap_package/tests/test.yml    |  2 +-
 roles/deploy_certmanager/tests/test.yml      |  2 +-
 roles/deploy_certmanager/vars/main.yml       |  2 --
 roles/install_rke2_common/tests/test.yml     |  2 +-
 roles/install_rke2_controller/tests/test.yml |  2 +-
 roles/install_utils_registry/tests/test.yml  |  2 +-
 roles/install_utils_registry/vars/main.yml   |  2 --
 roles/set_firewalld/tests/test.yml           |  2 +-
 roles/set_nfs_export/tests/test.yml          |  2 +-
 roles/set_nfs_export/vars/main.yml           |  2 --
 roles/set_nfs_mount/tests/test.yml           |  2 +-
 15 files changed, 15 insertions(+), 70 deletions(-)
 delete mode 100644 .github/old/lint.yml
 delete mode 100644 .github/old/version.yml
 delete mode 100644 roles/deploy_certmanager/vars/main.yml
 delete mode 100644 roles/install_utils_registry/vars/main.yml
 delete mode 100644 roles/set_nfs_export/vars/main.yml

diff --git a/.github/old/lint.yml b/.github/old/lint.yml
deleted file mode 100644
index 70c71229a..000000000
--- a/.github/old/lint.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: Lint
-on:
-  workflow_dispatch:
-
-  pull_request:
-    branches: ["main"]
-
-jobs:
-  build:
-    name: Ansible Lint # Naming the build is important to use it as a status check
-    runs-on: ubuntu-latest
-    steps:
-      - name: Which branch?
-        shell: bash
-        run: |
-          echo "${{ github.head_ref || github.ref_name }}"
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref || github.ref_name }}
-
-      - name: Run ansible-lint
-        uses: ansible/ansible-lint@main
\ No newline at end of file
diff --git a/.github/old/version.yml b/.github/old/version.yml
deleted file mode 100644
index d22eadae1..000000000
--- a/.github/old/version.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: Update README
-on:
-  workflow_dispatch:
-  #push:
-  #  branches: ["develop"]
-  pull_request:
-    branches: ["main"]
-
-jobs:
-  version:
-    runs-on: ubuntu-latest
-    name: Update Versions
-
-    if: github.repository == 'mozebaltyk/rkub'
-    permissions:
-      actions: write
-      checks: write
-      contents: write
-
-    steps:
-      # Checkout on branch where pull request
-      - name: Which branch?
-        shell: bash
-        run: |
-          echo "${{ github.head_ref || github.ref_name }}"
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref || github.ref_name }}
-
-      - name: Update Readme and changelog
-        uses: ./.github/actions/update-readme
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 798a8969a..a74d96a5e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -20,6 +20,12 @@ jobs:
           ref: ${{ github.head_ref || github.ref_name }}
 
       # step to install prerequis
+      - name: Install prerequis
+        shell: bash
+        run: |
+          pwd
+          ls
+          make prerequis
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 716454881..65180e20e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Release on Ansible Galaxy
+name: Release to Ansible Galaxy
 on:
   workflow_dispatch:
   # Not needed anymore, since branch protection
diff --git a/roles/build_airgap_package/tests/test.yml b/roles/build_airgap_package/tests/test.yml
index 38b2e13ba..cb82eba7d 100644
--- a/roles/build_airgap_package/tests/test.yml
+++ b/roles/build_airgap_package/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - build_airgap
+    - build_airgap_package
diff --git a/roles/deploy_certmanager/tests/test.yml b/roles/deploy_certmanager/tests/test.yml
index d377fd3e2..7b5bbb231 100644
--- a/roles/deploy_certmanager/tests/test.yml
+++ b/roles/deploy_certmanager/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - deploy_cert
+    - deploy_certmanager
diff --git a/roles/deploy_certmanager/vars/main.yml b/roles/deploy_certmanager/vars/main.yml
deleted file mode 100644
index 46e8b38e6..000000000
--- a/roles/deploy_certmanager/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for deploy_cert
diff --git a/roles/install_rke2_common/tests/test.yml b/roles/install_rke2_common/tests/test.yml
index 8844a1bff..f9e168282 100644
--- a/roles/install_rke2_common/tests/test.yml
+++ b/roles/install_rke2_common/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - install_common
+    - install_rke2_common
diff --git a/roles/install_rke2_controller/tests/test.yml b/roles/install_rke2_controller/tests/test.yml
index d63602c6b..e56cbb71f 100644
--- a/roles/install_rke2_controller/tests/test.yml
+++ b/roles/install_rke2_controller/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - install_controler
+    - install_rke2_controler
diff --git a/roles/install_utils_registry/tests/test.yml b/roles/install_utils_registry/tests/test.yml
index 50b7e1bef..ad3231ebe 100644
--- a/roles/install_utils_registry/tests/test.yml
+++ b/roles/install_utils_registry/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - install_local_registry
+    - install_utils_registry
diff --git a/roles/install_utils_registry/vars/main.yml b/roles/install_utils_registry/vars/main.yml
deleted file mode 100644
index a9d100751..000000000
--- a/roles/install_utils_registry/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for install_local_registry
diff --git a/roles/set_firewalld/tests/test.yml b/roles/set_firewalld/tests/test.yml
index 67768aa7d..1ac4cbf2e 100644
--- a/roles/set_firewalld/tests/test.yml
+++ b/roles/set_firewalld/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - firewalld
\ No newline at end of file
+    - set_firewalld
\ No newline at end of file
diff --git a/roles/set_nfs_export/tests/test.yml b/roles/set_nfs_export/tests/test.yml
index 1cde05bbc..63fff5b4c 100644
--- a/roles/set_nfs_export/tests/test.yml
+++ b/roles/set_nfs_export/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - export_nfs
+    - set_nfs_export
diff --git a/roles/set_nfs_export/vars/main.yml b/roles/set_nfs_export/vars/main.yml
deleted file mode 100644
index 9deb28589..000000000
--- a/roles/set_nfs_export/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for export_nfs
diff --git a/roles/set_nfs_mount/tests/test.yml b/roles/set_nfs_mount/tests/test.yml
index 10177c473..f43f41373 100644
--- a/roles/set_nfs_mount/tests/test.yml
+++ b/roles/set_nfs_mount/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - mount_nfs
+    - set_nfs_mount

From 052173b13f170fa8248b80161f61f7e3bdb3dee0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 19:54:45 +0100
Subject: [PATCH 027/365] correct workflow and lint

---
 .github/workflows/build.yml | 2 --
 scripts/prerequis/Makefile  | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a74d96a5e..cf99cb6f6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,8 +23,6 @@ jobs:
       - name: Install prerequis
         shell: bash
         run: |
-          pwd
-          ls
           make prerequis
 
       - name: Run ansible-lint
diff --git a/scripts/prerequis/Makefile b/scripts/prerequis/Makefile
index c17c495d8..67cf6c16d 100755
--- a/scripts/prerequis/Makefile
+++ b/scripts/prerequis/Makefile
@@ -27,7 +27,7 @@ collections:
 	@printf "\e[1;34m[INFO]\e[m ## Install Ansible Collections dependencies ##\n"
 	@ansible-galaxy install -r ../../meta/ee-requirements.yml
 	@printf "\e[1;34m[INFO]\e[m ## Install $(REPO) version $(VERSION) ##\n"       
-	@ansible-galaxy collection install git+$(REPO).git,$(VERSION)
+	@ansible-galaxy collection install git+$(REPO).git
 	@printf "\e[1;32m[OK]\e[m Ansible Collections installed.\n"
 
 .PHONY: pythons

From 12a59879e0e5148ce2dee0de35cb6747d10f2f9b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 20:02:03 +0100
Subject: [PATCH 028/365] correct lint

---
 roles/install_rke2_controller/tests/test.yml | 2 +-
 roles/uninstall_rkub/tests/test.yml          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/install_rke2_controller/tests/test.yml b/roles/install_rke2_controller/tests/test.yml
index e56cbb71f..dad9a84df 100644
--- a/roles/install_rke2_controller/tests/test.yml
+++ b/roles/install_rke2_controller/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - install_rke2_controler
+    - install_rke2_controller
diff --git a/roles/uninstall_rkub/tests/test.yml b/roles/uninstall_rkub/tests/test.yml
index 5027bb43c..5f039fd24 100644
--- a/roles/uninstall_rkub/tests/test.yml
+++ b/roles/uninstall_rkub/tests/test.yml
@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - uninstall_rke2
+    - uninstall_rkub

From 9bbbf6fd8daa6015d332077c7fd6b6a2c74fd17c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 20:09:55 +0100
Subject: [PATCH 029/365] correct lint

---
 .github/actions/update-readme/action.yml | 8 ++++----
 .github/workflows/build.yml              | 1 +
 .github/workflows/release.yml            | 1 +
 README.md                                | 1 +
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index 9de73cadc..e06843af0 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -5,7 +5,7 @@ description: Update Readme and Changelog
 runs:
   using: composite
   steps:
-    # Update Readme 
+    # Update Readme
     - shell: bash
       run: |
         rke2_version=$(yq -r .global_rke2_version playbooks/vars/main.yml)
@@ -38,15 +38,15 @@ runs:
 
         Versions:
           - rke2 version: ${rke2_version}
-          - cert-manager version: ${cert_version}    
-          - rancher version: ${rancher_version} 
+          - cert-manager version: ${cert_version}
+          - rancher version: ${rancher_version}
           - longhorn version: ${longhorn_version}
           - neuvector version: ${neuvector_version}
         EOF
 
         sed -i -n -e "1,/<\!-- Release -->/ p" -e"/<\!-- End Release -->/,$ p" -e "/<\!-- Release -->/ r version.txt" CHANGELOG.md
 
-    # Git push 
+    # Git push
     - shell: bash
       run: |
         git config user.name github-actions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index cf99cb6f6..46ffcb2ca 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,3 +1,4 @@
+---
 name: Build
 on:
   workflow_dispatch:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 65180e20e..5a5554738 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,3 +1,4 @@
+---
 name: Release to Ansible Galaxy
 on:
   workflow_dispatch:
diff --git a/README.md b/README.md
index 0ef1199d5..bce09c3d6 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,7 @@
 Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
+![Ansible Lint](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
 
 

From d8bae2de8b1637757d17bac27ad25ac740ee4bce Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 20:20:53 +0100
Subject: [PATCH 030/365] correct lint

---
 .github/workflows/build.yml   | 4 +++-
 .github/workflows/release.yml | 8 ++++----
 .yamllint                     | 1 +
 galaxy.yml                    | 8 ++++----
 4 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 46ffcb2ca..6d3dc5d8d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -52,4 +52,6 @@ jobs:
           ref: ${{ github.head_ref || github.ref_name }}
 
       - name: Update Readme and changelog
-        uses: ./.github/actions/update-readme
\ No newline at end of file
+        uses: ./.github/actions/update-readme
+        targets: "./"
+        args: "-c .ansible-lint"
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5a5554738..8debb611c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,8 +5,8 @@ on:
   # Not needed anymore, since branch protection
   #push:
   #  branches: ["main"]
-  
-  # The branches below must be a subset of the branches above  
+
+  # The branches below must be a subset of the branches above
   #pull_request:
   #  branches: [ "main" ]
 
@@ -31,7 +31,7 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
-      
+
       - run: git pull
 
       - name: Set up Python
@@ -77,7 +77,7 @@ jobs:
         run: |
           ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY
 
-      # GH tag and release 
+      # GH tag and release
       - name: Create release tag
         run: |
           git config user.name github-actions
diff --git a/.yamllint b/.yamllint
index bc0e4f2b4..759cb289d 100644
--- a/.yamllint
+++ b/.yamllint
@@ -1,3 +1,4 @@
+---
 # Based on ansible-lint config
 extends: default
 
diff --git a/galaxy.yml b/galaxy.yml
index e426a0ca0..aecfb3d0c 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -16,14 +16,14 @@ description: >
 license:
 - Apache-2.0
 
-tags: 
+tags:
   - devops
   - kubernetes
   - k8s
   - rancher
   - rke2
   - longhorn
-  - neuvector 
+  - neuvector
   - ansible
   - airgap
   - collection
@@ -39,8 +39,8 @@ issues: https://github.com/MozeBaltyk/rkub/issues
 
 build_ignore:
   - .gitignore
-  - '.*.swp' 
-  - .govmomi 
+  - '.*.swp'
+  - .govmomi
   - '.terraform*'
   - 'terraform.tfstate*'
   - .DS_Store

From fbf2a15dcbb7712e73f9eeebef795d69c963df8c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 20:23:33 +0100
Subject: [PATCH 031/365] correct lint

---
 .github/workflows/build.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6d3dc5d8d..41ccfe2cf 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,6 +28,9 @@ jobs:
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
+        with:
+          targets: "./"
+          args: "-c .ansible-lint"
 
   update:
     name: Update Versions
@@ -52,6 +55,4 @@ jobs:
           ref: ${{ github.head_ref || github.ref_name }}
 
       - name: Update Readme and changelog
-        uses: ./.github/actions/update-readme
-        targets: "./"
-        args: "-c .ansible-lint"
\ No newline at end of file
+        uses: ./.github/actions/update-readme
\ No newline at end of file

From ac060e12787bf8597cc3730a8eeff527aa6e50bd Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 15 Jan 2024 20:25:21 +0100
Subject: [PATCH 032/365] troubleshoot lint

---
 .github/workflows/build.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 41ccfe2cf..eb1b2df47 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,6 +15,8 @@ jobs:
         shell: bash
         run: |
           echo "${{ github.head_ref || github.ref_name }}"
+          pwd
+          ls -la
 
       - uses: actions/checkout@v4
         with:
@@ -30,7 +32,6 @@ jobs:
         uses: ansible/ansible-lint@main
         with:
           targets: "./"
-          args: "-c .ansible-lint"
 
   update:
     name: Update Versions

From 54eccb2f3fff723a0ffed3d2af963bff0a2653b1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 09:02:34 +0100
Subject: [PATCH 033/365] lint corrections

---
 .github/workflows/build.yml              |  2 -
 roles/deploy_longhorn/tasks/install.yml  |  6 +-
 roles/set_firewalld/handlers/main.yml    |  2 +-
 roles/set_nfs_mount/tasks/rhel.yml       |  4 +-
 roles/uninstall_rkub/meta/main.yml       |  2 +-
 roles/uninstall_rkub/tasks/uninstall.yml | 78 ++++++++++++------------
 roles/uninstall_rkub/tasks/utils.yml     |  3 +-
 roles/uninstall_rkub/tests/test.yml      |  3 +-
 roles/upload_package_zst/meta/main.yml   |  2 +-
 roles/upload_package_zst/tasks/main.yml  |  5 +-
 roles/upload_package_zst/tests/test.yml  |  3 +-
 11 files changed, 56 insertions(+), 54 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index eb1b2df47..4090f1cd2 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -15,8 +15,6 @@ jobs:
         shell: bash
         run: |
           echo "${{ github.head_ref || github.ref_name }}"
-          pwd
-          ls -la
 
       - uses: actions/checkout@v4
         with:
diff --git a/roles/deploy_longhorn/tasks/install.yml b/roles/deploy_longhorn/tasks/install.yml
index 538ce7aff..36ccecdf0 100644
--- a/roles/deploy_longhorn/tasks/install.yml
+++ b/roles/deploy_longhorn/tasks/install.yml
@@ -1,12 +1,12 @@
 # Install and start iscsid 
 - block:
   - name: Ensure iscsi-initiator-utils package is installed on Redhat based OS
-    dnf:
+    ansible.builtin.dnf:
       name:  iscsi-initiator-utils
       state: present
 
   - name: Start and enable iscsid
-    systemd:
+    ansible.builtin.systemd:
       name: iscsid
       state: started
       enabled: yes
@@ -21,4 +21,4 @@
     path: "{{ longhorn_datapath }}"
     state: directory
     recurse: true
-    mode: '0750'
\ No newline at end of file
+    mode: '0750'
diff --git a/roles/set_firewalld/handlers/main.yml b/roles/set_firewalld/handlers/main.yml
index c1076245c..0f17c49a2 100644
--- a/roles/set_firewalld/handlers/main.yml
+++ b/roles/set_firewalld/handlers/main.yml
@@ -2,6 +2,6 @@
 # handlers file for firewalld
 
 - name: restart firewalld
-  systemd:
+  ansible.builtin.systemd:
     name: firewalld
     state: restarted
diff --git a/roles/set_nfs_mount/tasks/rhel.yml b/roles/set_nfs_mount/tasks/rhel.yml
index 6b1c4d074..32314fb8d 100644
--- a/roles/set_nfs_mount/tasks/rhel.yml
+++ b/roles/set_nfs_mount/tasks/rhel.yml
@@ -1,7 +1,7 @@
 # mount NFS directory
 - block:
   - name: Install NFS packages
-    dnf:
+    ansible.builtin.dnf:
       name: "{{ item }}"
       state: present
     with_items:
@@ -29,4 +29,4 @@
   become: true
   when:
     - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
\ No newline at end of file
+    - ansible_distribution_major_version | int >= 8
diff --git a/roles/uninstall_rkub/meta/main.yml b/roles/uninstall_rkub/meta/main.yml
index 89894653b..093d7b927 100644
--- a/roles/uninstall_rkub/meta/main.yml
+++ b/roles/uninstall_rkub/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.12.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/uninstall_rkub/tasks/uninstall.yml b/roles/uninstall_rkub/tasks/uninstall.yml
index 57c05718d..a8ff75b61 100644
--- a/roles/uninstall_rkub/tasks/uninstall.yml
+++ b/roles/uninstall_rkub/tasks/uninstall.yml
@@ -1,46 +1,48 @@
+---
 - name: Stop and uninstall RKE2
   become: true
-  block:      
-  - name: Stop RKE2 server
-    ansible.builtin.systemd:
-      name: "rke2-server.service"
-      state: stopped
-    failed_when: false
+  block:
+    - name: Stop RKE2 server
+      ansible.builtin.systemd:
+        name: "rke2-server.service"
+        state: stopped
+      failed_when: false
 
-  - name: Stop RKE2 agent
-    ansible.builtin.systemd:
-      name: "rke2-agent.service"
-      state: stopped
-    failed_when: false
+    - name: Stop RKE2 agent
+      ansible.builtin.systemd:
+        name: "rke2-agent.service"
+        state: stopped
+      failed_when: false
 
-  - name: Uninstall RKE2
-    ansible.builtin.shell: /usr/local/bin/rke2-uninstall.sh
-    failed_when: false
+    - name: Uninstall RKE2
+      ansible.builtin.shell: set -o pipefail && /usr/local/bin/rke2-uninstall.sh
+      failed_when: false
+      changed_when: false
 
 # Longhorn removal
-- block:
-  - name: 'collect longhorn files'
-    find:
-      paths: "{{ longhorn_datapath }}"
-      hidden: True
-      recurse: True
-      # file_type: any  # Added in ansible 2.3
-    register: collected_files
+- name: Longhorn removal
+  block:
+    - name: Collect longhorn files
+      ansible.builtin.find:
+        paths: "{{ longhorn_datapath }}"
+        hidden: true
+        recurse: true
+      register: collected_files
 
-  - name: 'collect longhorn directories'
-    find:
-      paths: "{{ longhorn_datapath }}"
-      hidden: True
-      recurse: True
-      file_type: directory
-    register: collected_directories
+    - name: Collect longhorn directories
+      ansible.builtin.find:
+        paths: "{{ longhorn_datapath }}"
+        hidden: true
+        recurse: true
+        file_type: directory
+      register: collected_directories
 
-  - name: remove collected files and directories
-    file:
-      path: "{{ item['path'] }}"
-      state: absent
-    with_items: >
-      {{
-        collected_files.files
-        + collected_directories.files
-      }}
+    - name: Remove collected files and directories
+      ansible.builtin.file:
+        path: "{{ item['path'] }}"
+        state: absent
+      with_items: >
+        {{
+          collected_files.files
+          + collected_directories.files
+        }}
diff --git a/roles/uninstall_rkub/tasks/utils.yml b/roles/uninstall_rkub/tasks/utils.yml
index f83176f8e..53d9dc4fb 100644
--- a/roles/uninstall_rkub/tasks/utils.yml
+++ b/roles/uninstall_rkub/tasks/utils.yml
@@ -1,4 +1,5 @@
-- name: Remove Helm 
+---
+- name: Remove Helm
   ansible.builtin.file:
     path: /usr/local/bin/helm
     state: absent
diff --git a/roles/uninstall_rkub/tests/test.yml b/roles/uninstall_rkub/tests/test.yml
index 5f039fd24..dbdeb2ca8 100644
--- a/roles/uninstall_rkub/tests/test.yml
+++ b/roles/uninstall_rkub/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: test
+  hosts: localhost
   remote_user: root
   roles:
     - uninstall_rkub
diff --git a/roles/upload_package_zst/meta/main.yml b/roles/upload_package_zst/meta/main.yml
index 08d692a71..97caad08b 100644
--- a/roles/upload_package_zst/meta/main.yml
+++ b/roles/upload_package_zst/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.12.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/upload_package_zst/tasks/main.yml b/roles/upload_package_zst/tasks/main.yml
index b3eb42671..09bec8298 100644
--- a/roles/upload_package_zst/tasks/main.yml
+++ b/roles/upload_package_zst/tasks/main.yml
@@ -35,7 +35,7 @@
   become: true
   when:
     - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8 
+    - ansible_distribution_major_version | int >= 8
 
 - name: Ensure target directory exist and accessible to connexion user
   ansible.builtin.file:
@@ -58,5 +58,4 @@
   ansible.builtin.unarchive:
     src: "{{ global_directory_package_target }}/{{ global_package_name }}"
     dest: "{{ global_directory_package_target }}/rancher"
-    remote_src: true
- 
\ No newline at end of file
+    remote_src: true
\ No newline at end of file
diff --git a/roles/upload_package_zst/tests/test.yml b/roles/upload_package_zst/tests/test.yml
index fce0e4fd3..3a4ebe1d2 100644
--- a/roles/upload_package_zst/tests/test.yml
+++ b/roles/upload_package_zst/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: test
+  hosts: localhost
   remote_user: root
   roles:
     - upload_package_zst

From b8201ca00b68b68e47d8cb4be38906ae678a7e4f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 09:14:21 +0100
Subject: [PATCH 034/365] lint corrections

---
 roles/build_airgap_package/tests/test.yml    |   3 +-
 roles/deploy_certmanager/tests/test.yml      |   3 +-
 roles/deploy_longhorn/tests/test.yml         |   3 +-
 roles/deploy_neuvector/tests/test.yml        |   3 +-
 roles/deploy_rancher/tests/test.yml          |   3 +-
 roles/install_rke2_common/tests/test.yml     |   3 +-
 roles/install_rke2_controller/tests/test.yml |   3 +-
 roles/install_rke2_worker/tests/test.yml     |   3 +-
 roles/install_utils_nerdctl/tests/test.yml   |   3 +-
 roles/install_utils_registry/tests/test.yml  |   3 +-
 roles/set_firewalld/tests/test.yml           |   3 +-
 roles/set_nfs_export/tests/test.yml          |   3 +-
 roles/set_nfs_mount/tests/test.yml           |   3 +-
 roles/uninstall_rkub/tasks/admin.yml         |   9 +-
 roles/uninstall_rkub/tasks/nfs.yml           | 103 +++++++++----------
 roles/uninstall_rkub/tests/test.yml          |   2 +-
 roles/upload_package_zst/tests/test.yml      |   2 +-
 17 files changed, 84 insertions(+), 71 deletions(-)

diff --git a/roles/build_airgap_package/tests/test.yml b/roles/build_airgap_package/tests/test.yml
index cb82eba7d..12d9eee0a 100644
--- a/roles/build_airgap_package/tests/test.yml
+++ b/roles/build_airgap_package/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - build_airgap_package
diff --git a/roles/deploy_certmanager/tests/test.yml b/roles/deploy_certmanager/tests/test.yml
index 7b5bbb231..e2ba1a6d7 100644
--- a/roles/deploy_certmanager/tests/test.yml
+++ b/roles/deploy_certmanager/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - deploy_certmanager
diff --git a/roles/deploy_longhorn/tests/test.yml b/roles/deploy_longhorn/tests/test.yml
index b347a1fdc..90171086d 100644
--- a/roles/deploy_longhorn/tests/test.yml
+++ b/roles/deploy_longhorn/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - deploy_longhorn
diff --git a/roles/deploy_neuvector/tests/test.yml b/roles/deploy_neuvector/tests/test.yml
index 77d871a9d..851c514ce 100644
--- a/roles/deploy_neuvector/tests/test.yml
+++ b/roles/deploy_neuvector/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - deploy_neuvector
diff --git a/roles/deploy_rancher/tests/test.yml b/roles/deploy_rancher/tests/test.yml
index 353fc6766..412a2dc5f 100644
--- a/roles/deploy_rancher/tests/test.yml
+++ b/roles/deploy_rancher/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - deploy_rancher
diff --git a/roles/install_rke2_common/tests/test.yml b/roles/install_rke2_common/tests/test.yml
index f9e168282..2cdc275d8 100644
--- a/roles/install_rke2_common/tests/test.yml
+++ b/roles/install_rke2_common/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - install_rke2_common
diff --git a/roles/install_rke2_controller/tests/test.yml b/roles/install_rke2_controller/tests/test.yml
index dad9a84df..e5e1fd5e4 100644
--- a/roles/install_rke2_controller/tests/test.yml
+++ b/roles/install_rke2_controller/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - install_rke2_controller
diff --git a/roles/install_rke2_worker/tests/test.yml b/roles/install_rke2_worker/tests/test.yml
index 4f63b9488..a5cba8a3a 100644
--- a/roles/install_rke2_worker/tests/test.yml
+++ b/roles/install_rke2_worker/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - install_rke2_worker
diff --git a/roles/install_utils_nerdctl/tests/test.yml b/roles/install_utils_nerdctl/tests/test.yml
index d84884926..3c30556b7 100644
--- a/roles/install_utils_nerdctl/tests/test.yml
+++ b/roles/install_utils_nerdctl/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - install_utils_nerdctl
diff --git a/roles/install_utils_registry/tests/test.yml b/roles/install_utils_registry/tests/test.yml
index ad3231ebe..639d9522b 100644
--- a/roles/install_utils_registry/tests/test.yml
+++ b/roles/install_utils_registry/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - install_utils_registry
diff --git a/roles/set_firewalld/tests/test.yml b/roles/set_firewalld/tests/test.yml
index 1ac4cbf2e..1cc260b87 100644
--- a/roles/set_firewalld/tests/test.yml
+++ b/roles/set_firewalld/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - set_firewalld
\ No newline at end of file
diff --git a/roles/set_nfs_export/tests/test.yml b/roles/set_nfs_export/tests/test.yml
index 63fff5b4c..7e4dc23d9 100644
--- a/roles/set_nfs_export/tests/test.yml
+++ b/roles/set_nfs_export/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - set_nfs_export
diff --git a/roles/set_nfs_mount/tests/test.yml b/roles/set_nfs_mount/tests/test.yml
index f43f41373..6c82a5dfb 100644
--- a/roles/set_nfs_mount/tests/test.yml
+++ b/roles/set_nfs_mount/tests/test.yml
@@ -1,5 +1,6 @@
 ---
-- hosts: localhost
+- name: Test
+  hosts: localhost
   remote_user: root
   roles:
     - set_nfs_mount
diff --git a/roles/uninstall_rkub/tasks/admin.yml b/roles/uninstall_rkub/tasks/admin.yml
index cc9828640..1a7e8ccf9 100644
--- a/roles/uninstall_rkub/tasks/admin.yml
+++ b/roles/uninstall_rkub/tasks/admin.yml
@@ -1,9 +1,10 @@
+---
 - name: Remove admin user (if different from root)
   ansible.builtin.user:
     name: "{{ admin_user }}"
     state: absent
-    remove: yes
+    remove: true
   failed_when: false
-  when: 
-    - admin_user is defined 
-    - admin_user != "root" 
\ No newline at end of file
+  when:
+    - admin_user is defined
+    - admin_user != "root"
\ No newline at end of file
diff --git a/roles/uninstall_rkub/tasks/nfs.yml b/roles/uninstall_rkub/tasks/nfs.yml
index fc91f6a24..6161e58e2 100644
--- a/roles/uninstall_rkub/tasks/nfs.yml
+++ b/roles/uninstall_rkub/tasks/nfs.yml
@@ -1,58 +1,57 @@
-- block:
-
-  - name: Unmount NFS share
-    ansible.posix.mount:
-      path: "{{ nfs_mount_path }}"
-      state: unmounted
-
-  - name: Remove NFS entry from /etc/fstab
-    ansible.builtin.lineinfile:
-      path: /etc/fstab
-      regexp: ".*{{ nfs_mount_path }} nfs.*"
-      state: absent
-
-  - name: Remove mount directory
-    ansible.builtin.file:
-      path: "{{ nfs_mount_path }}"
-      state: absent
-
-  - name: Share out directory via NFS
-    ansible.builtin.lineinfile:
-      path: /etc/exports
-      line: "{{ export_nfs_path }} *(ro)"
-      state: absent
-
-  - name: Remove NFS packages
-    ansible.builtin.dnf:
-      name: "{{ item }}"
-      state: absent
-    with_items:
-      - nfs-utils
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8
-
+---
+- name: Remove NFS
   become: true
+  block:
+    - name: Unmount NFS share
+      ansible.posix.mount:
+        path: "{{ nfs_mount_path }}"
+        state: unmounted
+
+    - name: Remove NFS entry from /etc/fstab
+      ansible.builtin.lineinfile:
+        path: /etc/fstab
+        regexp: ".*{{ nfs_mount_path }} nfs.*"
+        state: absent
+
+    - name: Remove mount directory
+      ansible.builtin.file:
+        path: "{{ nfs_mount_path }}"
+        state: absent
+
+    - name: Share out directory via NFS
+      ansible.builtin.lineinfile:
+        path: /etc/exports
+        line: "{{ export_nfs_path }} *(ro)"
+        state: absent
+
+    - name: Remove NFS packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: absent
+      with_items:
+        - nfs-utils
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8
 
 # Remove NFS firewalld 
-- block: 
-
-  - name: firewalld NFS port enabled 
-    ansible.posix.firewalld:
-      service: "{{ item }}"
-      permanent: true
-      state: disabled 
-    loop:
-      - nfs
-      - mountd
-      - rpc-bind
-
-  - name: Always reload firewalld
-    ansible.builtin.service:
-      name: firewalld
-      state: reloaded
-
+- name: Remove NFS Firewalld
   become: true
   when:
     - ansible_facts['services']['firewalld.service'] is defined
-    - ansible_facts['services']['firewalld.service']['state'] == "running"
\ No newline at end of file
+    - ansible_facts['services']['firewalld.service']['state'] == "running"
+  block: 
+    - name: Firewalld NFS port enabled
+      ansible.posix.firewalld:
+        service: "{{ item }}"
+        permanent: true
+        state: disabled 
+      loop:
+        - nfs
+        - mountd
+        - rpc-bind
+
+    - name: Always reload firewalld
+      ansible.builtin.service:
+        name: firewalld
+        state: reloaded
\ No newline at end of file
diff --git a/roles/uninstall_rkub/tests/test.yml b/roles/uninstall_rkub/tests/test.yml
index dbdeb2ca8..10d995253 100644
--- a/roles/uninstall_rkub/tests/test.yml
+++ b/roles/uninstall_rkub/tests/test.yml
@@ -1,5 +1,5 @@
 ---
-- name: test
+- name: Test
   hosts: localhost
   remote_user: root
   roles:
diff --git a/roles/upload_package_zst/tests/test.yml b/roles/upload_package_zst/tests/test.yml
index 3a4ebe1d2..8acfbe189 100644
--- a/roles/upload_package_zst/tests/test.yml
+++ b/roles/upload_package_zst/tests/test.yml
@@ -1,5 +1,5 @@
 ---
-- name: test
+- name: Test
   hosts: localhost
   remote_user: root
   roles:

From 0b36582baf31840fec1d1b1fcb28cf44cdd3a048 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 10:55:24 +0100
Subject: [PATCH 035/365] Test in build.yml

---
 .github/workflows/build.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4090f1cd2..e47501d87 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -25,6 +25,7 @@ jobs:
         shell: bash
         run: |
           make prerequis
+          pwd && ls
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
@@ -54,4 +55,4 @@ jobs:
           ref: ${{ github.head_ref || github.ref_name }}
 
       - name: Update Readme and changelog
-        uses: ./.github/actions/update-readme
\ No newline at end of file
+        uses: ./.github/actions/update-readme

From 0d2da5cc52f2785041801bfd822ddaa6b3f67cb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:02:47 +0100
Subject: [PATCH 036/365] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index bce09c3d6..3ed1f45c1 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
-![Ansible Lint](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
+[![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
 
 

From 6a5bcff4dfb6c6469e1b190199ff8278431e9887 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:06:58 +0100
Subject: [PATCH 037/365] Update .ansible_lint

---
 .ansible_lint | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.ansible_lint b/.ansible_lint
index 688759be0..ffbcb81f8 100644
--- a/.ansible_lint
+++ b/.ansible_lint
@@ -15,3 +15,4 @@ exclude_paths:
   
 skip_list:
   - yaml[line-length]
+  - var-naming[no-role-prefix]

From 3a01aa08069c244c2e741b9da58fb9de2b1443dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:07:34 +0100
Subject: [PATCH 038/365] Update build.yml

---
 .github/workflows/build.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e47501d87..8414afb87 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -25,7 +25,6 @@ jobs:
         shell: bash
         run: |
           make prerequis
-          pwd && ls
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main

From 60ab01e5f5a9f3fe67b1ae7cf26081899a26ecbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:13:24 +0100
Subject: [PATCH 039/365] Update .ansible_lint

---
 .ansible_lint | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.ansible_lint b/.ansible_lint
index ffbcb81f8..1180be144 100644
--- a/.ansible_lint
+++ b/.ansible_lint
@@ -9,8 +9,6 @@ exclude_paths:
   - .github/
   - molecule/
   - docs/
-  - .ansible-lint
-  - .yamllint
   - scripts/
   
 skip_list:

From f678535c812457c74a1e7f044e793391200ac18d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:16:15 +0100
Subject: [PATCH 040/365] Update build.yml

---
 .github/workflows/build.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8414afb87..36634f87e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,8 +28,6 @@ jobs:
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
-        with:
-          targets: "./"
 
   update:
     name: Update Versions

From fdf3dfe5a386d51d464346b8ed93f61f86af93f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:20:57 +0100
Subject: [PATCH 041/365] Rename .ansible_lint to .ansible-lint

---
 .ansible_lint => .ansible-lint | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .ansible_lint => .ansible-lint (100%)

diff --git a/.ansible_lint b/.ansible-lint
similarity index 100%
rename from .ansible_lint
rename to .ansible-lint

From 259513e45652fc4db61010face05862672a24b2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:32:55 +0100
Subject: [PATCH 042/365] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3ed1f45c1..eabe15b0b 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
-
+![Ansible Lint](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
 
 ## Description
 

From 978ce43fd41814859840d8589d54447ae492052b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:33:49 +0100
Subject: [PATCH 043/365] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index eabe15b0b..452c77fe0 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
-![Ansible Lint](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
+[![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
 
 ## Description
 

From d779a29405ad901deddf613f905b0ea8e88d1b40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:34:24 +0100
Subject: [PATCH 044/365] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 452c77fe0..c56a00e18 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
-[![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
+[![Ansible-lint]](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
 
 ## Description
 

From a8765baf2bf692702307ef922c180f8cf6133f13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:34:53 +0100
Subject: [PATCH 045/365] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c56a00e18..404dd79a0 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
-[![Ansible-lint]](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
+![Ansible-lint](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
 
 ## Description
 

From 90ccafd655253aa001516b68ee367a687647c8cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:35:40 +0100
Subject: [PATCH 046/365] Update README.md

---
 README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README.md b/README.md
index 404dd79a0..9dfd050cd 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,6 @@
 Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
-[![Ansible-lint](https://img.shields.io/badge/Ansible--lint-rules-blue.svg)](https://github.com/MozeBaltyk/rkub/workflows/build/badge.svg)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
 ![Ansible-lint](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
 

From 07e98622f3625f1119071412f6cc839d789ee5f0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 12:07:00 +0100
Subject: [PATCH 047/365] small corrections

---
 .ansible-lint                                  | 4 +++-
 playbooks/tasks/build.yml                      | 2 +-
 playbooks/tasks/install.yml                    | 4 ++--
 playbooks/tasks/longhorn.yml                   | 3 ++-
 playbooks/tasks/neuvector.yml                  | 3 ++-
 playbooks/tasks/rancher.yml                    | 3 ++-
 playbooks/tasks/uninstall.yml                  | 3 ++-
 playbooks/tasks/upload.yml                     | 3 ++-
 playbooks/vars/main.yml                        | 9 +++++----
 roles/build_airgap_package/defaults/main.yml   | 2 +-
 roles/build_airgap_package/meta/main.yml       | 2 +-
 roles/build_airgap_package/tasks/compress.yml  | 3 ++-
 roles/build_airgap_package/tasks/helm.yml      | 4 +++-
 roles/build_airgap_package/tasks/images.yml    | 3 ++-
 roles/build_airgap_package/tasks/prerequis.yml | 1 +
 roles/build_airgap_package/tasks/rke2.yml      | 2 +-
 roles/build_airgap_package/tasks/utils.yml     | 1 +
 17 files changed, 33 insertions(+), 19 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 1180be144..5692932a0 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -10,7 +10,9 @@ exclude_paths:
   - molecule/
   - docs/
   - scripts/
-  
+
 skip_list:
   - yaml[line-length]
   - var-naming[no-role-prefix]
+  - command-instead-of-module
+  - var-naming[pattern]
\ No newline at end of file
diff --git a/playbooks/tasks/build.yml b/playbooks/tasks/build.yml
index 407453fa2..4d44b92ac 100644
--- a/playbooks/tasks/build.yml
+++ b/playbooks/tasks/build.yml
@@ -6,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: build
   roles:
-  - {role: build_airgap_package, tags: package,}
\ No newline at end of file
+    - {role: build_airgap_package, tags: package}
\ No newline at end of file
diff --git a/playbooks/tasks/install.yml b/playbooks/tasks/install.yml
index 1026926aa..01f519a64 100644
--- a/playbooks/tasks/install.yml
+++ b/playbooks/tasks/install.yml
@@ -6,7 +6,7 @@
   vars_files: ../vars/main.yml
   tags: controller
   roles:
-    - {role: install_rke2_controller, tags: rke2,}
+    - {role: install_rke2_controller, tags: rke2}
 
 - name: Install RKE2 Workers
   hosts: RKE2_WORKERS
@@ -15,4 +15,4 @@
   vars_files: ../vars/main.yml
   tags: worker
   roles:
-    - {role: install_rke2_worker, tags: rke2,}
\ No newline at end of file
+    - {role: install_rke2_worker, tags: rke2}
\ No newline at end of file
diff --git a/playbooks/tasks/longhorn.yml b/playbooks/tasks/longhorn.yml
index 38d356d48..be204551a 100644
--- a/playbooks/tasks/longhorn.yml
+++ b/playbooks/tasks/longhorn.yml
@@ -1,3 +1,4 @@
+---
 - name: Install Longhorn
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: true
@@ -5,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: [ controller, worker ]
   roles:
-    - {role: deploy_longhorn, tags: longhorn,}
\ No newline at end of file
+    - {role: deploy_longhorn, tags: longhorn}
\ No newline at end of file
diff --git a/playbooks/tasks/neuvector.yml b/playbooks/tasks/neuvector.yml
index 12be6a45e..a2e48ded4 100644
--- a/playbooks/tasks/neuvector.yml
+++ b/playbooks/tasks/neuvector.yml
@@ -1,3 +1,4 @@
+---
 - name: Install Neuvector
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: true
@@ -5,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: [ controller, worker ]
   roles:
-    - {role: deploy_neuvector, tags: neuvector,}
\ No newline at end of file
+    - {role: deploy_neuvector, tags: neuvector}
\ No newline at end of file
diff --git a/playbooks/tasks/rancher.yml b/playbooks/tasks/rancher.yml
index 58d36b0ae..f099d6ecb 100644
--- a/playbooks/tasks/rancher.yml
+++ b/playbooks/tasks/rancher.yml
@@ -1,3 +1,4 @@
+---
 - name: Install Rancher
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: true
@@ -5,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: [ controller, worker ]
   roles:
-    - {role: deploy_rancher, tags: rancher,}
\ No newline at end of file
+    - {role: deploy_rancher, tags: rancher}
\ No newline at end of file
diff --git a/playbooks/tasks/uninstall.yml b/playbooks/tasks/uninstall.yml
index e00093440..340fcfa7a 100644
--- a/playbooks/tasks/uninstall.yml
+++ b/playbooks/tasks/uninstall.yml
@@ -1,3 +1,4 @@
+---
 - name: uninstall RKE2
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: false
@@ -5,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: controler, worker
   roles:
-  - {role: uninstall_rkub, tags: uninstall,}
\ No newline at end of file
+    - {role: uninstall_rkub, tags: uninstall}
\ No newline at end of file
diff --git a/playbooks/tasks/upload.yml b/playbooks/tasks/upload.yml
index 14ecbd00c..fbf3fee7d 100644
--- a/playbooks/tasks/upload.yml
+++ b/playbooks/tasks/upload.yml
@@ -1,3 +1,4 @@
+---
 - name: Dowload Rkub package on first controler
   hosts: RKE2_CONTROLLERS[0]
   gather_facts: false
@@ -5,4 +6,4 @@
     - ../vars/main.yml
   tags: controler
   roles:
-    - {role: upload_package_zst, tags: upload,}
+    - {role: upload_package_zst, tags: upload}
\ No newline at end of file
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 09623ea00..ef2996e8e 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -1,10 +1,11 @@
+---
 # Version products
 global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
-global_CERT_VERSION: "1.13.3"    
-global_RANCHER_VERSION: "2.8.0" 
+global_CERT_VERSION: "1.13.3"
+global_RANCHER_VERSION: "2.8.0"
 global_LONGHORN_VERSION: "1.5.3"
-global_NEU_VERSION: "2.6.6"     
+global_NEU_VERSION: "2.6.6"
 
 # extras RPM
 global_rke2_common_repo_version: "v{{ rke2_version }}%2Brke2r1"           #.stable.0
@@ -33,7 +34,7 @@ global_data_dir:  "/rke2"
 global_cluster_cidr: "10.42.0.0/16" #Default Value
 global_service_cidr: "10.43.0.0/16" #Default Value
 
-# Longhorn 
+# Longhorn
 default_longhorn_datapath: "{{ global_directory_package_target }}/longhorn"
 global_longhorn_datapath: "{{ datapath | default(default_longhorn_datapath) }}"
 
diff --git a/roles/build_airgap_package/defaults/main.yml b/roles/build_airgap_package/defaults/main.yml
index f57d7fca0..0042839e9 100644
--- a/roles/build_airgap_package/defaults/main.yml
+++ b/roles/build_airgap_package/defaults/main.yml
@@ -23,4 +23,4 @@ list_directory_package:
 rke2_common_repo_version: "{{ global_rke2_common_repo_version }}"
 rke2_common_rpm_version: "{{ global_rke2_common_rpm_version }}"
 rke2_selinux_repo_version: "{{ global_rke2_selinux_repo_version }}"
-rke2_selinux_rpm_version: "{{ global_rke2_selinux_rpm_version }}" 
\ No newline at end of file
+rke2_selinux_rpm_version: "{{ global_rke2_selinux_rpm_version }}"
\ No newline at end of file
diff --git a/roles/build_airgap_package/meta/main.yml b/roles/build_airgap_package/meta/main.yml
index d8c3e0913..6e839e1c6 100644
--- a/roles/build_airgap_package/meta/main.yml
+++ b/roles/build_airgap_package/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/build_airgap_package/tasks/compress.yml b/roles/build_airgap_package/tasks/compress.yml
index b4d7067c8..deb5e0755 100644
--- a/roles/build_airgap_package/tasks/compress.yml
+++ b/roles/build_airgap_package/tasks/compress.yml
@@ -1,5 +1,6 @@
+---
 - name: Compress files using zstd and create an archive
   ansible.builtin.command:
     "tar -I zstd -vcf {{ tar_zst_name }} -C {{ directory_package }} ."
   args:
-    chdir: "{{ directory_package }}/.."
+    chdir: "{{ directory_package }}/.."
\ No newline at end of file
diff --git a/roles/build_airgap_package/tasks/helm.yml b/roles/build_airgap_package/tasks/helm.yml
index e08a32682..878f28e61 100644
--- a/roles/build_airgap_package/tasks/helm.yml
+++ b/roles/build_airgap_package/tasks/helm.yml
@@ -1,8 +1,10 @@
-# Download/Install helm on build server 
+---
+# Download/Install helm on build server
 - name: Download Helm binary
   ansible.builtin.get_url:
     url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
     dest: "{{ directory_package }}/helm/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+    mode: 0750
 
 - name: Install Helm binary
   ansible.builtin.shell: |
diff --git a/roles/build_airgap_package/tasks/images.yml b/roles/build_airgap_package/tasks/images.yml
index d373f8dd2..7895a7643 100644
--- a/roles/build_airgap_package/tasks/images.yml
+++ b/roles/build_airgap_package/tasks/images.yml
@@ -1,4 +1,5 @@
-## List images 
+---
+## List images
 - name: Rancher List - Download rancher-images.txt
   ansible.builtin.get_url:
     url: "https://github.com/rancher/rancher/releases/download/v{{ RANCHER_VERSION }}/rancher-images.txt"
diff --git a/roles/build_airgap_package/tasks/prerequis.yml b/roles/build_airgap_package/tasks/prerequis.yml
index a515aa64d..b9a46f078 100644
--- a/roles/build_airgap_package/tasks/prerequis.yml
+++ b/roles/build_airgap_package/tasks/prerequis.yml
@@ -1,3 +1,4 @@
+---
 # for RHEL-like
 - name: Install zstd and skopeo
   ansible.builtin.dnf:
diff --git a/roles/build_airgap_package/tasks/rke2.yml b/roles/build_airgap_package/tasks/rke2.yml
index af1499918..f057cfd22 100644
--- a/roles/build_airgap_package/tasks/rke2.yml
+++ b/roles/build_airgap_package/tasks/rke2.yml
@@ -1,4 +1,4 @@
-
+---
 - name: Download rke2-images.linux-amd64.tar.zst
   get_url:
     url: "https://github.com/rancher/rke2/releases/download/{{ rke2_common_repo_version }}/rke2-images.linux-amd64.tar.zst"
diff --git a/roles/build_airgap_package/tasks/utils.yml b/roles/build_airgap_package/tasks/utils.yml
index bccae399b..15697791f 100644
--- a/roles/build_airgap_package/tasks/utils.yml
+++ b/roles/build_airgap_package/tasks/utils.yml
@@ -1,3 +1,4 @@
+---
 - name: Get Latest version of arkade
   ansible.builtin.get_url:
     url: "{{ lookup('url', 'https://api.github.com/repos/alexellis/arkade/releases/latest', split_lines=false) | regex_search('browser_download_url.*(https://github.com/alexellis/arkade/releases/download(.*?)/arkade)', '\\1') | first }}"

From 8614f8d469a279a3bc257882b3b6b4e582b6c321 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 12:32:05 +0100
Subject: [PATCH 048/365] small corrections

---
 roles/deploy_certmanager/meta/main.yml        |  2 +-
 roles/deploy_longhorn/meta/main.yml           |  2 +-
 roles/deploy_neuvector/meta/main.yml          |  2 +-
 roles/deploy_rancher/meta/main.yml            |  2 +-
 roles/install_rke2_common/meta/main.yml       |  2 +-
 roles/install_rke2_controller/meta/main.yml   |  2 +-
 roles/install_rke2_worker/meta/main.yml       |  2 +-
 roles/install_utils_nerdctl/meta/main.yml     |  2 +-
 roles/install_utils_registry/meta/main.yml    |  2 +-
 roles/set_firewalld/meta/main.yml             |  2 +-
 roles/set_firewalld/tasks/delete_service.yml  | 10 ++--
 roles/set_firewalld/tasks/main.yml            |  6 +-
 .../tasks/manage_firewalld_zone.yml           | 13 +++--
 .../tasks/manage_inbound_rule.yml             | 19 ++++---
 roles/set_nfs_export/handlers/main.yml        |  2 +-
 roles/set_nfs_export/meta/main.yml            |  2 +-
 roles/set_nfs_export/tasks/firewalld.yml      | 36 ++++++------
 roles/set_nfs_export/tasks/install.yml        | 55 +++++++++----------
 roles/set_nfs_export/tasks/main.yml           |  8 +--
 roles/set_nfs_export/tasks/selinux.yml        |  4 +-
 roles/set_nfs_mount/meta/main.yml             |  2 +-
 roles/set_nfs_mount/tasks/main.yml            |  6 +-
 roles/set_nfs_mount/tasks/rhel.yml            | 55 ++++++++++---------
 roles/uninstall_rkub/defaults/main.yml        |  8 +--
 roles/uninstall_rkub/meta/main.yml            |  2 +-
 roles/uninstall_rkub/tasks/main.yml           |  4 +-
 roles/uninstall_rkub/tasks/nfs.yml            |  6 +-
 roles/upload_package_zst/meta/main.yml        |  2 +-
 28 files changed, 132 insertions(+), 128 deletions(-)

diff --git a/roles/deploy_certmanager/meta/main.yml b/roles/deploy_certmanager/meta/main.yml
index 9a6653358..d072f19dd 100644
--- a/roles/deploy_certmanager/meta/main.yml
+++ b/roles/deploy_certmanager/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/deploy_longhorn/meta/main.yml b/roles/deploy_longhorn/meta/main.yml
index 1907b01eb..8b5b58f3a 100644
--- a/roles/deploy_longhorn/meta/main.yml
+++ b/roles/deploy_longhorn/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/deploy_neuvector/meta/main.yml b/roles/deploy_neuvector/meta/main.yml
index 4520372b4..32757d498 100644
--- a/roles/deploy_neuvector/meta/main.yml
+++ b/roles/deploy_neuvector/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/deploy_rancher/meta/main.yml b/roles/deploy_rancher/meta/main.yml
index 7be14f8d5..93d21467c 100644
--- a/roles/deploy_rancher/meta/main.yml
+++ b/roles/deploy_rancher/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/install_rke2_common/meta/main.yml b/roles/install_rke2_common/meta/main.yml
index 5c30fda1b..3ce0052bc 100644
--- a/roles/install_rke2_common/meta/main.yml
+++ b/roles/install_rke2_common/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/install_rke2_controller/meta/main.yml b/roles/install_rke2_controller/meta/main.yml
index b00fd4401..e83fc63a0 100644
--- a/roles/install_rke2_controller/meta/main.yml
+++ b/roles/install_rke2_controller/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/install_rke2_worker/meta/main.yml b/roles/install_rke2_worker/meta/main.yml
index 2308f130e..983f829fa 100644
--- a/roles/install_rke2_worker/meta/main.yml
+++ b/roles/install_rke2_worker/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/install_utils_nerdctl/meta/main.yml b/roles/install_utils_nerdctl/meta/main.yml
index 25204434f..09b78780a 100644
--- a/roles/install_utils_nerdctl/meta/main.yml
+++ b/roles/install_utils_nerdctl/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/install_utils_registry/meta/main.yml b/roles/install_utils_registry/meta/main.yml
index 59a11d8ba..96e75166d 100644
--- a/roles/install_utils_registry/meta/main.yml
+++ b/roles/install_utils_registry/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/set_firewalld/meta/main.yml b/roles/set_firewalld/meta/main.yml
index 6c4a72b51..e7d3b176d 100644
--- a/roles/set_firewalld/meta/main.yml
+++ b/roles/set_firewalld/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/set_firewalld/tasks/delete_service.yml b/roles/set_firewalld/tasks/delete_service.yml
index 96b206f15..0e6c1876c 100644
--- a/roles/set_firewalld/tasks/delete_service.yml
+++ b/roles/set_firewalld/tasks/delete_service.yml
@@ -1,19 +1,19 @@
 # Remove service from zone
 - name: Delete {{ service['name'] }} firewalld service
-  firewalld:
+  ansible.builtin.firewalld:
     service: "{{ service['name'] }}"
-    permanent: yes
-    immediate: yes
+    permanent: true
+    immediate: true
     zone: "{{ service['zone'] | default( firewalld_default_zone ) }}"
     state: disabled
 
 # Completely delete service
 - name: Delete {{ service['name'] }} firewalld service definition
-  file:
+  ansible.builtin.file:
     path: "{{ firewalld_path }}/services/{{ service['name'] }}.xml"
     state: absent
   when:  service['erase'] == true
   notify: restart firewalld
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
 
diff --git a/roles/set_firewalld/tasks/main.yml b/roles/set_firewalld/tasks/main.yml
index 337f6547a..661bd4854 100644
--- a/roles/set_firewalld/tasks/main.yml
+++ b/roles/set_firewalld/tasks/main.yml
@@ -2,19 +2,19 @@
 # tasks file for firewalld
 
 - name: Manage firewalld zone files
-  include_tasks: manage_firewalld_zone.yml
+  ansible.builtin.include_tasks: manage_firewalld_zone.yml
   loop: "{{ firewalld_zones  | default([]) }}"
   loop_control:
     loop_var: zone
 
 - name: Manage inbound rules
-  include_tasks: manage_inbound_rule.yml
+  ansible.builtin.include_tasks: manage_inbound_rule.yml
   loop: "{{ firewalld_rules['inbound'] | default([]) }}"
   loop_control:
     loop_var: rule
 
 - name: Delete a Service Completely
-  include_tasks: delete_service.yml
+  ansible.builtin.include_tasks: delete_service.yml
   loop: "{{ firewalld_remove['inbound'] | default([]) }}"
   loop_control:
     loop_var: service
diff --git a/roles/set_firewalld/tasks/manage_firewalld_zone.yml b/roles/set_firewalld/tasks/manage_firewalld_zone.yml
index ca4f3e323..9defb3aee 100644
--- a/roles/set_firewalld/tasks/manage_firewalld_zone.yml
+++ b/roles/set_firewalld/tasks/manage_firewalld_zone.yml
@@ -1,18 +1,19 @@
+---
 - name: Manage {{ zone['name'] }} firewalld file zone definition
-  template:
+  ansible.builtin.template:
     src: zone.xml.j2
     dest: "{{ firewalld_path }}/zones/{{ zone['name'] }}.xml"
     owner: root
     group: root
     mode: "0644"
-    force: yes
+    force: true
   notify: restart firewalld
 
 - meta: flush_handlers
 
 - name: Manage {{ zone['name'] }} firewalld zone definition
-  firewalld:
+  ansible.builtin.firewalld:
     zone: "{{ zone['name'] }}"
-    permanent: yes
-    immediate: yes
-    state: enabled
+    permanent: true
+    immediate: true
+    state: enabled
\ No newline at end of file
diff --git a/roles/set_firewalld/tasks/manage_inbound_rule.yml b/roles/set_firewalld/tasks/manage_inbound_rule.yml
index d8b2cc46c..19396ce4f 100644
--- a/roles/set_firewalld/tasks/manage_inbound_rule.yml
+++ b/roles/set_firewalld/tasks/manage_inbound_rule.yml
@@ -1,19 +1,20 @@
-- name: Manage {{ rule['name'] }} firewalld service definition
-  template:
+---
+- name: Manage firewalld service definition {{ rule['name'] }}
+  ansible.builtin.template:
     src: service.xml.j2
     dest: "{{ firewalld_path }}/services/{{ rule['name'] }}.xml"
     owner: root
     group: root
     mode: "0644"
-    force: yes
+    force: true
   notify: restart firewalld
 
-- meta: flush_handlers
+- ansible.builtin.meta: flush_handlers
 
-- name: Manage {{ rule['name'] }} firewalld service
-  firewalld:
+- name: Manage firewalld service {{ rule['name'] }}
+  ansible.builtin.firewalld:
     service: "{{ rule['name'] }}"
-    permanent: yes
-    immediate: yes
-    zone: "{{ rule['zone'] | default( firewalld_default_zone ) }}"
+    permanent: true
+    immediate: true
+    zone: "{{ rule['zone'] | default(firewalld_default_zone) }}"
     state: enabled
diff --git a/roles/set_nfs_export/handlers/main.yml b/roles/set_nfs_export/handlers/main.yml
index 1b5aa9dc4..a59f769a8 100644
--- a/roles/set_nfs_export/handlers/main.yml
+++ b/roles/set_nfs_export/handlers/main.yml
@@ -2,6 +2,6 @@
 # handlers file for export_nfs
 
 - name: Restart_NFS_Server
-  systemd:
+  ansible.builtin.systemd:
     name: nfs-server
     state: restarted
\ No newline at end of file
diff --git a/roles/set_nfs_export/meta/main.yml b/roles/set_nfs_export/meta/main.yml
index 39d40421a..412d411cc 100644
--- a/roles/set_nfs_export/meta/main.yml
+++ b/roles/set_nfs_export/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/set_nfs_export/tasks/firewalld.yml b/roles/set_nfs_export/tasks/firewalld.yml
index e502edb6b..ab63b86c1 100644
--- a/roles/set_nfs_export/tasks/firewalld.yml
+++ b/roles/set_nfs_export/tasks/firewalld.yml
@@ -1,21 +1,21 @@
-- block: 
-
-  - name: firewalld NFS port enabled 
-    ansible.posix.firewalld:
-      service: "{{ item }}"
-      permanent: true
-      state: enabled
-    loop:
-      - nfs
-      - rpc-bind
-      - mountd
-
-  - name: Always reload firewalld
-    ansible.builtin.service:
-      name: firewalld
-      state: reloaded
-
+---
+- name: Firewalld setup
   become: true
   when:
     - ansible_facts['services']['firewalld.service'] is defined
-    - ansible_facts['services']['firewalld.service']['state'] == "running"
\ No newline at end of file
+    - ansible_facts['services']['firewalld.service']['state'] == "running"
+  block: 
+    - name: firewalld NFS port enabled 
+      ansible.posix.firewalld:
+        service: "{{ item }}"
+        permanent: true
+        state: enabled
+      loop:
+        - nfs
+        - rpc-bind
+        - mountd
+
+    - name: Always reload firewalld
+      ansible.builtin.service:
+        name: firewalld
+        state: reloaded
\ No newline at end of file
diff --git a/roles/set_nfs_export/tasks/install.yml b/roles/set_nfs_export/tasks/install.yml
index 6f6974e6b..9c7fe28b6 100644
--- a/roles/set_nfs_export/tasks/install.yml
+++ b/roles/set_nfs_export/tasks/install.yml
@@ -1,34 +1,33 @@
-
+---
 # share out directory
 - name: NFS share
+  become: true
   block:
-  - name: Install NFS packages
-    ansible.builtin.dnf:
-      name: "{{ item }}"
-      state: present
-    with_items:
-      - nfs-utils
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8
+    - name: Install NFS packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - nfs-utils
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8
 
-  - name: Share out directory via NFS
-    ansible.builtin.lineinfile:
-      path: /etc/exports
-      line: "{{ export_nfs_path }} *(ro)"
-    notify: Restart_NFS_Server
+    - name: Share out directory via NFS
+      ansible.builtin.lineinfile:
+        path: /etc/exports
+        line: "{{ export_nfs_path }} *(ro)"
+      notify: Restart_NFS_Server
 
-  - name: Enable and start NFS server service
-    ansible.builtin.systemd:
-      name: nfs-server
-      enabled: yes
-      state: started
-  
-  - name: Create Symlink to get same path than other server
-    ansible.builtin.file:
-      src: "{{ export_nfs_path }}"
-      dest: "{{ symlink_mount_path }}"
-      state: link
-    when: export_nfs_path != symlink_mount_path
+    - name: Enable and start NFS server service
+      ansible.builtin.systemd:
+        name: nfs-server
+        enabled: true
+        state: started
 
-  become: true
\ No newline at end of file
+    - name: Create Symlink to get same path than other server
+      ansible.builtin.file:
+        src: "{{ export_nfs_path }}"
+        dest: "{{ symlink_mount_path }}"
+        state: link
+      when: export_nfs_path != symlink_mount_path
\ No newline at end of file
diff --git a/roles/set_nfs_export/tasks/main.yml b/roles/set_nfs_export/tasks/main.yml
index d56b55d0e..7b5692462 100644
--- a/roles/set_nfs_export/tasks/main.yml
+++ b/roles/set_nfs_export/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 # tasks file for export_nfs
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:
     gather_subset:
       - "distribution"
       - "distribution_major_version"
@@ -10,13 +10,13 @@
     ansible_os_family is not defined
 
 - name: Tasks for Linux
-  import_tasks: selinux.yml
+  ansible.builtin.import_tasks: selinux.yml
 
 - name: Tasks for Linux
-  import_tasks: firewalld.yml
+  ansible.builtin.import_tasks: firewalld.yml
 
 - name: Tasks to install and setup NFS export
-  import_tasks: install.yml
+  ansible.builtin.import_tasks: install.yml
 
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers
\ No newline at end of file
diff --git a/roles/set_nfs_export/tasks/selinux.yml b/roles/set_nfs_export/tasks/selinux.yml
index 2b84c84f6..9f9bdc936 100644
--- a/roles/set_nfs_export/tasks/selinux.yml
+++ b/roles/set_nfs_export/tasks/selinux.yml
@@ -1,3 +1,4 @@
+---
 - name: Create package directories
   ansible.builtin.file:
     path: "{{ export_nfs_registry_path }}"
@@ -6,7 +7,8 @@
 
 - name: Test whether SELinux is enabled
   ansible.builtin.command: /usr/sbin/selinuxenabled
-  ignore_errors: yes
+  ignore_errors: true
+  changed_when: false
   register: selinux_status
 
 - name: SElinux config
diff --git a/roles/set_nfs_mount/meta/main.yml b/roles/set_nfs_mount/meta/main.yml
index ca0b7087d..7521aa303 100644
--- a/roles/set_nfs_mount/meta/main.yml
+++ b/roles/set_nfs_mount/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0" 
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/set_nfs_mount/tasks/main.yml b/roles/set_nfs_mount/tasks/main.yml
index 989cfc4a7..bef842696 100644
--- a/roles/set_nfs_mount/tasks/main.yml
+++ b/roles/set_nfs_mount/tasks/main.yml
@@ -1,15 +1,15 @@
 ---
 # tasks file for mount_nfs
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:
     gather_subset:
       - "distribution"
       - "distribution_major_version"
       - "!min"
   when: >
     ansible_os_family is not defined
-  
+
 - name: Tasks for RHEL-like OS
-  import_tasks: rhel.yml
+  ansible.builtin.import_tasks: rhel.yml
   when:
     - ansible_os_family == "RedHat"
\ No newline at end of file
diff --git a/roles/set_nfs_mount/tasks/rhel.yml b/roles/set_nfs_mount/tasks/rhel.yml
index 32314fb8d..ecbd1a3cc 100644
--- a/roles/set_nfs_mount/tasks/rhel.yml
+++ b/roles/set_nfs_mount/tasks/rhel.yml
@@ -1,32 +1,33 @@
+---
 # mount NFS directory
-- block:
-  - name: Install NFS packages
-    ansible.builtin.dnf:
-      name: "{{ item }}"
-      state: present
-    with_items:
-      - nfs-utils
-
-  - name: Create mount directory
-    ansible.builtin.file:
-      path: "{{ nfs_mount_path }}"
-      state: directory
-      recurse: yes
-
-  - name: Add NFS entry to /etc/fstab
-    ansible.builtin.lineinfile:
-      path: /etc/fstab
-      line: "{{ master }}:{{ export_nfs_path }} {{ nfs_mount_path }} nfs rw,hard,rsize=1048576,wsize=1048576 0 0"
-
-  - name: Mount NFS share
-    ansible.posix.mount:
-      path: "{{ nfs_mount_path }}"
-      src: "{{ master }}:{{ export_nfs_path }}"
-      fstype: nfs
-      opts: rw,hard,rsize=1048576,wsize=1048576
-      state: mounted
-
+- name: Mount NFS directory
   become: true
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
+  block:
+    - name: Install NFS packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - nfs-utils
+
+    - name: Create mount directory
+      ansible.builtin.file:
+        path: "{{ nfs_mount_path }}"
+        state: directory
+        recurse: true
+
+    - name: Add NFS entry to /etc/fstab
+      ansible.builtin.lineinfile:
+        path: /etc/fstab
+        line: "{{ master }}:{{ export_nfs_path }} {{ nfs_mount_path }} nfs rw,hard,rsize=1048576,wsize=1048576 0 0"
+
+    - name: Mount NFS share
+      ansible.posix.mount:
+        path: "{{ nfs_mount_path }}"
+        src: "{{ master }}:{{ export_nfs_path }}"
+        fstype: nfs
+        opts: rw,hard,rsize=1048576,wsize=1048576
+        state: mounted
\ No newline at end of file
diff --git a/roles/uninstall_rkub/defaults/main.yml b/roles/uninstall_rkub/defaults/main.yml
index d3aba5595..27e4c7fd9 100644
--- a/roles/uninstall_rkub/defaults/main.yml
+++ b/roles/uninstall_rkub/defaults/main.yml
@@ -5,8 +5,8 @@ export_nfs_path: "{{ global_directory_package_target }}/rancher"
 nfs_mount_path: "{{ global_directory_mount }}"
 longhorn_datapath: "{{ global_longhorn_datapath }}"
 
-firewalld_rules_to_remove: 
+firewalld_rules_to_remove:
   inbound:
-  - name: rke2
-    zone: public
-    erase: true
\ No newline at end of file
+    - name: rke2
+      zone: public
+      erase: true
\ No newline at end of file
diff --git a/roles/uninstall_rkub/meta/main.yml b/roles/uninstall_rkub/meta/main.yml
index 093d7b927..bb4399bd7 100644
--- a/roles/uninstall_rkub/meta/main.yml
+++ b/roles/uninstall_rkub/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0"
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
diff --git a/roles/uninstall_rkub/tasks/main.yml b/roles/uninstall_rkub/tasks/main.yml
index 16ff799ca..ae8bc2712 100644
--- a/roles/uninstall_rkub/tasks/main.yml
+++ b/roles/uninstall_rkub/tasks/main.yml
@@ -7,8 +7,8 @@
       - "distribution_major_version"
       - "default_ipv4"
       - "!all,!min"
-  when: >
-    ansible_os_family is not defined
+  when:
+    - ansible_os_family is not defined
   tags: [always]
 
 - name: Populate service facts
diff --git a/roles/uninstall_rkub/tasks/nfs.yml b/roles/uninstall_rkub/tasks/nfs.yml
index 6161e58e2..74e51f55e 100644
--- a/roles/uninstall_rkub/tasks/nfs.yml
+++ b/roles/uninstall_rkub/tasks/nfs.yml
@@ -34,18 +34,18 @@
         - ansible_os_family == "RedHat"
         - ansible_distribution_major_version | int >= 8
 
-# Remove NFS firewalld 
+# Remove NFS firewalld
 - name: Remove NFS Firewalld
   become: true
   when:
     - ansible_facts['services']['firewalld.service'] is defined
     - ansible_facts['services']['firewalld.service']['state'] == "running"
-  block: 
+  block:
     - name: Firewalld NFS port enabled
       ansible.posix.firewalld:
         service: "{{ item }}"
         permanent: true
-        state: disabled 
+        state: disabled
       loop:
         - nfs
         - mountd
diff --git a/roles/upload_package_zst/meta/main.yml b/roles/upload_package_zst/meta/main.yml
index 97caad08b..781ca24f0 100644
--- a/roles/upload_package_zst/meta/main.yml
+++ b/roles/upload_package_zst/meta/main.yml
@@ -18,7 +18,7 @@ galaxy_info:
   # - CC-BY-4.0
   license: Apache-2.0
 
-  min_ansible_version: "2.12.0"
+  min_ansible_version: "2.15.0"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

From 8987e425748a70218fd88dc0b6d187e43a3f41a2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 12:49:01 +0100
Subject: [PATCH 049/365] small corrections

---
 roles/build_airgap_package/tasks/helm.yml   |  2 +-
 roles/build_airgap_package/tasks/images.yml | 27 +++++++++++---
 roles/build_airgap_package/tasks/main.yml   | 16 ++++----
 roles/build_airgap_package/tasks/rke2.yml   | 41 +++++++++++++--------
 4 files changed, 57 insertions(+), 29 deletions(-)

diff --git a/roles/build_airgap_package/tasks/helm.yml b/roles/build_airgap_package/tasks/helm.yml
index 878f28e61..b2cb54288 100644
--- a/roles/build_airgap_package/tasks/helm.yml
+++ b/roles/build_airgap_package/tasks/helm.yml
@@ -39,7 +39,7 @@
     repo_url: "https://neuvector.github.io/neuvector-helm/"
     force_update: true
 
-# Pull charts 
+# Pull charts
 - name: Download chart using chart url
   kubernetes.core.helm_pull:
     chart_ref: jetstack/cert-manager
diff --git a/roles/build_airgap_package/tasks/images.yml b/roles/build_airgap_package/tasks/images.yml
index 7895a7643..a6f53dae7 100644
--- a/roles/build_airgap_package/tasks/images.yml
+++ b/roles/build_airgap_package/tasks/images.yml
@@ -4,22 +4,23 @@
   ansible.builtin.get_url:
     url: "https://github.com/rancher/rancher/releases/download/v{{ RANCHER_VERSION }}/rancher-images.txt"
     dest: "{{ directory_package }}/images/rancher/orig_rancher-images.txt"
+    mode: "0750"
 
 - name: Rancher List - Fix 1 Library tags
   ansible.builtin.lineinfile:
     path: "{{ directory_package }}/images/rancher/orig_rancher-images.txt"
     regexp: '^(.*)busybox(.*)$'
     line: '\1library\/busybox\2'
-    firstmatch: yes
-    backrefs: yes
+    firstmatch: true
+    backrefs: true
 
 - name: Rancher List - Fix 2 Library tags
   ansible.builtin.lineinfile:
     path: "{{ directory_package }}/images/rancher/orig_rancher-images.txt"
     regexp: '^(.*)registry(.*)$'
     line: '\1library\/registry\2'
-    firstmatch: yes
-    backrefs: yes
+    firstmatch: true
+    backrefs: true
 
 - name: Rancher List - Remove things that are not needed and overlapped
   ansible.builtin.lineinfile:
@@ -30,51 +31,66 @@
 # this one could be probably improved
 - name: Rancher List - Get latest version
   ansible.builtin.shell: |
+    set -o pipefail &&
     for i in $(cat {{ directory_package }}/images/rancher/orig_rancher-images.txt|awk -F: '{print $1}'); do
     grep -w $i {{ directory_package }}/images/rancher/orig_rancher-images.txt | sort -Vr| head -1 >> {{ directory_package }}/images/rancher/version_unsorted.txt;
     done
+  changed_when: false
 
 - name: Rancher List - Final Sort
   ansible.builtin.shell: |
+    set -o pipefail &&
     cat {{ directory_package }}/images/rancher/version_unsorted.txt | sort -u > {{ directory_package }}/images/rancher/images.txt
+  changed_when: false
 
 - name: Rancher List - Due to version 2.8.0
   ansible.builtin.shell: |
+    set -o pipefail &&
     echo "rancher/mirrored-cluster-api-controller:v1.4.4" >> {{ directory_package }}/images/rancher/images.txt
     echo "rancher/kubectl:v1.20.2" >> {{ directory_package }}/images/rancher/images.txt
+  changed_when: false
 
 - name: Longhorn List - Download longhorn-images.txt
   ansible.builtin.get_url:
     url: "https://raw.githubusercontent.com/longhorn/longhorn/v{{ LONGHORN_VERSION }}/deploy/longhorn-images.txt"
     dest: "{{ directory_package }}/images/longhorn/images.txt"
+    mode: "0750"
 
 - name: Cert-manager List - helm template
   ansible.builtin.shell: |
+    set -o pipefail &&
     helm template {{ directory_package }}/helm/cert-manager-v{{ CERT_VERSION }}.tgz | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g > {{ directory_package }}/images/cert/images.txt
+  changed_when: false
 
 - name: Neuvector List - helm template
   ansible.builtin.shell: |
+    set -o pipefail &&
     helm template {{ directory_package }}/helm/core-{{ NEU_VERSION }}.tgz | awk '$1 ~ /image:/ {print $2}' | sed -e 's/\"//g' > {{ directory_package }}/images/neuvector/images.txt
+  changed_when: false
 
-## Import images 
+## Import images
 - name: Upload images from list ($2)
   ansible.builtin.shell: >
+    set -o pipefail &&
     for i in $(cat {{ item }}/images.txt); do
     if ( ! ls {{ item }}/$(echo $i| awk -F/ '{print $2}'|sed 's/:/_/g').tar > /dev/null); then
     skopeo copy docker://$i docker-archive:{{ item }}/$(echo $i| awk -F/ '{print $2}'|sed 's/:/_/g').tar:$(echo $i| awk -F/ '{print $2}');
     fi;
     done
+  changed_when: false
   loop:
     - "{{ directory_package }}/images/rancher"
     - "{{ directory_package }}/images/longhorn"
 
 - name: Upload images from list ($3)
   ansible.builtin.shell: >
+    set -o pipefail &&
     for i in $(cat {{ item }}/images.txt); do
     if ( ! ls {{ item }}/$(echo $i| awk -F/ '{print $3}'|sed 's/:/_/g').tar > /dev/null); then
     skopeo copy docker://$i docker-archive:{{ item }}/$(echo $i| awk -F/ '{print $3}'|sed 's/:/_/g').tar:$(echo $i| awk -F/ '{print $3}');
     fi;
     done
+  changed_when: false
   loop:
     - "{{ directory_package }}/images/cert"
     - "{{ directory_package }}/images/neuvector"
@@ -83,3 +99,4 @@
   ansible.builtin.get_url:
     url: "https://github.com/clemenko/rke_airgap_install/raw/main/registry.tar"
     dest: "{{ directory_package }}/images/registry/registry.tar"
+    mode: "0750"
\ No newline at end of file
diff --git a/roles/build_airgap_package/tasks/main.yml b/roles/build_airgap_package/tasks/main.yml
index a3148e0b1..ebb51ae87 100644
--- a/roles/build_airgap_package/tasks/main.yml
+++ b/roles/build_airgap_package/tasks/main.yml
@@ -1,28 +1,28 @@
 ---
 # tasks file for build_airgap_package
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:
     gather_subset:
       - "distribution"
       - "distribution_major_version"
       - "!min"
   when: >
     ansible_os_family is not defined
-    
+
 - name: Prerequisites
-  import_tasks: prerequis.yml
+  ansible.builtin.import_tasks: prerequis.yml
 
 - name: Import utils binaries
-  import_tasks: utils.yml
+  ansible.builtin.import_tasks: utils.yml
 
 - name: Import RKE2
-  import_tasks: rke2.yml
+  ansible.builtin.import_tasks: rke2.yml
 
 - name: Import helm charts
-  import_tasks: helm.yml
+  ansible.builtin.import_tasks: helm.yml
 
 - name: Import images
-  import_tasks: images.yml
+  ansible.builtin.import_tasks: images.yml
 
 - name: Compress the all thing 
-  import_tasks: compress.yml
\ No newline at end of file
+  ansible.builtin.import_tasks: compress.yml
\ No newline at end of file
diff --git a/roles/build_airgap_package/tasks/rke2.yml b/roles/build_airgap_package/tasks/rke2.yml
index f057cfd22..61784ade6 100644
--- a/roles/build_airgap_package/tasks/rke2.yml
+++ b/roles/build_airgap_package/tasks/rke2.yml
@@ -1,53 +1,64 @@
 ---
 - name: Download rke2-images.linux-amd64.tar.zst
-  get_url:
+  ansible.builtin.get_url:
     url: "https://github.com/rancher/rke2/releases/download/{{ rke2_common_repo_version }}/rke2-images.linux-amd64.tar.zst"
     dest: "{{ directory_package }}/rke2_{{ rke2_version }}/rke2-images.linux-amd64.tar.zst"
+    mode: "0750"
 
 - name: Download rke2.linux-amd64.tar.gz
-  get_url:
+  ansible.builtin.get_url:
     url: "https://github.com/rancher/rke2/releases/download/{{ rke2_common_repo_version }}/rke2.linux-amd64.tar.gz"
     dest: "{{ directory_package }}/rke2_{{ rke2_version }}/rke2.linux-amd64.tar.gz"
+    mode: "0750"
 
 - name: Download sha256sum-amd64.txt
-  get_url:
+  ansible.builtin.get_url:
     url: "https://github.com/rancher/rke2/releases/download/{{ rke2_common_repo_version }}/sha256sum-amd64.txt"
     dest: "{{ directory_package }}/rke2_{{ rke2_version }}/sha256sum-amd64.txt"
+    mode: "0750"
 
 - name: Download repo GPG key
-  get_url:
+  ansible.builtin.get_url:
     url: "https://rpm.rancher.io/public.key"
     dest: "{{ directory_package }}/rke2_{{ rke2_version }}/public.key"
+    mode: "0750"
 
 - name: Download get.rke2.io
-  get_url:
+  ansible.builtin.get_url:
     url: "https://get.rke2.io"
     dest: "{{ directory_package }}/rke2_{{ rke2_version }}/install.sh"
+    mode: "0750"
 
 # if localhost is RHEL-like take packages for the current major version
-- block:
+- name: Download if localhost RHEL-like and take same version than localhost
+  when:
+    - ansible_os_family == "RedHat"
+  block:
     - name: Download rke2-common RPM
-      get_url:
+      ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-packaging/releases/download/{{ rke2_common_repo_version }}.stable.0/{{ rke2_common_rpm_version }}.el{{ ansible_distribution_major_version }}.x86_64.rpm"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_common_rpm_version }}.el{{ ansible_distribution_major_version }}.x86_64.rpm"
+        mode: "0750"
 
     - name: Download rke2-selinux RPM
-      get_url:
+      ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-selinux/releases/download/{{ rke2_selinux_repo_version }}/{{ rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
-  when:
-    - ansible_os_family == "RedHat"
+        mode: "0750"
 
 # if localhost is not a RHEL-like take el8
-- block:
+- name: Download if localhost not a RHEL-like and take by default el8
+  when:
+    - ansible_os_family != "RedHat"
+  block:
     - name: Download rke2-common RPM
-      get_url:
+      ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-packaging/releases/download/{{ rke2_common_repo_version }}.stable.0/{{ rke2_common_rpm_version }}.el8.x86_64.rpm"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_common_rpm_version }}.el8.x86_64.rpm"
+        mode: "0750"
 
     - name: Download rke2-selinux RPM
-      get_url:
+      ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-selinux/releases/download/{{ rke2_selinux_repo_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
-  when:
-    - ansible_os_family != "RedHat"
\ No newline at end of file
+        mode: "0750"
\ No newline at end of file

From 5475c632f6609a6aa7e9aa9e633271c0559bd264 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 15:05:33 +0100
Subject: [PATCH 050/365] small corrections

---
 roles/set_firewalld/handlers/main.yml               |  2 +-
 roles/set_firewalld/tasks/delete_service.yml        | 11 ++++++-----
 roles/set_firewalld/tasks/main.yml                  |  4 ++--
 roles/set_firewalld/tasks/manage_firewalld_zone.yml | 11 ++++++-----
 roles/set_firewalld/tasks/manage_inbound_rule.yml   |  7 ++++---
 roles/set_nfs_export/tasks/firewalld.yml            |  4 ++--
 roles/set_nfs_export/tasks/selinux.yml              |  1 +
 7 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/roles/set_firewalld/handlers/main.yml b/roles/set_firewalld/handlers/main.yml
index 0f17c49a2..cf72800cc 100644
--- a/roles/set_firewalld/handlers/main.yml
+++ b/roles/set_firewalld/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 # handlers file for firewalld
 
-- name: restart firewalld
+- name: Restart firewalld
   ansible.builtin.systemd:
     name: firewalld
     state: restarted
diff --git a/roles/set_firewalld/tasks/delete_service.yml b/roles/set_firewalld/tasks/delete_service.yml
index 0e6c1876c..b08eb240f 100644
--- a/roles/set_firewalld/tasks/delete_service.yml
+++ b/roles/set_firewalld/tasks/delete_service.yml
@@ -1,5 +1,6 @@
+---
 # Remove service from zone
-- name: Delete {{ service['name'] }} firewalld service
+- name: Delete firewalld service {{ service['name'] }}
   ansible.builtin.firewalld:
     service: "{{ service['name'] }}"
     permanent: true
@@ -8,12 +9,12 @@
     state: disabled
 
 # Completely delete service
-- name: Delete {{ service['name'] }} firewalld service definition
+- name: Delete firewalld service definition {{ service['name'] }}
   ansible.builtin.file:
     path: "{{ firewalld_path }}/services/{{ service['name'] }}.xml"
     state: absent
   when:  service['erase'] == true
-  notify: restart firewalld
-
-- ansible.builtin.meta: flush_handlers
+  notify: Restart firewalld
 
+- name: Flush handlers now
+  ansible.builtin.meta: flush_handlers
\ No newline at end of file
diff --git a/roles/set_firewalld/tasks/main.yml b/roles/set_firewalld/tasks/main.yml
index 661bd4854..2473545d6 100644
--- a/roles/set_firewalld/tasks/main.yml
+++ b/roles/set_firewalld/tasks/main.yml
@@ -3,7 +3,7 @@
 
 - name: Manage firewalld zone files
   ansible.builtin.include_tasks: manage_firewalld_zone.yml
-  loop: "{{ firewalld_zones  | default([]) }}"
+  loop: "{{ firewalld_zones | default([]) }}"
   loop_control:
     loop_var: zone
 
@@ -17,4 +17,4 @@
   ansible.builtin.include_tasks: delete_service.yml
   loop: "{{ firewalld_remove['inbound'] | default([]) }}"
   loop_control:
-    loop_var: service
+    loop_var: service
\ No newline at end of file
diff --git a/roles/set_firewalld/tasks/manage_firewalld_zone.yml b/roles/set_firewalld/tasks/manage_firewalld_zone.yml
index 9defb3aee..8a9d964b8 100644
--- a/roles/set_firewalld/tasks/manage_firewalld_zone.yml
+++ b/roles/set_firewalld/tasks/manage_firewalld_zone.yml
@@ -1,5 +1,5 @@
 ---
-- name: Manage {{ zone['name'] }} firewalld file zone definition
+- name: Manage firewalld file zone definition {{ zone['name'] }} 
   ansible.builtin.template:
     src: zone.xml.j2
     dest: "{{ firewalld_path }}/zones/{{ zone['name'] }}.xml"
@@ -7,12 +7,13 @@
     group: root
     mode: "0644"
     force: true
-  notify: restart firewalld
+  notify: Restart firewalld
 
-- meta: flush_handlers
+- name: Flush handlers now
+  ansible.builtin.meta: flush_handlers
 
-- name: Manage {{ zone['name'] }} firewalld zone definition
-  ansible.builtin.firewalld:
+- name: Manage firewalld zone definition {{ zone['name'] }} 
+  ansible.posix.firewalld:
     zone: "{{ zone['name'] }}"
     permanent: true
     immediate: true
diff --git a/roles/set_firewalld/tasks/manage_inbound_rule.yml b/roles/set_firewalld/tasks/manage_inbound_rule.yml
index 19396ce4f..5d26ad838 100644
--- a/roles/set_firewalld/tasks/manage_inbound_rule.yml
+++ b/roles/set_firewalld/tasks/manage_inbound_rule.yml
@@ -7,12 +7,13 @@
     group: root
     mode: "0644"
     force: true
-  notify: restart firewalld
+  notify: Restart firewalld
 
-- ansible.builtin.meta: flush_handlers
+- name: Flush handlers now
+  ansible.builtin.meta: flush_handlers
 
 - name: Manage firewalld service {{ rule['name'] }}
-  ansible.builtin.firewalld:
+  ansible.posix.firewalld:
     service: "{{ rule['name'] }}"
     permanent: true
     immediate: true
diff --git a/roles/set_nfs_export/tasks/firewalld.yml b/roles/set_nfs_export/tasks/firewalld.yml
index ab63b86c1..b6353c6c3 100644
--- a/roles/set_nfs_export/tasks/firewalld.yml
+++ b/roles/set_nfs_export/tasks/firewalld.yml
@@ -4,8 +4,8 @@
   when:
     - ansible_facts['services']['firewalld.service'] is defined
     - ansible_facts['services']['firewalld.service']['state'] == "running"
-  block: 
-    - name: firewalld NFS port enabled 
+  block:
+    - name: firewalld NFS port enabled
       ansible.posix.firewalld:
         service: "{{ item }}"
         permanent: true
diff --git a/roles/set_nfs_export/tasks/selinux.yml b/roles/set_nfs_export/tasks/selinux.yml
index 9f9bdc936..c358820cc 100644
--- a/roles/set_nfs_export/tasks/selinux.yml
+++ b/roles/set_nfs_export/tasks/selinux.yml
@@ -23,3 +23,4 @@
 
     - name: Restorecon
       ansible.builtin.command: "restorecon -v {{ export_nfs_registry_path }}"
+      changed_when: false

From 0a0bf71b942592bcf6c4e252018af4a6b9c5d436 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 15:11:28 +0100
Subject: [PATCH 051/365] small corrections

---
 roles/install_utils_registry/tasks/deploy.yml | 27 +++++++++----------
 roles/install_utils_registry/tasks/load.yml   | 24 ++++++++++-------
 roles/install_utils_registry/tasks/main.yml   |  3 +--
 roles/install_utils_registry/tasks/push.yml   |  3 +++
 4 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/roles/install_utils_registry/tasks/deploy.yml b/roles/install_utils_registry/tasks/deploy.yml
index 67cb9c887..68413f3cd 100644
--- a/roles/install_utils_registry/tasks/deploy.yml
+++ b/roles/install_utils_registry/tasks/deploy.yml
@@ -4,18 +4,17 @@
   run_once: true
   become: false
   block:
+    - name: Create Namespace
+      kubernetes.core.k8s:
+        state: present
+        definition:
+          apiVersion: v1
+          kind: Namespace
+          metadata:
+            name: "{{ registry_namespace }}"
 
-  - name: Create Namespace
-    kubernetes.core.k8s:
-      state: present
-      definition:
-        apiVersion: v1
-        kind: Namespace
-        metadata:
-          name: "{{ registry_namespace }}"
-
-  - name: Deploy registry manifest
-    kubernetes.core.k8s:
-      state: present
-      template: "registry.yaml.j2"
-      kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"
+    - name: Deploy registry manifest
+      kubernetes.core.k8s:
+        state: present
+        template: "registry.yaml.j2"
+        kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index dfb56d6d0..a6a6b1341 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -1,4 +1,5 @@
-- name: Flush handlers
+---
+- name: Flush handlers now
   ansible.builtin.meta: flush_handlers
 
 - name: Wait for k8s apiserver
@@ -16,7 +17,8 @@
   register: found_images
 
 - name: Copy longhorn images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_',':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
   with_items: "{{ found_images['files'] }}"
 
 # Cert
@@ -27,7 +29,8 @@
   register: found_images
 
 - name: Copy Cert-manager images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_',':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
   with_items: "{{ found_images['files'] }}"
 
 # Neuvector
@@ -38,7 +41,8 @@
   register: found_images
 
 - name: Copy Neuvector images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_',':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
   with_items: "{{ found_images['files'] }}"
 
 # Rancher
@@ -49,16 +53,18 @@
   register: found_images
 
 - name: Copy Rancher images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_',':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
   with_items: "{{ found_images['files'] }}"
 
 # Result
 - name: List docker registry
   ansible.builtin.shell: |
-    for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do 
-      for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do 
-        echo ${i}:${tag}; 
-      done; 
+    set -o pipefail &&
+    for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
+      for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
+        echo ${i}:${tag};
+      done;
     done
   register: docker
 
diff --git a/roles/install_utils_registry/tasks/main.yml b/roles/install_utils_registry/tasks/main.yml
index cfe711e39..84f43083b 100644
--- a/roles/install_utils_registry/tasks/main.yml
+++ b/roles/install_utils_registry/tasks/main.yml
@@ -1,12 +1,11 @@
 ---
 # tasks file for install_local_registry
-
 - name: Push registry tar in RKE2 images
   ansible.builtin.import_tasks: push.yml
 
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers
-  
+
 - name: Kubernetes tasks
   ansible.builtin.import_tasks: deploy.yml
   when: caller_role_name == "controller"
diff --git a/roles/install_utils_registry/tasks/push.yml b/roles/install_utils_registry/tasks/push.yml
index 11c02fa4c..bf695cebc 100644
--- a/roles/install_utils_registry/tasks/push.yml
+++ b/roles/install_utils_registry/tasks/push.yml
@@ -1,8 +1,10 @@
+---
 - name: Pre-load registry image
   ansible.builtin.copy:
     src: "{{ mount_registry_tar }}"
     dest: "{{ rke2_images_path }}"
     remote_src: true
+    mode: "0750"
   notify: Restart rke2-server
   when:  caller_role_name == "controller"
 
@@ -11,5 +13,6 @@
     src: "{{ mount_registry_tar }}"
     dest: "{{ rke2_images_path }}"
     remote_src: true
+    mode: "0750"
   notify: Restart rke2-agent
   when: caller_role_name == "worker"  

From 0ef350caf3a2d036edbafcbb3aa869d0e1681247 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 15:38:47 +0100
Subject: [PATCH 052/365] small corrections

---
 .../install_rke2_controller/defaults/main.yml |  18 +--
 .../tasks/localhost.yml                       |  76 ++++++------
 roles/install_rke2_controller/tasks/token.yml |  40 +++---
 roles/install_rke2_worker/defaults/main.yml   |  11 +-
 roles/install_rke2_worker/tasks/install.yml   | 116 +++++++++---------
 roles/install_utils_nerdctl/tasks/install.yml |   1 +
 roles/install_utils_registry/tasks/load.yml   |   8 +-
 7 files changed, 140 insertions(+), 130 deletions(-)

diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index e1c5be572..39a928ff5 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -14,12 +14,12 @@ mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_v
 # Firewall rules
 controller_firewalld_rules: 
   inbound:
-  - name: rke2
-    zone: public
-    ports:
-    - {port: 443, protocol: tcp}
-    - {port: 6443, protocol: tcp}
-    - {port: 2379, protocol: tcp}
-    - {port: 9345, protocol: tcp}
-    - {port: 10250, protocol: tcp}
-    - {port: 8472, protocol: udp}
+    - name: rke2
+      zone: public
+      ports:
+        - {port: 443, protocol: tcp}
+        - {port: 6443, protocol: tcp}
+        - {port: 2379, protocol: tcp}
+        - {port: 9345, protocol: tcp}
+        - {port: 10250, protocol: tcp}
+        - {port: 8472, protocol: udp}
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 20d7c7439..6acbb3b1f 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -1,6 +1,7 @@
+---
 # All tasks to do realize on ansible controler
 - name: Fetch RKE2 kubeconfig to localhost
-  fetch:
+  ansible.builtin.fetch:
     src: "$HOME/.kube/{{ inventory_hostname }}.yaml"
     dest: "~/.kube/{{ inventory_hostname }}.yaml"
     flat: true
@@ -8,52 +9,57 @@
   become_user: "{{ admin_user }}"
 
 # check kubecm is installed on your localhost
-- block: 
-  - name: Check kubecm is installed (part of prerequisites) 
-    shell: type kubecm
-    register: is_installed
-
-  - block:
-    - name: Test if default context already exist in your kubeconfig.
-      shell: "kubecm list default > /dev/null  2>&1"
-    
-    - name: Message to you
-      debug: 
-        msg: "Kubeconfig was added to your kubecm." 
+- name: Check if kubecm is installed on localhost
+  delegate_to: localhost
+  become: false
+  block: 
+    - name: Check kubecm is installed (part of prerequisites) 
+      ansible.builtin.shell: type kubecm
+      register: is_installed
+      changed_when: false
 
-    rescue:
-    - name: Add to kubecm 
-      shell: "kubecm add -c -f ~/.kube/{{ inventory_hostname }}.yaml"
-      
-    - name: Switch to default
-      shell: "kubecm switch default"
+    - name: Add kubeconfig to kubecm
+      block:
+        - name: Test if default context already exist in your kubeconfig.
+          ansible.builtin.shell: "kubecm list default > /dev/null  2>&1"
+          changed_when: false
 
-  rescue:
-  - name: No Kubecm
-    debug: 
-      msg: "Kubecm is not installed on your localhost! Not a big problem, but I did not add it to your local kubeconfig."
+        - name: Message to you
+          ansible.builtin.debug: 
+            msg: "Kubeconfig was added to your kubecm." 
 
-  always: 
-  - name: Message to you
-    debug: 
-      msg: "Kubeconfig of this cluster was imported in your localhost in ~/.kube/{{ inventory_hostname }}.yaml"
+      rescue:
+        - name: Add to kubecm 
+          ansible.builtin.shell: "kubecm add -c -f ~/.kube/{{ inventory_hostname }}.yaml"
+          changed_when: false
 
-  delegate_to: localhost
-  become: false
+        - name: Switch to default
+          ansible.builtin.shell: "kubecm switch default"
+          changed_when: false
+
+  rescue:
+    - name: No Kubecm
+      ansible.builtin.debug: 
+        msg: "Kubecm is not installed on your localhost! Not a big problem, but I did not add it to your local kubeconfig."
 
+  always: 
+    - name: Message to you
+      ansible.builtin.debug: 
+        msg: "Kubeconfig of this cluster was imported in your localhost in ~/.kube/{{ inventory_hostname }}.yaml"
 
 # Check Flux to Kube API
 - name: Check if flux 6443 is open between localhost and master
   delegate_to: localhost
   become: false
-  block: 
-    - name: "Check"
-      uri:
+  block:
+    - name: Check kube api 
+      ansible.builtin.uri:
         url: "https://{{ master }}:6443"
         validate_certs: false
         status_code: 401
 
   rescue:
-  - fail:
-      msg: >
-        "Something wrong in your network since localhost does not reach master on 6443"
+    - name: Send fail message
+      ansible.builtin.fail:
+        msg: >
+          "Something wrong in your network since localhost does not reach master on 6443"
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/token.yml b/roles/install_rke2_controller/tasks/token.yml
index 7ce87f536..f2a614581 100644
--- a/roles/install_rke2_controller/tasks/token.yml
+++ b/roles/install_rke2_controller/tasks/token.yml
@@ -1,24 +1,24 @@
-
+---
 # As root
-- block:
-  # Get and Write Token
-  - name: Wait for node-token
-    ansible.builtin.wait_for:
-      path: /var/lib/rancher/rke2/server/node-token
-
-  - name: Read node-token from master
-    ansible.builtin.slurp:
-      src: /var/lib/rancher/rke2/server/node-token
-    register: node_token
+- name: Get and write token
+  become: true
+  block:
+    - name: Wait for node-token
+      ansible.builtin.wait_for:
+        path: /var/lib/rancher/rke2/server/node-token
 
-  - name: Store Master node-token
-    ansible.builtin.set_fact:
-      rke2_config_token: "{{ node_token['content'] | b64decode | regex_replace('\n', '') }}"
+    - name: Read node-token from master
+      ansible.builtin.slurp:
+        src: /var/lib/rancher/rke2/server/node-token
+      register: node_token
 
-  - name: Write token on mount path
-    ansible.builtin.copy:
-      content: "{{ rke2_config_token }}"
-      dest: "{{ mount_path }}/token"
-      follow: yes
+    - name: Store Master node-token
+      ansible.builtin.set_fact:
+        rke2_config_token: "{{ node_token['content'] | b64decode | regex_replace('\n', '') }}"
 
-  become: true
+    - name: Write token on mount path
+      ansible.builtin.copy:
+        content: "{{ rke2_config_token }}"
+        dest: "{{ mount_path }}/token"
+        follow: true
+        mode: "0640"
\ No newline at end of file
diff --git a/roles/install_rke2_worker/defaults/main.yml b/roles/install_rke2_worker/defaults/main.yml
index 9d33bef7e..eb7f68943 100644
--- a/roles/install_rke2_worker/defaults/main.yml
+++ b/roles/install_rke2_worker/defaults/main.yml
@@ -14,9 +14,8 @@ mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_v
 # Firewall rules
 worker_firewalld_rules:
   inbound:
-  - name: rke2
-    zone: public
-    ports:
-    - {port: 10250, protocol: tcp}
-    - {port: 8472, protocol: udp}
-    
\ No newline at end of file
+    - name: rke2
+      zone: public
+      ports:
+        - {port: 10250, protocol: tcp}
+        - {port: 8472, protocol: udp}
\ No newline at end of file
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index 2d67d95a5..156d1979f 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -1,64 +1,68 @@
-- block:
-  - name: Create directories
-    ansible.builtin.file:
-      path: "{{ item }}"
-      state: directory
-      recurse: true
-      mode: '0750'
-    with_items:
-      - /etc/rancher/rke2/
-      
-  - name: Configure RKE2 config.yaml
-    ansible.builtin.template:
-      src: config.yaml.j2
-      dest: /etc/rancher/rke2/config.yaml
+---
+- name: Install RKE2 worker
+  become: true
+  block:
+    - name: Create directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+        mode: '0750'
+      with_items:
+        - /etc/rancher/rke2/
 
-  - name: Install RKE2 worker nodes
-    ansible.builtin.shell:
-      cmd: "INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh"
-      chdir: "{{ mount_rke2_path }}"
-    register: install_worker_output
-    failed_when: false
+    - name: Configure RKE2 config.yaml
+      ansible.builtin.template:
+        src: config.yaml.j2
+        dest: /etc/rancher/rke2/config.yaml
+        mode: "0640"
 
-  - ansible.builtin.debug:
-      var: install_worker_output['stdout_lines']
+    - name: Install RKE2 worker nodes
+      ansible.builtin.shell:
+        cmd: "INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh"
+        chdir: "{{ mount_rke2_path }}"
+      register: install_worker_output
+      failed_when: false
+      changed_when: false
 
-  # RPM
-  - name: Import a key from a file
-    ansible.builtin.rpm_key:
-      state: present
-      key: "{{ mount_rke2_path }}/public.key"
-    when:
-      - ansible_os_family == "RedHat"
+    - name: Display output from install
+      ansible.builtin.debug:
+        var: install_worker_output['stdout_lines']
 
-  - name: Install RKE2 selinux packages (dependency for RKE2 common)
-    ansible.builtin.dnf:
-      name: "{{ mount_rke2_selinux_rpm_path }}"
-      state: present
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8
+    # RPM
+    - name: Import a key from a file
+      ansible.builtin.rpm_key:
+        state: present
+        key: "{{ mount_rke2_path }}/public.key"
+      when:
+        - ansible_os_family == "RedHat"
 
-  - name: Install RKE2 common packages
-    ansible.builtin.dnf:
-      name: "{{ mount_rke2_common_rpm_path }}"
-      state: present
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8
+    - name: Install RKE2 selinux packages (dependency for RKE2 common)
+      ansible.builtin.dnf:
+        name: "{{ mount_rke2_selinux_rpm_path }}"
+        state: present
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8
 
-  # Start
-  - name: Mask RKE2 agent service on the first server
-    ansible.builtin.systemd:
-      name: "rke2-server.service"
-      enabled: false
-      masked: true
+    - name: Install RKE2 common packages
+      ansible.builtin.dnf:
+        name: "{{ mount_rke2_common_rpm_path }}"
+        state: present
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8
 
-  - name: Start and enable rke2-server
-    ansible.builtin.systemd:
-      name: rke2-agent.service
-      state: started
-      enabled: yes
-    notify: "Service (re)started"
+    # Start
+    - name: Mask RKE2 agent service on the first server
+      ansible.builtin.systemd:
+        name: "rke2-server.service"
+        enabled: false
+        masked: true
 
-  become: true
\ No newline at end of file
+    - name: Start and enable rke2-server
+      ansible.builtin.systemd:
+        name: rke2-agent.service
+        state: started
+        enabled: true
+      notify: "Service (re)started"
\ No newline at end of file
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 1430066b5..d7212b1a5 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -1,3 +1,4 @@
+---
 - name: Create the NERDCTL directory
   ansible.builtin.file:
     path: /etc/nerdctl
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index a6a6b1341..38f4051d7 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -17,7 +17,7 @@
   register: found_images
 
 - name: Copy longhorn images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
   changed_when: false
   with_items: "{{ found_images['files'] }}"
 
@@ -29,7 +29,7 @@
   register: found_images
 
 - name: Copy Cert-manager images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
   changed_when: false
   with_items: "{{ found_images['files'] }}"
 
@@ -41,7 +41,7 @@
   register: found_images
 
 - name: Copy Neuvector images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
   changed_when: false
   with_items: "{{ found_images['files'] }}"
 
@@ -53,7 +53,7 @@
   register: found_images
 
 - name: Copy Rancher images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename  | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
   changed_when: false
   with_items: "{{ found_images['files'] }}"
 

From ac0fe4517f944f7e679032edcc94390a8de2b6a5 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 16:09:51 +0100
Subject: [PATCH 053/365] small corrections

---
 roles/deploy_certmanager/tasks/deploy.yml     | 42 +++++-----
 roles/deploy_certmanager/tasks/main.yml       |  3 +-
 roles/deploy_longhorn/tasks/deploy.yml        | 36 ++++-----
 roles/deploy_longhorn/tasks/install.yml       | 27 +++----
 roles/deploy_longhorn/tasks/main.yml          |  6 +-
 roles/deploy_neuvector/tasks/deploy.yml       | 74 +++++++++---------
 roles/deploy_neuvector/tasks/main.yml         |  3 +-
 roles/deploy_rancher/tasks/deploy.yml         | 38 +++++-----
 roles/deploy_rancher/tasks/main.yml           |  3 +-
 roles/install_rke2_common/defaults/main.yml   |  2 +-
 roles/install_rke2_common/tasks/install.yml   |  4 +-
 roles/install_rke2_common/tasks/rhel.yml      | 27 +++----
 roles/install_rke2_common/tasks/token.yml     | 20 ++---
 roles/install_rke2_controller/tasks/admin.yml | 76 ++++++++++---------
 .../install_rke2_controller/tasks/arkade.yml  | 65 ++++++++--------
 roles/install_utils_registry/tasks/load.yml   |  3 +-
 roles/install_utils_registry/tasks/push.yml   |  2 +-
 roles/set_firewalld/tasks/delete_service.yml  |  2 +-
 .../tasks/manage_firewalld_zone.yml           |  4 +-
 roles/set_nfs_export/tasks/firewalld.yml      |  2 +-
 20 files changed, 222 insertions(+), 217 deletions(-)

diff --git a/roles/deploy_certmanager/tasks/deploy.yml b/roles/deploy_certmanager/tasks/deploy.yml
index 14b557b10..e2d10358a 100644
--- a/roles/deploy_certmanager/tasks/deploy.yml
+++ b/roles/deploy_certmanager/tasks/deploy.yml
@@ -1,3 +1,4 @@
+---
 - name: "Deploy Certmanager"
   run_once: true
   become: true
@@ -5,25 +6,24 @@
   become_method: sudo
   become_flags: "-i"
   block:
-
-  - name: Deploy helm charts
-    kubernetes.core.helm:
-      atomic: true
-      name: "cert-manager"
-      chart_ref: "{{ mount_helm_path }}/{{ cert_charts }}"
-      release_namespace: "cert-manager"
-      create_namespace: true
-      values:
-        installCRDs: true 
-        image:
-          repository: localhost:5000/cert/cert-manager-controller
-        webhook:
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "cert-manager"
+        chart_ref: "{{ mount_helm_path }}/{{ cert_charts }}"
+        release_namespace: "cert-manager"
+        create_namespace: true
+        values:
+          installCRDs: true 
           image:
-            repository: localhost:5000/cert/cert-manager-webhook 
-        cainjector:
-          image:
-            repository: localhost:5000/cert/cert-manager-cainjector 
-        startupapicheck:
-          image:
-            repository: localhost:5000/cert/cert-manager-ctl 
-      kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+            repository: localhost:5000/cert/cert-manager-controller
+          webhook:
+            image:
+              repository: localhost:5000/cert/cert-manager-webhook 
+          cainjector:
+            image:
+              repository: localhost:5000/cert/cert-manager-cainjector 
+          startupapicheck:
+            image:
+              repository: localhost:5000/cert/cert-manager-ctl 
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/deploy_certmanager/tasks/main.yml b/roles/deploy_certmanager/tasks/main.yml
index 04640d714..f5fad2371 100644
--- a/roles/deploy_certmanager/tasks/main.yml
+++ b/roles/deploy_certmanager/tasks/main.yml
@@ -1,6 +1,5 @@
 ---
 # tasks file for deploy_cert
-
 - name: Deploy with the Helm Charts on master
-  import_tasks: deploy.yml
+  ansible.builtin.import_tasks: deploy.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
diff --git a/roles/deploy_longhorn/tasks/deploy.yml b/roles/deploy_longhorn/tasks/deploy.yml
index 22fd372b2..a65ffcd3b 100644
--- a/roles/deploy_longhorn/tasks/deploy.yml
+++ b/roles/deploy_longhorn/tasks/deploy.yml
@@ -1,3 +1,4 @@
+---
 - name: "Deploy Longhorn"
   run_once: true
   become: true
@@ -5,21 +6,20 @@
   become_method: sudo
   become_flags: "-i"
   block: 
-
-  - name: Deploy helm charts
-    kubernetes.core.helm:
-      atomic: true
-      name: "longhorn"
-      chart_ref: "{{ mount_helm_path }}/{{ longhorn_charts }}"
-      release_namespace: "longhorn-system"
-      create_namespace: true
-      values:
-        global:
-          cattle:
-            systemDefaultRegistry: "localhost:5000"
-        ingress:
-          enabled: true
-          host: "{{ longhorn_url }}"
-        defaultSettings:
-          defaultDataPath: "{{ longhorn_datapath }}"
-      kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "longhorn"
+        chart_ref: "{{ mount_helm_path }}/{{ longhorn_charts }}"
+        release_namespace: "longhorn-system"
+        create_namespace: true
+        values:
+          global:
+            cattle:
+              systemDefaultRegistry: "localhost:5000"
+          ingress:
+            enabled: true
+            host: "{{ longhorn_url }}"
+          defaultSettings:
+            defaultDataPath: "{{ longhorn_datapath }}"
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/deploy_longhorn/tasks/install.yml b/roles/deploy_longhorn/tasks/install.yml
index 36ccecdf0..938515925 100644
--- a/roles/deploy_longhorn/tasks/install.yml
+++ b/roles/deploy_longhorn/tasks/install.yml
@@ -1,20 +1,21 @@
-# Install and start iscsid 
-- block:
-  - name: Ensure iscsi-initiator-utils package is installed on Redhat based OS
-    ansible.builtin.dnf:
-      name:  iscsi-initiator-utils
-      state: present
-
-  - name: Start and enable iscsid
-    ansible.builtin.systemd:
-      name: iscsid
-      state: started
-      enabled: yes
-
+---
+# Install and start iscsid on RHEL 8
+- name: Install and start iscsid on RHEL 8
   become: true
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
+  block:
+    - name: Ensure iscsi-initiator-utils package is installed on Redhat based OS
+      ansible.builtin.dnf:
+        name:  iscsi-initiator-utils
+        state: present
+
+    - name: Start and enable iscsid
+      ansible.builtin.systemd:
+        name: iscsid
+        state: started
+        enabled: yes
 
 - name: Ensure longhorn directory exist
   ansible.builtin.file:
diff --git a/roles/deploy_longhorn/tasks/main.yml b/roles/deploy_longhorn/tasks/main.yml
index 1503a0749..e04e970b7 100644
--- a/roles/deploy_longhorn/tasks/main.yml
+++ b/roles/deploy_longhorn/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 # tasks file for deploy_longhorn
 - name: Gather facts
-  setup:
+  ansible.builtin.setup:
     gather_subset:
       - "distribution"
       - "distribution_major_version"
@@ -10,8 +10,8 @@
     ansible_os_family is not defined
 
 - name: Tasks for RHEL-like OS
-  import_tasks: install.yml
+  ansible.builtin.import_tasks: install.yml
 
 - name: Deploy with the Helm Charts on master
-  import_tasks: deploy.yml
+  ansible.builtin.import_tasks: deploy.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
diff --git a/roles/deploy_neuvector/tasks/deploy.yml b/roles/deploy_neuvector/tasks/deploy.yml
index fe63b47e7..80235d954 100644
--- a/roles/deploy_neuvector/tasks/deploy.yml
+++ b/roles/deploy_neuvector/tasks/deploy.yml
@@ -1,3 +1,4 @@
+---
 - name: "Deploy Neuvector"
   run_once: true
   become: true
@@ -5,43 +6,42 @@
   become_method: sudo
   become_flags: "-i"
   block:
-
-  - name: Deploy helm charts
-    kubernetes.core.helm:
-      atomic: true
-      name: "neuvector"
-      chart_ref: "{{ mount_helm_path }}/{{ neuvector_charts }}"
-      release_namespace: "neuvector"
-      create_namespace: true
-      values:
-        imagePullSecrets: regsecret
-        registry: localhost:5000
-        k3s:
-          enabled: true
-          runtimePath: /run/k3s/containerd/containerd.sock
-        manager:
-          image:
-            repository: neuvector/manager
-          ingress:
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "neuvector"
+        chart_ref: "{{ mount_helm_path }}/{{ neuvector_charts }}"
+        release_namespace: "neuvector"
+        create_namespace: true
+        values:
+          imagePullSecrets: regsecret
+          registry: localhost:5000
+          k3s:
             enabled: true
+            runtimePath: /run/k3s/containerd/containerd.sock
+          manager:
+            image:
+              repository: neuvector/manager
             ingress:
-              host: "{{ neuvector_url }}"
-          svc:
-            type: ClusterIP
-        controller:
-          image:
-            repository: neuvector/controller
-          pvc: 
-            enabled: true
-            capacity: 500Mi
-        enforcer:
-          image:
-            repository: neuvector/enforcer
-        internal:
-          certmanager:
-            enabled: true
-        cve:
-          updater:
+              enabled: true
+              ingress:
+                host: "{{ neuvector_url }}"
+            svc:
+              type: ClusterIP
+          controller:
+            image:
+              repository: neuvector/controller
+            pvc: 
+              enabled: true
+              capacity: 500Mi
+          enforcer:
             image:
-              repository: neuvector/updater
-      kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+              repository: neuvector/enforcer
+          internal:
+            certmanager:
+              enabled: true
+          cve:
+            updater:
+              image:
+                repository: neuvector/updater
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/deploy_neuvector/tasks/main.yml b/roles/deploy_neuvector/tasks/main.yml
index fad70591e..f29892c31 100644
--- a/roles/deploy_neuvector/tasks/main.yml
+++ b/roles/deploy_neuvector/tasks/main.yml
@@ -1,6 +1,5 @@
 ---
 # tasks file for deploy_neuvector
-
 - name: Install Cert-manager as Neuvector prerequisites
   ansible.builtin.import_role:
     name: deploy_certmanager
@@ -8,5 +7,5 @@
   tags: certmanager
 
 - name: Deploy with the Helm Charts on master
-  import_tasks: deploy.yml
+  ansible.builtin.import_tasks: deploy.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
diff --git a/roles/deploy_rancher/tasks/deploy.yml b/roles/deploy_rancher/tasks/deploy.yml
index f79e600da..f90b2fee0 100644
--- a/roles/deploy_rancher/tasks/deploy.yml
+++ b/roles/deploy_rancher/tasks/deploy.yml
@@ -1,3 +1,4 @@
+---
 - name: "Deploy Rancher"
   run_once: true
   become: true
@@ -5,22 +6,21 @@
   become_method: sudo
   become_flags: "-i"
   block:
-
-  - name: Deploy helm charts
-    kubernetes.core.helm:
-      atomic: true
-      name: "rancher"
-      chart_ref: "{{ mount_helm_path }}/{{ rancher_charts }}"
-      release_namespace: "cattle-system"
-      create_namespace: true
-      values:
-        useBundledSystemChart: true
-        bootstrapPassword: "{{ rancher_password }}"
-        replicas: 1
-        systemDefaultRegistry: localhost:5000
-        rancherImage: localhost:5000/rancher/rancher
-        hostname: "{{ rancher_url }}"
-        auditLog:
-          level: 2 
-          destination: hostPath
-      kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "rancher"
+        chart_ref: "{{ mount_helm_path }}/{{ rancher_charts }}"
+        release_namespace: "cattle-system"
+        create_namespace: true
+        values:
+          useBundledSystemChart: true
+          bootstrapPassword: "{{ rancher_password }}"
+          replicas: 1
+          systemDefaultRegistry: localhost:5000
+          rancherImage: localhost:5000/rancher/rancher
+          hostname: "{{ rancher_url }}"
+          auditLog:
+            level: 2 
+            destination: hostPath
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/deploy_rancher/tasks/main.yml b/roles/deploy_rancher/tasks/main.yml
index 6b5ddd861..ca1101f7d 100644
--- a/roles/deploy_rancher/tasks/main.yml
+++ b/roles/deploy_rancher/tasks/main.yml
@@ -1,6 +1,5 @@
 ---
 # tasks file for deploy_rancher
-
 - name: Install Cert-manager as Rancher prerequisites
   ansible.builtin.import_role:
     name: deploy_certmanager
@@ -8,5 +7,5 @@
   tags: certmanager
 
 - name: Deploy with the Helm Charts on master
-  import_tasks: deploy.yml
+  ansible.builtin.import_tasks: deploy.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
diff --git a/roles/install_rke2_common/defaults/main.yml b/roles/install_rke2_common/defaults/main.yml
index 8546a2855..f13db545b 100644
--- a/roles/install_rke2_common/defaults/main.yml
+++ b/roles/install_rke2_common/defaults/main.yml
@@ -1,3 +1,3 @@
 ---
 # defaults file for install_common
-admin_user: "{{ global_install_user }}"
+admin_user: "{{ global_install_user }}"
\ No newline at end of file
diff --git a/roles/install_rke2_common/tasks/install.yml b/roles/install_rke2_common/tasks/install.yml
index 28a6e3f9d..b8aafdea1 100644
--- a/roles/install_rke2_common/tasks/install.yml
+++ b/roles/install_rke2_common/tasks/install.yml
@@ -1,3 +1,4 @@
+---
 - name: Ensure admin_user exist
   ansible.builtin.user:
     name: "{{ admin_user }}"
@@ -24,4 +25,5 @@
   ansible.builtin.template:
     src: rke2.conf
     dest: /etc/sysctl.d/rke2.conf
-  notify: Restart systemd-sysctl
+    mode: '0600'
+  notify: Restart systemd-sysctl
\ No newline at end of file
diff --git a/roles/install_rke2_common/tasks/rhel.yml b/roles/install_rke2_common/tasks/rhel.yml
index 086fbf357..2ff9d0cce 100644
--- a/roles/install_rke2_common/tasks/rhel.yml
+++ b/roles/install_rke2_common/tasks/rhel.yml
@@ -1,14 +1,19 @@
 # For RHEL >= 8 as root
-- block:
+- name: Specific actions to be done on RHEL 8
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+  block:
     - name: Display message
-      debug:
+      ansible.builtin.debug:
         msg: "Specific actions regarding servers in RHEL 8/9"
 
     # Desactivate Cloud services
     - name: Disable service nm-cloud-setup
       ansible.builtin.systemd:
         name: nm-cloud-setup.service
-        enabled: no
+        enabled: false
         state: stopped
       when: ansible_facts['services']['nm-cloud-setup.service'] is defined
 
@@ -26,6 +31,7 @@
           [keyfile]
           unmanaged-devices=interface-name:cali*;interface-name:flannel*
         dest: /etc/NetworkManager/conf.d/rke2-canal.conf
+        mode: '0600'
       when: ansible_facts['services']['NetworkManager.service'] is defined
 
     - name: Set rke2-canal.conf file permissions
@@ -44,18 +50,13 @@
         - ansible_facts['services']['NetworkManager.service'] is defined
         - ansible_facts['services']['NetworkManager.service']['state'] == "running"
 
-  become: true
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
-
 # For RHEL 7 as root
-- block:
-    - name: Display message
-      debug:
-        msg: "Specific actions regarding servers in RHEL 7"
-
+- name: Specific actions to be done on RHEL 7
   become: true
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int == 7
+  block:
+    - name: Display message
+      debug:
+        msg: "Specific actions regarding servers in RHEL 7"
\ No newline at end of file
diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index 564a0fce3..d305fd6e1 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -1,16 +1,18 @@
+---
 ## Get Token if one exist
 - name: Check if token already exist
   ansible.builtin.stat:
     path: "{{ mount_path }}/token"
   register: token
 
-- block: 
-  - name: Read node-token from NFS share
-    ansible.builtin.slurp:
-      src: "{{ mount_path }}/token"
-    register: node_token
+- name: Read token if exist
+  when: token['stat'].exists
+  block: 
+    - name: Read node-token from NFS share
+      ansible.builtin.slurp:
+        src: "{{ mount_path }}/token"
+      register: node_token
 
-  - name: Store Master node-token
-    ansible.builtin.set_fact:
-      rke2_config_token: "{{ node_token['content'] | b64decode | regex_replace('\n', '') }}"
-  when: token['stat'].exists
\ No newline at end of file
+    - name: Store Master node-token
+      ansible.builtin.set_fact:
+        rke2_config_token: "{{ node_token['content'] | b64decode | regex_replace('\n', '') }}"
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 7263a48eb..2c391f316 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -1,41 +1,43 @@
+---
 # Admin setup
-- block:
-  - name: Remove old Kubeconfig file
-    ansible.builtin.file:
-      path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
-      state: absent
-    become_user: "{{ admin_user }}"
+- name: Admin setup
+  block:
+    - name: Remove old Kubeconfig file
+      ansible.builtin.file:
+        path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
+        state: absent
+      become_user: "{{ admin_user }}"
 
-  - name: Ensure .kube dir exist
-    ansible.builtin.file:
-      path: "$HOME/.kube"
-      state: directory
-      mode: 0700
-      recurse: yes
-    become_user: "{{ admin_user }}"
-    
-  - name: Copy kubeconfig in Admin home dir
-    ansible.builtin.copy:
-      src: "/etc/rancher/rke2/rke2.yaml"
-      dest: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
-      owner: "{{ admin_user }}"
-      group: "{{ admin_user }}"
-      force: true
-      remote_src: true
-      mode: '0600'
-    become: true
+    - name: Ensure .kube dir exist
+      ansible.builtin.file:
+        path: "$HOME/.kube"
+        state: directory
+        mode: 0700
+        recurse: yes
+      become_user: "{{ admin_user }}"
 
-  - name: Change localhost with master ip in kubeconfig
-    ansible.builtin.lineinfile:
-      path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
-      search_string: '127.0.0.1'
-      line: "    server: https://{{ master }}:6443"
-    become_user: "{{ admin_user }}"
+    - name: Copy kubeconfig in Admin home dir
+      ansible.builtin.copy:
+        src: "/etc/rancher/rke2/rke2.yaml"
+        dest: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        force: true
+        remote_src: true
+        mode: '0600'
+      become: true
 
-  - name: Update Admin .bashrc
-    ansible.builtin.blockinfile:
-      path: "$HOME/.bashrc"
-      block: |
-        export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
-      marker: "# {mark} ANSIBLE setup Kubeconfig"      
-    become_user: "{{ admin_user }}"
\ No newline at end of file
+    - name: Change localhost with master ip in kubeconfig
+      ansible.builtin.lineinfile:
+        path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
+        search_string: '127.0.0.1'
+        line: "    server: https://{{ master }}:6443"
+      become_user: "{{ admin_user }}"
+
+    - name: Update Admin .bashrc
+      ansible.builtin.blockinfile:
+        path: "$HOME/.bashrc"
+        block: |
+          export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
+        marker: "# {mark} ANSIBLE setup Kubeconfig"      
+      become_user: "{{ admin_user }}"
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index cf8a8b28a..244028139 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -1,3 +1,4 @@
+---
 # As root
 - name: Ensure that admin user can access
   ansible.builtin.file:
@@ -15,37 +16,37 @@
   become: true
 
 # As Admin User
-- block:
-  - name: Ensure Arkade directory exist
-    ansible.builtin.file:
-      path: "$HOME/.arkade/bin"
-      state: directory
-      recurse: true
-      owner: "{{ admin_user }}"
-      group: "{{ admin_user }}"
-      mode: '0700'
-
-  - name: Copy utils into .arkade/bin
-    ansible.builtin.copy:
-      src: "{{ mount_utils_path }}/{{ item }}"
-      dest: "$HOME/.arkade/bin/{{ item }}"
-      force: true
-      remote_src: true
-      mode: '0700'
-    loop:
-    - yq
-    - jq
-    - helm
-    - just
-    - kubectl
-    - k9s
+- name: Import arkade packages
+  become: true
+  become_user: "{{ admin_user }}"  
+  block:
+    - name: Ensure Arkade directory exist
+      ansible.builtin.file:
+        path: "$HOME/.arkade/bin"
+        state: directory
+        recurse: true
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0700'
 
-  - name: Update .bashrc
-    ansible.builtin.blockinfile:
-      path: "$HOME/.bashrc"
-      block: |
-        export PATH=$PATH:$HOME/.arkade/bin
-      marker: "# {mark} ANSIBLE install arkade utils"
+    - name: Copy utils into .arkade/bin
+      ansible.builtin.copy:
+        src: "{{ mount_utils_path }}/{{ item }}"
+        dest: "$HOME/.arkade/bin/{{ item }}"
+        force: true
+        remote_src: true
+        mode: '0700'
+      loop:
+      - yq
+      - jq
+      - helm
+      - just
+      - kubectl
+      - k9s
 
-  become: true
-  become_user: "{{ admin_user }}"
\ No newline at end of file
+    - name: Update .bashrc
+      ansible.builtin.blockinfile:
+        path: "$HOME/.bashrc"
+        block: |
+          export PATH=$PATH:$HOME/.arkade/bin
+        marker: "# {mark} ANSIBLE install arkade utils"
\ No newline at end of file
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index 38f4051d7..3da0c18a2 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -70,5 +70,4 @@
 
 - name: Display Output
   debug:
-    var: docker['stdout_lines']
-    
\ No newline at end of file
+    var: docker['stdout_lines']
\ No newline at end of file
diff --git a/roles/install_utils_registry/tasks/push.yml b/roles/install_utils_registry/tasks/push.yml
index bf695cebc..89b63c0a4 100644
--- a/roles/install_utils_registry/tasks/push.yml
+++ b/roles/install_utils_registry/tasks/push.yml
@@ -15,4 +15,4 @@
     remote_src: true
     mode: "0750"
   notify: Restart rke2-agent
-  when: caller_role_name == "worker"  
+  when: caller_role_name == "worker"
\ No newline at end of file
diff --git a/roles/set_firewalld/tasks/delete_service.yml b/roles/set_firewalld/tasks/delete_service.yml
index b08eb240f..0a42bad89 100644
--- a/roles/set_firewalld/tasks/delete_service.yml
+++ b/roles/set_firewalld/tasks/delete_service.yml
@@ -13,7 +13,7 @@
   ansible.builtin.file:
     path: "{{ firewalld_path }}/services/{{ service['name'] }}.xml"
     state: absent
-  when:  service['erase'] == true
+  when:  service['erase']
   notify: Restart firewalld
 
 - name: Flush handlers now
diff --git a/roles/set_firewalld/tasks/manage_firewalld_zone.yml b/roles/set_firewalld/tasks/manage_firewalld_zone.yml
index 8a9d964b8..32e6e0d6a 100644
--- a/roles/set_firewalld/tasks/manage_firewalld_zone.yml
+++ b/roles/set_firewalld/tasks/manage_firewalld_zone.yml
@@ -1,5 +1,5 @@
 ---
-- name: Manage firewalld file zone definition {{ zone['name'] }} 
+- name: Manage firewalld file zone definition {{ zone['name'] }}
   ansible.builtin.template:
     src: zone.xml.j2
     dest: "{{ firewalld_path }}/zones/{{ zone['name'] }}.xml"
@@ -12,7 +12,7 @@
 - name: Flush handlers now
   ansible.builtin.meta: flush_handlers
 
-- name: Manage firewalld zone definition {{ zone['name'] }} 
+- name: Manage firewalld zone definition {{ zone['name'] }}
   ansible.posix.firewalld:
     zone: "{{ zone['name'] }}"
     permanent: true
diff --git a/roles/set_nfs_export/tasks/firewalld.yml b/roles/set_nfs_export/tasks/firewalld.yml
index b6353c6c3..605fbbc1e 100644
--- a/roles/set_nfs_export/tasks/firewalld.yml
+++ b/roles/set_nfs_export/tasks/firewalld.yml
@@ -5,7 +5,7 @@
     - ansible_facts['services']['firewalld.service'] is defined
     - ansible_facts['services']['firewalld.service']['state'] == "running"
   block:
-    - name: firewalld NFS port enabled
+    - name: Firewalld NFS port enabled
       ansible.posix.firewalld:
         service: "{{ item }}"
         permanent: true

From df669d36adc124f869ce73b571eb3c9d023eae30 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 16:33:58 +0100
Subject: [PATCH 054/365] small corrections

---
 roles/build_airgap_package/tasks/main.yml     |   2 +-
 roles/build_airgap_package/tasks/utils.yml    |   3 +-
 roles/deploy_certmanager/tasks/deploy.yml     |   8 +-
 roles/deploy_longhorn/tasks/deploy.yml        |   2 +-
 roles/deploy_neuvector/tasks/deploy.yml       |   2 +-
 roles/deploy_rancher/tasks/deploy.yml         |   2 +-
 roles/install_rke2_common/tasks/install.yml   |   2 +-
 roles/install_rke2_common/tasks/rhel.yml      |   7 +-
 roles/install_rke2_common/tasks/token.yml     |   2 +-
 .../install_rke2_controller/defaults/main.yml |   2 +-
 roles/install_rke2_controller/tasks/admin.yml |   2 +-
 .../install_rke2_controller/tasks/arkade.yml  |  14 +-
 .../install_rke2_controller/tasks/install.yml | 285 +++++++++---------
 .../tasks/localhost.yml                       |  26 +-
 roles/install_rke2_worker/tasks/install.yml   |   2 +-
 roles/install_utils_registry/tasks/load.yml   |   3 +-
 roles/set_firewalld/tasks/delete_service.yml  |   4 +-
 17 files changed, 188 insertions(+), 180 deletions(-)

diff --git a/roles/build_airgap_package/tasks/main.yml b/roles/build_airgap_package/tasks/main.yml
index ebb51ae87..4ad006a3b 100644
--- a/roles/build_airgap_package/tasks/main.yml
+++ b/roles/build_airgap_package/tasks/main.yml
@@ -24,5 +24,5 @@
 - name: Import images
   ansible.builtin.import_tasks: images.yml
 
-- name: Compress the all thing 
+- name: Compress the all thing
   ansible.builtin.import_tasks: compress.yml
\ No newline at end of file
diff --git a/roles/build_airgap_package/tasks/utils.yml b/roles/build_airgap_package/tasks/utils.yml
index 15697791f..1d050cc68 100644
--- a/roles/build_airgap_package/tasks/utils.yml
+++ b/roles/build_airgap_package/tasks/utils.yml
@@ -8,7 +8,8 @@
 - name: Arkade get packages
   ansible.builtin.shell:
     "{{ directory_package }}/utils/arkade get --progress=false --path {{ directory_package }}/utils/ {{ item }} > /dev/null"
-  loop: 
+  changed_when: false
+  loop:
     - yq
     - jq
     - helm
diff --git a/roles/deploy_certmanager/tasks/deploy.yml b/roles/deploy_certmanager/tasks/deploy.yml
index e2d10358a..bd43808e4 100644
--- a/roles/deploy_certmanager/tasks/deploy.yml
+++ b/roles/deploy_certmanager/tasks/deploy.yml
@@ -14,16 +14,16 @@
         release_namespace: "cert-manager"
         create_namespace: true
         values:
-          installCRDs: true 
+          installCRDs: true
           image:
             repository: localhost:5000/cert/cert-manager-controller
           webhook:
             image:
-              repository: localhost:5000/cert/cert-manager-webhook 
+              repository: localhost:5000/cert/cert-manager-webhook
           cainjector:
             image:
-              repository: localhost:5000/cert/cert-manager-cainjector 
+              repository: localhost:5000/cert/cert-manager-cainjector
           startupapicheck:
             image:
-              repository: localhost:5000/cert/cert-manager-ctl 
+              repository: localhost:5000/cert/cert-manager-ctl
         kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/deploy_longhorn/tasks/deploy.yml b/roles/deploy_longhorn/tasks/deploy.yml
index a65ffcd3b..86806671a 100644
--- a/roles/deploy_longhorn/tasks/deploy.yml
+++ b/roles/deploy_longhorn/tasks/deploy.yml
@@ -5,7 +5,7 @@
   become_user: "{{ admin_user }}"
   become_method: sudo
   become_flags: "-i"
-  block: 
+  block:
     - name: Deploy helm charts
       kubernetes.core.helm:
         atomic: true
diff --git a/roles/deploy_neuvector/tasks/deploy.yml b/roles/deploy_neuvector/tasks/deploy.yml
index 80235d954..ebf55dd03 100644
--- a/roles/deploy_neuvector/tasks/deploy.yml
+++ b/roles/deploy_neuvector/tasks/deploy.yml
@@ -31,7 +31,7 @@
           controller:
             image:
               repository: neuvector/controller
-            pvc: 
+            pvc:
               enabled: true
               capacity: 500Mi
           enforcer:
diff --git a/roles/deploy_rancher/tasks/deploy.yml b/roles/deploy_rancher/tasks/deploy.yml
index f90b2fee0..e2d2c26b3 100644
--- a/roles/deploy_rancher/tasks/deploy.yml
+++ b/roles/deploy_rancher/tasks/deploy.yml
@@ -21,6 +21,6 @@
           rancherImage: localhost:5000/rancher/rancher
           hostname: "{{ rancher_url }}"
           auditLog:
-            level: 2 
+            level: 2
             destination: hostPath
         kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/install_rke2_common/tasks/install.yml b/roles/install_rke2_common/tasks/install.yml
index b8aafdea1..88f248721 100644
--- a/roles/install_rke2_common/tasks/install.yml
+++ b/roles/install_rke2_common/tasks/install.yml
@@ -19,7 +19,7 @@
     - cryptsetup
   when:
     - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8 
+    - ansible_distribution_major_version | int >= 8
 
 - name: Create sysctl.conf from template
   ansible.builtin.template:
diff --git a/roles/install_rke2_common/tasks/rhel.yml b/roles/install_rke2_common/tasks/rhel.yml
index 2ff9d0cce..de35bfb41 100644
--- a/roles/install_rke2_common/tasks/rhel.yml
+++ b/roles/install_rke2_common/tasks/rhel.yml
@@ -1,3 +1,4 @@
+---
 # For RHEL >= 8 as root
 - name: Specific actions to be done on RHEL 8
   become: true
@@ -21,7 +22,7 @@
       ansible.builtin.systemd:
         name: nm-cloud-setup.timer
         state: stopped
-        enabled: no
+        enabled: false
       when: ansible_facts['services']['nm-cloud-setup.service'] is defined
 
     # Networker config
@@ -46,7 +47,7 @@
       ansible.builtin.systemd:
         name: NetworkManager
         state: reloaded
-      when: 
+      when:
         - ansible_facts['services']['NetworkManager.service'] is defined
         - ansible_facts['services']['NetworkManager.service']['state'] == "running"
 
@@ -58,5 +59,5 @@
     - ansible_distribution_major_version | int == 7
   block:
     - name: Display message
-      debug:
+      ansible.builtin.debug:
         msg: "Specific actions regarding servers in RHEL 7"
\ No newline at end of file
diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index d305fd6e1..a8fe14a72 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -7,7 +7,7 @@
 
 - name: Read token if exist
   when: token['stat'].exists
-  block: 
+  block:
     - name: Read node-token from NFS share
       ansible.builtin.slurp:
         src: "{{ mount_path }}/token"
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 39a928ff5..12b098e99 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -12,7 +12,7 @@ mount_rke2_common_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_common_rpm_ver
 mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
 
 # Firewall rules
-controller_firewalld_rules: 
+controller_firewalld_rules:
   inbound:
     - name: rke2
       zone: public
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 2c391f316..fc3a34dc4 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -13,7 +13,7 @@
         path: "$HOME/.kube"
         state: directory
         mode: 0700
-        recurse: yes
+        recurse: true
       become_user: "{{ admin_user }}"
 
     - name: Copy kubeconfig in Admin home dir
diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index 244028139..d28f59f60 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -18,7 +18,7 @@
 # As Admin User
 - name: Import arkade packages
   become: true
-  become_user: "{{ admin_user }}"  
+  become_user: "{{ admin_user }}"
   block:
     - name: Ensure Arkade directory exist
       ansible.builtin.file:
@@ -37,12 +37,12 @@
         remote_src: true
         mode: '0700'
       loop:
-      - yq
-      - jq
-      - helm
-      - just
-      - kubectl
-      - k9s
+        - yq
+        - jq
+        - helm
+        - just
+        - kubectl
+        - k9s
 
     - name: Update .bashrc
       ansible.builtin.blockinfile:
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 02551bf64..9ed09209e 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -1,141 +1,146 @@
+---
 # As root
-- block:
-
-  - name: Create etcd group
-    ansible.builtin.group:
-      name: etcd
-      state: present
-
-  - name: Create etcd user
-    ansible.builtin.user:
-      name: etcd
-      comment: "etcd user"
-      shell: /sbin/nologin
-      system: yes
-      createhome: false
-
-  - name: Create directories
-    ansible.builtin.file:
-      path: "{{ item }}"
-      state: directory
-      recurse: true
-      mode: '0750'
-    with_items:
-      - /etc/rancher/rke2/
-      - /var/lib/rancher/rke2/server/manifests/
-      - /var/lib/rancher/rke2/agent/images
-
-  - name: Configure RKE2 config.yaml
-    ansible.builtin.template:
-      src: config.yaml.j2
-      dest: /etc/rancher/rke2/config.yaml
-
-  - name: Set up audit policy file
-    ansible.builtin.copy:
-      content: |
-        apiVersion: audit.k8s.io/v1
-        kind: Policy
-        rules:
-        - level: RequestResponse
-      dest: /etc/rancher/rke2/audit-policy.yaml
-
-  - name: Set up ssl passthrough for nginx
-    ansible.builtin.copy:
-      content: |
-        apiVersion: helm.cattle.io/v1
-        kind: HelmChartConfig
-        metadata:
-          name: rke2-ingress-nginx
-          namespace: kube-system
-        spec:
-          valuesContent: |-
-            controller:
-              config:
-                use-forwarded-headers: true
-              extraArgs:
-                enable-ssl-passthrough: true
-      dest: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
-
-  - name: Install RKE2 server node
-    ansible.builtin.shell:
-      cmd: "INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh"
-      chdir: "{{ mount_rke2_path }}"
-    register: install_server_output
-    failed_when: false
-
-  - ansible.builtin.debug:
-      var: install_server_output['stdout_lines']
-
-  # RPM
-  - name: Install packages common to controlers
-    ansible.builtin.dnf:
-      name: "{{ item }}"
-      state: present
-    with_items:
-      - zstd
-      - skopeo
-    become: true
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8 
-
-  - name: Import a key from a file
-    ansible.builtin.rpm_key:
-      state: present
-      key: "{{ mount_rke2_path }}/public.key"
-    when:
-      - ansible_os_family == "RedHat"
-
-  - name: Install RKE2 selinux packages (dependency for RKE2 common)
-    ansible.builtin.dnf:
-      name: "{{ mount_rke2_selinux_rpm_path }}"
-      state: present
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8
-
-  - name: Install RKE2 common packages
-    ansible.builtin.dnf:
-      name: "{{ mount_rke2_common_rpm_path }}"
-      state: present
-    when:
-      - ansible_os_family == "RedHat"
-      - ansible_distribution_major_version | int >= 8
-
-  # Service
-  - name: Mask RKE2 agent service on the first server
-    ansible.builtin.systemd:
-      name: "rke2-agent.service"
-      enabled: false
-      masked: true
-
-  - name: Start and enable rke2-server
-    ansible.builtin.systemd:
-      name: rke2-server.service
-      state: started
-      enabled: yes
-    notify: "Service (re)started"
-
-  - name: Wait for k8s apiserver
-    ansible.builtin.wait_for:
-      host: localhost
-      port: "6443"
-      state: present
-      timeout: 300
-
-  - name: Create symlink for containerd.sock
-    ansible.builtin.file:
-      src: /var/run/k3s/containerd/containerd.sock
-      dest: /var/run/containerd/containerd.sock
-      state: link
-
-  - name: Update root .bashrc
-    ansible.builtin.blockinfile:
-      path: ~/.bashrc
-      block: |
-          export KUBECONFIG=/etc/rancher/rke2/rke2.yaml 
-          export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml 
-          PATH=$PATH:/var/lib/rancher/rke2/bin
-      marker: "# {mark} ANSIBLE install_rke2_controler"
-
-  become: true
\ No newline at end of file
+- name: Controller install as root
+  become: true
+  block:
+    - name: Create etcd group
+      ansible.builtin.group:
+        name: etcd
+        state: present
+
+    - name: Create etcd user
+      ansible.builtin.user:
+        name: etcd
+        comment: "etcd user"
+        shell: /sbin/nologin
+        system: true
+        createhome: false
+
+    - name: Create directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+        mode: '0750'
+      with_items:
+        - /etc/rancher/rke2/
+        - /var/lib/rancher/rke2/server/manifests/
+        - /var/lib/rancher/rke2/agent/images
+
+    - name: Configure RKE2 config.yaml
+      ansible.builtin.template:
+        src: config.yaml.j2
+        dest: /etc/rancher/rke2/config.yaml
+        mode: "0640"
+
+    - name: Set up audit policy file
+      ansible.builtin.copy:
+        content: |
+          apiVersion: audit.k8s.io/v1
+          kind: Policy
+          rules:
+          - level: RequestResponse
+        dest: /etc/rancher/rke2/audit-policy.yaml
+        mode: "0640"
+
+    - name: Set up ssl passthrough for nginx
+      ansible.builtin.copy:
+        content: |
+          apiVersion: helm.cattle.io/v1
+          kind: HelmChartConfig
+          metadata:
+            name: rke2-ingress-nginx
+            namespace: kube-system
+          spec:
+            valuesContent: |-
+              controller:
+                config:
+                  use-forwarded-headers: true
+                extraArgs:
+                  enable-ssl-passthrough: true
+        dest: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
+        mode: "0640"
+
+    - name: Install RKE2 server node
+      ansible.builtin.shell:
+        cmd: "set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh"
+        chdir: "{{ mount_rke2_path }}"
+      register: install_server_output
+      failed_when: false
+      changed_when: false
+
+    - name: Display install output
+      ansible.builtin.debug:
+        var: install_server_output['stdout_lines']
+
+    # RPM
+    - name: Install packages common to controlers
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - zstd
+        - skopeo
+      become: true
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8 
+
+    - name: Import a key from a file
+      ansible.builtin.rpm_key:
+        state: present
+        key: "{{ mount_rke2_path }}/public.key"
+      when:
+        - ansible_os_family == "RedHat"
+
+    - name: Install RKE2 selinux packages (dependency for RKE2 common)
+      ansible.builtin.dnf:
+        name: "{{ mount_rke2_selinux_rpm_path }}"
+        state: present
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8
+
+    - name: Install RKE2 common packages
+      ansible.builtin.dnf:
+        name: "{{ mount_rke2_common_rpm_path }}"
+        state: present
+      when:
+        - ansible_os_family == "RedHat"
+        - ansible_distribution_major_version | int >= 8
+
+    # Service
+    - name: Mask RKE2 agent service on the first server
+      ansible.builtin.systemd:
+        name: "rke2-agent.service"
+        enabled: false
+        masked: true
+
+    - name: Start and enable rke2-server
+      ansible.builtin.systemd:
+        name: rke2-server.service
+        state: started
+        enabled: yes
+      notify: "Service (re)started"
+
+    - name: Wait for k8s apiserver
+      ansible.builtin.wait_for:
+        host: localhost
+        port: "6443"
+        state: present
+        timeout: 300
+
+    - name: Create symlink for containerd.sock
+      ansible.builtin.file:
+        src: /var/run/k3s/containerd/containerd.sock
+        dest: /var/run/containerd/containerd.sock
+        state: link
+
+    - name: Update root .bashrc
+      ansible.builtin.blockinfile:
+        path: ~/.bashrc
+        block: |
+            export KUBECONFIG=/etc/rancher/rke2/rke2.yaml 
+            export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml 
+            PATH=$PATH:/var/lib/rancher/rke2/bin
+        marker: "# {mark} ANSIBLE install_rke2_controler"
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 6acbb3b1f..06f8df81f 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -12,39 +12,39 @@
 - name: Check if kubecm is installed on localhost
   delegate_to: localhost
   become: false
-  block: 
-    - name: Check kubecm is installed (part of prerequisites) 
-      ansible.builtin.shell: type kubecm
+  block:
+    - name: Check kubecm is installed (part of prerequisites)
+      ansible.builtin.command: type kubecm
       register: is_installed
       changed_when: false
 
     - name: Add kubeconfig to kubecm
       block:
         - name: Test if default context already exist in your kubeconfig.
-          ansible.builtin.shell: "kubecm list default > /dev/null  2>&1"
+          ansible.builtin.command: "kubecm list default > /dev/null  2>&1"
           changed_when: false
 
         - name: Message to you
-          ansible.builtin.debug: 
-            msg: "Kubeconfig was added to your kubecm." 
+          ansible.builtin.debug:
+            msg: "Kubeconfig was added to your kubecm."
 
       rescue:
-        - name: Add to kubecm 
-          ansible.builtin.shell: "kubecm add -c -f ~/.kube/{{ inventory_hostname }}.yaml"
+        - name: Add to kubecm
+          ansible.builtin.command: "kubecm add -c -f ~/.kube/{{ inventory_hostname }}.yaml"
           changed_when: false
 
         - name: Switch to default
-          ansible.builtin.shell: "kubecm switch default"
+          ansible.builtin.command: "kubecm switch default"
           changed_when: false
 
   rescue:
     - name: No Kubecm
-      ansible.builtin.debug: 
+      ansible.builtin.debug:
         msg: "Kubecm is not installed on your localhost! Not a big problem, but I did not add it to your local kubeconfig."
 
-  always: 
+  always:
     - name: Message to you
-      ansible.builtin.debug: 
+      ansible.builtin.debug:
         msg: "Kubeconfig of this cluster was imported in your localhost in ~/.kube/{{ inventory_hostname }}.yaml"
 
 # Check Flux to Kube API
@@ -52,7 +52,7 @@
   delegate_to: localhost
   become: false
   block:
-    - name: Check kube api 
+    - name: Check kube api
       ansible.builtin.uri:
         url: "https://{{ master }}:6443"
         validate_certs: false
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index 156d1979f..e8c0de849 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -19,7 +19,7 @@
 
     - name: Install RKE2 worker nodes
       ansible.builtin.shell:
-        cmd: "INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh"
+        cmd: "set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh"
         chdir: "{{ mount_rke2_path }}"
       register: install_worker_output
       failed_when: false
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index 3da0c18a2..886cccabc 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -67,7 +67,8 @@
       done;
     done
   register: docker
+  changed_when: false
 
 - name: Display Output
-  debug:
+  ansible.builtin.debug:
     var: docker['stdout_lines']
\ No newline at end of file
diff --git a/roles/set_firewalld/tasks/delete_service.yml b/roles/set_firewalld/tasks/delete_service.yml
index 0a42bad89..9f8583b85 100644
--- a/roles/set_firewalld/tasks/delete_service.yml
+++ b/roles/set_firewalld/tasks/delete_service.yml
@@ -1,11 +1,11 @@
 ---
 # Remove service from zone
 - name: Delete firewalld service {{ service['name'] }}
-  ansible.builtin.firewalld:
+  ansible.posix.firewalld:
     service: "{{ service['name'] }}"
     permanent: true
     immediate: true
-    zone: "{{ service['zone'] | default( firewalld_default_zone ) }}"
+    zone: "{{ service['zone'] | default(firewalld_default_zone) }}"
     state: disabled
 
 # Completely delete service

From f50a9f6fc5f6063fcf1b3fd2aba7d2cb176a7985 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 17:03:16 +0100
Subject: [PATCH 055/365] small corrections

---
 .ansible-lint                                     |  1 +
 galaxy.yml                                        |  5 ++---
 meta/execution-environment.yml                    |  2 +-
 playbooks/tasks/upload.yml                        |  3 +--
 roles/build_airgap_package/tasks/compress.yml     |  3 ++-
 roles/build_airgap_package/tasks/helm.yml         |  1 +
 roles/deploy_certmanager/tasks/deploy.yml         |  2 +-
 roles/deploy_longhorn/tasks/deploy.yml            |  2 +-
 roles/deploy_longhorn/tasks/install.yml           |  2 +-
 roles/deploy_neuvector/tasks/deploy.yml           |  2 +-
 roles/deploy_rancher/tasks/deploy.yml             |  2 +-
 roles/install_rke2_controller/tasks/admin.yml     | 10 ++++------
 roles/install_rke2_controller/tasks/install.yml   |  8 ++++----
 roles/install_rke2_controller/tasks/localhost.yml |  1 +
 14 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 5692932a0..1429ab949 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -10,6 +10,7 @@ exclude_paths:
   - molecule/
   - docs/
   - scripts/
+  - playbooks/tasks # Dir for testing locally
 
 skip_list:
   - yaml[line-length]
diff --git a/galaxy.yml b/galaxy.yml
index aecfb3d0c..ae57500c1 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -14,7 +14,7 @@ description: >
   Ansible Collection to deploy a rancher RKE2 cluster.
 
 license:
-- Apache-2.0
+  - Apache-2.0
 
 tags:
   - devops
@@ -46,5 +46,4 @@ build_ignore:
   - .DS_Store
   - .vscode
   - '.*.tar.gz'
-  - '*.zip'
-
+  - '*.zip'
\ No newline at end of file
diff --git a/meta/execution-environment.yml b/meta/execution-environment.yml
index 65b42944a..9ac0f0b1e 100644
--- a/meta/execution-environment.yml
+++ b/meta/execution-environment.yml
@@ -1,5 +1,5 @@
 ---
-version: 4
+version: 3
 
 dependencies:
   python: meta/ee-requirements.txt
diff --git a/playbooks/tasks/upload.yml b/playbooks/tasks/upload.yml
index fbf3fee7d..ed59d9fa4 100644
--- a/playbooks/tasks/upload.yml
+++ b/playbooks/tasks/upload.yml
@@ -2,8 +2,7 @@
 - name: Dowload Rkub package on first controler
   hosts: RKE2_CONTROLLERS[0]
   gather_facts: false
-  vars_files: 
-    - ../vars/main.yml
+  vars_files: ../vars/main.yml
   tags: controler
   roles:
     - {role: upload_package_zst, tags: upload}
\ No newline at end of file
diff --git a/roles/build_airgap_package/tasks/compress.yml b/roles/build_airgap_package/tasks/compress.yml
index deb5e0755..cfe71f18b 100644
--- a/roles/build_airgap_package/tasks/compress.yml
+++ b/roles/build_airgap_package/tasks/compress.yml
@@ -3,4 +3,5 @@
   ansible.builtin.command:
     "tar -I zstd -vcf {{ tar_zst_name }} -C {{ directory_package }} ."
   args:
-    chdir: "{{ directory_package }}/.."
\ No newline at end of file
+    chdir: "{{ directory_package }}/.."
+  changed_when: false
\ No newline at end of file
diff --git a/roles/build_airgap_package/tasks/helm.yml b/roles/build_airgap_package/tasks/helm.yml
index b2cb54288..43560928b 100644
--- a/roles/build_airgap_package/tasks/helm.yml
+++ b/roles/build_airgap_package/tasks/helm.yml
@@ -13,6 +13,7 @@
     rm -rf linux-amd64 > /dev/null 2>&1
   args:
     chdir: "{{ directory_package }}/helm/"
+  changed_when: false
 
 # Add charts repository
 - name: Add jetstack chart repo
diff --git a/roles/deploy_certmanager/tasks/deploy.yml b/roles/deploy_certmanager/tasks/deploy.yml
index bd43808e4..5c2d35abd 100644
--- a/roles/deploy_certmanager/tasks/deploy.yml
+++ b/roles/deploy_certmanager/tasks/deploy.yml
@@ -3,7 +3,7 @@
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   become_flags: "-i"
   block:
     - name: Deploy helm charts
diff --git a/roles/deploy_longhorn/tasks/deploy.yml b/roles/deploy_longhorn/tasks/deploy.yml
index 86806671a..10dcac8eb 100644
--- a/roles/deploy_longhorn/tasks/deploy.yml
+++ b/roles/deploy_longhorn/tasks/deploy.yml
@@ -3,7 +3,7 @@
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   become_flags: "-i"
   block:
     - name: Deploy helm charts
diff --git a/roles/deploy_longhorn/tasks/install.yml b/roles/deploy_longhorn/tasks/install.yml
index 938515925..3b1fada99 100644
--- a/roles/deploy_longhorn/tasks/install.yml
+++ b/roles/deploy_longhorn/tasks/install.yml
@@ -15,7 +15,7 @@
       ansible.builtin.systemd:
         name: iscsid
         state: started
-        enabled: yes
+        enabled: true
 
 - name: Ensure longhorn directory exist
   ansible.builtin.file:
diff --git a/roles/deploy_neuvector/tasks/deploy.yml b/roles/deploy_neuvector/tasks/deploy.yml
index ebf55dd03..67be841d7 100644
--- a/roles/deploy_neuvector/tasks/deploy.yml
+++ b/roles/deploy_neuvector/tasks/deploy.yml
@@ -3,7 +3,7 @@
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   become_flags: "-i"
   block:
     - name: Deploy helm charts
diff --git a/roles/deploy_rancher/tasks/deploy.yml b/roles/deploy_rancher/tasks/deploy.yml
index e2d2c26b3..a56064984 100644
--- a/roles/deploy_rancher/tasks/deploy.yml
+++ b/roles/deploy_rancher/tasks/deploy.yml
@@ -3,7 +3,7 @@
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
-  become_method: sudo
+  become_method: ansible.builtin.sudo
   become_flags: "-i"
   block:
     - name: Deploy helm charts
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index fc3a34dc4..151efbfe6 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -1,12 +1,13 @@
 ---
 # Admin setup
 - name: Admin setup
+  become_user: "{{ admin_user }}"
+  become: true
   block:
     - name: Remove old Kubeconfig file
       ansible.builtin.file:
         path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
         state: absent
-      become_user: "{{ admin_user }}"
 
     - name: Ensure .kube dir exist
       ansible.builtin.file:
@@ -14,7 +15,6 @@
         state: directory
         mode: 0700
         recurse: true
-      become_user: "{{ admin_user }}"
 
     - name: Copy kubeconfig in Admin home dir
       ansible.builtin.copy:
@@ -25,19 +25,17 @@
         force: true
         remote_src: true
         mode: '0600'
-      become: true
+      become: false
 
     - name: Change localhost with master ip in kubeconfig
       ansible.builtin.lineinfile:
         path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
         search_string: '127.0.0.1'
         line: "    server: https://{{ master }}:6443"
-      become_user: "{{ admin_user }}"
 
     - name: Update Admin .bashrc
       ansible.builtin.blockinfile:
         path: "$HOME/.bashrc"
         block: |
           export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
-        marker: "# {mark} ANSIBLE setup Kubeconfig"      
-      become_user: "{{ admin_user }}"
\ No newline at end of file
+        marker: "# {mark} ANSIBLE setup Kubeconfig"
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 9ed09209e..4e2234e0d 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -84,7 +84,7 @@
       become: true
       when:
         - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8 
+        - ansible_distribution_major_version | int >= 8
 
     - name: Import a key from a file
       ansible.builtin.rpm_key:
@@ -120,7 +120,7 @@
       ansible.builtin.systemd:
         name: rke2-server.service
         state: started
-        enabled: yes
+        enabled: true
       notify: "Service (re)started"
 
     - name: Wait for k8s apiserver
@@ -140,7 +140,7 @@
       ansible.builtin.blockinfile:
         path: ~/.bashrc
         block: |
-            export KUBECONFIG=/etc/rancher/rke2/rke2.yaml 
-            export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml 
+            export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
+            export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
             PATH=$PATH:/var/lib/rancher/rke2/bin
         marker: "# {mark} ANSIBLE install_rke2_controler"
\ No newline at end of file
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 06f8df81f..0cc77b140 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -7,6 +7,7 @@
     flat: true
     validate_checksum: true
   become_user: "{{ admin_user }}"
+  become: true
 
 # check kubecm is installed on your localhost
 - name: Check if kubecm is installed on localhost

From 888b4e797548410af9ff0d5e3b2e98774dee9f47 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Tue, 16 Jan 2024 16:04:43 +0000
Subject: [PATCH 056/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7ebbb4bea..b765a0258 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,12 +1,12 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-15)
+## 1.0.3 (2024-01-16)
 
 Versions:
   - rke2 version: 1.26.11
-  - cert-manager version: 1.13.3    
-  - rancher version: 2.8.0 
+  - cert-manager version: 1.13.3
+  - rancher version: 2.8.0
   - longhorn version: 1.5.3
   - neuvector version: 2.6.6
 <!-- End Release -->

From 442100bd427f82ecd1e6eed61a21ccfa959ca008 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 21:40:50 +0100
Subject: [PATCH 057/365] correct shell module + add dependabot + new workflow

---
 .github/dependabot.yml                        |  9 ++
 .github/workflows/ansible-builder.yml         | 43 ++++++++++
 Makefile                                      |  5 --
 roles/build_airgap_package/tasks/images.yml   | 82 +++++++++++--------
 .../install_rke2_controller/tasks/install.yml |  4 +-
 roles/install_rke2_worker/tasks/install.yml   |  4 +-
 roles/install_utils_registry/tasks/load.yml   | 16 ++--
 roles/uninstall_rkub/tasks/uninstall.yml      |  5 +-
 8 files changed, 119 insertions(+), 49 deletions(-)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/ansible-builder.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..ab5067d26
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+---
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
\ No newline at end of file
diff --git a/.github/workflows/ansible-builder.yml b/.github/workflows/ansible-builder.yml
new file mode 100644
index 000000000..3a8295deb
--- /dev/null
+++ b/.github/workflows/ansible-builder.yml
@@ -0,0 +1,43 @@
+---
+name: ansible-builder
+on:
+  workflow_dispatch:
+  
+  push:
+    paths:
+      - '.github/workflows/ansible-builder.yml'
+      - 'meta/execution-environment.yml'
+      - 'meta/ee-requirements.txt'
+  pull_request:
+    paths:
+      - '.github/workflows/ansible-builder.yml'
+      - 'meta/execution-environment.yml'
+      - 'meta/ee-requirements.txt'
+
+env:
+  NAMESPACE: community
+  COLLECTION_NAME: hashi_vault
+
+jobs:
+  builder:
+    name: ansible-builder requirements
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+          path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.11
+
+      - name: Install ansible-builder
+        run: pip install ansible-builder
+
+      # this is kind of a naive check, since we aren't comparing the output to anything to verify
+      # so the only we'll catch with this is an egregious error that causes builder to exit nonzero
+      - name: Verify Requirements
+        run: ansible-builder introspect --sanitize .
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 3820dfc15..c9bc89db1 100644
--- a/Makefile
+++ b/Makefile
@@ -38,11 +38,6 @@ install:
 uninstall:
 	ansible-playbook ./playbooks/tasks/uninstall.yml $(ANSIBLE_ARGS)
 
-
-##################
-## EE Container ##
-##################
-
 .PHONY: ee-container
 ## Create an execution-env container with all dependencies inside
 ee-container:
diff --git a/roles/build_airgap_package/tasks/images.yml b/roles/build_airgap_package/tasks/images.yml
index a6f53dae7..daa72a094 100644
--- a/roles/build_airgap_package/tasks/images.yml
+++ b/roles/build_airgap_package/tasks/images.yml
@@ -4,7 +4,7 @@
   ansible.builtin.get_url:
     url: "https://github.com/rancher/rancher/releases/download/v{{ RANCHER_VERSION }}/rancher-images.txt"
     dest: "{{ directory_package }}/images/rancher/orig_rancher-images.txt"
-    mode: "0750"
+    mode: "0640"
 
 - name: Rancher List - Fix 1 Library tags
   ansible.builtin.lineinfile:
@@ -30,66 +30,80 @@
 
 # this one could be probably improved
 - name: Rancher List - Get latest version
-  ansible.builtin.shell: |
-    set -o pipefail &&
-    for i in $(cat {{ directory_package }}/images/rancher/orig_rancher-images.txt|awk -F: '{print $1}'); do
-    grep -w $i {{ directory_package }}/images/rancher/orig_rancher-images.txt | sort -Vr| head -1 >> {{ directory_package }}/images/rancher/version_unsorted.txt;
-    done
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      for i in $(cat {{ directory_package }}/images/rancher/orig_rancher-images.txt|awk -F: '{print $1}'); do
+      grep -w $i {{ directory_package }}/images/rancher/orig_rancher-images.txt | sort -Vr| head -1 >> {{ directory_package }}/images/rancher/version_unsorted.txt;
+      done
+    executable: /bin/bash
   changed_when: false
 
 - name: Rancher List - Final Sort
-  ansible.builtin.shell: |
-    set -o pipefail &&
-    cat {{ directory_package }}/images/rancher/version_unsorted.txt | sort -u > {{ directory_package }}/images/rancher/images.txt
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      cat {{ directory_package }}/images/rancher/version_unsorted.txt | sort -u > {{ directory_package }}/images/rancher/images.txt
+    executable: /bin/bash
   changed_when: false
 
 - name: Rancher List - Due to version 2.8.0
-  ansible.builtin.shell: |
-    set -o pipefail &&
-    echo "rancher/mirrored-cluster-api-controller:v1.4.4" >> {{ directory_package }}/images/rancher/images.txt
-    echo "rancher/kubectl:v1.20.2" >> {{ directory_package }}/images/rancher/images.txt
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      echo "rancher/mirrored-cluster-api-controller:v1.4.4" >> {{ directory_package }}/images/rancher/images.txt
+      echo "rancher/kubectl:v1.20.2" >> {{ directory_package }}/images/rancher/images.txt
+    executable: /bin/bash
   changed_when: false
 
 - name: Longhorn List - Download longhorn-images.txt
   ansible.builtin.get_url:
     url: "https://raw.githubusercontent.com/longhorn/longhorn/v{{ LONGHORN_VERSION }}/deploy/longhorn-images.txt"
     dest: "{{ directory_package }}/images/longhorn/images.txt"
-    mode: "0750"
+    mode: "0640"
 
 - name: Cert-manager List - helm template
-  ansible.builtin.shell: |
-    set -o pipefail &&
-    helm template {{ directory_package }}/helm/cert-manager-v{{ CERT_VERSION }}.tgz | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g > {{ directory_package }}/images/cert/images.txt
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      helm template {{ directory_package }}/helm/cert-manager-v{{ CERT_VERSION }}.tgz | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g > {{ directory_package }}/images/cert/images.txt
+    executable: /bin/bash
   changed_when: false
 
 - name: Neuvector List - helm template
-  ansible.builtin.shell: |
-    set -o pipefail &&
-    helm template {{ directory_package }}/helm/core-{{ NEU_VERSION }}.tgz | awk '$1 ~ /image:/ {print $2}' | sed -e 's/\"//g' > {{ directory_package }}/images/neuvector/images.txt
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      helm template {{ directory_package }}/helm/core-{{ NEU_VERSION }}.tgz | awk '$1 ~ /image:/ {print $2}' | sed -e 's/\"//g' > {{ directory_package }}/images/neuvector/images.txt
+    executable: /bin/bash
   changed_when: false
 
 ## Import images
 - name: Upload images from list ($2)
-  ansible.builtin.shell: >
-    set -o pipefail &&
-    for i in $(cat {{ item }}/images.txt); do
-    if ( ! ls {{ item }}/$(echo $i| awk -F/ '{print $2}'|sed 's/:/_/g').tar > /dev/null); then
-    skopeo copy docker://$i docker-archive:{{ item }}/$(echo $i| awk -F/ '{print $2}'|sed 's/:/_/g').tar:$(echo $i| awk -F/ '{print $2}');
-    fi;
-    done
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      for i in $(cat {{ item }}/images.txt); do
+      if ( ! ls {{ item }}/$(echo $i| awk -F/ '{print $2}'|sed 's/:/_/g').tar > /dev/null); then
+      skopeo copy docker://$i docker-archive:{{ item }}/$(echo $i| awk -F/ '{print $2}'|sed 's/:/_/g').tar:$(echo $i| awk -F/ '{print $2}');
+      fi;
+      done
+    executable: /bin/bash
   changed_when: false
   loop:
     - "{{ directory_package }}/images/rancher"
     - "{{ directory_package }}/images/longhorn"
 
 - name: Upload images from list ($3)
-  ansible.builtin.shell: >
-    set -o pipefail &&
-    for i in $(cat {{ item }}/images.txt); do
-    if ( ! ls {{ item }}/$(echo $i| awk -F/ '{print $3}'|sed 's/:/_/g').tar > /dev/null); then
-    skopeo copy docker://$i docker-archive:{{ item }}/$(echo $i| awk -F/ '{print $3}'|sed 's/:/_/g').tar:$(echo $i| awk -F/ '{print $3}');
-    fi;
-    done
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      for i in $(cat {{ item }}/images.txt); do
+      if ( ! ls {{ item }}/$(echo $i| awk -F/ '{print $3}'|sed 's/:/_/g').tar > /dev/null); then
+      skopeo copy docker://$i docker-archive:{{ item }}/$(echo $i| awk -F/ '{print $3}'|sed 's/:/_/g').tar:$(echo $i| awk -F/ '{print $3}');
+      fi;
+      done
+    executable: /bin/bash
   changed_when: false
   loop:
     - "{{ directory_package }}/images/cert"
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 4e2234e0d..2fb261b13 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -63,8 +63,10 @@
 
     - name: Install RKE2 server node
       ansible.builtin.shell:
-        cmd: "set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh"
+        cmd: |
+          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh
         chdir: "{{ mount_rke2_path }}"
+        executable: /bin/bash
       register: install_server_output
       failed_when: false
       changed_when: false
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index e8c0de849..643cc9eae 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -19,7 +19,9 @@
 
     - name: Install RKE2 worker nodes
       ansible.builtin.shell:
-        cmd: "set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh"
+        cmd: |
+          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh
+        executable: /bin/bash
         chdir: "{{ mount_rke2_path }}"
       register: install_worker_output
       failed_when: false
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index 886cccabc..adfc0c235 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -59,13 +59,15 @@
 
 # Result
 - name: List docker registry
-  ansible.builtin.shell: |
-    set -o pipefail &&
-    for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
-      for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
-        echo ${i}:${tag};
-      done;
-    done
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail &&
+      for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
+        for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
+          echo ${i}:${tag};
+        done;
+      done
+    executable: /bin/bash
   register: docker
   changed_when: false
 
diff --git a/roles/uninstall_rkub/tasks/uninstall.yml b/roles/uninstall_rkub/tasks/uninstall.yml
index a8ff75b61..7361bd230 100644
--- a/roles/uninstall_rkub/tasks/uninstall.yml
+++ b/roles/uninstall_rkub/tasks/uninstall.yml
@@ -15,7 +15,10 @@
       failed_when: false
 
     - name: Uninstall RKE2
-      ansible.builtin.shell: set -o pipefail && /usr/local/bin/rke2-uninstall.sh
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail && /usr/local/bin/rke2-uninstall.sh
+        executable: /bin/bash
       failed_when: false
       changed_when: false
 

From 91d237bf940d4c78e37d58421d74fba2ddbe3919 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Jan 2024 21:46:34 +0100
Subject: [PATCH 058/365] Bump actions/github-script from 3 to 7 (#6)

Bumps [actions/github-script](https://github.com/actions/github-script) from 3 to 7.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v3...v7)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8debb611c..82c5045e6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,7 +54,7 @@ jobs:
           tag_version: ${{ steps.get_version.outputs.TAG_VERSION }}
           tag_exists: ${{ steps.check_tag.outputs.TAG_EXISTS }}
         if: ${{ steps.get_version.outputs.TAG_VERSION == steps.check_tag.outputs.TAG_EXISTS }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           script: |
               core.setFailed('Release tag already exists in git (tag_exists var: ${tag_exists} and tag_version: ${tag_version})')

From 41b4a395796287886f991841be90b5ea887c7d0e Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 21:49:10 +0100
Subject: [PATCH 059/365] workflow ansible-builder

---
 .github/workflows/ansible-builder.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ansible-builder.yml b/.github/workflows/ansible-builder.yml
index 3a8295deb..889371dd6 100644
--- a/.github/workflows/ansible-builder.yml
+++ b/.github/workflows/ansible-builder.yml
@@ -15,8 +15,8 @@ on:
       - 'meta/ee-requirements.txt'
 
 env:
-  NAMESPACE: community
-  COLLECTION_NAME: hashi_vault
+  NAMESPACE: mozebaltyk
+  COLLECTION_NAME: rkub
 
 jobs:
   builder:

From 3fb5b66256163ed8724a92c98892f47be4f39744 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Jan 2024 21:52:05 +0100
Subject: [PATCH 060/365] workflow ansible-builder

---
 .github/workflows/ansible-builder.yml | 6 +++++-
 meta/execution-environment.yml        | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ansible-builder.yml b/.github/workflows/ansible-builder.yml
index 889371dd6..ab2ce3aa0 100644
--- a/.github/workflows/ansible-builder.yml
+++ b/.github/workflows/ansible-builder.yml
@@ -8,12 +8,16 @@ on:
       - '.github/workflows/ansible-builder.yml'
       - 'meta/execution-environment.yml'
       - 'meta/ee-requirements.txt'
+      - 'meta/ee-requirements.yml'
+      - 'meta/ee-bindeps.txt'
   pull_request:
     paths:
       - '.github/workflows/ansible-builder.yml'
       - 'meta/execution-environment.yml'
       - 'meta/ee-requirements.txt'
-
+      - 'meta/ee-requirements.yml'
+      - 'meta/ee-bindeps.txt'
+      
 env:
   NAMESPACE: mozebaltyk
   COLLECTION_NAME: rkub
diff --git a/meta/execution-environment.yml b/meta/execution-environment.yml
index 9ac0f0b1e..d7af46040 100644
--- a/meta/execution-environment.yml
+++ b/meta/execution-environment.yml
@@ -4,10 +4,10 @@ version: 3
 dependencies:
   python: meta/ee-requirements.txt
   galaxy: meta/ee-requirements.yml
-  system: meta/ee-bindep.txt
+  system: meta/ee-bindeps.txt
   # custom
-  arkade: meta/ee-arkade.txt
-  images: meta/ee-images.txt
+  #arkade: meta/ee-arkade.txt
+  #images: meta/ee-images.txt
 
 images:
   base_image:

From 9a51018ef3a944adab5f4a364d53b1303c9423d3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 17 Jan 2024 11:06:19 +0100
Subject: [PATCH 061/365] Repo Activity

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 9dfd050cd..cca5acf8b 100644
--- a/README.md
+++ b/README.md
@@ -173,8 +173,8 @@ Improvments:
 [rancher/RKE2](https://github.com/rancher/rke2)
 
 
-## Authors
-morze.baltyk@proton.me
+## Repo Activity
+![Alt](https://repobeats.axiom.co/api/embed/2664e49768529526895630ae70e2a366a70de78f.svg "Repobeats analytics image")
 
 
 ## Project status

From 0c013a1cae05bff95ba0898f5cdefe78b14ab883 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Wed, 17 Jan 2024 10:07:37 +0000
Subject: [PATCH 062/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b765a0258..3ae096ea2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-16)
+## 1.0.3 (2024-01-17)
 
 Versions:
   - rke2 version: 1.26.11

From f379af9077c8deff1f1f9904572092a184904d74 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 17 Jan 2024 12:59:46 +0100
Subject: [PATCH 063/365] update precommit

---
 .pre-commit-config.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 98e49c799..096ff3bac 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,21 +4,21 @@
 
 repos:
   - repo: https://github.com/adrienverge/yamllint.git
-    rev: v1.17.0
+    rev: v1.33.0
     hooks:
       - id: yamllint
         args: [-c=.yamllint]
 
   - repo: https://github.com/ansible-community/ansible-lint.git
     # Latest release from https://github.com/ansible-community/ansible-lint
-    rev: v6.8.0
+    rev: v6.22.1
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
     # Latest release from https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
       - id: end-of-file-fixer
       - id: check-yaml

From 014b0012c7fdbda3c0cd4d5892d4cac6c163498a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 17 Jan 2024 13:04:59 +0100
Subject: [PATCH 064/365] correct order in precommit

---
 .pre-commit-config.yaml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 096ff3bac..b4cf234e4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -3,6 +3,17 @@
 # See https://pre-commit.com/hooks.html for more hooks
 
 repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    # Latest release from https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: check-symlinks
+
   - repo: https://github.com/adrienverge/yamllint.git
     rev: v1.33.0
     hooks:
@@ -15,14 +26,3 @@ repos:
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$
-
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    # Latest release from https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
-    hooks:
-      - id: end-of-file-fixer
-      - id: check-yaml
-      - id: check-added-large-files
-      - id: check-merge-conflict
-      - id: detect-private-key
-      - id: check-symlinks

From 0d16a45641ab57321d4fc181aa6a954515fad100 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 18 Jan 2024 20:36:05 +0100
Subject: [PATCH 065/365] git config

---
 .gitignore              | 12 ++++++++++--
 .pre-commit-config.yaml |  9 ++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index 83e8a222e..a70ec6639 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,12 @@
+# tmp/state/secrets
 .*.swp
 .govmomi
 .terraform*
 terraform.tfstate*
-# Workstation 
+.venv/
+*kubeconfig.yaml
+Chart.lock
+# Workstation
 .DS_Store
 .vscode
 # loaded images
@@ -10,4 +14,8 @@ terraform.tfstate*
 images
 # Galaxy artifacts.
 *.tar.gz
-*.zip
\ No newline at end of file
+*.zip
+*.iso
+*.log
+*.png
+*.tgz
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index b4cf234e4..7b45e6682 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -7,12 +7,15 @@ repos:
     # Latest release from https://github.com/pre-commit/pre-commit-hooks
     rev: v4.5.0
     hooks:
-      - id: end-of-file-fixer
-      - id: check-yaml
       - id: check-added-large-files
+      - id: check-executables-have-shebangs
       - id: check-merge-conflict
+      - id: check-shebang-scripts-are-executable
       - id: detect-private-key
-      - id: check-symlinks
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: trailing-whitespace
+      - id: check-yaml
 
   - repo: https://github.com/adrienverge/yamllint.git
     rev: v1.33.0

From 6803698cfb747a9585d9efdd076b95ae39fceee9 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 18 Jan 2024 20:41:20 +0100
Subject: [PATCH 066/365] better task for kubeconfig

---
 roles/install_rke2_controller/defaults/main.yml |  6 +++++-
 roles/install_rke2_controller/tasks/admin.yml   | 12 ++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 12b098e99..beae1d20b 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -3,6 +3,7 @@
 rke2_version: "{{ global_rke2_version }}"
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
+control_plane_endpoint: "{{ master }}"
 
 # Mount share
 mount_path: "{{ global_directory_mount }}"
@@ -11,6 +12,9 @@ mount_utils_path: "{{ mount_path }}/utils"
 mount_rke2_common_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_common_rpm_version }}.el{{ ansible_distribution_major_version }}.x86_64.rpm"
 mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
 
+# RKE2 config
+rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
+
 # Firewall rules
 controller_firewalld_rules:
   inbound:
@@ -22,4 +26,4 @@ controller_firewalld_rules:
         - {port: 2379, protocol: tcp}
         - {port: 9345, protocol: tcp}
         - {port: 10250, protocol: tcp}
-        - {port: 8472, protocol: udp}
\ No newline at end of file
+        - {port: 8472, protocol: udp}
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 151efbfe6..67f92683f 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -16,15 +16,23 @@
         mode: 0700
         recurse: true
 
+    - name: Get Kubernetes config file
+      run_once: true
+      ansible.builtin.slurp:
+        src: "{{ rke2_kubeconfig_file }}"
+      register: kubeconfig_base64
+      become: false
+
     - name: Copy kubeconfig in Admin home dir
       ansible.builtin.copy:
-        src: "/etc/rancher/rke2/rke2.yaml"
+        content: "{{ kubeconfig_base64.content | b64decode | replace('127.0.0.1', control_plane_endpoint) }}"
         dest: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         force: true
         remote_src: true
         mode: '0600'
+      run_once: true
       become: false
 
     - name: Change localhost with master ip in kubeconfig
@@ -38,4 +46,4 @@
         path: "$HOME/.bashrc"
         block: |
           export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
-        marker: "# {mark} ANSIBLE setup Kubeconfig"
\ No newline at end of file
+        marker: "# {mark} ANSIBLE setup Kubeconfig"

From 9419f9fb811a6f607ed376c7ff94441720bdb872 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 18 Jan 2024 21:03:58 +0100
Subject: [PATCH 067/365] retry on services

---
 roles/install_rke2_controller/tasks/install.yml | 7 +++++--
 roles/install_rke2_worker/tasks/install.yml     | 5 ++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 2fb261b13..94a2bc0b7 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -124,6 +124,9 @@
         state: started
         enabled: true
       notify: "Service (re)started"
+      register: rke2_service
+      until: rke2_service is succeeded
+      retries: 5
 
     - name: Wait for k8s apiserver
       ansible.builtin.wait_for:
@@ -142,7 +145,7 @@
       ansible.builtin.blockinfile:
         path: ~/.bashrc
         block: |
-            export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
+            export KUBECONFIG={{ rke2_kubeconfig_file }}
             export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
             PATH=$PATH:/var/lib/rancher/rke2/bin
-        marker: "# {mark} ANSIBLE install_rke2_controler"
\ No newline at end of file
+        marker: "# {mark} ANSIBLE install_rke2_controler"
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index 643cc9eae..c253b8ad1 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -67,4 +67,7 @@
         name: rke2-agent.service
         state: started
         enabled: true
-      notify: "Service (re)started"
\ No newline at end of file
+      notify: "Service (re)started"
+      register: rke2_service
+      until: rke2_service is succeeded
+      retries: 5

From 001bae940092650d393fac373dd6800c9e9de7dd Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Thu, 18 Jan 2024 20:06:10 +0000
Subject: [PATCH 068/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ae096ea2..1347e1e68 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-17)
+## 1.0.3 (2024-01-18)
 
 Versions:
   - rke2 version: 1.26.11

From 52b71be769dd29b2c2e1575d9fc94b9d743227cd Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 19 Jan 2024 10:36:05 +0100
Subject: [PATCH 069/365] complete readme

---
 CHANGELOG.md |  35 +++++++------
 README.md    | 135 +++++++++++++++++++++++++++++++++------------------
 2 files changed, 108 insertions(+), 62 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3ae096ea2..c4479144e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 <!-- Release -->
 ## 1.0.3 (2024-01-17)
 
-Versions:
+### Versions:
   - rke2 version: 1.26.11
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0
@@ -12,33 +12,36 @@ Versions:
 <!-- End Release -->
 
 <!-- Features -->
-Features ✨
-  - Install RKE2 one controler and several workers (currently no HA):
-    - Add nerdctl.
-    - Setup an admin on master node (kuberoot).
-    - Deploy local registry and images loaded inside.
-    - Setup firewalld rules if needed.
-    - Make "master_ip" and "domain" parametrable.
-  - Deploy longhorn with custom datapath.
-  - Deploy Rancher with custom password.
-  - Deploy Neuvector.
-  - Script to containerize in an Execution-Env.
-  - Script to uninstall everything
+### Features ✨
+  - [x] Install RKE2 one controler and several workers (currently no HA):
+    - [x] Add nerdctl.
+    - [x] Setup an admin on master node (kuberoot).
+    - [x] Deploy local registry and images loaded inside.
+    - [x] Setup firewalld rules if needed.
+    - [x] Make "master_ip" and "domain" parametrable.
+  - [x] Deploy longhorn with custom datapath.
+  - [x] Deploy Rancher with custom password.
+  - [x] Deploy Neuvector.
+  - [x] Script to containerize in an Execution-Env.
+  - [x] Script to uninstall everything
+  - [ ] More install customization and options 🚧
+  - [ ] Improve collection to run as true collection 🚧
+  - [ ] CI 🚧
 <!-- End Features -->
 
 <!-- Fix -->
-Fix 🩹    
+### Fix 🩹
   - Firewalld conditions to apply only when running.
   - Correct names and tasks order.
 <!-- End Fix -->
 
 <!-- Bugfix -->
-Bugfix 🐞
+### Bugfix 🐞
   - Correct scripts for prerequisites.
 <!-- End Bugfix -->
 
 <!-- Security -->
-Security 🔒️
+### Security 🔒️
   - Branch protect
   - Github Workflows to release and lint.
 <!-- End Security -->
diff --git a/README.md b/README.md
index cca5acf8b..3b4e97abc 100644
--- a/README.md
+++ b/README.md
@@ -17,35 +17,34 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
-This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh). 
-I tried it and like the idea but I was frustrated with Shell scripting limitations. So I decided to rewrite it in Ansible.  
+This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
+I tried it and like the idea but I was frustrated with Shell scripting limitations. So I decided to rewrite it in Ansible.
 
-With Ansible:   
+With Ansible:
 
-* Idempotency: can be relaunch multiple time.      
+* Idempotency: can be relaunch multiple time.
 
-* User agnostic: can be launch by any user (with sudo rights).  
-
-* OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)   
+* User agnostic: can be launch by any user (with sudo rights).
 
+* OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)
 
 Add-on from my part, some part which were manual in Clemenko procedure are automated with Ansible like:
 
-* the upload or NFS mount  
+* the upload or NFS mount
 
-* Some flexibility about path (possible to export or mount NFS in choosen place)  
+* Some flexibility about path (possible to export or mount NFS in choosen place)
 
-* Arkade to install utilities binaries  
+* Arkade to install utilities binaries
 
-* Admin user (by default kuberoot) on first controler node with all necessary tools  
+* Admin user (by default kuberoot) on first controler node with all necessary tools
 
-* Nerdctl (as complement of containerd)   
+* Nerdctl (as complement of containerd to handle oci-archive)
 
-* Firewalld settings if firewalld running   
+* Firewalld settings if firewalld running
 
-* Uninstall playbook to cleanup (and maybe reinstall if needed)   
+* Uninstall playbook to cleanup (and maybe reinstall if needed)
 
-* Collection Released, so possibilty to get back to older versions   
+* Collection Released, so possibilty to get back to older versions
 
 
 ## Prerequisites
@@ -54,41 +53,41 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 
 * An Ansible Controler, can be the same host for ansible and for building package, at your convenience...
 
-* A minimum of 2 hosts RHEL-like for the cluster RKE2 with 80G at least on target directory.
+* A minimum of 2 hosts RHEL-like (2 vCPU and 8G of RAM) for the cluster RKE2 with 80G at least on target directory.
 
 
 ## Getting started
 
-1. Preparation steps:     
+1. Preparation steps:
+
+    * Clone this project on local machine which have an internet access.
 
-    * Clone this project on local machine which have an internet access.    
+    * Execute `make prerequis` to install all prerequisites defined in meta directory.
 
-    * Execute `make prerequis` to install all prerequisites defined in meta directory. 
-     
-    * Complete directory inside `./plugins/inventory/hosts.yml`.   
+    * Complete directory inside `./plugins/inventory/hosts.yml`.
 
-2. Build your package by running (works on Debian-like and Redhat-like):  
-```sh 
+2. Build your package by running (works on Debian-like and Redhat-like):
+```sh
 ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory
 -e dir_build="$HOME/rkub"                          # Directory where to upload everything (count 30G)
 -e package_name="rke2_rancher_longhorn.zst"        # Name of the package, by default rke2_rancher_longhorn.zst
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-3. Push your package to first controler:  
+3. Push your package to first controler:
 ```sh
 ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not mandatory
 -e package_path=/home/me/rke2_rancher_longhorn.zst # Will be prompt if not given in the command
--e dir_target=/opt                                 # Directory where to sync and unarchive (by default /opt, count 50G available) 
--u admin -Kk                                       # Other Ansible Arguments (like -vvv)  
+-e dir_target=/opt                                 # Directory where to sync and unarchive (by default /opt, count 50G available)
+-u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-4. Start installation: 
+4. Start installation:
 ```sh
 ansible-playbook playbooks/tasks/install.yml       # All arguments below are not mandatory
--e dir_target=/opt                                 # Dir on first master where to find package unarchive by previous task (by default /opt, count 50G available) 
+-e dir_target=/opt                                 # Dir on first master where to find package unarchive by previous task (by default /opt, count 50G available)
 -e dir_mount=/mnt/rkub                             # NFS mount point (on first master, it will be a symlink to "dir_target")
--e domain="example.com"                            # By default take the host domain from master server 
+-e domain="example.com"                            # By default take the host domain from master server
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
@@ -96,7 +95,7 @@ ansible-playbook playbooks/tasks/install.yml       # All arguments below are not
 ```sh
 ansible-playbook playbooks/tasks/rancher.yml       # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
--e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server 
+-e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -e password="BootStrapAllTheThings"                # Default password is "BootStrapAllTheThings"
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
@@ -106,8 +105,8 @@ ansible-playbook playbooks/tasks/rancher.yml       # All arguments below are not
 ansible-playbook playbooks/tasks/longhorn.yml      # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
--e datapath="/opt/longhorn"                        # Longhorn Path for PVC, by default equal "{{ dir_target }}/longhorn". 
-                                                   # The best is to have a dedicated LVM filesystem for this one. 
+-e datapath="/opt/longhorn"                        # Longhorn Path for PVC, by default equal "{{ dir_target }}/longhorn".
+                                                   # The best is to have a dedicated LVM filesystem for this one.
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
@@ -119,14 +118,14 @@ ansible-playbook playbooks/tasks/neuvector.yml     # All arguments below are not
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-8. Bonus: 
+8. Bonus:
 
-With make command, all playbooks above are in the makefile. `make` alone display options and small descriptions. 
+With make command, all playbooks above are in the makefile. `make` alone display options and small descriptions.
 
 ```bash
 # Example with make
 make install                                       # All arguments below are not mandatory
-ANSIBLE_USER=admin                                 # equal to '-u admin' 
+ANSIBLE_USER=admin                                 # equal to '-u admin'
 "OPT=-e domain=example.com -Kk"                    # redefine vars or add options to ansible-playbook command
 ```
 
@@ -134,45 +133,89 @@ ANSIBLE_USER=admin                                 # equal to '-u admin'
 
 1. This is a custom script which imitate Execution-Environement:
 
-    * `make ee-container` will load an UBI-8 image and execute inside `make prerequis` 
-    
+    * `make ee-container` will load an UBI-8 image and execute inside `make prerequis`
+
     * `make ee-exec` Run image with collection and package zst mounted inside. Launch playbook or make command as described above.
 
+All prerequisites are set in folder `meta` and `meta/execution-environment.yml`. So it's possible to use ansible-builder (though not tested yet).
+
+## Some details
+
+**Build** have for purpose to create a tar zst with following content:
+
+```bash
+rkub
+├── helm          # all helm charts
+├── images        # all images
+│   ├── cert
+│   ├── longhorn
+│   ├── neuvector
+│   ├── rancher
+│   └── registry
+├── rke2_1.26.11  # RKE2 binaries
+└── utils         # utilities packages downloaded with arkade
+```
+
+**upload** push the big monster packages (around 7G) and unarchive on first node on chosen targeted path.
+
+**install** RKE2 (currently only one master) with:
+  - An admin user (by default `kuberoot`) on first master with some administation tools like `k9s` `kubectl` or `helm`.
+  - Master export NFS with all the unarchive content + registry content
+  - Workers mount the NFS to get above content
+  - A minimal registry is deploy on each nodes pointing to the NFS mount and responding to `localhost:5000`
+  - Nerdctl as complement to containerd and allow oci-archive
+  - Firewalld settings if firewalld running
+
+**deploy** keeping this order, *Rancher*, *Longhorn*, *Neuvector*
+  - Those are simple playbooks which deploy with helm charts
+  - It use the default ingress from RKE2 *Nginx-ingress* in https (currently Self-sign certificate)
+  - *Rancher* need *Certmanager*, So it deploy first Certmanager
 
 ## Roadmap
 
-Milestones:  
+Milestones:
 
 * More install customization and options
 
 * HA masters with kubevip
 
-* To add bootstrap with ArgoCD
-
 * Add a option to chooce by url mode or airgap mode
 
 Improvments:
 
 * Improve collection to run as true collection
 
+* CI
+
+# Acknowledgements
 
-# Special thanks to 📢
+## Special thanks to 📢
 
 * Clemenko, for the idea [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
 
 * Alex Ellis, for its [Arkade project](https://github.com/alexellis/arkade). I cannot live without anymore.
 
-## Github sources 
+## References:
 
-[Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh)   
+- [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh)
 
-[rancherfederal/RKE2-ansible](https://github.com/rancherfederal/rke2-ansible)
+- [rancherfederal/RKE2-ansible](https://github.com/rancherfederal/rke2-ansible)
 
-[lablabs/ansible-role-rke2](https://github.com/lablabs/ansible-role-rke2)     
+- [lablabs/ansible-role-rke2](https://github.com/lablabs/ansible-role-rke2)
 
-[rancher/RKE2](https://github.com/rancher/rke2)
+- [rancher/RKE2](https://github.com/rancher/rke2)
 
 
+Get the latest stable version:
+
+```bash
+## RKE2
+curl -s https://raw.githubusercontent.com/rancher/rke2/master/channels.yaml | yq -N '.channels[] | select(.name == "stable") | .latest'
+
+## K3S
+curl -s https://raw.githubusercontent.com/k3s-io/k3s/master/channel.yaml | yq -N '.channels[] | select(.name == "stable") | .latest'
+```
+
 ## Repo Activity
 ![Alt](https://repobeats.axiom.co/api/embed/2664e49768529526895630ae70e2a366a70de78f.svg "Repobeats analytics image")
 

From 6366561bb6a6e4682338005ed66b5b681fed970f Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Fri, 19 Jan 2024 09:38:13 +0000
Subject: [PATCH 070/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 68cfe718e..a2a67b062 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,9 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-18)
+## 1.0.3 (2024-01-19)
 
-### Versions:
+Versions:
   - rke2 version: 1.26.11
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0

From 26d1f93c19754213c2656f3e8453b080dc3ca0fa Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 22 Jan 2024 14:49:25 +0100
Subject: [PATCH 071/365] init renovate

---
 .github/renovate.json | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/renovate.json

diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 000000000..11a230e97
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,21 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+      "config:base"
+    ],
+    "prHeader": "Renovate PR"
+    "labels": ["dependencies"],
+    "packageRules": [
+      {
+        "matchPackagePatterns": [
+          "*"
+        ],
+        "matchUpdateTypes": [
+          "minor",
+          "patch"
+        ],
+        "groupName": "all non-major dependencies",
+        "groupSlug": "all-minor-patch"
+      }
+    ]
+  }

From 63377e56a64bf505d90b89adcc699ce874803fd6 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 22 Jan 2024 14:53:10 +0100
Subject: [PATCH 072/365] init renovate

---
 .github/actions/update-readme/action.yml | 4 ++--
 CHANGELOG.md                             | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index e06843af0..14f600157 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -36,7 +36,7 @@ runs:
         cat << EOF > version.txt
         ## ${rkub_collection} (${date})
 
-        Versions:
+        ### Versions:
           - rke2 version: ${rke2_version}
           - cert-manager version: ${cert_version}
           - rancher version: ${rancher_version}
@@ -53,4 +53,4 @@ runs:
         git config user.email github-actions@github.com
         git add README.md CHANGELOG.md
         [[ -z $(git status -uno --porcelain) ]] && echo "No need to commit..." || git commit -m "⚡ Update README & CHANGELOG"
-        git push origin HEAD:${{ github.head_ref || github.ref_name }}
\ No newline at end of file
+        git push origin HEAD:${{ github.head_ref || github.ref_name }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a2a67b062..5e4110104 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 <!-- Release -->
 ## 1.0.3 (2024-01-19)
 
-Versions:
+### Versions:
   - rke2 version: 1.26.11
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0

From c32b009800ae3f04d8f6cca5f5a743aa7d048cf0 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Mon, 22 Jan 2024 13:56:11 +0000
Subject: [PATCH 073/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5e4110104..2846948ad 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-19)
+## 1.0.3 (2024-01-22)
 
 ### Versions:
   - rke2 version: 1.26.11

From 8f5a39dcd7ae4ce13727af66a53515379f74a0b9 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 22 Jan 2024 14:57:47 +0100
Subject: [PATCH 074/365] init renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 11a230e97..35f3f50f8 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -3,7 +3,7 @@
     "extends": [
       "config:base"
     ],
-    "prHeader": "Renovate PR"
+    "prHeader": "Renovate PR",
     "labels": ["dependencies"],
     "packageRules": [
       {

From e687498835dd99748c2df953741f587cbcbeb0b2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 22 Jan 2024 15:17:26 +0100
Subject: [PATCH 075/365] init renovate

---
 .github/renovate.json | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 35f3f50f8..bb60ec1c1 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -7,15 +7,15 @@
     "labels": ["dependencies"],
     "packageRules": [
       {
-        "matchPackagePatterns": [
-          "*"
-        ],
-        "matchUpdateTypes": [
-          "minor",
-          "patch"
-        ],
-        "groupName": "all non-major dependencies",
-        "groupSlug": "all-minor-patch"
+        "matchPackagePatterns": ["docker"],
+        "labels": ["docker-images"],
+        "matchUpdateTypes": ["minor"]
+      },
+      {
+        "matchPackagePatterns": ["rke2"],
+        "labels": ["rke2"],
+        "matchUpdateTypes": ["minor"],
+        "matchSourceUrls": ["https://raw.githubusercontent.com/rancher/rke2/master/channels.yaml"]
       }
     ]
   }

From a45fe0d47f1ec328488f403c9fdf9e997994b86c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 19:57:00 +0100
Subject: [PATCH 076/365] Update renovate.json

---
 .github/renovate.json | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index bb60ec1c1..2edd7ead0 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -12,10 +12,16 @@
         "matchUpdateTypes": ["minor"]
       },
       {
-        "matchPackagePatterns": ["rke2"],
-        "labels": ["rke2"],
-        "matchUpdateTypes": ["minor"],
-        "matchSourceUrls": ["https://raw.githubusercontent.com/rancher/rke2/master/channels.yaml"]
-      }
+        "commitMessageTopic": "rke2 update version",
+        "baseBranches": ["master"],
+        "repository": "https://github.com/rancher/rke2/",
+        "packageFiles": ["channels.yaml"],
+        "versioning": "custom",
+        "rangeStrategy": "bump",
+        "bump": {
+          "fileMatch": ["channels.yaml"],
+          "contentMatch": "\\blatest:\\s*(\\S+)"
+        }
+      }    
     ]
   }

From a8991990d520f6ff67ba0d177c6789dc9489ef44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 20:12:20 +0100
Subject: [PATCH 077/365] Update renovate.json

---
 .github/renovate.json | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 2edd7ead0..aa46f70be 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,8 +1,6 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": [
-      "config:base"
-    ],
+    "extends": ["config:base"],
     "prHeader": "Renovate PR",
     "labels": ["dependencies"],
     "packageRules": [
@@ -10,18 +8,6 @@
         "matchPackagePatterns": ["docker"],
         "labels": ["docker-images"],
         "matchUpdateTypes": ["minor"]
-      },
-      {
-        "commitMessageTopic": "rke2 update version",
-        "baseBranches": ["master"],
-        "repository": "https://github.com/rancher/rke2/",
-        "packageFiles": ["channels.yaml"],
-        "versioning": "custom",
-        "rangeStrategy": "bump",
-        "bump": {
-          "fileMatch": ["channels.yaml"],
-          "contentMatch": "\\blatest:\\s*(\\S+)"
-        }
       }    
     ]
   }

From f73e6de92da638aa59e7478517ad2220a3eb4f69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 20:45:46 +0100
Subject: [PATCH 078/365] Update renovate.json

---
 .github/renovate.json | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index aa46f70be..511340307 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -9,5 +9,23 @@
         "labels": ["docker-images"],
         "matchUpdateTypes": ["minor"]
       }    
-    ]
-  }
+    ],
+    "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": ["playbooks/vars/main.yml$"],
+      "matchStrings": ["global_rke2_version=(?<currentValue>\\S+)\\n"],
+      "depNameTemplate": "rke2",
+      "versioningTemplate": "semver-coerced",
+      "datasourceTemplate": "custom.rke2"
+    }
+    ],
+    "customDatasources": {
+    "rke2": {
+      "defaultRegistryUrlTemplate": "https://update.rke2.io/v1-release/channels",
+      "transformTemplates": [
+        "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rke2\",\"changelogUrl\":$join([\"https://github.com/rancher/rke2/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rke2\",\"homepage\": \"https://docs.rke2.io\"}"
+      ]
+    }
+    }
+}

From b5ed056882f1f8f8f904d875ffef159aa02268af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 20:51:02 +0100
Subject: [PATCH 079/365] Update renovate.json

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 511340307..cca01e89b 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -14,7 +14,7 @@
     {
       "customType": "regex",
       "fileMatch": ["playbooks/vars/main.yml$"],
-      "matchStrings": ["global_rke2_version=(?<currentValue>\\S+)\\n"],
+      "matchStrings": ["global_rke2_version=(?<currentValue>.*?)\\n"],
       "depNameTemplate": "rke2",
       "versioningTemplate": "semver-coerced",
       "datasourceTemplate": "custom.rke2"

From d1cfd83378e5425c857678086018e06f0c5ee8a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 20:53:13 +0100
Subject: [PATCH 080/365] Update renovate.json

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index cca01e89b..394b68fa4 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -13,7 +13,7 @@
     "customManagers": [
     {
       "customType": "regex",
-      "fileMatch": ["playbooks/vars/main.yml$"],
+      "fileMatch": ["^main.yml$"],
       "matchStrings": ["global_rke2_version=(?<currentValue>.*?)\\n"],
       "depNameTemplate": "rke2",
       "versioningTemplate": "semver-coerced",

From 75ffa63c625ac946572d4d88a5d364e145267ffc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:01:32 +0100
Subject: [PATCH 081/365] Update renovate.json

---
 .github/renovate.json | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 394b68fa4..4d5103bd0 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,15 +1,4 @@
 {
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": ["config:base"],
-    "prHeader": "Renovate PR",
-    "labels": ["dependencies"],
-    "packageRules": [
-      {
-        "matchPackagePatterns": ["docker"],
-        "labels": ["docker-images"],
-        "matchUpdateTypes": ["minor"]
-      }    
-    ],
     "customManagers": [
     {
       "customType": "regex",

From 8377210e7f6d27bead3b6ea57aa7655aadc59bf2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:03:51 +0100
Subject: [PATCH 082/365] Update registry.access.redhat.com/ubi8 Docker tag to
 v8.9 (#11)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 scripts/docker/Containerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/docker/Containerfile b/scripts/docker/Containerfile
index d804322fd..eb5db1e64 100644
--- a/scripts/docker/Containerfile
+++ b/scripts/docker/Containerfile
@@ -1,5 +1,5 @@
 # Use a base image v4.11.3 with the desired prerequisites installed
-FROM registry.access.redhat.com/ubi8:8.8
+FROM registry.access.redhat.com/ubi8:8.9
 
 # Switch to root user
 USER root

From 882297e1ef88c1067234555857d1fd71b42313d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:14:04 +0100
Subject: [PATCH 083/365] Update renovate.json

---
 .github/renovate.json | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 4d5103bd0..45e0f25fc 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,20 +1,26 @@
 {
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["config:base"],
+    "prHeader": "Renovate PR",
+    "labels": ["dependencies"],
+
     "customManagers": [
-    {
-      "customType": "regex",
-      "fileMatch": ["^main.yml$"],
-      "matchStrings": ["global_rke2_version=(?<currentValue>.*?)\\n"],
-      "depNameTemplate": "rke2",
-      "versioningTemplate": "semver-coerced",
-      "datasourceTemplate": "custom.rke2"
-    }
+      {
+        "customType": "regex",
+        "fileMatch": [".*y[a]?ml$"],
+        "matchStrings": ["global_rke2_version=(?<currentValue>.*?)\\n"],
+        "depNameTemplate": "rke2",
+        "versioningTemplate": "semver-coerced",
+        "datasourceTemplate": "custom.rke2"
+      }
     ],
+    
     "customDatasources": {
-    "rke2": {
-      "defaultRegistryUrlTemplate": "https://update.rke2.io/v1-release/channels",
-      "transformTemplates": [
-        "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rke2\",\"changelogUrl\":$join([\"https://github.com/rancher/rke2/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rke2\",\"homepage\": \"https://docs.rke2.io\"}"
-      ]
-    }
+      "rke2": {
+        "defaultRegistryUrlTemplate": "https://update.rke2.io/v1-release/channels",
+        "transformTemplates": [
+          "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rke2\",\"changelogUrl\":$join([\"https://github.com/rancher/rke2/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rke2\",\"homepage\": \"https://docs.rke2.io\"}"
+        ]
+      }
     }
 }

From a7a0d8ae8679b6d767fbe4ff1d51d7261445ad43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:16:21 +0100
Subject: [PATCH 084/365] Update renovate.json

---
 .github/renovate.json | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 45e0f25fc..b3c6c1969 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,7 +1,4 @@
 {
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": ["config:base"],
-    "prHeader": "Renovate PR",
     "labels": ["dependencies"],
 
     "customManagers": [

From da5dc5555a81d8e2e3479024d736300c00c5d6ac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:19:08 +0100
Subject: [PATCH 085/365] Update renovate.json

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index b3c6c1969..5f29441ac 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -5,7 +5,7 @@
       {
         "customType": "regex",
         "fileMatch": [".*y[a]?ml$"],
-        "matchStrings": ["global_rke2_version=(?<currentValue>.*?)\\n"],
+        "matchStrings": ["global_rke2_version:?(?<currentValue>.*?)\\n"],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
         "datasourceTemplate": "custom.rke2"

From d7358678496fc4e68324da39655cf7b7bf0a38b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:38:19 +0100
Subject: [PATCH 086/365] Update renovate.json

---
 .github/renovate.json | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 5f29441ac..85e3f865e 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,17 +1,22 @@
 {
     "labels": ["dependencies"],
-
+    "packageRules": [
+      {
+        "matchPackagePatterns": ["rke2"],
+        "labels": ["rke2"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      }
+    ],
     "customManagers": [
       {
         "customType": "regex",
         "fileMatch": [".*y[a]?ml$"],
-        "matchStrings": ["global_rke2_version:?(?<currentValue>.*?)\\n"],
+        "matchStrings": ["global_rke2_version: (?<currentValue>.*)\\n"],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
         "datasourceTemplate": "custom.rke2"
       }
     ],
-    
     "customDatasources": {
       "rke2": {
         "defaultRegistryUrlTemplate": "https://update.rke2.io/v1-release/channels",

From 189f6adf13bac366cd150f0232be242c101e0c3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:48:57 +0100
Subject: [PATCH 087/365] Update renovate.json

---
 .github/renovate.json | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 85e3f865e..5f40395fe 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,12 +1,6 @@
 {
     "labels": ["dependencies"],
-    "packageRules": [
-      {
-        "matchPackagePatterns": ["rke2"],
-        "labels": ["rke2"],
-        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
-      }
-    ],
+    
     "customManagers": [
       {
         "customType": "regex",

From 34858fa03bf98d7293fa9ee126cd1a57e1396e8d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 21:52:08 +0100
Subject: [PATCH 088/365] Update renovate.json

---
 .github/renovate.json | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 5f40395fe..85e3f865e 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,6 +1,12 @@
 {
     "labels": ["dependencies"],
-    
+    "packageRules": [
+      {
+        "matchPackagePatterns": ["rke2"],
+        "labels": ["rke2"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      }
+    ],
     "customManagers": [
       {
         "customType": "regex",

From 2401885103a726071394eb8e1a88b0036d296086 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:06:21 +0100
Subject: [PATCH 089/365] Update renovate.json

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 85e3f865e..40b729776 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -10,7 +10,7 @@
     "customManagers": [
       {
         "customType": "regex",
-        "fileMatch": [".*y[a]?ml$"],
+        "fileMatch": ["playbooks/vars/.*y[a]?ml$"],
         "matchStrings": ["global_rke2_version: (?<currentValue>.*)\\n"],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",

From f770af4529eee015b0614c8ae2656100b6da7806 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:13:11 +0100
Subject: [PATCH 090/365] Update renovate.json

---
 .github/renovate.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index 40b729776..f7850dc32 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -15,6 +15,14 @@
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
         "datasourceTemplate": "custom.rke2"
+      },
+      {
+        "customType": "regex",
+        "fileMatch": ["CHANGELOG.md"],
+        "matchStrings": ["  - rke2 version: (?<currentValue>.*)\\n"],
+        "depNameTemplate": "rke2",
+        "versioningTemplate": "semver-coerced",
+        "datasourceTemplate": "custom.rke2"
       }
     ],
     "customDatasources": {
@@ -26,3 +34,4 @@
       }
     }
 }
+

From a86feca82a236edfb4f198cb4318815ef126c264 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:16:26 +0100
Subject: [PATCH 091/365] Update renovate.json

---
 .github/renovate.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index f7850dc32..415ec0658 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -23,6 +23,14 @@
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
         "datasourceTemplate": "custom.rke2"
+      },
+      {
+        "customType": "regex",
+        "fileMatch": ["README.md"],
+        "matchStrings": ["  - [RKE2 (?<currentValue>.*)](https://docs.rke2.io) - Security focused Kubernetes\\n"],
+        "depNameTemplate": "rke2",
+        "versioningTemplate": "semver-coerced",
+        "datasourceTemplate": "custom.rke2"
       }
     ],
     "customDatasources": {
@@ -35,3 +43,4 @@
     }
 }
 
+

From 88d671481c94712d555dbac8b6433f8bad43b798 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:26:11 +0100
Subject: [PATCH 092/365] Update renovate.json

---
 .github/renovate.json | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 415ec0658..14185a422 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -10,24 +10,16 @@
     "customManagers": [
       {
         "customType": "regex",
-        "fileMatch": ["playbooks/vars/.*y[a]?ml$"],
-        "matchStrings": ["global_rke2_version: (?<currentValue>.*)\\n"],
-        "depNameTemplate": "rke2",
-        "versioningTemplate": "semver-coerced",
-        "datasourceTemplate": "custom.rke2"
-      },
-      {
-        "customType": "regex",
-        "fileMatch": ["CHANGELOG.md"],
-        "matchStrings": ["  - rke2 version: (?<currentValue>.*)\\n"],
-        "depNameTemplate": "rke2",
-        "versioningTemplate": "semver-coerced",
-        "datasourceTemplate": "custom.rke2"
-      },
-      {
-        "customType": "regex",
-        "fileMatch": ["README.md"],
-        "matchStrings": ["  - [RKE2 (?<currentValue>.*)](https://docs.rke2.io) - Security focused Kubernetes\\n"],
+        "fileMatch": [
+          "playbooks/vars/.*y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_rke2_version: (?<currentValue>.*)\\n",
+          "  - rke2 version: (?<currentValue>.*)\\n",
+          "  - [RKE2 (?<currentValue>.*)](https://docs.rke2.io) - Security focused Kubernetes\\n"
+        ],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
         "datasourceTemplate": "custom.rke2"
@@ -42,5 +34,3 @@
       }
     }
 }
-
-

From 9313216749bba7cd4f2ede86775aa6f06546686e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:31:36 +0100
Subject: [PATCH 093/365] Update renovate.json

---
 .github/renovate.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 14185a422..816354a73 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -3,7 +3,7 @@
     "packageRules": [
       {
         "matchPackagePatterns": ["rke2"],
-        "labels": ["rke2"],
+        "labels": ["dependencies", "rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       }
     ],
@@ -18,7 +18,7 @@
         "matchStrings": [
           "global_rke2_version: (?<currentValue>.*)\\n",
           "  - rke2 version: (?<currentValue>.*)\\n",
-          "  - [RKE2 (?<currentValue>.*)](https://docs.rke2.io) - Security focused Kubernetes\\n"
+          "  - [RKE2 (?<currentValue>.*)]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
         ],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",

From 32adb652d8f6889dc6b113ba9056405d04e9b1fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:34:22 +0100
Subject: [PATCH 094/365] Update renovate.json

---
 .github/renovate.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 816354a73..c32485247 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -11,14 +11,14 @@
       {
         "customType": "regex",
         "fileMatch": [
-          "playbooks/vars/.*y[a]?ml$",
-          "CHANGELOG.md",
-          "README.md"
+          "./playbooks/vars/.*y[a]?ml$",
+          "./CHANGELOG.md",
+          "./README.md"
         ],
         "matchStrings": [
           "global_rke2_version: (?<currentValue>.*)\\n",
           "  - rke2 version: (?<currentValue>.*)\\n",
-          "  - [RKE2 (?<currentValue>.*)]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
+          "  - [RKE2 (?<currentValue>)]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
         ],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",

From 4d142334d11ad05f0a48a29b5903d5621a62b0a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:35:44 +0100
Subject: [PATCH 095/365] Update renovate.json

---
 .github/renovate.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index c32485247..7058ebf55 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -11,9 +11,9 @@
       {
         "customType": "regex",
         "fileMatch": [
-          "./playbooks/vars/.*y[a]?ml$",
-          "./CHANGELOG.md",
-          "./README.md"
+          "playbooks/vars/.*y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
         ],
         "matchStrings": [
           "global_rke2_version: (?<currentValue>.*)\\n",

From 48d8838d397626017fd918a9d720d8ceb6b43f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:41:32 +0100
Subject: [PATCH 096/365] Update renovate.json

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 7058ebf55..b1121a996 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -18,7 +18,7 @@
         "matchStrings": [
           "global_rke2_version: (?<currentValue>.*)\\n",
           "  - rke2 version: (?<currentValue>.*)\\n",
-          "  - [RKE2 (?<currentValue>)]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
+          "  - \\[RKE2 (?<currentValue>)\\]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
         ],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",

From d51c26703b172e13aa2fd8e667a61f80225c767b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mo=C5=BCe=20Ba=C5=82tyk?=
 <35733045+MozeBaltyk@users.noreply.github.com>
Date: Mon, 22 Jan 2024 22:42:51 +0100
Subject: [PATCH 097/365] Update renovate.json

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index b1121a996..2037cee2b 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -18,7 +18,7 @@
         "matchStrings": [
           "global_rke2_version: (?<currentValue>.*)\\n",
           "  - rke2 version: (?<currentValue>.*)\\n",
-          "  - \\[RKE2 (?<currentValue>)\\]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
+          "  - \\[RKE2 (?<currentValue>[^\\]]+)\\]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
         ],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",

From 03b9702fa62d0373bc6f8153844ee1e0d090f22f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 09:27:44 +0100
Subject: [PATCH 098/365] update renovate

---
 .github/renovate.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index 2037cee2b..1d5cfd252 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,4 +1,5 @@
 {
+    "extends": ["config:base"],
     "labels": ["dependencies"],
     "packageRules": [
       {

From a918c1350d9cc4cdbf98629c4bb34f4498904525 Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Wed, 24 Jan 2024 08:29:36 +0000
Subject: [PATCH 099/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2846948ad..5f4eabd0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-22)
+## 1.0.3 (2024-01-24)
 
 ### Versions:
   - rke2 version: 1.26.11

From dfb4fe0e88a1f3e8b25ed1c114933f684a2cdf8f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 09:34:57 +0100
Subject: [PATCH 100/365] update renovate

---
 .github/renovate.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index 1d5cfd252..aca4be0be 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -6,6 +6,12 @@
         "matchPackagePatterns": ["rke2"],
         "labels": ["dependencies", "rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchDatasources": ["github"],
+        "matchManagers": ["helm"],
+        "matchPackageNames": ["helm/helm"],
+        "versioning": "semver"
       }
     ],
     "customManagers": [

From 76ffa3ac4344a31fe38bd83f0ae868ac16aa0752 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 09:48:20 +0100
Subject: [PATCH 101/365] update renovate

---
 .github/renovate.json | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index aca4be0be..7be841dad 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -8,10 +8,16 @@
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
-        "matchDatasources": ["github"],
-        "matchManagers": ["helm"],
+        "matchDatasources": ["github-releases"],
+        "matchManagers": ["regex"],
         "matchPackageNames": ["helm/helm"],
-        "versioning": "semver"
+        "versioning": "semver",
+        "regexManagers": [
+          {
+            "fileMatch": ["playbooks/vars/.*y[a]?ml$"],
+            "matchStrings": ["global_rke2_version: \"(?<currentValue>.*?)\"\\n"]
+          }
+        ]
       }
     ],
     "customManagers": [
@@ -23,7 +29,7 @@
           "README.md"
         ],
         "matchStrings": [
-          "global_rke2_version: (?<currentValue>.*)\\n",
+          "global_rke2_version: \"(?<currentValue>.*)\"\\n",
           "  - rke2 version: (?<currentValue>.*)\\n",
           "  - \\[RKE2 (?<currentValue>[^\\]]+)\\]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
         ],

From c5cb51a1294c269e2fd18a0aeaf4b3ba8c8a5090 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 10:11:37 +0100
Subject: [PATCH 102/365] update renovate

---
 .github/renovate.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 7be841dad..fe0928cba 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -15,7 +15,9 @@
         "regexManagers": [
           {
             "fileMatch": ["playbooks/vars/.*y[a]?ml$"],
-            "matchStrings": ["global_rke2_version: \"(?<currentValue>.*?)\"\\n"]
+            "matchStrings": ["global_rke2_version: \"(?<currentValue>.*?)\"\\n"],
+            "datasourceTemplate": "github-releases",
+            "depNameTemplate": "helm/helm"
           }
         ]
       }

From ccbd11dbaf009c02de7f7247281dbc5f4942391b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 10:23:20 +0100
Subject: [PATCH 103/365] update renovate

---
 .github/renovate.json | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index fe0928cba..afcc3e812 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -6,20 +6,6 @@
         "matchPackagePatterns": ["rke2"],
         "labels": ["dependencies", "rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
-      },
-      {
-        "matchDatasources": ["github-releases"],
-        "matchManagers": ["regex"],
-        "matchPackageNames": ["helm/helm"],
-        "versioning": "semver",
-        "regexManagers": [
-          {
-            "fileMatch": ["playbooks/vars/.*y[a]?ml$"],
-            "matchStrings": ["global_rke2_version: \"(?<currentValue>.*?)\"\\n"],
-            "datasourceTemplate": "github-releases",
-            "depNameTemplate": "helm/helm"
-          }
-        ]
       }
     ],
     "customManagers": [

From 08f0a0d7ab28247d9ead2ca2c4695ffb89eaee5a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 10:27:10 +0100
Subject: [PATCH 104/365] update renovate

---
 .github/renovate.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index afcc3e812..51f6af2fb 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,5 +1,4 @@
 {
-    "extends": ["config:base"],
     "labels": ["dependencies"],
     "packageRules": [
       {

From fbad1aa19d4d9aab9b03d5b69ad898837489cbc2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 10:41:44 +0100
Subject: [PATCH 105/365] update renovate

---
 .github/renovate.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 51f6af2fb..6e0b895cf 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -3,8 +3,21 @@
     "packageRules": [
       {
         "matchPackagePatterns": ["rke2"],
-        "labels": ["dependencies", "rke2"],
+        "labels": ["rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchDatasources": ["github-releases"],
+        "matchManagers": ["regex"],
+        "versioning": "semver",
+        "regexManagers": [
+          {
+            "fileMatch": ["^path/to/your/yaml/file\\.yaml$"],
+            "matchStrings": ["version: \"(?<currentValue>.*?)\"\\n"],
+            "datasourceTemplate": "github-releases",
+            "depNameTemplate": "helm/helm"
+          }
+        ]
       }
     ],
     "customManagers": [

From 0bdfeddb10c5d62871135a2fe4ad71fd2bf87d61 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 10:49:20 +0100
Subject: [PATCH 106/365] update renovate

---
 .github/renovate.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 6e0b895cf..e464a9a02 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -12,8 +12,8 @@
         "versioning": "semver",
         "regexManagers": [
           {
-            "fileMatch": ["^path/to/your/yaml/file\\.yaml$"],
-            "matchStrings": ["version: \"(?<currentValue>.*?)\"\\n"],
+            "fileMatch": ["^playbooks/vars/.*y[a]?ml$"],
+            "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
             "datasourceTemplate": "github-releases",
             "depNameTemplate": "helm/helm"
           }

From 6d58016751a63dff68e3f7b638717e776a1df630 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 11:03:27 +0100
Subject: [PATCH 107/365] update renovate

---
 .github/renovate.json | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index e464a9a02..d526b1438 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,23 +1,23 @@
 {
     "labels": ["dependencies"],
     "packageRules": [
+      {
+        "matchManagers": ["Containerfile"],
+        "matchPackagePatterns": ["ubi8"],
+        "matchUpdateTypes": ["minor"],
+        "automerge": true,
+        "schedule": ["every weekend after 7am"]
+      },
+      {
+        "matchManagers": ["github-actions"],
+        "matchUpdateTypes": ["minor"],
+        "automerge": true,
+        "schedule": ["every weekend after 7am"]
+      },
       {
         "matchPackagePatterns": ["rke2"],
         "labels": ["rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
-      },
-      {
-        "matchDatasources": ["github-releases"],
-        "matchManagers": ["regex"],
-        "versioning": "semver",
-        "regexManagers": [
-          {
-            "fileMatch": ["^playbooks/vars/.*y[a]?ml$"],
-            "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
-            "datasourceTemplate": "github-releases",
-            "depNameTemplate": "helm/helm"
-          }
-        ]
       }
     ],
     "customManagers": [

From 9c009fe2e5e8bfd3233dfcc3308b0c818652fc57 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 11:06:55 +0100
Subject: [PATCH 108/365] update renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index d526b1438..c483f9248 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -2,7 +2,7 @@
     "labels": ["dependencies"],
     "packageRules": [
       {
-        "matchManagers": ["Containerfile"],
+        "matchManagers": ["dockerfile"],
         "matchPackagePatterns": ["ubi8"],
         "matchUpdateTypes": ["minor"],
         "automerge": true,

From 0b89ada3a65ca0d991eed5be7a7579f9819faed0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 11:26:38 +0100
Subject: [PATCH 109/365] update renovate

---
 .github/renovate.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index c483f9248..09d20b786 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,5 +1,6 @@
 {
     "labels": ["dependencies"],
+    "ansible-galaxy": { "fileMatch": ["(^|/)(galaxy|requirements|ee-requirements)(\\.ansible)?\\.ya?ml$"] },
     "packageRules": [
       {
         "matchManagers": ["dockerfile"],

From c6ad1d2b8a1beadff8c54a42f0c48472c955593a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 11:45:58 +0100
Subject: [PATCH 110/365] update renovate

---
 .github/renovate.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 09d20b786..68930be95 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,6 +1,7 @@
 {
     "labels": ["dependencies"],
     "ansible-galaxy": { "fileMatch": ["(^|/)(galaxy|requirements|ee-requirements)(\\.ansible)?\\.ya?ml$"] },
+    "pre-commit": { "enabled": true },
     "packageRules": [
       {
         "matchManagers": ["dockerfile"],
@@ -25,7 +26,7 @@
       {
         "customType": "regex",
         "fileMatch": [
-          "playbooks/vars/.*y[a]?ml$",
+          "playbooks/vars/main\\.y[a]?ml$",
           "CHANGELOG.md",
           "README.md"
         ],
@@ -37,6 +38,16 @@
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
         "datasourceTemplate": "custom.rke2"
+      },
+      {
+        "regexManagers": [
+          {
+            "fileMatch": ["^playbooks/vars/main\\.yaml$"],
+            "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
+            "datasourceTemplate": "github-releases",
+            "depNameTemplate": "helm/helm"
+          }
+        ]
       }
     ],
     "customDatasources": {

From 87da3dee2a96619f3531c80d5521b2d0d952d897 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 11:53:54 +0100
Subject: [PATCH 111/365] update renovate

---
 .github/renovate.json | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 68930be95..5c4283a47 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -40,14 +40,11 @@
         "datasourceTemplate": "custom.rke2"
       },
       {
-        "regexManagers": [
-          {
-            "fileMatch": ["^playbooks/vars/main\\.yaml$"],
-            "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
-            "datasourceTemplate": "github-releases",
-            "depNameTemplate": "helm/helm"
-          }
-        ]
+        "customType": "regex",
+        "fileMatch": ["^playbooks/vars/main\\.yaml$"],
+        "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
+        "datasourceTemplate": "github-releases",
+        "depNameTemplate": "helm/helm"
       }
     ],
     "customDatasources": {

From 5d1ab30f3a276463acff03202965b7e02ca66eff Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 12:02:01 +0100
Subject: [PATCH 112/365] update renovate

---
 .github/renovate.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 5c4283a47..30d48b99a 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -44,7 +44,8 @@
         "fileMatch": ["^playbooks/vars/main\\.yaml$"],
         "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
         "datasourceTemplate": "github-releases",
-        "depNameTemplate": "helm/helm"
+        "depNameTemplate": "helm/helm",
+        "versioningTemplate": "semver"
       }
     ],
     "customDatasources": {

From 2739661ed550fab9523925ae6c0e0bdea71b66c1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 12:08:12 +0100
Subject: [PATCH 113/365] update renovate

---
 .github/renovate.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 30d48b99a..a9e09cd56 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,7 +1,10 @@
 {
     "labels": ["dependencies"],
     "ansible-galaxy": { "fileMatch": ["(^|/)(galaxy|requirements|ee-requirements)(\\.ansible)?\\.ya?ml$"] },
-    "pre-commit": { "enabled": true },
+    "pre-commit": {
+      "enabled": true,
+      "labels": ["pre-commit"]
+    },
     "packageRules": [
       {
         "matchManagers": ["dockerfile"],

From def3f994356e8a9c4dca55172dbd6f9e6ef78826 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 12:15:04 +0100
Subject: [PATCH 114/365] update renovate

---
 .github/renovate.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index a9e09cd56..1065d3af0 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -48,6 +48,7 @@
         "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
         "datasourceTemplate": "github-releases",
         "depNameTemplate": "helm/helm",
+        "packageNameTemplate": "https://github.com/helm/helm",
         "versioningTemplate": "semver"
       }
     ],

From a11c9ed00225b60452e23cafa522b2b6dbd9369f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 12:26:59 +0100
Subject: [PATCH 115/365] update renovate

---
 .github/actions/update-readme/action.yml |  1 +
 .github/renovate.json                    | 16 +++++++++++-----
 README.md                                |  1 +
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-readme/action.yml
index 14f600157..bbf3d27af 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-readme/action.yml
@@ -15,6 +15,7 @@ runs:
         neuvector_version=$(yq -r .global_NEU_VERSION playbooks/vars/main.yml)
         cat << EOF > version.txt
           - [RKE2 ${rke2_version}](https://docs.rke2.io) - Security focused Kubernetes
+          - [Cert-manager ${cert_version}](https://cert-manager.io/docs/) - Certificate manager
           - [Rancher ${rancher_version}](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
           - [Longhorn ${longhorn_version}](https://longhorn.io) - Unified storage layer
           - [Neuvector ${neuvector_version}](https://neuvector.com/) - Kubernetes Security Platform
diff --git a/.github/renovate.json b/.github/renovate.json
index 1065d3af0..8a6e53366 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -44,12 +44,18 @@
       },
       {
         "customType": "regex",
-        "fileMatch": ["^playbooks/vars/main\\.yaml$"],
-        "matchStrings": ["global_helm_version: \"(?<currentValue>.*?)\"\\n"],
-        "datasourceTemplate": "github-releases",
-        "depNameTemplate": "helm/helm",
+        "fileMatch": [
+          "playbooks/vars/main\\.yaml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_helm_version: \"(?<currentValue>.*?)\"\\n"
+        ],
+        "datasourceTemplate": "git-refs",
+        "depNameTemplate": "helm",
         "packageNameTemplate": "https://github.com/helm/helm",
-        "versioningTemplate": "semver"
+        "versioningTemplate": "semver-coerced"
       }
     ],
     "customDatasources": {
diff --git a/README.md b/README.md
index 3b4e97abc..00dce8bbe 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 
 <!-- Autogenerated -->
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
+  - [Certmanager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform

From 2885577a34bea14d78d758f5b311cd7679f239fa Mon Sep 17 00:00:00 2001
From: github-actions <github-actions@github.com>
Date: Wed, 24 Jan 2024 11:28:51 +0000
Subject: [PATCH 116/365] =?UTF-8?q?=E2=9A=A1=20Update=20README=20&=20CHANG?=
 =?UTF-8?q?ELOG?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 00dce8bbe..6c61b6cde 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 
 <!-- Autogenerated -->
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
-  - [Certmanager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
+  - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform

From 7c784bb167db19cf5ac66bd3619c5330d205b318 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 12:30:21 +0100
Subject: [PATCH 117/365] update renovate

---
 .github/renovate.json | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 8a6e53366..f2463b65c 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -45,9 +45,7 @@
       {
         "customType": "regex",
         "fileMatch": [
-          "playbooks/vars/main\\.yaml$",
-          "CHANGELOG.md",
-          "README.md"
+          "playbooks/vars/main\\.y[a]?ml$"
         ],
         "matchStrings": [
           "global_helm_version: \"(?<currentValue>.*?)\"\\n"

From 4b31e8f9ae44b417bb89c8654b6afd479deb2ad8 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 13:01:51 +0100
Subject: [PATCH 118/365] update renovate

---
 .github/renovate.json | 74 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index f2463b65c..d43e91016 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -27,6 +27,7 @@
     ],
     "customManagers": [
       {
+        "_comment": "Update RKE2",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -43,6 +44,7 @@
         "datasourceTemplate": "custom.rke2"
       },
       {
+        "_comment": "Update helm binary only for ansible",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$"
@@ -54,6 +56,78 @@
         "depNameTemplate": "helm",
         "packageNameTemplate": "https://github.com/helm/helm",
         "versioningTemplate": "semver-coerced"
+      },
+      {
+        "_comment": "Update Cert-manager",
+        "customType": "regex",
+        "fileMatch": [
+          "playbooks/vars/main\\.y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_CERT_VERSION: \"(?<currentValue>.*?)\"\\n",
+          "  - cert-manager version: (?<currentValue>.*)\\n",
+          "  - \\[Cert-manager (?<currentValue>[^\\]]+)\\]\\(https://cert-manager.io/docs/\\) - Certificate manager\\n"
+        ],
+        "datasourceTemplate": "git-refs",
+        "depNameTemplate": "cert-manager",
+        "packageNameTemplate": "https://github.com/cert-manager/cert-manager",
+        "versioningTemplate": "semver-coerced"
+      },
+      {
+        "_comment": "Update Rancher",
+        "customType": "regex",
+        "fileMatch": [
+          "playbooks/vars/main\\.y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_RANCHER_VERSION: \"(?<currentValue>.*?)\"\\n",
+          "  - rancher version: (?<currentValue>.*)\\n",
+          "  - \\[Rancher (?<currentValue>[^\\]]+)\\]\\(https://www.suse.com/products/suse-rancher/\\) - Multi-Cluster Kubernetes Management\\n"
+        ],
+        "datasourceTemplate": "git-refs",
+        "depNameTemplate": "rancher",
+        "packageNameTemplate": "https://github.com/rancher/rancher",
+        "versioningTemplate": "semver-coerced"
+      },
+      {
+        "_comment": "Update Longhorn",
+        "customType": "regex",
+        "fileMatch": [
+          "playbooks/vars/main\\.y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_LONGHORN_VERSION: \"(?<currentValue>.*?)\"\\n",
+          "  - longhorn version: (?<currentValue>.*)\\n",
+          "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
+        ],
+        "datasourceTemplate": "git-refs",
+        "depNameTemplate": "longhorn",
+        "packageNameTemplate": "https://github.com/longhorn/longhorn",
+        "versioningTemplate": "semver-coerced"
+      },
+      {
+        "_comment": "Update NeuVector",
+        "customType": "regex",
+        "fileMatch": [
+          "playbooks/vars/main\\.y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_NEU_VERSION: \"(?<currentValue>.*?)\"\\n",
+          "  - neuvector version: (?<currentValue>.*)\\n",
+          "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
+        ],
+        "datasourceTemplate": "git-refs",
+        "depNameTemplate": "helm",
+        "packageNameTemplate": "https://github.com/helm/helm",
+        "versioningTemplate": "semver-coerced"
       }
     ],
     "customDatasources": {

From effe2fcedaf1eec08be7ee75c1ba27333426eab5 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 13:03:59 +0100
Subject: [PATCH 119/365] update renovate

---
 .github/renovate.json | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index d43e91016..7003bf6b3 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -27,7 +27,6 @@
     ],
     "customManagers": [
       {
-        "_comment": "Update RKE2",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -44,7 +43,6 @@
         "datasourceTemplate": "custom.rke2"
       },
       {
-        "_comment": "Update helm binary only for ansible",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$"
@@ -58,7 +56,6 @@
         "versioningTemplate": "semver-coerced"
       },
       {
-        "_comment": "Update Cert-manager",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -76,7 +73,6 @@
         "versioningTemplate": "semver-coerced"
       },
       {
-        "_comment": "Update Rancher",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -94,7 +90,6 @@
         "versioningTemplate": "semver-coerced"
       },
       {
-        "_comment": "Update Longhorn",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -112,7 +107,6 @@
         "versioningTemplate": "semver-coerced"
       },
       {
-        "_comment": "Update NeuVector",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",

From 777cb522d347141f6aefc9d56e495730e5df0e12 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 13:10:50 +0100
Subject: [PATCH 120/365] update renovate

---
 .github/renovate.json | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 7003bf6b3..fecb53358 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -23,6 +23,11 @@
         "matchPackagePatterns": ["rke2"],
         "labels": ["rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchPackagePatterns": ["helm"],
+        "labels": ["helm"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       }
     ],
     "customManagers": [
@@ -119,8 +124,8 @@
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
         "datasourceTemplate": "git-refs",
-        "depNameTemplate": "helm",
-        "packageNameTemplate": "https://github.com/helm/helm",
+        "depNameTemplate": "neuvector",
+        "packageNameTemplate": "https://github.com/neuvector/neuvector",
         "versioningTemplate": "semver-coerced"
       }
     ],

From 0b43bc95d763828344416237366232ff3f512101 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 13:15:50 +0100
Subject: [PATCH 121/365] update renovate

---
 .github/renovate.json | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index fecb53358..db1b9328f 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -28,6 +28,26 @@
         "matchPackagePatterns": ["helm"],
         "labels": ["helm"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchPackagePatterns": ["cert-manager"],
+        "labels": ["cert-manager"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchPackagePatterns": ["rancher"],
+        "labels": ["rancher"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchPackagePatterns": ["longhorn"],
+        "labels": ["longhorn"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+      },
+      {
+        "matchPackagePatterns": ["neuvector"],
+        "labels": ["neuvector"],
+        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       }
     ],
     "customManagers": [

From 190c8db1c25f4b3dd65eed6afe21179b87e5224e Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 14:09:09 +0100
Subject: [PATCH 122/365] trailling whitespace

---
 .../action.yml                                |  2 +
 .github/workflows/build.yml                   | 25 ---------
 .github/workflows/release.yml                 | 53 ++++++++++++++++++-
 README.md                                     | 23 ++++----
 4 files changed, 66 insertions(+), 37 deletions(-)
 rename .github/actions/{update-readme => update-version}/action.yml (95%)

diff --git a/.github/actions/update-readme/action.yml b/.github/actions/update-version/action.yml
similarity index 95%
rename from .github/actions/update-readme/action.yml
rename to .github/actions/update-version/action.yml
index bbf3d27af..df81caa29 100644
--- a/.github/actions/update-readme/action.yml
+++ b/.github/actions/update-version/action.yml
@@ -8,12 +8,14 @@ runs:
     # Update Readme
     - shell: bash
       run: |
+        rkub_collection=$(yq -r .version galaxy.yml)
         rke2_version=$(yq -r .global_rke2_version playbooks/vars/main.yml)
         cert_version=$(yq -r .global_CERT_VERSION playbooks/vars/main.yml)
         rancher_version=$(yq -r .global_RANCHER_VERSION playbooks/vars/main.yml)
         longhorn_version=$(yq -r .global_LONGHORN_VERSION playbooks/vars/main.yml)
         neuvector_version=$(yq -r .global_NEU_VERSION playbooks/vars/main.yml)
         cat << EOF > version.txt
+        **Ansible Collection Rkub ${rkub_collection} include:**
           - [RKE2 ${rke2_version}](https://docs.rke2.io) - Security focused Kubernetes
           - [Cert-manager ${cert_version}](https://cert-manager.io/docs/) - Certificate manager
           - [Rancher ${rancher_version}](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 36634f87e..be875cb19 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -28,28 +28,3 @@ jobs:
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
-
-  update:
-    name: Update Versions
-    needs: lint
-    runs-on: ubuntu-latest
-
-    if: github.repository == 'mozebaltyk/rkub'
-    permissions:
-      actions: write
-      checks: write
-      contents: write
-
-    steps:
-      # Checkout on branch where pull request
-      - name: Which branch?
-        shell: bash
-        run: |
-          echo "${{ github.head_ref || github.ref_name }}"
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref || github.ref_name }}
-
-      - name: Update Readme and changelog
-        uses: ./.github/actions/update-readme
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 82c5045e6..778024bc7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,9 +11,60 @@ on:
   #  branches: [ "main" ]
 
 jobs:
-  release:
+  lint:
+    name: Ansible Lint
     runs-on: ubuntu-latest
+    steps:
+      - name: Which branch?
+        shell: bash
+        run: |
+          echo "${{ github.head_ref || github.ref_name }}"
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+
+      # step to install prerequis
+      - name: Install prerequis
+        shell: bash
+        run: |
+          make prerequis
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
+
+  update-version:
+    name: Update Versions
+    needs: lint
+    runs-on: ubuntu-latest
+
+    if: github.repository == 'mozebaltyk/rkub'
+    permissions:
+      actions: write
+      checks: write
+      contents: write
+
+    steps:
+      # Checkout on branch where pull request
+      - name: Which branch?
+        shell: bash
+        run: |
+          echo "${{ github.head_ref || github.ref_name }}"
+
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.head_ref || github.ref_name }}
+
+      # This one is redondant with renovate
+      # but make sure that all versions
+      # are updated before to release!
+      - name: Update version in readme and changelog
+        uses: ./.github/actions/update-version
+
+  release:
     name: Release to Galaxy
+    needs: update-version
+    runs-on: ubuntu-latest
     if: github.repository == 'mozebaltyk/rkub'
     permissions:
       actions: write
diff --git a/README.md b/README.md
index 6c61b6cde..ca3ad90da 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 Ansible collection met to install in airgap environnement RKE2 (one controler and several workers, currently no HA):
 
 <!-- Autogenerated -->
+**Ansible Collection Rkub 1.0.3 include:**
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
@@ -23,29 +24,29 @@ I tried it and like the idea but I was frustrated with Shell scripting limitatio
 
 With Ansible:
 
-* Idempotency: can be relaunch multiple time.
+  * Idempotency: can be relaunch multiple time.
 
-* User agnostic: can be launch by any user (with sudo rights).
+  * User agnostic: can be launch by any user (with sudo rights).
 
-* OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)
+  * OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)
 
 Add-on from my part, some part which were manual in Clemenko procedure are automated with Ansible like:
 
-* the upload or NFS mount
+  * the upload or NFS mount
 
-* Some flexibility about path (possible to export or mount NFS in choosen place)
+  * Some flexibility about path (possible to export or mount NFS in choosen place)
 
-* Arkade to install utilities binaries
+  * Arkade to install utilities binaries
 
-* Admin user (by default kuberoot) on first controler node with all necessary tools
+  * Admin user (by default kuberoot) on first controler node with all necessary tools
 
-* Nerdctl (as complement of containerd to handle oci-archive)
+  * Nerdctl (as complement of containerd to handle oci-archive)
 
-* Firewalld settings if firewalld running
+  * Firewalld settings if firewalld running
 
-* Uninstall playbook to cleanup (and maybe reinstall if needed)
+  * Uninstall playbook to cleanup (and maybe reinstall if needed)
 
-* Collection Released, so possibilty to get back to older versions
+  * Collection Released, so possibilty to get back to older versions
 
 
 ## Prerequisites

From 8d8cd0cd01bef3247b0debb3d326e79a47199873 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 14:16:26 +0100
Subject: [PATCH 123/365] readme version

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ca3ad90da..a5b9c7a7c 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
 Ansible collection met to install in airgap environnement RKE2 (one controler and several workers, currently no HA):
 
 <!-- Autogenerated -->
-**Ansible Collection Rkub 1.0.3 include:**
+**Ansible Collection Rkub 1.0.2 include:**
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management

From 7e46008b262a1b4b64c561724154d39d9e49eafc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 14:39:18 +0100
Subject: [PATCH 124/365] update renovate

---
 .github/renovate.json | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index db1b9328f..4c0d2cc79 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -21,32 +21,32 @@
       },
       {
         "matchPackagePatterns": ["rke2"],
-        "labels": ["rke2"],
+        "labels": ["dependencies","rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["helm"],
-        "labels": ["helm"],
+        "labels": ["dependencies","helm"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["cert-manager"],
-        "labels": ["cert-manager"],
+        "labels": ["dependencies","cert-manager"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["rancher"],
-        "labels": ["rancher"],
+        "labels": ["dependencies","rancher"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["longhorn"],
-        "labels": ["longhorn"],
+        "labels": ["dependencies","longhorn"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["neuvector"],
-        "labels": ["neuvector"],
+        "labels": ["dependencies","neuvector"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       }
     ],
@@ -126,7 +126,7 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "git-refs",
+        "datasourceTemplate": "github-release",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/longhorn",
         "versioningTemplate": "semver-coerced"

From 65a8366b0aa9778f04f59938da7869dbab69ea15 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 14:48:38 +0100
Subject: [PATCH 125/365] update renovate

---
 .github/renovate.json | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 4c0d2cc79..6d81689c2 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -6,6 +6,17 @@
       "labels": ["pre-commit"]
     },
     "packageRules": [
+      {
+        "matchPackagePatterns": [
+          "*"
+        ],
+        "matchUpdateTypes": [
+          "minor",
+          "patch"
+        ],
+        "groupName": "all non-major dependencies",
+        "groupSlug": "all-minor-patch"
+      },
       {
         "matchManagers": ["dockerfile"],
         "matchPackagePatterns": ["ubi8"],
@@ -126,7 +137,7 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "github-release",
+        "datasourceTemplate": "git-refs",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/longhorn",
         "versioningTemplate": "semver-coerced"

From f3620ac4da279957c62f054aec7df935f914b6d3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 15:05:01 +0100
Subject: [PATCH 126/365] update renovate

---
 .github/renovate.json | 28 +++++++++-------------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 6d81689c2..dc584444c 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -3,20 +3,9 @@
     "ansible-galaxy": { "fileMatch": ["(^|/)(galaxy|requirements|ee-requirements)(\\.ansible)?\\.ya?ml$"] },
     "pre-commit": {
       "enabled": true,
-      "labels": ["pre-commit"]
+      "addLabels": ["pre-commit"]
     },
     "packageRules": [
-      {
-        "matchPackagePatterns": [
-          "*"
-        ],
-        "matchUpdateTypes": [
-          "minor",
-          "patch"
-        ],
-        "groupName": "all non-major dependencies",
-        "groupSlug": "all-minor-patch"
-      },
       {
         "matchManagers": ["dockerfile"],
         "matchPackagePatterns": ["ubi8"],
@@ -32,32 +21,32 @@
       },
       {
         "matchPackagePatterns": ["rke2"],
-        "labels": ["dependencies","rke2"],
+        "addLabels": ["rke2"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["helm"],
-        "labels": ["dependencies","helm"],
+        "addLabels": ["helm"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["cert-manager"],
-        "labels": ["dependencies","cert-manager"],
+        "addLabels": ["cert-manager"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["rancher"],
-        "labels": ["dependencies","rancher"],
+        "addLabels": ["rancher"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["longhorn"],
-        "labels": ["dependencies","longhorn"],
+        "addLabels": ["longhorn"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["neuvector"],
-        "labels": ["dependencies","neuvector"],
+        "addLabels": ["neuvector"],
         "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
       }
     ],
@@ -138,8 +127,9 @@
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
         "datasourceTemplate": "git-refs",
+        "currentValueTemplate": "master",
         "depNameTemplate": "longhorn",
-        "packageNameTemplate": "https://github.com/longhorn/longhorn",
+        "packageNameTemplate": "https://github.com/longhorn/longhorn/releases/latest",
         "versioningTemplate": "semver-coerced"
       },
       {

From 1068844d051f28430dce41f001bd17bd2102d60e Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 15:35:19 +0100
Subject: [PATCH 127/365] update renovate

---
 .github/dependabot.yml | 9 ---------
 .github/renovate.json  | 3 +--
 2 files changed, 1 insertion(+), 11 deletions(-)
 delete mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index ab5067d26..000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
\ No newline at end of file
diff --git a/.github/renovate.json b/.github/renovate.json
index dc584444c..43f4a7ae4 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -127,7 +127,6 @@
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
         "datasourceTemplate": "git-refs",
-        "currentValueTemplate": "master",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/longhorn/releases/latest",
         "versioningTemplate": "semver-coerced"
@@ -146,7 +145,7 @@
         ],
         "datasourceTemplate": "git-refs",
         "depNameTemplate": "neuvector",
-        "packageNameTemplate": "https://github.com/neuvector/neuvector",
+        "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
         "versioningTemplate": "semver-coerced"
       }
     ],

From a55d52aae0c58cef876e01fa0f2a700f5ffe85ef Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 16:12:55 +0100
Subject: [PATCH 128/365] update renovate

---
 .github/renovate.json | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 43f4a7ae4..b3f57814a 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -42,12 +42,12 @@
       {
         "matchPackagePatterns": ["longhorn"],
         "addLabels": ["longhorn"],
-        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+        "extractVersion": "^longhorn-(?<version>\\d+\\.\\d+.\\d+)"
       },
       {
         "matchPackagePatterns": ["neuvector"],
         "addLabels": ["neuvector"],
-        "extractVersion": "^v(?<version>\\d+\\.\\d+.\\d+)"
+        "extractVersion": "(?<version>\\d+\\.\\d+.\\d+)"
       }
     ],
     "customManagers": [
@@ -109,10 +109,12 @@
           "  - rancher version: (?<currentValue>.*)\\n",
           "  - \\[Rancher (?<currentValue>[^\\]]+)\\]\\(https://www.suse.com/products/suse-rancher/\\) - Multi-Cluster Kubernetes Management\\n"
         ],
-        "datasourceTemplate": "git-refs",
         "depNameTemplate": "rancher",
-        "packageNameTemplate": "https://github.com/rancher/rancher",
-        "versioningTemplate": "semver-coerced"
+        "datasourceTemplate": "helm",
+        "versioningTemplate": "semver-coerced",
+        "registryAliases": {
+          "stable": "https://releases.rancher.com/server-charts/stable"
+        }
       },
       {
         "customType": "regex",
@@ -128,7 +130,7 @@
         ],
         "datasourceTemplate": "git-refs",
         "depNameTemplate": "longhorn",
-        "packageNameTemplate": "https://github.com/longhorn/longhorn/releases/latest",
+        "packageNameTemplate": "https://github.com/longhorn/charts",
         "versioningTemplate": "semver-coerced"
       },
       {

From 10831d6e42b4e321b80fdda6d870ed75c5328237 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 16:24:37 +0100
Subject: [PATCH 129/365] update renovate

---
 .github/renovate.json | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index b3f57814a..e0dc3a461 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -110,11 +110,9 @@
           "  - \\[Rancher (?<currentValue>[^\\]]+)\\]\\(https://www.suse.com/products/suse-rancher/\\) - Multi-Cluster Kubernetes Management\\n"
         ],
         "depNameTemplate": "rancher",
-        "datasourceTemplate": "helm",
         "versioningTemplate": "semver-coerced",
-        "registryAliases": {
-          "stable": "https://releases.rancher.com/server-charts/stable"
-        }
+        "datasourceTemplate": "git-refs",
+        "packageNameTemplate": "https://github.com/rancher/rancher"
       },
       {
         "customType": "regex",

From 95b2f36b8b6805e63f33fb81eaa5ebcad9f9c084 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:10:44 +0100
Subject: [PATCH 130/365] update renovate

---
 .github/renovate.json | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index e0dc3a461..f5cc12b33 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -98,6 +98,7 @@
         "versioningTemplate": "semver-coerced"
       },
       {
+        "description": "Update Rancher helm charts version with customDatasource",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -111,10 +112,10 @@
         ],
         "depNameTemplate": "rancher",
         "versioningTemplate": "semver-coerced",
-        "datasourceTemplate": "git-refs",
-        "packageNameTemplate": "https://github.com/rancher/rancher"
+        "datasourceTemplate": "custom.rancher"
       },
       {
+        "description": "Update Longhorn helm charts version based on github repo",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -132,6 +133,7 @@
         "versioningTemplate": "semver-coerced"
       },
       {
+        "description": "Update Neuvector helm charts version based on github repo",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -155,6 +157,12 @@
         "transformTemplates": [
           "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rke2\",\"changelogUrl\":$join([\"https://github.com/rancher/rke2/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rke2\",\"homepage\": \"https://docs.rke2.io\"}"
         ]
+      },
+      "rancher": {
+        "defaultRegistryUrlTemplate": "https://update.rancher.io/v1-release/channels",
+        "transformTemplates": [
+          "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rancher\",\"changelogUrl\":$join([\"https://github.com/rancher/rancher/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rancher\",\"homepage\": \"https://ranchermanager.docs.rancher.com\"}"
+        ]
       }
     }
 }

From c2722aae4e5bf49501a68445cfa5d1e77be697bc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:19:48 +0100
Subject: [PATCH 131/365] update renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index f5cc12b33..12ccad473 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -161,7 +161,7 @@
       "rancher": {
         "defaultRegistryUrlTemplate": "https://update.rancher.io/v1-release/channels",
         "transformTemplates": [
-          "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rancher\",\"changelogUrl\":$join([\"https://github.com/rancher/rancher/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rancher\",\"homepage\": \"https://ranchermanager.docs.rancher.com\"}"
+          "{\"releases\":[{\"version\": $$.(data[id = 'latest'].latest),\"sourceUrl\":\"https://github.com/rancher/rancher\",\"changelogUrl\":$join([\"https://github.com/rancher/rancher/releases/tag/\",data[id = 'latest'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rancher\",\"homepage\": \"https://ranchermanager.docs.rancher.com\"}"
         ]
       }
     }

From 07f22b61ade4cddba334615a59081ef943e031aa Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:32:14 +0100
Subject: [PATCH 132/365] update renovate

---
 .github/renovate.json | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 12ccad473..21a536726 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -52,6 +52,7 @@
     ],
     "customManagers": [
       {
+        "description": "Update RKE2 helm charts version with customDatasource",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -68,6 +69,7 @@
         "datasourceTemplate": "custom.rke2"
       },
       {
+        "description": "Update helm binary version based on github repo",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$"
@@ -81,6 +83,7 @@
         "versioningTemplate": "semver-coerced"
       },
       {
+        "description": "Update cert-manager helm charts version based on github repo",
         "customType": "regex",
         "fileMatch": [
           "playbooks/vars/main\\.y[a]?ml$",
@@ -155,14 +158,17 @@
       "rke2": {
         "defaultRegistryUrlTemplate": "https://update.rke2.io/v1-release/channels",
         "transformTemplates": [
-          "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rke2\",\"changelogUrl\":$join([\"https://github.com/rancher/rke2/releases/tag/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rke2\",\"homepage\": \"https://docs.rke2.io\"}"
+          "{\"releases\":[{\"version\": $$.(data[id = 'stable'].latest),\"sourceUrl\":\"https://github.com/rancher/rke2\",\"changelogUrl\":$join([\"https://github.com/rancher/rke2/releases/\",data[id = 'stable'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rke2\",\"homepage\": \"https://docs.rke2.io\"}"
         ]
       },
       "rancher": {
         "defaultRegistryUrlTemplate": "https://update.rancher.io/v1-release/channels",
         "transformTemplates": [
-          "{\"releases\":[{\"version\": $$.(data[id = 'latest'].latest),\"sourceUrl\":\"https://github.com/rancher/rancher\",\"changelogUrl\":$join([\"https://github.com/rancher/rancher/releases/tag/\",data[id = 'latest'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rancher\",\"homepage\": \"https://ranchermanager.docs.rancher.com\"}"
+          "{\"releases\":[{\"version\": $$.(data[id = 'latest'].latest),\"sourceUrl\":\"https://github.com/rancher/rancher\",\"changelogUrl\":$join([\"https://github.com/rancher/rancher/releases/\",data[id = 'latest'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rancher\",\"homepage\": \"https://ranchermanager.docs.rancher.com\"}"
         ]
+      },
+      "neuvector": {
+        "defaultRegistryUrlTemplate": "https://github.com/neuvector/neuvector-helm/releases/latest"
       }
     }
 }

From e13acf5831f20d43cb347b0cf6378e9b0333f0fb Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:33:59 +0100
Subject: [PATCH 133/365] update renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 21a536726..67b852fe4 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -148,7 +148,7 @@
           "  - neuvector version: (?<currentValue>.*)\\n",
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
-        "datasourceTemplate": "git-refs",
+        "datasourceTemplate": "git-tags",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
         "versioningTemplate": "semver-coerced"

From 6b6ef48a71e7835cf08db9e71b83b8389374e008 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:44:55 +0100
Subject: [PATCH 134/365] update renovate

---
 .github/renovate.json | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 67b852fe4..e9ebf16cf 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -130,10 +130,11 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "git-refs",
+        "datasourceTemplate": "github-tags",
+        "currentValueTemplate": "v1.5.x",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/charts",
-        "versioningTemplate": "semver-coerced"
+        "versioningTemplate": "semver"
       },
       {
         "description": "Update Neuvector helm charts version based on github repo",
@@ -148,7 +149,8 @@
           "  - neuvector version: (?<currentValue>.*)\\n",
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
-        "datasourceTemplate": "git-tags",
+        "datasourceTemplate": "github-tags",
+        "currentValueTemplate": "master",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
         "versioningTemplate": "semver-coerced"

From 2aaeaf933ae4959415bb6ade99686a3b85c5b98b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:47:22 +0100
Subject: [PATCH 135/365] update renovate

---
 .github/renovate.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index e9ebf16cf..4bc2e0004 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -130,7 +130,7 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "github-tags",
+        "datasourceTemplate": "git-tags",
         "currentValueTemplate": "v1.5.x",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/charts",
@@ -149,7 +149,7 @@
           "  - neuvector version: (?<currentValue>.*)\\n",
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
-        "datasourceTemplate": "github-tags",
+        "datasourceTemplate": "git-tags",
         "currentValueTemplate": "master",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",

From 46d2432f29ffaaf33fe29a60adb195bcff209a2c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:49:08 +0100
Subject: [PATCH 136/365] update renovate

---
 .github/renovate.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 4bc2e0004..d6659a631 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -130,7 +130,7 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "git-tags",
+        "datasourceTemplate": "git-refs",
         "currentValueTemplate": "v1.5.x",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/charts",
@@ -149,7 +149,7 @@
           "  - neuvector version: (?<currentValue>.*)\\n",
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
-        "datasourceTemplate": "git-tags",
+        "datasourceTemplate": "git-refs",
         "currentValueTemplate": "master",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",

From 8d8adf2cc3272aa2e7043ece3899623bc501d4f9 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:52:01 +0100
Subject: [PATCH 137/365] update renovate

---
 .github/renovate.json   | 1 -
 playbooks/vars/main.yml | 6 +++---
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index d6659a631..468d0d28a 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -131,7 +131,6 @@
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
         "datasourceTemplate": "git-refs",
-        "currentValueTemplate": "v1.5.x",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/charts",
         "versioningTemplate": "semver"
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index ef2996e8e..c971755f1 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -4,8 +4,8 @@ global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
 global_CERT_VERSION: "1.13.3"
 global_RANCHER_VERSION: "2.8.0"
-global_LONGHORN_VERSION: "1.5.3"
-global_NEU_VERSION: "2.6.6"
+global_LONGHORN_VERSION: "1.5.1"
+global_NEU_VERSION: "2.6.5"
 
 # extras RPM
 global_rke2_common_repo_version: "v{{ rke2_version }}%2Brke2r1"           #.stable.0
@@ -39,4 +39,4 @@ default_longhorn_datapath: "{{ global_directory_package_target }}/longhorn"
 global_longhorn_datapath: "{{ datapath | default(default_longhorn_datapath) }}"
 
 # Rancher
-global_rancher_password: "{{ password | default('BootStrapAllTheThings') }}"
\ No newline at end of file
+global_rancher_password: "{{ password | default('BootStrapAllTheThings') }}"

From e9788cb53db59fdcc16e09eb6eb260fbb732c84a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:56:03 +0100
Subject: [PATCH 138/365] update renovate

---
 .github/renovate.json | 4 ++--
 CHANGELOG.md          | 4 ++--
 README.md             | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 468d0d28a..df61514fd 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -130,7 +130,7 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "git-refs",
+        "datasourceTemplate": "github-refs",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/charts",
         "versioningTemplate": "semver"
@@ -148,7 +148,7 @@
           "  - neuvector version: (?<currentValue>.*)\\n",
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
-        "datasourceTemplate": "git-refs",
+        "datasourceTemplate": "github-tags",
         "currentValueTemplate": "master",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f4eabd0b..3380dfc2c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,8 @@
   - rke2 version: 1.26.11
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0
-  - longhorn version: 1.5.3
-  - neuvector version: 2.6.6
+  - longhorn version: 1.5.1
+  - neuvector version: 2.6.5
 <!-- End Release -->
 
 <!-- Features -->
diff --git a/README.md b/README.md
index a5b9c7a7c..d82e73393 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,8 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
-  - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
-  - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
+  - [Longhorn 1.5.1](https://longhorn.io) - Unified storage layer
+  - [Neuvector 2.6.5](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
 This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).

From 7ad04f67b2ab7bf138b0d62a7f917f15067b09ae Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:57:48 +0100
Subject: [PATCH 139/365] update renovate

---
 .github/renovate.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index df61514fd..468d0d28a 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -130,7 +130,7 @@
           "  - longhorn version: (?<currentValue>.*)\\n",
           "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
-        "datasourceTemplate": "github-refs",
+        "datasourceTemplate": "git-refs",
         "depNameTemplate": "longhorn",
         "packageNameTemplate": "https://github.com/longhorn/charts",
         "versioningTemplate": "semver"
@@ -148,7 +148,7 @@
           "  - neuvector version: (?<currentValue>.*)\\n",
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
-        "datasourceTemplate": "github-tags",
+        "datasourceTemplate": "git-refs",
         "currentValueTemplate": "master",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",

From f26de34a7e4a43c235a7be28dc904f49bc63ea5d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 17:59:22 +0100
Subject: [PATCH 140/365] update renovate

---
 .github/renovate.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 468d0d28a..be3bf9b30 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -149,7 +149,6 @@
           "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
         "datasourceTemplate": "git-refs",
-        "currentValueTemplate": "master",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
         "versioningTemplate": "semver-coerced"

From 2066ff241e34fc37d8abd8f0052004222599502c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 18:04:09 +0100
Subject: [PATCH 141/365] update renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index be3bf9b30..29fc3bdca 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -151,7 +151,7 @@
         "datasourceTemplate": "git-refs",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
-        "versioningTemplate": "semver-coerced"
+        "versioningTemplate": "semver"
       }
     ],
     "customDatasources": {

From 6821197f502095c8e983e9e6ea0b2b131f4f536b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 24 Jan 2024 18:15:03 +0100
Subject: [PATCH 142/365] Update dependency neuvector to v2.6.6 (#23)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3380dfc2c..dd0ad8d78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0
   - longhorn version: 1.5.1
-  - neuvector version: 2.6.5
+  - neuvector version: 2.6.6
 <!-- End Release -->
 
 <!-- Features -->
diff --git a/README.md b/README.md
index d82e73393..fd257c39a 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.5.1](https://longhorn.io) - Unified storage layer
-  - [Neuvector 2.6.5](https://neuvector.com/) - Kubernetes Security Platform
+  - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
 This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index c971755f1..23df4cd27 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -5,7 +5,7 @@ global_helm_version: "3.11.3"
 global_CERT_VERSION: "1.13.3"
 global_RANCHER_VERSION: "2.8.0"
 global_LONGHORN_VERSION: "1.5.1"
-global_NEU_VERSION: "2.6.5"
+global_NEU_VERSION: "2.6.6"
 
 # extras RPM
 global_rke2_common_repo_version: "v{{ rke2_version }}%2Brke2r1"           #.stable.0

From 1fae4f0edeea24192d4a183a02ebb78bdf531231 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 24 Jan 2024 18:15:40 +0100
Subject: [PATCH 143/365] Update dependency longhorn to v1.5.3 (#21)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dd0ad8d78..5f4eabd0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,7 @@
   - rke2 version: 1.26.11
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0
-  - longhorn version: 1.5.1
+  - longhorn version: 1.5.3
   - neuvector version: 2.6.6
 <!-- End Release -->
 
diff --git a/README.md b/README.md
index fd257c39a..a5b9c7a7c 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
-  - [Longhorn 1.5.1](https://longhorn.io) - Unified storage layer
+  - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 23df4cd27..1457c6b0a 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -4,7 +4,7 @@ global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
 global_CERT_VERSION: "1.13.3"
 global_RANCHER_VERSION: "2.8.0"
-global_LONGHORN_VERSION: "1.5.1"
+global_LONGHORN_VERSION: "1.5.3"
 global_NEU_VERSION: "2.6.6"
 
 # extras RPM

From bff1961d72cf75ae272926748767c313fd1a2311 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 24 Jan 2024 18:17:09 +0100
Subject: [PATCH 144/365] Update pre-commit hook ansible-community/ansible-lint
 to v6.22.2 (#16)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 7b45e6682..2a8053191 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -25,7 +25,7 @@ repos:
 
   - repo: https://github.com/ansible-community/ansible-lint.git
     # Latest release from https://github.com/ansible-community/ansible-lint
-    rev: v6.22.1
+    rev: v6.22.2
     hooks:
       - id: ansible-lint
         files: \.(yaml|yml)$

From c44b5924bd69ced3e7f2454568a133f7ee3f4360 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 18:21:11 +0100
Subject: [PATCH 145/365] update renovate

---
 .github/renovate.json | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 29fc3bdca..149c7d01e 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -95,7 +95,7 @@
           "  - cert-manager version: (?<currentValue>.*)\\n",
           "  - \\[Cert-manager (?<currentValue>[^\\]]+)\\]\\(https://cert-manager.io/docs/\\) - Certificate manager\\n"
         ],
-        "datasourceTemplate": "git-refs",
+        "datasourceTemplate": "github-refs",
         "depNameTemplate": "cert-manager",
         "packageNameTemplate": "https://github.com/cert-manager/cert-manager",
         "versioningTemplate": "semver-coerced"
@@ -166,9 +166,6 @@
         "transformTemplates": [
           "{\"releases\":[{\"version\": $$.(data[id = 'latest'].latest),\"sourceUrl\":\"https://github.com/rancher/rancher\",\"changelogUrl\":$join([\"https://github.com/rancher/rancher/releases/\",data[id = 'latest'].latest])}],\"sourceUrl\": \"https://github.com/rancher/rancher\",\"homepage\": \"https://ranchermanager.docs.rancher.com\"}"
         ]
-      },
-      "neuvector": {
-        "defaultRegistryUrlTemplate": "https://github.com/neuvector/neuvector-helm/releases/latest"
       }
     }
 }

From 027dea087d2017c59a9c2662fd688d17324ce430 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 18:29:50 +0100
Subject: [PATCH 146/365] update renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 149c7d01e..6d92cc580 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -98,7 +98,7 @@
         "datasourceTemplate": "github-refs",
         "depNameTemplate": "cert-manager",
         "packageNameTemplate": "https://github.com/cert-manager/cert-manager",
-        "versioningTemplate": "semver-coerced"
+        "versioningTemplate": "semver"
       },
       {
         "description": "Update Rancher helm charts version with customDatasource",

From cd835f8b50c50bdface560d0f8470060162155a5 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 18:33:16 +0100
Subject: [PATCH 147/365] update renovate

---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f4eabd0b..549feb465 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 ### Versions:
   - rke2 version: 1.26.11
-  - cert-manager version: 1.13.3
+  - cert-manager version: 1.13.0
   - rancher version: 2.8.0
   - longhorn version: 1.5.3
   - neuvector version: 2.6.6
diff --git a/README.md b/README.md
index a5b9c7a7c..4dc0ac3c2 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 <!-- Autogenerated -->
 **Ansible Collection Rkub 1.0.2 include:**
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
-  - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
+  - [Cert-manager 1.13.0](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 1457c6b0a..72dc0fc8a 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -2,7 +2,7 @@
 # Version products
 global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
-global_CERT_VERSION: "1.13.3"
+global_CERT_VERSION: "1.13.0"
 global_RANCHER_VERSION: "2.8.0"
 global_LONGHORN_VERSION: "1.5.3"
 global_NEU_VERSION: "2.6.6"

From 0e135d38d6d7f92d461e9b7968feb3c220d1464d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 18:57:01 +0100
Subject: [PATCH 148/365] update renovate

---
 .github/renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index 6d92cc580..be96e892d 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -95,7 +95,7 @@
           "  - cert-manager version: (?<currentValue>.*)\\n",
           "  - \\[Cert-manager (?<currentValue>[^\\]]+)\\]\\(https://cert-manager.io/docs/\\) - Certificate manager\\n"
         ],
-        "datasourceTemplate": "github-refs",
+        "datasourceTemplate": "git-tags",
         "depNameTemplate": "cert-manager",
         "packageNameTemplate": "https://github.com/cert-manager/cert-manager",
         "versioningTemplate": "semver"

From 8717e7b67c784f67974107769d4a793dafa3b749 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 19:10:59 +0100
Subject: [PATCH 149/365] update renovate

---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 549feb465..5f4eabd0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 ### Versions:
   - rke2 version: 1.26.11
-  - cert-manager version: 1.13.0
+  - cert-manager version: 1.13.3
   - rancher version: 2.8.0
   - longhorn version: 1.5.3
   - neuvector version: 2.6.6
diff --git a/README.md b/README.md
index 4dc0ac3c2..a5b9c7a7c 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 <!-- Autogenerated -->
 **Ansible Collection Rkub 1.0.2 include:**
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
-  - [Cert-manager 1.13.0](https://cert-manager.io/docs/) - Certificate manager
+  - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 72dc0fc8a..1457c6b0a 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -2,7 +2,7 @@
 # Version products
 global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
-global_CERT_VERSION: "1.13.0"
+global_CERT_VERSION: "1.13.3"
 global_RANCHER_VERSION: "2.8.0"
 global_LONGHORN_VERSION: "1.5.3"
 global_NEU_VERSION: "2.6.6"

From e4647db7fbc1407562ec43f48d04cf2ddbe0ec72 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 22:45:19 +0100
Subject: [PATCH 150/365] upload registry from docker

---
 roles/build_airgap_package/tasks/images.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/build_airgap_package/tasks/images.yml b/roles/build_airgap_package/tasks/images.yml
index daa72a094..625680f5c 100644
--- a/roles/build_airgap_package/tasks/images.yml
+++ b/roles/build_airgap_package/tasks/images.yml
@@ -110,7 +110,11 @@
     - "{{ directory_package }}/images/neuvector"
 
 - name: Upload registry image
-  ansible.builtin.get_url:
-    url: "https://github.com/clemenko/rke_airgap_install/raw/main/registry.tar"
-    dest: "{{ directory_package }}/images/registry/registry.tar"
-    mode: "0750"
\ No newline at end of file
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      if ( ! ls {{ directory_package }}/images/registry/registry.tar > /dev/null); then
+      skopeo copy --additional-tag registry:latest docker://registry:latest docker-archive:{{ directory_package }}/images/registry/registry.tar
+      fi;
+    executable: /bin/bash
+  changed_when: false

From 588ffd966c770f6ed750753ef0a76edd0792749b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 22:59:35 +0100
Subject: [PATCH 151/365] schedule renovate

---
 .github/renovate.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index be96e892d..c4338d965 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,5 +1,6 @@
 {
     "labels": ["dependencies"],
+    "schedule": ["after 9pm on sunday"],
     "ansible-galaxy": { "fileMatch": ["(^|/)(galaxy|requirements|ee-requirements)(\\.ansible)?\\.ya?ml$"] },
     "pre-commit": {
       "enabled": true,

From 8d76117f7c6b84f6d40206a6bb86a87b082b9dd5 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 24 Jan 2024 23:10:13 +0100
Subject: [PATCH 152/365] schedule renovate

---
 .github/renovate.json | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/renovate.json b/.github/renovate.json
index c4338d965..78ec3c297 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,6 +1,6 @@
 {
     "labels": ["dependencies"],
-    "schedule": ["after 9pm on sunday"],
+    "schedule": ["after 7am on saturday"],
     "ansible-galaxy": { "fileMatch": ["(^|/)(galaxy|requirements|ee-requirements)(\\.ansible)?\\.ya?ml$"] },
     "pre-commit": {
       "enabled": true,
@@ -11,14 +11,12 @@
         "matchManagers": ["dockerfile"],
         "matchPackagePatterns": ["ubi8"],
         "matchUpdateTypes": ["minor"],
-        "automerge": true,
-        "schedule": ["every weekend after 7am"]
+        "automerge": true
       },
       {
         "matchManagers": ["github-actions"],
         "matchUpdateTypes": ["minor"],
-        "automerge": true,
-        "schedule": ["every weekend after 7am"]
+        "automerge": true
       },
       {
         "matchPackagePatterns": ["rke2"],

From 8ad76e380ece59287639c39a3be994ce604afaca Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 25 Jan 2024 09:41:30 +0100
Subject: [PATCH 153/365] exec-env builder

---
 meta/execution-environment.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/meta/execution-environment.yml b/meta/execution-environment.yml
index d7af46040..d6879873b 100644
--- a/meta/execution-environment.yml
+++ b/meta/execution-environment.yml
@@ -5,13 +5,18 @@ dependencies:
   python: meta/ee-requirements.txt
   galaxy: meta/ee-requirements.yml
   system: meta/ee-bindeps.txt
-  # custom
-  #arkade: meta/ee-arkade.txt
-  #images: meta/ee-images.txt
+
+# Custom Dependencies
+additional_build_steps:
+  prepend: |
+    RUN pip3 install --upgrade pip setuptools
+  append:
+    - RUN $(MAKE) -C ./scripts/prerequis arkade
+    - RUN $(MAKE) -C ./scripts/prerequis images
 
 images:
   base_image:
     name: registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel8:latest
 
 # Check documentation:
-# https://docs.ansible.com/automation-controller/latest/html/userguide/ee_reference.html
\ No newline at end of file
+# https://docs.ansible.com/automation-controller/latest/html/userguide/ee_reference.html

From 818ab93a1a11611ce706b71a57d1019b4991c9d1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 28 Jan 2024 13:28:50 +0100
Subject: [PATCH 154/365] refactor workflows

---
 .github/workflows/ansible-builder.yml | 47 ---------------------------
 .github/workflows/build.yml           | 47 +++++++++++++++++++++++++++
 .github/workflows/release.yml         |  5 ++-
 .github/workflows/stage.yml           | 26 +++++++++++++++
 .gitignore                            |  1 +
 meta/execution-environment.yml        | 16 ++++++---
 6 files changed, 87 insertions(+), 55 deletions(-)
 delete mode 100644 .github/workflows/ansible-builder.yml
 create mode 100644 .github/workflows/stage.yml

diff --git a/.github/workflows/ansible-builder.yml b/.github/workflows/ansible-builder.yml
deleted file mode 100644
index ab2ce3aa0..000000000
--- a/.github/workflows/ansible-builder.yml
+++ /dev/null
@@ -1,47 +0,0 @@
----
-name: ansible-builder
-on:
-  workflow_dispatch:
-  
-  push:
-    paths:
-      - '.github/workflows/ansible-builder.yml'
-      - 'meta/execution-environment.yml'
-      - 'meta/ee-requirements.txt'
-      - 'meta/ee-requirements.yml'
-      - 'meta/ee-bindeps.txt'
-  pull_request:
-    paths:
-      - '.github/workflows/ansible-builder.yml'
-      - 'meta/execution-environment.yml'
-      - 'meta/ee-requirements.txt'
-      - 'meta/ee-requirements.yml'
-      - 'meta/ee-bindeps.txt'
-      
-env:
-  NAMESPACE: mozebaltyk
-  COLLECTION_NAME: rkub
-
-jobs:
-  builder:
-    name: ansible-builder requirements
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          show-progress: false
-          path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.11
-
-      - name: Install ansible-builder
-        run: pip install ansible-builder
-
-      # this is kind of a naive check, since we aren't comparing the output to anything to verify
-      # so the only we'll catch with this is an egregious error that causes builder to exit nonzero
-      - name: Verify Requirements
-        run: ansible-builder introspect --sanitize .
\ No newline at end of file
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index be875cb19..2f10a8bd3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: ["main"]
 
+env:
+  NAMESPACE: mozebaltyk
+  COLLECTION_NAME: rkub
+
 jobs:
   lint:
     name: Ansible Lint
@@ -28,3 +32,46 @@ jobs:
 
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
+
+  builder:
+    name: ansible-builder requirements
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+          path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.11
+
+      - name: Install ansible-builder
+        run: pip install ansible-builder
+
+      # this is kind of a naive check, since we aren't comparing the output to anything to verify
+      # so the only we'll catch with this is an egregious error that causes builder to exit nonzero
+      - name: Verify Requirements
+        run: ansible-builder introspect --sanitize .
+
+      #- name: Build EE container
+      #  run: ansible-builder build --tag test --container-runtime docker -f meta/execution-environment.yml
+
+#  build:
+#    name:
+#    runs-on: ubuntu-latest
+#
+#    steps:
+#      - name: Checkout files
+#        uses: actions/checkout@v2
+#
+#      - name: Build and push Docker images
+#        uses: docker/build-push-action@v1
+#        with:
+#          username: ${{ secrets.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+#          repository: mvkaran/openmct
+#          tag_with_ref: true
+#          tag_with_sha: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 778024bc7..84d1aa4f9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -55,9 +55,8 @@ jobs:
         with:
           ref: ${{ github.head_ref || github.ref_name }}
 
-      # This one is redondant with renovate
-      # but make sure that all versions
-      # are updated before to release!
+      # This one is redondant with renovate but make sure
+      # that all versions are updated before to release!
       - name: Update version in readme and changelog
         uses: ./.github/actions/update-version
 
diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
new file mode 100644
index 000000000..0ea8ac28a
--- /dev/null
+++ b/.github/workflows/stage.yml
@@ -0,0 +1,26 @@
+---
+name: Staging deployment
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    needs: build
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v2
+
+      - name: Get tag name
+        uses: olegtarasov/get-tag@v2
+
+      - name: Install doctl
+        uses: digitalocean/action-doctl@v2
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Provision Droplet and deploy container
+        run: doctl compute droplet create "$GIT_TAG_NAME" --image docker-18-04 --size s-1vcpu-1gb --region nyc1 --user-data-file deploy.sh --wait
diff --git a/.gitignore b/.gitignore
index a70ec6639..86c68202a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@ Chart.lock
 # loaded images
 **/roles/**/files/images/*
 images
+context
 # Galaxy artifacts.
 *.tar.gz
 *.zip
diff --git a/meta/execution-environment.yml b/meta/execution-environment.yml
index d6879873b..7a7ae6148 100644
--- a/meta/execution-environment.yml
+++ b/meta/execution-environment.yml
@@ -2,15 +2,15 @@
 version: 3
 
 dependencies:
-  python: meta/ee-requirements.txt
-  galaxy: meta/ee-requirements.yml
-  system: meta/ee-bindeps.txt
+  python: ee-requirements.txt
+  galaxy: ee-requirements.yml
+  system: ee-bindeps.txt
 
 # Custom Dependencies
 additional_build_steps:
-  prepend: |
+  prepend_final: |
     RUN pip3 install --upgrade pip setuptools
-  append:
+  append_final:
     - RUN $(MAKE) -C ./scripts/prerequis arkade
     - RUN $(MAKE) -C ./scripts/prerequis images
 
@@ -18,5 +18,11 @@ images:
   base_image:
     name: registry.redhat.io/ansible-automation-platform-24/ee-minimal-rhel8:latest
 
+options:
+  package_manager_path: /usr/bin/microdnf
+
 # Check documentation:
 # https://docs.ansible.com/automation-controller/latest/html/userguide/ee_reference.html
+
+# Run :
+# ansible-builder build --tag test --container-runtime podman -f meta/execution-environment.yml

From cbccaad9a0411cd24b1b3c68ccf7f4b15ade5f82 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 28 Jan 2024 13:30:01 +0100
Subject: [PATCH 155/365] readme

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a5b9c7a7c..5aa0491a8 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,8 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 
 1. Preparation steps:
 
-    * Clone this project on local machine which have an internet access.
+    * Clone the main branch of this project to a machine with an internet access:
+      `git clone -b main https://github.com/MozeBaltyk/Rkub.git`
 
     * Execute `make prerequis` to install all prerequisites defined in meta directory.
 

From 8b739f20fb9d57ccee2ee02d1773a8e9fb1f8234 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 29 Jan 2024 00:55:08 +0100
Subject: [PATCH 156/365] gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 86c68202a..6a0a57b34 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@ terraform.tfstate*
 .venv/
 *kubeconfig.yaml
 Chart.lock
+.key
 # Workstation
 .DS_Store
 .vscode

From 6f8f00c20ff3a0dd5027a8891345f61aa62f5479 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 30 Jan 2024 02:24:08 +0100
Subject: [PATCH 157/365] lint

---
 .github/workflows/stage.yml | 107 ++++++++++++++++++++++++++++++++-
 .gitignore                  |   2 +-
 test/main.tf                | 117 ++++++++++++++++++++++++++++++++++++
 test/variables.tf           |  26 ++++++++
 4 files changed, 248 insertions(+), 4 deletions(-)
 create mode 100644 test/main.tf
 create mode 100644 test/variables.tf

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 0ea8ac28a..81ed5afad 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -1,5 +1,5 @@
 ---
-name: Staging deployment
+name: Stage deployment
 
 on:
   workflow_dispatch:
@@ -22,5 +22,106 @@ jobs:
         with:
           token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 
-      - name: Provision Droplet and deploy container
-        run: doctl compute droplet create "$GIT_TAG_NAME" --image docker-18-04 --size s-1vcpu-1gb --region nyc1 --user-data-file deploy.sh --wait
+      - name: Terraform Init
+        id: init
+        run: |
+          cd test/
+          terraform init
+
+      - run: 'echo "$SSH_KEY" > .key'
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - run: chmod 400 .key
+
+      - name: Terraform private key
+        run: cp .key test/.key
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          cd test/
+          terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          cd test/
+          terraform plan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -no-color
+        continue-on-error: true
+        env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        run: |
+          cd test/
+          terraform apply -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -auto-approve
+        env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Set up Python
+        id: setup_python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install ansible pytest-testinfra
+
+      - name: Ansible Version check
+        run: ansible --version
+
+      - name: Create inventory hosts.ini
+        run: |
+          touch hosts.ini
+          echo "[RKE2_CONTROLLERS]" > hosts.ini
+          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_controllers --format "Public IPv4" --output text >> hosts.ini
+          echo "[RKE2_WORKERS]" >> hosts.ini
+          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_workers --format "Public IPv4" --output text >> hosts.ini
+          echo "[all:vars]" >> hosts.ini
+          echo "kubernetes_api_server_host=$(echo " " | head -1)" >> hosts.ini
+          echo "" >> ansible.cfg
+          echo "" >> ansible.cfg
+          echo "remote_user=root" >> ansible.cfg
+          echo "private_key_file=.key" >> ansible.cfg
+        env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
+      - name: Check hosts.ini and ansible.cfg
+        run: |
+          cat hosts.ini
+          cat ansible.cfg
+
+      - name: Run playbook
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+
+      - name: Run playbook again for idempotency
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+
+      - name: Run Ansible Tests
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root --verbose --skip-tags "troubleshooting" --private-key .key testing.yml
+
+      - name: Run Python Tests
+        run: |
+          export DEFAULT_PRIVATE_KEY_FILE=.key
+          pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
+          pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
+
+      - name: Delete Stack
+        if: ${{ always() }}
+        run: |
+          cd test/
+          terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}"
+          terraform apply terraform.tfplan
+        env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
diff --git a/.gitignore b/.gitignore
index 6a0a57b34..281fcbe8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,7 @@
 # tmp/state/secrets
 .*.swp
 .govmomi
-.terraform*
+*terraform*
 terraform.tfstate*
 .venv/
 *kubeconfig.yaml
diff --git a/test/main.tf b/test/main.tf
new file mode 100644
index 000000000..c32b1f096
--- /dev/null
+++ b/test/main.tf
@@ -0,0 +1,117 @@
+###
+### Provider part
+###
+terraform {
+  required_providers {
+    digitalocean = {
+      source = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+provider "digitalocean" {
+  token = var.do_token
+}
+
+data "digitalocean_ssh_key" "terraform" {
+  name = "terraform"
+}
+
+###
+### VPC
+###
+resource "digitalocean_vpc" "fra1-vpc-01" {
+  name     = "rkub-project-network"
+  region   = "fra1"
+  ip_range = "10.10.10.0/24"
+}
+
+###
+### Droplet INSTANCES
+###
+
+# Droplet Instance for RKE2 Cluster - Manager
+resource "digitalocean_droplet" "controllers" {
+    count = 1
+    image = var.do_system
+    name = "controller${count.index}"
+    region = "fra1"
+    size = var.do_instance_size
+    tags   = [
+      "rke2_ansible_test_on_${var.do_system}_${var.GITHUB_RUN_ID}_controllers",
+      ]
+    vpc_uuid = digitalocean_vpc.fra1-vpc-01.id
+    ssh_keys = [
+      data.digitalocean_ssh_key.terraform.id
+    ]
+
+  connection {
+    host = self.ipv4_address
+    user = "root"
+    type = "ssh"
+    private_key = file(pathexpand(".key"))
+    timeout = "2m"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "export PATH=$PATH:/usr/bin",
+      "cat /etc/os-release",
+    ]
+  }
+}
+
+output "ip_address_controllers" {
+  value = digitalocean_droplet.controllers[*].ipv4_address
+  description = "The public IP address of your rke2 controllers."
+}
+
+
+# Droplet Instance for RKE2 Cluster - Workers
+resource "digitalocean_droplet" "workers" {
+    count = 2
+    image = var.do_system
+    name = "worker${count.index}"
+    region = "fra1"
+    size = var.do_instance_size
+    tags   = [
+      "rke2_ansible_test_on_${var.do_system}_${var.GITHUB_RUN_ID}_workers",
+      ]
+    vpc_uuid = digitalocean_vpc.fra1-vpc-01.id
+    ssh_keys = [
+      data.digitalocean_ssh_key.terraform.id
+    ]
+
+  connection {
+    host = self.ipv4_address
+    user = "root"
+    type = "ssh"
+    private_key = file(pathexpand(".key"))
+    timeout = "2m"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "export PATH=$PATH:/usr/bin",
+      "cat /etc/os-release",
+    ]
+  }
+}
+
+output "ip_address_workers" {
+  value = digitalocean_droplet.workers[*].ipv4_address
+  description = "The public IP address of your rke2 workers."
+}
+
+###
+### Project
+###
+
+resource "digitalocean_project" "rkub" {
+  name        = "Rkub"
+  description = "A CI project to test the Rkub development from github."
+  purpose     = "Cluster k8s"
+  environment = "Staging"
+  resources = flatten([digitalocean_droplet.controllers.*.urn, digitalocean_droplet.workers.*.urn])
+}
diff --git a/test/variables.tf b/test/variables.tf
new file mode 100644
index 000000000..3f1b0ca8d
--- /dev/null
+++ b/test/variables.tf
@@ -0,0 +1,26 @@
+variable "do_token" {}
+
+### s-2vcpu-4gb
+variable "do_instance_size" {
+    type = string
+    description = "VM size"
+    default = "s-1vcpu-1gb"
+}
+
+variable "do_user" {
+  type    = string
+  description = "user created on droplet"
+  default = "terraform"
+}
+
+variable "do_system" {
+  type    = string
+  description = "os used for droplet"
+  default = "rockylinux-8-x64"
+}
+
+variable "GITHUB_RUN_ID" {
+  type    = string
+  description = "github run id"
+  default = "test"
+}

From c18f741e052a6b8c5ed38bca2a8ade328f2de855 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 30 Jan 2024 02:29:36 +0100
Subject: [PATCH 158/365] CI

---
 .github/workflows/stage.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 81ed5afad..f85726e68 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -6,8 +6,6 @@ on:
 
 jobs:
   deploy:
-    needs: build
-
     runs-on: ubuntu-latest
 
     steps:

From 9a2207ccb7a397e47ac98b61a4eb8d1d73b3c1f4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 30 Jan 2024 09:38:13 +0100
Subject: [PATCH 159/365] CI

---
 .github/workflows/stage.yml | 13 ++++++-------
 test/main.tf                |  2 +-
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index f85726e68..e2f8bcf5b 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -109,17 +109,16 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root --verbose --skip-tags "troubleshooting" --private-key .key testing.yml
 
-      - name: Run Python Tests
-        run: |
-          export DEFAULT_PRIVATE_KEY_FILE=.key
-          pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
-          pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
+      #- name: Run Python Tests
+      #  run: |
+      #    export DEFAULT_PRIVATE_KEY_FILE=.key
+      #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
+      #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
 
       - name: Delete Stack
         if: ${{ always() }}
         run: |
           cd test/
-          terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}"
-          terraform apply terraform.tfplan
+          terraform destroy -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}"
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
diff --git a/test/main.tf b/test/main.tf
index c32b1f096..e8d370b3e 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -109,7 +109,7 @@ output "ip_address_workers" {
 ###
 
 resource "digitalocean_project" "rkub" {
-  name        = "Rkub"
+  name        = "Rkub-${var.GITHUB_RUN_ID}"
   description = "A CI project to test the Rkub development from github."
   purpose     = "Cluster k8s"
   environment = "Staging"

From 403891fbb29695a4b551799297639a9dfb5675a0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 30 Jan 2024 22:49:36 +0100
Subject: [PATCH 160/365] CI

---
 .github/workflows/build.yml | 77 -------------------------------------
 .github/workflows/stage.yml | 20 ++++++----
 test/main.tf                |  6 +--
 3 files changed, 15 insertions(+), 88 deletions(-)
 delete mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
deleted file mode 100644
index 2f10a8bd3..000000000
--- a/.github/workflows/build.yml
+++ /dev/null
@@ -1,77 +0,0 @@
----
-name: Build
-on:
-  workflow_dispatch:
-
-  pull_request:
-    branches: ["main"]
-
-env:
-  NAMESPACE: mozebaltyk
-  COLLECTION_NAME: rkub
-
-jobs:
-  lint:
-    name: Ansible Lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Which branch?
-        shell: bash
-        run: |
-          echo "${{ github.head_ref || github.ref_name }}"
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref || github.ref_name }}
-
-      # step to install prerequis
-      - name: Install prerequis
-        shell: bash
-        run: |
-          make prerequis
-
-      - name: Run ansible-lint
-        uses: ansible/ansible-lint@main
-
-  builder:
-    name: ansible-builder requirements
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          show-progress: false
-          path: ansible_collections/${{ env.NAMESPACE }}/${{ env.COLLECTION_NAME }}
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.11
-
-      - name: Install ansible-builder
-        run: pip install ansible-builder
-
-      # this is kind of a naive check, since we aren't comparing the output to anything to verify
-      # so the only we'll catch with this is an egregious error that causes builder to exit nonzero
-      - name: Verify Requirements
-        run: ansible-builder introspect --sanitize .
-
-      #- name: Build EE container
-      #  run: ansible-builder build --tag test --container-runtime docker -f meta/execution-environment.yml
-
-#  build:
-#    name:
-#    runs-on: ubuntu-latest
-#
-#    steps:
-#      - name: Checkout files
-#        uses: actions/checkout@v2
-#
-#      - name: Build and push Docker images
-#        uses: docker/build-push-action@v1
-#        with:
-#          username: ${{ secrets.DOCKERHUB_USERNAME }}
-#          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-#          repository: mvkaran/openmct
-#          tag_with_ref: true
-#          tag_with_sha: true
diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e2f8bcf5b..b55c96fa6 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -97,17 +97,21 @@ jobs:
           cat hosts.ini
           cat ansible.cfg
 
-      - name: Run playbook
+      - name: Test if reachable
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+          ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -i hosts.ini -u root -vv --private-key .key
 
-      - name: Run playbook again for idempotency
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+      #- name: Run playbook
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
 
-      - name: Run Ansible Tests
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root --verbose --skip-tags "troubleshooting" --private-key .key testing.yml
+      #- name: Run playbook again for idempotency
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+
+      #- name: Run Ansible Tests
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root --verbose --skip-tags "troubleshooting" --private-key .key testing.yml
 
       #- name: Run Python Tests
       #  run: |
diff --git a/test/main.tf b/test/main.tf
index e8d370b3e..35ce97895 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -21,7 +21,7 @@ data "digitalocean_ssh_key" "terraform" {
 ###
 ### VPC
 ###
-resource "digitalocean_vpc" "fra1-vpc-01" {
+resource "digitalocean_vpc" "rkub-project-network" {
   name     = "rkub-project-network"
   region   = "fra1"
   ip_range = "10.10.10.0/24"
@@ -41,7 +41,7 @@ resource "digitalocean_droplet" "controllers" {
     tags   = [
       "rke2_ansible_test_on_${var.do_system}_${var.GITHUB_RUN_ID}_controllers",
       ]
-    vpc_uuid = digitalocean_vpc.fra1-vpc-01.id
+    vpc_uuid = digitalocean_vpc.rkub-project-network.id
     ssh_keys = [
       data.digitalocean_ssh_key.terraform.id
     ]
@@ -78,7 +78,7 @@ resource "digitalocean_droplet" "workers" {
     tags   = [
       "rke2_ansible_test_on_${var.do_system}_${var.GITHUB_RUN_ID}_workers",
       ]
-    vpc_uuid = digitalocean_vpc.fra1-vpc-01.id
+    vpc_uuid = digitalocean_vpc.rkub-project-network.id
     ssh_keys = [
       data.digitalocean_ssh_key.terraform.id
     ]

From a3408d4d1c3cc339e2510e1d54abbd434c494283 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 30 Jan 2024 23:07:08 +0100
Subject: [PATCH 161/365] CI

---
 .github/workflows/stage.yml | 2 +-
 README.md                   | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index b55c96fa6..3087d3573 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -123,6 +123,6 @@ jobs:
         if: ${{ always() }}
         run: |
           cd test/
-          terraform destroy -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}"
+          terraform destroy -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -auto-approve
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
diff --git a/README.md b/README.md
index 5aa0491a8..217daaec9 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <h1 style="text-align: center;"><code> Ansible Collection - Rkub  </code></h1>
 
-Ansible Collection to deploy a rancher RKE2 cluster in airgap mode.
+Ansible Collection to deploy a RKE2 cluster in airgap mode with Rancher, Longhorn and Neuvector.
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
@@ -70,6 +70,7 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
     * Complete directory inside `./plugins/inventory/hosts.yml`.
 
 2. Build your package by running (works on Debian-like and Redhat-like):
+
 ```sh
 ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory
 -e dir_build="$HOME/rkub"                          # Directory where to upload everything (count 30G)
@@ -78,6 +79,7 @@ ansible-playbook playbooks/tasks/build.yml         # All arguments below are not
 ```
 
 3. Push your package to first controler:
+
 ```sh
 ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not mandatory
 -e package_path=/home/me/rke2_rancher_longhorn.zst # Will be prompt if not given in the command
@@ -86,6 +88,7 @@ ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not
 ```
 
 4. Start installation:
+
 ```sh
 ansible-playbook playbooks/tasks/install.yml       # All arguments below are not mandatory
 -e dir_target=/opt                                 # Dir on first master where to find package unarchive by previous task (by default /opt, count 50G available)
@@ -95,6 +98,7 @@ ansible-playbook playbooks/tasks/install.yml       # All arguments below are not
 ```
 
 5. Deploy Rancher:
+
 ```sh
 ansible-playbook playbooks/tasks/rancher.yml       # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
@@ -104,6 +108,7 @@ ansible-playbook playbooks/tasks/rancher.yml       # All arguments below are not
 ```
 
 6. Deploy Longhorn:
+
 ```sh
 ansible-playbook playbooks/tasks/longhorn.yml      # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
@@ -114,6 +119,7 @@ ansible-playbook playbooks/tasks/longhorn.yml      # All arguments below are not
 ```
 
 7. Deploy Neuvector
+
 ```sh
 ansible-playbook playbooks/tasks/neuvector.yml     # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub

From 1173a33f9ea2d080f9addb93683184c466d4e1a2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 30 Jan 2024 23:29:12 +0100
Subject: [PATCH 162/365] doc CI

---
 test/README.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 test/README.md

diff --git a/test/README.md b/test/README.md
new file mode 100644
index 000000000..e612f7a3d
--- /dev/null
+++ b/test/README.md
@@ -0,0 +1,27 @@
+
+## Prerequis
+
+On Digital Ocean account:
+- generate a PAT (private access token)
+- a set of SSH key
+
+Add inside ./test a file .key with the private ssh key generate by DO.
+
+```bash
+export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+# Create 3 VMs
+terraform init
+terraform plan -out=terraform.tfplan -var "do_token=${DO_PAT}"
+terraform apply terraform.tfplan
+
+# auto-approve
+terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
+
+# connect to a worker
+ssh root@$(terraform output -json ip_address_workers | jq -r '.[0]') -i .key
+
+# Destroy
+terraform plan -destroy -out=terraform.tfplan -var "do_token=${DO_PAT}"
+terraform apply terraform.tfplan
+```

From 213e718eb13e0eb5c436df423ab50832117dd437 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 31 Jan 2024 09:26:29 +0100
Subject: [PATCH 163/365] lint

---
 .github/workflows/stage.yml | 28 ++++++++++++++++++++++++++--
 test/README.md              |  5 +++++
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 3087d3573..2d6386196 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -5,6 +5,30 @@ on:
   workflow_dispatch:
 
 jobs:
+  test1:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v2
+
+      - name: Check GITHUB ID
+        id: plan
+        run: |
+          echo "GITHUB_RUN_ID=$GITHUB_RUN_ID"
+
+  test2:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v2
+
+      - name: Check GITHUB ID
+        id: plan
+        run: |
+          echo "GITHUB_RUN_ID=$GITHUB_RUN_ID"
+
   deploy:
     runs-on: ubuntu-latest
 
@@ -103,11 +127,11 @@ jobs:
 
       #- name: Run playbook
       #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key playbooks/tasks/install.yml
 
       #- name: Run playbook again for idempotency
       #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key site.yml
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key playbooks/tasks/rancher.yml
 
       #- name: Run Ansible Tests
       #  run: |
diff --git a/test/README.md b/test/README.md
index e612f7a3d..865e72e12 100644
--- a/test/README.md
+++ b/test/README.md
@@ -1,3 +1,8 @@
+## Description
+
+This terraform and tests are part of CI with github-actions. But here a small procedure to use it manually.
+
+The puropse of this CI is to test the integration between RKE2, longhorn, rancher and neuvector.
 
 ## Prerequis
 

From 75d87ee8f214f1c094d8b6f94f08e6bab2677edd Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 31 Jan 2024 09:32:24 +0100
Subject: [PATCH 164/365] CI

---
 .github/workflows/stage.yml | 43 ++++++++++++++++---------------------
 1 file changed, 19 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 2d6386196..7ad750ccc 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -5,30 +5,6 @@ on:
   workflow_dispatch:
 
 jobs:
-  test1:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout files
-        uses: actions/checkout@v2
-
-      - name: Check GITHUB ID
-        id: plan
-        run: |
-          echo "GITHUB_RUN_ID=$GITHUB_RUN_ID"
-
-  test2:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout files
-        uses: actions/checkout@v2
-
-      - name: Check GITHUB ID
-        id: plan
-        run: |
-          echo "GITHUB_RUN_ID=$GITHUB_RUN_ID"
-
   deploy:
     runs-on: ubuntu-latest
 
@@ -86,6 +62,18 @@ jobs:
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 
+  reach:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v2
+
+      - name: Check GITHUB ID
+        id: plan
+        run: |
+          echo "GITHUB_RUN_ID=$GITHUB_RUN_ID"
+
       - name: Set up Python
         id: setup_python
         uses: actions/setup-python@v2
@@ -143,6 +131,13 @@ jobs:
       #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
       #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
 
+  cleanup:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v2
+
       - name: Delete Stack
         if: ${{ always() }}
         run: |

From 3dac9ce4eab8d44707cf5b630f1bf5897baba458 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 31 Jan 2024 09:36:12 +0100
Subject: [PATCH 165/365] CI

---
 .github/workflows/stage.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 7ad750ccc..e9ce3bb65 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -6,6 +6,7 @@ on:
 
 jobs:
   deploy:
+    name: Deploy
     runs-on: ubuntu-latest
 
     steps:
@@ -62,8 +63,10 @@ jobs:
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 
-  reach:
+  reachable:
+    name: Reachable
     runs-on: ubuntu-latest
+    needs: Deploy
 
     steps:
       - name: Checkout files
@@ -132,7 +135,9 @@ jobs:
       #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
 
   cleanup:
+    name: Cleanup
     runs-on: ubuntu-latest
+    needs: Reachable
 
     steps:
       - name: Checkout files

From c62f540686f45880a50a570aa280f432768a101d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 31 Jan 2024 09:48:36 +0100
Subject: [PATCH 166/365] CI

---
 .github/workflows/stage.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e9ce3bb65..dec242789 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -13,14 +13,6 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v2
 
-      - name: Get tag name
-        uses: olegtarasov/get-tag@v2
-
-      - name: Install doctl
-        uses: digitalocean/action-doctl@v2
-        with:
-          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-
       - name: Terraform Init
         id: init
         run: |
@@ -72,6 +64,14 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v2
 
+      - name: Get tag name
+        uses: olegtarasov/get-tag@v2
+
+      - name: Install doctl
+        uses: digitalocean/action-doctl@v2
+        with:
+          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+
       - name: Check GITHUB ID
         id: plan
         run: |

From 201d2c5623494d5112637fcdfbb18eec5019a56a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 01:08:11 +0100
Subject: [PATCH 167/365] review staging

---
 .github/workflows/stage.yml | 42 ++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index dec242789..1947b9a85 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -9,36 +9,45 @@ jobs:
     name: Deploy
     runs-on: ubuntu-latest
 
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
     steps:
       - name: Checkout files
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform fmt
+        id: fmt
+        run: terraform fmt -check
+        continue-on-error: true
 
       - name: Terraform Init
         id: init
-        run: |
-          cd test/
-          terraform init
+        run: terraform init
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
 
-      - run: 'echo "$SSH_KEY" > .key'
+      - name: Get key
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
         shell: bash
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
-      - run: chmod 400 .key
-
-      - name: Terraform private key
-        run: cp .key test/.key
-
-      - name: Terraform Validate
-        id: validate
-        run: |
-          cd test/
-          terraform validate -no-color
+      #- name: Terraform private key
+      #  run: cp .key test/.key
 
       - name: Terraform Plan
         id: plan
         run: |
-          cd test/
           terraform plan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -no-color
         continue-on-error: true
         env:
@@ -50,7 +59,6 @@ jobs:
 
       - name: Terraform Apply
         run: |
-          cd test/
           terraform apply -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -auto-approve
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

From 2db9b6d6a4cbabae58fa650a551d654ea0d51d52 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 01:09:58 +0100
Subject: [PATCH 168/365] review staging

---
 .github/workflows/stage.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 1947b9a85..0a1e2f415 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -70,10 +70,10 @@ jobs:
 
     steps:
       - name: Checkout files
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
-      - name: Get tag name
-        uses: olegtarasov/get-tag@v2
+      #- name: Get tag name
+      #  uses: olegtarasov/get-tag@v2
 
       - name: Install doctl
         uses: digitalocean/action-doctl@v2

From e8777944a364fe149f5796835718df879d90160c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 01:10:55 +0100
Subject: [PATCH 169/365] review staging

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 0a1e2f415..17c399da2 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -149,7 +149,7 @@ jobs:
 
     steps:
       - name: Checkout files
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Delete Stack
         if: ${{ always() }}

From 3e604fce1a960243f77220df3a483e58085dc79f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 01:14:42 +0100
Subject: [PATCH 170/365] review staging

---
 .github/workflows/stage.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 17c399da2..8e64ed92a 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -30,10 +30,6 @@ jobs:
         id: init
         run: terraform init
 
-      - name: Terraform Validate
-        id: validate
-        run: terraform validate -no-color
-
       - name: Get key
         run: |
           echo "$SSH_KEY" > .key
@@ -45,6 +41,10 @@ jobs:
       #- name: Terraform private key
       #  run: cp .key test/.key
 
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+
       - name: Terraform Plan
         id: plan
         run: |

From 154abbb36a4d5b57b80259489e852d2eb1628ed9 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 01:24:00 +0100
Subject: [PATCH 171/365] review staging

---
 .github/workflows/stage.yml | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 8e64ed92a..48a9d7a9a 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -38,9 +38,6 @@ jobs:
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
-      #- name: Terraform private key
-      #  run: cp .key test/.key
-
       - name: Terraform Validate
         id: validate
         run: terraform validate -no-color
@@ -68,6 +65,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: Deploy
 
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
     steps:
       - name: Checkout files
         uses: actions/checkout@v4
@@ -99,6 +101,14 @@ jobs:
       - name: Ansible Version check
         run: ansible --version
 
+      - name: Get key
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
       - name: Create inventory hosts.ini
         run: |
           touch hosts.ini
@@ -147,6 +157,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: Reachable
 
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
     steps:
       - name: Checkout files
         uses: actions/checkout@v4
@@ -154,7 +169,6 @@ jobs:
       - name: Delete Stack
         if: ${{ always() }}
         run: |
-          cd test/
           terraform destroy -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -auto-approve
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

From 5c9a3d935156574204a42c8d12f0f87ddc16b70c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 01:46:14 +0100
Subject: [PATCH 172/365] review staging

---
 .github/workflows/stage.yml | 11 ++++-------
 test/ansible.cfg            |  7 +++++++
 2 files changed, 11 insertions(+), 7 deletions(-)
 create mode 100644 test/ansible.cfg

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 48a9d7a9a..6bfe8fca0 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -89,17 +89,15 @@ jobs:
 
       - name: Set up Python
         id: setup_python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.9
+          python-version: 3.10
 
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip3 install ansible pytest-testinfra
-
-      - name: Ansible Version check
-        run: ansible --version
+          ansible --version
 
       - name: Get key
         run: |
@@ -118,8 +116,6 @@ jobs:
           doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_workers --format "Public IPv4" --output text >> hosts.ini
           echo "[all:vars]" >> hosts.ini
           echo "kubernetes_api_server_host=$(echo " " | head -1)" >> hosts.ini
-          echo "" >> ansible.cfg
-          echo "" >> ansible.cfg
           echo "remote_user=root" >> ansible.cfg
           echo "private_key_file=.key" >> ansible.cfg
         env:
@@ -156,6 +152,7 @@ jobs:
     name: Cleanup
     runs-on: ubuntu-latest
     needs: Reachable
+    if: always()
 
     defaults:
       run:
diff --git a/test/ansible.cfg b/test/ansible.cfg
new file mode 100644
index 000000000..a9f6d3ca5
--- /dev/null
+++ b/test/ansible.cfg
@@ -0,0 +1,7 @@
+[defaults]
+inventory =  hosts.ini
+roles_path = ../roles
+host_key_checking = False
+display_skipped_hosts = false
+force_color       = True
+stdout_callback   = yaml

From 8a98ae3e19b9d16f47106b420a063a10aa7a9218 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 02:04:04 +0100
Subject: [PATCH 173/365] review staging

---
 .github/workflows/stage.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 6bfe8fca0..4160128da 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -91,7 +91,7 @@ jobs:
         id: setup_python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.10
+          python-version: 3.9
 
       - name: Install dependencies
         run: |
@@ -163,6 +163,10 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
+      - name: Terraform Init
+        id: init
+        run: terraform init
+
       - name: Delete Stack
         if: ${{ always() }}
         run: |

From 6c1f57a6eb39f510ab308790c00db58458134b57 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 1 Feb 2024 02:13:14 +0100
Subject: [PATCH 174/365] review staging

---
 .github/workflows/stage.yml             | 8 ++++++++
 test/{variables.tf => variables.tfvars} | 0
 2 files changed, 8 insertions(+)
 rename test/{variables.tf => variables.tfvars} (100%)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 4160128da..34543f47c 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -163,6 +163,14 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
+      - name: Get key
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
       - name: Terraform Init
         id: init
         run: terraform init
diff --git a/test/variables.tf b/test/variables.tfvars
similarity index 100%
rename from test/variables.tf
rename to test/variables.tfvars

From 2b0cbe2562d6284250fde5fb83ccaa3339a4b9e4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 10:17:11 +0100
Subject: [PATCH 175/365] Update dependency longhorn to v1.6.0 (#25)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f4eabd0b..33c8a2824 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,7 @@
   - rke2 version: 1.26.11
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0
-  - longhorn version: 1.5.3
+  - longhorn version: 1.6.0
   - neuvector version: 2.6.6
 <!-- End Release -->
 
diff --git a/README.md b/README.md
index 217daaec9..e2f494a07 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
-  - [Longhorn 1.5.3](https://longhorn.io) - Unified storage layer
+  - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 1457c6b0a..d67cf03a6 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -4,7 +4,7 @@ global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
 global_CERT_VERSION: "1.13.3"
 global_RANCHER_VERSION: "2.8.0"
-global_LONGHORN_VERSION: "1.5.3"
+global_LONGHORN_VERSION: "1.6.0"
 global_NEU_VERSION: "2.6.6"
 
 # extras RPM

From e6898558b3921ec31f350afa831c68b7fb44d8c8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 10:18:25 +0100
Subject: [PATCH 176/365] Update dependency neuvector to v2.7.2 (#24)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 33c8a2824..a6c87950b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,7 +8,7 @@
   - cert-manager version: 1.13.3
   - rancher version: 2.8.0
   - longhorn version: 1.6.0
-  - neuvector version: 2.6.6
+  - neuvector version: 2.7.2
 <!-- End Release -->
 
 <!-- Features -->
diff --git a/README.md b/README.md
index e2f494a07..57b34274f 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
   - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
-  - [Neuvector 2.6.6](https://neuvector.com/) - Kubernetes Security Platform
+  - [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
 This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index d67cf03a6..dbe48ee1c 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -5,7 +5,7 @@ global_helm_version: "3.11.3"
 global_CERT_VERSION: "1.13.3"
 global_RANCHER_VERSION: "2.8.0"
 global_LONGHORN_VERSION: "1.6.0"
-global_NEU_VERSION: "2.6.6"
+global_NEU_VERSION: "2.7.2"
 
 # extras RPM
 global_rke2_common_repo_version: "v{{ rke2_version }}%2Brke2r1"           #.stable.0

From 24de18868632276623869b728c61cc3ac6a70f20 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 10:18:47 +0100
Subject: [PATCH 177/365] Update dependency cert-manager to v1.14.1 (#20)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a6c87950b..9beb3a589 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 
 ### Versions:
   - rke2 version: 1.26.11
-  - cert-manager version: 1.13.3
+  - cert-manager version: 1.14.1
   - rancher version: 2.8.0
   - longhorn version: 1.6.0
   - neuvector version: 2.7.2
diff --git a/README.md b/README.md
index 57b34274f..09bc3accf 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 <!-- Autogenerated -->
 **Ansible Collection Rkub 1.0.2 include:**
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
-  - [Cert-manager 1.13.3](https://cert-manager.io/docs/) - Certificate manager
+  - [Cert-manager 1.14.1](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index dbe48ee1c..dc40c7bb8 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -2,7 +2,7 @@
 # Version products
 global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
-global_CERT_VERSION: "1.13.3"
+global_CERT_VERSION: "1.14.1"
 global_RANCHER_VERSION: "2.8.0"
 global_LONGHORN_VERSION: "1.6.0"
 global_NEU_VERSION: "2.7.2"

From fb44c731962b74af7698c907169630119d3aab18 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 10:19:15 +0100
Subject: [PATCH 178/365] Update dependency rancher to v2.8.1 (#18)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9beb3a589..1ed9ec43d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,7 +6,7 @@
 ### Versions:
   - rke2 version: 1.26.11
   - cert-manager version: 1.14.1
-  - rancher version: 2.8.0
+  - rancher version: 2.8.1
   - longhorn version: 1.6.0
   - neuvector version: 2.7.2
 <!-- End Release -->
diff --git a/README.md b/README.md
index 09bc3accf..e4bed4aee 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 **Ansible Collection Rkub 1.0.2 include:**
   - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.14.1](https://cert-manager.io/docs/) - Certificate manager
-  - [Rancher 2.8.0](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
+  - [Rancher 2.8.1](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
   - [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index dc40c7bb8..db315d779 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -3,7 +3,7 @@
 global_rke2_version: "1.26.11"
 global_helm_version: "3.11.3"
 global_CERT_VERSION: "1.14.1"
-global_RANCHER_VERSION: "2.8.0"
+global_RANCHER_VERSION: "2.8.1"
 global_LONGHORN_VERSION: "1.6.0"
 global_NEU_VERSION: "2.7.2"
 

From e198c2472f7cb1605389d3b2425e041e9ae7f2a4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 10:19:31 +0100
Subject: [PATCH 179/365] Update dependency helm to v3.14.0 (#17)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 playbooks/vars/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index db315d779..d420a1aa2 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -1,7 +1,7 @@
 ---
 # Version products
 global_rke2_version: "1.26.11"
-global_helm_version: "3.11.3"
+global_helm_version: "3.14.0"
 global_CERT_VERSION: "1.14.1"
 global_RANCHER_VERSION: "2.8.1"
 global_LONGHORN_VERSION: "1.6.0"

From 916e2a8a0d55558a8dc58950ba303fb806e43d0c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 8 Feb 2024 10:20:22 +0100
Subject: [PATCH 180/365] Update dependency rke2 to v1.27.10 (#15)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 CHANGELOG.md            | 2 +-
 README.md               | 2 +-
 playbooks/vars/main.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1ed9ec43d..a73f6329c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@
 ## 1.0.3 (2024-01-24)
 
 ### Versions:
-  - rke2 version: 1.26.11
+  - rke2 version: 1.27.10
   - cert-manager version: 1.14.1
   - rancher version: 2.8.1
   - longhorn version: 1.6.0
diff --git a/README.md b/README.md
index e4bed4aee..11220b939 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Ansible collection met to install in airgap environnement RKE2 (one controler an
 
 <!-- Autogenerated -->
 **Ansible Collection Rkub 1.0.2 include:**
-  - [RKE2 1.26.11](https://docs.rke2.io) - Security focused Kubernetes
+  - [RKE2 1.27.10](https://docs.rke2.io) - Security focused Kubernetes
   - [Cert-manager 1.14.1](https://cert-manager.io/docs/) - Certificate manager
   - [Rancher 2.8.1](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
   - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index d420a1aa2..931831baf 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -1,6 +1,6 @@
 ---
 # Version products
-global_rke2_version: "1.26.11"
+global_rke2_version: "1.27.10"
 global_helm_version: "3.14.0"
 global_CERT_VERSION: "1.14.1"
 global_RANCHER_VERSION: "2.8.1"

From b076471a3a7dd06fe1ecea004ee04f9af2270b3c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 10 Feb 2024 12:22:23 +0100
Subject: [PATCH 181/365] more options for longhorn

---
 roles/deploy_longhorn/defaults/main.yml | 3 ++-
 roles/deploy_longhorn/tasks/deploy.yml  | 5 ++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/deploy_longhorn/defaults/main.yml b/roles/deploy_longhorn/defaults/main.yml
index 3952b0db0..83783a3b3 100644
--- a/roles/deploy_longhorn/defaults/main.yml
+++ b/roles/deploy_longhorn/defaults/main.yml
@@ -6,9 +6,10 @@ longhorn_servicename: "longhorn"
 longhorn_domain: "{{ global_domain }}"
 longhorn_url: "{{ longhorn_servicename }}.{{ longhorn_domain }}"
 longhorn_datapath: "{{ global_longhorn_datapath }}"
+longhorn_replica: "{{ global_longhorn_replica }}"
 
 # General
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
 mount_path: "{{ global_directory_mount }}"
-mount_helm_path: "{{ mount_path }}/helm"
\ No newline at end of file
+mount_helm_path: "{{ mount_path }}/helm"
diff --git a/roles/deploy_longhorn/tasks/deploy.yml b/roles/deploy_longhorn/tasks/deploy.yml
index 10dcac8eb..b04b2ff1c 100644
--- a/roles/deploy_longhorn/tasks/deploy.yml
+++ b/roles/deploy_longhorn/tasks/deploy.yml
@@ -22,4 +22,7 @@
             host: "{{ longhorn_url }}"
           defaultSettings:
             defaultDataPath: "{{ longhorn_datapath }}"
-        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
+            nodeDownPodDeletionPolicy: delete-both-statefulset-and-deployment-pod
+          persistence:
+            defaultClassReplicaCount: "{{ longhorn_replica }}"
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"

From 81894056b65fe7844158fa917efa3feb33f41329 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 10 Feb 2024 23:49:32 +0100
Subject: [PATCH 182/365] improve order and news options

---
 playbooks/vars/main.yml                       | 17 ++++--
 roles/install_rke2_common/defaults/main.yml   |  8 ++-
 roles/install_rke2_common/tasks/install.yml   | 52 ++++++++++++++++++-
 roles/install_rke2_common/tasks/rhel.yml      | 28 +---------
 .../install_rke2_controller/defaults/main.yml |  8 +++
 .../templates/new-config.yaml.j2              | 51 ++++++++++++++++++
 roles/install_rke2_worker/defaults/main.yml   |  8 ++-
 .../templates/new-config.yaml.j2              | 18 +++++++
 8 files changed, 155 insertions(+), 35 deletions(-)
 create mode 100644 roles/install_rke2_controller/templates/new-config.yaml.j2
 create mode 100644 roles/install_rke2_worker/templates/new-config.yaml.j2

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 931831baf..cf3ff8e0b 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -1,6 +1,7 @@
 ---
 # Version products
 global_rke2_version: "1.27.10"
+global_kubevip_version: "0.7.0"
 global_helm_version: "3.14.0"
 global_CERT_VERSION: "1.14.1"
 global_RANCHER_VERSION: "2.8.1"
@@ -25,18 +26,24 @@ global_path_to_package_zst: "{{ global_directory_package_build }}/../{{ global_p
 global_directory_package_target: "{{ dir_target | default('/opt') }}"
 global_directory_mount: "{{ dir_mount | default('/mnt/rkub') }}"
 
-# Options RKE2
+# Options General
 global_master_ip: "{{ master_ip | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address']) }}"
 global_domain:    "{{ domain | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_domain']) }}"
 
-# Options - Not used yet
-global_data_dir:  "/rke2"
-global_cluster_cidr: "10.42.0.0/16" #Default Value
-global_service_cidr: "10.43.0.0/16" #Default Value
+# Options RKE2 - Not used yet
+global_rke2_data_dir: "{{ data_dir | default('/var/lib/rancher/rke2') }}"
+global_rke2_ha_mode: true
+global_rke2_api_ip: "{{ vip | default(global_master_ip) }}"
+global_rke2_cluster_cidr: "10.42.0.0/16" #Default Value
+global_rke2_service_cidr: "10.43.0.0/16" #Default Value
+global_rke2_cni: "canal"
+global_rke2_profile_activated: "{{ profile_cis | default('false') }}"
+global_rke2_disable: "{{ disable | default(omit) }}" # Valid items to not deploy: rke2-canal, rke2-coredns, rke2-ingress-nginx, rke2-metrics-server
 
 # Longhorn
 default_longhorn_datapath: "{{ global_directory_package_target }}/longhorn"
 global_longhorn_datapath: "{{ datapath | default(default_longhorn_datapath) }}"
+global_longhorn_replica: 2
 
 # Rancher
 global_rancher_password: "{{ password | default('BootStrapAllTheThings') }}"
diff --git a/roles/install_rke2_common/defaults/main.yml b/roles/install_rke2_common/defaults/main.yml
index f13db545b..fa46e3abb 100644
--- a/roles/install_rke2_common/defaults/main.yml
+++ b/roles/install_rke2_common/defaults/main.yml
@@ -1,3 +1,9 @@
 ---
 # defaults file for install_common
-admin_user: "{{ global_install_user }}"
\ No newline at end of file
+
+# Mount share
+mount_path: "{{ global_directory_mount }}"
+
+# RKE2
+admin_user: "{{ global_install_user }}"
+rke2_data_dir: "{{ global_rke2_data_dir }}"
diff --git a/roles/install_rke2_common/tasks/install.yml b/roles/install_rke2_common/tasks/install.yml
index 88f248721..c66fc48eb 100644
--- a/roles/install_rke2_common/tasks/install.yml
+++ b/roles/install_rke2_common/tasks/install.yml
@@ -1,4 +1,5 @@
 ---
+# Prerequisites
 - name: Ensure admin_user exist
   ansible.builtin.user:
     name: "{{ admin_user }}"
@@ -18,6 +19,7 @@
     - policycoreutils-python-utils
     - cryptsetup
   when:
+    - ansible_pkg_mgr == 'dnf'
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
 
@@ -26,4 +28,52 @@
     src: rke2.conf
     dest: /etc/sysctl.d/rke2.conf
     mode: '0600'
-  notify: Restart systemd-sysctl
\ No newline at end of file
+  notify: Restart systemd-sysctl
+
+# Prepare Dir
+- name: Ensure data_dir exists
+  ansible.builtin.file:
+    path: "{{ rke2_data_dir }}"
+    state: directory
+    mode: "0640"
+
+- name: Ensure dir /var/lib/rancher exists
+  ansible.builtin.file:
+    path: "/var/lib/rancher"
+    state: directory
+    mode: "0640"
+
+- name: Create Symlink between rke2_data_dir and /var/lib/rancher/rke2
+  ansible.builtin.file:
+    src: "{{ rke2_data_dir }}"
+    dest: /var/lib/rancher/rke2
+    state: link
+  when: rke2_data_dir != "/var/lib/rancher/rke2"
+
+# NetworkManager config
+- name: Specific config for NetworkManager
+  become: true
+  when:
+    - ansible_facts['services']['NetworkManager.service'] is defined
+  block:
+    - name: Configure NetworkManager for RKE2 and Canal
+      ansible.builtin.copy:
+        content: |
+          [keyfile]
+          unmanaged-devices=interface-name:cali*;interface-name:flannel*
+        dest: /etc/NetworkManager/conf.d/rke2-canal.conf
+        mode: '0600'
+
+    - name: Set rke2-canal.conf file permissions
+      ansible.builtin.file:
+        path: /etc/NetworkManager/conf.d/rke2-canal.conf
+        mode: '0600'
+        owner: root
+        group: root
+
+    - name: Reload NetworkManager
+      ansible.builtin.systemd:
+        name: NetworkManager
+        state: reloaded
+      when:
+        - ansible_facts['services']['NetworkManager.service']['state'] == "running"
diff --git a/roles/install_rke2_common/tasks/rhel.yml b/roles/install_rke2_common/tasks/rhel.yml
index de35bfb41..5e98965cb 100644
--- a/roles/install_rke2_common/tasks/rhel.yml
+++ b/roles/install_rke2_common/tasks/rhel.yml
@@ -25,32 +25,6 @@
         enabled: false
       when: ansible_facts['services']['nm-cloud-setup.service'] is defined
 
-    # Networker config
-    - name: Configure NetworkManager for RKE2 and Canal
-      ansible.builtin.copy:
-        content: |
-          [keyfile]
-          unmanaged-devices=interface-name:cali*;interface-name:flannel*
-        dest: /etc/NetworkManager/conf.d/rke2-canal.conf
-        mode: '0600'
-      when: ansible_facts['services']['NetworkManager.service'] is defined
-
-    - name: Set rke2-canal.conf file permissions
-      ansible.builtin.file:
-        path: /etc/NetworkManager/conf.d/rke2-canal.conf
-        mode: '0600'
-        owner: root
-        group: root
-      when: ansible_facts['services']['NetworkManager.service'] is defined
-
-    - name: Reload NetworkManager
-      ansible.builtin.systemd:
-        name: NetworkManager
-        state: reloaded
-      when:
-        - ansible_facts['services']['NetworkManager.service'] is defined
-        - ansible_facts['services']['NetworkManager.service']['state'] == "running"
-
 # For RHEL 7 as root
 - name: Specific actions to be done on RHEL 7
   become: true
@@ -60,4 +34,4 @@
   block:
     - name: Display message
       ansible.builtin.debug:
-        msg: "Specific actions regarding servers in RHEL 7"
\ No newline at end of file
+        msg: "Specific actions regarding servers in RHEL 7"
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index beae1d20b..e7750308a 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -15,6 +15,14 @@ mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_v
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
 
+# Controller options
+rke2_data_dir: "{{ global_rke2_data_dir }}"
+rke2_cluster_cidr: "{{ global_rke2_cluster_cidr }}"
+rke2_service_cidr: "{{ global_rke2_service_cidr }}"
+rke2_cni: "{{ global_rke2_cni }}"
+rke2_profile_activated: "{{ global_rke2_profile_activated }}"
+rke2_api_ip: "{{ global_rke2_api_ip }}"
+
 # Firewall rules
 controller_firewalld_rules:
   inbound:
diff --git a/roles/install_rke2_controller/templates/new-config.yaml.j2 b/roles/install_rke2_controller/templates/new-config.yaml.j2
new file mode 100644
index 000000000..13ceb0a74
--- /dev/null
+++ b/roles/install_rke2_controller/templates/new-config.yaml.j2
@@ -0,0 +1,51 @@
+server: https://{{ master }}:9345
+{% if rke2_config_token is defined %}
+token: {{ rke2_config_token }}
+{% endif %}
+
+# Common
+{% if rke2_profile_activated %}
+profile: cis
+{% endif %}
+node-name: {{ inventory_hostname }}
+write-kubeconfig-mode: 0600
+data-dir: {{ rke2_data_dir }}
+cluster-cidr: {{ rke2_cluster_cidr }}
+service-cidr: {{ rke2_service_cidr }}
+
+# Config Controller
+selinux: true
+{% if ( rke2_cni is defined ) and ( rke2_cni | type_debug == "list" ) %}
+cni:
+{% for cni in rke2_cni %}
+  - {{ cni }}
+{% endfor %}
+{% else %}
+cni: {{ rke2_cni }}
+{% endif %}
+tls-san:
+  - cluster.local
+  - {{ rke2_api_ip }}
+{% if rke2_disable %}
+disable: {{ rke2_disable }}
+{% endif %}
+secrets-encryption: true
+kube-controller-manager-arg:
+- bind-address=127.0.0.1
+- use-service-account-credentials=true
+- tls-min-version=VersionTLS12
+- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+kube-scheduler-arg:
+- tls-min-version=VersionTLS12
+- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+kube-apiserver-arg:
+- tls-min-version=VersionTLS12
+- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+- authorization-mode=RBAC,Node
+- anonymous-auth=false
+- audit-policy-file=/etc/rancher/rke2/audit-policy.yaml
+- audit-log-mode=blocking-strict- audit-log-maxage=30
+kubelet-arg:
+- protect-kernel-defaults=true
+- read-only-port=0
+- authorization-mode=Webhook
diff --git a/roles/install_rke2_worker/defaults/main.yml b/roles/install_rke2_worker/defaults/main.yml
index eb7f68943..8907ba643 100644
--- a/roles/install_rke2_worker/defaults/main.yml
+++ b/roles/install_rke2_worker/defaults/main.yml
@@ -11,6 +11,12 @@ mount_utils_path: "{{ mount_path }}/utils"
 mount_rke2_common_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_common_rpm_version }}.el{{ ansible_distribution_major_version }}.x86_64.rpm"
 mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
 
+# Worker options
+rke2_data_dir: "{{ global_rke2_data_dir }}"
+rke2_cluster_cidr: "{{ global_rke2_cluster_cidr }}"
+rke2_service_cidr: "{{ global_rke2_service_cidr }}"
+rke2_profile_activated: "{{ global_rke2_profile_activated }}"
+
 # Firewall rules
 worker_firewalld_rules:
   inbound:
@@ -18,4 +24,4 @@ worker_firewalld_rules:
       zone: public
       ports:
         - {port: 10250, protocol: tcp}
-        - {port: 8472, protocol: udp}
\ No newline at end of file
+        - {port: 8472, protocol: udp}
diff --git a/roles/install_rke2_worker/templates/new-config.yaml.j2 b/roles/install_rke2_worker/templates/new-config.yaml.j2
new file mode 100644
index 000000000..8e8e3d70f
--- /dev/null
+++ b/roles/install_rke2_worker/templates/new-config.yaml.j2
@@ -0,0 +1,18 @@
+server: https://{{ master }}:9345
+token: {{ rke2_config_token }}
+
+# Common
+{% if rke2_profile_activated %}
+profile: cis
+{% endif %}
+node-name: {{ inventory_hostname }}
+write-kubeconfig-mode: 0600
+data-dir: {{ rke2_data_dir }}
+cluster-cidr: {{ rke2_cluster_cidr }}
+service-cidr: {{ rke2_service_cidr }}
+
+# Config Worker
+kube-apiserver-arg:
+- "authorization-mode=RBAC,Node"
+kubelet-arg:
+- "protect-kernel-defaults=true"

From 53fce52712d032672ed634615e892c1b7b96defb Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 10 Feb 2024 23:50:38 +0100
Subject: [PATCH 183/365] bypass

---
 .ansible-lint | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.ansible-lint b/.ansible-lint
index 1429ab949..257e49ef3 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -16,4 +16,5 @@ skip_list:
   - yaml[line-length]
   - var-naming[no-role-prefix]
   - command-instead-of-module
-  - var-naming[pattern]
\ No newline at end of file
+  - var-naming[pattern]
+  - risky-file-permissions

From b3453e479c0bac4448464293e489d497646f961e Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 22:08:24 +0100
Subject: [PATCH 184/365] improve terraform

---
 .ansible-lint                           |  1 +
 test/README.md                          | 11 +++++++++++
 test/main.tf                            |  4 ++--
 test/{variables.tfvars => variables.tf} | 12 ++++++++++++
 4 files changed, 26 insertions(+), 2 deletions(-)
 rename test/{variables.tfvars => variables.tf} (68%)

diff --git a/.ansible-lint b/.ansible-lint
index 257e49ef3..d739e8211 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -10,6 +10,7 @@ exclude_paths:
   - molecule/
   - docs/
   - scripts/
+  - test/
   - playbooks/tasks # Dir for testing locally
 
 skip_list:
diff --git a/test/README.md b/test/README.md
index 865e72e12..e2a286dab 100644
--- a/test/README.md
+++ b/test/README.md
@@ -23,6 +23,17 @@ terraform apply terraform.tfplan
 # auto-approve
 terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
 
+# More options
+terraform apply -var "GITHUB_RUN_ID=777" \
+-var "do_token=${DO_PAT}" \
+-var "do_worker_count=0" \
+-var "do_controller_count=3" \
+-var "do_instance_size=s-2vcpu-4gb" \
+-auto-approve
+
+# connect to a controller
+ssh root@$(terraform output -json ip_address_controllers | jq -r '.[0]') -i .key
+
 # connect to a worker
 ssh root@$(terraform output -json ip_address_workers | jq -r '.[0]') -i .key
 
diff --git a/test/main.tf b/test/main.tf
index 35ce97895..0188c7430 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -33,7 +33,7 @@ resource "digitalocean_vpc" "rkub-project-network" {
 
 # Droplet Instance for RKE2 Cluster - Manager
 resource "digitalocean_droplet" "controllers" {
-    count = 1
+    count = var.do_controller_count
     image = var.do_system
     name = "controller${count.index}"
     region = "fra1"
@@ -70,7 +70,7 @@ output "ip_address_controllers" {
 
 # Droplet Instance for RKE2 Cluster - Workers
 resource "digitalocean_droplet" "workers" {
-    count = 2
+    count = var.do_worker_count
     image = var.do_system
     name = "worker${count.index}"
     region = "fra1"
diff --git a/test/variables.tfvars b/test/variables.tf
similarity index 68%
rename from test/variables.tfvars
rename to test/variables.tf
index 3f1b0ca8d..bbc7cc917 100644
--- a/test/variables.tfvars
+++ b/test/variables.tf
@@ -7,6 +7,18 @@ variable "do_instance_size" {
     default = "s-1vcpu-1gb"
 }
 
+variable "do_controller_count" {
+  type    = number
+  description = "number of controllers"
+  default = "1"
+}
+
+variable "do_worker_count" {
+  type    = number
+  description = "number of workers"
+  default = "2"
+}
+
 variable "do_user" {
   type    = string
   description = "user created on droplet"

From 5a1445ad16285ba31a3a514c74aa54eaec30aac3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 23:00:11 +0100
Subject: [PATCH 185/365] correct missing handlers

---
 roles/install_rke2_common/handlers/main.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/install_rke2_common/handlers/main.yml b/roles/install_rke2_common/handlers/main.yml
index 224d858d7..0cadba7a6 100644
--- a/roles/install_rke2_common/handlers/main.yml
+++ b/roles/install_rke2_common/handlers/main.yml
@@ -21,4 +21,9 @@
   ansible.builtin.systemd:
     name: rke2-agent.service
     state: restarted
-  notify: "Service (re)started"
\ No newline at end of file
+  notify: "Service (re)started"
+
+- name: Restart systemd-sysctl
+  ansible.builtin.service:
+    state: restarted
+    name: systemd-sysctl

From aac54328f95954b85bd03cb5977424fc726d69bc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 23:02:05 +0100
Subject: [PATCH 186/365] give more config options

---
 roles/install_rke2_controller/defaults/main.yml            | 3 +--
 roles/install_rke2_controller/templates/new-config.yaml.j2 | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index e7750308a..1ff56b0f9 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -3,7 +3,7 @@
 rke2_version: "{{ global_rke2_version }}"
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
-control_plane_endpoint: "{{ master }}"
+control_plane_endpoint: "{{ global_rke2_api_ip }}"
 
 # Mount share
 mount_path: "{{ global_directory_mount }}"
@@ -21,7 +21,6 @@ rke2_cluster_cidr: "{{ global_rke2_cluster_cidr }}"
 rke2_service_cidr: "{{ global_rke2_service_cidr }}"
 rke2_cni: "{{ global_rke2_cni }}"
 rke2_profile_activated: "{{ global_rke2_profile_activated }}"
-rke2_api_ip: "{{ global_rke2_api_ip }}"
 
 # Firewall rules
 controller_firewalld_rules:
diff --git a/roles/install_rke2_controller/templates/new-config.yaml.j2 b/roles/install_rke2_controller/templates/new-config.yaml.j2
index 13ceb0a74..cf6af235b 100644
--- a/roles/install_rke2_controller/templates/new-config.yaml.j2
+++ b/roles/install_rke2_controller/templates/new-config.yaml.j2
@@ -25,7 +25,7 @@ cni: {{ rke2_cni }}
 {% endif %}
 tls-san:
   - cluster.local
-  - {{ rke2_api_ip }}
+  - {{ control_plane_endpoint }}
 {% if rke2_disable %}
 disable: {{ rke2_disable }}
 {% endif %}

From 6bfe895796f09e3196bf4d52a1ef6e32462519b9 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 23:16:32 +0100
Subject: [PATCH 187/365] terraform

---
 test/README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/test/README.md b/test/README.md
index e2a286dab..84da3c79f 100644
--- a/test/README.md
+++ b/test/README.md
@@ -38,6 +38,10 @@ ssh root@$(terraform output -json ip_address_controllers | jq -r '.[0]') -i .key
 ssh root@$(terraform output -json ip_address_workers | jq -r '.[0]') -i .key
 
 # Destroy
-terraform plan -destroy -out=terraform.tfplan -var "do_token=${DO_PAT}"
+terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=777" \
+-var "do_token=${DO_PAT}" \
+-var "do_worker_count=0" \
+-var "do_controller_count=3" \
+-var "do_instance_size=s-2vcpu-4gb"
 terraform apply terraform.tfplan
 ```

From a26cc3980e418d865ccc1fb5182c399b5db19e6d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 23:18:03 +0100
Subject: [PATCH 188/365] begin a role for rolling restart

---
 roles/rolling_restart/README.md         | 72 +++++++++++++++++++++++++
 roles/rolling_restart/defaults/main.yml |  2 +
 roles/rolling_restart/handlers/main.yml |  2 +
 roles/rolling_restart/meta/main.yml     | 54 +++++++++++++++++++
 roles/rolling_restart/tasks/main.yml    | 71 ++++++++++++++++++++++++
 roles/rolling_restart/tests/inventory   |  1 +
 roles/rolling_restart/tests/test.yml    |  6 +++
 roles/rolling_restart/vars/main.yml     |  2 +
 8 files changed, 210 insertions(+)
 create mode 100644 roles/rolling_restart/README.md
 create mode 100644 roles/rolling_restart/defaults/main.yml
 create mode 100644 roles/rolling_restart/handlers/main.yml
 create mode 100644 roles/rolling_restart/meta/main.yml
 create mode 100644 roles/rolling_restart/tasks/main.yml
 create mode 100644 roles/rolling_restart/tests/inventory
 create mode 100644 roles/rolling_restart/tests/test.yml
 create mode 100644 roles/rolling_restart/vars/main.yml

diff --git a/roles/rolling_restart/README.md b/roles/rolling_restart/README.md
new file mode 100644
index 000000000..694a1e4f5
--- /dev/null
+++ b/roles/rolling_restart/README.md
@@ -0,0 +1,72 @@
+Role Name
+=========
+
+Role to restart RKE2 cluster in rolling mode
+
+Requirements
+------------
+
+*Example below show that the roles have two flavors and different requirements in functions of what you want*
+
+if idm set to true:
+- Access to a IDM server if you want to create users account.
+- Credentials access to connect to IDM
+
+if idm set to false:
+- create local account on Linux servers
+
+Role Variables
+--------------
+
+| **VarName**        | **Type** | **Content**               | **Mandatory** |
+|--------------------|----------|---------------------------|:-------------:|
+| idm                | boolean  | true / false              | x             |
+| svc_account        | string   | Service Account           | x             |
+| svc_account_passwd | string   | pwd (can be omited)       |               |
+| svc_group          | string   | Group                     |               |
+| svc_owner          | string   | Owner of the account      | if idm true   |
+| list_svc_account   | list     | Users which goes in group | if idm true   |
+| idm_server         | string   | Service Account PWD       | if idm true   |
+| idm_pwd            | string   | sudo group                | if idm true   |
+
+**Mandatory** is the minimum variables that need to be set to make the role work
+*the variables not mandatory either have a default value defined or can be omited*
+
+Dependencies
+------------
+
+Dependencies with some others roles (if there is some).
+
+Example Playbook
+----------------
+Give some example about how to use or implement your Roles
+
+
+```yml
+- name: Trigger Role Example in a Playbooks
+  hosts: RANDOM_GROUP_DEFINED_IN_YOUR_INVENTORY
+  remote_user: ansible
+  become: true
+
+  roles:
+  - { role: 'example',   tags: 'example'  }
+```
+
+```yml
+# Example for one user
+- import_role:
+    name: "example"
+  vars:
+    svc_account:         "{{ tomcat_svc_account }}"
+    svc_group:           "{{ tomcat_svc_group   }}"
+```
+
+License
+-------
+
+Apache-2.0
+
+Author Information
+------------------
+
+morze.baltyk@proton.me
diff --git a/roles/rolling_restart/defaults/main.yml b/roles/rolling_restart/defaults/main.yml
new file mode 100644
index 000000000..e8840f68a
--- /dev/null
+++ b/roles/rolling_restart/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for rolling_restart
diff --git a/roles/rolling_restart/handlers/main.yml b/roles/rolling_restart/handlers/main.yml
new file mode 100644
index 000000000..049ee2b94
--- /dev/null
+++ b/roles/rolling_restart/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for rolling_restart
diff --git a/roles/rolling_restart/meta/main.yml b/roles/rolling_restart/meta/main.yml
new file mode 100644
index 000000000..832eafbff
--- /dev/null
+++ b/roles/rolling_restart/meta/main.yml
@@ -0,0 +1,54 @@
+---
+galaxy_info:
+  standalone: false # Part of a collection
+  author: morze.baltyk@proton.me
+  description: Role to restart RKE2 cluster in rolling mode
+  company: Opensource
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: Apache-2.0
+
+  min_ansible_version: "2.15.0"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/rolling_restart/tasks/main.yml b/roles/rolling_restart/tasks/main.yml
new file mode 100644
index 000000000..ea20d1f52
--- /dev/null
+++ b/roles/rolling_restart/tasks/main.yml
@@ -0,0 +1,71 @@
+---
+# tasks file for rolling_restart
+
+- name: Cordon and Drain the node {{ inventory_hostname }}
+  ansible.builtin.shell: |
+    set -o pipefail
+    {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
+    cordon "{{ inventory_hostname }}" && \
+    {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
+    drain "{{ inventory_hostname }}" --ignore-daemonsets --delete-emptydir-data
+  args:
+    executable: /bin/bash
+  register: drain
+  until:
+    - drain.stdout is search('drained')
+  retries: 100
+  delay: 15
+  changed_when: false
+  delegate_to: "{{ active_server | default(groups[rke2_servers_group_name].0) }}"
+  run_once: true
+  when: rke2_drain_node_during_upgrade
+
+- name: Restart RKE2 service on {{ inventory_hostname }}
+  ansible.builtin.service:
+    name: "{{ rke2_service_name }}"
+    state: restarted
+  notify: "Service (re)started"
+
+- name: Wait for all nodes to be ready again
+  ansible.builtin.shell: |
+    set -o pipefail
+    {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes | grep " Ready" | wc -l
+  args:
+    executable: /bin/bash
+  changed_when: false
+  register: all_ready_nodes
+  until:
+    - groups[rke2_cluster_group_name] | length == all_ready_nodes.stdout | int
+  retries: 100
+  delay: 15
+  delegate_to: "{{ active_server | default(groups[rke2_servers_group_name].0) }}"
+  run_once: true
+
+- name: Uncordon the node {{ inventory_hostname }}
+  ansible.builtin.shell: |
+    set -o pipefail
+    {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml \
+    uncordon "{{ inventory_hostname }}"
+  args:
+    executable: /bin/bash
+  changed_when: false
+  delegate_to: "{{ active_server | default(groups[rke2_servers_group_name].0) }}"
+  run_once: true
+  when: rke2_drain_node_during_upgrade
+
+- name: Wait for all pods to be ready again
+  ansible.builtin.shell: |
+    set -o pipefail
+    {{ rke2_data_path }}/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get pods -A --field-selector=metadata.namespace!=kube-system | grep -iE "crash|error|init|terminating" | wc -l
+  args:
+    executable: /bin/bash
+  failed_when: "all_pods_ready.rc not in [ 0, 1 ]"
+  changed_when: false
+  register: all_pods_ready
+  until:
+    '"0" in all_pods_ready.stdout'
+  retries: 100
+  delay: 15
+  delegate_to: "{{ active_server | default(groups[rke2_servers_group_name].0) }}"
+  run_once: true
+  when: rke2_wait_for_all_pods_to_be_ready
diff --git a/roles/rolling_restart/tests/inventory b/roles/rolling_restart/tests/inventory
new file mode 100644
index 000000000..2fbb50c4a
--- /dev/null
+++ b/roles/rolling_restart/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/roles/rolling_restart/tests/test.yml b/roles/rolling_restart/tests/test.yml
new file mode 100644
index 000000000..ab92c2e70
--- /dev/null
+++ b/roles/rolling_restart/tests/test.yml
@@ -0,0 +1,6 @@
+---
+- name: Test
+  hosts: localhost
+  remote_user: root
+  roles:
+    - rolling_restart
diff --git a/roles/rolling_restart/vars/main.yml b/roles/rolling_restart/vars/main.yml
new file mode 100644
index 000000000..bc3d39003
--- /dev/null
+++ b/roles/rolling_restart/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for rolling_restart

From 294df152930c0f6fd4ff746236306116552be32b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 23:20:12 +0100
Subject: [PATCH 189/365] deploy registry through rke2

---
 .../install_utils_registry/tasks/manifest.yml  | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 roles/install_utils_registry/tasks/manifest.yml

diff --git a/roles/install_utils_registry/tasks/manifest.yml b/roles/install_utils_registry/tasks/manifest.yml
new file mode 100644
index 000000000..2fc2a72ba
--- /dev/null
+++ b/roles/install_utils_registry/tasks/manifest.yml
@@ -0,0 +1,18 @@
+---
+- name: Ensure RKE2 manifests directory exists
+  ansible.builtin.file:
+    state: directory
+    path: "{{ rke2_data_path }}/server/manifests"
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Copy registry manifest to first server
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{ rke2_data_path }}/server/manifests/{{ item | basename | regex_replace('.j2$', '') }}"
+    owner: root
+    group: root
+    mode: 0664
+  with_fileglob:
+    - "registry.yaml.j2"

From 4dd73f30214d4d84aab68e28ddeee051be35e64d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 11 Feb 2024 23:22:52 +0100
Subject: [PATCH 190/365] start using kubevip

---
 .github/renovate.json                         | 38 +++++---
 CHANGELOG.md                                  | 29 ++++--
 Makefile                                      |  6 +-
 README.md                                     | 61 +++++++------
 roles/build_airgap_package/defaults/main.yml  |  4 +-
 roles/build_airgap_package/tasks/images.yml   | 10 +++
 roles/build_airgap_package/tasks/rke2.yml     |  2 +-
 roles/install_utils_kubevip/README.md         | 72 +++++++++++++++
 roles/install_utils_kubevip/defaults/main.yml |  8 ++
 roles/install_utils_kubevip/handlers/main.yml |  2 +
 roles/install_utils_kubevip/meta/main.yml     | 54 ++++++++++++
 .../tasks/install_airgap.yml                  | 19 ++++
 .../tasks/install_direct.yml                  |  0
 roles/install_utils_kubevip/tasks/main.yml    |  5 ++
 .../templates/airgap/kube-vip-rbac.yml.j2     | 32 +++++++
 .../templates/airgap/kube-vip.yml.j2          | 88 +++++++++++++++++++
 roles/install_utils_kubevip/tests/inventory   |  1 +
 roles/install_utils_kubevip/tests/test.yml    |  6 ++
 roles/install_utils_registry/tasks/load.yml   | 14 ++-
 roles/install_utils_registry/tasks/main.yml   |  6 +-
 20 files changed, 406 insertions(+), 51 deletions(-)
 create mode 100644 roles/install_utils_kubevip/README.md
 create mode 100644 roles/install_utils_kubevip/defaults/main.yml
 create mode 100644 roles/install_utils_kubevip/handlers/main.yml
 create mode 100644 roles/install_utils_kubevip/meta/main.yml
 create mode 100644 roles/install_utils_kubevip/tasks/install_airgap.yml
 create mode 100644 roles/install_utils_kubevip/tasks/install_direct.yml
 create mode 100644 roles/install_utils_kubevip/tasks/main.yml
 create mode 100644 roles/install_utils_kubevip/templates/airgap/kube-vip-rbac.yml.j2
 create mode 100644 roles/install_utils_kubevip/templates/airgap/kube-vip.yml.j2
 create mode 100644 roles/install_utils_kubevip/tests/inventory
 create mode 100644 roles/install_utils_kubevip/tests/test.yml

diff --git a/.github/renovate.json b/.github/renovate.json
index 78ec3c297..530d4f899 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -60,8 +60,8 @@
         ],
         "matchStrings": [
           "global_rke2_version: \"(?<currentValue>.*)\"\\n",
-          "  - rke2 version: (?<currentValue>.*)\\n",
-          "  - \\[RKE2 (?<currentValue>[^\\]]+)\\]\\(https://docs.rke2.io\\) - Security focused Kubernetes\\n"
+          "- rke2 version: (?<currentValue>.*)\\n",
+          "- \\[RKE2 (?<currentValue>[^\\]]+)\\]\\(https://docs.rke2.io\\) - Security focused Kubernetes (channel stable)\\n"
         ],
         "depNameTemplate": "rke2",
         "versioningTemplate": "semver-coerced",
@@ -91,8 +91,8 @@
         ],
         "matchStrings": [
           "global_CERT_VERSION: \"(?<currentValue>.*?)\"\\n",
-          "  - cert-manager version: (?<currentValue>.*)\\n",
-          "  - \\[Cert-manager (?<currentValue>[^\\]]+)\\]\\(https://cert-manager.io/docs/\\) - Certificate manager\\n"
+          "- cert-manager version: (?<currentValue>.*)\\n",
+          "- \\[Cert-manager (?<currentValue>[^\\]]+)\\]\\(https://cert-manager.io/docs/\\) - Certificate manager\\n"
         ],
         "datasourceTemplate": "git-tags",
         "depNameTemplate": "cert-manager",
@@ -109,8 +109,8 @@
         ],
         "matchStrings": [
           "global_RANCHER_VERSION: \"(?<currentValue>.*?)\"\\n",
-          "  - rancher version: (?<currentValue>.*)\\n",
-          "  - \\[Rancher (?<currentValue>[^\\]]+)\\]\\(https://www.suse.com/products/suse-rancher/\\) - Multi-Cluster Kubernetes Management\\n"
+          "- rancher version: (?<currentValue>.*)\\n",
+          "- \\[Rancher (?<currentValue>[^\\]]+)\\]\\(https://www.suse.com/products/suse-rancher/\\) - Multi-Cluster Kubernetes Management\\n"
         ],
         "depNameTemplate": "rancher",
         "versioningTemplate": "semver-coerced",
@@ -126,8 +126,8 @@
         ],
         "matchStrings": [
           "global_LONGHORN_VERSION: \"(?<currentValue>.*?)\"\\n",
-          "  - longhorn version: (?<currentValue>.*)\\n",
-          "  - \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
+          "- longhorn version: (?<currentValue>.*)\\n",
+          "- \\[Longhorn (?<currentValue>[^\\]]+)\\]\\(https://longhorn.io\\) - Unified storage layer\\n"
         ],
         "datasourceTemplate": "git-refs",
         "depNameTemplate": "longhorn",
@@ -144,13 +144,31 @@
         ],
         "matchStrings": [
           "global_NEU_VERSION: \"(?<currentValue>.*?)\"\\n",
-          "  - neuvector version: (?<currentValue>.*)\\n",
-          "  - \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
+          "- neuvector version: (?<currentValue>.*)\\n",
+          "- \\[Neuvector (?<currentValue>[^\\]]+)\\]\\(https://neuvector.com/\\) - Kubernetes Security Platform\\n"
         ],
         "datasourceTemplate": "git-refs",
         "depNameTemplate": "neuvector",
         "packageNameTemplate": "https://github.com/neuvector/neuvector-helm",
         "versioningTemplate": "semver"
+      },
+      {
+        "description": "Update Kubevip version based on github repo",
+        "customType": "regex",
+        "fileMatch": [
+          "playbooks/vars/main\\.y[a]?ml$",
+          "CHANGELOG.md",
+          "README.md"
+        ],
+        "matchStrings": [
+          "global_kubevip_version: \"(?<currentValue>.*?)\"\\n",
+          "- kube-vip version: (?<currentValue>.*)\\n",
+          "- \\[Kube-vip (?<currentValue>[^\\]]+)\\]\\(https://kube-vip.io/\\) - Virtual IP and load balancer\\n"
+        ],
+        "datasourceTemplate": "git-refs",
+        "depNameTemplate": "kubevip",
+        "packageNameTemplate": "https://github.com/kube-vip/kube-vip",
+        "versioningTemplate": "semver"
       }
     ],
     "customDatasources": {
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a73f6329c..96eec2d5f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,12 +3,19 @@
 <!-- Release -->
 ## 1.0.3 (2024-01-24)
 
-### Versions:
-  - rke2 version: 1.27.10
-  - cert-manager version: 1.14.1
-  - rancher version: 2.8.1
-  - longhorn version: 1.6.0
-  - neuvector version: 2.7.2
+### Versions
+
+- rke2 version: 1.27.10
+
+- kube-vip: 0.7.0
+
+- cert-manager version: 1.14.1
+
+- rancher version: 2.8.1
+
+- longhorn version: 1.6.0
+
+- neuvector version: 2.7.2
 <!-- End Release -->
 
 <!-- Features -->
@@ -27,6 +34,16 @@
   - [ ] More install customization and options 🚧
   - [ ] Improve collection to run as true collection 🚧
   - [ ] CI 🚧
+
+Use case:
+  - [x] airgap
+  - [ ] non-airgap 🚧
+  - [ ] standalone 🚧
+  - [x] one-master-and-x-workers
+  - [ ] masters-HA 🚧
+  - [ ] update/upgrade 🚧
+  - [ ] change-config 🚧
+
 <!-- End Features -->
 
 <!-- Fix -->
diff --git a/Makefile b/Makefile
index c9bc89db1..48ac407a5 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-# Rkub Makefile 
+# Rkub Makefile
 
 export INVENTORY       ?= ./plugins/inventory
 export ANSIBLE_USER    ?= admin
@@ -21,7 +21,7 @@ prerequis:
 .PHONY: build
 ## Run playbook to build rkub zst package on localhost.
 build:
-	ansible-playbook ./playbooks/tasks/build.yml $(ANSIBLE_ARGS)
+	ansible-playbook ./playbooks/tasks/build.yml
 
 .PHONY: upload
 ## Run playbook to upload rkub zst package.
@@ -98,4 +98,4 @@ show-help:
 		} \
 		printf "\n"; \
 	}' \
-	| cat 
+	| cat
diff --git a/README.md b/README.md
index 11220b939..6fb1d6498 100644
--- a/README.md
+++ b/README.md
@@ -8,15 +8,22 @@ Ansible Collection to deploy a RKE2 cluster in airgap mode with Rancher, Longhor
 
 ## Description
 
-Ansible collection met to install in airgap environnement RKE2 (one controler and several workers, currently no HA):
+This Ansible collection will install in airgap environnement RKE2 (one controler and several workers, currently no HA):
 
 <!-- Autogenerated -->
-**Ansible Collection Rkub 1.0.2 include:**
-  - [RKE2 1.27.10](https://docs.rke2.io) - Security focused Kubernetes
-  - [Cert-manager 1.14.1](https://cert-manager.io/docs/) - Certificate manager
-  - [Rancher 2.8.1](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
-  - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
-  - [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
+**Current develop - Ansible Collection Rkub 1.0.3 include:**
+
+- [RKE2 1.27.10](https://docs.rke2.io) - Security focused Kubernetes (channel stable)
+
+- [Kube-vip 0.7.0](https://kube-vip.io/) - Virtual IP and load balancer
+
+- [Cert-manager 1.14.1](https://cert-manager.io/docs/) - Certificate manager
+
+- [Rancher 2.8.1](https://www.suse.com/products/suse-rancher/) - Multi-Cluster Kubernetes Management
+
+- [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
+
+- [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
 This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
@@ -24,50 +31,48 @@ I tried it and like the idea but I was frustrated with Shell scripting limitatio
 
 With Ansible:
 
-  * Idempotency: can be relaunch multiple time.
+- Idempotency: can be relaunch multiple time.
 
-  * User agnostic: can be launch by any user (with sudo rights).
+- User agnostic: can be launch by any user (with sudo rights).
 
-  * OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)
+- OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)
 
 Add-on from my part, some part which were manual in Clemenko procedure are automated with Ansible like:
 
-  * the upload or NFS mount
+- the upload or NFS mount
 
-  * Some flexibility about path (possible to export or mount NFS in choosen place)
+- Some flexibility about path (possible to export or mount NFS in choosen place)
 
-  * Arkade to install utilities binaries
+- Arkade to install utilities binaries
 
-  * Admin user (by default kuberoot) on first controler node with all necessary tools
+- Admin user (by default kuberoot) on first controler node with all necessary tools
 
-  * Nerdctl (as complement of containerd to handle oci-archive)
+- Nerdctl (as complement of containerd to handle oci-archive)
 
-  * Firewalld settings if firewalld running
+- Firewalld settings if firewalld running
 
-  * Uninstall playbook to cleanup (and maybe reinstall if needed)
-
-  * Collection Released, so possibilty to get back to older versions
+- Uninstall playbook to cleanup (and maybe reinstall if needed)
 
+- Collection Released, so possibilty to get back to older versions
 
 ## Prerequisites
 
-* Linux Host as a package builder (can be a VM or your WSL). Count 30G of free space in the build directory of your package builder (17G for download + 7G for the zst package).
-
-* An Ansible Controler, can be the same host for ansible and for building package, at your convenience...
+- Linux Host as a package builder (can be a VM or your WSL). Count 30G of free space in the build directory of your package builder (17G for download + 7G for the zst package).
 
-* A minimum of 2 hosts RHEL-like (2 vCPU and 8G of RAM) for the cluster RKE2 with 80G at least on target directory.
+- An Ansible Controler, can be the same host for ansible and for building package, at your convenience...
 
+- A minimum of 2 hosts RHEL-like (2 vCPU and 8G of RAM) for the cluster RKE2 with 80G at least on target directory.
 
 ## Getting started
 
 1. Preparation steps:
 
-    * Clone the main branch of this project to a machine with an internet access:
+- Clone the main branch of this project to a machine with an internet access:
       `git clone -b main https://github.com/MozeBaltyk/Rkub.git`
 
-    * Execute `make prerequis` to install all prerequisites defined in meta directory.
+- Execute `make prerequis` to install all prerequisites defined in meta directory.
 
-    * Complete directory inside `./plugins/inventory/hosts.yml`.
+- Complete directory inside `./plugins/inventory/hosts.yml`.
 
 2. Build your package by running (works on Debian-like and Redhat-like):
 
@@ -142,9 +147,9 @@ ANSIBLE_USER=admin                                 # equal to '-u admin'
 
 1. This is a custom script which imitate Execution-Environement:
 
-    * `make ee-container` will load an UBI-8 image and execute inside `make prerequis`
+- `make ee-container` will load an UBI-8 image and execute inside `make prerequis`
 
-    * `make ee-exec` Run image with collection and package zst mounted inside. Launch playbook or make command as described above.
+- `make ee-exec` Run image with collection and package zst mounted inside. Launch playbook or make command as described above.
 
 All prerequisites are set in folder `meta` and `meta/execution-environment.yml`. So it's possible to use ansible-builder (though not tested yet).
 
diff --git a/roles/build_airgap_package/defaults/main.yml b/roles/build_airgap_package/defaults/main.yml
index 0042839e9..aa1ef9248 100644
--- a/roles/build_airgap_package/defaults/main.yml
+++ b/roles/build_airgap_package/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 # defaults file for build_airgap
 rke2_version: "{{ global_rke2_version }}"
+kubevip_version: "{{ global_kubevip_version }}"
 helm_version: "{{ global_helm_version }}"
 CERT_VERSION: "{{ global_CERT_VERSION }}"
 RANCHER_VERSION: "{{ global_RANCHER_VERSION }}"
@@ -18,9 +19,10 @@ list_directory_package:
     - "{{ directory_package }}/images/longhorn"
     - "{{ directory_package }}/images/registry"
     - "{{ directory_package }}/images/neuvector"
+    - "{{ directory_package }}/images/kubevip"
 
 # extras RPM
 rke2_common_repo_version: "{{ global_rke2_common_repo_version }}"
 rke2_common_rpm_version: "{{ global_rke2_common_rpm_version }}"
 rke2_selinux_repo_version: "{{ global_rke2_selinux_repo_version }}"
-rke2_selinux_rpm_version: "{{ global_rke2_selinux_rpm_version }}"
\ No newline at end of file
+rke2_selinux_rpm_version: "{{ global_rke2_selinux_rpm_version }}"
diff --git a/roles/build_airgap_package/tasks/images.yml b/roles/build_airgap_package/tasks/images.yml
index 625680f5c..9a9ec81b0 100644
--- a/roles/build_airgap_package/tasks/images.yml
+++ b/roles/build_airgap_package/tasks/images.yml
@@ -118,3 +118,13 @@
       fi;
     executable: /bin/bash
   changed_when: false
+
+- name: Upload kubevip image
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      if ( ! ls {{ directory_package }}/images/kubevip/kubevip_v{{ kubevip_version }}.tar > /dev/null); then
+      skopeo copy docker://ghcr.io/kube-vip/kube-vip:v{{ kubevip_version }} docker-archive:{{ directory_package }}/images/kubevip/kubevip_v{{ kubevip_version }}.tar
+      fi;
+    executable: /bin/bash
+  changed_when: false
diff --git a/roles/build_airgap_package/tasks/rke2.yml b/roles/build_airgap_package/tasks/rke2.yml
index 61784ade6..6f9f508d0 100644
--- a/roles/build_airgap_package/tasks/rke2.yml
+++ b/roles/build_airgap_package/tasks/rke2.yml
@@ -61,4 +61,4 @@
       ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-selinux/releases/download/{{ rke2_selinux_repo_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
-        mode: "0750"
\ No newline at end of file
+        mode: "0750"
diff --git a/roles/install_utils_kubevip/README.md b/roles/install_utils_kubevip/README.md
new file mode 100644
index 000000000..13da312c7
--- /dev/null
+++ b/roles/install_utils_kubevip/README.md
@@ -0,0 +1,72 @@
+Role Name
+=========
+
+Role to install kubevip for HA mode
+
+Requirements
+------------
+
+*Example below show that the roles have two flavors and different requirements in functions of what you want*
+
+if idm set to true:
+- Access to a IDM server if you want to create users account.
+- Credentials access to connect to IDM
+
+if idm set to false:
+- create local account on Linux servers
+
+Role Variables
+--------------
+
+| **VarName**        | **Type** | **Content**               | **Mandatory** |
+|--------------------|----------|---------------------------|:-------------:|
+| idm                | boolean  | true / false              | x             |
+| svc_account        | string   | Service Account           | x             |
+| svc_account_passwd | string   | pwd (can be omited)       |               |
+| svc_group          | string   | Group                     |               |
+| svc_owner          | string   | Owner of the account      | if idm true   |
+| list_svc_account   | list     | Users which goes in group | if idm true   |
+| idm_server         | string   | Service Account PWD       | if idm true   |
+| idm_pwd            | string   | sudo group                | if idm true   |
+
+**Mandatory** is the minimum variables that need to be set to make the role work
+*the variables not mandatory either have a default value defined or can be omited*
+
+Dependencies
+------------
+
+Dependencies with some others roles (if there is some).
+
+Example Playbook
+----------------
+Give some example about how to use or implement your Roles
+
+
+```yml
+- name: Trigger Role Example in a Playbooks
+  hosts: RANDOM_GROUP_DEFINED_IN_YOUR_INVENTORY
+  remote_user: ansible
+  become: true
+
+  roles:
+  - { role: 'example',   tags: 'example'  }
+```
+
+```yml
+# Example for one user
+- import_role:
+    name: "example"
+  vars:
+    svc_account:         "{{ tomcat_svc_account }}"
+    svc_group:           "{{ tomcat_svc_group   }}"
+```
+
+License
+-------
+
+Apache-2.0
+
+Author Information
+------------------
+
+morze.baltyk@proton.me
diff --git a/roles/install_utils_kubevip/defaults/main.yml b/roles/install_utils_kubevip/defaults/main.yml
new file mode 100644
index 000000000..0b618b922
--- /dev/null
+++ b/roles/install_utils_kubevip/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# defaults file for install_utils_kubevip
+kubevip_version: "{{ global_kubevip_version }}"
+kubevip_svc_enable:  true
+kubevip_ipvs_lb_enable:
+kubevip_image: "ghcr.io/kube-vip/kube-vip:{{ kubevip_version }}"
+#kubevip_args:
+#rke2_kubevip_cloud_provider_image: ghcr.io/kube-vip/kube-vip-cloud-provider:v0.0.4
diff --git a/roles/install_utils_kubevip/handlers/main.yml b/roles/install_utils_kubevip/handlers/main.yml
new file mode 100644
index 000000000..7d5492690
--- /dev/null
+++ b/roles/install_utils_kubevip/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for install_utils_kubevip
diff --git a/roles/install_utils_kubevip/meta/main.yml b/roles/install_utils_kubevip/meta/main.yml
new file mode 100644
index 000000000..bce3a4125
--- /dev/null
+++ b/roles/install_utils_kubevip/meta/main.yml
@@ -0,0 +1,54 @@
+---
+galaxy_info:
+  standalone: false # Part of a collection
+  author: morze.baltyk@proton.me
+  description: Role to install kubevip for HA mode
+  company: Opensource
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: Apache-2.0
+
+  min_ansible_version: "2.15.0"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/install_utils_kubevip/tasks/install_airgap.yml b/roles/install_utils_kubevip/tasks/install_airgap.yml
new file mode 100644
index 000000000..669980522
--- /dev/null
+++ b/roles/install_utils_kubevip/tasks/install_airgap.yml
@@ -0,0 +1,19 @@
+---
+- name: Create the RKE2 manifests directory
+  ansible.builtin.file:
+    state: directory
+    path: "{{ rke2_data_path }}/server/manifests"
+    owner: root
+    group: root
+    mode: 0700
+
+- name: Copy kube-vip files to first server
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{ rke2_data_path }}/server/manifests/{{ item | basename | regex_replace('.j2$', '') }}"
+    owner: root
+    group: root
+    mode: 0664
+  with_fileglob:
+    - "templates/airgap/kube-vip.yml.j2"
+    - "templates/airgap/kube-vip-rbac.yml.j2"
diff --git a/roles/install_utils_kubevip/tasks/install_direct.yml b/roles/install_utils_kubevip/tasks/install_direct.yml
new file mode 100644
index 000000000..e69de29bb
diff --git a/roles/install_utils_kubevip/tasks/main.yml b/roles/install_utils_kubevip/tasks/main.yml
new file mode 100644
index 000000000..0703b64b7
--- /dev/null
+++ b/roles/install_utils_kubevip/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+# tasks file for install_utils_kubevip
+- name: Install in airgap mode
+  ansible.builtin.import_tasks: install_airgap.yml
+  when: caller_role_name == "controller"
diff --git a/roles/install_utils_kubevip/templates/airgap/kube-vip-rbac.yml.j2 b/roles/install_utils_kubevip/templates/airgap/kube-vip-rbac.yml.j2
new file mode 100644
index 000000000..0480d0ec6
--- /dev/null
+++ b/roles/install_utils_kubevip/templates/airgap/kube-vip-rbac.yml.j2
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-vip
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:kube-vip-role
+rules:
+  - apiGroups: [""]
+    resources: ["services", "services/status", "nodes", "endpoints"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-vip-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:kube-vip-role
+subjects:
+- kind: ServiceAccount
+  name: kube-vip
+  namespace: kube-system
diff --git a/roles/install_utils_kubevip/templates/airgap/kube-vip.yml.j2 b/roles/install_utils_kubevip/templates/airgap/kube-vip.yml.j2
new file mode 100644
index 000000000..a22905301
--- /dev/null
+++ b/roles/install_utils_kubevip/templates/airgap/kube-vip.yml.j2
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/name: kube-vip-ds
+  name: kube-vip-ds
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-vip-ds
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: kube-vip-ds
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+            - matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+      containers:
+      - args:
+        - manager
+        env:
+        - name: vip_arp
+          value: "true"
+        - name: vip_interface
+          value: "{{ rke2_interface | default(ansible_default_ipv4.interface) }}"
+        - name: port
+          value: "{{ rke2_api_port | default('6443')}}"
+        - name: vip_cidr
+          value: "{{ rke2_api_cidr | default('24') }}"
+        - name: cp_enable
+          value: "true"
+        - name: cp_namespace
+          value: kube-system
+        - name: vip_ddns
+          value: "false"
+        - name: enableUPNP
+          value: "false"
+        - name: svc_enable
+          value: "{{ kubevip_svc_enable }}"
+        - name: svc_election
+          value: "true"
+        - name: vip_leaderelection
+          value: "true"
+        - name: vip_leaseduration
+          value: "5"
+        - name: vip_renewdeadline
+          value: "3"
+        - name: vip_retryperiod
+          value: "1"
+        - name: address
+          value: "{{ rke2_api_ip }}"
+        - name: prometheus_server
+          value: :2112
+        - name: lb_enable
+          value: "{{ kubevip_ipvs_lb_enable }}"
+{% if kubevip_args  is defined %}
+{% for item in kubevip_args %}
+        - name: {{ item.param }}
+          value: {{ item.value }}
+{% endfor %}
+{% endif %}
+        image: "{{ kubevip_image }}"
+        name: kube-vip
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+      hostNetwork: true
+      serviceAccountName: kube-vip
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+  updateStrategy: {}
diff --git a/roles/install_utils_kubevip/tests/inventory b/roles/install_utils_kubevip/tests/inventory
new file mode 100644
index 000000000..2fbb50c4a
--- /dev/null
+++ b/roles/install_utils_kubevip/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/roles/install_utils_kubevip/tests/test.yml b/roles/install_utils_kubevip/tests/test.yml
new file mode 100644
index 000000000..945d6a17e
--- /dev/null
+++ b/roles/install_utils_kubevip/tests/test.yml
@@ -0,0 +1,6 @@
+---
+- name: Test
+  hosts: localhost
+  remote_user: root
+  roles:
+    - install_utils_kubevip
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index adfc0c235..a2a0f57e6 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -9,6 +9,18 @@
     state: present
     timeout: 600
 
+# kube-vip
+- name: Find kube-vip images on the target server
+  ansible.builtin.find:
+    paths: "{{ mount_images_path }}/kubevip/"
+    patterns: "*.tar"
+  register: found_images
+
+- name: Copy kube-vip images with skopeo
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/kube-vip/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
+  with_items: "{{ found_images['files'] }}"
+
 # Longhorn
 - name: Find longhorn images on the target server
   ansible.builtin.find:
@@ -73,4 +85,4 @@
 
 - name: Display Output
   ansible.builtin.debug:
-    var: docker['stdout_lines']
\ No newline at end of file
+    var: docker['stdout_lines']
diff --git a/roles/install_utils_registry/tasks/main.yml b/roles/install_utils_registry/tasks/main.yml
index 84f43083b..562022c12 100644
--- a/roles/install_utils_registry/tasks/main.yml
+++ b/roles/install_utils_registry/tasks/main.yml
@@ -6,10 +6,14 @@
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers
 
+- name: Copy manifest
+  ansible.builtin.import_tasks: manifest.yml
+  when: caller_role_name == "controller"
+
 - name: Kubernetes tasks
   ansible.builtin.import_tasks: deploy.yml
   when: caller_role_name == "controller"
 
 - name: Load images in local registry
   ansible.builtin.import_tasks: load.yml
-  when: caller_role_name == "controller"
\ No newline at end of file
+  when: caller_role_name == "controller"

From bb03be5b5e368e97e15abecee181aa1149a3fe84 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 12 Feb 2024 23:26:05 +0100
Subject: [PATCH 191/365] split networkmanager config

---
 roles/install_rke2_common/tasks/install.yml   | 28 -------------------
 roles/install_rke2_common/tasks/main.yml      | 12 +++++++-
 .../tasks/networkmanager.yml                  | 23 +++++++++++++++
 3 files changed, 34 insertions(+), 29 deletions(-)
 create mode 100644 roles/install_rke2_common/tasks/networkmanager.yml

diff --git a/roles/install_rke2_common/tasks/install.yml b/roles/install_rke2_common/tasks/install.yml
index c66fc48eb..afbf26299 100644
--- a/roles/install_rke2_common/tasks/install.yml
+++ b/roles/install_rke2_common/tasks/install.yml
@@ -49,31 +49,3 @@
     dest: /var/lib/rancher/rke2
     state: link
   when: rke2_data_dir != "/var/lib/rancher/rke2"
-
-# NetworkManager config
-- name: Specific config for NetworkManager
-  become: true
-  when:
-    - ansible_facts['services']['NetworkManager.service'] is defined
-  block:
-    - name: Configure NetworkManager for RKE2 and Canal
-      ansible.builtin.copy:
-        content: |
-          [keyfile]
-          unmanaged-devices=interface-name:cali*;interface-name:flannel*
-        dest: /etc/NetworkManager/conf.d/rke2-canal.conf
-        mode: '0600'
-
-    - name: Set rke2-canal.conf file permissions
-      ansible.builtin.file:
-        path: /etc/NetworkManager/conf.d/rke2-canal.conf
-        mode: '0600'
-        owner: root
-        group: root
-
-    - name: Reload NetworkManager
-      ansible.builtin.systemd:
-        name: NetworkManager
-        state: reloaded
-      when:
-        - ansible_facts['services']['NetworkManager.service']['state'] == "running"
diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index 4be2b8246..3f47014b5 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -8,6 +8,17 @@
       - "!min"
   when: >
     ansible_os_family is not defined
+  tags: [always]
+
+- name: Populate service facts
+  ansible.builtin.service_facts: {}
+  tags: [always]
+
+- name: Specific config for NetworkManager
+  ansible.builtin.import_tasks: networkmanager.yml
+  when:
+    - ansible_facts['services']['NetworkManager.service'] is defined
+  tags: networkmanager
 
 - name: Tasks common to Linux servers for RKE2 installation
   ansible.builtin.import_tasks: install.yml
@@ -18,4 +29,3 @@
 - name: RKE2 Install specific for RHEL-like OS
   ansible.builtin.import_tasks: rhel.yml
   when: ansible_os_family == "RedHat"
-  tags: rhel
diff --git a/roles/install_rke2_common/tasks/networkmanager.yml b/roles/install_rke2_common/tasks/networkmanager.yml
new file mode 100644
index 000000000..b60f9a055
--- /dev/null
+++ b/roles/install_rke2_common/tasks/networkmanager.yml
@@ -0,0 +1,23 @@
+---
+# NetworkManager config
+- name: Configure NetworkManager for RKE2 and Canal
+  ansible.builtin.copy:
+    content: |
+      [keyfile]
+      unmanaged-devices=interface-name:cali*;interface-name:flannel*
+    dest: /etc/NetworkManager/conf.d/rke2-canal.conf
+    mode: '0600'
+
+- name: Set rke2-canal.conf file permissions
+  ansible.builtin.file:
+    path: /etc/NetworkManager/conf.d/rke2-canal.conf
+    mode: '0600'
+    owner: root
+    group: root
+
+- name: Reload NetworkManager
+  ansible.builtin.systemd:
+    name: NetworkManager
+    state: reloaded
+  when:
+    - ansible_facts['services']['NetworkManager.service']['state'] == "running"

From 280c4a01ac3e4c3fdc5274fdfb0c5b504f3471c2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 12 Feb 2024 23:28:27 +0100
Subject: [PATCH 192/365] generate a inventory with terraform

---
 .gitignore               | 16 +++++++++-------
 test/README.md           |  4 ++--
 test/ansible.cfg         |  4 +++-
 test/inventory/hosts.tpl | 18 ++++++++++++++++++
 test/main.tf             | 26 +++++++++++++++++++++-----
 5 files changed, 53 insertions(+), 15 deletions(-)
 create mode 100644 test/inventory/hosts.tpl

diff --git a/.gitignore b/.gitignore
index 281fcbe8a..1f92fcfae 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,12 +1,6 @@
-# tmp/state/secrets
+# tmp
 .*.swp
 .govmomi
-*terraform*
-terraform.tfstate*
-.venv/
-*kubeconfig.yaml
-Chart.lock
-.key
 # Workstation
 .DS_Store
 .vscode
@@ -21,3 +15,11 @@ context
 *.log
 *.png
 *.tgz
+# Staging
+*kubeconfig.yaml
+*terraform*
+terraform.tfstate*
+hosts.ini
+.key
+Chart.lock
+.venv/
diff --git a/test/README.md b/test/README.md
index 84da3c79f..1e901bebd 100644
--- a/test/README.md
+++ b/test/README.md
@@ -26,7 +26,7 @@ terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
 # More options
 terraform apply -var "GITHUB_RUN_ID=777" \
 -var "do_token=${DO_PAT}" \
--var "do_worker_count=0" \
+-var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-2vcpu-4gb" \
 -auto-approve
@@ -40,7 +40,7 @@ ssh root@$(terraform output -json ip_address_workers | jq -r '.[0]') -i .key
 # Destroy
 terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=777" \
 -var "do_token=${DO_PAT}" \
--var "do_worker_count=0" \
+-var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-2vcpu-4gb"
 terraform apply terraform.tfplan
diff --git a/test/ansible.cfg b/test/ansible.cfg
index a9f6d3ca5..e43f7fcf5 100644
--- a/test/ansible.cfg
+++ b/test/ansible.cfg
@@ -1,7 +1,9 @@
 [defaults]
-inventory =  hosts.ini
+inventory =  ./inventory/hosts.ini
 roles_path = ../roles
 host_key_checking = False
 display_skipped_hosts = false
+deprecation_warnings = false
 force_color       = True
 stdout_callback   = yaml
+private_key_file = .key
diff --git a/test/inventory/hosts.tpl b/test/inventory/hosts.tpl
new file mode 100644
index 000000000..aa2272710
--- /dev/null
+++ b/test/inventory/hosts.tpl
@@ -0,0 +1,18 @@
+# Generated with hosts.tpl
+[all]
+## ALL HOSTS
+localhost ansible_connection=local
+
+[RKE2_CONTROLLERS]
+%{ for idx, ip in controller_ips ~}
+controller${idx} ansible_host=${ip} # Controller${idx}
+%{ endfor ~}
+
+[RKE2_WORKERS]
+%{ for idx, ip in worker_ips ~}
+worker${idx} ansible_host=${ip} # Worker${idx}
+%{ endfor ~}
+
+[RKE2_CLUSTER:children]
+RKE2_CONTROLLERS
+RKE2_WORKERS
diff --git a/test/main.tf b/test/main.tf
index 0188c7430..fb6082c3e 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -99,11 +99,6 @@ resource "digitalocean_droplet" "workers" {
   }
 }
 
-output "ip_address_workers" {
-  value = digitalocean_droplet.workers[*].ipv4_address
-  description = "The public IP address of your rke2 workers."
-}
-
 ###
 ### Project
 ###
@@ -115,3 +110,24 @@ resource "digitalocean_project" "rkub" {
   environment = "Staging"
   resources = flatten([digitalocean_droplet.controllers.*.urn, digitalocean_droplet.workers.*.urn])
 }
+
+###
+### Generate the hosts.ini file
+###
+resource "local_file" "ansible_inventory" {
+  content = templatefile("inventory/hosts.tpl",
+    {
+     controller_ips = digitalocean_droplet.controllers[*].ipv4_address,
+     worker_ips     = digitalocean_droplet.workers[*].ipv4_address
+    }
+  )
+  filename = "inventory/hosts.ini"
+}
+
+###
+### Display
+###
+output "ip_address_workers" {
+  value = digitalocean_droplet.workers[*].ipv4_address
+  description = "The public IP address of your rke2 workers."
+}

From 5a7185be77d06795e565ec27b1a4653c731d4596 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 20:21:07 +0100
Subject: [PATCH 193/365] push state in space bucket

---
 .github/workflows/stage.yml | 76 ++++++++++++++++++++-----------------
 galaxy.yml                  |  3 +-
 test/README.md              | 29 +++++++++-----
 test/main.tf                | 10 +++++
 4 files changed, 73 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 34543f47c..373ce2100 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -21,14 +21,13 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
 
-      - name: Terraform fmt
-        id: fmt
-        run: terraform fmt -check
-        continue-on-error: true
-
       - name: Terraform Init
         id: init
-        run: terraform init
+        run: |
+          terraform init -backend-config="access_key=$SPACES_ACCESS_TOKEN" -backend-config="secret_key=$SPACES_SECRET_KEY"
+        env:
+          SPACES_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Get key
         run: |
@@ -45,7 +44,12 @@ jobs:
       - name: Terraform Plan
         id: plan
         run: |
-          terraform plan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -no-color
+          terraform plan -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}" \
+          -var "do_worker_count=1" \
+          -var "do_controller_count=1" \
+          -var "do_instance_size=s-2vcpu-4gb"
         continue-on-error: true
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
@@ -56,9 +60,7 @@ jobs:
 
       - name: Terraform Apply
         run: |
-          terraform apply -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -auto-approve
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          terraform apply terraform.tfplan
 
   reachable:
     name: Reachable
@@ -74,9 +76,6 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
-      #- name: Get tag name
-      #  uses: olegtarasov/get-tag@v2
-
       - name: Install doctl
         uses: digitalocean/action-doctl@v2
         with:
@@ -107,28 +106,28 @@ jobs:
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
-      - name: Create inventory hosts.ini
-        run: |
-          touch hosts.ini
-          echo "[RKE2_CONTROLLERS]" > hosts.ini
-          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_controllers --format "Public IPv4" --output text >> hosts.ini
-          echo "[RKE2_WORKERS]" >> hosts.ini
-          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_workers --format "Public IPv4" --output text >> hosts.ini
-          echo "[all:vars]" >> hosts.ini
-          echo "kubernetes_api_server_host=$(echo " " | head -1)" >> hosts.ini
-          echo "remote_user=root" >> ansible.cfg
-          echo "private_key_file=.key" >> ansible.cfg
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-
-      - name: Check hosts.ini and ansible.cfg
-        run: |
-          cat hosts.ini
-          cat ansible.cfg
+#      - name: Create inventory hosts.ini
+#        run: |
+#          touch hosts.ini
+#          echo "[RKE2_CONTROLLERS]" > hosts.ini
+#          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_controllers --format "Public IPv4" --output text >> hosts.ini
+#          echo "[RKE2_WORKERS]" >> hosts.ini
+#          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_workers --format "Public IPv4" --output text >> hosts.ini
+#          echo "[all:vars]" >> hosts.ini
+#          echo "kubernetes_api_server_host=$(echo " " | head -1)" >> hosts.ini
+#          echo "remote_user=root" >> ansible.cfg
+#          echo "private_key_file=.key" >> ansible.cfg
+#        env:
+#          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+#
+#      - name: Check hosts.ini and ansible.cfg
+#        run: |
+#          cat hosts.ini
+#          cat ansible.cfg
 
       - name: Test if reachable
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -i hosts.ini -u root -vv --private-key .key
+          ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -u root -vv --private-key .key
 
       #- name: Run playbook
       #  run: |
@@ -173,11 +172,20 @@ jobs:
 
       - name: Terraform Init
         id: init
-        run: terraform init
+        run: |
+          terraform init -backend-config="access_key=$SPACES_ACCESS_TOKEN" -backend-config="secret_key=$SPACES_SECRET_KEY"
+        env:
+          SPACES_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Delete Stack
         if: ${{ always() }}
         run: |
-          terraform destroy -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" -var "do_token=${DO_PAT}" -auto-approve
+          terraform destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}" \
+          -var "do_worker_count=1" \
+          -var "do_controller_count=1" \
+          -var "do_instance_size=s-2vcpu-4gb" \
+          -auto-approve
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
diff --git a/galaxy.yml b/galaxy.yml
index ae57500c1..f7ca14026 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -46,4 +46,5 @@ build_ignore:
   - .DS_Store
   - .vscode
   - '.*.tar.gz'
-  - '*.zip'
\ No newline at end of file
+  - '*.zip'
+  - 'test'
diff --git a/test/README.md b/test/README.md
index 1e901bebd..b6231363f 100644
--- a/test/README.md
+++ b/test/README.md
@@ -15,21 +15,29 @@ Add inside ./test a file .key with the private ssh key generate by DO.
 ```bash
 export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
-# Create 3 VMs
-terraform init
-terraform plan -out=terraform.tfplan -var "do_token=${DO_PAT}"
-terraform apply terraform.tfplan
-
-# auto-approve
+# init with backend config
+terraform init --backend-config=./backend_config.hcl
+# ./backend_config.hcl
+# access_key="<YOUR ACCESS KEY CONFIGURED AT STEP 1.2 Space Access Keys from the Tutorial>"
+# secret_key="<YOUR SECURE KEY CONFIGURED AT STEP 1.2 Space Access Keys from the Tutorial>"
+
+# init with one line command
+terraform init \
+-backend-config="access_key=$SPACES_ACCESS_TOKEN" \
+-backend-config="secret_key=$SPACES_SECRET_KEY" \
+
+# auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
 terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
 
-# More options
-terraform apply -var "GITHUB_RUN_ID=777" \
+# Deploy
+terraform plan -out=terraform.tfplan \
+-var "GITHUB_RUN_ID=777" \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
--var "do_instance_size=s-2vcpu-4gb" \
--auto-approve
+-var "do_instance_size=s-2vcpu-4gb"
+# Apply
+terraform apply terraform.tfplan
 
 # connect to a controller
 ssh root@$(terraform output -json ip_address_controllers | jq -r '.[0]') -i .key
@@ -43,5 +51,6 @@ terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=777" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-2vcpu-4gb"
+# Apply destroy
 terraform apply terraform.tfplan
 ```
diff --git a/test/main.tf b/test/main.tf
index fb6082c3e..a455d5dd7 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -8,6 +8,16 @@ terraform {
       version = "~> 2.0"
     }
   }
+  backend "s3" {
+    bucket = "terraform-backend-github"
+    endpoint = "fra1.digitaloceanspaces.com"
+    region = "eu-west-1"
+    key = "state-store/terraform.tfstate"
+    skip_requesting_account_id = true
+    skip_credentials_validation = true
+    skip_get_ec2_platforms = true
+    skip_metadata_api_check = true
+  }
 }
 
 provider "digitalocean" {

From 5e285c7d127a47169421e87bd6eb89cc76912f64 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 21:40:41 +0100
Subject: [PATCH 194/365] push state in space bucket

---
 test/README.md | 4 ++++
 test/main.tf   | 4 +---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/test/README.md b/test/README.md
index b6231363f..847eb3287 100644
--- a/test/README.md
+++ b/test/README.md
@@ -9,11 +9,15 @@ The puropse of this CI is to test the integration between RKE2, longhorn, ranche
 On Digital Ocean account:
 - generate a PAT (private access token)
 - a set of SSH key
+- Create a Space with a key
 
 Add inside ./test a file .key with the private ssh key generate by DO.
 
 ```bash
 export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+export SPACES_ACCESS_TOKEN="DOxxxxxxxxxxxxxxxxxxx"
+export SPACES_SECRET_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
 
 # init with backend config
 terraform init --backend-config=./backend_config.hcl
diff --git a/test/main.tf b/test/main.tf
index a455d5dd7..19f4c3d72 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -10,12 +10,10 @@ terraform {
   }
   backend "s3" {
     bucket = "terraform-backend-github"
-    endpoint = "fra1.digitaloceanspaces.com"
+    endpoint = "https://fra1.digitaloceanspaces.com"
     region = "eu-west-1"
     key = "state-store/terraform.tfstate"
-    skip_requesting_account_id = true
     skip_credentials_validation = true
-    skip_get_ec2_platforms = true
     skip_metadata_api_check = true
   }
 }

From 05664509956007bad062501b27af779c43407ca5 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 21:41:48 +0100
Subject: [PATCH 195/365] reduce size

---
 test/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/README.md b/test/README.md
index 847eb3287..a87b79b97 100644
--- a/test/README.md
+++ b/test/README.md
@@ -39,7 +39,7 @@ terraform plan -out=terraform.tfplan \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
--var "do_instance_size=s-2vcpu-4gb"
+-var "do_instance_size=s-1vcpu-1gb"
 # Apply
 terraform apply terraform.tfplan
 
@@ -54,7 +54,7 @@ terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=777" \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
--var "do_instance_size=s-2vcpu-4gb"
+-var "do_instance_size=s-1vcpu-1gb"
 # Apply destroy
 terraform apply terraform.tfplan
 ```

From c74d6a67f2c2a0ec1aee8b10a81def5d08773911 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 21:56:42 +0100
Subject: [PATCH 196/365] test

---
 test/main.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/main.tf b/test/main.tf
index 19f4c3d72..341d9d6db 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -9,12 +9,12 @@ terraform {
     }
   }
   backend "s3" {
+    skip_credentials_validation = true
+    skip_metadata_api_check = true
     bucket = "terraform-backend-github"
     endpoint = "https://fra1.digitaloceanspaces.com"
     region = "eu-west-1"
-    key = "state-store/terraform.tfstate"
-    skip_credentials_validation = true
-    skip_metadata_api_check = true
+    key = "state/terraform.tfstate"
   }
 }
 

From 6280a0596d1a08e715e8bb174fb21618faf61dd2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 22:10:23 +0100
Subject: [PATCH 197/365] test

---
 .github/workflows/stage.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 373ce2100..852ddf22d 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -28,6 +28,7 @@ jobs:
         env:
           SPACES_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
           SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+          AWS_PROFILE: "digitalocean"
 
       - name: Get key
         run: |
@@ -53,6 +54,7 @@ jobs:
         continue-on-error: true
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          AWS_PROFILE: "digitalocean"
 
       - name: Terraform Plan Status
         if: steps.plan.outcome == 'failure'

From 903a4c80978867330e837be7b23f9dfaf087992d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 22:23:36 +0100
Subject: [PATCH 198/365] test

---
 test/main.tf | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/test/main.tf b/test/main.tf
index 341d9d6db..facb40dc9 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -9,12 +9,17 @@ terraform {
     }
   }
   backend "s3" {
+    skip_region_validation      = true
     skip_credentials_validation = true
-    skip_metadata_api_check = true
-    bucket = "terraform-backend-github"
-    endpoint = "https://fra1.digitaloceanspaces.com"
-    region = "eu-west-1"
-    key = "state/terraform.tfstate"
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+    endpoints = {
+      s3 = "https://fra1.digitaloceanspaces.com"
+    }
+    region                      = "fra1" // needed
+    bucket                      = "terraform-backend-github"
+    key                         = "state/terraform.tfstate"
   }
 }
 

From d289eb22445467eb3ef74754fcb0b1a9fccb6bea Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 22:38:28 +0100
Subject: [PATCH 199/365] test

---
 .github/workflows/stage.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 852ddf22d..4f9b004c7 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -20,6 +20,8 @@ jobs:
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.3.9"
 
       - name: Terraform Init
         id: init
@@ -164,6 +166,11 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.3.9"
+
       - name: Get key
         run: |
           echo "$SSH_KEY" > .key

From 973cf55ad2fabf01b1cfa133b2cd931b1246f185 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 22:46:02 +0100
Subject: [PATCH 200/365] test

---
 .github/workflows/stage.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 4f9b004c7..9267a5571 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -30,7 +30,6 @@ jobs:
         env:
           SPACES_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
           SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
-          AWS_PROFILE: "digitalocean"
 
       - name: Get key
         run: |

From 46bb375b69d63d89e7f6b7931a6771b63215c46c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 22:49:07 +0100
Subject: [PATCH 201/365] test

---
 test/main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/main.tf b/test/main.tf
index facb40dc9..614cae0dd 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -14,8 +14,7 @@ terraform {
     skip_metadata_api_check     = true
     skip_requesting_account_id  = true
     use_path_style              = true
-    endpoints = {
-      s3 = "https://fra1.digitaloceanspaces.com"
+    endpoints = { "fra1.digitaloceanspaces.com"
     }
     region                      = "fra1" // needed
     bucket                      = "terraform-backend-github"

From d8efb41f1246874d7f7d47f3e5558808221ab7e4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 22:51:16 +0100
Subject: [PATCH 202/365] test

---
 test/main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/main.tf b/test/main.tf
index 614cae0dd..3f9b4ff9b 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -14,8 +14,7 @@ terraform {
     skip_metadata_api_check     = true
     skip_requesting_account_id  = true
     use_path_style              = true
-    endpoints = { "fra1.digitaloceanspaces.com"
-    }
+    endpoints                   = "fra1.digitaloceanspaces.com"
     region                      = "fra1" // needed
     bucket                      = "terraform-backend-github"
     key                         = "state/terraform.tfstate"

From 71bf0036504c9b814d2526274170ea584bfbbedc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 13 Feb 2024 23:57:08 +0100
Subject: [PATCH 203/365] test

---
 .github/workflows/stage.yml | 16 ++++++++--------
 .gitignore                  |  2 +-
 test/README.md              |  8 +++++---
 test/main.tf                |  7 +++++--
 4 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 9267a5571..64a23e72f 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -21,15 +21,15 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.3.9"
+          terraform_version: "1.7.3"
 
       - name: Terraform Init
         id: init
         run: |
-          terraform init -backend-config="access_key=$SPACES_ACCESS_TOKEN" -backend-config="secret_key=$SPACES_SECRET_KEY"
+          terraform init
         env:
-          SPACES_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Get key
         run: |
@@ -168,7 +168,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.3.9"
+          terraform_version: "1.7.3"
 
       - name: Get key
         run: |
@@ -181,10 +181,10 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
-          terraform init -backend-config="access_key=$SPACES_ACCESS_TOKEN" -backend-config="secret_key=$SPACES_SECRET_KEY"
+          terraform init
         env:
-          SPACES_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          SPACES_SECRET_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Delete Stack
         if: ${{ always() }}
diff --git a/.gitignore b/.gitignore
index 1f92fcfae..9c558c063 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,7 +18,7 @@ context
 # Staging
 *kubeconfig.yaml
 *terraform*
-terraform.tfstate*
+*.tfstate
 hosts.ini
 .key
 Chart.lock
diff --git a/test/README.md b/test/README.md
index a87b79b97..4b5db7f05 100644
--- a/test/README.md
+++ b/test/README.md
@@ -15,9 +15,6 @@ Add inside ./test a file .key with the private ssh key generate by DO.
 
 ```bash
 export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-export SPACES_ACCESS_TOKEN="DOxxxxxxxxxxxxxxxxxxx"
-export SPACES_SECRET_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-
 
 # init with backend config
 terraform init --backend-config=./backend_config.hcl
@@ -30,6 +27,11 @@ terraform init \
 -backend-config="access_key=$SPACES_ACCESS_TOKEN" \
 -backend-config="secret_key=$SPACES_SECRET_KEY" \
 
+# recommended method
+export AWS_ACCESS_KEY_ID=DOxxxxxxxxxxxxxxxx
+export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxx
+terraform init
+
 # auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
 terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
 
diff --git a/test/main.tf b/test/main.tf
index 3f9b4ff9b..fb9df490e 100644
--- a/test/main.tf
+++ b/test/main.tf
@@ -14,10 +14,13 @@ terraform {
     skip_metadata_api_check     = true
     skip_requesting_account_id  = true
     use_path_style              = true
-    endpoints                   = "fra1.digitaloceanspaces.com"
+    skip_s3_checksum            = true
+    endpoints = {
+      s3 = "https://fra1.digitaloceanspaces.com"
+    }
     region                      = "fra1" // needed
     bucket                      = "terraform-backend-github"
-    key                         = "state/terraform.tfstate"
+    key                         = "state-store/terraform.tfstate"
   }
 }
 

From 46ffdf05ca159faddcce0fd72b7107c500131669 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 14 Feb 2024 00:24:36 +0100
Subject: [PATCH 204/365] test

---
 .github/workflows/stage.yml | 3 +--
 test/README.md              | 2 ++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 64a23e72f..67e14b05d 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -43,7 +43,7 @@ jobs:
         id: validate
         run: terraform validate -no-color
 
-      - name: Terraform Plan
+      - name: Terraform plan
         id: plan
         run: |
           terraform plan -out=terraform.tfplan \
@@ -55,7 +55,6 @@ jobs:
         continue-on-error: true
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_PROFILE: "digitalocean"
 
       - name: Terraform Plan Status
         if: steps.plan.outcome == 'failure'
diff --git a/test/README.md b/test/README.md
index 4b5db7f05..544b8f93d 100644
--- a/test/README.md
+++ b/test/README.md
@@ -35,6 +35,8 @@ terraform init
 # auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
 terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
 
+terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" --target aws_s3_bucket.terraform-backend-github
+
 # Deploy
 terraform plan -out=terraform.tfplan \
 -var "GITHUB_RUN_ID=777" \

From 077209bda1e552cd5610e8cbaf7e59ed7ff1e268 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 14 Feb 2024 22:29:00 +0100
Subject: [PATCH 205/365] test

---
 .github/workflows/stage.yml |  6 ++++++
 test/DO/backend/.gitignore  |  1 +
 test/DO/backend/main.tf     | 25 +++++++++++++++++++++++++
 test/DO/backend/variable.tf | 15 +++++++++++++++
 4 files changed, 47 insertions(+)
 create mode 100644 test/DO/backend/.gitignore
 create mode 100644 test/DO/backend/main.tf
 create mode 100644 test/DO/backend/variable.tf

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 67e14b05d..7a3372f40 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -55,6 +55,8 @@ jobs:
         continue-on-error: true
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Terraform Plan Status
         if: steps.plan.outcome == 'failure'
@@ -63,6 +65,10 @@ jobs:
       - name: Terraform Apply
         run: |
           terraform apply terraform.tfplan
+        env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
   reachable:
     name: Reachable
diff --git a/test/DO/backend/.gitignore b/test/DO/backend/.gitignore
new file mode 100644
index 000000000..49d1ef281
--- /dev/null
+++ b/test/DO/backend/.gitignore
@@ -0,0 +1 @@
+terraform.tfstate*
diff --git a/test/DO/backend/main.tf b/test/DO/backend/main.tf
new file mode 100644
index 000000000..361f6322b
--- /dev/null
+++ b/test/DO/backend/main.tf
@@ -0,0 +1,25 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
+
+resource "digitalocean_spaces_bucket" "terraform_backend" {
+  name   = var.terraform_backend_bucket_name
+  region = "fra1"
+}
+
+output "terraform_backend_bucket_domain_name" {
+  value = digitalocean_spaces_bucket.terraform_backend.bucket_domain_name
+}
+
+output "terraform_backend_bucket_name" {
+  value = digitalocean_spaces_bucket.terraform_backend.name
+}
+
+output "terraform_backend_bucket_region" {
+  value = digitalocean_spaces_bucket.terraform_backend.region
+}
diff --git a/test/DO/backend/variable.tf b/test/DO/backend/variable.tf
new file mode 100644
index 000000000..408db9958
--- /dev/null
+++ b/test/DO/backend/variable.tf
@@ -0,0 +1,15 @@
+variable "do_token" {
+  description = "Digital Ocean API Token"
+}
+
+variable "access_id" {
+  description = "Digital Ocean Spaces Access ID"
+}
+
+variable "secret_key" {
+  description = "Digital Ocean Spaces Access Key"
+}
+
+variable "terraform_backend_bucket_name" {
+  description = "Unique bucket name for storing terraform backend data"
+}

From 22fe5972fad4ce3828db65781c35f760f28251ee Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 14 Feb 2024 22:53:33 +0100
Subject: [PATCH 206/365] test

---
 .github/workflows/stage.yml | 8 ++++++--
 test/{ => DO}/README.md     | 0
 test/{ => DO}/main.tf       | 6 +++---
 test/{ => DO}/variables.tf  | 0
 4 files changed, 9 insertions(+), 5 deletions(-)
 rename test/{ => DO}/README.md (100%)
 rename test/{ => DO}/main.tf (96%)
 rename test/{ => DO}/variables.tf (100%)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 7a3372f40..2ac13a179 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -12,7 +12,7 @@ jobs:
     defaults:
       run:
         shell: bash
-        working-directory: ./test
+        working-directory: ./test/DO
 
     steps:
       - name: Checkout files
@@ -28,6 +28,7 @@ jobs:
         run: |
           terraform init
         env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
@@ -164,7 +165,7 @@ jobs:
     defaults:
       run:
         shell: bash
-        working-directory: ./test
+        working-directory: ./test/DO
 
     steps:
       - name: Checkout files
@@ -188,6 +189,7 @@ jobs:
         run: |
           terraform init
         env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
@@ -202,3 +204,5 @@ jobs:
           -auto-approve
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
diff --git a/test/README.md b/test/DO/README.md
similarity index 100%
rename from test/README.md
rename to test/DO/README.md
diff --git a/test/main.tf b/test/DO/main.tf
similarity index 96%
rename from test/main.tf
rename to test/DO/main.tf
index fb9df490e..0f9c97c4c 100644
--- a/test/main.tf
+++ b/test/DO/main.tf
@@ -64,7 +64,7 @@ resource "digitalocean_droplet" "controllers" {
     host = self.ipv4_address
     user = "root"
     type = "ssh"
-    private_key = file(pathexpand(".key"))
+    private_key = file(pathexpand("../.key"))
     timeout = "2m"
   }
 
@@ -129,13 +129,13 @@ resource "digitalocean_project" "rkub" {
 ### Generate the hosts.ini file
 ###
 resource "local_file" "ansible_inventory" {
-  content = templatefile("inventory/hosts.tpl",
+  content = templatefile("../inventory/hosts.tpl",
     {
      controller_ips = digitalocean_droplet.controllers[*].ipv4_address,
      worker_ips     = digitalocean_droplet.workers[*].ipv4_address
     }
   )
-  filename = "inventory/hosts.ini"
+  filename = "../inventory/hosts.ini"
 }
 
 ###
diff --git a/test/variables.tf b/test/DO/variables.tf
similarity index 100%
rename from test/variables.tf
rename to test/DO/variables.tf

From 6903bd4315203c0831a6658ebe93be03f0e9265b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 14 Feb 2024 23:04:10 +0100
Subject: [PATCH 207/365] test

---
 .github/workflows/stage.yml | 19 -------------------
 test/DO/main.tf             |  2 +-
 test/ansible.cfg            |  2 +-
 3 files changed, 2 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 2ac13a179..3d968d75c 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -115,25 +115,6 @@ jobs:
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
-#      - name: Create inventory hosts.ini
-#        run: |
-#          touch hosts.ini
-#          echo "[RKE2_CONTROLLERS]" > hosts.ini
-#          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_controllers --format "Public IPv4" --output text >> hosts.ini
-#          echo "[RKE2_WORKERS]" >> hosts.ini
-#          doctl compute droplet list --no-header --tag-name rke2_ansible_test_on_rockylinux-8-x64_${GITHUB_RUN_ID}_workers --format "Public IPv4" --output text >> hosts.ini
-#          echo "[all:vars]" >> hosts.ini
-#          echo "kubernetes_api_server_host=$(echo " " | head -1)" >> hosts.ini
-#          echo "remote_user=root" >> ansible.cfg
-#          echo "private_key_file=.key" >> ansible.cfg
-#        env:
-#          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-#
-#      - name: Check hosts.ini and ansible.cfg
-#        run: |
-#          cat hosts.ini
-#          cat ansible.cfg
-
       - name: Test if reachable
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -u root -vv --private-key .key
diff --git a/test/DO/main.tf b/test/DO/main.tf
index 0f9c97c4c..e55839289 100644
--- a/test/DO/main.tf
+++ b/test/DO/main.tf
@@ -64,7 +64,7 @@ resource "digitalocean_droplet" "controllers" {
     host = self.ipv4_address
     user = "root"
     type = "ssh"
-    private_key = file(pathexpand("../.key"))
+    private_key = file(pathexpand(".key"))
     timeout = "2m"
   }
 
diff --git a/test/ansible.cfg b/test/ansible.cfg
index e43f7fcf5..4510ec4bb 100644
--- a/test/ansible.cfg
+++ b/test/ansible.cfg
@@ -6,4 +6,4 @@ display_skipped_hosts = false
 deprecation_warnings = false
 force_color       = True
 stdout_callback   = yaml
-private_key_file = .key
+private_key_file = ./DO/.key

From a361803648885f0b09c55de5b95a85ed77a7fd56 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 14 Feb 2024 23:29:57 +0100
Subject: [PATCH 208/365] test

---
 .github/workflows/stage.yml | 23 ++++++++++++++++++-----
 test/DO/README.md           |  9 +++++++++
 2 files changed, 27 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 3d968d75c..6841dc628 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -174,15 +174,28 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
-      - name: Delete Stack
-        if: ${{ always() }}
+      - name: Terraform plan delete stack
+        id: plan
         run: |
-          terraform destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+
+          terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
           -var "do_worker_count=1" \
           -var "do_controller_count=1" \
-          -var "do_instance_size=s-2vcpu-4gb" \
-          -auto-approve
+          -var "do_instance_size=s-2vcpu-4gb"
+        continue-on-error: true
+        env:
+          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        run: |
+          terraform apply terraform.tfplan
         env:
           DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
           AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
diff --git a/test/DO/README.md b/test/DO/README.md
index 544b8f93d..9a5dfc5ec 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -47,6 +47,15 @@ terraform plan -out=terraform.tfplan \
 # Apply
 terraform apply terraform.tfplan
 
+# Reconciliate
+terraform plan -refresh-only -out=terraform.tfplan \
+-var "GITHUB_RUN_ID=777" \
+-var "do_token=${DO_PAT}" \
+-var "do_worker_count=1" \
+-var "do_controller_count=3" \
+-var "do_instance_size=s-1vcpu-1gb"
+
+
 # connect to a controller
 ssh root@$(terraform output -json ip_address_controllers | jq -r '.[0]') -i .key
 

From 964e31591a21977cf950f18f96fcf912f4e24709 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 14 Feb 2024 23:33:54 +0100
Subject: [PATCH 209/365] test

---
 .github/workflows/stage.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 6841dc628..147fe9295 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -177,8 +177,8 @@ jobs:
       - name: Terraform plan delete stack
         id: plan
         run: |
-
-          terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          terraform plan -destroy -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
           -var "do_worker_count=1" \
           -var "do_controller_count=1" \

From ca5d8f67e814af46b22fd776bc7c4dc9dc1d1dde Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 14:14:56 +0100
Subject: [PATCH 210/365] work on pipeline CI

---
 .github/workflows/stage.yml | 45 ++++++++++++++++---------------------
 test/DO/README.md           | 23 ++++++++++++-------
 test/DO/main.tf             | 15 ++++++++-----
 3 files changed, 43 insertions(+), 40 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 147fe9295..6768d795d 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -8,6 +8,10 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
+    env:
+      DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
     defaults:
       run:
@@ -27,10 +31,6 @@ jobs:
         id: init
         run: |
           terraform init
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Get key
         run: |
@@ -44,20 +44,20 @@ jobs:
         id: validate
         run: terraform validate -no-color
 
+      - name: Terraform workspace
+        id: workspace
+        run: terraform workspace new rkub-${GITHUB_RUN_ID}
+
       - name: Terraform plan
         id: plan
         run: |
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=1" \
+          -var "do_worker_count=0" \
           -var "do_controller_count=1" \
           -var "do_instance_size=s-2vcpu-4gb"
         continue-on-error: true
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Terraform Plan Status
         if: steps.plan.outcome == 'failure'
@@ -66,10 +66,6 @@ jobs:
       - name: Terraform Apply
         run: |
           terraform apply terraform.tfplan
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
   reachable:
     name: Reachable
@@ -142,6 +138,10 @@ jobs:
     runs-on: ubuntu-latest
     needs: Reachable
     if: always()
+    env:
+      DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
     defaults:
       run:
@@ -169,10 +169,6 @@ jobs:
         id: init
         run: |
           terraform init
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Terraform plan delete stack
         id: plan
@@ -180,14 +176,10 @@ jobs:
           terraform plan -destroy -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=1" \
+          -var "do_worker_count=0" \
           -var "do_controller_count=1" \
           -var "do_instance_size=s-2vcpu-4gb"
         continue-on-error: true
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
       - name: Terraform Plan Status
         if: steps.plan.outcome == 'failure'
@@ -196,7 +188,8 @@ jobs:
       - name: Terraform Apply
         run: |
           terraform apply terraform.tfplan
-        env:
-          DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+
+      - name: Terraform cleanup workspace
+        run: |
+          terraform workspace select default
+          terraform workspace delete rkub-${GITHUB_RUN_ID}
diff --git a/test/DO/README.md b/test/DO/README.md
index 9a5dfc5ec..2850a58c6 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -9,7 +9,7 @@ The puropse of this CI is to test the integration between RKE2, longhorn, ranche
 On Digital Ocean account:
 - generate a PAT (private access token)
 - a set of SSH key
-- Create a Space with a key
+- Create a Space with a an acces_key and a secret key
 
 Add inside ./test a file .key with the private ssh key generate by DO.
 
@@ -32,30 +32,32 @@ export AWS_ACCESS_KEY_ID=DOxxxxxxxxxxxxxxxx
 export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxx
 terraform init
 
-# auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
-terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" -auto-approve
+# Create a workspace
+export GITHUB_RUN_ID="777"
+terraform workspace new rkub-${GITHUB_RUN_ID}
 
-terraform apply -var "GITHUB_RUN_ID=777" -var "do_token=${DO_PAT}" --target aws_s3_bucket.terraform-backend-github
+# auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
+terraform apply -var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" -var "do_token=${DO_PAT}" -auto-approve
 
 # Deploy
 terraform plan -out=terraform.tfplan \
--var "GITHUB_RUN_ID=777" \
+-var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-1vcpu-1gb"
+
 # Apply
 terraform apply terraform.tfplan
 
 # Reconciliate
 terraform plan -refresh-only -out=terraform.tfplan \
--var "GITHUB_RUN_ID=777" \
+-var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-1vcpu-1gb"
 
-
 # connect to a controller
 ssh root@$(terraform output -json ip_address_controllers | jq -r '.[0]') -i .key
 
@@ -63,11 +65,16 @@ ssh root@$(terraform output -json ip_address_controllers | jq -r '.[0]') -i .key
 ssh root@$(terraform output -json ip_address_workers | jq -r '.[0]') -i .key
 
 # Destroy
-terraform plan -destroy -out=terraform.tfplan -var "GITHUB_RUN_ID=777" \
+terraform plan -destroy -out=terraform.tfplan \
+-var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-1vcpu-1gb"
 # Apply destroy
 terraform apply terraform.tfplan
+
+# Delete Workspace
+terraform workspace select default
+terraform workspace delete rkub-${GITHUB_RUN_ID}
 ```
diff --git a/test/DO/main.tf b/test/DO/main.tf
index e55839289..aad6b7e7d 100644
--- a/test/DO/main.tf
+++ b/test/DO/main.tf
@@ -20,7 +20,7 @@ terraform {
     }
     region                      = "fra1" // needed
     bucket                      = "terraform-backend-github"
-    key                         = "state-store/terraform.tfstate"
+    key                         = "terraform.tfstate"
   }
 }
 
@@ -36,9 +36,8 @@ data "digitalocean_ssh_key" "terraform" {
 ### VPC
 ###
 resource "digitalocean_vpc" "rkub-project-network" {
-  name     = "rkub-project-network"
+  name     = "rkub-${var.GITHUB_RUN_ID}-network"
   region   = "fra1"
-  ip_range = "10.10.10.0/24"
 }
 
 ###
@@ -53,7 +52,9 @@ resource "digitalocean_droplet" "controllers" {
     region = "fra1"
     size = var.do_instance_size
     tags   = [
-      "rke2_ansible_test_on_${var.do_system}_${var.GITHUB_RUN_ID}_controllers",
+      "rkub-${var.GITHUB_RUN_ID}",
+      "controller",
+      "${var.do_system}_controllers",
       ]
     vpc_uuid = digitalocean_vpc.rkub-project-network.id
     ssh_keys = [
@@ -90,7 +91,9 @@ resource "digitalocean_droplet" "workers" {
     region = "fra1"
     size = var.do_instance_size
     tags   = [
-      "rke2_ansible_test_on_${var.do_system}_${var.GITHUB_RUN_ID}_workers",
+      "rkub-${var.GITHUB_RUN_ID}",
+      "worker",
+      "${var.do_system}_workers",
       ]
     vpc_uuid = digitalocean_vpc.rkub-project-network.id
     ssh_keys = [
@@ -118,7 +121,7 @@ resource "digitalocean_droplet" "workers" {
 ###
 
 resource "digitalocean_project" "rkub" {
-  name        = "Rkub-${var.GITHUB_RUN_ID}"
+  name        = "rkub-${var.GITHUB_RUN_ID}"
   description = "A CI project to test the Rkub development from github."
   purpose     = "Cluster k8s"
   environment = "Staging"

From 5432e81c6362924a9fdaf6d5bcb3e32a0046d200 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 14:24:05 +0100
Subject: [PATCH 211/365] work on pipeline CI

---
 .github/workflows/stage.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 6768d795d..0fb27432c 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -170,6 +170,10 @@ jobs:
         run: |
           terraform init
 
+      - name: Terraform cleanup workspace
+        run: |
+          terraform workspace select rkub-${GITHUB_RUN_ID}
+
       - name: Terraform plan delete stack
         id: plan
         run: |

From a93801d47a084510d5f1ac34b2f739b0cb7f9faa Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 19:25:49 +0100
Subject: [PATCH 212/365] work on pipeline CI

---
 .github/workflows/stage.yml                  | 53 ++++++++++++++++----
 test/playbooks/build.yml                     |  9 ++++
 test/playbooks/install.yml                   | 18 +++++++
 test/playbooks/longhorn.yml                  |  9 ++++
 test/playbooks/neuvector.yml                 |  9 ++++
 {playbooks/tasks => test/playbooks}/ping.yml |  0
 test/playbooks/rancher.yml                   |  9 ++++
 {playbooks/tasks => test/playbooks}/test.yml |  0
 test/playbooks/uninstall.yml                 |  9 ++++
 test/playbooks/upload.yml                    |  8 +++
 10 files changed, 114 insertions(+), 10 deletions(-)
 create mode 100644 test/playbooks/build.yml
 create mode 100644 test/playbooks/install.yml
 create mode 100644 test/playbooks/longhorn.yml
 create mode 100644 test/playbooks/neuvector.yml
 rename {playbooks/tasks => test/playbooks}/ping.yml (100%)
 create mode 100644 test/playbooks/rancher.yml
 rename {playbooks/tasks => test/playbooks}/test.yml (100%)
 create mode 100644 test/playbooks/uninstall.yml
 create mode 100644 test/playbooks/upload.yml

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 0fb27432c..ffbc3aa62 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -70,7 +70,7 @@ jobs:
   reachable:
     name: Reachable
     runs-on: ubuntu-latest
-    needs: Deploy
+    needs: deploy
 
     defaults:
       run:
@@ -115,17 +115,50 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -u root -vv --private-key .key
 
-      #- name: Run playbook
-      #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key playbooks/tasks/install.yml
+  package:
+    name: Package
+    runs-on: ubuntu-latest
+    needs: Reachable
 
-      #- name: Run playbook again for idempotency
-      #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root -vv --private-key .key playbooks/tasks/rancher.yml
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
 
-      #- name: Run Ansible Tests
-      #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini -u root --verbose --skip-tags "troubleshooting" --private-key .key testing.yml
+    steps:
+      - name: Run playbook build
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/build.yml
+
+  upload:
+    name: Upload
+    runs-on: ubuntu-latest
+    needs: [ Reachable, Package ]
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Run playbook upload
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/upload.yml
+
+  install:
+    name: Install
+    runs-on: ubuntu-latest
+    needs: [ Reachable, Upload ]
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Run playbook install
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/install.yml
 
       #- name: Run Python Tests
       #  run: |
diff --git a/test/playbooks/build.yml b/test/playbooks/build.yml
new file mode 100644
index 000000000..240818a90
--- /dev/null
+++ b/test/playbooks/build.yml
@@ -0,0 +1,9 @@
+---
+- name: Build RKE2 package
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars_files: ../vars/main.yml
+  tags: build
+  roles:
+    - {role: build_airgap_package, tags: package}
diff --git a/test/playbooks/install.yml b/test/playbooks/install.yml
new file mode 100644
index 000000000..5cd4c6e66
--- /dev/null
+++ b/test/playbooks/install.yml
@@ -0,0 +1,18 @@
+---
+- name: Install RKE2 Controlers
+  hosts: RKE2_CONTROLLERS
+  gather_facts: true
+  become: true
+  vars_files: ../vars/main.yml
+  tags: controller
+  roles:
+    - {role: install_rke2_controller, tags: rke2}
+
+- name: Install RKE2 Workers
+  hosts: RKE2_WORKERS
+  gather_facts: true
+  become: true
+  vars_files: ../vars/main.yml
+  tags: worker
+  roles:
+    - {role: install_rke2_worker, tags: rke2}
diff --git a/test/playbooks/longhorn.yml b/test/playbooks/longhorn.yml
new file mode 100644
index 000000000..bb586be08
--- /dev/null
+++ b/test/playbooks/longhorn.yml
@@ -0,0 +1,9 @@
+---
+- name: Install Longhorn
+  hosts: RKE2_CONTROLLERS:RKE2_WORKERS
+  gather_facts: true
+  become: true
+  vars_files: ../vars/main.yml
+  tags: [ controller, worker ]
+  roles:
+    - {role: deploy_longhorn, tags: longhorn}
diff --git a/test/playbooks/neuvector.yml b/test/playbooks/neuvector.yml
new file mode 100644
index 000000000..7c00870c0
--- /dev/null
+++ b/test/playbooks/neuvector.yml
@@ -0,0 +1,9 @@
+---
+- name: Install Neuvector
+  hosts: RKE2_CONTROLLERS:RKE2_WORKERS
+  gather_facts: true
+  become: true
+  vars_files: ../vars/main.yml
+  tags: [ controller, worker ]
+  roles:
+    - {role: deploy_neuvector, tags: neuvector}
diff --git a/playbooks/tasks/ping.yml b/test/playbooks/ping.yml
similarity index 100%
rename from playbooks/tasks/ping.yml
rename to test/playbooks/ping.yml
diff --git a/test/playbooks/rancher.yml b/test/playbooks/rancher.yml
new file mode 100644
index 000000000..d6fd01de8
--- /dev/null
+++ b/test/playbooks/rancher.yml
@@ -0,0 +1,9 @@
+---
+- name: Install Rancher
+  hosts: RKE2_CONTROLLERS:RKE2_WORKERS
+  gather_facts: true
+  become: true
+  vars_files: ../vars/main.yml
+  tags: [ controller, worker ]
+  roles:
+    - {role: deploy_rancher, tags: rancher}
diff --git a/playbooks/tasks/test.yml b/test/playbooks/test.yml
similarity index 100%
rename from playbooks/tasks/test.yml
rename to test/playbooks/test.yml
diff --git a/test/playbooks/uninstall.yml b/test/playbooks/uninstall.yml
new file mode 100644
index 000000000..4c16c21e8
--- /dev/null
+++ b/test/playbooks/uninstall.yml
@@ -0,0 +1,9 @@
+---
+- name: uninstall RKE2
+  hosts: RKE2_CONTROLLERS:RKE2_WORKERS
+  gather_facts: false
+  become: true
+  vars_files: ../vars/main.yml
+  tags: controler, worker
+  roles:
+    - {role: uninstall_rkub, tags: uninstall}
diff --git a/test/playbooks/upload.yml b/test/playbooks/upload.yml
new file mode 100644
index 000000000..88c523780
--- /dev/null
+++ b/test/playbooks/upload.yml
@@ -0,0 +1,8 @@
+---
+- name: Dowload Rkub package on first controler
+  hosts: RKE2_CONTROLLERS[0]
+  gather_facts: false
+  vars_files: ../vars/main.yml
+  tags: controler
+  roles:
+    - {role: upload_package_zst, tags: upload}

From 38d3fcdaa706eab5f5acd4b70564a53e7f680b0d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 19:51:17 +0100
Subject: [PATCH 213/365] work on pipeline CI

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index ffbc3aa62..5fd6c1d48 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -169,7 +169,7 @@ jobs:
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
-    needs: Reachable
+    needs: Install
     if: always()
     env:
       DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

From 13fb5693354b8980f5369700997b1789ae6404c3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 20:24:54 +0100
Subject: [PATCH 214/365] work on pipeline CI

---
 .github/workflows/stage.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 5fd6c1d48..d119b029a 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -86,11 +86,6 @@ jobs:
         with:
           token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
 
-      - name: Check GITHUB ID
-        id: plan
-        run: |
-          echo "GITHUB_RUN_ID=$GITHUB_RUN_ID"
-
       - name: Set up Python
         id: setup_python
         uses: actions/setup-python@v5
@@ -126,6 +121,9 @@ jobs:
         working-directory: ./test
 
     steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
       - name: Run playbook build
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/build.yml
@@ -141,6 +139,9 @@ jobs:
         working-directory: ./test
 
     steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
       - name: Run playbook upload
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/upload.yml
@@ -156,6 +157,9 @@ jobs:
         working-directory: ./test
 
     steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
       - name: Run playbook install
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/install.yml

From a79a07abb89a18fa6c2b9105a22840d62aee55b4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 20:28:38 +0100
Subject: [PATCH 215/365] work on pipeline CI

---
 .github/workflows/stage.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index d119b029a..703eaaad7 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -126,7 +126,7 @@ jobs:
 
       - name: Run playbook build
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/build.yml
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/build.yml
 
   upload:
     name: Upload
@@ -144,7 +144,7 @@ jobs:
 
       - name: Run playbook upload
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/upload.yml
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/upload.yml
 
   install:
     name: Install
@@ -162,7 +162,7 @@ jobs:
 
       - name: Run playbook install
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/tasks/install.yml
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/install.yml
 
       #- name: Run Python Tests
       #  run: |

From 7abe36178fae1b5c794f73f6d8e82971c3590b6e Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 20:59:49 +0100
Subject: [PATCH 216/365] work on pipeline CI

---
 roles/build_airgap_package/tasks/prerequis.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/build_airgap_package/tasks/prerequis.yml b/roles/build_airgap_package/tasks/prerequis.yml
index b9a46f078..14a89cef6 100644
--- a/roles/build_airgap_package/tasks/prerequis.yml
+++ b/roles/build_airgap_package/tasks/prerequis.yml
@@ -9,6 +9,7 @@
     - skopeo
   when:
     - ansible_os_family == "RedHat"
+  become: true
 
 # for Debian-like
 - name: Install zstd and skopeo
@@ -20,6 +21,7 @@
     - skopeo
   when:
     - ansible_os_family == "Debian"
+  become: true
 
 - name: Create package directories
   ansible.builtin.file:

From 6da0e8ee6a7dca47c60d8aa8dce939ba4d8b0e5b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 17 Feb 2024 21:10:28 +0100
Subject: [PATCH 217/365] work on pipeline CI

---
 test/DO/README.md            | 3 +++
 test/playbooks/build.yml     | 2 +-
 test/playbooks/install.yml   | 4 ++--
 test/playbooks/longhorn.yml  | 2 +-
 test/playbooks/neuvector.yml | 2 +-
 test/playbooks/rancher.yml   | 2 +-
 test/playbooks/uninstall.yml | 2 +-
 test/playbooks/upload.yml    | 2 +-
 8 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/test/DO/README.md b/test/DO/README.md
index 2850a58c6..9f745e882 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -36,6 +36,9 @@ terraform init
 export GITHUB_RUN_ID="777"
 terraform workspace new rkub-${GITHUB_RUN_ID}
 
+# Get back to a workspace
+terraform workspace select rkub-${GITHUB_RUN_ID}
+
 # auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
 terraform apply -var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" -var "do_token=${DO_PAT}" -auto-approve
 
diff --git a/test/playbooks/build.yml b/test/playbooks/build.yml
index 240818a90..842287cdb 100644
--- a/test/playbooks/build.yml
+++ b/test/playbooks/build.yml
@@ -3,7 +3,7 @@
   hosts: localhost
   connection: local
   gather_facts: false
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: build
   roles:
     - {role: build_airgap_package, tags: package}
diff --git a/test/playbooks/install.yml b/test/playbooks/install.yml
index 5cd4c6e66..e06d0193b 100644
--- a/test/playbooks/install.yml
+++ b/test/playbooks/install.yml
@@ -3,7 +3,7 @@
   hosts: RKE2_CONTROLLERS
   gather_facts: true
   become: true
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: controller
   roles:
     - {role: install_rke2_controller, tags: rke2}
@@ -12,7 +12,7 @@
   hosts: RKE2_WORKERS
   gather_facts: true
   become: true
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: worker
   roles:
     - {role: install_rke2_worker, tags: rke2}
diff --git a/test/playbooks/longhorn.yml b/test/playbooks/longhorn.yml
index bb586be08..724a433bb 100644
--- a/test/playbooks/longhorn.yml
+++ b/test/playbooks/longhorn.yml
@@ -3,7 +3,7 @@
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: true
   become: true
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: [ controller, worker ]
   roles:
     - {role: deploy_longhorn, tags: longhorn}
diff --git a/test/playbooks/neuvector.yml b/test/playbooks/neuvector.yml
index 7c00870c0..b769e40ce 100644
--- a/test/playbooks/neuvector.yml
+++ b/test/playbooks/neuvector.yml
@@ -3,7 +3,7 @@
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: true
   become: true
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: [ controller, worker ]
   roles:
     - {role: deploy_neuvector, tags: neuvector}
diff --git a/test/playbooks/rancher.yml b/test/playbooks/rancher.yml
index d6fd01de8..d233bd423 100644
--- a/test/playbooks/rancher.yml
+++ b/test/playbooks/rancher.yml
@@ -3,7 +3,7 @@
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: true
   become: true
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: [ controller, worker ]
   roles:
     - {role: deploy_rancher, tags: rancher}
diff --git a/test/playbooks/uninstall.yml b/test/playbooks/uninstall.yml
index 4c16c21e8..d957f0b4c 100644
--- a/test/playbooks/uninstall.yml
+++ b/test/playbooks/uninstall.yml
@@ -3,7 +3,7 @@
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: false
   become: true
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: controler, worker
   roles:
     - {role: uninstall_rkub, tags: uninstall}
diff --git a/test/playbooks/upload.yml b/test/playbooks/upload.yml
index 88c523780..e911f2557 100644
--- a/test/playbooks/upload.yml
+++ b/test/playbooks/upload.yml
@@ -2,7 +2,7 @@
 - name: Dowload Rkub package on first controler
   hosts: RKE2_CONTROLLERS[0]
   gather_facts: false
-  vars_files: ../vars/main.yml
+  vars_files: ../../playbooks/vars/main.yml
   tags: controler
   roles:
     - {role: upload_package_zst, tags: upload}

From 81975a97d887de911cb0a441f92087250dcc02ec Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 2 Mar 2024 21:15:02 +0100
Subject: [PATCH 218/365] test workflows

---
 .github/workflows/stage.yml         | 74 ++++++++++++++++++++-----
 .gitignore                          |  2 +
 playbooks/{tasks => }/build.yml     |  2 +-
 playbooks/{tasks => }/install.yml   |  4 +-
 playbooks/{tasks => }/longhorn.yml  |  2 +-
 playbooks/{tasks => }/neuvector.yml |  2 +-
 playbooks/{tasks => }/rancher.yml   |  2 +-
 playbooks/{tasks => }/uninstall.yml |  4 +-
 playbooks/{tasks => }/upload.yml    |  2 +-
 test/DO/ansible/.gitignore          |  1 +
 test/DO/ansible/main.tf             | 84 +++++++++++++++++++++++++++++
 test/DO/ansible/variables.tf        | 39 ++++++++++++++
 test/DO/backend/main.tf             |  9 +++-
 test/DO/backend/variable.tf         | 15 ------
 test/DO/backend/variables.tf        | 27 ++++++++++
 test/DO/infra/.gitignore            |  1 +
 test/DO/{ => infra}/main.tf         | 74 ++++++++++++-------------
 test/DO/{ => infra}/variables.tf    | 20 +++++--
 18 files changed, 281 insertions(+), 83 deletions(-)
 rename playbooks/{tasks => }/build.yml (68%)
 rename playbooks/{tasks => }/install.yml (70%)
 rename playbooks/{tasks => }/longhorn.yml (73%)
 rename playbooks/{tasks => }/neuvector.yml (73%)
 rename playbooks/{tasks => }/rancher.yml (74%)
 rename playbooks/{tasks => }/uninstall.yml (63%)
 rename playbooks/{tasks => }/upload.yml (71%)
 create mode 100644 test/DO/ansible/.gitignore
 create mode 100644 test/DO/ansible/main.tf
 create mode 100644 test/DO/ansible/variables.tf
 delete mode 100644 test/DO/backend/variable.tf
 create mode 100644 test/DO/backend/variables.tf
 create mode 100644 test/DO/infra/.gitignore
 rename test/DO/{ => infra}/main.tf (74%)
 rename test/DO/{ => infra}/variables.tf (57%)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 703eaaad7..a7ce6bfca 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -4,19 +4,73 @@ name: Stage deployment
 on:
   workflow_dispatch:
 
+env:
+  DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+
 jobs:
+  backend:
+    name: Backend
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test/DO/backend
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.3"
+
+      - name: Config Terraform plugin cache
+        run: |
+          echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
+          mkdir --parents ~/.terraform.d/plugin-cache
+
+      - name: Cache Terraform
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.terraform.d/plugin-cache
+          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
+          restore-keys: |
+            ${{ runner.os }}-terraform-
+
+      - name: Init Terraform configuration
+        run: |
+          terraform init
+
+      - name: Terraform plan
+        id: plan
+        run: |
+          terraform plan -out=terraform.tfplan \
+          -var "do_token=${DO_PAT}" \
+          -var "spaces_access_key_id=${AWS_ACCESS_KEY_ID}" \
+          -var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
+        continue-on-error: true
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        run: |
+          terraform apply terraform.tfplan
+
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-    env:
-      DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-      AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
     defaults:
       run:
         shell: bash
-        working-directory: ./test/DO
+        working-directory: ./test/DO/infra
 
     steps:
       - name: Checkout files
@@ -32,14 +86,6 @@ jobs:
         run: |
           terraform init
 
-      - name: Get key
-        run: |
-          echo "$SSH_KEY" > .key
-          chmod 400 .key
-        shell: bash
-        env:
-          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
-
       - name: Terraform Validate
         id: validate
         run: terraform validate -no-color
@@ -84,7 +130,7 @@ jobs:
       - name: Install doctl
         uses: digitalocean/action-doctl@v2
         with:
-          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          token: ${{ DO_PAT }}
 
       - name: Set up Python
         id: setup_python
diff --git a/.gitignore b/.gitignore
index 9c558c063..87c7b8b8e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,8 @@ context
 # Staging
 *kubeconfig.yaml
 *terraform*
+node_modules
+package*.json
 *.tfstate
 hosts.ini
 .key
diff --git a/playbooks/tasks/build.yml b/playbooks/build.yml
similarity index 68%
rename from playbooks/tasks/build.yml
rename to playbooks/build.yml
index 4d44b92ac..e64bdbf19 100644
--- a/playbooks/tasks/build.yml
+++ b/playbooks/build.yml
@@ -6,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: build
   roles:
-    - {role: build_airgap_package, tags: package}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.build_airgap_package, tags: package}
diff --git a/playbooks/tasks/install.yml b/playbooks/install.yml
similarity index 70%
rename from playbooks/tasks/install.yml
rename to playbooks/install.yml
index 01f519a64..3e163a149 100644
--- a/playbooks/tasks/install.yml
+++ b/playbooks/install.yml
@@ -6,7 +6,7 @@
   vars_files: ../vars/main.yml
   tags: controller
   roles:
-    - {role: install_rke2_controller, tags: rke2}
+    - {role: mozebaltyk.rkub.install_rke2_controller, tags: rke2}
 
 - name: Install RKE2 Workers
   hosts: RKE2_WORKERS
@@ -15,4 +15,4 @@
   vars_files: ../vars/main.yml
   tags: worker
   roles:
-    - {role: install_rke2_worker, tags: rke2}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.install_rke2_worker, tags: rke2}
diff --git a/playbooks/tasks/longhorn.yml b/playbooks/longhorn.yml
similarity index 73%
rename from playbooks/tasks/longhorn.yml
rename to playbooks/longhorn.yml
index be204551a..6754bf434 100644
--- a/playbooks/tasks/longhorn.yml
+++ b/playbooks/longhorn.yml
@@ -6,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: [ controller, worker ]
   roles:
-    - {role: deploy_longhorn, tags: longhorn}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.deploy_longhorn, tags: longhorn}
diff --git a/playbooks/tasks/neuvector.yml b/playbooks/neuvector.yml
similarity index 73%
rename from playbooks/tasks/neuvector.yml
rename to playbooks/neuvector.yml
index a2e48ded4..903235a21 100644
--- a/playbooks/tasks/neuvector.yml
+++ b/playbooks/neuvector.yml
@@ -6,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: [ controller, worker ]
   roles:
-    - {role: deploy_neuvector, tags: neuvector}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.deploy_neuvector, tags: neuvector}
diff --git a/playbooks/tasks/rancher.yml b/playbooks/rancher.yml
similarity index 74%
rename from playbooks/tasks/rancher.yml
rename to playbooks/rancher.yml
index f099d6ecb..c9cd649ad 100644
--- a/playbooks/tasks/rancher.yml
+++ b/playbooks/rancher.yml
@@ -6,4 +6,4 @@
   vars_files: ../vars/main.yml
   tags: [ controller, worker ]
   roles:
-    - {role: deploy_rancher, tags: rancher}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.deploy_rancher, tags: rancher}
diff --git a/playbooks/tasks/uninstall.yml b/playbooks/uninstall.yml
similarity index 63%
rename from playbooks/tasks/uninstall.yml
rename to playbooks/uninstall.yml
index 340fcfa7a..4b09d0218 100644
--- a/playbooks/tasks/uninstall.yml
+++ b/playbooks/uninstall.yml
@@ -1,9 +1,9 @@
 ---
-- name: uninstall RKE2
+- name: Uninstall RKE2
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
   gather_facts: false
   become: true
   vars_files: ../vars/main.yml
   tags: controler, worker
   roles:
-    - {role: uninstall_rkub, tags: uninstall}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.uninstall_rkub, tags: uninstall}
diff --git a/playbooks/tasks/upload.yml b/playbooks/upload.yml
similarity index 71%
rename from playbooks/tasks/upload.yml
rename to playbooks/upload.yml
index ed59d9fa4..b861e8a9f 100644
--- a/playbooks/tasks/upload.yml
+++ b/playbooks/upload.yml
@@ -5,4 +5,4 @@
   vars_files: ../vars/main.yml
   tags: controler
   roles:
-    - {role: upload_package_zst, tags: upload}
\ No newline at end of file
+    - {role: mozebaltyk.rkub.upload_package_zst, tags: upload}
diff --git a/test/DO/ansible/.gitignore b/test/DO/ansible/.gitignore
new file mode 100644
index 000000000..49d1ef281
--- /dev/null
+++ b/test/DO/ansible/.gitignore
@@ -0,0 +1 @@
+terraform.tfstate*
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
new file mode 100644
index 000000000..95a3e0044
--- /dev/null
+++ b/test/DO/ansible/main.tf
@@ -0,0 +1,84 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+  backend "s3" {
+    skip_region_validation      = true
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+    skip_s3_checksum            = true
+    endpoints = {
+      s3 = "https://${var.region}.digitaloceanspaces.com"
+    }
+    region                      = var.region // needed
+    bucket                      = var.terraform_backend_bucket_name
+    key                         = "terraform.tfstate"
+  }
+}
+
+provider "digitalocean" {
+  token = var.do_token
+}
+
+data "digitalocean_ssh_key" "terraform" {
+  name = "terraform"
+}
+
+locals {
+  cloud_init_config = yamlencode({
+    yum_repos = {
+      epel-release = {
+        name = "Extra Packages for Enterprise Linux 8 - Release"
+        baseurl = "http://download.fedoraproject.org/pub/epel/8/Everything/$basearch"
+        enabled = true
+        failovermethod = "priority"
+        gpgcheck = true
+        gpgkey = "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8"
+      }
+    },
+    packages = [
+      "epel-release",
+      "s3fs-fuse"
+    ],
+    write_files = [{
+      owner       = "root:root"
+      path        = "/etc/passwd-s3fs"
+      permissions = "0600"
+      content     = "${var.spaces_access_key_id}:${var.spaces_access_key_secret}"
+    }],
+    runcmd = [
+      "mkdir -p ${var.mount_point}",
+      "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com"
+    ]
+  })
+}
+
+# Convert our cloud-init config to userdata
+# Userdata runs at first boot when the droplets are created
+data "cloudinit_config" "server_config" {
+  gzip          = false
+  base64_encode = false
+  part {
+    content_type = "text/cloud-config"
+    content      = local.cloud_init_config
+  }
+}
+
+resource "digitalocean_droplet" "ansible" {
+  image  = "rockylinux-8-x64"
+  name   = "ansible"
+  region = var.region
+  size   = var.do_instance_size
+  ssh_keys = [ data.digitalocean_ssh_key.terraform.id ]
+  user_data = data.cloudinit_config.server_config.rendered
+}
+
+output "ip_address_ansible" {
+  value = digitalocean_droplet.ansible[*].ipv4_address
+  description = "The public IP address of your ansible server."
+}
diff --git a/test/DO/ansible/variables.tf b/test/DO/ansible/variables.tf
new file mode 100644
index 000000000..78939640e
--- /dev/null
+++ b/test/DO/ansible/variables.tf
@@ -0,0 +1,39 @@
+variable "do_token" {
+  description = "Digital Ocean API Token"
+}
+
+variable "spaces_access_key_id" {
+  description = "Digital Ocean Spaces Access ID"
+}
+
+variable "spaces_access_key_secret" {
+  description = "Digital Ocean Spaces Access Key"
+}
+
+variable "GITHUB_RUN_ID" {
+  type    = string
+  description = "github run id"
+  default = "test"
+}
+
+variable "terraform_backend_bucket_name" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "terraform-backend-github-${var.GITHUB_RUN_ID}"
+}
+
+variable "mount_point" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "/mnt/rkub"
+}
+
+### s-2vcpu-4gb
+variable "do_instance_size" {
+  type = string
+  description = "VM size"
+  default = "s-1vcpu-1gb"
+}
+
+variable "region" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "fra1"
+}
diff --git a/test/DO/backend/main.tf b/test/DO/backend/main.tf
index 361f6322b..a8ff236ea 100644
--- a/test/DO/backend/main.tf
+++ b/test/DO/backend/main.tf
@@ -7,9 +7,16 @@ terraform {
   }
 }
 
+provider "digitalocean" {
+  token = var.do_token
+  spaces_access_id  = var.spaces_access_key_id
+  spaces_secret_key = var.spaces_access_key_secret
+}
+
 resource "digitalocean_spaces_bucket" "terraform_backend" {
   name   = var.terraform_backend_bucket_name
-  region = "fra1"
+  region = var.region
+  force_destroy = true
 }
 
 output "terraform_backend_bucket_domain_name" {
diff --git a/test/DO/backend/variable.tf b/test/DO/backend/variable.tf
deleted file mode 100644
index 408db9958..000000000
--- a/test/DO/backend/variable.tf
+++ /dev/null
@@ -1,15 +0,0 @@
-variable "do_token" {
-  description = "Digital Ocean API Token"
-}
-
-variable "access_id" {
-  description = "Digital Ocean Spaces Access ID"
-}
-
-variable "secret_key" {
-  description = "Digital Ocean Spaces Access Key"
-}
-
-variable "terraform_backend_bucket_name" {
-  description = "Unique bucket name for storing terraform backend data"
-}
diff --git a/test/DO/backend/variables.tf b/test/DO/backend/variables.tf
new file mode 100644
index 000000000..f5ec58f2f
--- /dev/null
+++ b/test/DO/backend/variables.tf
@@ -0,0 +1,27 @@
+variable "do_token" {
+  description = "Digital Ocean API Token"
+}
+
+variable "spaces_access_key_id" {
+  description = "Digital Ocean Spaces Access ID"
+}
+
+variable "spaces_access_key_secret" {
+  description = "Digital Ocean Spaces Access Key"
+}
+
+variable "GITHUB_RUN_ID" {
+  type    = string
+  description = "github run id"
+  default = "test"
+}
+
+variable "terraform_backend_bucket_name" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "terraform-backend-github-${var.GITHUB_RUN_ID}"
+}
+
+variable "region" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "fra1"
+}
diff --git a/test/DO/infra/.gitignore b/test/DO/infra/.gitignore
new file mode 100644
index 000000000..49d1ef281
--- /dev/null
+++ b/test/DO/infra/.gitignore
@@ -0,0 +1 @@
+terraform.tfstate*
diff --git a/test/DO/main.tf b/test/DO/infra/main.tf
similarity index 74%
rename from test/DO/main.tf
rename to test/DO/infra/main.tf
index aad6b7e7d..cd93a6431 100644
--- a/test/DO/main.tf
+++ b/test/DO/infra/main.tf
@@ -16,10 +16,10 @@ terraform {
     use_path_style              = true
     skip_s3_checksum            = true
     endpoints = {
-      s3 = "https://fra1.digitaloceanspaces.com"
+      s3 = "https://${var.region}.digitaloceanspaces.com"
     }
-    region                      = "fra1" // needed
-    bucket                      = "terraform-backend-github"
+    region                      = var.region // needed
+    bucket                      = var.terraform_backend_bucket_name
     key                         = "terraform.tfstate"
   }
 }
@@ -37,7 +37,7 @@ data "digitalocean_ssh_key" "terraform" {
 ###
 resource "digitalocean_vpc" "rkub-project-network" {
   name     = "rkub-${var.GITHUB_RUN_ID}-network"
-  region   = "fra1"
+  region   = var.region
 }
 
 ###
@@ -49,7 +49,7 @@ resource "digitalocean_droplet" "controllers" {
     count = var.do_controller_count
     image = var.do_system
     name = "controller${count.index}"
-    region = "fra1"
+    region = var.region
     size = var.do_instance_size
     tags   = [
       "rkub-${var.GITHUB_RUN_ID}",
@@ -60,21 +60,19 @@ resource "digitalocean_droplet" "controllers" {
     ssh_keys = [
       data.digitalocean_ssh_key.terraform.id
     ]
-
-  connection {
-    host = self.ipv4_address
-    user = "root"
-    type = "ssh"
-    private_key = file(pathexpand(".key"))
-    timeout = "2m"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "export PATH=$PATH:/usr/bin",
-      "cat /etc/os-release",
-    ]
-  }
+#  connection {
+#    host = self.ipv4_address
+#    user = "root"
+#    type = "ssh"
+#    private_key = file(pathexpand(".key"))
+#    timeout = "2m"
+#  }
+#  provisioner "remote-exec" {
+#    inline = [
+#      "export PATH=$PATH:/usr/bin",
+#      "cat /etc/os-release",
+#    ]
+#  }
 }
 
 output "ip_address_controllers" {
@@ -82,13 +80,12 @@ output "ip_address_controllers" {
   description = "The public IP address of your rke2 controllers."
 }
 
-
 # Droplet Instance for RKE2 Cluster - Workers
 resource "digitalocean_droplet" "workers" {
     count = var.do_worker_count
     image = var.do_system
     name = "worker${count.index}"
-    region = "fra1"
+    region = var.region
     size = var.do_instance_size
     tags   = [
       "rkub-${var.GITHUB_RUN_ID}",
@@ -99,27 +96,24 @@ resource "digitalocean_droplet" "workers" {
     ssh_keys = [
       data.digitalocean_ssh_key.terraform.id
     ]
-
-  connection {
-    host = self.ipv4_address
-    user = "root"
-    type = "ssh"
-    private_key = file(pathexpand(".key"))
-    timeout = "2m"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "export PATH=$PATH:/usr/bin",
-      "cat /etc/os-release",
-    ]
-  }
+#  connection {
+#    host = self.ipv4_address
+#    user = "root"
+#    type = "ssh"
+#    private_key = file(pathexpand(".key"))
+#    timeout = "2m"
+#  }
+#  provisioner "remote-exec" {
+#    inline = [
+#      "export PATH=$PATH:/usr/bin",
+#      "cat /etc/os-release",
+#    ]
+#  }
 }
 
 ###
 ### Project
 ###
-
 resource "digitalocean_project" "rkub" {
   name        = "rkub-${var.GITHUB_RUN_ID}"
   description = "A CI project to test the Rkub development from github."
@@ -132,13 +126,13 @@ resource "digitalocean_project" "rkub" {
 ### Generate the hosts.ini file
 ###
 resource "local_file" "ansible_inventory" {
-  content = templatefile("../inventory/hosts.tpl",
+  content = templatefile("../../inventory/hosts.tpl",
     {
      controller_ips = digitalocean_droplet.controllers[*].ipv4_address,
      worker_ips     = digitalocean_droplet.workers[*].ipv4_address
     }
   )
-  filename = "../inventory/hosts.ini"
+  filename = "../../inventory/hosts.ini"
 }
 
 ###
diff --git a/test/DO/variables.tf b/test/DO/infra/variables.tf
similarity index 57%
rename from test/DO/variables.tf
rename to test/DO/infra/variables.tf
index bbc7cc917..1f84dc7e5 100644
--- a/test/DO/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -1,10 +1,12 @@
-variable "do_token" {}
+variable "do_token" {
+  description = "Digital Ocean API Token"
+}
 
 ### s-2vcpu-4gb
 variable "do_instance_size" {
-    type = string
-    description = "VM size"
-    default = "s-1vcpu-1gb"
+  type = string
+  description = "VM size"
+  default = "s-1vcpu-1gb"
 }
 
 variable "do_controller_count" {
@@ -31,8 +33,18 @@ variable "do_system" {
   default = "rockylinux-8-x64"
 }
 
+variable "region" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "fra1"
+}
+
 variable "GITHUB_RUN_ID" {
   type    = string
   description = "github run id"
   default = "test"
 }
+
+variable "terraform_backend_bucket_name" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "terraform-backend-github-${var.GITHUB_RUN_ID}"
+}

From 038d28fafe431d3bcdf5c5b1d54964aa2f0039de Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 2 Mar 2024 21:23:56 +0100
Subject: [PATCH 219/365] test workflows

---
 .github/workflows/stage.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index a7ce6bfca..53f6eee92 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -5,9 +5,9 @@ on:
   workflow_dispatch:
 
 env:
-  DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
+  DO_PAT: ${{secrets.DIGITALOCEAN_ACCESS_TOKEN}}
+  AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+  AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
 jobs:
   backend:
@@ -130,7 +130,7 @@ jobs:
       - name: Install doctl
         uses: digitalocean/action-doctl@v2
         with:
-          token: ${{ DO_PAT }}
+          token: ${ DO_PAT }
 
       - name: Set up Python
         id: setup_python

From 376e930683e2413c819714a6c6bce7f4bea5983d Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 2 Mar 2024 22:02:34 +0100
Subject: [PATCH 220/365] test workflows

---
 .github/workflows/stage.yml  | 1 +
 test/DO/ansible/main.tf      | 6 +++---
 test/DO/backend/variables.tf | 2 +-
 test/DO/infra/main.tf        | 6 +++---
 test/DO/infra/variables.tf   | 2 +-
 5 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 53f6eee92..2cb494c77 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -66,6 +66,7 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
+    needs: backend
 
     defaults:
       run:
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 95a3e0044..c4bd16bbd 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -13,10 +13,10 @@ terraform {
     use_path_style              = true
     skip_s3_checksum            = true
     endpoints = {
-      s3 = "https://${var.region}.digitaloceanspaces.com"
+      s3 = "https://fra1.digitaloceanspaces.com"
     }
-    region                      = var.region // needed
-    bucket                      = var.terraform_backend_bucket_name
+    region                      = "fra1"// needed
+    bucket                      = "terraform-backend-github"
     key                         = "terraform.tfstate"
   }
 }
diff --git a/test/DO/backend/variables.tf b/test/DO/backend/variables.tf
index f5ec58f2f..4a34701f7 100644
--- a/test/DO/backend/variables.tf
+++ b/test/DO/backend/variables.tf
@@ -18,7 +18,7 @@ variable "GITHUB_RUN_ID" {
 
 variable "terraform_backend_bucket_name" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "terraform-backend-github-${var.GITHUB_RUN_ID}"
+  default = "terraform-backend-github"
 }
 
 variable "region" {
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index cd93a6431..6be88c2ad 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -16,10 +16,10 @@ terraform {
     use_path_style              = true
     skip_s3_checksum            = true
     endpoints = {
-      s3 = "https://${var.region}.digitaloceanspaces.com"
+      s3 = "https://fra1.digitaloceanspaces.com"
     }
-    region                      = var.region // needed
-    bucket                      = var.terraform_backend_bucket_name
+    region                      = "fra1" // needed
+    bucket                      = "terraform-backend-github"
     key                         = "terraform.tfstate"
   }
 }
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index 1f84dc7e5..ae1ccee22 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -46,5 +46,5 @@ variable "GITHUB_RUN_ID" {
 
 variable "terraform_backend_bucket_name" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "terraform-backend-github-${var.GITHUB_RUN_ID}"
+  default = "terraform-backend-github"
 }

From 0780718df82ab6b3c1d4d50871f36c3169e94cfe Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 10:43:12 +0100
Subject: [PATCH 221/365] test workflows

---
 .github/workflows/stage.yml | 106 +++++++++++++++++++++---------------
 test/DO/README.md           |  11 ++++
 2 files changed, 73 insertions(+), 44 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 2cb494c77..7775b5586 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -6,67 +6,72 @@ on:
 
 env:
   DO_PAT: ${{secrets.DIGITALOCEAN_ACCESS_TOKEN}}
-  AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
-  AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
+  S3_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+  S3_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
 jobs:
   backend:
     name: Backend
     runs-on: ubuntu-latest
 
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./test/DO/backend
-
     steps:
       - name: Checkout files
         uses: actions/checkout@v4
 
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: "1.7.3"
-
-      - name: Config Terraform plugin cache
-        run: |
-          echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
-          mkdir --parents ~/.terraform.d/plugin-cache
-
-      - name: Cache Terraform
-        uses: actions/cache@v3
+      - name: Set up S3cmd cli tool
+        uses: s3-actions/s3cmd@v1.5.0
         with:
-          path: |
-            ~/.terraform.d/plugin-cache
-          key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
-          restore-keys: |
-            ${{ runner.os }}-terraform-
-
-      - name: Init Terraform configuration
-        run: |
-          terraform init
-
-      - name: Terraform plan
-        id: plan
-        run: |
-          terraform plan -out=terraform.tfplan \
-          -var "do_token=${DO_PAT}" \
-          -var "spaces_access_key_id=${AWS_ACCESS_KEY_ID}" \
-          -var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
-        continue-on-error: true
-
-      - name: Terraform Plan Status
-        if: steps.plan.outcome == 'failure'
-        run: exit 1
+          provider: digitalocean
+          region: 'fra1'
+          access_key: ${{ secrets.S3_ACCESS_KEY_ID }}
+          secret_key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
 
-      - name: Terraform Apply
+      - name: Interact with object storage
         run: |
-          terraform apply terraform.tfplan
+          s3cmd info s3://terraform-backend-github-test || s3cmd mb s3://terraform-backend-github-test
+
+#  backend:
+#    name: Backend
+#    runs-on: ubuntu-latest
+#
+#    defaults:
+#      run:
+#        shell: bash
+#        working-directory: ./test/DO/backend
+#
+#    steps:
+#      - name: Checkout files
+#        uses: actions/checkout@v4
+#
+#      - name: Setup Terraform
+#        uses: hashicorp/setup-terraform@v3
+#        with:
+#          terraform_version: "1.7.3"
+#
+#      - name: Init Terraform configuration
+#        run: |
+#          terraform init
+#
+#      - name: Terraform plan
+#        id: plan
+#        run: |
+#          terraform plan -out=terraform.tfplan \
+#          -var "do_token=${DO_PAT}" \
+#          -var "spaces_access_key_id=${AWS_ACCESS_KEY_ID}" \
+#          -var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
+#        continue-on-error: true
+#
+#      - name: Terraform Plan Status
+#        if: steps.plan.outcome == 'failure'
+#        run: exit 1
+#
+#      - name: Terraform Apply
+#        run: |
+#          terraform apply terraform.tfplan
 
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-    needs: backend
 
     defaults:
       run:
@@ -281,3 +286,16 @@ jobs:
         run: |
           terraform workspace select default
           terraform workspace delete rkub-${GITHUB_RUN_ID}
+
+      - name: Set up S3cmd cli tool
+        uses: s3-actions/s3cmd@v1.5.0
+        with:
+          provider: digitalocean
+          region: 'fra1'
+          access_key: ${{ secrets.S3_ACCESS_KEY_ID }}
+          secret_key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
+
+      - name: Interact with object storage
+        run: |
+          s3cmd rb s3://terraform-backend-github-test --recursive
+        continue-on-error: true
diff --git a/test/DO/README.md b/test/DO/README.md
index 9f745e882..69ad1e18c 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -13,9 +13,20 @@ On Digital Ocean account:
 
 Add inside ./test a file .key with the private ssh key generate by DO.
 
+## Create a bucket to store backend
+
+```bash
+export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+
+```
+
+## Create an infra
+
 ```bash
 export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
+##
 # init with backend config
 terraform init --backend-config=./backend_config.hcl
 # ./backend_config.hcl

From 8f98d6f4028650938e4b6c2d7b54516fe648ca43 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 10:47:43 +0100
Subject: [PATCH 222/365] test workflows

---
 .github/workflows/stage.yml | 1 +
 test/DO/README.md           | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 7775b5586..05b84b3f0 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -72,6 +72,7 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
+    needs: Backend
 
     defaults:
       run:
diff --git a/test/DO/README.md b/test/DO/README.md
index 69ad1e18c..3695d5cd3 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -7,6 +7,7 @@ The puropse of this CI is to test the integration between RKE2, longhorn, ranche
 ## Prerequis
 
 On Digital Ocean account:
+
 - generate a PAT (private access token)
 - a set of SSH key
 - Create a Space with a an acces_key and a secret key

From 9c73a00d2329f2279e1da078cd8e74e334786113 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 11:02:36 +0100
Subject: [PATCH 223/365] test workflows

---
 .github/workflows/stage.yml | 27 +++++++++++++++++++++------
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 05b84b3f0..833d7c309 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -15,20 +15,34 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout files
-        uses: actions/checkout@v4
-
       - name: Set up S3cmd cli tool
         uses: s3-actions/s3cmd@v1.5.0
         with:
           provider: digitalocean
-          region: 'fra1'
-          access_key: ${{ secrets.S3_ACCESS_KEY_ID }}
-          secret_key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
+          region: 'FRA1'
+          access_key: ${S3_ACCESS_KEY_ID}
+          secret_key: ${S3_SECRET_ACCESS_KEY}
 
       - name: Interact with object storage
         run: |
           s3cmd info s3://terraform-backend-github-test || s3cmd mb s3://terraform-backend-github-test
+          sleep 10
+
+      - name: Interact with object storage
+        run: |
+          buck="github-action-${{ github.run_id }}"
+          mkdir example
+          s3cmd mb s3://$buck
+          echo 'foo' >> example/bar
+          s3cmd put example/bar s3://$buck
+          mkdir -p example/baz/bar
+          echo 'fizz' >> example/baz/bar/faz
+          sleep 10
+          s3cmd sync --recursive --acl-public example s3://$buck
+          #sleep 10
+          #s3cmd rm -r --force s3://$buck
+          #sleep 10
+          #s3cmd rb s3://$buck
 
 #  backend:
 #    name: Backend
@@ -299,4 +313,5 @@ jobs:
       - name: Interact with object storage
         run: |
           s3cmd rb s3://terraform-backend-github-test --recursive
+          sleep 10
         continue-on-error: true

From 6e6bca66261b6df4eae37b26c21f27fef0acd81b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 11:12:21 +0100
Subject: [PATCH 224/365] test workflows

---
 .github/workflows/stage.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 833d7c309..b45bd0c59 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -16,17 +16,17 @@ jobs:
 
     steps:
       - name: Set up S3cmd cli tool
-        uses: s3-actions/s3cmd@v1.5.0
+        uses: s3-actions/s3cmd@main
         with:
           provider: digitalocean
-          region: 'FRA1'
-          access_key: ${S3_ACCESS_KEY_ID}
-          secret_key: ${S3_SECRET_ACCESS_KEY}
+          region: FRA1
+          access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+          secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
-      - name: Interact with object storage
-        run: |
-          s3cmd info s3://terraform-backend-github-test || s3cmd mb s3://terraform-backend-github-test
-          sleep 10
+      #- name: Interact with object storage
+      #  run: |
+      #    s3cmd info s3://terraform-backend-github-test || s3cmd mb s3://terraform-backend-github-test
+      #    sleep 10
 
       - name: Interact with object storage
         run: |

From 2feeb71ed702b215bab6a6d4594383d39405a698 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 14:16:31 +0100
Subject: [PATCH 225/365] test workflows

---
 .github/workflows/stage.yml | 68 +++++--------------------------------
 1 file changed, 9 insertions(+), 59 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index b45bd0c59..e3e181e80 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -23,65 +23,13 @@ jobs:
           access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
           secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
-      #- name: Interact with object storage
-      #  run: |
-      #    s3cmd info s3://terraform-backend-github-test || s3cmd mb s3://terraform-backend-github-test
-      #    sleep 10
-
       - name: Interact with object storage
         run: |
+          sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
           buck="github-action-${{ github.run_id }}"
-          mkdir example
           s3cmd mb s3://$buck
-          echo 'foo' >> example/bar
-          s3cmd put example/bar s3://$buck
-          mkdir -p example/baz/bar
-          echo 'fizz' >> example/baz/bar/faz
           sleep 10
-          s3cmd sync --recursive --acl-public example s3://$buck
-          #sleep 10
-          #s3cmd rm -r --force s3://$buck
-          #sleep 10
-          #s3cmd rb s3://$buck
-
-#  backend:
-#    name: Backend
-#    runs-on: ubuntu-latest
-#
-#    defaults:
-#      run:
-#        shell: bash
-#        working-directory: ./test/DO/backend
-#
-#    steps:
-#      - name: Checkout files
-#        uses: actions/checkout@v4
-#
-#      - name: Setup Terraform
-#        uses: hashicorp/setup-terraform@v3
-#        with:
-#          terraform_version: "1.7.3"
-#
-#      - name: Init Terraform configuration
-#        run: |
-#          terraform init
-#
-#      - name: Terraform plan
-#        id: plan
-#        run: |
-#          terraform plan -out=terraform.tfplan \
-#          -var "do_token=${DO_PAT}" \
-#          -var "spaces_access_key_id=${AWS_ACCESS_KEY_ID}" \
-#          -var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
-#        continue-on-error: true
-#
-#      - name: Terraform Plan Status
-#        if: steps.plan.outcome == 'failure'
-#        run: exit 1
-#
-#      - name: Terraform Apply
-#        run: |
-#          terraform apply terraform.tfplan
+        continue-on-error: true
 
   deploy:
     name: Deploy
@@ -303,15 +251,17 @@ jobs:
           terraform workspace delete rkub-${GITHUB_RUN_ID}
 
       - name: Set up S3cmd cli tool
-        uses: s3-actions/s3cmd@v1.5.0
+        uses: s3-actions/s3cmd@main
         with:
           provider: digitalocean
-          region: 'fra1'
-          access_key: ${{ secrets.S3_ACCESS_KEY_ID }}
-          secret_key: ${{ secrets.S3_SECRET_ACCESS_KEY }}
+          region: FRA1
+          access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+          secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
       - name: Interact with object storage
         run: |
-          s3cmd rb s3://terraform-backend-github-test --recursive
+          sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
+          buck="github-action-${{ github.run_id }}"
+          s3cmd rb s3://${buck} --recursive
           sleep 10
         continue-on-error: true

From ba64b5c5145f1734f2826ce814a7bc442b93cb6a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 14:42:11 +0100
Subject: [PATCH 226/365] test workflows

---
 .github/workflows/stage.yml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e3e181e80..5451c6dd9 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -190,15 +190,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: Install
     if: always()
-    env:
-      DO_PAT: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-      AWS_ACCESS_KEY_ID: ${{ secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.DIGITALOCEAN_SPACES_SECRET_KEY }}
 
     defaults:
       run:
         shell: bash
-        working-directory: ./test/DO
+        working-directory: ./test/DO/infra
 
     steps:
       - name: Checkout files
@@ -222,10 +218,6 @@ jobs:
         run: |
           terraform init
 
-      - name: Terraform cleanup workspace
-        run: |
-          terraform workspace select rkub-${GITHUB_RUN_ID}
-
       - name: Terraform plan delete stack
         id: plan
         run: |
@@ -245,11 +237,6 @@ jobs:
         run: |
           terraform apply terraform.tfplan
 
-      - name: Terraform cleanup workspace
-        run: |
-          terraform workspace select default
-          terraform workspace delete rkub-${GITHUB_RUN_ID}
-
       - name: Set up S3cmd cli tool
         uses: s3-actions/s3cmd@main
         with:

From 3e53c6fce9bbee115ff45040d1b3f235a9b74a65 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 14:45:18 +0100
Subject: [PATCH 227/365] test workflows

---
 .github/workflows/stage.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 5451c6dd9..68db9a3e1 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -217,6 +217,7 @@ jobs:
         id: init
         run: |
           terraform init
+        continue-on-error: true
 
       - name: Terraform plan delete stack
         id: plan
@@ -229,13 +230,10 @@ jobs:
           -var "do_instance_size=s-2vcpu-4gb"
         continue-on-error: true
 
-      - name: Terraform Plan Status
-        if: steps.plan.outcome == 'failure'
-        run: exit 1
-
       - name: Terraform Apply
         run: |
           terraform apply terraform.tfplan
+        continue-on-error: true
 
       - name: Set up S3cmd cli tool
         uses: s3-actions/s3cmd@main

From 692bfeebaf4f8bcff996685ce5870fb8f18125e2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 20:18:00 +0100
Subject: [PATCH 228/365] test workflows

---
 .github/workflows/stage.yml | 18 +++++++-----------
 test/DO/README.md           | 24 +++++++++++++++---------
 test/DO/infra/main.tf       | 17 ++---------------
 3 files changed, 24 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 68db9a3e1..b122988ea 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -6,8 +6,8 @@ on:
 
 env:
   DO_PAT: ${{secrets.DIGITALOCEAN_ACCESS_TOKEN}}
-  S3_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
-  S3_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
+  AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+  AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
 jobs:
   backend:
@@ -23,7 +23,7 @@ jobs:
           access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
           secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
-      - name: Interact with object storage
+      - name: Create Space Bucket
         run: |
           sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
           buck="github-action-${{ github.run_id }}"
@@ -53,17 +53,13 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
-          terraform init
+          terraform init -backend-config="bucket=github-action-${{ github.run_id }}"
 
       - name: Terraform Validate
         id: validate
         run: terraform validate -no-color
 
-      - name: Terraform workspace
-        id: workspace
-        run: terraform workspace new rkub-${GITHUB_RUN_ID}
-
-      - name: Terraform plan
+      - name: Terraform Plan
         id: plan
         run: |
           terraform plan -out=terraform.tfplan \
@@ -216,7 +212,7 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
-          terraform init
+          terraform init -backend-config="bucket=github-action-${{ github.run_id }}"
         continue-on-error: true
 
       - name: Terraform plan delete stack
@@ -243,7 +239,7 @@ jobs:
           access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
           secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
-      - name: Interact with object storage
+      - name: Remove Space bucket
         run: |
           sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
           buck="github-action-${{ github.run_id }}"
diff --git a/test/DO/README.md b/test/DO/README.md
index 3695d5cd3..832b2f379 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -19,7 +19,6 @@ Add inside ./test a file .key with the private ssh key generate by DO.
 ```bash
 export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
-
 ```
 
 ## Create an infra
@@ -31,6 +30,7 @@ export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 # init with backend config
 terraform init --backend-config=./backend_config.hcl
 # ./backend_config.hcl
+# bucket="name"
 # access_key="<YOUR ACCESS KEY CONFIGURED AT STEP 1.2 Space Access Keys from the Tutorial>"
 # secret_key="<YOUR SECURE KEY CONFIGURED AT STEP 1.2 Space Access Keys from the Tutorial>"
 
@@ -38,18 +38,12 @@ terraform init --backend-config=./backend_config.hcl
 terraform init \
 -backend-config="access_key=$SPACES_ACCESS_TOKEN" \
 -backend-config="secret_key=$SPACES_SECRET_KEY" \
+-backend-config="bucket=terraform-backend-github"
 
 # recommended method
 export AWS_ACCESS_KEY_ID=DOxxxxxxxxxxxxxxxx
 export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxx
-terraform init
-
-# Create a workspace
-export GITHUB_RUN_ID="777"
-terraform workspace new rkub-${GITHUB_RUN_ID}
-
-# Get back to a workspace
-terraform workspace select rkub-${GITHUB_RUN_ID}
+terraform init -backend-config="bucket=terraform-backend-github"
 
 # auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
 terraform apply -var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" -var "do_token=${DO_PAT}" -auto-approve
@@ -86,8 +80,20 @@ terraform plan -destroy -out=terraform.tfplan \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
 -var "do_instance_size=s-1vcpu-1gb"
+
 # Apply destroy
 terraform apply terraform.tfplan
+```
+
+## Use Workspace
+
+```bash
+# Create a workspace
+export GITHUB_RUN_ID="777"
+terraform workspace new rkub-${GITHUB_RUN_ID}
+
+# Get back to a workspace
+terraform workspace select rkub-${GITHUB_RUN_ID}
 
 # Delete Workspace
 terraform workspace select default
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index 6be88c2ad..2cfb74bc6 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -18,8 +18,8 @@ terraform {
     endpoints = {
       s3 = "https://fra1.digitaloceanspaces.com"
     }
-    region                      = "fra1" // needed
-    bucket                      = "terraform-backend-github"
+    region                      = "fra1"
+    // bucket                   = "terraform-backend-github"
     key                         = "terraform.tfstate"
   }
 }
@@ -96,19 +96,6 @@ resource "digitalocean_droplet" "workers" {
     ssh_keys = [
       data.digitalocean_ssh_key.terraform.id
     ]
-#  connection {
-#    host = self.ipv4_address
-#    user = "root"
-#    type = "ssh"
-#    private_key = file(pathexpand(".key"))
-#    timeout = "2m"
-#  }
-#  provisioner "remote-exec" {
-#    inline = [
-#      "export PATH=$PATH:/usr/bin",
-#      "cat /etc/os-release",
-#    ]
-#  }
 }
 
 ###

From a98eee88f10a62b09afa1de2fd439382ceb1a9eb Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 20:23:11 +0100
Subject: [PATCH 229/365] test workflows

---
 .github/workflows/stage.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index b122988ea..c9c1c4387 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -92,10 +92,10 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
-      - name: Install doctl
-        uses: digitalocean/action-doctl@v2
-        with:
-          token: ${ DO_PAT }
+      #- name: Install doctl
+      #  uses: digitalocean/action-doctl@v2
+      #  with:
+      #    token: ${DO_PAT}
 
       - name: Set up Python
         id: setup_python

From b55901aa025ddce3a7e5ae82ba3d17f4b94b63da Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 22:19:42 +0100
Subject: [PATCH 230/365] test workflows

---
 .github/workflows/stage.yml | 39 ++++++++++++++++++++++++++++++-------
 test/DO/ansible/main.tf     |  4 ++--
 2 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index c9c1c4387..9daac915e 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -92,11 +92,6 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
-      #- name: Install doctl
-      #  uses: digitalocean/action-doctl@v2
-      #  with:
-      #    token: ${DO_PAT}
-
       - name: Set up Python
         id: setup_python
         uses: actions/setup-python@v5
@@ -129,12 +124,42 @@ jobs:
     defaults:
       run:
         shell: bash
-        working-directory: ./test
+        working-directory: ./test/DO/ansible
 
     steps:
       - name: Checkout files
         uses: actions/checkout@v4
 
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.3"
+
+      - name: Get key
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Terraform Init
+        id: init
+        run: |
+          terraform init -backend-config="bucket=github-action-${{ github.run_id }}"
+        continue-on-error: true
+
+      - name: Terraform plan
+        id: plan
+        run: |
+          terraform plan -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}"
+
+      - name: Terraform Apply
+        run: |
+          terraform apply terraform.tfplan
+
       - name: Run playbook build
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/build.yml
@@ -185,7 +210,7 @@ jobs:
     name: Cleanup
     runs-on: ubuntu-latest
     needs: Install
-    if: always()
+    #if: always()
 
     defaults:
       run:
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index c4bd16bbd..5fc423cdb 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -15,8 +15,8 @@ terraform {
     endpoints = {
       s3 = "https://fra1.digitaloceanspaces.com"
     }
-    region                      = "fra1"// needed
-    bucket                      = "terraform-backend-github"
+    region                      = "fra1"
+    // bucket                      = "terraform-backend-github"
     key                         = "terraform.tfstate"
   }
 }

From 370db3955c213a819f96aac6b8f4035f6f71cc7c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 22:26:33 +0100
Subject: [PATCH 231/365] test workflows

---
 test/DO/ansible/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/DO/ansible/variables.tf b/test/DO/ansible/variables.tf
index 78939640e..8ef381e94 100644
--- a/test/DO/ansible/variables.tf
+++ b/test/DO/ansible/variables.tf
@@ -18,7 +18,7 @@ variable "GITHUB_RUN_ID" {
 
 variable "terraform_backend_bucket_name" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "terraform-backend-github-${var.GITHUB_RUN_ID}"
+  default = "terraform-backend-github"
 }
 
 variable "mount_point" {

From db1fa861314180511543d17cc3e5362a11ebeb8f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 23:50:07 +0100
Subject: [PATCH 232/365] test workflows

---
 .github/actions/ansible/action.yml |  53 ++++++++++++++
 .github/workflows/stage.yml        | 112 ++++++++++++++++-------------
 test/DO/README.md                  |  11 ++-
 test/DO/ansible/main.tf            |  15 +++-
 test/DO/infra/main.tf              |  13 ----
 5 files changed, 139 insertions(+), 65 deletions(-)
 create mode 100644 .github/actions/ansible/action.yml

diff --git a/.github/actions/ansible/action.yml b/.github/actions/ansible/action.yml
new file mode 100644
index 000000000..b08049835
--- /dev/null
+++ b/.github/actions/ansible/action.yml
@@ -0,0 +1,53 @@
+---
+name: ansible
+description: execute an ansible playbook
+
+runs:
+  using: composite
+  steps:
+    - name: Checkout files
+      uses: actions/checkout@v4
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: "1.7.3"
+
+    - name: Get key
+      run: |
+        echo "$SSH_KEY" > .key
+        chmod 400 .key
+      shell: bash
+      env:
+        SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+    - name: Terraform Init
+      id: init
+      run: |
+        terraform init
+
+    - name: Terraform plan
+      id: plan
+      run: |
+        terraform plan -out=terraform.tfplan \
+        -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+        -var "do_token=${DO_PAT}" \
+        -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
+
+    - name: Terraform Apply
+      run: |
+        terraform apply terraform.tfplan
+
+    - name: Terraform plan delete stack
+      id: plan
+      run: |
+        terraform plan -destroy -out=terraform.tfplan \
+        -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+        -var "do_token=${DO_PAT}" \
+        -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
+      continue-on-error: true
+
+    - name: Terraform Apply
+      run: |
+        terraform apply terraform.tfplan
+      continue-on-error: true
diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 9daac915e..556e4fb52 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -31,8 +31,68 @@ jobs:
           sleep 10
         continue-on-error: true
 
+  package:
+    name: Package
+    runs-on: ubuntu-latest
+    needs: Backend
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test/DO/ansible
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.3"
+
+      - name: Get key
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Terraform Init
+        id: init
+        run: |
+          terraform init
+        continue-on-error: true
+
+      - name: Terraform plan
+        id: plan
+        run: |
+          terraform plan -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}" \
+          -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
+
+      - name: Terraform Apply
+        run: |
+          terraform apply terraform.tfplan
+          sleep 600
+
+      - name: Terraform plan delete stack
+        id: plan
+        run: |
+          terraform plan -destroy -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}" \
+          -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
+        continue-on-error: true
+
+      - name: Terraform Apply
+        run: |
+          terraform apply terraform.tfplan
+        continue-on-error: true
+
   deploy:
-    name: Deploy
+    name: Package
     runs-on: ubuntu-latest
     needs: Backend
 
@@ -116,54 +176,6 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -u root -vv --private-key .key
 
-  package:
-    name: Package
-    runs-on: ubuntu-latest
-    needs: Reachable
-
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./test/DO/ansible
-
-    steps:
-      - name: Checkout files
-        uses: actions/checkout@v4
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: "1.7.3"
-
-      - name: Get key
-        run: |
-          echo "$SSH_KEY" > .key
-          chmod 400 .key
-        shell: bash
-        env:
-          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
-
-      - name: Terraform Init
-        id: init
-        run: |
-          terraform init -backend-config="bucket=github-action-${{ github.run_id }}"
-        continue-on-error: true
-
-      - name: Terraform plan
-        id: plan
-        run: |
-          terraform plan -out=terraform.tfplan \
-          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}"
-
-      - name: Terraform Apply
-        run: |
-          terraform apply terraform.tfplan
-
-      - name: Run playbook build
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/build.yml
-
   upload:
     name: Upload
     runs-on: ubuntu-latest
@@ -210,7 +222,7 @@ jobs:
     name: Cleanup
     runs-on: ubuntu-latest
     needs: Install
-    #if: always()
+    if: always()
 
     defaults:
       run:
diff --git a/test/DO/README.md b/test/DO/README.md
index 832b2f379..9c31589ca 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -14,11 +14,20 @@ On Digital Ocean account:
 
 Add inside ./test a file .key with the private ssh key generate by DO.
 
-## Create a bucket to store backend
+## Create/delete a bucket to store backend
 
 ```bash
 export DO_PAT="dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
+# info
+s3cmd ls
+s3cmd info s3://github-action-8147167750
+
+# create
+s3cmd mb s3://github-action-8147167750
+
+# delete
+s3cmd rb s3://github-action-8147167750 --recursive
 ```
 
 ## Create an infra
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 5fc423cdb..50900a1e2 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -53,7 +53,8 @@ locals {
     }],
     runcmd = [
       "mkdir -p ${var.mount_point}",
-      "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com"
+      "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
+      "git clone https://github.com/MozeBaltyk/Rkub.git",
     ]
   })
 }
@@ -76,6 +77,18 @@ resource "digitalocean_droplet" "ansible" {
   size   = var.do_instance_size
   ssh_keys = [ data.digitalocean_ssh_key.terraform.id ]
   user_data = data.cloudinit_config.server_config.rendered
+#  connection {
+#    host = self.ipv4_address
+#    user = "root"
+#    type = "ssh"
+#    private_key = file(pathexpand(".key"))
+#    timeout = "2m"
+#  }
+#  provisioner "remote-exec" {
+#    inline = [
+#      "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key ../../playbooks/build.yml",
+#    ]
+#  }
 }
 
 output "ip_address_ansible" {
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index 2cfb74bc6..ec4581c38 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -60,19 +60,6 @@ resource "digitalocean_droplet" "controllers" {
     ssh_keys = [
       data.digitalocean_ssh_key.terraform.id
     ]
-#  connection {
-#    host = self.ipv4_address
-#    user = "root"
-#    type = "ssh"
-#    private_key = file(pathexpand(".key"))
-#    timeout = "2m"
-#  }
-#  provisioner "remote-exec" {
-#    inline = [
-#      "export PATH=$PATH:/usr/bin",
-#      "cat /etc/os-release",
-#    ]
-#  }
 }
 
 output "ip_address_controllers" {

From bdc3b241c928d631b92f0f51265902bf4f2d5c9b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 4 Mar 2024 23:53:55 +0100
Subject: [PATCH 233/365] test workflows

---
 .github/workflows/stage.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 556e4fb52..49aa75b10 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -65,7 +65,6 @@ jobs:
         continue-on-error: true
 
       - name: Terraform plan
-        id: plan
         run: |
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
@@ -78,7 +77,6 @@ jobs:
           sleep 600
 
       - name: Terraform plan delete stack
-        id: plan
         run: |
           terraform plan -destroy -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
@@ -92,9 +90,9 @@ jobs:
         continue-on-error: true
 
   deploy:
-    name: Package
+    name: Deploy
     runs-on: ubuntu-latest
-    needs: Backend
+    needs: Package
 
     defaults:
       run:

From 9c5fc5a36068640c7e876e3779e80364d01c276c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 5 Mar 2024 00:13:21 +0100
Subject: [PATCH 234/365] test workflows

---
 .github/workflows/stage.yml | 11 +----------
 test/DO/ansible/main.tf     | 14 --------------
 2 files changed, 1 insertion(+), 24 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 49aa75b10..619f726f7 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -50,26 +50,17 @@ jobs:
         with:
           terraform_version: "1.7.3"
 
-      - name: Get key
-        run: |
-          echo "$SSH_KEY" > .key
-          chmod 400 .key
-        shell: bash
-        env:
-          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
-
       - name: Terraform Init
         id: init
         run: |
           terraform init
-        continue-on-error: true
 
       - name: Terraform plan
         run: |
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
-          -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
+
 
       - name: Terraform Apply
         run: |
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 50900a1e2..5032c26fb 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -5,20 +5,6 @@ terraform {
       version = "~> 2.0"
     }
   }
-  backend "s3" {
-    skip_region_validation      = true
-    skip_credentials_validation = true
-    skip_metadata_api_check     = true
-    skip_requesting_account_id  = true
-    use_path_style              = true
-    skip_s3_checksum            = true
-    endpoints = {
-      s3 = "https://fra1.digitaloceanspaces.com"
-    }
-    region                      = "fra1"
-    // bucket                      = "terraform-backend-github"
-    key                         = "terraform.tfstate"
-  }
 }
 
 provider "digitalocean" {

From db89eb4a12b6abd455c26b17a1aef521ac6bbb26 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 5 Mar 2024 00:21:29 +0100
Subject: [PATCH 235/365] test workflows

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 619f726f7..8883928d5 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -60,7 +60,7 @@ jobs:
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
-
+          -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
 
       - name: Terraform Apply
         run: |

From 8516b9ff71af2a3b7c32e9256e69e16a7a74ca4a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 5 Mar 2024 00:28:50 +0100
Subject: [PATCH 236/365] test workflows

---
 .github/workflows/stage.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 8883928d5..9380c4c72 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -60,6 +60,8 @@ jobs:
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
+          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
 
       - name: Terraform Apply
@@ -72,6 +74,8 @@ jobs:
           terraform plan -destroy -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
+          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
         continue-on-error: true
 

From b275ecfc5438f7f0926eeac849592b58eb8c7c5f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 18:09:33 +0200
Subject: [PATCH 237/365] test pipeline

---
 .github/workflows/stage.yml                      | 16 +++++++++-------
 .../install_rke2_controller/tasks/localhost.yml  |  2 +-
 test/DO/ansible/main.tf                          |  5 +++--
 test/DO/ansible/variables.tf                     |  4 ++++
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 9380c4c72..c1ff741ba 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -34,7 +34,7 @@ jobs:
   package:
     name: Package
     runs-on: ubuntu-latest
-    needs: Backend
+#    needs: Backend
 
     defaults:
       run:
@@ -62,6 +62,7 @@ jobs:
           -var "do_token=${DO_PAT}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
+          -var "repository=https://github.com/MozeBaltyk/Rkub.git"
           -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
 
       - name: Terraform Apply
@@ -76,6 +77,7 @@ jobs:
           -var "do_token=${DO_PAT}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
+          -var "repository=https://github.com/MozeBaltyk/Rkub.git"
           -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
         continue-on-error: true
 
@@ -87,7 +89,7 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-    needs: Package
+#    needs: Package
 
     defaults:
       run:
@@ -134,7 +136,7 @@ jobs:
   reachable:
     name: Reachable
     runs-on: ubuntu-latest
-    needs: deploy
+#    needs: deploy
 
     defaults:
       run:
@@ -172,7 +174,7 @@ jobs:
   upload:
     name: Upload
     runs-on: ubuntu-latest
-    needs: [ Reachable, Package ]
+#    needs: [ Reachable, Package ]
 
     defaults:
       run:
@@ -190,7 +192,7 @@ jobs:
   install:
     name: Install
     runs-on: ubuntu-latest
-    needs: [ Reachable, Upload ]
+#    needs: [ Reachable, Upload ]
 
     defaults:
       run:
@@ -214,8 +216,8 @@ jobs:
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
-    needs: Install
-    if: always()
+#    needs: Install
+#    if: always()
 
     defaults:
       run:
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 0cc77b140..7575248b1 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -63,4 +63,4 @@
     - name: Send fail message
       ansible.builtin.fail:
         msg: >
-          "Something wrong in your network since localhost does not reach master on 6443"
\ No newline at end of file
+          "Something wrong in your network since localhost does not reach master on 6443"
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 5032c26fb..f9f2b9d3d 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -29,7 +29,8 @@ locals {
     },
     packages = [
       "epel-release",
-      "s3fs-fuse"
+      "s3fs-fuse",
+      "git"
     ],
     write_files = [{
       owner       = "root:root"
@@ -40,7 +41,7 @@ locals {
     runcmd = [
       "mkdir -p ${var.mount_point}",
       "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
-      "git clone https://github.com/MozeBaltyk/Rkub.git",
+      "git clone ${var.repository}",
     ]
   })
 }
diff --git a/test/DO/ansible/variables.tf b/test/DO/ansible/variables.tf
index 8ef381e94..7b01a2f1f 100644
--- a/test/DO/ansible/variables.tf
+++ b/test/DO/ansible/variables.tf
@@ -10,6 +10,10 @@ variable "spaces_access_key_secret" {
   description = "Digital Ocean Spaces Access Key"
 }
 
+variable "repository" {
+  description = "Repository to be be clone inside VM"
+}
+
 variable "GITHUB_RUN_ID" {
   type    = string
   description = "github run id"

From e6be21ac7e35430fd15ae355f7e57b36786142e0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 18:23:06 +0200
Subject: [PATCH 238/365] test pipeline

---
 .github/workflows/stage.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index c1ff741ba..9d4c5d100 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -34,7 +34,7 @@ jobs:
   package:
     name: Package
     runs-on: ubuntu-latest
-#    needs: Backend
+    needs: Backend
 
     defaults:
       run:
@@ -89,7 +89,7 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-#    needs: Package
+    needs: Package
 
     defaults:
       run:
@@ -136,7 +136,7 @@ jobs:
   reachable:
     name: Reachable
     runs-on: ubuntu-latest
-#    needs: deploy
+    needs: deploy
 
     defaults:
       run:
@@ -174,7 +174,7 @@ jobs:
   upload:
     name: Upload
     runs-on: ubuntu-latest
-#    needs: [ Reachable, Package ]
+    needs: [ Reachable, Package ]
 
     defaults:
       run:
@@ -192,7 +192,7 @@ jobs:
   install:
     name: Install
     runs-on: ubuntu-latest
-#    needs: [ Reachable, Upload ]
+    needs: [ Reachable, Upload ]
 
     defaults:
       run:
@@ -216,7 +216,7 @@ jobs:
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
-#    needs: Install
+    needs: Install
 #    if: always()
 
     defaults:

From efe2dcd226209fc8e3184a89058e7d79825cce80 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 19:30:51 +0200
Subject: [PATCH 239/365] test pipeline

---
 .github/workflows/stage.yml | 4 ++--
 test/DO/ansible/main.tf     | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 9d4c5d100..c0b23e440 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -62,7 +62,7 @@ jobs:
           -var "do_token=${DO_PAT}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
-          -var "repository=https://github.com/MozeBaltyk/Rkub.git"
+          -var "repository=https://github.com/MozeBaltyk/Rkub.git" \
           -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
 
       - name: Terraform Apply
@@ -77,7 +77,7 @@ jobs:
           -var "do_token=${DO_PAT}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
-          -var "repository=https://github.com/MozeBaltyk/Rkub.git"
+          -var "repository=https://github.com/MozeBaltyk/Rkub.git" \
           -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
         continue-on-error: true
 
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index f9f2b9d3d..1ccda5b47 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -39,8 +39,11 @@ locals {
       content     = "${var.spaces_access_key_id}:${var.spaces_access_key_secret}"
     }],
     runcmd = [
+      "systemctl daemon-reload",
       "mkdir -p ${var.mount_point}",
       "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
+      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,uid=<usr>,gid=<grp>,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
+      "systemctl daemon-reload",
       "git clone ${var.repository}",
     ]
   })

From b631181be502e0ad9b148a4b3ef068c66d5b4401 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 21:12:25 +0200
Subject: [PATCH 240/365] test pipeline

---
 README.md                   |  2 +-
 scripts/prerequis/Makefile  |  5 ++---
 scripts/prerequis/arkade.sh |  4 ++--
 test/DO/ansible/main.tf     | 10 +++++++---
 4 files changed, 12 insertions(+), 9 deletions(-)
 mode change 100755 => 100644 scripts/prerequis/Makefile

diff --git a/README.md b/README.md
index 6fb1d6498..9110945bb 100644
--- a/README.md
+++ b/README.md
@@ -74,7 +74,7 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 
 - Complete directory inside `./plugins/inventory/hosts.yml`.
 
-2. Build your package by running (works on Debian-like and Redhat-like):
+2. Build your package by running (works on Debian-like and Redhat-like and it targets localhost):
 
 ```sh
 ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory
diff --git a/scripts/prerequis/Makefile b/scripts/prerequis/Makefile
old mode 100755
new mode 100644
index 67cf6c16d..1dee7af68
--- a/scripts/prerequis/Makefile
+++ b/scripts/prerequis/Makefile
@@ -9,7 +9,7 @@ endif
 
 .PHONY: all
 ## all prerequisites (keep the phony order)
-all: pythons bindeps collections arkade images
+all: pythons bindeps collections arkade
 
 .PHONY: images
 ## Load images in files directories of each roles (since too big, those are in the .gitignore)
@@ -26,7 +26,7 @@ arkade:
 collections:
 	@printf "\e[1;34m[INFO]\e[m ## Install Ansible Collections dependencies ##\n"
 	@ansible-galaxy install -r ../../meta/ee-requirements.yml
-	@printf "\e[1;34m[INFO]\e[m ## Install $(REPO) version $(VERSION) ##\n"       
+	@printf "\e[1;34m[INFO]\e[m ## Install $(REPO) version $(VERSION) ##\n"
 	@ansible-galaxy collection install git+$(REPO).git
 	@printf "\e[1;32m[OK]\e[m Ansible Collections installed.\n"
 
@@ -92,4 +92,3 @@ show-help:
                 printf "\n"; \
         }' \
         | cat
-
diff --git a/scripts/prerequis/arkade.sh b/scripts/prerequis/arkade.sh
index b2457c344..87d05edc0 100755
--- a/scripts/prerequis/arkade.sh
+++ b/scripts/prerequis/arkade.sh
@@ -3,9 +3,9 @@ set -eo pipefail
 
 find_home_profile(){
   if [[ "$SHELL" == *"/zsh" ]]; then
-    HOME_PROFILE="$HOME/.zshrc"
+    HOME_PROFILE="~/.zshrc"
   elif [[ "$SHELL" == *"/bash" ]]; then
-    HOME_PROFILE="$HOME/.bashrc"
+    HOME_PROFILE="~/.bashrc"
   fi
 }
 
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 1ccda5b47..168b3c478 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -30,7 +30,9 @@ locals {
     packages = [
       "epel-release",
       "s3fs-fuse",
-      "git"
+      "git",
+      "ansible",
+      "make"
     ],
     write_files = [{
       owner       = "root:root"
@@ -42,9 +44,11 @@ locals {
       "systemctl daemon-reload",
       "mkdir -p ${var.mount_point}",
       "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
-      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,uid=<usr>,gid=<grp>,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
+      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
       "systemctl daemon-reload",
-      "git clone ${var.repository}",
+      "git clone ${var.repository} ~/rkub",
+      "cd ~/rkub && make prerequis",
+      "cd ~/rkub/test && ansible-playbook playbooks/build.yml -e dir_build=\"${var.mount_point}/package\" -e package_name=\"${var.mount_point}/rke2_rancher_longhorn.zst\""
     ]
   })
 }

From 4e6871bef06369be973d66cf57a8866079d3cffb Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 22:43:06 +0200
Subject: [PATCH 241/365] test pipeline

---
 scripts/prerequis/arkade.sh | 4 ++--
 test/DO/ansible/main.tf     | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/scripts/prerequis/arkade.sh b/scripts/prerequis/arkade.sh
index 87d05edc0..b2457c344 100755
--- a/scripts/prerequis/arkade.sh
+++ b/scripts/prerequis/arkade.sh
@@ -3,9 +3,9 @@ set -eo pipefail
 
 find_home_profile(){
   if [[ "$SHELL" == *"/zsh" ]]; then
-    HOME_PROFILE="~/.zshrc"
+    HOME_PROFILE="$HOME/.zshrc"
   elif [[ "$SHELL" == *"/bash" ]]; then
-    HOME_PROFILE="~/.bashrc"
+    HOME_PROFILE="$HOME/.bashrc"
   fi
 }
 
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 168b3c478..869d8c49e 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -47,8 +47,10 @@ locals {
       "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
       "systemctl daemon-reload",
       "git clone ${var.repository} ~/rkub",
+      "echo $HOME",
+      "whoami",
       "cd ~/rkub && make prerequis",
-      "cd ~/rkub/test && ansible-playbook playbooks/build.yml -e dir_build=\"${var.mount_point}/package\" -e package_name=\"${var.mount_point}/rke2_rancher_longhorn.zst\""
+      "cd ~/rkub/test && ansible-playbook playbooks/build.yml -e dir_build=\"${var.mount_point}/package\" -e package_name=\"${var.mount_point}/rke2_rancher_longhorn.zst\"",
     ]
   })
 }

From 6b74838261cda8081ede0ce61474d189905d0714 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 23:19:26 +0200
Subject: [PATCH 242/365] test pipeline

---
 scripts/prerequis/arkade.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/prerequis/arkade.sh b/scripts/prerequis/arkade.sh
index b2457c344..b3a4b92ad 100755
--- a/scripts/prerequis/arkade.sh
+++ b/scripts/prerequis/arkade.sh
@@ -2,6 +2,11 @@
 set -eo pipefail
 
 find_home_profile(){
+  if [[ -z "$HOME" ]]; then
+    export user=$(whoami)
+    export HOME=$(awk -F":" -v v="$user" '{if ($1==v) print $6}' /etc/passwd)
+  fi
+
   if [[ "$SHELL" == *"/zsh" ]]; then
     HOME_PROFILE="$HOME/.zshrc"
   elif [[ "$SHELL" == *"/bash" ]]; then

From c08e110abc933615c186f53f97861a3ce1bb4628 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 16 Apr 2024 23:29:29 +0200
Subject: [PATCH 243/365] test pipeline

---
 test/DO/ansible/main.tf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 869d8c49e..57a676784 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -47,9 +47,8 @@ locals {
       "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
       "systemctl daemon-reload",
       "git clone ${var.repository} ~/rkub",
-      "echo $HOME",
-      "whoami",
       "cd ~/rkub && make prerequis",
+      "source ~/.bashrc",
       "cd ~/rkub/test && ansible-playbook playbooks/build.yml -e dir_build=\"${var.mount_point}/package\" -e package_name=\"${var.mount_point}/rke2_rancher_longhorn.zst\"",
     ]
   })

From 7246d0cd7ce11dabdb541c972bf9182efadd35d7 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 19 Apr 2024 22:16:23 +0200
Subject: [PATCH 244/365] workflows stage

---
 .github/workflows/stage.yml | 76 ++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 48 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index c0b23e440..e187e7302 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -8,10 +8,13 @@ env:
   DO_PAT: ${{secrets.DIGITALOCEAN_ACCESS_TOKEN}}
   AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
   AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
+  REGION: ${{secrets.DIGITALOCEAN_REGION}}
+  MOUNT_POINT: "/opt/rkub"
+  BUCKET: "rkub-github-action-${{ github.run_id }}"
 
 jobs:
-  backend:
-    name: Backend
+  bucket:
+    name: Bucket
     runs-on: ubuntu-latest
 
     steps:
@@ -19,72 +22,47 @@ jobs:
         uses: s3-actions/s3cmd@main
         with:
           provider: digitalocean
-          region: FRA1
+          region: ${{secrets.DIGITALOCEAN_REGION}}
           access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
           secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
       - name: Create Space Bucket
         run: |
           sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
-          buck="github-action-${{ github.run_id }}"
-          s3cmd mb s3://$buck
+          s3cmd mb s3://${BUCKET}
           sleep 10
-        continue-on-error: true
 
   package:
     name: Package
     runs-on: ubuntu-latest
-    needs: Backend
-
-    defaults:
-      run:
-        shell: bash
-        working-directory: ./test/DO/ansible
+    needs: Bucket
 
     steps:
       - name: Checkout files
         uses: actions/checkout@v4
 
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v3
-        with:
-          terraform_version: "1.7.3"
-
-      - name: Terraform Init
-        id: init
-        run: |
-          terraform init
-
-      - name: Terraform plan
+      - name: Install s3fs-fuse on Ubuntu
         run: |
-          terraform plan -out=terraform.tfplan \
-          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}" \
-          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
-          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
-          -var "repository=https://github.com/MozeBaltyk/Rkub.git" \
-          -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
-
-      - name: Terraform Apply
-        run: |
-          terraform apply terraform.tfplan
-          sleep 600
-
-      - name: Terraform plan delete stack
+          sudo apt-get install automake autotools-dev fuse g++ git libcurl4-gnutls-dev libfuse-dev libssl-dev libxml2-dev make pkg-config
+          git clone https://github.com/s3fs-fuse/s3fs-fuse.git
+          cd s3fs-fuse
+          ./autogen.sh
+          ./configure
+          make
+          sudo make install
+
+      - name: Mount Space Bucket
         run: |
-          terraform plan -destroy -out=terraform.tfplan \
-          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}" \
-          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
-          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
-          -var "repository=https://github.com/MozeBaltyk/Rkub.git" \
-          -var "terraform_backend_bucket_name=github-action-${{ github.run_id }}"
-        continue-on-error: true
+          echo "${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}:${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" > ./passwd-s3fs
+          chmod 600 ./passwd-s3fs
+          mkdir -p ${MOUNT_POINT}
+          s3fs ${BUCKET} ${MOUNT_POINT} -o url=https://${REGION}.digitaloceanspaces.com -o passwd_file=./passwd-s3fs
+          df -Th ${MOUNT_POINT}
 
-      - name: Terraform Apply
+      - name: Build
         run: |
-          terraform apply terraform.tfplan
-        continue-on-error: true
+          cd ./rkub/test
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/package" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst"
 
   deploy:
     name: Deploy
@@ -187,6 +165,7 @@ jobs:
 
       - name: Run playbook upload
         run: |
+          cd ./rkub/test
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/upload.yml
 
   install:
@@ -205,6 +184,7 @@ jobs:
 
       - name: Run playbook install
         run: |
+          cd ./rkub/test
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/install.yml
 
       #- name: Run Python Tests

From ac48d3cba830661f4e9710ecb9369941c286b909 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 19 Apr 2024 22:26:15 +0200
Subject: [PATCH 245/365] workflows stage

---
 .github/workflows/stage.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e187e7302..86d88feac 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -86,7 +86,7 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
-          terraform init -backend-config="bucket=github-action-${{ github.run_id }}"
+          terraform init -backend-config="bucket=${BUCKET}"
 
       - name: Terraform Validate
         id: validate
@@ -224,7 +224,7 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
-          terraform init -backend-config="bucket=github-action-${{ github.run_id }}"
+          terraform init -backend-config="bucket=${BUCKET}"
         continue-on-error: true
 
       - name: Terraform plan delete stack
@@ -247,14 +247,12 @@ jobs:
         uses: s3-actions/s3cmd@main
         with:
           provider: digitalocean
-          region: FRA1
+          region: ${{secrets.DIGITALOCEAN_REGION}}
           access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
           secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
 
       - name: Remove Space bucket
         run: |
           sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
-          buck="github-action-${{ github.run_id }}"
-          s3cmd rb s3://${buck} --recursive
+          s3cmd rb s3://${BUCKET} --recursive
           sleep 10
-        continue-on-error: true

From f0857739bf94978df138bc6aadd18d08ada908a9 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 19 Apr 2024 22:47:05 +0200
Subject: [PATCH 246/365] workflows stage

---
 .github/workflows/stage.yml | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 86d88feac..79346ddd2 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -38,9 +38,6 @@ jobs:
     needs: Bucket
 
     steps:
-      - name: Checkout files
-        uses: actions/checkout@v4
-
       - name: Install s3fs-fuse on Ubuntu
         run: |
           sudo apt-get install automake autotools-dev fuse g++ git libcurl4-gnutls-dev libfuse-dev libssl-dev libxml2-dev make pkg-config
@@ -59,9 +56,12 @@ jobs:
           s3fs ${BUCKET} ${MOUNT_POINT} -o url=https://${REGION}.digitaloceanspaces.com -o passwd_file=./passwd-s3fs
           df -Th ${MOUNT_POINT}
 
+      - name: Checkout files
+        uses: actions/checkout@v4
+
       - name: Build
         run: |
-          cd ./rkub/test
+          cd ./test
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/package" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst"
 
   deploy:
@@ -165,7 +165,6 @@ jobs:
 
       - name: Run playbook upload
         run: |
-          cd ./rkub/test
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/upload.yml
 
   install:
@@ -184,7 +183,6 @@ jobs:
 
       - name: Run playbook install
         run: |
-          cd ./rkub/test
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/install.yml
 
       #- name: Run Python Tests
@@ -197,7 +195,7 @@ jobs:
     name: Cleanup
     runs-on: ubuntu-latest
     needs: Install
-#    if: always()
+    if: always()
 
     defaults:
       run:

From 4e326129a02066f312cc86518ec3485d29e0cf8a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 10:03:29 +0200
Subject: [PATCH 247/365] workflows stage

---
 .github/workflows/stage.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 79346ddd2..00fea7c08 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -111,6 +111,10 @@ jobs:
         run: |
           terraform apply terraform.tfplan
 
+      - name: Terraform Apply
+        run: |
+          cat ../../inventory/hosts.ini
+
   reachable:
     name: Reachable
     runs-on: ubuntu-latest
@@ -125,6 +129,10 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
+      - name: Terraform Apply
+        run: |
+          cat ../../inventory/hosts.ini
+
       - name: Set up Python
         id: setup_python
         uses: actions/setup-python@v5

From 61fc758390e23d57cb488d8469458b62f241a1a6 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 11:57:38 +0200
Subject: [PATCH 248/365] workflows stage

---
 .github/workflows/stage.yml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 00fea7c08..5388770c5 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -67,7 +67,6 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-    needs: Package
 
     defaults:
       run:
@@ -199,10 +198,20 @@ jobs:
       #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
       #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
 
+  delay:
+    name: Delay
+    runs-on: ubuntu-latest
+    needs: Install
+    steps:
+      - name: Delay one hour
+        uses: whatnick/wait-action@master
+        with:
+          time: '3600s'
+
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
-    needs: Install
+    needs: Delay
     if: always()
 
     defaults:

From 1df2e1da034464959ca4eac4d5bfe6c62331f952 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 12:04:42 +0200
Subject: [PATCH 249/365] workflows stage

---
 .github/workflows/stage.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 5388770c5..e3f0986c3 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -67,6 +67,7 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
+    needs: Bucket
 
     defaults:
       run:

From f1d96c0a30ac71d87800e140ff6164962418ec58 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 13:19:40 +0200
Subject: [PATCH 250/365] workflows stage

---
 .github/workflows/stage.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e3f0986c3..a9adac6cd 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -115,6 +115,13 @@ jobs:
         run: |
           cat ../../inventory/hosts.ini
 
+      - name: Inventory artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: inventory
+          path: |
+            ../../inventory/hosts.ini
+
   reachable:
     name: Reachable
     runs-on: ubuntu-latest
@@ -126,11 +133,18 @@ jobs:
         working-directory: ./test
 
     steps:
+      - name: Download inventory
+        uses: actions/download-artifact@v4
+        with:
+          name: inventory
+
       - name: Checkout files
         uses: actions/checkout@v4
 
       - name: Terraform Apply
         run: |
+          pwd
+          ls
           cat ../../inventory/hosts.ini
 
       - name: Set up Python

From 6a2dd517c23c30607b442ee30ec7abf2826d6a16 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 13:35:23 +0200
Subject: [PATCH 251/365] workflows stage

---
 .github/workflows/stage.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index a9adac6cd..02dab8800 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -72,7 +72,7 @@ jobs:
     defaults:
       run:
         shell: bash
-        working-directory: ./test/DO/infra
+        #working-directory: ./test/DO/infra
 
     steps:
       - name: Checkout files
@@ -86,15 +86,19 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
+          cd ./test/DO/infra
           terraform init -backend-config="bucket=${BUCKET}"
 
       - name: Terraform Validate
         id: validate
-        run: terraform validate -no-color
+        run: |
+          cd ./test/DO/infra
+          terraform validate -no-color
 
       - name: Terraform Plan
         id: plan
         run: |
+          cd ./test/DO/infra
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
@@ -109,18 +113,21 @@ jobs:
 
       - name: Terraform Apply
         run: |
+          cd ./test/DO/infra
           terraform apply terraform.tfplan
 
       - name: Terraform Apply
         run: |
-          cat ../../inventory/hosts.ini
+          cd ./test/DO/infra
+          cat inventory/hosts.ini
 
+      # No relative path allowed
       - name: Inventory artifacts
         uses: actions/upload-artifact@v4
         with:
           name: inventory
           path: |
-            ../../inventory/hosts.ini
+            inventory/hosts.ini
 
   reachable:
     name: Reachable
@@ -145,7 +152,7 @@ jobs:
         run: |
           pwd
           ls
-          cat ../../inventory/hosts.ini
+          cat inventory/hosts.ini
 
       - name: Set up Python
         id: setup_python

From 264411bfd3879049a93a361b78d457514e604781 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 13:43:58 +0200
Subject: [PATCH 252/365] workflows stage

---
 .github/workflows/stage.yml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 02dab8800..4e23321d0 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -72,7 +72,7 @@ jobs:
     defaults:
       run:
         shell: bash
-        #working-directory: ./test/DO/infra
+        working-directory: ./test
 
     steps:
       - name: Checkout files
@@ -86,19 +86,19 @@ jobs:
       - name: Terraform Init
         id: init
         run: |
-          cd ./test/DO/infra
+          cd ./DO/infra
           terraform init -backend-config="bucket=${BUCKET}"
 
       - name: Terraform Validate
         id: validate
         run: |
-          cd ./test/DO/infra
+          cd ./DO/infra
           terraform validate -no-color
 
       - name: Terraform Plan
         id: plan
         run: |
-          cd ./test/DO/infra
+          cd ./DO/infra
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
@@ -113,12 +113,11 @@ jobs:
 
       - name: Terraform Apply
         run: |
-          cd ./test/DO/infra
+          cd ./DO/infra
           terraform apply terraform.tfplan
 
       - name: Terraform Apply
         run: |
-          cd ./test/DO/infra
           cat inventory/hosts.ini
 
       # No relative path allowed

From 2d7ac04dd6b04e884999477fd96cae5b155eafcc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 14:01:41 +0200
Subject: [PATCH 253/365] workflows stage

---
 .github/workflows/stage.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 4e23321d0..723f0dae6 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -116,8 +116,12 @@ jobs:
           cd ./DO/infra
           terraform apply terraform.tfplan
 
-      - name: Terraform Apply
+      - name: Display inventory
         run: |
+          pwd
+          ls
+          echo ${{ github.workspace }}
+          ls ${{ github.workspace }}/test/inventory/hosts.ini
           cat inventory/hosts.ini
 
       # No relative path allowed
@@ -126,7 +130,8 @@ jobs:
         with:
           name: inventory
           path: |
-            inventory/hosts.ini
+            ${{ github.workspace }}/test/inventory/hosts.ini
+          if-no-files-found: error
 
   reachable:
     name: Reachable

From ed4cf669be4cd9826bd1e5bd8d607148368755ad Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 14:15:24 +0200
Subject: [PATCH 254/365] workflows stage

---
 .github/workflows/stage.yml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 723f0dae6..204539386 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -118,10 +118,7 @@ jobs:
 
       - name: Display inventory
         run: |
-          pwd
-          ls
-          echo ${{ github.workspace }}
-          ls ${{ github.workspace }}/test/inventory/hosts.ini
+          ls -l ${{ github.workspace }}/test/inventory/hosts.ini
           cat inventory/hosts.ini
 
       # No relative path allowed
@@ -144,18 +141,19 @@ jobs:
         working-directory: ./test
 
     steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
       - name: Download inventory
         uses: actions/download-artifact@v4
         with:
           name: inventory
 
-      - name: Checkout files
-        uses: actions/checkout@v4
-
       - name: Terraform Apply
         run: |
           pwd
-          ls
+          ls -l
+          ls -l ${{ github.workspace }}/test/inventory/
           cat inventory/hosts.ini
 
       - name: Set up Python

From 5754955fab880e04e84bf9dcbe8b75ba96c308f1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 22:35:14 +0200
Subject: [PATCH 255/365] workflows stage

---
 .github/workflows/stage.yml | 46 +++++++++++++++------------------
 test/DO/README.md           |  4 ++-
 test/DO/infra/main.tf       | 51 ++++++++++++++++++++++++++++++++++---
 test/DO/infra/variables.tf  | 13 ++++++++++
 4 files changed, 85 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 204539386..521f7ccba 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -62,7 +62,7 @@ jobs:
       - name: Build
         run: |
           cd ./test
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/package" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst"
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/rancher" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst"
 
   deploy:
     name: Deploy
@@ -104,7 +104,9 @@ jobs:
           -var "do_token=${DO_PAT}" \
           -var "do_worker_count=0" \
           -var "do_controller_count=1" \
-          -var "do_instance_size=s-2vcpu-4gb"
+          -var "do_instance_size=s-2vcpu-4gb" \
+          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}"
         continue-on-error: true
 
       - name: Terraform Plan Status
@@ -149,12 +151,9 @@ jobs:
         with:
           name: inventory
 
-      - name: Terraform Apply
+      - name: Check if inventory present
         run: |
-          pwd
-          ls -l
-          ls -l ${{ github.workspace }}/test/inventory/
-          cat inventory/hosts.ini
+          cat ${{ github.workspace }}/hosts.ini
 
       - name: Set up Python
         id: setup_python
@@ -168,10 +167,11 @@ jobs:
           pip3 install ansible pytest-testinfra
           ansible --version
 
-      - name: Get key
+      - name: Get key and hosts.ini
         run: |
           echo "$SSH_KEY" > .key
           chmod 400 .key
+          cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini
         shell: bash
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
@@ -180,8 +180,8 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -u root -vv --private-key .key
 
-  upload:
-    name: Upload
+  install:
+    name: Install
     runs-on: ubuntu-latest
     needs: [ Reachable, Package ]
 
@@ -194,23 +194,19 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
-      - name: Run playbook upload
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/upload.yml
-
-  install:
-    name: Install
-    runs-on: ubuntu-latest
-    needs: [ Reachable, Upload ]
+      - name: Download inventory
+        uses: actions/download-artifact@v4
+        with:
+          name: inventory
 
-    defaults:
-      run:
+      - name: Get key and hosts.ini
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+          cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini
         shell: bash
-        working-directory: ./test
-
-    steps:
-      - name: Checkout files
-        uses: actions/checkout@v4
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
       - name: Run playbook install
         run: |
diff --git a/test/DO/README.md b/test/DO/README.md
index 9c31589ca..42db4fb5a 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -63,7 +63,9 @@ terraform plan -out=terraform.tfplan \
 -var "do_token=${DO_PAT}" \
 -var "do_worker_count=1" \
 -var "do_controller_count=3" \
--var "do_instance_size=s-1vcpu-1gb"
+-var "do_instance_size=s-1vcpu-1gb" \
+-var "spaces_access_key_id=${SPACES_ACCESS_TOKEN}" \
+-var "spaces_access_key_secret=${SPACES_SECRET_KEY}"
 
 # Apply
 terraform apply terraform.tfplan
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index ec4581c38..ac79e239a 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -40,6 +40,52 @@ resource "digitalocean_vpc" "rkub-project-network" {
   region   = var.region
 }
 
+locals {
+  cloud_init_config = yamlencode({
+    yum_repos = {
+      epel-release = {
+        name = "Extra Packages for Enterprise Linux 8 - Release"
+        baseurl = "http://download.fedoraproject.org/pub/epel/8/Everything/$basearch"
+        enabled = true
+        failovermethod = "priority"
+        gpgcheck = true
+        gpgkey = "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8"
+      }
+    },
+    packages = [
+      "epel-release",
+      "s3fs-fuse",
+      "git",
+      "ansible",
+      "make"
+    ],
+    write_files = [{
+      owner       = "root:root"
+      path        = "/etc/passwd-s3fs"
+      permissions = "0600"
+      content     = "${var.spaces_access_key_id}:${var.spaces_access_key_secret}"
+    }],
+    runcmd = [
+      "systemctl daemon-reload",
+      "mkdir -p ${var.mount_point}",
+      "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
+      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
+      "systemctl daemon-reload",
+    ]
+  })
+}
+
+# Convert our cloud-init config to userdata
+# Userdata runs at first boot when the droplets are created
+data "cloudinit_config" "server_config" {
+  gzip          = false
+  base64_encode = false
+  part {
+    content_type = "text/cloud-config"
+    content      = local.cloud_init_config
+  }
+}
+
 ###
 ### Droplet INSTANCES
 ###
@@ -57,9 +103,8 @@ resource "digitalocean_droplet" "controllers" {
       "${var.do_system}_controllers",
       ]
     vpc_uuid = digitalocean_vpc.rkub-project-network.id
-    ssh_keys = [
-      data.digitalocean_ssh_key.terraform.id
-    ]
+    ssh_keys = [ data.digitalocean_ssh_key.terraform.id ]
+    user_data = data.cloudinit_config.server_config.rendered
 }
 
 output "ip_address_controllers" {
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index ae1ccee22..380642308 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -48,3 +48,16 @@ variable "terraform_backend_bucket_name" {
   description = "Unique bucket name for storing terraform backend data"
   default = "terraform-backend-github"
 }
+
+variable "mount_point" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "/mnt/rkub"
+}
+
+variable "spaces_access_key_id" {
+  description = "Digital Ocean Spaces Access ID"
+}
+
+variable "spaces_access_key_secret" {
+  description = "Digital Ocean Spaces Access Key"
+}

From f58fb260876d1d4a487a4cdaeaf75e252b9fbc21 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 20 Apr 2024 23:14:01 +0200
Subject: [PATCH 256/365] workflows stage

---
 test/DO/infra/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index 380642308..f1676bbc7 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -51,7 +51,7 @@ variable "terraform_backend_bucket_name" {
 
 variable "mount_point" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "/mnt/rkub"
+  default = "/opt"
 }
 
 variable "spaces_access_key_id" {

From 7bd993deddd206acb0881b534685e2dc699bfe56 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 00:00:11 +0200
Subject: [PATCH 257/365] workflows stage

---
 .github/workflows/stage.yml | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 521f7ccba..fe8d467b5 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -9,13 +9,14 @@ env:
   AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
   AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
   REGION: ${{secrets.DIGITALOCEAN_REGION}}
-  MOUNT_POINT: "/opt/rkub"
+  MOUNT_POINT: "/opt"
   BUCKET: "rkub-github-action-${{ github.run_id }}"
 
 jobs:
   bucket:
     name: Bucket
     runs-on: ubuntu-latest
+    timeout-minutes: 10
 
     steps:
       - name: Set up S3cmd cli tool
@@ -36,6 +37,7 @@ jobs:
     name: Package
     runs-on: ubuntu-latest
     needs: Bucket
+    timeout-minutes: 60
 
     steps:
       - name: Install s3fs-fuse on Ubuntu
@@ -68,6 +70,7 @@ jobs:
     name: Deploy
     runs-on: ubuntu-latest
     needs: Bucket
+    timeout-minutes: 20
 
     defaults:
       run:
@@ -106,7 +109,8 @@ jobs:
           -var "do_controller_count=1" \
           -var "do_instance_size=s-2vcpu-4gb" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
-          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}"
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
+          -var "mount_point=${MOUNT_POINT}"
         continue-on-error: true
 
       - name: Terraform Plan Status
@@ -136,6 +140,7 @@ jobs:
     name: Reachable
     runs-on: ubuntu-latest
     needs: deploy
+    timeout-minutes: 10
 
     defaults:
       run:
@@ -184,6 +189,7 @@ jobs:
     name: Install
     runs-on: ubuntu-latest
     needs: [ Reachable, Package ]
+    timeout-minutes: 60
 
     defaults:
       run:
@@ -210,7 +216,7 @@ jobs:
 
       - name: Run playbook install
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/install.yml
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
 
       #- name: Run Python Tests
       #  run: |
@@ -233,6 +239,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: Delay
     if: always()
+    timeout-minutes: 30
 
     defaults:
       run:
@@ -270,7 +277,10 @@ jobs:
           -var "do_token=${DO_PAT}" \
           -var "do_worker_count=0" \
           -var "do_controller_count=1" \
-          -var "do_instance_size=s-2vcpu-4gb"
+          -var "do_instance_size=s-2vcpu-4gb" \
+          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
+          -var "mount_point=${MOUNT_POINT}"
         continue-on-error: true
 
       - name: Terraform Apply

From bb45be38442d74d9035a8b7f9443359892c83c69 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 00:08:21 +0200
Subject: [PATCH 258/365] workflows stage

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index fe8d467b5..9fc38b8a3 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -9,7 +9,7 @@ env:
   AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
   AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
   REGION: ${{secrets.DIGITALOCEAN_REGION}}
-  MOUNT_POINT: "/opt"
+  MOUNT_POINT: "/opt/rkub"
   BUCKET: "rkub-github-action-${{ github.run_id }}"
 
 jobs:

From 5ca7632d66db88bd86bc9abdbf2fa87080bea781 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 09:02:11 +0200
Subject: [PATCH 259/365] workflows stage

---
 .github/workflows/stage.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 9fc38b8a3..cd6620b1b 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -228,6 +228,8 @@ jobs:
     name: Delay
     runs-on: ubuntu-latest
     needs: Install
+    if: always()
+
     steps:
       - name: Delay one hour
         uses: whatnick/wait-action@master

From 4131bde704d099a05f34fa4e688f48176ebbd6e4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 10:30:34 +0200
Subject: [PATCH 260/365] workflows stage

---
 .github/workflows/stage.yml                   | 4 +++-
 README.md                                     | 1 +
 playbooks/vars/main.yml                       | 1 +
 roles/build_airgap_package/defaults/main.yml  | 1 +
 roles/build_airgap_package/tasks/compress.yml | 3 ++-
 roles/set_nfs_export/tasks/install.yml        | 4 ++--
 test/DO/ansible/main.tf                       | 2 +-
 test/DO/infra/main.tf                         | 2 +-
 8 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index cd6620b1b..cac3ccc7e 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -64,7 +64,7 @@ jobs:
       - name: Build
         run: |
           cd ./test
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/rancher" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst"
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/rancher" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst" -e archive="False"
 
   deploy:
     name: Deploy
@@ -111,6 +111,7 @@ jobs:
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}"
+          -var "terraform_backend_bucket_name=${BUCKET}"
         continue-on-error: true
 
       - name: Terraform Plan Status
@@ -283,6 +284,7 @@ jobs:
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}"
+          -var "terraform_backend_bucket_name=${BUCKET}"
         continue-on-error: true
 
       - name: Terraform Apply
diff --git a/README.md b/README.md
index 9110945bb..ce9c7dcd8 100644
--- a/README.md
+++ b/README.md
@@ -80,6 +80,7 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory
 -e dir_build="$HOME/rkub"                          # Directory where to upload everything (count 30G)
 -e package_name="rke2_rancher_longhorn.zst"        # Name of the package, by default rke2_rancher_longhorn.zst
+-e archive="True"                                  # Archive tar.zst true or false
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index cf3ff8e0b..13ec20915 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -17,6 +17,7 @@ global_rke2_selinux_rpm_version: "rke2-selinux-0.17-1"                    #.el{{
 # General
 global_install_user: "{{ install_user | default('kuberoot') }}"
 global_directory_package_build: "{{ dir_build | default('$HOME/rkub') }}"
+global_archive_tar_zst_bool: "{{ archive | default('true') | bool }}"
 
 # Local
 global_package_name: "{{ package_name | default('rke2_rancher_longhorn.zst') }}"
diff --git a/roles/build_airgap_package/defaults/main.yml b/roles/build_airgap_package/defaults/main.yml
index aa1ef9248..31f920f0a 100644
--- a/roles/build_airgap_package/defaults/main.yml
+++ b/roles/build_airgap_package/defaults/main.yml
@@ -10,6 +10,7 @@ NEU_VERSION: "{{ global_NEU_VERSION }}"
 directory_package: "{{ global_directory_package_build }}"
 tar_zst_name: "{{ global_package_name }}"
 path_to_package_zst: "{{ global_path_to_package_zst }}"
+archive_wanted: "{{ global_archive_tar_zst_bool }}"
 list_directory_package:
     - "{{ directory_package }}/rke2_{{ rke2_version }}"
     - "{{ directory_package }}/helm"
diff --git a/roles/build_airgap_package/tasks/compress.yml b/roles/build_airgap_package/tasks/compress.yml
index cfe71f18b..a2bbe67ac 100644
--- a/roles/build_airgap_package/tasks/compress.yml
+++ b/roles/build_airgap_package/tasks/compress.yml
@@ -4,4 +4,5 @@
     "tar -I zstd -vcf {{ tar_zst_name }} -C {{ directory_package }} ."
   args:
     chdir: "{{ directory_package }}/.."
-  changed_when: false
\ No newline at end of file
+  changed_when: false
+  when: archive_wanted
diff --git a/roles/set_nfs_export/tasks/install.yml b/roles/set_nfs_export/tasks/install.yml
index 9c7fe28b6..1eb24ef21 100644
--- a/roles/set_nfs_export/tasks/install.yml
+++ b/roles/set_nfs_export/tasks/install.yml
@@ -16,7 +16,7 @@
     - name: Share out directory via NFS
       ansible.builtin.lineinfile:
         path: /etc/exports
-        line: "{{ export_nfs_path }} *(ro)"
+        line: "{{ export_nfs_path }} *(ro,fsid=1,sync,no_root_squash,no_all_squash)"
       notify: Restart_NFS_Server
 
     - name: Enable and start NFS server service
@@ -30,4 +30,4 @@
         src: "{{ export_nfs_path }}"
         dest: "{{ symlink_mount_path }}"
         state: link
-      when: export_nfs_path != symlink_mount_path
\ No newline at end of file
+      when: export_nfs_path != symlink_mount_path
diff --git a/test/DO/ansible/main.tf b/test/DO/ansible/main.tf
index 57a676784..1b33df2f3 100644
--- a/test/DO/ansible/main.tf
+++ b/test/DO/ansible/main.tf
@@ -44,7 +44,7 @@ locals {
       "systemctl daemon-reload",
       "mkdir -p ${var.mount_point}",
       "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
-      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
+      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,nonempty,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
       "systemctl daemon-reload",
       "git clone ${var.repository} ~/rkub",
       "cd ~/rkub && make prerequis",
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index ac79e239a..f4ee7dc7a 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -69,7 +69,7 @@ locals {
       "systemctl daemon-reload",
       "mkdir -p ${var.mount_point}",
       "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
-      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
+      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,nonempty,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
       "systemctl daemon-reload",
     ]
   })

From d08eddc6a8966f6193e7d346272db3373fa86ab1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 12:50:59 +0200
Subject: [PATCH 261/365] workflows stage

---
 .github/workflows/stage.yml | 4 ++--
 README.md                   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index cac3ccc7e..2a7004f9f 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -110,7 +110,7 @@ jobs:
           -var "do_instance_size=s-2vcpu-4gb" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
-          -var "mount_point=${MOUNT_POINT}"
+          -var "mount_point=${MOUNT_POINT}" \
           -var "terraform_backend_bucket_name=${BUCKET}"
         continue-on-error: true
 
@@ -283,7 +283,7 @@ jobs:
           -var "do_instance_size=s-2vcpu-4gb" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
-          -var "mount_point=${MOUNT_POINT}"
+          -var "mount_point=${MOUNT_POINT}" \
           -var "terraform_backend_bucket_name=${BUCKET}"
         continue-on-error: true
 
diff --git a/README.md b/README.md
index ce9c7dcd8..062bf2047 100644
--- a/README.md
+++ b/README.md
@@ -80,7 +80,7 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory
 -e dir_build="$HOME/rkub"                          # Directory where to upload everything (count 30G)
 -e package_name="rke2_rancher_longhorn.zst"        # Name of the package, by default rke2_rancher_longhorn.zst
--e archive="True"                                  # Archive tar.zst true or false
+-e archive="True"                                  # Archive tar.zst true or false (default value "true")
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 

From d8d7f488a2218761530f6fc2875df65a316afba7 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 14:22:48 +0200
Subject: [PATCH 262/365] workflows stage

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 2a7004f9f..ff6f8f0eb 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -217,7 +217,7 @@ jobs:
 
       - name: Run playbook install
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root -vv --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
 
       #- name: Run Python Tests
       #  run: |

From d78a9f47927134a6093c28a6cb0825bb9d69f54c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 15:35:32 +0200
Subject: [PATCH 263/365] workflows stage

---
 .github/workflows/stage.yml                   | 15 +++++++++------
 .../install_rke2_controller/handlers/main.yml | 11 +++++++++--
 .../templates/new-config.yaml.j2              | 19 -------------------
 3 files changed, 18 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index ff6f8f0eb..19ab1c066 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -11,6 +11,9 @@ env:
   REGION: ${{secrets.DIGITALOCEAN_REGION}}
   MOUNT_POINT: "/opt/rkub"
   BUCKET: "rkub-github-action-${{ github.run_id }}"
+  CONTROLLER_COUNT: "1"
+  WORKER_COUNT: "0"
+  SIZE: "s-2vcpu-4gb"
 
 jobs:
   bucket:
@@ -105,9 +108,9 @@ jobs:
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=0" \
-          -var "do_controller_count=1" \
-          -var "do_instance_size=s-2vcpu-4gb" \
+          -var "do_worker_count=${WORKER_COUNT}" \
+          -var "do_controller_count=${CONTROLLER_COUNT}" \
+          -var "do_instance_size=${SIZE}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
@@ -278,9 +281,9 @@ jobs:
           terraform plan -destroy -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
           -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=0" \
-          -var "do_controller_count=1" \
-          -var "do_instance_size=s-2vcpu-4gb" \
+          -var "do_worker_count=${WORKER_COUNT}" \
+          -var "do_controller_count=${CONTROLLER_COUNT}" \
+          -var "do_instance_size=${SIZE}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
diff --git a/roles/install_rke2_controller/handlers/main.yml b/roles/install_rke2_controller/handlers/main.yml
index 75dd96ff6..d31d844ca 100644
--- a/roles/install_rke2_controller/handlers/main.yml
+++ b/roles/install_rke2_controller/handlers/main.yml
@@ -14,11 +14,18 @@
 - name: Restart rke2-server
   ansible.builtin.systemd:
     name: rke2-server.service
-    state: restarted
+    state: stopped
+  notify: "Start rke2-server"
+
+- name: Start rke2-server
+  ansible.builtin.systemd:
+    name: rke2-server.service
+    state: started
+    enabled: true
   notify: "Service (re)started"
 
 - name: Restart rke2-agent
   ansible.builtin.systemd:
     name: rke2-agent.service
     state: restarted
-  notify: "Service (re)started"
\ No newline at end of file
+  notify: "Service (re)started"
diff --git a/roles/install_rke2_controller/templates/new-config.yaml.j2 b/roles/install_rke2_controller/templates/new-config.yaml.j2
index cf6af235b..d5c39f11d 100644
--- a/roles/install_rke2_controller/templates/new-config.yaml.j2
+++ b/roles/install_rke2_controller/templates/new-config.yaml.j2
@@ -30,22 +30,3 @@ tls-san:
 disable: {{ rke2_disable }}
 {% endif %}
 secrets-encryption: true
-kube-controller-manager-arg:
-- bind-address=127.0.0.1
-- use-service-account-credentials=true
-- tls-min-version=VersionTLS12
-- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-kube-scheduler-arg:
-- tls-min-version=VersionTLS12
-- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-kube-apiserver-arg:
-- tls-min-version=VersionTLS12
-- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-- authorization-mode=RBAC,Node
-- anonymous-auth=false
-- audit-policy-file=/etc/rancher/rke2/audit-policy.yaml
-- audit-log-mode=blocking-strict- audit-log-maxage=30
-kubelet-arg:
-- protect-kernel-defaults=true
-- read-only-port=0
-- authorization-mode=Webhook

From e0b30dc0fa7058e9e318d1d71c84e805fc0a0988 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 21 Apr 2024 17:17:02 +0200
Subject: [PATCH 264/365] workflows stage

---
 roles/install_rke2_controller/tasks/install.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 94a2bc0b7..6578b2509 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -124,9 +124,6 @@
         state: started
         enabled: true
       notify: "Service (re)started"
-      register: rke2_service
-      until: rke2_service is succeeded
-      retries: 5
 
     - name: Wait for k8s apiserver
       ansible.builtin.wait_for:

From 8bc8ed1507dfdb4a1ccea736e8346aa1ac5eeccc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 10:58:13 +0200
Subject: [PATCH 265/365] workflows stage

---
 playbooks/vars/main.yml                       |  2 +-
 roles/build_airgap_package/tasks/rke2.yml     | 20 ++++++++++++++++++
 roles/install_rke2_common/handlers/main.yml   |  2 +-
 roles/install_rke2_common/tasks/main.yml      |  3 +++
 .../templates/config.yaml.j2                  | 19 -----------------
 .../templates/new-config.yaml.j2              |  8 +++----
 roles/set_nfs_export/defaults/main.yml        |  4 ++--
 test/DO/README.md                             | 21 ++++++++++++++-----
 test/DO/infra/variables.tf                    |  4 ++--
 9 files changed, 48 insertions(+), 35 deletions(-)

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 13ec20915..2135b8aed 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -1,6 +1,6 @@
 ---
 # Version products
-global_rke2_version: "1.27.10"
+global_rke2_version: "1.27.12"
 global_kubevip_version: "0.7.0"
 global_helm_version: "3.14.0"
 global_CERT_VERSION: "1.14.1"
diff --git a/roles/build_airgap_package/tasks/rke2.yml b/roles/build_airgap_package/tasks/rke2.yml
index 6f9f508d0..7c8ee09d4 100644
--- a/roles/build_airgap_package/tasks/rke2.yml
+++ b/roles/build_airgap_package/tasks/rke2.yml
@@ -46,6 +46,16 @@
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
         mode: "0750"
 
+    - name: Download rke2-images.linux-amd64.tar.zst
+      ansible.builtin.get_url:
+        url: "https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/{{ item }}"
+        dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ item }}"
+        mode: "0750"
+      loop:
+        - rke2-common-{{ rke2_version }}.rke2r1-0.el{{ ansible_distribution_major_version }}.x86_64.rpm
+        - rke2-agent-{{ rke2_version }}.rke2r1-0.el{{ ansible_distribution_major_version }}.x86_64.rpm
+        - rke2-server-{{ rke2_version }}.rke2r1-0.el{{ ansible_distribution_major_version }}.x86_64.rpm
+
 # if localhost is not a RHEL-like take el8
 - name: Download if localhost not a RHEL-like and take by default el8
   when:
@@ -62,3 +72,13 @@
         url: "https://github.com/rancher/rke2-selinux/releases/download/{{ rke2_selinux_repo_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
         mode: "0750"
+
+    - name: Download rke2-images.linux-amd64.tar.zst
+      ansible.builtin.get_url:
+        url: "https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/{{ item }}"
+        dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ item }}"
+        mode: "0750"
+      loop:
+        - rke2-common-{{ rke2_version }}.rke2r1-0.el8.x86_64.rpm
+        - rke2-agent-{{ rke2_version }}.rke2r1-0.el8.x86_64.rpm
+        - rke2-server-{{ rke2_version }}.rke2r1-0.el8.x86_64.rpm
diff --git a/roles/install_rke2_common/handlers/main.yml b/roles/install_rke2_common/handlers/main.yml
index 0cadba7a6..16e05a870 100644
--- a/roles/install_rke2_common/handlers/main.yml
+++ b/roles/install_rke2_common/handlers/main.yml
@@ -24,6 +24,6 @@
   notify: "Service (re)started"
 
 - name: Restart systemd-sysctl
-  ansible.builtin.service:
+  ansible.builtin.systemd:
     state: restarted
     name: systemd-sysctl
diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index 3f47014b5..7ec644996 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -29,3 +29,6 @@
 - name: RKE2 Install specific for RHEL-like OS
   ansible.builtin.import_tasks: rhel.yml
   when: ansible_os_family == "RedHat"
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
diff --git a/roles/install_rke2_controller/templates/config.yaml.j2 b/roles/install_rke2_controller/templates/config.yaml.j2
index fe733013e..c10b3a1da 100644
--- a/roles/install_rke2_controller/templates/config.yaml.j2
+++ b/roles/install_rke2_controller/templates/config.yaml.j2
@@ -2,22 +2,3 @@
 selinux: true
 secrets-encryption: true
 write-kubeconfig-mode: 0600
-kube-controller-manager-arg:
-- bind-address=127.0.0.1
-- use-service-account-credentials=true
-- tls-min-version=VersionTLS12
-- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-kube-scheduler-arg:
-- tls-min-version=VersionTLS12
-- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-kube-apiserver-arg:
-- tls-min-version=VersionTLS12
-- tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-- authorization-mode=RBAC,Node
-- anonymous-auth=false
-- audit-policy-file=/etc/rancher/rke2/audit-policy.yaml
-- audit-log-mode=blocking-strict- audit-log-maxage=30
-kubelet-arg:
-- protect-kernel-defaults=true
-- read-only-port=0
-- authorization-mode=Webhook
\ No newline at end of file
diff --git a/roles/install_rke2_controller/templates/new-config.yaml.j2 b/roles/install_rke2_controller/templates/new-config.yaml.j2
index d5c39f11d..92b2c3a71 100644
--- a/roles/install_rke2_controller/templates/new-config.yaml.j2
+++ b/roles/install_rke2_controller/templates/new-config.yaml.j2
@@ -1,8 +1,10 @@
+{% if inventory_hostname in groups['RKE2_CONTROLLERS'][0] %}
+{% else %}
 server: https://{{ master }}:9345
+{% endif %}
 {% if rke2_config_token is defined %}
 token: {{ rke2_config_token }}
 {% endif %}
-
 # Common
 {% if rke2_profile_activated %}
 profile: cis
@@ -12,7 +14,6 @@ write-kubeconfig-mode: 0600
 data-dir: {{ rke2_data_dir }}
 cluster-cidr: {{ rke2_cluster_cidr }}
 service-cidr: {{ rke2_service_cidr }}
-
 # Config Controller
 selinux: true
 {% if ( rke2_cni is defined ) and ( rke2_cni | type_debug == "list" ) %}
@@ -26,7 +27,4 @@ cni: {{ rke2_cni }}
 tls-san:
   - cluster.local
   - {{ control_plane_endpoint }}
-{% if rke2_disable %}
-disable: {{ rke2_disable }}
-{% endif %}
 secrets-encryption: true
diff --git a/roles/set_nfs_export/defaults/main.yml b/roles/set_nfs_export/defaults/main.yml
index 5a4f9c4a0..491ccf2da 100644
--- a/roles/set_nfs_export/defaults/main.yml
+++ b/roles/set_nfs_export/defaults/main.yml
@@ -1,6 +1,6 @@
 ---
 # defaults file for export_nfs
 
-export_nfs_path: "{{ global_directory_package_target }}/rancher"
+export_nfs_path: "{{ global_directory_package_target }}"
 export_nfs_registry_path: "{{ export_nfs_path }}/registry"
-symlink_mount_path: "{{ global_directory_mount }}"
\ No newline at end of file
+symlink_mount_path: "{{ global_directory_mount }}"
diff --git a/test/DO/README.md b/test/DO/README.md
index 42db4fb5a..d3a8a0c21 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -28,8 +28,19 @@ s3cmd mb s3://github-action-8147167750
 
 # delete
 s3cmd rb s3://github-action-8147167750 --recursive
+
+# with terraform
+cd ./test/DO/backend
+terraform init
+terraform plan -out=terraform.tfplan \
+-var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" \
+-var "do_token=${DO_PAT}" \
+-var "spaces_access_key_id=${AWS_ACCESS_KEY_ID}" \
+-var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
 ```
 
+
+
 ## Create an infra
 
 ```bash
@@ -58,14 +69,14 @@ terraform init -backend-config="bucket=terraform-backend-github"
 terraform apply -var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" -var "do_token=${DO_PAT}" -auto-approve
 
 # Deploy
-terraform plan -out=terraform.tfplan \
+terraform plan -destroy -out=terraform.tfplan \
 -var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" \
 -var "do_token=${DO_PAT}" \
--var "do_worker_count=1" \
--var "do_controller_count=3" \
+-var "do_worker_count=0" \
+-var "do_controller_count=1" \
 -var "do_instance_size=s-1vcpu-1gb" \
--var "spaces_access_key_id=${SPACES_ACCESS_TOKEN}" \
--var "spaces_access_key_secret=${SPACES_SECRET_KEY}"
+-var "spaces_access_key_id=${AWS_ACCESS_KEY_ID}" \
+-var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
 
 # Apply
 terraform apply terraform.tfplan
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index f1676bbc7..e6c673bbd 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -6,7 +6,7 @@ variable "do_token" {
 variable "do_instance_size" {
   type = string
   description = "VM size"
-  default = "s-1vcpu-1gb"
+  default = "s-2vcpu-4gb"
 }
 
 variable "do_controller_count" {
@@ -51,7 +51,7 @@ variable "terraform_backend_bucket_name" {
 
 variable "mount_point" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "/opt"
+  default = "/opt/rkub"
 }
 
 variable "spaces_access_key_id" {

From 1e52ca454762b46f8cf412dec721f7dbcbc36322 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 11:32:05 +0200
Subject: [PATCH 266/365] workflows stage

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 19ab1c066..e13973e64 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -67,7 +67,7 @@ jobs:
       - name: Build
         run: |
           cd ./test
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}/rancher" -e package_name="${MOUNT_POINT}/rke2_rancher_longhorn.zst" -e archive="False"
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}" -e archive="False"
 
   deploy:
     name: Deploy

From 94bdf3260cca7bf83517964145f74cae81ca3f3f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 12:13:02 +0200
Subject: [PATCH 267/365] workflows stage

---
 .github/workflows/stage.yml             | 2 +-
 roles/upload_package_zst/tasks/main.yml | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e13973e64..809af47f8 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -10,7 +10,7 @@ env:
   AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
   REGION: ${{secrets.DIGITALOCEAN_REGION}}
   MOUNT_POINT: "/opt/rkub"
-  BUCKET: "rkub-github-action-${{ github.run_id }}"
+  BUCKET: "rkub-github-action-${{ github.run_id }}" #terraform-backend-github
   CONTROLLER_COUNT: "1"
   WORKER_COUNT: "0"
   SIZE: "s-2vcpu-4gb"
diff --git a/roles/upload_package_zst/tasks/main.yml b/roles/upload_package_zst/tasks/main.yml
index 09bec8298..fd8d4e76e 100644
--- a/roles/upload_package_zst/tasks/main.yml
+++ b/roles/upload_package_zst/tasks/main.yml
@@ -39,7 +39,7 @@
 
 - name: Ensure target directory exist and accessible to connexion user
   ansible.builtin.file:
-    path: "{{ global_directory_package_target }}/rancher"
+    path: "{{ global_directory_package_target }}"
     state: directory
     recurse: true
     owner: "{{ ansible_user }}"
@@ -57,5 +57,5 @@
 - name: Unarchive Monster zst package on first controler
   ansible.builtin.unarchive:
     src: "{{ global_directory_package_target }}/{{ global_package_name }}"
-    dest: "{{ global_directory_package_target }}/rancher"
-    remote_src: true
\ No newline at end of file
+    dest: "{{ global_directory_package_target }}"
+    remote_src: true

From 7a9abddf895eabcdecc66e3da7f679048512573f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 12:20:09 +0200
Subject: [PATCH 268/365] workflows stage

---
 .github/workflows/stage.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 809af47f8..112170544 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -67,7 +67,7 @@ jobs:
       - name: Build
         run: |
           cd ./test
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}" -e archive="False"
+          if [[ $BUCKET != "terraform-backend-github" ]]; then ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}" -e archive="False"; fi
 
   deploy:
     name: Deploy
@@ -235,10 +235,10 @@ jobs:
     if: always()
 
     steps:
-      - name: Delay one hour
+      - name: Delay half an hour
         uses: whatnick/wait-action@master
         with:
-          time: '3600s'
+          time: '1800s'
 
   cleanup:
     name: Cleanup
@@ -306,5 +306,5 @@ jobs:
       - name: Remove Space bucket
         run: |
           sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
-          s3cmd rb s3://${BUCKET} --recursive
+          if [[ $BUCKET != "terraform-backend-github" ]]; then s3cmd rb s3://${BUCKET} --recursive; fi
           sleep 10

From 86f095900c675e1879efbe0309d7a0937f81d8c3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 13:16:27 +0200
Subject: [PATCH 269/365] workflows stage

---
 .github/workflows/stage.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 112170544..e92ab34b4 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -10,10 +10,11 @@ env:
   AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
   REGION: ${{secrets.DIGITALOCEAN_REGION}}
   MOUNT_POINT: "/opt/rkub"
-  BUCKET: "rkub-github-action-${{ github.run_id }}" #terraform-backend-github
+  #BUCKET: "rkub-github-action-${{ github.run_id }}"
+  BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
   WORKER_COUNT: "0"
-  SIZE: "s-2vcpu-4gb"
+  SIZE: "s-4vcpu-8gb"
 
 jobs:
   bucket:
@@ -67,7 +68,9 @@ jobs:
       - name: Build
         run: |
           cd ./test
-          if [[ $BUCKET != "terraform-backend-github" ]]; then ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}" -e archive="False"; fi
+          if [[ $BUCKET != "terraform-backend-github" ]]; then \
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}" -e archive="False"; \
+          fi
 
   deploy:
     name: Deploy

From d664f62ec008ea79e8bed40abadd80b47ca926d3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 13:22:47 +0200
Subject: [PATCH 270/365] workflows stage

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index e92ab34b4..c928e35f0 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Create Space Bucket
         run: |
           sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
-          s3cmd mb s3://${BUCKET}
+          if [[ $BUCKET != "terraform-backend-github" ]]; then s3cmd mb s3://${BUCKET}; fi
           sleep 10
 
   package:

From 73d79922f4906356c0e856f5e7f87ded827b3a05 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 13:50:36 +0200
Subject: [PATCH 271/365] workflows stage

---
 roles/install_rke2_controller/tasks/install.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 6578b2509..953c6b6f9 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -111,6 +111,10 @@
         - ansible_os_family == "RedHat"
         - ansible_distribution_major_version | int >= 8
 
+    - name: Pause for 3 seconds before start service
+      ansible.builtin.pause:
+        seconds: 3
+
     # Service
     - name: Mask RKE2 agent service on the first server
       ansible.builtin.systemd:

From b93894f61a85e8937e18128c7c71978c1a8c2051 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 16:00:57 +0200
Subject: [PATCH 272/365] workflows stage

---
 .github/workflows/stage.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index c928e35f0..931a5dc69 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -190,7 +190,11 @@ jobs:
 
       - name: Test if reachable
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible all -m ping -u root -vv --private-key .key
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root -vv --private-key .key
+
+      - name: Wait for cloud-init to finish
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v --private-key .key
 
   install:
     name: Install

From 4ee2a760eefd7f4427beee2bfcbb9e440846780b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 16:29:52 +0200
Subject: [PATCH 273/365] workflows stage

---
 roles/install_rke2_controller/tasks/install.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 953c6b6f9..333b24791 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -128,6 +128,8 @@
         state: started
         enabled: true
       notify: "Service (re)started"
+      async: 600
+      poll: 60
 
     - name: Wait for k8s apiserver
       ansible.builtin.wait_for:

From 69b007b74813e971914a6c6a18b6202ba78c0dee Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 17:04:01 +0200
Subject: [PATCH 274/365] workflows stage

---
 roles/install_rke2_controller/tasks/arkade.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index d28f59f60..e717d456b 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -2,8 +2,8 @@
 # As root
 - name: Ensure that admin user can access
   ansible.builtin.file:
-    path: "{{ mount_path }}/.."
-    mode: "0755"
+    path: "{{ mount_path }}"
+    mode: "0750"
     recurse: true
   become: true
 
@@ -49,4 +49,4 @@
         path: "$HOME/.bashrc"
         block: |
           export PATH=$PATH:$HOME/.arkade/bin
-        marker: "# {mark} ANSIBLE install arkade utils"
\ No newline at end of file
+        marker: "# {mark} ANSIBLE install arkade utils"

From 980532b8e69823406e6b1df0bbd8eda4c6b668ee Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 17:23:25 +0200
Subject: [PATCH 275/365] workflows stage

---
 .github/workflows/stage.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 931a5dc69..31b6cacff 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -239,7 +239,6 @@ jobs:
     name: Delay
     runs-on: ubuntu-latest
     needs: Install
-    if: always()
 
     steps:
       - name: Delay half an hour

From 033208762e6bbcf8d6beb90c0e3655bddee6bfb3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 18:17:40 +0200
Subject: [PATCH 276/365] workflows stage

---
 roles/install_rke2_controller/tasks/arkade.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index e717d456b..44e882259 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -1,12 +1,5 @@
 ---
 # As root
-- name: Ensure that admin user can access
-  ansible.builtin.file:
-    path: "{{ mount_path }}"
-    mode: "0750"
-    recurse: true
-  become: true
-
 - name: Ensure admin user access mount_utils_path
   ansible.builtin.file:
     path: "{{ mount_utils_path }}/"

From 6e207cd5d553235dc87506e803f0ed451dd22f21 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 19:54:31 +0200
Subject: [PATCH 277/365] workflows stage

---
 .../install_rke2_controller/tasks/arkade.yml  | 34 ++++++++++---------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index 44e882259..17a367ef6 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -1,15 +1,6 @@
 ---
-# As root
-- name: Ensure admin user access mount_utils_path
-  ansible.builtin.file:
-    path: "{{ mount_utils_path }}/"
-    owner: "{{ admin_user }}"
-    group: "{{ admin_user }}"
-    recurse: true
-  become: true
-
 # As Admin User
-- name: Import arkade packages
+- name: Prepare arkade packages
   become: true
   become_user: "{{ admin_user }}"
   block:
@@ -22,6 +13,17 @@
         group: "{{ admin_user }}"
         mode: '0700'
 
+    - name: Update .bashrc
+      ansible.builtin.blockinfile:
+        path: "$HOME/.bashrc"
+        block: |
+          export PATH=$PATH:$HOME/.arkade/bin
+        marker: "# {mark} ANSIBLE install arkade utils"
+
+# As root
+- name: Import arkade packages
+  become: true
+  block:
     - name: Copy utils into .arkade/bin
       ansible.builtin.copy:
         src: "{{ mount_utils_path }}/{{ item }}"
@@ -37,9 +39,9 @@
         - kubectl
         - k9s
 
-    - name: Update .bashrc
-      ansible.builtin.blockinfile:
-        path: "$HOME/.bashrc"
-        block: |
-          export PATH=$PATH:$HOME/.arkade/bin
-        marker: "# {mark} ANSIBLE install arkade utils"
+    - name: Ensure admin user access arkade utils
+      ansible.builtin.file:
+        path: "$HOME/.arkade/bin/{{ item }}"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        recurse: true

From 8346820d0b9fbd47b839b6ff28c3f8abf568bb3c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 20:59:41 +0200
Subject: [PATCH 278/365] workflows stage

---
 .github/workflows/stage.yml                    |  1 +
 roles/install_rke2_controller/tasks/arkade.yml | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 31b6cacff..b81249695 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -239,6 +239,7 @@ jobs:
     name: Delay
     runs-on: ubuntu-latest
     needs: Install
+    #if: always()
 
     steps:
       - name: Delay half an hour
diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index 17a367ef6..8d61fdf35 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -24,10 +24,21 @@
 - name: Import arkade packages
   become: true
   block:
+    - name: Get user info
+      ansible.builtin.user:
+        name: "{{ admin_user }}"
+        state: present
+      register: user_info
+      check_mode: true
+
+    - name: Set homedir
+      ansible.builtin.set_fact:
+        homedir: user_info['home']
+
     - name: Copy utils into .arkade/bin
       ansible.builtin.copy:
         src: "{{ mount_utils_path }}/{{ item }}"
-        dest: "$HOME/.arkade/bin/{{ item }}"
+        dest: "{{ homedir }}/.arkade/bin/{{ item }}"
         force: true
         remote_src: true
         mode: '0700'
@@ -41,7 +52,7 @@
 
     - name: Ensure admin user access arkade utils
       ansible.builtin.file:
-        path: "$HOME/.arkade/bin/{{ item }}"
+        path: "{{ homedir }}/.arkade/bin/{{ item }}"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         recurse: true

From 46ff6728d7f8e727003d44cda71703250ab66804 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 21:42:31 +0200
Subject: [PATCH 279/365] workflows stage

---
 roles/install_rke2_controller/tasks/arkade.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index 8d61fdf35..5ee3ca5d5 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -33,7 +33,7 @@
 
     - name: Set homedir
       ansible.builtin.set_fact:
-        homedir: user_info['home']
+        homedir: "{{ user_info['home'] }}"
 
     - name: Copy utils into .arkade/bin
       ansible.builtin.copy:

From a36eb7ab2a86aba734177b791a76c5b5d8b5da8b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 22:00:42 +0200
Subject: [PATCH 280/365] workflows stage

---
 roles/install_rke2_controller/tasks/arkade.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
index 5ee3ca5d5..7513c9b44 100644
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ b/roles/install_rke2_controller/tasks/arkade.yml
@@ -52,7 +52,7 @@
 
     - name: Ensure admin user access arkade utils
       ansible.builtin.file:
-        path: "{{ homedir }}/.arkade/bin/{{ item }}"
+        path: "{{ homedir }}/.arkade/bin"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         recurse: true

From ef522f729dddeb7af743e935f2cce8dbf33d1191 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 22:28:18 +0200
Subject: [PATCH 281/365] workflows stage

---
 roles/install_utils_registry/defaults/main.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/install_utils_registry/defaults/main.yml b/roles/install_utils_registry/defaults/main.yml
index 52145ba8a..95c56ecad 100644
--- a/roles/install_utils_registry/defaults/main.yml
+++ b/roles/install_utils_registry/defaults/main.yml
@@ -8,5 +8,6 @@ mount_images_path: "{{ mount_path }}/images"
 mount_registry_tar: "{{ mount_path }}/images/registry/registry.tar"
 
 # General
-rke2_images_path: "/var/lib/rancher/rke2/agent/images/"
+rke2_data_path: "{{ global_rke2_data_dir }}"
+rke2_images_path: "{{ global_rke2_data_dir }}/agent/images/"
 registry_namespace: "kube-registry"

From 4b534698ccb3369d46e75578deae4ed2f5290f32 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 22:54:38 +0200
Subject: [PATCH 282/365] workflows stage

---
 .github/workflows/stage.yml | 4 ++++
 scripts/prerequis/arkade.sh | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index b81249695..c1b9e563d 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -211,6 +211,10 @@ jobs:
       - name: Checkout files
         uses: actions/checkout@v4
 
+      - name: Install requirements
+        run: |
+          make prerequis
+
       - name: Download inventory
         uses: actions/download-artifact@v4
         with:
diff --git a/scripts/prerequis/arkade.sh b/scripts/prerequis/arkade.sh
index b3a4b92ad..15e84c024 100755
--- a/scripts/prerequis/arkade.sh
+++ b/scripts/prerequis/arkade.sh
@@ -46,7 +46,7 @@ install_arkade(){
       printf "\e[1;34m[INFO]\e[m Checking for updates...\n"
       if [[ "$CURRENT_VERSION" != "$LATEST_VERSION" ]]; then
           printf "\e[1;33m[CHANGE]\e[m New version of arkade found, current: $CURRENT_VERSION. Updating...\n"
-          curl -L "${DOWNLOAD_URL}"/"${LATEST_VERSION}"/arkade --output $HOME/.arkade/new_arkade > /dev/null 2>&1:
+          curl -L "${DOWNLOAD_URL}"/"${LATEST_VERSION}"/arkade --output $HOME/.arkade/new_arkade > /dev/null 2>&1
           mv $HOME/.arkade/new_arkade $HOME/.arkade/bin/arkade
           chmod +x $HOME/.arkade/bin/arkade
           printf "\e[1;32m[OK]\e[m arkade has been updated to version $CURRENT_VERSION.\n"

From f350ecf25b54db70a551e94dcf440c5c668d385a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 23:00:48 +0200
Subject: [PATCH 283/365] workflows stage

---
 .github/workflows/stage.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index c1b9e563d..f21ee5eed 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -213,6 +213,7 @@ jobs:
 
       - name: Install requirements
         run: |
+          cd ..
           make prerequis
 
       - name: Download inventory

From ae9e6e482c036f7f2197b8535f674645046585a7 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 3 May 2024 23:27:31 +0200
Subject: [PATCH 284/365] workflows stage

---
 roles/install_utils_registry/tasks/deploy.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/install_utils_registry/tasks/deploy.yml b/roles/install_utils_registry/tasks/deploy.yml
index 68413f3cd..5488e644e 100644
--- a/roles/install_utils_registry/tasks/deploy.yml
+++ b/roles/install_utils_registry/tasks/deploy.yml
@@ -6,6 +6,7 @@
   block:
     - name: Create Namespace
       kubernetes.core.k8s:
+        kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"
         state: present
         definition:
           apiVersion: v1
@@ -17,4 +18,4 @@
       kubernetes.core.k8s:
         state: present
         template: "registry.yaml.j2"
-        kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
+        kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"

From ab4b642ffd98d8019ae460d6153d7b5131306c74 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 5 May 2024 15:52:38 +0200
Subject: [PATCH 285/365] workflows stage

---
 .github/workflows/stage.yml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index f21ee5eed..67a800bcc 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -13,7 +13,7 @@ env:
   #BUCKET: "rkub-github-action-${{ github.run_id }}"
   BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
-  WORKER_COUNT: "0"
+  WORKER_COUNT: "2"
   SIZE: "s-4vcpu-8gb"
 
 jobs:
@@ -230,10 +230,22 @@ jobs:
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
-      - name: Run playbook install
+      - name: Run playbook install.yml
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
 
+      - name: Run playbook rancher.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
+
+      - name: Run playbook longhorn.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/longhorn.yml
+
+      - name: Run playbook neuvector.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
+
       #- name: Run Python Tests
       #  run: |
       #    export DEFAULT_PRIVATE_KEY_FILE=.key

From c4a25f9782769806bcabd8db519056bd26cc4995 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 5 May 2024 16:06:23 +0200
Subject: [PATCH 286/365] workflows stage

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 062bf2047..bb087ec25 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Ansible Collection to deploy a RKE2 cluster in airgap mode with Rancher, Longhor
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
-![Ansible-lint](https://github.com/MozeBaltyk/Rkub/workflows/Build/badge.svg)
+[![Stage airgap](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage.yml/badge.svg)](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage.yml)
 
 ## Description
 

From 9e557c2602a91b02a5961e820b756cea7fa92364 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 6 May 2024 10:56:41 +0200
Subject: [PATCH 287/365] workflows stage

---
 playbooks/vars/main.yml                         | 2 +-
 roles/install_rke2_controller/tasks/install.yml | 4 ++--
 roles/install_rke2_controller/tasks/token.yml   | 6 +++---
 roles/set_nfs_mount/defaults/main.yml           | 4 ++--
 test/DO/README.md                               | 2 --
 5 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 2135b8aed..f61fcc019 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -24,7 +24,7 @@ global_package_name: "{{ package_name | default('rke2_rancher_longhorn.zst') }}"
 global_path_to_package_zst: "{{ global_directory_package_build }}/../{{ global_package_name }}"
 
 # Target
-global_directory_package_target: "{{ dir_target | default('/opt') }}"
+global_directory_package_target: "{{ dir_target | default('/opt/rkub') }}"
 global_directory_mount: "{{ dir_mount | default('/mnt/rkub') }}"
 
 # Options General
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 333b24791..4716941c4 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -149,6 +149,6 @@
         path: ~/.bashrc
         block: |
             export KUBECONFIG={{ rke2_kubeconfig_file }}
-            export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
-            PATH=$PATH:/var/lib/rancher/rke2/bin
+            export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
+            PATH=$PATH:{{ rke2_data_dir }}/bin
         marker: "# {mark} ANSIBLE install_rke2_controler"
diff --git a/roles/install_rke2_controller/tasks/token.yml b/roles/install_rke2_controller/tasks/token.yml
index f2a614581..ced35ea11 100644
--- a/roles/install_rke2_controller/tasks/token.yml
+++ b/roles/install_rke2_controller/tasks/token.yml
@@ -5,11 +5,11 @@
   block:
     - name: Wait for node-token
       ansible.builtin.wait_for:
-        path: /var/lib/rancher/rke2/server/node-token
+        path: "{{ rke2_data_dir }}/server/node-token"
 
     - name: Read node-token from master
       ansible.builtin.slurp:
-        src: /var/lib/rancher/rke2/server/node-token
+        src: "{{ rke2_data_dir }}/server/node-token"
       register: node_token
 
     - name: Store Master node-token
@@ -21,4 +21,4 @@
         content: "{{ rke2_config_token }}"
         dest: "{{ mount_path }}/token"
         follow: true
-        mode: "0640"
\ No newline at end of file
+        mode: "0640"
diff --git a/roles/set_nfs_mount/defaults/main.yml b/roles/set_nfs_mount/defaults/main.yml
index 6e4fbdbd3..f50ef7e78 100644
--- a/roles/set_nfs_mount/defaults/main.yml
+++ b/roles/set_nfs_mount/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
 # defaults file for mount_nfs
 master: "{{ global_master_ip }}"
-export_nfs_path: "{{ global_directory_package_target }}/rancher"
-nfs_mount_path: "{{ global_directory_mount }}"
\ No newline at end of file
+export_nfs_path: "{{ global_directory_package_target }}"
+nfs_mount_path: "{{ global_directory_mount }}"
diff --git a/test/DO/README.md b/test/DO/README.md
index d3a8a0c21..decb25b5e 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -39,8 +39,6 @@ terraform plan -out=terraform.tfplan \
 -var "spaces_access_key_secret=${AWS_SECRET_ACCESS_KEY}"
 ```
 
-
-
 ## Create an infra
 
 ```bash

From 20dfe614f681fdf552679caf78498c117d2ef8f5 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 6 May 2024 11:01:44 +0200
Subject: [PATCH 288/365] workflows stage

---
 roles/install_utils_registry/tasks/load.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index a2a0f57e6..4ba924a2a 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -10,16 +10,16 @@
     timeout: 600
 
 # kube-vip
-- name: Find kube-vip images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/kubevip/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy kube-vip images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/kube-vip/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
+#- name: Find kube-vip images on the target server
+#  ansible.builtin.find:
+#    paths: "{{ mount_images_path }}/kubevip/"
+#    patterns: "*.tar"
+#  register: found_images
+#
+#- name: Copy kube-vip images with skopeo
+#  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/kube-vip/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+#  changed_when: false
+#  with_items: "{{ found_images['files'] }}"
 
 # Longhorn
 - name: Find longhorn images on the target server

From 3b4ac23af3fe7a8c40645017d481b0bd4a162073 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 6 May 2024 13:48:24 +0200
Subject: [PATCH 289/365] workflows stage

---
 .github/workflows/stage.yml | 2 +-
 README.md                   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 67a800bcc..b53dd49a7 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -256,7 +256,7 @@ jobs:
     name: Delay
     runs-on: ubuntu-latest
     needs: Install
-    #if: always()
+    if: always()
 
     steps:
       - name: Delay half an hour
diff --git a/README.md b/README.md
index bb087ec25..891f96c2d 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ ansible-playbook playbooks/tasks/build.yml         # All arguments below are not
 ```sh
 ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not mandatory
 -e package_path=/home/me/rke2_rancher_longhorn.zst # Will be prompt if not given in the command
--e dir_target=/opt                                 # Directory where to sync and unarchive (by default /opt, count 50G available)
+-e dir_target=/opt/rkub                            # Directory where to sync and unarchive (by default /opt/rkub, count 50G available)
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
@@ -97,7 +97,7 @@ ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not
 
 ```sh
 ansible-playbook playbooks/tasks/install.yml       # All arguments below are not mandatory
--e dir_target=/opt                                 # Dir on first master where to find package unarchive by previous task (by default /opt, count 50G available)
+-e dir_target=/opt/rkub                            # Dir on first master where to find package unarchive by previous task (by default /opt/rkub, count 50G available)
 -e dir_mount=/mnt/rkub                             # NFS mount point (on first master, it will be a symlink to "dir_target")
 -e domain="example.com"                            # By default take the host domain from master server
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)

From c17ff14b2446c9e3a1ed1c12895bb5d2ec4bdcb0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 6 May 2024 15:20:10 +0200
Subject: [PATCH 290/365] workflows stage

---
 roles/install_rke2_controller/tasks/install.yml | 4 ++--
 roles/install_utils_registry/tasks/load.yml     | 2 ++
 roles/set_nfs_export/tasks/install.yml          | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index 4716941c4..d04b16d1c 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -24,8 +24,8 @@
         mode: '0750'
       with_items:
         - /etc/rancher/rke2/
-        - /var/lib/rancher/rke2/server/manifests/
-        - /var/lib/rancher/rke2/agent/images
+        - "{{ rke2_data_dir }}/server/manifests/"
+        - "{{ rke2_data_dir }}/agent/images"
 
     - name: Configure RKE2 config.yaml
       ansible.builtin.template:
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index 4ba924a2a..2b922f790 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -82,6 +82,8 @@
     executable: /bin/bash
   register: docker
   changed_when: false
+  become: true
+  become_user: "{{ admin_user }}"
 
 - name: Display Output
   ansible.builtin.debug:
diff --git a/roles/set_nfs_export/tasks/install.yml b/roles/set_nfs_export/tasks/install.yml
index 1eb24ef21..87269fde3 100644
--- a/roles/set_nfs_export/tasks/install.yml
+++ b/roles/set_nfs_export/tasks/install.yml
@@ -16,7 +16,7 @@
     - name: Share out directory via NFS
       ansible.builtin.lineinfile:
         path: /etc/exports
-        line: "{{ export_nfs_path }} *(ro,fsid=1,sync,no_root_squash,no_all_squash)"
+        line: "{{ export_nfs_path }} *(rw,fsid=1,sync,no_root_squash,no_all_squash)"
       notify: Restart_NFS_Server
 
     - name: Enable and start NFS server service

From a7d3b48c0341607cc750eca6869c8f190004beea Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 6 May 2024 16:33:53 +0200
Subject: [PATCH 291/365] workflows stage

---
 .github/workflows/stage.yml                   | 18 ++---
 .../tasks/load-kubevip.yml                    | 12 +++
 .../tasks/load-longhorn.yml                   | 12 +++
 .../tasks/load-neuvector.yml                  | 12 +++
 .../tasks/load-rancher.yml                    | 24 ++++++
 roles/install_utils_registry/tasks/load.yml   | 80 -------------------
 roles/install_utils_registry/tasks/main.yml   |  4 +
 roles/install_utils_registry/tasks/post.yml   | 21 +++++
 roles/install_utils_registry/tasks/push.yml   |  4 +-
 9 files changed, 97 insertions(+), 90 deletions(-)
 create mode 100644 roles/install_utils_registry/tasks/load-kubevip.yml
 create mode 100644 roles/install_utils_registry/tasks/load-longhorn.yml
 create mode 100644 roles/install_utils_registry/tasks/load-neuvector.yml
 create mode 100644 roles/install_utils_registry/tasks/load-rancher.yml
 create mode 100644 roles/install_utils_registry/tasks/post.yml

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index b53dd49a7..15492993b 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -234,17 +234,17 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
 
-      - name: Run playbook rancher.yml
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
+      #- name: Run playbook rancher.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
 
-      - name: Run playbook longhorn.yml
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/longhorn.yml
+      #- name: Run playbook longhorn.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/longhorn.yml
 
-      - name: Run playbook neuvector.yml
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
+      #- name: Run playbook neuvector.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
 
       #- name: Run Python Tests
       #  run: |
diff --git a/roles/install_utils_registry/tasks/load-kubevip.yml b/roles/install_utils_registry/tasks/load-kubevip.yml
new file mode 100644
index 000000000..bc8687f98
--- /dev/null
+++ b/roles/install_utils_registry/tasks/load-kubevip.yml
@@ -0,0 +1,12 @@
+---
+# Load kube-vip
+- name: Find kube-vip images on the target server
+  ansible.builtin.find:
+    paths: "{{ mount_images_path }}/kubevip/"
+    patterns: "*.tar"
+  register: found_images
+
+- name: Copy kube-vip images with skopeo
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/kube-vip/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
+  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load-longhorn.yml b/roles/install_utils_registry/tasks/load-longhorn.yml
new file mode 100644
index 000000000..87a4e2b14
--- /dev/null
+++ b/roles/install_utils_registry/tasks/load-longhorn.yml
@@ -0,0 +1,12 @@
+---
+# Load Longhorn
+- name: Find longhorn images on the target server
+  ansible.builtin.find:
+    paths: "{{ mount_images_path }}/longhorn/"
+    patterns: "*.tar"
+  register: found_images
+
+- name: Copy longhorn images with skopeo
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
+  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load-neuvector.yml b/roles/install_utils_registry/tasks/load-neuvector.yml
new file mode 100644
index 000000000..ce567937e
--- /dev/null
+++ b/roles/install_utils_registry/tasks/load-neuvector.yml
@@ -0,0 +1,12 @@
+---
+# Load Neuvector
+- name: Find Neuvector images on the target server
+  ansible.builtin.find:
+    paths: "{{ mount_images_path }}/neuvector/"
+    patterns: "*.tar"
+  register: found_images
+
+- name: Copy Neuvector images with skopeo
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
+  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load-rancher.yml b/roles/install_utils_registry/tasks/load-rancher.yml
new file mode 100644
index 000000000..e88ea2974
--- /dev/null
+++ b/roles/install_utils_registry/tasks/load-rancher.yml
@@ -0,0 +1,24 @@
+---
+# Load Cert
+- name: Find Cert-manager images on the target server
+  ansible.builtin.find:
+    paths: "{{ mount_images_path }}/cert/"
+    patterns: "*.tar"
+  register: found_images
+
+- name: Copy Cert-manager images with skopeo
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
+  with_items: "{{ found_images['files'] }}"
+
+# Load Rancher
+- name: Find Rancher images on the target server
+  ansible.builtin.find:
+    paths: "{{ mount_images_path }}/rancher/"
+    patterns: "*.tar"
+  register: found_images
+
+- name: Copy Rancher images with skopeo
+  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
+  changed_when: false
+  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/load.yml
index 2b922f790..14189ff47 100644
--- a/roles/install_utils_registry/tasks/load.yml
+++ b/roles/install_utils_registry/tasks/load.yml
@@ -8,83 +8,3 @@
     port: "5000"
     state: present
     timeout: 600
-
-# kube-vip
-#- name: Find kube-vip images on the target server
-#  ansible.builtin.find:
-#    paths: "{{ mount_images_path }}/kubevip/"
-#    patterns: "*.tar"
-#  register: found_images
-#
-#- name: Copy kube-vip images with skopeo
-#  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/kube-vip/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-#  changed_when: false
-#  with_items: "{{ found_images['files'] }}"
-
-# Longhorn
-- name: Find longhorn images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/longhorn/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy longhorn images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
-
-# Cert
-- name: Find Cert-manager images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/cert/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy Cert-manager images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
-
-# Neuvector
-- name: Find Neuvector images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/neuvector/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy Neuvector images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
-
-# Rancher
-- name: Find Rancher images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/rancher/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy Rancher images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
-
-# Result
-- name: List docker registry
-  ansible.builtin.shell:
-    cmd: |
-      set -o pipefail &&
-      for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
-        for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
-          echo ${i}:${tag};
-        done;
-      done
-    executable: /bin/bash
-  register: docker
-  changed_when: false
-  become: true
-  become_user: "{{ admin_user }}"
-
-- name: Display Output
-  ansible.builtin.debug:
-    var: docker['stdout_lines']
diff --git a/roles/install_utils_registry/tasks/main.yml b/roles/install_utils_registry/tasks/main.yml
index 562022c12..bed151713 100644
--- a/roles/install_utils_registry/tasks/main.yml
+++ b/roles/install_utils_registry/tasks/main.yml
@@ -17,3 +17,7 @@
 - name: Load images in local registry
   ansible.builtin.import_tasks: load.yml
   when: caller_role_name == "controller"
+
+- name: List images imported in registry
+  ansible.builtin.import_tasks: post.yml
+  when: caller_role_name == "controller"
diff --git a/roles/install_utils_registry/tasks/post.yml b/roles/install_utils_registry/tasks/post.yml
new file mode 100644
index 000000000..0515d437f
--- /dev/null
+++ b/roles/install_utils_registry/tasks/post.yml
@@ -0,0 +1,21 @@
+---
+
+# Result
+- name: List docker registry
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail &&
+      for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
+        for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
+          echo ${i}:${tag};
+        done;
+      done
+    executable: /bin/bash
+  register: docker
+  changed_when: false
+  become: true
+  become_user: "{{ admin_user }}"
+
+- name: Display Output
+  ansible.builtin.debug:
+    var: docker['stdout_lines']
diff --git a/roles/install_utils_registry/tasks/push.yml b/roles/install_utils_registry/tasks/push.yml
index 89b63c0a4..1f42918fa 100644
--- a/roles/install_utils_registry/tasks/push.yml
+++ b/roles/install_utils_registry/tasks/push.yml
@@ -5,6 +5,7 @@
     dest: "{{ rke2_images_path }}"
     remote_src: true
     mode: "0750"
+    follow: true
   notify: Restart rke2-server
   when:  caller_role_name == "controller"
 
@@ -14,5 +15,6 @@
     dest: "{{ rke2_images_path }}"
     remote_src: true
     mode: "0750"
+    follow: true
   notify: Restart rke2-agent
-  when: caller_role_name == "worker"
\ No newline at end of file
+  when: caller_role_name == "worker"

From 6eca5ffe2cb13ebe3cc3197980909f3020a9260b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 13 May 2024 09:27:02 +0200
Subject: [PATCH 292/365] adding hauler store

---
 meta/ee-bindeps.txt                           |   6 +-
 playbooks/vars/main.yml                       |  24 +++-
 roles/build_airgap_hauler/README.md           |  72 +++++++++++
 roles/build_airgap_hauler/defaults/main.yml   |  12 ++
 roles/build_airgap_hauler/handlers/main.yml   |   2 +
 roles/build_airgap_hauler/meta/main.yml       |  54 ++++++++
 roles/build_airgap_hauler/tasks/hauler.yml    |  14 +++
 roles/build_airgap_hauler/tasks/kubevip.yml   |   0
 roles/build_airgap_hauler/tasks/longhorn.yml  |   5 +
 roles/build_airgap_hauler/tasks/main.yml      |  27 ++++
 roles/build_airgap_hauler/tasks/neuvector.yml |  20 +++
 roles/build_airgap_hauler/tasks/prerequis.yml |  50 ++++++++
 roles/build_airgap_hauler/tasks/rancher.yml   |  61 +++++++++
 roles/build_airgap_hauler/tasks/rke2.yml      |  12 ++
 .../templates/airgap_hauler.yaml.j2           |  49 ++++++++
 roles/build_airgap_hauler/tests/inventory     |   1 +
 roles/build_airgap_hauler/tests/test.yml      |   6 +
 roles/build_airgap_hauler/vars/main.yml       |   2 +
 roles/deploy_hauler/README.md                 |  72 +++++++++++
 roles/deploy_hauler/defaults/main.yml         |   2 +
 roles/deploy_hauler/handlers/main.yml         |   2 +
 roles/deploy_hauler/meta/main.yml             |  54 ++++++++
 roles/deploy_hauler/tasks/main.yml            |   2 +
 roles/deploy_hauler/tests/inventory           |   1 +
 roles/deploy_hauler/tests/test.yml            |   6 +
 roles/deploy_hauler/vars/main.yml             |   2 +
 roles/install_utils_registry/tasks/main.yml   |   4 +-
 roles/install_utils_registry/tasks/post.yml   |   1 +
 .../tasks/{load.yml => wait.yml}              |   0
 roles/set_versions/README.md                  |  72 +++++++++++
 roles/set_versions/defaults/main.yml          |   7 ++
 roles/set_versions/meta/main.yml              |  54 ++++++++
 roles/set_versions/tasks/defined_versions.yml |  21 ++++
 roles/set_versions/tasks/main.yml             |  12 ++
 roles/set_versions/tasks/rhel_version.yml     |  26 ++++
 roles/set_versions/tasks/stable_channels.yml  | 117 ++++++++++++++++++
 roles/set_versions/tests/inventory            |   1 +
 roles/set_versions/tests/test.yml             |   6 +
 test/playbooks/set.yml                        |   9 ++
 39 files changed, 880 insertions(+), 8 deletions(-)
 create mode 100644 roles/build_airgap_hauler/README.md
 create mode 100644 roles/build_airgap_hauler/defaults/main.yml
 create mode 100644 roles/build_airgap_hauler/handlers/main.yml
 create mode 100644 roles/build_airgap_hauler/meta/main.yml
 create mode 100644 roles/build_airgap_hauler/tasks/hauler.yml
 create mode 100644 roles/build_airgap_hauler/tasks/kubevip.yml
 create mode 100644 roles/build_airgap_hauler/tasks/longhorn.yml
 create mode 100644 roles/build_airgap_hauler/tasks/main.yml
 create mode 100644 roles/build_airgap_hauler/tasks/neuvector.yml
 create mode 100644 roles/build_airgap_hauler/tasks/prerequis.yml
 create mode 100644 roles/build_airgap_hauler/tasks/rancher.yml
 create mode 100644 roles/build_airgap_hauler/tasks/rke2.yml
 create mode 100644 roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
 create mode 100644 roles/build_airgap_hauler/tests/inventory
 create mode 100644 roles/build_airgap_hauler/tests/test.yml
 create mode 100644 roles/build_airgap_hauler/vars/main.yml
 create mode 100644 roles/deploy_hauler/README.md
 create mode 100644 roles/deploy_hauler/defaults/main.yml
 create mode 100644 roles/deploy_hauler/handlers/main.yml
 create mode 100644 roles/deploy_hauler/meta/main.yml
 create mode 100644 roles/deploy_hauler/tasks/main.yml
 create mode 100644 roles/deploy_hauler/tests/inventory
 create mode 100644 roles/deploy_hauler/tests/test.yml
 create mode 100644 roles/deploy_hauler/vars/main.yml
 rename roles/install_utils_registry/tasks/{load.yml => wait.yml} (100%)
 create mode 100644 roles/set_versions/README.md
 create mode 100644 roles/set_versions/defaults/main.yml
 create mode 100644 roles/set_versions/meta/main.yml
 create mode 100644 roles/set_versions/tasks/defined_versions.yml
 create mode 100644 roles/set_versions/tasks/main.yml
 create mode 100644 roles/set_versions/tasks/rhel_version.yml
 create mode 100644 roles/set_versions/tasks/stable_channels.yml
 create mode 100644 roles/set_versions/tests/inventory
 create mode 100644 roles/set_versions/tests/test.yml
 create mode 100644 test/playbooks/set.yml

diff --git a/meta/ee-bindeps.txt b/meta/ee-bindeps.txt
index 3bed7e846..0071d0def 100644
--- a/meta/ee-bindeps.txt
+++ b/meta/ee-bindeps.txt
@@ -9,4 +9,8 @@ openssl [platform:dpkg]
 sshpass [platform:rpm]
 sshpass [platform:dpkg]
 rsync [platform:rpm]
-rsync [platform:dpkg]
\ No newline at end of file
+rsync [platform:dpkg]
+zstd [platform:rpm]
+zstd [platform:dpkg]
+jq [platform:rpm]
+jq [platform:dpkg]
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index f61fcc019..33fcd4577 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -8,11 +8,25 @@ global_RANCHER_VERSION: "2.8.1"
 global_LONGHORN_VERSION: "1.6.0"
 global_NEU_VERSION: "2.7.2"
 
-# extras RPM
-global_rke2_common_repo_version: "v{{ rke2_version }}%2Brke2r1"           #.stable.0
-global_rke2_common_rpm_version: "rke2-common-{{ rke2_version }}.rke2r1-0" #.el{{ ansible_distribution_major_version }}.x86_64.rpm
-global_rke2_selinux_repo_version: "v0.17.stable.1"
-global_rke2_selinux_rpm_version: "rke2-selinux-0.17-1"                    #.el{{ ansible_distribution_major_version }}.noarch.rpm
+# Not used yet
+global_stable_channel: "{{ stable | default('false') }}"
+global_all_wanted: "{{ all | default('false') }}"
+global_extras_components:
+  kubevip: "{{ kubevip | default(global_all_wanted) }}"
+  rancher: "{{ rancher | default(global_all_wanted) }}"
+  longhorn: "{{ longhorn | default(global_all_wanted) }}"
+  neuvector: "{{ neuvector | default(global_all_wanted) }}"
+
+global_versions:
+  rke2: "1.27.12"
+  kubevip: "0.8.0"
+  cert_manager: "1.14.1"
+  rancher: "2.8.1"
+  longhorn: "1.6.0"
+  neuvector: "2.7.2"
+  helm: "3.14.0"
+
+global_rhel_version: "{{ el }}"
 
 # General
 global_install_user: "{{ install_user | default('kuberoot') }}"
diff --git a/roles/build_airgap_hauler/README.md b/roles/build_airgap_hauler/README.md
new file mode 100644
index 000000000..99e6e69c4
--- /dev/null
+++ b/roles/build_airgap_hauler/README.md
@@ -0,0 +1,72 @@
+Role Name
+=========
+
+Role to build an airgap package with Hauler.
+
+Requirements
+------------
+
+*Example below show that the roles have two flavors and different requirements in functions of what you want*
+
+if idm set to true:
+- Access to a IDM server if you want to create users account.
+- Credentials access to connect to IDM
+
+if idm set to false:
+- create local account on Linux servers
+
+Role Variables
+--------------
+
+| **VarName**        | **Type** | **Content**               | **Mandatory** |
+|--------------------|----------|---------------------------|:-------------:|
+| idm                | boolean  | true / false              | x             |
+| svc_account        | string   | Service Account           | x             |
+| svc_account_passwd | string   | pwd (can be omited)       |               |
+| svc_group          | string   | Group                     |               |
+| svc_owner          | string   | Owner of the account      | if idm true   |
+| list_svc_account   | list     | Users which goes in group | if idm true   |
+| idm_server         | string   | Service Account PWD       | if idm true   |
+| idm_pwd            | string   | sudo group                | if idm true   |
+
+**Mandatory** is the minimum variables that need to be set to make the role work
+*the variables not mandatory either have a default value defined or can be omited*
+
+Dependencies
+------------
+
+Dependencies with some others roles (if there is some).
+
+Example Playbook
+----------------
+Give some example about how to use or implement your Roles
+
+
+```yml
+- name: Trigger Role Example in a Playbooks
+  hosts: RANDOM_GROUP_DEFINED_IN_YOUR_INVENTORY
+  remote_user: ansible
+  become: true
+
+  roles:
+  - { role: 'example',   tags: 'example'  }
+```
+
+```yml
+# Example for one user
+- import_role:
+    name: "example"
+  vars:
+    svc_account:         "{{ tomcat_svc_account }}"
+    svc_group:           "{{ tomcat_svc_group   }}"
+```
+
+License
+-------
+
+Apache-2.0
+
+Author Information
+------------------
+
+morze.baltyk@proton.me
diff --git a/roles/build_airgap_hauler/defaults/main.yml b/roles/build_airgap_hauler/defaults/main.yml
new file mode 100644
index 000000000..ddc29936d
--- /dev/null
+++ b/roles/build_airgap_hauler/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+# defaults file for build_airgap_hauler
+directory_package: "{{ global_directory_package_build }}"
+tar_zst_name: "{{ global_package_name }}"
+path_to_package_zst: "{{ global_path_to_package_zst }}"
+archive_wanted: "{{ global_archive_tar_zst_bool }}"
+
+# Components wanted
+#kubevip_wanted: "{{ global_extras_components['kubevip'] | bool }}"
+#longhorn_wanted: "{{ global_extras_components['longhorn'] | bool }}"
+#rancher_wanted: "{{ global_extras_components['rancher'] | bool }}"
+#neuvector_wanted: "{{ global_extras_components['neuvector'] | bool }}"
diff --git a/roles/build_airgap_hauler/handlers/main.yml b/roles/build_airgap_hauler/handlers/main.yml
new file mode 100644
index 000000000..24126db2c
--- /dev/null
+++ b/roles/build_airgap_hauler/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for build_airgap_hauler
diff --git a/roles/build_airgap_hauler/meta/main.yml b/roles/build_airgap_hauler/meta/main.yml
new file mode 100644
index 000000000..880eeef3f
--- /dev/null
+++ b/roles/build_airgap_hauler/meta/main.yml
@@ -0,0 +1,54 @@
+---
+galaxy_info:
+  standalone: false # Part of a collection
+  author: morze.baltyk@proton.me
+  description: Role to build an airgap package with Hauler.
+  company: Opensource
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: Apache-2.0
+
+  min_ansible_version: "2.15.0"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
new file mode 100644
index 000000000..ec41a63f3
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -0,0 +1,14 @@
+---
+# append list
+- name: Append lists together
+  ansible.builtin.set_fact:
+    list_images: "{{ list_images_rke2 + list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) }}"
+
+# install
+- name: Install Hauler if not present
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      command -v hauler || curl -sfL https://get.hauler.dev | bash
+    executable: /bin/bash
+  changed_when: false
diff --git a/roles/build_airgap_hauler/tasks/kubevip.yml b/roles/build_airgap_hauler/tasks/kubevip.yml
new file mode 100644
index 000000000..e69de29bb
diff --git a/roles/build_airgap_hauler/tasks/longhorn.yml b/roles/build_airgap_hauler/tasks/longhorn.yml
new file mode 100644
index 000000000..e363a7389
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/longhorn.yml
@@ -0,0 +1,5 @@
+---
+#  for i in $(curl -sL https://github.com/longhorn/longhorn/releases/download/$LONGHORN_VERSION/longhorn-images.txt); do echo "    - name: "$i >> airgap_hauler.yaml; done
+- name: Add longhorn images to list_images variable
+  ansible.builtin.set_fact:
+    list_images_longhorn: "{{ lookup('ansible.builtin.url', 'https://raw.githubusercontent.com/longhorn/longhorn/{{ longhorn_version }}/deploy/longhorn-images.txt', wantlist=True) }}"
diff --git a/roles/build_airgap_hauler/tasks/main.yml b/roles/build_airgap_hauler/tasks/main.yml
new file mode 100644
index 000000000..aa9378a44
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+# tasks file for build_airgap_hauler
+- name: First set variables
+  ansible.builtin.import_role:
+    name: set_versions
+    tasks_from: main
+
+- name: Prerequisites
+  ansible.builtin.import_tasks: prerequis.yml
+
+- name: Get list images RKE2
+  ansible.builtin.import_tasks: rke2.yml
+
+- name: Get list images Longhorn
+  ansible.builtin.import_tasks: longhorn.yml
+  when: longhorn_wanted
+
+- name: Get list images Rancher
+  ansible.builtin.import_tasks: rancher.yml
+  when: rancher_wanted
+
+- name: Get list images Neuvector
+  ansible.builtin.import_tasks: neuvector.yml
+  when: neuvector_wanted
+
+- name: Hauler install and store
+  ansible.builtin.import_tasks: hauler.yml
diff --git a/roles/build_airgap_hauler/tasks/neuvector.yml b/roles/build_airgap_hauler/tasks/neuvector.yml
new file mode 100644
index 000000000..78e98d98d
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/neuvector.yml
@@ -0,0 +1,20 @@
+---
+#  for i in $(helm template neuvector/core --version $NEU_VERSION | awk '$1 ~ /image:/ {print $2}' | sed -e 's/\"//g'); do echo "    - name: "$i >> airgap_hauler.yaml; done
+- name: Add neuvector chart repo
+  kubernetes.core.helm_repository:
+    name: neuvector
+    repo_url: "https://neuvector.github.io/neuvector-helm/"
+    force_update: true
+
+- name: Neuvector List - helm template
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      helm template neuvector/core --version {{ neuvector_version }} | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g
+    executable: /bin/bash
+  changed_when: false
+  register: neuvector_images
+
+- name: Create a list from output
+  ansible.builtin.set_fact:
+    list_images_neuvector: "{{ neuvector['stdout'].splitlines() }}"
diff --git a/roles/build_airgap_hauler/tasks/prerequis.yml b/roles/build_airgap_hauler/tasks/prerequis.yml
new file mode 100644
index 000000000..a0edcba40
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/prerequis.yml
@@ -0,0 +1,50 @@
+---
+# NB: Collection's Prerequisites are defined in ./meta but I put some here to make the playbook works on a target server and not only localhost.
+- name: Gather facts
+  ansible.builtin.setup:
+    gather_subset:
+      - "distribution"
+      - "distribution_major_version"
+      - "!min"
+  when: >
+    ansible_os_family is not defined
+
+# for RHEL-like
+- name: Install zstd and skopeo
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - zstd
+    - jq
+  when:
+    - ansible_os_family == "RedHat"
+  become: true
+
+# for Debian-like
+- name: Install zstd and skopeo
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - zstd
+    - jq
+  when:
+    - ansible_os_family == "Debian"
+  become: true
+
+# check command and install if not present
+- name: Install Helm 3 if not present
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      command -v helm || curl -s https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+    executable: /bin/bash
+  changed_when: false
+
+# Dir
+- name: Ensure package directory exists
+  ansible.builtin.file:
+    path: "{{ directory_package }}"
+    state: directory
+    recurse: true
diff --git a/roles/build_airgap_hauler/tasks/rancher.yml b/roles/build_airgap_hauler/tasks/rancher.yml
new file mode 100644
index 000000000..c3b1a2e54
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/rancher.yml
@@ -0,0 +1,61 @@
+---
+# for i in $(helm template jetstack/cert-manager --version $CERT_VERSION | awk '$1 ~ /image:/ {print $2}' | sed 's/\"//g'); do echo "    - name: "$i >> airgap_hauler.yaml; done
+- name: Add jetstack helm repo
+  kubernetes.core.helm_repository:
+    name: jetstack
+    repo_url: "https://charts.jetstack.io"
+    force_update: true
+
+- name: Cert-manager List - helm template
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      helm template jetstack/cert-manager --version {{ cert_manager_version }} | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g
+    executable: /bin/bash
+  changed_when: false
+  register: certmanager_images
+
+- name: Create a list from output
+  ansible.builtin.set_fact:
+    list_images_certmanager: "{{ certmanager_images['stdout'].splitlines() }}"
+
+# Rancher
+- name: Add Rancher helm repo
+  kubernetes.core.helm_repository:
+    name: rancher-latest
+    repo_url: "https://releases.rancher.com/server-charts/latest"
+    force_update: true
+
+- name: Get Rancher images from URL
+  ansible.builtin.uri:
+    url: "https://github.com/rancher/rancher/releases/download/{{ rancher_version }}/rancher-images.txt"
+    method: GET
+    return_content: true
+  register: rancher_images
+
+- name: Create a list and Exclude images not needed for Rancher
+  ansible.builtin.set_fact:
+    list_images_rancher: "{{ rancher_images['content'].splitlines() | select('match', '^(?!.*(neuvector|minio|gke|aks|eks|sriov|harvester|mirrored|longhorn|thanos|tekton|istio|hyper|jenkins|windows)).*$') }}"
+
+- name: Add back needed images to list_images_rancher variable
+  ansible.builtin.set_fact:
+    list_images_rancher: "{{ list_images_rancher + rancher_images['content'].splitlines() | select('match', '^(.*(cluster-api|kubectl)).*$') }}"
+
+- name: Keep only the latest version of each image
+  ansible.builtin.set_fact:
+    latest_images: "{{ latest_images | default({}) | combine({item.split(':')[0]: item.split(':')[1]}) }}"
+  loop: "{{ list_images_rancher }}"
+  when: item.split(':')[0] not in latest_images or item.split(':')[1] is ansible.builtin.version(latest_images[item.split(':')[0]], '>')
+  vars:
+    latest_images: {}
+
+- name: Convert dictionary to list of "name:version" strings
+  ansible.builtin.set_fact:
+    list_images_rancher_latest: "{{ list_images_rancher_latest | default([]) + [item.key + ':' + item.value] }}"
+  loop: "{{ latest_images | dict2items }}"
+  vars:
+    list_images_rancher_latest: []
+
+- name: Kubectl fix
+  ansible.builtin.set_fact:
+    list_images_rancher_latest: "{{ list_images_rancher_latest | default([]) + ['rancher/kubectl:v1.20.2'] }}"
diff --git a/roles/build_airgap_hauler/tasks/rke2.yml b/roles/build_airgap_hauler/tasks/rke2.yml
new file mode 100644
index 000000000..70742db13
--- /dev/null
+++ b/roles/build_airgap_hauler/tasks/rke2.yml
@@ -0,0 +1,12 @@
+---
+# for i in $(curl -sL https://github.com/rancher/rke2/releases/download/v$RKE_VERSION%2Brke2r1/rke2-images-all.linux-amd64.txt|grep -v "sriov\|cilium\|vsphere"); do echo "    - name: "$i >> airgap_hauler.yaml ; done
+- name: Get rke2 images from URL
+  ansible.builtin.uri:
+    url: "https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2-images-all.linux-amd64.txt"
+    method: GET
+    return_content: true
+  register: rke2_images
+
+- name: Add rke2 images to list_images variable
+  ansible.builtin.set_fact:
+    list_images_rke2: "{{ rke2_images['content'].splitlines() | select('match', '^(?!.*(sriov|cilium|vsphere)).*$') }}"
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
new file mode 100644
index 000000000..22ed34ab0
--- /dev/null
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -0,0 +1,49 @@
+apiVersion: content.hauler.cattle.io/v1alpha1
+kind: Images
+metadata:
+  name: rancher-images
+  annotations:
+    hauler.dev/platform: linux/amd64
+spec:
+  images:
+{% for item in list_images %}
+    - name: {{ item }}
+{% endfor %}
+---
+apiVersion: content.hauler.cattle.io/v1alpha1
+kind: Charts
+metadata:
+  name: rancher-charts
+spec:
+  charts:
+{% if rancher_wanted %}
+    - name: rancher
+      repoURL: https://releases.rancher.com/server-charts/latest
+      version: {{ rancher_version }}
+    - name: cert-manager
+      repoURL: https://charts.jetstack.io
+      version: {{ cert_manager_version }}
+{% endif %}
+{% if longhorn_wanted %}
+    - name: longhorn
+      repoURL: https://charts.longhorn.io
+      version: {{ longhorn_version }}
+{% endif %}
+{% if neuvector_wanted %}
+    - name: core
+      repoURL: https://neuvector.github.io/neuvector-helm/
+      version: {{ neuvector_version }}
+{% endif %}
+---
+apiVersion: content.hauler.cattle.io/v1alpha1
+kind: Files
+metadata:
+  name: rancher-files
+spec:
+  files:
+    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-common-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.{{ rhel_version }}.noarch.rpm
+    - path: https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz
+    - path: https://raw.githubusercontent.com/clemenko/rke_airgap_install/main/hauler_all_the_things.sh
diff --git a/roles/build_airgap_hauler/tests/inventory b/roles/build_airgap_hauler/tests/inventory
new file mode 100644
index 000000000..2fbb50c4a
--- /dev/null
+++ b/roles/build_airgap_hauler/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/roles/build_airgap_hauler/tests/test.yml b/roles/build_airgap_hauler/tests/test.yml
new file mode 100644
index 000000000..05b80154a
--- /dev/null
+++ b/roles/build_airgap_hauler/tests/test.yml
@@ -0,0 +1,6 @@
+---
+- name: Test
+  hosts: localhost
+  remote_user: root
+  roles:
+    - build_airgap_hauler
diff --git a/roles/build_airgap_hauler/vars/main.yml b/roles/build_airgap_hauler/vars/main.yml
new file mode 100644
index 000000000..d0138c751
--- /dev/null
+++ b/roles/build_airgap_hauler/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for build_airgap_hauler
diff --git a/roles/deploy_hauler/README.md b/roles/deploy_hauler/README.md
new file mode 100644
index 000000000..66f5ac399
--- /dev/null
+++ b/roles/deploy_hauler/README.md
@@ -0,0 +1,72 @@
+Role Name
+=========
+
+Role to deploy hauler on first controller.
+
+Requirements
+------------
+
+*Example below show that the roles have two flavors and different requirements in functions of what you want*
+
+if idm set to true:
+- Access to a IDM server if you want to create users account.
+- Credentials access to connect to IDM
+
+if idm set to false:
+- create local account on Linux servers
+
+Role Variables
+--------------
+
+| **VarName**        | **Type** | **Content**               | **Mandatory** |
+|--------------------|----------|---------------------------|:-------------:|
+| idm                | boolean  | true / false              | x             |
+| svc_account        | string   | Service Account           | x             |
+| svc_account_passwd | string   | pwd (can be omited)       |               |
+| svc_group          | string   | Group                     |               |
+| svc_owner          | string   | Owner of the account      | if idm true   |
+| list_svc_account   | list     | Users which goes in group | if idm true   |
+| idm_server         | string   | Service Account PWD       | if idm true   |
+| idm_pwd            | string   | sudo group                | if idm true   |
+
+**Mandatory** is the minimum variables that need to be set to make the role work
+*the variables not mandatory either have a default value defined or can be omited*
+
+Dependencies
+------------
+
+Dependencies with some others roles (if there is some).
+
+Example Playbook
+----------------
+Give some example about how to use or implement your Roles
+
+
+```yml
+- name: Trigger Role Example in a Playbooks
+  hosts: RANDOM_GROUP_DEFINED_IN_YOUR_INVENTORY
+  remote_user: ansible
+  become: true
+
+  roles:
+  - { role: 'example',   tags: 'example'  }
+```
+
+```yml
+# Example for one user
+- import_role:
+    name: "example"
+  vars:
+    svc_account:         "{{ tomcat_svc_account }}"
+    svc_group:           "{{ tomcat_svc_group   }}"
+```
+
+License
+-------
+
+Apache-2.0
+
+Author Information
+------------------
+
+morze.baltyk@proton.me
diff --git a/roles/deploy_hauler/defaults/main.yml b/roles/deploy_hauler/defaults/main.yml
new file mode 100644
index 000000000..4a7d81e83
--- /dev/null
+++ b/roles/deploy_hauler/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for deploy_hauler
diff --git a/roles/deploy_hauler/handlers/main.yml b/roles/deploy_hauler/handlers/main.yml
new file mode 100644
index 000000000..95dd4b89e
--- /dev/null
+++ b/roles/deploy_hauler/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for deploy_hauler
diff --git a/roles/deploy_hauler/meta/main.yml b/roles/deploy_hauler/meta/main.yml
new file mode 100644
index 000000000..044dd105f
--- /dev/null
+++ b/roles/deploy_hauler/meta/main.yml
@@ -0,0 +1,54 @@
+---
+galaxy_info:
+  standalone: false # Part of a collection
+  author: morze.baltyk@proton.me
+  description: Role to deploy hauler on first controller.
+  company: Opensource
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: Apache-2.0
+
+  min_ansible_version: "2.15.0"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/deploy_hauler/tasks/main.yml b/roles/deploy_hauler/tasks/main.yml
new file mode 100644
index 000000000..7b5fa077c
--- /dev/null
+++ b/roles/deploy_hauler/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+# tasks file for deploy_hauler
diff --git a/roles/deploy_hauler/tests/inventory b/roles/deploy_hauler/tests/inventory
new file mode 100644
index 000000000..2fbb50c4a
--- /dev/null
+++ b/roles/deploy_hauler/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/roles/deploy_hauler/tests/test.yml b/roles/deploy_hauler/tests/test.yml
new file mode 100644
index 000000000..137b354f8
--- /dev/null
+++ b/roles/deploy_hauler/tests/test.yml
@@ -0,0 +1,6 @@
+---
+- name: Test
+  hosts: localhost
+  remote_user: root
+  roles:
+    - deploy_hauler
diff --git a/roles/deploy_hauler/vars/main.yml b/roles/deploy_hauler/vars/main.yml
new file mode 100644
index 000000000..a5bcd8f30
--- /dev/null
+++ b/roles/deploy_hauler/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for deploy_hauler
diff --git a/roles/install_utils_registry/tasks/main.yml b/roles/install_utils_registry/tasks/main.yml
index bed151713..839cc1f06 100644
--- a/roles/install_utils_registry/tasks/main.yml
+++ b/roles/install_utils_registry/tasks/main.yml
@@ -14,8 +14,8 @@
   ansible.builtin.import_tasks: deploy.yml
   when: caller_role_name == "controller"
 
-- name: Load images in local registry
-  ansible.builtin.import_tasks: load.yml
+- name: Wait for local registry to be reachable
+  ansible.builtin.import_tasks: wait.yml
   when: caller_role_name == "controller"
 
 - name: List images imported in registry
diff --git a/roles/install_utils_registry/tasks/post.yml b/roles/install_utils_registry/tasks/post.yml
index 0515d437f..836167712 100644
--- a/roles/install_utils_registry/tasks/post.yml
+++ b/roles/install_utils_registry/tasks/post.yml
@@ -5,6 +5,7 @@
   ansible.builtin.shell:
     cmd: |
       set -o pipefail &&
+      source $HOME/.bashrc &&
       for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
         for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
           echo ${i}:${tag};
diff --git a/roles/install_utils_registry/tasks/load.yml b/roles/install_utils_registry/tasks/wait.yml
similarity index 100%
rename from roles/install_utils_registry/tasks/load.yml
rename to roles/install_utils_registry/tasks/wait.yml
diff --git a/roles/set_versions/README.md b/roles/set_versions/README.md
new file mode 100644
index 000000000..fd3c3682d
--- /dev/null
+++ b/roles/set_versions/README.md
@@ -0,0 +1,72 @@
+Role Name
+=========
+
+Role to get and set versions.
+
+Requirements
+------------
+
+*Example below show that the roles have two flavors and different requirements in functions of what you want*
+
+if idm set to true:
+- Access to a IDM server if you want to create users account.
+- Credentials access to connect to IDM
+
+if idm set to false:
+- create local account on Linux servers
+
+Role Variables
+--------------
+
+| **VarName**        | **Type** | **Content**               | **Mandatory** |
+|--------------------|----------|---------------------------|:-------------:|
+| idm                | boolean  | true / false              | x             |
+| svc_account        | string   | Service Account           | x             |
+| svc_account_passwd | string   | pwd (can be omited)       |               |
+| svc_group          | string   | Group                     |               |
+| svc_owner          | string   | Owner of the account      | if idm true   |
+| list_svc_account   | list     | Users which goes in group | if idm true   |
+| idm_server         | string   | Service Account PWD       | if idm true   |
+| idm_pwd            | string   | sudo group                | if idm true   |
+
+**Mandatory** is the minimum variables that need to be set to make the role work
+*the variables not mandatory either have a default value defined or can be omited*
+
+Dependencies
+------------
+
+Dependencies with some others roles (if there is some).
+
+Example Playbook
+----------------
+Give some example about how to use or implement your Roles
+
+
+```yml
+- name: Trigger Role Example in a Playbooks
+  hosts: RANDOM_GROUP_DEFINED_IN_YOUR_INVENTORY
+  remote_user: ansible
+  become: true
+
+  roles:
+  - { role: 'example',   tags: 'example'  }
+```
+
+```yml
+# Example for one user
+- import_role:
+    name: "example"
+  vars:
+    svc_account:         "{{ tomcat_svc_account }}"
+    svc_group:           "{{ tomcat_svc_group   }}"
+```
+
+License
+-------
+
+Apache-2.0
+
+Author Information
+------------------
+
+morze.baltyk@proton.me
diff --git a/roles/set_versions/defaults/main.yml b/roles/set_versions/defaults/main.yml
new file mode 100644
index 000000000..bc66fb75a
--- /dev/null
+++ b/roles/set_versions/defaults/main.yml
@@ -0,0 +1,7 @@
+---
+rhel_version: "{{ global_rhel_version | default('false') }}"
+stable_channel_wanted: "{{ global_stable_channel | bool }}"
+kubevip_wanted: "{{ global_extras_components['kubevip'] | bool }}"
+longhorn_wanted: "{{ global_extras_components['longhorn'] | bool }}"
+rancher_wanted: "{{ global_extras_components['rancher'] | bool }}"
+neuvector_wanted: "{{ global_extras_components['neuvector'] | bool }}"
diff --git a/roles/set_versions/meta/main.yml b/roles/set_versions/meta/main.yml
new file mode 100644
index 000000000..fa440af90
--- /dev/null
+++ b/roles/set_versions/meta/main.yml
@@ -0,0 +1,54 @@
+---
+galaxy_info:
+  standalone: false # Part of a collection
+  author: morze.baltyk@proton.me
+  description: Role to get and set versions.
+  company: Opensource
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: Apache-2.0
+
+  min_ansible_version: "2.15.0"
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/set_versions/tasks/defined_versions.yml b/roles/set_versions/tasks/defined_versions.yml
new file mode 100644
index 000000000..2a77cf833
--- /dev/null
+++ b/roles/set_versions/tasks/defined_versions.yml
@@ -0,0 +1,21 @@
+---
+- name: Set Versions variables
+  ansible.builtin.set_fact:
+    rke2_version: "{{ global_versions['rke2'] }}"
+    kubevip_version: "{{ global_versions['kubevip'] }}"
+    longhorn_version: "{{ global_versions['cert_manager'] }}"
+    cert_manager_version: "{{ global_versions['rancher'] }}"
+    rancher_version: "{{ global_versions['longhorn'] }}"
+    neuvector_version: "{{ global_versions['neuvector'] }}"
+    helm_version: "{{ global_versions['helm'] }}"
+
+- name: Display
+  ansible.builtin.debug:
+    msg:
+      - "Defined RKE2 version in this ansible collection is {{ rke2_version }}"
+      - "Defined Kube-vip version in this ansible collection is {{ kubevip_version }}"
+      - "Defined Longhorn version in this ansible collection is {{ longhorn_version }}"
+      - "Defined Cert-manager version in this ansible collection is {{ cert_manager_version }}"
+      - "Defined Rancher version in this ansible collection is {{ rancher_version }}"
+      - "Defined Neuvector version in this ansible collection is {{ neuvector_version }}"
+      - "Defined Helm version in this ansible collection is {{ helm_version }}"
diff --git a/roles/set_versions/tasks/main.yml b/roles/set_versions/tasks/main.yml
new file mode 100644
index 000000000..5ff35e063
--- /dev/null
+++ b/roles/set_versions/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+# tasks file for set_versions
+- name: Set RHEL Versions variables
+  ansible.builtin.import_tasks: rhel_version.yml
+
+- name: Set Versions variables
+  ansible.builtin.import_tasks: stable_channels.yml
+  when: stable_channel_wanted
+
+- name: Set Versions variables
+  ansible.builtin.import_tasks: defined_versions.yml
+  when: not stable_channel_wanted
diff --git a/roles/set_versions/tasks/rhel_version.yml b/roles/set_versions/tasks/rhel_version.yml
new file mode 100644
index 000000000..e2c087b6b
--- /dev/null
+++ b/roles/set_versions/tasks/rhel_version.yml
@@ -0,0 +1,26 @@
+---
+- name: RHEL version was not given in command line so need to be defined
+  when: rhel_version == 'false'
+  block:
+    - name: Gather facts
+      ansible.builtin.setup:
+        gather_subset:
+          - "distribution"
+          - "distribution_major_version"
+          - "!min"
+      when: >
+        ansible_os_family is not defined
+
+    - name: Set rhel_version variable from non-RedHat systems
+      ansible.builtin.set_fact:
+        rhel_version: 8
+      when: ansible_os_family != "RedHat"
+
+    - name: Set rhel_version variable from a RedHat systems and take same version
+      ansible.builtin.set_fact:
+        rhel_version: "{{ ansible_distribution_major_version }}"
+      when: ansible_os_family == "RedHat"
+
+- name: Display RHEL version
+  ansible.builtin.debug:
+    msg: "Rkub Package is set now for RHEL version {{ rhel_version }}"
diff --git a/roles/set_versions/tasks/stable_channels.yml b/roles/set_versions/tasks/stable_channels.yml
new file mode 100644
index 000000000..130e667dd
--- /dev/null
+++ b/roles/set_versions/tasks/stable_channels.yml
@@ -0,0 +1,117 @@
+---
+# RKE2
+- name: Block RKE2
+  block:
+    # export RKE_VERSION=$(curl -s https://update.rke2.io/v1-release/channels | jq -r '.data[] | select(.id=="stable") | .latest' | awk -F"+" '{print $1}'| sed 's/v//')
+    - name: Get RKE2 latest stable version
+      ansible.builtin.uri:
+        url: "https://update.rke2.io/v1-release/channels"
+        method: GET
+        return_content: true
+      register: rke2_channels
+
+    - name: Extract latest stable version
+      ansible.builtin.set_fact:
+        rke2_version: "{{ rke2_channels.json.data | selectattr('id', 'equalto', 'stable') | map(attribute='latest') | first | regex_replace('\\+.*', '') | regex_replace('^v', '') }}"
+
+# Kubevip
+- name: Block Kubevip
+  when: kubevip_wanted
+  block:
+    # export KUBEVIP_VERSION=$(curl -s https://api.github.com/repos/kube-vip/kube-vip/releases/latest | jq -r .tag_name)
+    - name: Get Kube-vip latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/kube-vip/kube-vip/releases/latest"
+        method: GET
+        return_content: true
+      register: kubevip_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        kubevip_version: "{{ kubevip_release.json.tag_name }}"
+
+# Longhorn
+- name: Block Longhorn
+  when: longhorn_wanted
+  block:
+    # export LONGHORN_VERSION=$(curl -s https://api.github.com/repos/longhorn/longhorn/releases/latest | jq -r .tag_name)
+    - name: Get Longhorn latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/longhorn/longhorn/releases/latest"
+        method: GET
+        return_content: true
+      register: longhorn_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        longhorn_version: "{{ longhorn_release.json.tag_name }}"
+
+# Rancher
+- name: Block Rancher
+  when: rancher_wanted
+  block:
+    # export CERT_VERSION=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest | jq -r .tag_name)
+    - name: Get Cert-Manager latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/cert-manager/cert-manager/releases/latest"
+        method: GET
+        return_content: true
+      register: cert_manager_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        cert_manager_version: "{{ cert_manager_release.json.tag_name }}"
+
+    # export RANCHER_VERSION=$(curl -s https://api.github.com/repos/rancher/rancher/releases/latest | jq -r .tag_name)
+    - name: Get Rancher latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/rancher/rancher/releases/latest"
+        method: GET
+        return_content: true
+      register: rancher_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        rancher_version: "{{ rancher_release.json.tag_name }}"
+
+# Neuvector
+- name: Block Neuvector
+  when: neuvector_wanted
+  block:
+    # export NEU_VERSION=$(curl -s https://api.github.com/repos/neuvector/neuvector-helm/releases/latest | jq -r .tag_name)
+    - name: Get Neuvector latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/neuvector/neuvector-helm/releases/latest"
+        method: GET
+        return_content: true
+      register: neuvector_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        neuvector_version: "{{ neuvector_release.json.tag_name }}"
+
+# Helm binary
+- name: Block Helm
+  block:
+    - name: Get Helm binary latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/helm/helm/releases/latest"
+        method: GET
+        return_content: true
+      register: helm_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        helm_version: "{{ helm_release.json.tag_name }}"
+
+# Display result
+- name: Display versions
+  ansible.builtin.debug:
+    msg:
+      - "Latest stable RKE2 version is {{ rke2_version }}"
+      - "Latest Kube-vip release tag is {{ kubevip_version | default('<none>') }}"
+      - "Latest Longhorn release tag is {{ longhorn_version | default('<none>') }}"
+      - "Latest Cert-manager release tag is {{ cert_manager_version | default('<none>') }}"
+      - "Latest Rancher release tag is {{ rancher_version | default('<none>') }}"
+      - "Latest Neuvector release tag is {{ neuvector_version | default('<none>') }}"
+      - "Latest Helm release tag is {{ helm_version }}"
diff --git a/roles/set_versions/tests/inventory b/roles/set_versions/tests/inventory
new file mode 100644
index 000000000..2fbb50c4a
--- /dev/null
+++ b/roles/set_versions/tests/inventory
@@ -0,0 +1 @@
+localhost
diff --git a/roles/set_versions/tests/test.yml b/roles/set_versions/tests/test.yml
new file mode 100644
index 000000000..0b31f6829
--- /dev/null
+++ b/roles/set_versions/tests/test.yml
@@ -0,0 +1,6 @@
+---
+- name: Test
+  hosts: localhost
+  remote_user: root
+  roles:
+    - set_versions
diff --git a/test/playbooks/set.yml b/test/playbooks/set.yml
new file mode 100644
index 000000000..0d50fdd9e
--- /dev/null
+++ b/test/playbooks/set.yml
@@ -0,0 +1,9 @@
+---
+- name: Set versions
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  vars_files: ../../playbooks/vars/main.yml
+  roles:
+    #- {role: set_versions, tags: versions}
+    - {role: build_airgap_hauler, tags: hauler}

From b7366d779e013b17c677487e3e86acd7fecb4df7 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 13 May 2024 13:24:43 +0200
Subject: [PATCH 293/365] adding hauler store

---
 README.md                                     | 26 +++++++-------
 roles/build_airgap_hauler/defaults/main.yml   |  6 ----
 roles/build_airgap_hauler/tasks/hauler.yml    | 34 +++++++++++++++++--
 roles/build_airgap_hauler/tasks/kubevip.yml   |  6 ++++
 roles/build_airgap_hauler/tasks/longhorn.yml  |  2 +-
 roles/build_airgap_hauler/tasks/main.yml      |  4 +++
 roles/build_airgap_hauler/tasks/neuvector.yml |  2 +-
 roles/build_airgap_hauler/tasks/rancher.yml   |  2 +-
 .../templates/airgap_hauler.yaml.j2           |  7 +++-
 .../tasks/install_airgap.yml                  |  2 +-
 roles/set_versions/tasks/defined_versions.yml | 10 +++---
 roles/set_versions/tasks/stable_channels.yml  | 12 +++----
 12 files changed, 76 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 891f96c2d..f8c793789 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ This Ansible collection will install in airgap environnement RKE2 (one controler
 - [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
 <!-- END -->
 
-This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
+This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/).
 I tried it and like the idea but I was frustrated with Shell scripting limitations. So I decided to rewrite it in Ansible.
 
 With Ansible:
@@ -35,13 +35,11 @@ With Ansible:
 
 - User agnostic: can be launch by any user (with sudo rights).
 
-- OS agnositc: can be launch on any Linux systems (at least for the package build, for the install depend on your participation to this project 😸)
+- OS agnositc: can be launch on any Linux systems (at least for the package build, for the install part, it depends on your participation 😸)
 
-Add-on from my part, some part which were manual in Clemenko procedure are automated with Ansible like:
+Add-on from my part:
 
-- the upload or NFS mount
-
-- Some flexibility about path (possible to export or mount NFS in choosen place)
+- Some flexibility about path (possible to build, install on path of your choice)
 
 - Arkade to install utilities binaries
 
@@ -57,7 +55,7 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 
 ## Prerequisites
 
-- Linux Host as a package builder (can be a VM or your WSL). Count 30G of free space in the build directory of your package builder (17G for download + 7G for the zst package).
+- Linux Host as a package builder (can be a VM or your WSL). Count 10G of free space in the build directory of your package builder.
 
 - An Ansible Controler, can be the same host for ansible and for building package, at your convenience...
 
@@ -77,11 +75,15 @@ Add-on from my part, some part which were manual in Clemenko procedure are autom
 2. Build your package by running (works on Debian-like and Redhat-like and it targets localhost):
 
 ```sh
-ansible-playbook playbooks/tasks/build.yml         # All arguments below are not mandatory
--e dir_build="$HOME/rkub"                          # Directory where to upload everything (count 30G)
--e package_name="rke2_rancher_longhorn.zst"        # Name of the package, by default rke2_rancher_longhorn.zst
--e archive="True"                                  # Archive tar.zst true or false (default value "true")
--u admin -Kk                                       # Other Ansible Arguments (like -vvv)
+ansible-playbook playbooks/tasks/build.yml                    # All arguments below are not mandatory
+-e "dir_build=$HOME/rkub"                                     # Directory where to upload everything (count 30G)
+-e "package_name=rke2_rancher_longhorn.zst"                   # Name of the package, by default rke2_rancher_longhorn.zst
+-e "archive=true"                                             # Archive tar.zst true or false (default value "true")
+-e "stable=false"                                             # Stable channels or defined version in Rkub collection (default value "false")
+-e "el=9"                                                     # RHEL version (take default value from localhost if OS is different from RedHat-like take value "8")
+-e "all=false"                                                # if you want to install all components kubevip,longhorn,rancher,neuvector (default value "false")
+-e "kubevip=true longhorn=true rancher=true neuvector=true"   # which extras components you want to add to package (default value from var 'all')
+-u admin -Kk                                                  # Other Ansible Arguments (like -vvv)
 ```
 
 3. Push your package to first controler:
diff --git a/roles/build_airgap_hauler/defaults/main.yml b/roles/build_airgap_hauler/defaults/main.yml
index ddc29936d..d933d9e05 100644
--- a/roles/build_airgap_hauler/defaults/main.yml
+++ b/roles/build_airgap_hauler/defaults/main.yml
@@ -4,9 +4,3 @@ directory_package: "{{ global_directory_package_build }}"
 tar_zst_name: "{{ global_package_name }}"
 path_to_package_zst: "{{ global_path_to_package_zst }}"
 archive_wanted: "{{ global_archive_tar_zst_bool }}"
-
-# Components wanted
-#kubevip_wanted: "{{ global_extras_components['kubevip'] | bool }}"
-#longhorn_wanted: "{{ global_extras_components['longhorn'] | bool }}"
-#rancher_wanted: "{{ global_extras_components['rancher'] | bool }}"
-#neuvector_wanted: "{{ global_extras_components['neuvector'] | bool }}"
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index ec41a63f3..59c87d346 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -1,10 +1,8 @@
 ---
-# append list
 - name: Append lists together
   ansible.builtin.set_fact:
-    list_images: "{{ list_images_rke2 + list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) }}"
+    list_images: "{{ list_images_rke2 + list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) + list_images_kubevip | default([]) }}"
 
-# install
 - name: Install Hauler if not present
   ansible.builtin.shell:
     cmd: |
@@ -12,3 +10,33 @@
       command -v hauler || curl -sfL https://get.hauler.dev | bash
     executable: /bin/bash
   changed_when: false
+
+- name: Push template
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "{{directory_package}}/{{ item | basename | regex_replace('.j2$', '') }}"
+    mode: 0660
+  loop:
+    - "airgap_hauler.yaml.j2"
+
+# Hauler Store
+- name: Display Info
+  ansible.builtin.debug:
+    msg: "Start Hauler store - this step can take some times..."
+
+- name: Hauler store the all things
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      hauler store sync -f {{ directory_package }}/airgap_hauler.yaml
+    executable: /bin/bash
+  changed_when: false
+
+# zstd not include in ansible module archive
+- name: Compress files using zstd and create an archive
+  ansible.builtin.command:
+    "tar -I zstd -vcf {{ tar_zst_name }} -C {{ directory_package }} ."
+  args:
+    chdir: "{{ directory_package }}/.."
+  changed_when: false
+  when: archive_wanted
diff --git a/roles/build_airgap_hauler/tasks/kubevip.yml b/roles/build_airgap_hauler/tasks/kubevip.yml
index e69de29bb..7c898d905 100644
--- a/roles/build_airgap_hauler/tasks/kubevip.yml
+++ b/roles/build_airgap_hauler/tasks/kubevip.yml
@@ -0,0 +1,6 @@
+---
+# https://kube-vip.io/docs/installation/daemonset/#generating-a-manifest
+- name: Create a list for Kube-VIP
+  ansible.builtin.set_fact:
+    list_images_kubevip:
+      - "ghcr.io/kube-vip/kube-vip:v{{ kubevip_version }}"
diff --git a/roles/build_airgap_hauler/tasks/longhorn.yml b/roles/build_airgap_hauler/tasks/longhorn.yml
index e363a7389..0a3cd04fe 100644
--- a/roles/build_airgap_hauler/tasks/longhorn.yml
+++ b/roles/build_airgap_hauler/tasks/longhorn.yml
@@ -2,4 +2,4 @@
 #  for i in $(curl -sL https://github.com/longhorn/longhorn/releases/download/$LONGHORN_VERSION/longhorn-images.txt); do echo "    - name: "$i >> airgap_hauler.yaml; done
 - name: Add longhorn images to list_images variable
   ansible.builtin.set_fact:
-    list_images_longhorn: "{{ lookup('ansible.builtin.url', 'https://raw.githubusercontent.com/longhorn/longhorn/{{ longhorn_version }}/deploy/longhorn-images.txt', wantlist=True) }}"
+    list_images_longhorn: "{{ lookup('ansible.builtin.url', 'https://raw.githubusercontent.com/longhorn/longhorn/v{{ longhorn_version }}/deploy/longhorn-images.txt', wantlist=True) }}"
diff --git a/roles/build_airgap_hauler/tasks/main.yml b/roles/build_airgap_hauler/tasks/main.yml
index aa9378a44..7cb1b9b45 100644
--- a/roles/build_airgap_hauler/tasks/main.yml
+++ b/roles/build_airgap_hauler/tasks/main.yml
@@ -23,5 +23,9 @@
   ansible.builtin.import_tasks: neuvector.yml
   when: neuvector_wanted
 
+- name: Get list images Kube-vip
+  ansible.builtin.import_tasks: kubevip.yml
+  when: kubevip_wanted
+
 - name: Hauler install and store
   ansible.builtin.import_tasks: hauler.yml
diff --git a/roles/build_airgap_hauler/tasks/neuvector.yml b/roles/build_airgap_hauler/tasks/neuvector.yml
index 78e98d98d..ef8e28e8c 100644
--- a/roles/build_airgap_hauler/tasks/neuvector.yml
+++ b/roles/build_airgap_hauler/tasks/neuvector.yml
@@ -17,4 +17,4 @@
 
 - name: Create a list from output
   ansible.builtin.set_fact:
-    list_images_neuvector: "{{ neuvector['stdout'].splitlines() }}"
+    list_images_neuvector: "{{ neuvector_images['stdout'].splitlines() }}"
diff --git a/roles/build_airgap_hauler/tasks/rancher.yml b/roles/build_airgap_hauler/tasks/rancher.yml
index c3b1a2e54..093faeb70 100644
--- a/roles/build_airgap_hauler/tasks/rancher.yml
+++ b/roles/build_airgap_hauler/tasks/rancher.yml
@@ -28,7 +28,7 @@
 
 - name: Get Rancher images from URL
   ansible.builtin.uri:
-    url: "https://github.com/rancher/rancher/releases/download/{{ rancher_version }}/rancher-images.txt"
+    url: "https://github.com/rancher/rancher/releases/download/v{{ rancher_version }}/rancher-images.txt"
     method: GET
     return_content: true
   register: rancher_images
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 22ed34ab0..09f0a468c 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -1,3 +1,4 @@
+# images
 apiVersion: content.hauler.cattle.io/v1alpha1
 kind: Images
 metadata:
@@ -9,6 +10,8 @@ spec:
 {% for item in list_images %}
     - name: {{ item }}
 {% endfor %}
+{% if rancher_wanted or longhorn_wanted or neuvector_wanted %}
+# Helm Charts
 ---
 apiVersion: content.hauler.cattle.io/v1alpha1
 kind: Charts
@@ -34,6 +37,8 @@ spec:
       repoURL: https://neuvector.github.io/neuvector-helm/
       version: {{ neuvector_version }}
 {% endif %}
+{% endif %}
+# Files and RPM
 ---
 apiVersion: content.hauler.cattle.io/v1alpha1
 kind: Files
@@ -45,5 +50,5 @@ spec:
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.{{ rhel_version }}.noarch.rpm
-    - path: https://get.helm.sh/helm-{{ helm_version }}-linux-amd64.tar.gz
+    - path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
     - path: https://raw.githubusercontent.com/clemenko/rke_airgap_install/main/hauler_all_the_things.sh
diff --git a/roles/install_utils_kubevip/tasks/install_airgap.yml b/roles/install_utils_kubevip/tasks/install_airgap.yml
index 669980522..0752c1377 100644
--- a/roles/install_utils_kubevip/tasks/install_airgap.yml
+++ b/roles/install_utils_kubevip/tasks/install_airgap.yml
@@ -14,6 +14,6 @@
     owner: root
     group: root
     mode: 0664
-  with_fileglob:
+  loop:
     - "templates/airgap/kube-vip.yml.j2"
     - "templates/airgap/kube-vip-rbac.yml.j2"
diff --git a/roles/set_versions/tasks/defined_versions.yml b/roles/set_versions/tasks/defined_versions.yml
index 2a77cf833..81e18590a 100644
--- a/roles/set_versions/tasks/defined_versions.yml
+++ b/roles/set_versions/tasks/defined_versions.yml
@@ -13,9 +13,9 @@
   ansible.builtin.debug:
     msg:
       - "Defined RKE2 version in this ansible collection is {{ rke2_version }}"
-      - "Defined Kube-vip version in this ansible collection is {{ kubevip_version }}"
-      - "Defined Longhorn version in this ansible collection is {{ longhorn_version }}"
-      - "Defined Cert-manager version in this ansible collection is {{ cert_manager_version }}"
-      - "Defined Rancher version in this ansible collection is {{ rancher_version }}"
-      - "Defined Neuvector version in this ansible collection is {{ neuvector_version }}"
       - "Defined Helm version in this ansible collection is {{ helm_version }}"
+      - "{% if kubevip_wanted %}Defined Kube-vip version in this ansible collection is {{ kubevip_version }}{% endif %}"
+      - "{% if longhorn_wanted %}Defined Longhorn version in this ansible collection is {{ longhorn_version }}{% endif %}"
+      - "{% if rancher_wanted %}Defined Cert-manager version in this ansible collection is {{ cert_manager_version }}{% endif %}"
+      - "{% if rancher_wanted %}Defined Rancher version in this ansible collection is {{ rancher_version }}{% endif %}"
+      - "{% if neuvector_wanted %}Defined Neuvector version in this ansible collection is {{ neuvector_version }}{% endif %}"
diff --git a/roles/set_versions/tasks/stable_channels.yml b/roles/set_versions/tasks/stable_channels.yml
index 130e667dd..5c73028cb 100644
--- a/roles/set_versions/tasks/stable_channels.yml
+++ b/roles/set_versions/tasks/stable_channels.yml
@@ -28,7 +28,7 @@
 
     - name: Extract latest release tag
       ansible.builtin.set_fact:
-        kubevip_version: "{{ kubevip_release.json.tag_name }}"
+        kubevip_version: "{{ kubevip_release.json.tag_name | regex_replace('^v', '') }}"
 
 # Longhorn
 - name: Block Longhorn
@@ -44,7 +44,7 @@
 
     - name: Extract latest release tag
       ansible.builtin.set_fact:
-        longhorn_version: "{{ longhorn_release.json.tag_name }}"
+        longhorn_version: "{{ longhorn_release.json.tag_name | regex_replace('^v', '') }}"
 
 # Rancher
 - name: Block Rancher
@@ -60,7 +60,7 @@
 
     - name: Extract latest release tag
       ansible.builtin.set_fact:
-        cert_manager_version: "{{ cert_manager_release.json.tag_name }}"
+        cert_manager_version: "{{ cert_manager_release.json.tag_name | regex_replace('^v', '') }}"
 
     # export RANCHER_VERSION=$(curl -s https://api.github.com/repos/rancher/rancher/releases/latest | jq -r .tag_name)
     - name: Get Rancher latest release
@@ -72,7 +72,7 @@
 
     - name: Extract latest release tag
       ansible.builtin.set_fact:
-        rancher_version: "{{ rancher_release.json.tag_name }}"
+        rancher_version: "{{ rancher_release.json.tag_name | regex_replace('^v', '') }}"
 
 # Neuvector
 - name: Block Neuvector
@@ -88,7 +88,7 @@
 
     - name: Extract latest release tag
       ansible.builtin.set_fact:
-        neuvector_version: "{{ neuvector_release.json.tag_name }}"
+        neuvector_version: "{{ neuvector_release.json.tag_name | regex_replace('^v', '') }}"
 
 # Helm binary
 - name: Block Helm
@@ -102,7 +102,7 @@
 
     - name: Extract latest release tag
       ansible.builtin.set_fact:
-        helm_version: "{{ helm_release.json.tag_name }}"
+        helm_version: "{{ helm_release.json.tag_name | regex_replace('^v', '') }}"
 
 # Display result
 - name: Display versions

From d8362f743723be7570e974773e01b9d205570aca Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 13 May 2024 19:34:48 +0200
Subject: [PATCH 294/365] adding hauler store

---
 README.md                                     | 18 ++---
 playbooks/vars/main.yml                       | 13 ++--
 roles/build_airgap_hauler/tasks/hauler.yml    | 11 ++-
 .../templates/airgap_hauler.yaml.j2           | 14 +++-
 roles/build_airgap_package/tasks/rke2.yml     |  4 +-
 roles/deploy_hauler/defaults/main.yml         |  2 +
 roles/deploy_hauler/handlers/main.yml         |  3 +
 roles/deploy_hauler/tasks/main.yml            | 20 +++++
 roles/deploy_hauler/tasks/rhel.yml            | 77 +++++++++++++++++++
 roles/deploy_hauler/templates/hauler.repo.j2  |  5 ++
 .../deploy_hauler/templates/hauler.service.j2 | 11 +++
 roles/deploy_hauler/vars/main.yml             |  2 -
 roles/install_rke2_common/defaults/main.yml   |  1 +
 .../tasks/{install.yml => common.yml}         | 17 ----
 roles/install_rke2_common/tasks/main.yml      |  7 +-
 roles/install_rke2_common/tasks/selinux.yml   | 25 ++++++
 .../install_rke2_controller/tasks/install.yml | 39 +---------
 roles/install_rke2_controller/tasks/main.yml  | 52 ++++++-------
 roles/install_rke2_controller/tasks/rpm.yml   | 32 ++++++++
 roles/set_versions/tasks/defined_versions.yml |  4 +
 roles/set_versions/tasks/stable_channels.yml  | 40 ++++++++--
 roles/uninstall_rkub/defaults/main.yml        |  4 +-
 roles/upload_package_zst/defaults/main.yml    |  2 +
 roles/upload_package_zst/tasks/main.yml       |  8 +-
 test/playbooks/{set.yml => hauler_build.yml}  |  3 +-
 test/playbooks/hauler_server.yml              |  7 ++
 26 files changed, 307 insertions(+), 114 deletions(-)
 create mode 100644 roles/deploy_hauler/tasks/rhel.yml
 create mode 100644 roles/deploy_hauler/templates/hauler.repo.j2
 create mode 100644 roles/deploy_hauler/templates/hauler.service.j2
 delete mode 100644 roles/deploy_hauler/vars/main.yml
 rename roles/install_rke2_common/tasks/{install.yml => common.yml} (68%)
 create mode 100644 roles/install_rke2_common/tasks/selinux.yml
 create mode 100644 roles/install_rke2_controller/tasks/rpm.yml
 rename test/playbooks/{set.yml => hauler_build.yml} (71%)
 create mode 100644 test/playbooks/hauler_server.yml

diff --git a/README.md b/README.md
index f8c793789..f148dabd9 100644
--- a/README.md
+++ b/README.md
@@ -39,19 +39,19 @@ With Ansible:
 
 Add-on from my part:
 
-- Some flexibility about path (possible to build, install on path of your choice)
+- Some flexibility about path with the possibility to build and install on a choosen path.
 
-- Arkade to install utilities binaries
+- Admin user (by default 'kuberoot') on first controller node with some admin tools.
 
-- Admin user (by default kuberoot) on first controler node with all necessary tools
+- Nerdctl as complement of containerd to handle oci-archive.
 
-- Nerdctl (as complement of containerd to handle oci-archive)
+- K9S on first controller for admin purpose.
 
-- Firewalld settings if firewalld running
+- Firewalld settings if firewalld running.
 
-- Uninstall playbook to cleanup (and maybe reinstall if needed)
+- Uninstall playbook to cleanup (and maybe reinstall if needed).
 
-- Collection Released, so possibilty to get back to older versions
+- Collection Released, so possibilty to get back to older versions.
 
 ## Prerequisites
 
@@ -77,7 +77,7 @@ Add-on from my part:
 ```sh
 ansible-playbook playbooks/tasks/build.yml                    # All arguments below are not mandatory
 -e "dir_build=$HOME/rkub"                                     # Directory where to upload everything (count 30G)
--e "package_name=rke2_rancher_longhorn.zst"                   # Name of the package, by default rke2_rancher_longhorn.zst
+-e "package_name=rkub.zst"                                    # Name of the package, by default rkub.zst
 -e "archive=true"                                             # Archive tar.zst true or false (default value "true")
 -e "stable=false"                                             # Stable channels or defined version in Rkub collection (default value "false")
 -e "el=9"                                                     # RHEL version (take default value from localhost if OS is different from RedHat-like take value "8")
@@ -210,8 +210,6 @@ Improvments:
 
 * Clemenko, for the idea [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
 
-* Alex Ellis, for its [Arkade project](https://github.com/alexellis/arkade). I cannot live without anymore.
-
 ## References:
 
 - [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh)
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 33fcd4577..f96620ea2 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -1,5 +1,5 @@
 ---
-# Version products
+# OLD Version products
 global_rke2_version: "1.27.12"
 global_kubevip_version: "0.7.0"
 global_helm_version: "3.14.0"
@@ -8,7 +8,7 @@ global_RANCHER_VERSION: "2.8.1"
 global_LONGHORN_VERSION: "1.6.0"
 global_NEU_VERSION: "2.7.2"
 
-# Not used yet
+# Version products
 global_stable_channel: "{{ stable | default('false') }}"
 global_all_wanted: "{{ all | default('false') }}"
 global_extras_components:
@@ -25,6 +25,8 @@ global_versions:
   longhorn: "1.6.0"
   neuvector: "2.7.2"
   helm: "3.14.0"
+  nerdctl: "1.7.6"
+  k9s: "0.32.4"
 
 global_rhel_version: "{{ el }}"
 
@@ -34,7 +36,7 @@ global_directory_package_build: "{{ dir_build | default('$HOME/rkub') }}"
 global_archive_tar_zst_bool: "{{ archive | default('true') | bool }}"
 
 # Local
-global_package_name: "{{ package_name | default('rke2_rancher_longhorn.zst') }}"
+global_package_name: "{{ package_name | default('rkub.zst') }}"
 global_path_to_package_zst: "{{ global_directory_package_build }}/../{{ global_package_name }}"
 
 # Target
@@ -42,12 +44,13 @@ global_directory_package_target: "{{ dir_target | default('/opt/rkub') }}"
 global_directory_mount: "{{ dir_mount | default('/mnt/rkub') }}"
 
 # Options General
+global_hauler_ip: "{{ hauler_ip | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address']) }}"
 global_master_ip: "{{ master_ip | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address']) }}"
 global_domain:    "{{ domain | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_domain']) }}"
 
-# Options RKE2 - Not used yet
+# Options RKE2
 global_rke2_data_dir: "{{ data_dir | default('/var/lib/rancher/rke2') }}"
-global_rke2_ha_mode: true
+global_rke2_ha_mode: false
 global_rke2_api_ip: "{{ vip | default(global_master_ip) }}"
 global_rke2_cluster_cidr: "10.42.0.0/16" #Default Value
 global_rke2_service_cidr: "10.43.0.0/16" #Default Value
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index 59c87d346..ca7f802aa 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -11,10 +11,17 @@
     executable: /bin/bash
   changed_when: false
 
+- name: Copy the hauler binary to package
+  ansible.builtin.copy:
+    src: /usr/local/bin/hauler
+    dest: "{{ directory_package }}"
+    mode: '0750'
+  become: true
+
 - name: Push template
   ansible.builtin.template:
     src: "{{ item }}"
-    dest: "{{directory_package}}/{{ item | basename | regex_replace('.j2$', '') }}"
+    dest: "{{ directory_package }}/{{ item | basename | regex_replace('.j2$', '') }}"
     mode: 0660
   loop:
     - "airgap_hauler.yaml.j2"
@@ -30,6 +37,8 @@
       set -o pipefail
       hauler store sync -f {{ directory_package }}/airgap_hauler.yaml
     executable: /bin/bash
+  args:
+    chdir: "{{ directory_package }}"
   changed_when: false
 
 # zstd not include in ansible module archive
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 09f0a468c..9bfb447c3 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -46,9 +46,21 @@ metadata:
   name: rancher-files
 spec:
   files:
+    # RPM Common to both method
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-common-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.{{ rhel_version }}.noarch.rpm
+    - path: https://rpm.rancher.io/public.key
+    # RPM method
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
-    - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.{{ rhel_version }}.noarch.rpm
+    # Tarball method
+    - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2-images.linux-amd64.tar.zst
+    - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2.linux-amd64.tar.gz
+    - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/sha256sum-amd64.txt
+    - name: install.sh
+      path: https://get.rke2.io
+    # Addons
     - path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
+    - path: https://github.com/containerd/nerdctl/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz
+    - path: https://github.com/derailed/k9s/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz
     - path: https://raw.githubusercontent.com/clemenko/rke_airgap_install/main/hauler_all_the_things.sh
diff --git a/roles/build_airgap_package/tasks/rke2.yml b/roles/build_airgap_package/tasks/rke2.yml
index 7c8ee09d4..54c27a42b 100644
--- a/roles/build_airgap_package/tasks/rke2.yml
+++ b/roles/build_airgap_package/tasks/rke2.yml
@@ -46,7 +46,7 @@
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
         mode: "0750"
 
-    - name: Download rke2-images.linux-amd64.tar.zst
+    - name: Download rke2 RPM
       ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/{{ item }}"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ item }}"
@@ -73,7 +73,7 @@
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ rke2_selinux_rpm_version }}.el8.noarch.rpm"
         mode: "0750"
 
-    - name: Download rke2-images.linux-amd64.tar.zst
+    - name: Download rke2 RPM
       ansible.builtin.get_url:
         url: "https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/{{ item }}"
         dest: "{{ directory_package }}/rke2_{{ rke2_version }}/{{ item }}"
diff --git a/roles/deploy_hauler/defaults/main.yml b/roles/deploy_hauler/defaults/main.yml
index 4a7d81e83..6f6e48667 100644
--- a/roles/deploy_hauler/defaults/main.yml
+++ b/roles/deploy_hauler/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
 # defaults file for deploy_hauler
+deploy_hauler_directory: "{{ global_directory_package_target }}"
+deploy_hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/deploy_hauler/handlers/main.yml b/roles/deploy_hauler/handlers/main.yml
index 95dd4b89e..bad663f62 100644
--- a/roles/deploy_hauler/handlers/main.yml
+++ b/roles/deploy_hauler/handlers/main.yml
@@ -1,2 +1,5 @@
 ---
 # handlers file for deploy_hauler
+- name: Systemd_reload
+  ansible.builtin.systemd:
+    daemon_reload: true
diff --git a/roles/deploy_hauler/tasks/main.yml b/roles/deploy_hauler/tasks/main.yml
index 7b5fa077c..ce18bf64c 100644
--- a/roles/deploy_hauler/tasks/main.yml
+++ b/roles/deploy_hauler/tasks/main.yml
@@ -1,2 +1,22 @@
 ---
 # tasks file for deploy_hauler
+- name: Gather facts
+  ansible.builtin.setup:
+    gather_subset:
+      - "distribution"
+      - "distribution_major_version"
+      - "default_ipv4"
+      - "!all,!min"
+  when: >
+    ansible_os_family is not defined
+  tags: [always]
+
+- name: Hauler Install and settings for RHEL-like OS
+  ansible.builtin.import_tasks: rhel.yml
+  when: ansible_os_family == "RedHat"
+
+- name: Send fail message if not a Redhat-like OS
+  ansible.builtin.fail:
+    msg: >
+      "deploy_hauler role currently apply only on Redhat-like OS"
+  when: ansible_os_family != "RedHat"
diff --git a/roles/deploy_hauler/tasks/rhel.yml b/roles/deploy_hauler/tasks/rhel.yml
new file mode 100644
index 000000000..fb7167ffb
--- /dev/null
+++ b/roles/deploy_hauler/tasks/rhel.yml
@@ -0,0 +1,77 @@
+---
+# as root
+- name: Install and create repo for RPM type
+  become: true
+  block:
+    - name: Copy the hauler binary to /usr/local/bin
+      ansible.builtin.copy:
+        src: "{{ deploy_hauler_directory }}/hauler"
+        dest: /usr/local/bin/hauler
+        mode: '0755'
+
+    - name: Push template hauler service
+      ansible.builtin.template:
+        src: "{{ item }}"
+        dest: "/etc/systemd/system/hauler@.service"
+        mode: 0660
+      loop:
+        - "hauler.service.j2"
+      notify: Systemd_reload
+
+    - name: Enable and start the hauler services
+      ansible.builtin.systemd:
+        name: "{{ item }}"
+        state: "started"
+        enabled: true
+      loop:
+        - "hauler@fileserver"
+        - "hauler@registry"
+
+    - name: Pause for 5 seconds
+      ansible.builtin.pause:
+        seconds: 5
+
+    - name: Wait until there are 4 RPM files in /opt/hauler/store-files/
+      ansible.builtin.wait_for:
+        path: "{{ deploy_hauler_directory }}/store-files/"
+        search_regex: '\.rpm$'
+        count: 2
+        delay: 2
+
+    - name: Wait until 'hauler store info' command succeeds
+      ansible.builtin.shell:
+        cmd: "hauler store info > /dev/null 2>&1"
+        executable: /bin/bash
+      args:
+        chdir: "{{ deploy_hauler_directory }}"
+      changed_when: false
+      register: hauler_store_info
+      until: hauler_store_info.rc == 0
+      retries: 20
+      delay: 5
+
+    - name: Install createrepo
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - createrepo
+
+    - name: Save hauler index to store-files
+      ansible.builtin.template:
+        src: /dev/null
+        dest: "{{ deploy_hauler_directory }}/store-files/_hauler_index.txt"
+        content: "{{ hauler_store_info['stdout'] }}"
+
+    - name: Save hauler repo to store-files
+      ansible.builtin.template:
+        src: hauler.repo.j2
+        dest: "{{ deploy_hauler_directory }}/store-files/hauler.repo"
+
+    - name: Install Hauler if not present
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail
+          createrepo {{ deploy_hauler_directory }}/store-files
+        executable: /bin/bash
+      changed_when: false
diff --git a/roles/deploy_hauler/templates/hauler.repo.j2 b/roles/deploy_hauler/templates/hauler.repo.j2
new file mode 100644
index 000000000..cb17d38f5
--- /dev/null
+++ b/roles/deploy_hauler/templates/hauler.repo.j2
@@ -0,0 +1,5 @@
+name=Hauler Air Gap Server
+baseurl=http://{{ deploy_hauler_server }}:8080
+enabled=1
+gpgcheck=1
+gpgkey=http://{{ deploy_hauler_server }}:8080/public.key
diff --git a/roles/deploy_hauler/templates/hauler.service.j2 b/roles/deploy_hauler/templates/hauler.service.j2
new file mode 100644
index 000000000..18ec684eb
--- /dev/null
+++ b/roles/deploy_hauler/templates/hauler.service.j2
@@ -0,0 +1,11 @@
+# /etc/systemd/system/hauler.service
+[Unit]
+Description=Hauler Serve %I Service
+
+[Service]
+Environment="HOME={{ deploy_hauler_directory }}"
+ExecStart=/usr/local/bin/hauler store serve %i
+WorkingDirectory={{ deploy_hauler_directory }}
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/deploy_hauler/vars/main.yml b/roles/deploy_hauler/vars/main.yml
deleted file mode 100644
index a5bcd8f30..000000000
--- a/roles/deploy_hauler/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for deploy_hauler
diff --git a/roles/install_rke2_common/defaults/main.yml b/roles/install_rke2_common/defaults/main.yml
index fa46e3abb..ea8a099d0 100644
--- a/roles/install_rke2_common/defaults/main.yml
+++ b/roles/install_rke2_common/defaults/main.yml
@@ -7,3 +7,4 @@ mount_path: "{{ global_directory_mount }}"
 # RKE2
 admin_user: "{{ global_install_user }}"
 rke2_data_dir: "{{ global_rke2_data_dir }}"
+hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/install_rke2_common/tasks/install.yml b/roles/install_rke2_common/tasks/common.yml
similarity index 68%
rename from roles/install_rke2_common/tasks/install.yml
rename to roles/install_rke2_common/tasks/common.yml
index afbf26299..3d996d62b 100644
--- a/roles/install_rke2_common/tasks/install.yml
+++ b/roles/install_rke2_common/tasks/common.yml
@@ -6,23 +6,6 @@
     comment: "rke2 user for administration"
     createhome: true
 
-- name: Install common packages
-  ansible.builtin.dnf:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - iptables
-    - container-selinux
-    - libnetfilter_conntrack
-    - libnfnetlink
-    - libnftnl
-    - policycoreutils-python-utils
-    - cryptsetup
-  when:
-    - ansible_pkg_mgr == 'dnf'
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
-
 - name: Create sysctl.conf from template
   ansible.builtin.template:
     src: rke2.conf
diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index 7ec644996..1ece7cf23 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -5,6 +5,7 @@
     gather_subset:
       - "distribution"
       - "distribution_major_version"
+      - "selinux"
       - "!min"
   when: >
     ansible_os_family is not defined
@@ -21,7 +22,11 @@
   tags: networkmanager
 
 - name: Tasks common to Linux servers for RKE2 installation
-  ansible.builtin.import_tasks: install.yml
+  ansible.builtin.import_tasks: common.yml
+
+- name: Tasks if SELinux is activated for RKE2 installation
+  ansible.builtin.import_tasks: selinux.yml
+  when: ansible_selinux['status'] == 'enabled'
 
 - name: Get Token if one exist
   ansible.builtin.import_tasks: token.yml
diff --git a/roles/install_rke2_common/tasks/selinux.yml b/roles/install_rke2_common/tasks/selinux.yml
new file mode 100644
index 000000000..070baec1f
--- /dev/null
+++ b/roles/install_rke2_common/tasks/selinux.yml
@@ -0,0 +1,25 @@
+---
+# https://docs.rke2.io/install/airgap => only if selinux activated
+
+- name: Set repo Hauler Air Gap Server
+  ansible.builtin.yum_repository:
+    name: hauler.repo
+    description: "Hauler Air Gap Server"
+    baseurl: "http://{{ hauler_server }}:8080"
+    gpgcheck: true
+    gpgkey: "http://{{ hauler_server }}:8080/public.key"
+
+- name: Install common packages
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - iptables
+    - container-selinux
+    - libnetfilter_conntrack
+    - libnfnetlink
+    - libnftnl
+    - policycoreutils-python-utils
+    - cryptsetup
+    - rke2-common
+    - rke2-selinux
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index d04b16d1c..f8f69eba9 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -3,6 +3,7 @@
 - name: Controller install as root
   become: true
   block:
+    # prerequis
     - name: Create etcd group
       ansible.builtin.group:
         name: etcd
@@ -27,6 +28,7 @@
         - "{{ rke2_data_dir }}/server/manifests/"
         - "{{ rke2_data_dir }}/agent/images"
 
+    # Config
     - name: Configure RKE2 config.yaml
       ansible.builtin.template:
         src: config.yaml.j2
@@ -61,6 +63,7 @@
         dest: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
         mode: "0640"
 
+    # Install
     - name: Install RKE2 server node
       ansible.builtin.shell:
         cmd: |
@@ -75,42 +78,6 @@
       ansible.builtin.debug:
         var: install_server_output['stdout_lines']
 
-    # RPM
-    - name: Install packages common to controlers
-      ansible.builtin.dnf:
-        name: "{{ item }}"
-        state: present
-      with_items:
-        - zstd
-        - skopeo
-      become: true
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
-    - name: Import a key from a file
-      ansible.builtin.rpm_key:
-        state: present
-        key: "{{ mount_rke2_path }}/public.key"
-      when:
-        - ansible_os_family == "RedHat"
-
-    - name: Install RKE2 selinux packages (dependency for RKE2 common)
-      ansible.builtin.dnf:
-        name: "{{ mount_rke2_selinux_rpm_path }}"
-        state: present
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
-    - name: Install RKE2 common packages
-      ansible.builtin.dnf:
-        name: "{{ mount_rke2_common_rpm_path }}"
-        state: present
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
     - name: Pause for 3 seconds before start service
       ansible.builtin.pause:
         seconds: 3
diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index fbbf82761..553891da4 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -27,19 +27,19 @@
   tags: firewalld
 
 # Here, we start export NFS on first controler and mounting on all other controlers
-- name: Set NFS export on first node
-  ansible.builtin.import_role:
-    name: set_nfs_export
-    tasks_from: main
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-  tags: nfs_export
-
-- name: Set NFS mount on other nodes
-  ansible.builtin.import_role:
-    name: set_nfs_mount
-    tasks_from: main
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][1:]
-  tags: nfs_mount
+# - name: Set NFS export on first node
+#   ansible.builtin.import_role:
+#     name: set_nfs_export
+#     tasks_from: main
+#   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
+#   tags: nfs_export
+#
+# - name: Set NFS mount on other nodes
+#   ansible.builtin.import_role:
+#     name: set_nfs_mount
+#     tasks_from: main
+#   when: inventory_hostname in groups['RKE2_CONTROLLERS'][1:]
+#   tags: nfs_mount
 
 # Start install
 - name: RKE2 common to worker and controler tasks
@@ -61,10 +61,10 @@
   tags: token
 
 # Admin setup
-- name: Arkade utils push in admin user
-  ansible.builtin.import_tasks: arkade.yml
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-  tags: arkade
+#- name: Arkade utils push in admin user
+#  ansible.builtin.import_tasks: arkade.yml
+#  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
+#  tags: arkade
 
 - name: Admin user setup
   ansible.builtin.import_tasks: admin.yml
@@ -77,14 +77,14 @@
   tags: localhost
 
 # Utils
-- name: Install registry on first node
-  vars:
-    caller_role_name: controller
-  ansible.builtin.import_role:
-    name: install_utils_registry
-    tasks_from: main
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-  tags: registry
+#- name: Install registry on first node
+#  vars:
+#    caller_role_name: controller
+#  ansible.builtin.import_role:
+#    name: install_utils_registry
+#    tasks_from: main
+#  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
+#  tags: registry
 
 - name: RKE2 install nerdctl
   vars:
@@ -92,4 +92,4 @@
   ansible.builtin.import_role:
     name: install_utils_nerdctl
     tasks_from: main
-  tags: nerdctl
\ No newline at end of file
+  tags: nerdctl
diff --git a/roles/install_rke2_controller/tasks/rpm.yml b/roles/install_rke2_controller/tasks/rpm.yml
new file mode 100644
index 000000000..2183ed24f
--- /dev/null
+++ b/roles/install_rke2_controller/tasks/rpm.yml
@@ -0,0 +1,32 @@
+---
+# RPM
+- name: Install packages common to controlers
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - zstd
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+- name: Import a key from a file
+  ansible.builtin.rpm_key:
+    state: present
+    key: "{{ mount_rke2_path }}/public.key"
+  when:
+    - ansible_os_family == "RedHat"
+- name: Install RKE2 selinux packages (dependency for RKE2 common)
+  ansible.builtin.dnf:
+    name: "{{ mount_rke2_selinux_rpm_path }}"
+    state: present
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+- name: Install RKE2 common packages
+  ansible.builtin.dnf:
+    name: "{{ mount_rke2_common_rpm_path }}"
+    state: present
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
diff --git a/roles/set_versions/tasks/defined_versions.yml b/roles/set_versions/tasks/defined_versions.yml
index 81e18590a..e88696254 100644
--- a/roles/set_versions/tasks/defined_versions.yml
+++ b/roles/set_versions/tasks/defined_versions.yml
@@ -8,12 +8,16 @@
     rancher_version: "{{ global_versions['longhorn'] }}"
     neuvector_version: "{{ global_versions['neuvector'] }}"
     helm_version: "{{ global_versions['helm'] }}"
+    nerdctl_version: "{{ global_versions['nerdctl'] }}"
+    k9s_version: "{{ global_versions['k9s'] }}"
 
 - name: Display
   ansible.builtin.debug:
     msg:
       - "Defined RKE2 version in this ansible collection is {{ rke2_version }}"
       - "Defined Helm version in this ansible collection is {{ helm_version }}"
+      - "Defined Nerdctl version in this ansible collection is {{ nerdctl_version }}"
+      - "Defined k9s version in this ansible collection is {{ k9s_version }}"
       - "{% if kubevip_wanted %}Defined Kube-vip version in this ansible collection is {{ kubevip_version }}{% endif %}"
       - "{% if longhorn_wanted %}Defined Longhorn version in this ansible collection is {{ longhorn_version }}{% endif %}"
       - "{% if rancher_wanted %}Defined Cert-manager version in this ansible collection is {{ cert_manager_version }}{% endif %}"
diff --git a/roles/set_versions/tasks/stable_channels.yml b/roles/set_versions/tasks/stable_channels.yml
index 5c73028cb..41c0c69b7 100644
--- a/roles/set_versions/tasks/stable_channels.yml
+++ b/roles/set_versions/tasks/stable_channels.yml
@@ -104,14 +104,44 @@
       ansible.builtin.set_fact:
         helm_version: "{{ helm_release.json.tag_name | regex_replace('^v', '') }}"
 
+# Nerdctl binary
+- name: Block Nerdctl
+  block:
+    - name: Get Nerdctl binary latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/containerd/nerdctl/releases/latest"
+        method: GET
+        return_content: true
+      register: nerdctl_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        nerdctl_version: "{{ nerdctl_release.json.tag_name | regex_replace('^v', '') }}"
+
+# K9S binary
+- name: Block K9S
+  block:
+    - name: Get K9S binary latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/derailed/k9s/releases/latest"
+        method: GET
+        return_content: true
+      register: k9s_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        k9s_version: "{{ k9s_release.json.tag_name | regex_replace('^v', '') }}"
+
 # Display result
 - name: Display versions
   ansible.builtin.debug:
     msg:
       - "Latest stable RKE2 version is {{ rke2_version }}"
-      - "Latest Kube-vip release tag is {{ kubevip_version | default('<none>') }}"
-      - "Latest Longhorn release tag is {{ longhorn_version | default('<none>') }}"
-      - "Latest Cert-manager release tag is {{ cert_manager_version | default('<none>') }}"
-      - "Latest Rancher release tag is {{ rancher_version | default('<none>') }}"
-      - "Latest Neuvector release tag is {{ neuvector_version | default('<none>') }}"
       - "Latest Helm release tag is {{ helm_version }}"
+      - "Latest Nerdctl release tag is {{ nerdctl_version }}"
+      - "Latest K9S release tag is {{ k9s_version }}"
+      - "{% if kubevip_wanted %}Latest Kube-vip release tag is {{ kubevip_version | default('<none>') }}{% endif %}"
+      - "{% if longhorn_wanted %}Latest Longhorn release tag is {{ longhorn_version | default('<none>') }}{% endif %}"
+      - "{% if rancher_wanted %}Latest Cert-manager release tag is {{ cert_manager_version | default('<none>') }}{% endif %}"
+      - "{% if rancher_wanted %}Latest Rancher release tag is {{ rancher_version | default('<none>') }}{% endif %}"
+      - "{% if neuvector_wanted %}Latest Neuvector release tag is {{ neuvector_version | default('<none>') }}{% endif %}"
diff --git a/roles/uninstall_rkub/defaults/main.yml b/roles/uninstall_rkub/defaults/main.yml
index 27e4c7fd9..12689f1a4 100644
--- a/roles/uninstall_rkub/defaults/main.yml
+++ b/roles/uninstall_rkub/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
 # defaults file for uninstall_rke2
 admin_user: "{{ global_install_user }}"
-export_nfs_path: "{{ global_directory_package_target }}/rancher"
+export_nfs_path: "{{ global_directory_package_target }}"
 nfs_mount_path: "{{ global_directory_mount }}"
 longhorn_datapath: "{{ global_longhorn_datapath }}"
 
@@ -9,4 +9,4 @@ firewalld_rules_to_remove:
   inbound:
     - name: rke2
       zone: public
-      erase: true
\ No newline at end of file
+      erase: true
diff --git a/roles/upload_package_zst/defaults/main.yml b/roles/upload_package_zst/defaults/main.yml
index 565ab9884..6dac64c88 100644
--- a/roles/upload_package_zst/defaults/main.yml
+++ b/roles/upload_package_zst/defaults/main.yml
@@ -1,2 +1,4 @@
 ---
 # defaults file for upload_package_zst
+upload_package_zst_directory: "{{ global_directory_package_target }}"
+upload_package_zst_name: "{{ global_package_name }}"
diff --git a/roles/upload_package_zst/tasks/main.yml b/roles/upload_package_zst/tasks/main.yml
index fd8d4e76e..918c913f0 100644
--- a/roles/upload_package_zst/tasks/main.yml
+++ b/roles/upload_package_zst/tasks/main.yml
@@ -39,7 +39,7 @@
 
 - name: Ensure target directory exist and accessible to connexion user
   ansible.builtin.file:
-    path: "{{ global_directory_package_target }}"
+    path: "{{ upload_package_zst_directory }}"
     state: directory
     recurse: true
     owner: "{{ ansible_user }}"
@@ -51,11 +51,11 @@
 - name: Synchronization of Monster zst package on first controler
   ansible.posix.synchronize:
     src: "{{ package_path }}"
-    dest: "{{ global_directory_package_target }}"
+    dest: "{{ upload_package_zst_directory }}"
     archive: false
 
 - name: Unarchive Monster zst package on first controler
   ansible.builtin.unarchive:
-    src: "{{ global_directory_package_target }}/{{ global_package_name }}"
-    dest: "{{ global_directory_package_target }}"
+    src: "{{ upload_package_zst_directory }}/{{ upload_package_zst_name }}"
+    dest: "{{ upload_package_zst_directory }}"
     remote_src: true
diff --git a/test/playbooks/set.yml b/test/playbooks/hauler_build.yml
similarity index 71%
rename from test/playbooks/set.yml
rename to test/playbooks/hauler_build.yml
index 0d50fdd9e..064903a46 100644
--- a/test/playbooks/set.yml
+++ b/test/playbooks/hauler_build.yml
@@ -1,9 +1,8 @@
 ---
-- name: Set versions
+- name: Build Hauler Package
   hosts: localhost
   connection: local
   gather_facts: false
   vars_files: ../../playbooks/vars/main.yml
   roles:
-    #- {role: set_versions, tags: versions}
     - {role: build_airgap_hauler, tags: hauler}
diff --git a/test/playbooks/hauler_server.yml b/test/playbooks/hauler_server.yml
new file mode 100644
index 000000000..57362ed03
--- /dev/null
+++ b/test/playbooks/hauler_server.yml
@@ -0,0 +1,7 @@
+---
+- name: Hauler Server
+  hosts: "{{ hauler_ip | default(RKE2_CONTROLLERS[0]) }}"
+  gather_facts: false
+  vars_files: ../../playbooks/vars/main.yml
+  roles:
+    - {role: build_airgap_hauler, tags: hauler}

From f444275195530d78428c5a00152e0ebd1a402f3f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 13 May 2024 23:43:29 +0200
Subject: [PATCH 295/365] adding hauler store

---
 .github/workflows/stage.yml                   | 10 +++++---
 README.md                                     |  2 +-
 roles/build_airgap_hauler/tasks/hauler.yml    |  2 +-
 roles/build_airgap_hauler/tasks/prerequis.yml |  6 ++---
 .../templates/airgap_hauler.yaml.j2           |  8 +++----
 roles/deploy_hauler/tasks/rhel.yml            | 23 +++++++------------
 roles/install_rke2_common/tasks/selinux.yml   |  2 +-
 .../install_rke2_controller/defaults/main.yml |  3 ---
 test/playbooks/hauler_server.yml              |  4 ++--
 9 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 15492993b..9f9a9cd2d 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -10,8 +10,8 @@ env:
   AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
   REGION: ${{secrets.DIGITALOCEAN_REGION}}
   MOUNT_POINT: "/opt/rkub"
-  #BUCKET: "rkub-github-action-${{ github.run_id }}"
-  BUCKET: "terraform-backend-github"
+  BUCKET: "rkub-github-action-${{ github.run_id }}"
+  #BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
   WORKER_COUNT: "2"
   SIZE: "s-4vcpu-8gb"
@@ -69,7 +69,7 @@ jobs:
         run: |
           cd ./test
           if [[ $BUCKET != "terraform-backend-github" ]]; then \
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/build.yml -e dir_build="${MOUNT_POINT}" -e archive="False"; \
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/hauler_build.yml -e dir_build="${MOUNT_POINT}" -e archive="false"; \
           fi
 
   deploy:
@@ -230,6 +230,10 @@ jobs:
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
+      - name: Run playbook hauler_server.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/hauler_server.yml -e dir_target=${MOUNT_POINT}
+
       - name: Run playbook install.yml
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
diff --git a/README.md b/README.md
index f148dabd9..e2319d621 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ ansible-playbook playbooks/tasks/build.yml                    # All arguments be
 
 ```sh
 ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not mandatory
--e package_path=/home/me/rke2_rancher_longhorn.zst # Will be prompt if not given in the command
+-e package_path=/home/me/rkub.zst                  # Will be prompt if not given in the command
 -e dir_target=/opt/rkub                            # Directory where to sync and unarchive (by default /opt/rkub, count 50G available)
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index ca7f802aa..b73c1121e 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -29,7 +29,7 @@
 # Hauler Store
 - name: Display Info
   ansible.builtin.debug:
-    msg: "Start Hauler store - this step can take some times..."
+    msg: "Start Hauler store - this step may take some times..."
 
 - name: Hauler store the all things
   ansible.builtin.shell:
diff --git a/roles/build_airgap_hauler/tasks/prerequis.yml b/roles/build_airgap_hauler/tasks/prerequis.yml
index a0edcba40..49318f738 100644
--- a/roles/build_airgap_hauler/tasks/prerequis.yml
+++ b/roles/build_airgap_hauler/tasks/prerequis.yml
@@ -10,7 +10,7 @@
     ansible_os_family is not defined
 
 # for RHEL-like
-- name: Install zstd and skopeo
+- name: Install zstd and jq
   ansible.builtin.dnf:
     name: "{{ item }}"
     state: present
@@ -22,7 +22,7 @@
   become: true
 
 # for Debian-like
-- name: Install zstd and skopeo
+- name: Install zstd and jq
   ansible.builtin.apt:
     name: "{{ item }}"
     state: present
@@ -34,7 +34,7 @@
   become: true
 
 # check command and install if not present
-- name: Install Helm 3 if not present
+- name: Ensure Helm 3 is present
   ansible.builtin.shell:
     cmd: |
       set -o pipefail
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 9bfb447c3..22ff15cc3 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -47,12 +47,12 @@ metadata:
 spec:
   files:
     # RPM Common to both method
-    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-common-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
-    - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.{{ rhel_version }}.noarch.rpm
+    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-common-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.el{{ rhel_version }}.noarch.rpm
     - path: https://rpm.rancher.io/public.key
     # RPM method
-    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
-    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
+    - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
     # Tarball method
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2-images.linux-amd64.tar.zst
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2.linux-amd64.tar.gz
diff --git a/roles/deploy_hauler/tasks/rhel.yml b/roles/deploy_hauler/tasks/rhel.yml
index fb7167ffb..62c93c065 100644
--- a/roles/deploy_hauler/tasks/rhel.yml
+++ b/roles/deploy_hauler/tasks/rhel.yml
@@ -8,6 +8,7 @@
         src: "{{ deploy_hauler_directory }}/hauler"
         dest: /usr/local/bin/hauler
         mode: '0755'
+        remote_src: true
 
     - name: Push template hauler service
       ansible.builtin.template:
@@ -31,13 +32,6 @@
       ansible.builtin.pause:
         seconds: 5
 
-    - name: Wait until there are 4 RPM files in /opt/hauler/store-files/
-      ansible.builtin.wait_for:
-        path: "{{ deploy_hauler_directory }}/store-files/"
-        search_regex: '\.rpm$'
-        count: 2
-        delay: 2
-
     - name: Wait until 'hauler store info' command succeeds
       ansible.builtin.shell:
         cmd: "hauler store info > /dev/null 2>&1"
@@ -57,21 +51,20 @@
       with_items:
         - createrepo
 
-    - name: Save hauler index to store-files
-      ansible.builtin.template:
-        src: /dev/null
-        dest: "{{ deploy_hauler_directory }}/store-files/_hauler_index.txt"
+    - name: Save hauler index to fileserver
+      ansible.builtin.copy:
+        dest: "{{ deploy_hauler_directory }}/fileserver/_hauler_index.txt"
         content: "{{ hauler_store_info['stdout'] }}"
 
-    - name: Save hauler repo to store-files
+    - name: Save hauler repo to fileserver
       ansible.builtin.template:
         src: hauler.repo.j2
-        dest: "{{ deploy_hauler_directory }}/store-files/hauler.repo"
+        dest: "{{ deploy_hauler_directory }}/fileserver/hauler.repo"
 
-    - name: Install Hauler if not present
+    - name: Createrepo on fileserver
       ansible.builtin.shell:
         cmd: |
           set -o pipefail
-          createrepo {{ deploy_hauler_directory }}/store-files
+          createrepo {{ deploy_hauler_directory }}/fileserver
         executable: /bin/bash
       changed_when: false
diff --git a/roles/install_rke2_common/tasks/selinux.yml b/roles/install_rke2_common/tasks/selinux.yml
index 070baec1f..e44bd4182 100644
--- a/roles/install_rke2_common/tasks/selinux.yml
+++ b/roles/install_rke2_common/tasks/selinux.yml
@@ -3,7 +3,7 @@
 
 - name: Set repo Hauler Air Gap Server
   ansible.builtin.yum_repository:
-    name: hauler.repo
+    name: hauler
     description: "Hauler Air Gap Server"
     baseurl: "http://{{ hauler_server }}:8080"
     gpgcheck: true
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 1ff56b0f9..ce0220fe3 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -8,9 +8,6 @@ control_plane_endpoint: "{{ global_rke2_api_ip }}"
 # Mount share
 mount_path: "{{ global_directory_mount }}"
 mount_rke2_path: "{{ mount_path }}/rke2_{{ rke2_version }}"
-mount_utils_path: "{{ mount_path }}/utils"
-mount_rke2_common_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_common_rpm_version }}.el{{ ansible_distribution_major_version }}.x86_64.rpm"
-mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
 
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
diff --git a/test/playbooks/hauler_server.yml b/test/playbooks/hauler_server.yml
index 57362ed03..a64a02eff 100644
--- a/test/playbooks/hauler_server.yml
+++ b/test/playbooks/hauler_server.yml
@@ -1,7 +1,7 @@
 ---
 - name: Hauler Server
-  hosts: "{{ hauler_ip | default(RKE2_CONTROLLERS[0]) }}"
+  hosts: "{{ hauler_ip | default('RKE2_CONTROLLERS[0]') }}"
   gather_facts: false
   vars_files: ../../playbooks/vars/main.yml
   roles:
-    - {role: build_airgap_hauler, tags: hauler}
+    - {role: deploy_hauler, tags: hauler}

From fa3f611eb74c7e1d5ae308e6435835caf686eab8 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 13 May 2024 23:44:42 +0200
Subject: [PATCH 296/365] adding hauler store

---
 .github/workflows/stage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 9f9a9cd2d..06b12de57 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -13,7 +13,7 @@ env:
   BUCKET: "rkub-github-action-${{ github.run_id }}"
   #BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
-  WORKER_COUNT: "2"
+  WORKER_COUNT: "0"
   SIZE: "s-4vcpu-8gb"
 
 jobs:

From 276d6dc8d3024bac02a6c67a4ccc9fa8a7cf7e7f Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 13 May 2024 23:56:35 +0200
Subject: [PATCH 297/365] adding hauler store

---
 .github/workflows/stage.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 06b12de57..ba560adb6 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -62,6 +62,13 @@ jobs:
           s3fs ${BUCKET} ${MOUNT_POINT} -o url=https://${REGION}.digitaloceanspaces.com -o passwd_file=./passwd-s3fs
           df -Th ${MOUNT_POINT}
 
+      - name: Test access Mount point
+        run: |
+          ls -ld ${MOUNT_POINT}
+          ls -l ${MOUNT_POINT}
+          cd ${MOUNT_POINT}
+          ls
+
       - name: Checkout files
         uses: actions/checkout@v4
 

From e51c184f524e708880e45cdd9cfac61c395c1630 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 00:05:43 +0200
Subject: [PATCH 298/365] adding hauler store

---
 roles/build_airgap_hauler/tasks/hauler.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index b73c1121e..2eea63d50 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -16,6 +16,7 @@
     src: /usr/local/bin/hauler
     dest: "{{ directory_package }}"
     mode: '0750'
+    remote_src: true
   become: true
 
 - name: Push template

From 34e4d18bbc5065113a349894f9c113369bdec485 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 08:47:57 +0200
Subject: [PATCH 299/365] adding hauler store

---
 roles/build_airgap_hauler/defaults/main.yml   |  1 +
 roles/build_airgap_hauler/tasks/hauler.yml    | 21 ++++++++++++-------
 .../templates/airgap_hauler.yaml.j2           |  2 ++
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/roles/build_airgap_hauler/defaults/main.yml b/roles/build_airgap_hauler/defaults/main.yml
index d933d9e05..42ffbb9e6 100644
--- a/roles/build_airgap_hauler/defaults/main.yml
+++ b/roles/build_airgap_hauler/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 # defaults file for build_airgap_hauler
+hauler_version: "1.0.3"
 directory_package: "{{ global_directory_package_build }}"
 tar_zst_name: "{{ global_package_name }}"
 path_to_package_zst: "{{ global_path_to_package_zst }}"
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index 2eea63d50..436326972 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -1,23 +1,30 @@
 ---
 - name: Append lists together
   ansible.builtin.set_fact:
-    list_images: "{{ list_images_rke2 + list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) + list_images_kubevip | default([]) }}"
+    list_images: "{{ list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) + list_images_kubevip | default([]) }}"
+    #list_images: "{{ list_images_rke2 + list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) + list_images_kubevip | default([]) }}"
 
 - name: Install Hauler if not present
   ansible.builtin.shell:
     cmd: |
       set -o pipefail
-      command -v hauler || curl -sfL https://get.hauler.dev | bash
+      curl -sfL https://get.hauler.dev | HAULER_VERSION={{ hauler_version }} bash
     executable: /bin/bash
   changed_when: false
 
-- name: Copy the hauler binary to package
-  ansible.builtin.copy:
-    src: /usr/local/bin/hauler
+- name: Download and Unarchive hauler archive from URL
+  ansible.builtin.unarchive:
+    src: "https://github.com/rancherfederal/hauler/releases/download/v{{ hauler_version }}/hauler_{{ hauler_version }}_linux_amd64.tar.gz"
     dest: "{{ directory_package }}"
-    mode: '0750'
     remote_src: true
-  become: true
+
+- name: Clean up files
+  ansible.builtin.file:
+    path: "{{ directory_package }}/{{ item }}"
+    state: absent
+  loop:
+    - "LICENSE"
+    - "README.md"
 
 - name: Push template
   ansible.builtin.template:
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 22ff15cc3..f55dfc457 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -1,3 +1,4 @@
+{% if list_images|length > 0 %}
 # images
 apiVersion: content.hauler.cattle.io/v1alpha1
 kind: Images
@@ -10,6 +11,7 @@ spec:
 {% for item in list_images %}
     - name: {{ item }}
 {% endfor %}
+{% endif %}
 {% if rancher_wanted or longhorn_wanted or neuvector_wanted %}
 # Helm Charts
 ---

From a58a6a9f27951f50b60c7853abd5a26393308841 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 10:36:21 +0200
Subject: [PATCH 300/365] adding hauler store

---
 playbooks/vars/main.yml                       |  4 ++
 roles/build_airgap_hauler/defaults/main.yml   |  4 +-
 roles/build_airgap_hauler/tasks/hauler.yml    |  6 +-
 .../templates/airgap_hauler.yaml.j2           |  6 +-
 .../install_rke2_controller/defaults/main.yml |  5 +-
 .../install_rke2_controller/tasks/install.yml | 62 +++----------------
 roles/install_rke2_controller/tasks/main.yml  |  2 +-
 .../tasks/{rpm.yml => rpm_install.yml}        |  2 +
 .../tasks/tarball_install.yml                 | 60 ++++++++++++++++++
 roles/install_rke2_worker/tasks/install.yml   | 24 -------
 10 files changed, 90 insertions(+), 85 deletions(-)
 rename roles/install_rke2_controller/tasks/{rpm.yml => rpm_install.yml} (99%)
 create mode 100644 roles/install_rke2_controller/tasks/tarball_install.yml

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index f96620ea2..88bd9d020 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -27,6 +27,7 @@ global_versions:
   helm: "3.14.0"
   nerdctl: "1.7.6"
   k9s: "0.32.4"
+  hauler: "1.0.3"
 
 global_rhel_version: "{{ el }}"
 
@@ -34,6 +35,9 @@ global_rhel_version: "{{ el }}"
 global_install_user: "{{ install_user | default('kuberoot') }}"
 global_directory_package_build: "{{ dir_build | default('$HOME/rkub') }}"
 global_archive_tar_zst_bool: "{{ archive | default('true') | bool }}"
+global_method_install: "{{ method | default('tarball') }}"
+global_rpm_install: "{{ global_method_install == 'rpm' }}"
+global_tarball_install: "{{ global_method_install == 'tarball' }}"
 
 # Local
 global_package_name: "{{ package_name | default('rkub.zst') }}"
diff --git a/roles/build_airgap_hauler/defaults/main.yml b/roles/build_airgap_hauler/defaults/main.yml
index 42ffbb9e6..efa140f9e 100644
--- a/roles/build_airgap_hauler/defaults/main.yml
+++ b/roles/build_airgap_hauler/defaults/main.yml
@@ -1,6 +1,8 @@
 ---
 # defaults file for build_airgap_hauler
-hauler_version: "1.0.3"
+hauler_version: "{{ global_versions['hauler'] }}"
+rpm_install: "{{ global_rpm_install | bool }}"
+tarball_install: "{{ global_tarball_install | bool }}"
 directory_package: "{{ global_directory_package_build }}"
 tar_zst_name: "{{ global_package_name }}"
 path_to_package_zst: "{{ global_path_to_package_zst }}"
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index 436326972..ffde3f5ec 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -2,7 +2,11 @@
 - name: Append lists together
   ansible.builtin.set_fact:
     list_images: "{{ list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) + list_images_kubevip | default([]) }}"
-    #list_images: "{{ list_images_rke2 + list_images_longhorn | default([]) + list_images_certmanager | default([]) + list_images_rancher_latest | default([]) + list_images_neuvector | default([]) + list_images_kubevip | default([]) }}"
+
+- name: Append lists for RPM install with custom registry
+  ansible.builtin.set_fact:
+    list_images: "{{ list_images | default([]) + list_images_rke2 }}"
+  when: rpm_install
 
 - name: Install Hauler if not present
   ansible.builtin.shell:
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index f55dfc457..5997fc249 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -52,17 +52,21 @@ spec:
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-common-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.el{{ rhel_version }}.noarch.rpm
     - path: https://rpm.rancher.io/public.key
+    {% if rpm_install %}
     # RPM method
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
+    {% endif %}
+    {% if tarball_install %}
     # Tarball method
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2-images.linux-amd64.tar.zst
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2.linux-amd64.tar.gz
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/sha256sum-amd64.txt
     - name: install.sh
       path: https://get.rke2.io
+    {% endif %}
     # Addons
     - path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
     - path: https://github.com/containerd/nerdctl/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz
     - path: https://github.com/derailed/k9s/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz
-    - path: https://raw.githubusercontent.com/clemenko/rke_airgap_install/main/hauler_all_the_things.sh
+    #- path: https://raw.githubusercontent.com/clemenko/rke_airgap_install/main/hauler_all_the_things.sh
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index ce0220fe3..44ccdde7b 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -1,13 +1,14 @@
 ---
 # defaults file for install_controler
-rke2_version: "{{ global_rke2_version }}"
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
 control_plane_endpoint: "{{ global_rke2_api_ip }}"
+rpm_install: "{{ global_rpm_install | bool }}"
+tarball_install: "{{ global_tarball_install | bool }}"
 
 # Mount share
 mount_path: "{{ global_directory_mount }}"
-mount_rke2_path: "{{ mount_path }}/rke2_{{ rke2_version }}"
+mount_rke2_path: "{{ mount_path }}/fileserver"
 
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index f8f69eba9..b4bedc2e7 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -63,59 +63,11 @@
         dest: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
         mode: "0640"
 
-    # Install
-    - name: Install RKE2 server node
-      ansible.builtin.shell:
-        cmd: |
-          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh
-        chdir: "{{ mount_rke2_path }}"
-        executable: /bin/bash
-      register: install_server_output
-      failed_when: false
-      changed_when: false
+# Install regarding choosen method
+- name: RKE2 Install tarball method
+  ansible.builtin.import_tasks: tarball_install.yml
+  when: tarball_install
 
-    - name: Display install output
-      ansible.builtin.debug:
-        var: install_server_output['stdout_lines']
-
-    - name: Pause for 3 seconds before start service
-      ansible.builtin.pause:
-        seconds: 3
-
-    # Service
-    - name: Mask RKE2 agent service on the first server
-      ansible.builtin.systemd:
-        name: "rke2-agent.service"
-        enabled: false
-        masked: true
-
-    - name: Start and enable rke2-server
-      ansible.builtin.systemd:
-        name: rke2-server.service
-        state: started
-        enabled: true
-      notify: "Service (re)started"
-      async: 600
-      poll: 60
-
-    - name: Wait for k8s apiserver
-      ansible.builtin.wait_for:
-        host: localhost
-        port: "6443"
-        state: present
-        timeout: 300
-
-    - name: Create symlink for containerd.sock
-      ansible.builtin.file:
-        src: /var/run/k3s/containerd/containerd.sock
-        dest: /var/run/containerd/containerd.sock
-        state: link
-
-    - name: Update root .bashrc
-      ansible.builtin.blockinfile:
-        path: ~/.bashrc
-        block: |
-            export KUBECONFIG={{ rke2_kubeconfig_file }}
-            export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
-            PATH=$PATH:{{ rke2_data_dir }}/bin
-        marker: "# {mark} ANSIBLE install_rke2_controler"
+- name: RKE2 Install rpm method
+  ansible.builtin.import_tasks: rpm_install.yml
+  when: rpm_install
diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index 553891da4..0dff2001d 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -33,7 +33,7 @@
 #     tasks_from: main
 #   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
 #   tags: nfs_export
-#
+
 # - name: Set NFS mount on other nodes
 #   ansible.builtin.import_role:
 #     name: set_nfs_mount
diff --git a/roles/install_rke2_controller/tasks/rpm.yml b/roles/install_rke2_controller/tasks/rpm_install.yml
similarity index 99%
rename from roles/install_rke2_controller/tasks/rpm.yml
rename to roles/install_rke2_controller/tasks/rpm_install.yml
index 2183ed24f..4624b2435 100644
--- a/roles/install_rke2_controller/tasks/rpm.yml
+++ b/roles/install_rke2_controller/tasks/rpm_install.yml
@@ -10,6 +10,7 @@
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
+
 - name: Import a key from a file
   ansible.builtin.rpm_key:
     state: present
@@ -23,6 +24,7 @@
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
+
 - name: Install RKE2 common packages
   ansible.builtin.dnf:
     name: "{{ mount_rke2_common_rpm_path }}"
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
new file mode 100644
index 000000000..9ffa1af8e
--- /dev/null
+++ b/roles/install_rke2_controller/tasks/tarball_install.yml
@@ -0,0 +1,60 @@
+---
+# As root
+- name: Install with tarball method
+  become: true
+  block:
+    - name: Install RKE2 server node
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh
+        chdir: "{{ mount_rke2_path }}"
+        executable: /bin/bash
+      register: install_server_output
+      failed_when: false
+      changed_when: false
+
+    - name: Display install output
+      ansible.builtin.debug:
+        var: install_server_output['stdout_lines']
+
+    - name: Pause for 3 seconds before start service
+      ansible.builtin.pause:
+        seconds: 3
+
+    # Service
+    - name: Mask RKE2 agent service on the first server
+      ansible.builtin.systemd:
+        name: "rke2-agent.service"
+        enabled: false
+        masked: true
+
+    - name: Start and enable rke2-server
+      ansible.builtin.systemd:
+        name: rke2-server.service
+        state: started
+        enabled: true
+      notify: "Service (re)started"
+      async: 600
+      poll: 60
+
+    - name: Wait for k8s apiserver
+      ansible.builtin.wait_for:
+        host: localhost
+        port: "6443"
+        state: present
+        timeout: 300
+
+    - name: Create symlink for containerd.sock
+      ansible.builtin.file:
+        src: /var/run/k3s/containerd/containerd.sock
+        dest: /var/run/containerd/containerd.sock
+        state: link
+
+    - name: Update root .bashrc
+      ansible.builtin.blockinfile:
+        path: ~/.bashrc
+        block: |
+          export KUBECONFIG={{ rke2_kubeconfig_file }}
+          export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
+          PATH=$PATH:{{ rke2_data_dir }}/bin
+        marker: "# {mark} ANSIBLE install_rke2_controler"
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index c253b8ad1..e305686e6 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -31,30 +31,6 @@
       ansible.builtin.debug:
         var: install_worker_output['stdout_lines']
 
-    # RPM
-    - name: Import a key from a file
-      ansible.builtin.rpm_key:
-        state: present
-        key: "{{ mount_rke2_path }}/public.key"
-      when:
-        - ansible_os_family == "RedHat"
-
-    - name: Install RKE2 selinux packages (dependency for RKE2 common)
-      ansible.builtin.dnf:
-        name: "{{ mount_rke2_selinux_rpm_path }}"
-        state: present
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
-    - name: Install RKE2 common packages
-      ansible.builtin.dnf:
-        name: "{{ mount_rke2_common_rpm_path }}"
-        state: present
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
     # Start
     - name: Mask RKE2 agent service on the first server
       ansible.builtin.systemd:

From 6afbcd5ec5f01658b9211ee2c2a77b5dae827c59 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 10:43:59 +0200
Subject: [PATCH 301/365] adding hauler store

---
 roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 5997fc249..14dfc13eb 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -52,19 +52,19 @@ spec:
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-common-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-selinux/releases/download/v0.17.stable.1/rke2-selinux-0.17-1.el{{ rhel_version }}.noarch.rpm
     - path: https://rpm.rancher.io/public.key
-    {% if rpm_install %}
+    {% if rpm_install -%}
     # RPM method
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-agent-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
     - path: https://github.com/rancher/rke2-packaging/releases/download/v{{ rke2_version }}%2Brke2r1.stable.0/rke2-server-{{ rke2_version }}.rke2r1-0.el{{ rhel_version }}.x86_64.rpm
-    {% endif %}
-    {% if tarball_install %}
+    {% endif -%}
+    {% if tarball_install -%}
     # Tarball method
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2-images.linux-amd64.tar.zst
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/rke2.linux-amd64.tar.gz
     - path: https://github.com/rancher/rke2/releases/download/v{{ rke2_version }}%2Brke2r1/sha256sum-amd64.txt
     - name: install.sh
       path: https://get.rke2.io
-    {% endif %}
+    {% endif -%}
     # Addons
     - path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
     - path: https://github.com/containerd/nerdctl/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz

From 2656f9f6f5558ef636b392179a804c4f43f170d3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 11:04:42 +0200
Subject: [PATCH 302/365] adding hauler store

---
 README.md                                               | 1 -
 playbooks/vars/main.yml                                 | 5 ++---
 roles/install_rke2_controller/defaults/main.yml         | 2 +-
 roles/install_rke2_controller/tasks/tarball_install.yml | 8 ++++++--
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index e2319d621..1c07653e9 100644
--- a/README.md
+++ b/README.md
@@ -100,7 +100,6 @@ ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not
 ```sh
 ansible-playbook playbooks/tasks/install.yml       # All arguments below are not mandatory
 -e dir_target=/opt/rkub                            # Dir on first master where to find package unarchive by previous task (by default /opt/rkub, count 50G available)
--e dir_mount=/mnt/rkub                             # NFS mount point (on first master, it will be a symlink to "dir_target")
 -e domain="example.com"                            # By default take the host domain from master server
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 88bd9d020..c5652d8e2 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -33,19 +33,18 @@ global_rhel_version: "{{ el }}"
 
 # General
 global_install_user: "{{ install_user | default('kuberoot') }}"
-global_directory_package_build: "{{ dir_build | default('$HOME/rkub') }}"
-global_archive_tar_zst_bool: "{{ archive | default('true') | bool }}"
 global_method_install: "{{ method | default('tarball') }}"
 global_rpm_install: "{{ global_method_install == 'rpm' }}"
 global_tarball_install: "{{ global_method_install == 'tarball' }}"
 
 # Local
+global_directory_package_build: "{{ dir_build | default('$HOME/rkub') }}"
+global_archive_tar_zst_bool: "{{ archive | default('true') | bool }}"
 global_package_name: "{{ package_name | default('rkub.zst') }}"
 global_path_to_package_zst: "{{ global_directory_package_build }}/../{{ global_package_name }}"
 
 # Target
 global_directory_package_target: "{{ dir_target | default('/opt/rkub') }}"
-global_directory_mount: "{{ dir_mount | default('/mnt/rkub') }}"
 
 # Options General
 global_hauler_ip: "{{ hauler_ip | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address']) }}"
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 44ccdde7b..0a86cf541 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -7,7 +7,7 @@ rpm_install: "{{ global_rpm_install | bool }}"
 tarball_install: "{{ global_tarball_install | bool }}"
 
 # Mount share
-mount_path: "{{ global_directory_mount }}"
+mount_path: "{{ global_directory_package_target }}"
 mount_rke2_path: "{{ mount_path }}/fileserver"
 
 # RKE2 config
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
index 9ffa1af8e..36ae22224 100644
--- a/roles/install_rke2_controller/tasks/tarball_install.yml
+++ b/roles/install_rke2_controller/tasks/tarball_install.yml
@@ -17,9 +17,13 @@
       ansible.builtin.debug:
         var: install_server_output['stdout_lines']
 
-    - name: Pause for 3 seconds before start service
+    - name: Display install complete output
+      ansible.builtin.debug:
+        var: install_server_output
+
+    - name: Pause for 5 seconds before start service
       ansible.builtin.pause:
-        seconds: 3
+        seconds: 5
 
     # Service
     - name: Mask RKE2 agent service on the first server

From 431fa951738f8760014ce33171b943394cb23260 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 11:25:49 +0200
Subject: [PATCH 303/365] adding hauler store

---
 roles/build_airgap_hauler/handlers/main.yml | 2 --
 roles/build_airgap_hauler/vars/main.yml     | 2 --
 roles/install_rke2_common/defaults/main.yml | 2 +-
 3 files changed, 1 insertion(+), 5 deletions(-)
 delete mode 100644 roles/build_airgap_hauler/handlers/main.yml
 delete mode 100644 roles/build_airgap_hauler/vars/main.yml

diff --git a/roles/build_airgap_hauler/handlers/main.yml b/roles/build_airgap_hauler/handlers/main.yml
deleted file mode 100644
index 24126db2c..000000000
--- a/roles/build_airgap_hauler/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for build_airgap_hauler
diff --git a/roles/build_airgap_hauler/vars/main.yml b/roles/build_airgap_hauler/vars/main.yml
deleted file mode 100644
index d0138c751..000000000
--- a/roles/build_airgap_hauler/vars/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# vars file for build_airgap_hauler
diff --git a/roles/install_rke2_common/defaults/main.yml b/roles/install_rke2_common/defaults/main.yml
index ea8a099d0..757e58e08 100644
--- a/roles/install_rke2_common/defaults/main.yml
+++ b/roles/install_rke2_common/defaults/main.yml
@@ -2,7 +2,7 @@
 # defaults file for install_common
 
 # Mount share
-mount_path: "{{ global_directory_mount }}"
+mount_path: "{{ global_directory_package_target }}"
 
 # RKE2
 admin_user: "{{ global_install_user }}"

From 27397ccbef28015eceb4c4ab9e77d0505b24375b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 11:40:33 +0200
Subject: [PATCH 304/365] adding hauler store

---
 roles/deploy_hauler/tasks/rhel.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/deploy_hauler/tasks/rhel.yml b/roles/deploy_hauler/tasks/rhel.yml
index 62c93c065..adb1bc390 100644
--- a/roles/deploy_hauler/tasks/rhel.yml
+++ b/roles/deploy_hauler/tasks/rhel.yml
@@ -41,8 +41,8 @@
       changed_when: false
       register: hauler_store_info
       until: hauler_store_info.rc == 0
-      retries: 20
-      delay: 5
+      retries: 30
+      delay: 10
 
     - name: Install createrepo
       ansible.builtin.dnf:

From 11a8b8c7e6eacc0a83625bf53dd5c17268eceb5e Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 12:23:01 +0200
Subject: [PATCH 305/365] adding hauler store

---
 roles/install_rke2_common/tasks/main.yml     |  5 ----
 roles/install_rke2_controller/tasks/main.yml | 30 ++++++--------------
 roles/install_rke2_worker/defaults/main.yml  |  8 ------
 roles/install_rke2_worker/tasks/main.yml     | 18 ++++++------
 4 files changed, 19 insertions(+), 42 deletions(-)

diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index 1ece7cf23..d81de22bd 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -5,7 +5,6 @@
     gather_subset:
       - "distribution"
       - "distribution_major_version"
-      - "selinux"
       - "!min"
   when: >
     ansible_os_family is not defined
@@ -24,10 +23,6 @@
 - name: Tasks common to Linux servers for RKE2 installation
   ansible.builtin.import_tasks: common.yml
 
-- name: Tasks if SELinux is activated for RKE2 installation
-  ansible.builtin.import_tasks: selinux.yml
-  when: ansible_selinux['status'] == 'enabled'
-
 - name: Get Token if one exist
   ansible.builtin.import_tasks: token.yml
 
diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index 0dff2001d..542730a00 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -6,6 +6,7 @@
       - "distribution"
       - "distribution_major_version"
       - "default_ipv4"
+      - "selinux"
       - "!all,!min"
   when: >
     ansible_os_family is not defined
@@ -26,21 +27,6 @@
     - ansible_facts['services']['firewalld.service']['state'] == "running"
   tags: firewalld
 
-# Here, we start export NFS on first controler and mounting on all other controlers
-# - name: Set NFS export on first node
-#   ansible.builtin.import_role:
-#     name: set_nfs_export
-#     tasks_from: main
-#   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-#   tags: nfs_export
-
-# - name: Set NFS mount on other nodes
-#   ansible.builtin.import_role:
-#     name: set_nfs_mount
-#     tasks_from: main
-#   when: inventory_hostname in groups['RKE2_CONTROLLERS'][1:]
-#   tags: nfs_mount
-
 # Start install
 - name: RKE2 common to worker and controler tasks
   vars:
@@ -55,17 +41,19 @@
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
   tags: install
 
+- name: Tasks if SELinux is activated for RKE2 installation
+  vars:
+    caller_role_name: controller
+  ansible.builtin.import_role:
+    name: install_rke2_common
+    tasks_from: selinux
+  when: ansible_selinux['status'] == 'enabled'
+
 - name: RKE2 Get Token
   ansible.builtin.import_tasks: token.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
   tags: token
 
-# Admin setup
-#- name: Arkade utils push in admin user
-#  ansible.builtin.import_tasks: arkade.yml
-#  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-#  tags: arkade
-
 - name: Admin user setup
   ansible.builtin.import_tasks: admin.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
diff --git a/roles/install_rke2_worker/defaults/main.yml b/roles/install_rke2_worker/defaults/main.yml
index 8907ba643..da29a716e 100644
--- a/roles/install_rke2_worker/defaults/main.yml
+++ b/roles/install_rke2_worker/defaults/main.yml
@@ -1,16 +1,8 @@
 ---
 # defaults file for install_worker
-rke2_version: "{{ global_rke2_version }}"
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
 
-# Mount share
-mount_path: "{{ global_directory_mount }}"
-mount_rke2_path: "{{ mount_path }}/rke2_{{ rke2_version }}"
-mount_utils_path: "{{ mount_path }}/utils"
-mount_rke2_common_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_common_rpm_version }}.el{{ ansible_distribution_major_version }}.x86_64.rpm"
-mount_rke2_selinux_rpm_path: "{{ mount_rke2_path }}/{{ global_rke2_selinux_rpm_version }}.el{{ ansible_distribution_major_version }}.noarch.rpm"
-
 # Worker options
 rke2_data_dir: "{{ global_rke2_data_dir }}"
 rke2_cluster_cidr: "{{ global_rke2_cluster_cidr }}"
diff --git a/roles/install_rke2_worker/tasks/main.yml b/roles/install_rke2_worker/tasks/main.yml
index 5bdb3dc9a..a7ae0b60b 100644
--- a/roles/install_rke2_worker/tasks/main.yml
+++ b/roles/install_rke2_worker/tasks/main.yml
@@ -6,6 +6,7 @@
       - "distribution"
       - "distribution_major_version"
       - "default_ipv4"
+      - "selinux"
       - "!all,!min"
   when: >
     ansible_os_family is not defined
@@ -26,13 +27,6 @@
     - ansible_facts['services']['firewalld.service']['state'] == "running"
   tags: firewalld
 
-# NFS share
-- name: Set NFS mount on other nodes
-  ansible.builtin.import_role:
-    name: set_nfs_mount
-    tasks_from: main
-  tags: nfs_mount
-
 # Start install
 - name: RKE2 common to worker and controler tasks
   vars:
@@ -46,6 +40,14 @@
   ansible.builtin.import_tasks: install.yml
   tags: install
 
+- name: Tasks if SELinux is activated for RKE2 installation
+  vars:
+    caller_role_name: worker
+  ansible.builtin.import_role:
+    name: install_rke2_common
+    tasks_from: selinux
+  when: ansible_selinux['status'] == 'enabled'
+
 # Utils
 - name: Install registry on worker
   vars:
@@ -61,4 +63,4 @@
   ansible.builtin.import_role:
     name: install_utils_nerdctl
     tasks_from: main
-  tags: nerdctl
\ No newline at end of file
+  tags: nerdctl

From ac4a904c9b833915a45e1849888a4ee82fc80159 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 12:40:44 +0200
Subject: [PATCH 306/365] adding hauler store

---
 roles/install_rke2_controller/tasks/main.yml  |  6 +++
 roles/install_rke2_controller/tasks/post.yml  | 42 +++++++++++++++++++
 .../tasks/tarball_install.yml                 | 42 -------------------
 3 files changed, 48 insertions(+), 42 deletions(-)
 create mode 100644 roles/install_rke2_controller/tasks/post.yml

diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index 542730a00..c87788ee2 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -47,8 +47,14 @@
   ansible.builtin.import_role:
     name: install_rke2_common
     tasks_from: selinux
+  tags: selinux
   when: ansible_selinux['status'] == 'enabled'
 
+- name: RKE2 post install after selinux
+  ansible.builtin.import_tasks: post.yml
+  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
+  tags: post
+
 - name: RKE2 Get Token
   ansible.builtin.import_tasks: token.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
diff --git a/roles/install_rke2_controller/tasks/post.yml b/roles/install_rke2_controller/tasks/post.yml
new file mode 100644
index 000000000..000835cba
--- /dev/null
+++ b/roles/install_rke2_controller/tasks/post.yml
@@ -0,0 +1,42 @@
+---
+# Finish install after selinux
+- name: Post install
+  become: true
+  block:
+    # Service
+    - name: Mask RKE2 agent service on the first server
+      ansible.builtin.systemd:
+        name: "rke2-agent.service"
+        enabled: false
+        masked: true
+
+    - name: Start and enable rke2-server
+      ansible.builtin.systemd:
+        name: rke2-server.service
+        state: started
+        enabled: true
+      notify: "Service (re)started"
+      async: 600
+      poll: 60
+
+    - name: Wait for k8s apiserver
+      ansible.builtin.wait_for:
+        host: localhost
+        port: "6443"
+        state: present
+        timeout: 300
+
+    - name: Create symlink for containerd.sock
+      ansible.builtin.file:
+        src: /var/run/k3s/containerd/containerd.sock
+        dest: /var/run/containerd/containerd.sock
+        state: link
+
+    - name: Update root .bashrc
+      ansible.builtin.blockinfile:
+        path: ~/.bashrc
+        block: |
+          export KUBECONFIG={{ rke2_kubeconfig_file }}
+          export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
+          PATH=$PATH:{{ rke2_data_dir }}/bin
+        marker: "# {mark} ANSIBLE install_rke2_controler"
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
index 36ae22224..f6114089a 100644
--- a/roles/install_rke2_controller/tasks/tarball_install.yml
+++ b/roles/install_rke2_controller/tasks/tarball_install.yml
@@ -17,48 +17,6 @@
       ansible.builtin.debug:
         var: install_server_output['stdout_lines']
 
-    - name: Display install complete output
-      ansible.builtin.debug:
-        var: install_server_output
-
     - name: Pause for 5 seconds before start service
       ansible.builtin.pause:
         seconds: 5
-
-    # Service
-    - name: Mask RKE2 agent service on the first server
-      ansible.builtin.systemd:
-        name: "rke2-agent.service"
-        enabled: false
-        masked: true
-
-    - name: Start and enable rke2-server
-      ansible.builtin.systemd:
-        name: rke2-server.service
-        state: started
-        enabled: true
-      notify: "Service (re)started"
-      async: 600
-      poll: 60
-
-    - name: Wait for k8s apiserver
-      ansible.builtin.wait_for:
-        host: localhost
-        port: "6443"
-        state: present
-        timeout: 300
-
-    - name: Create symlink for containerd.sock
-      ansible.builtin.file:
-        src: /var/run/k3s/containerd/containerd.sock
-        dest: /var/run/containerd/containerd.sock
-        state: link
-
-    - name: Update root .bashrc
-      ansible.builtin.blockinfile:
-        path: ~/.bashrc
-        block: |
-          export KUBECONFIG={{ rke2_kubeconfig_file }}
-          export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
-          PATH=$PATH:{{ rke2_data_dir }}/bin
-        marker: "# {mark} ANSIBLE install_rke2_controler"

From 539faee0b1be51cbea765b70b33053f16f4fe3e3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 14:02:55 +0200
Subject: [PATCH 307/365] adding hauler store

---
 roles/install_rke2_common/defaults/main.yml   |  5 ++--
 roles/install_rke2_common/tasks/token.yml     | 27 ++++++++----------
 roles/install_rke2_controller/tasks/admin.yml |  2 ++
 roles/install_rke2_controller/tasks/main.yml  |  9 ------
 .../tasks/tarball_install.yml                 | 28 +++++++++++++++----
 roles/install_rke2_controller/tasks/token.yml |  2 +-
 roles/install_rke2_worker/tasks/main.yml      |  8 ------
 roles/install_utils_nerdctl/defaults/main.yml |  5 ++--
 roles/install_utils_nerdctl/tasks/install.yml | 12 ++++----
 9 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/roles/install_rke2_common/defaults/main.yml b/roles/install_rke2_common/defaults/main.yml
index 757e58e08..3d618dccf 100644
--- a/roles/install_rke2_common/defaults/main.yml
+++ b/roles/install_rke2_common/defaults/main.yml
@@ -1,10 +1,9 @@
 ---
 # defaults file for install_common
 
-# Mount share
-mount_path: "{{ global_directory_package_target }}"
-
 # RKE2
 admin_user: "{{ global_install_user }}"
 rke2_data_dir: "{{ global_rke2_data_dir }}"
+
+# Fileserver
 hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index a8fe14a72..2cb3eec79 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -1,18 +1,15 @@
 ---
 ## Get Token if one exist
-- name: Check if token already exist
-  ansible.builtin.stat:
-    path: "{{ mount_path }}/token"
-  register: token
+- name: Get token from URL
+  ansible.builtin.uri:
+    url: "http://{{ hauler_server }}:8080/token"
+    method: GET
+    validate_certs: false
+    return_content: false
+  register: token_response
+  ignore_errors: true
 
-- name: Read token if exist
-  when: token['stat'].exists
-  block:
-    - name: Read node-token from NFS share
-      ansible.builtin.slurp:
-        src: "{{ mount_path }}/token"
-      register: node_token
-
-    - name: Store Master node-token
-      ansible.builtin.set_fact:
-        rke2_config_token: "{{ node_token['content'] | b64decode | regex_replace('\n', '') }}"
\ No newline at end of file
+- name: Store Master node-token
+  ansible.builtin.set_fact:
+    rke2_config_token: "{{ token_response['content'] }}"
+  when: token_response.status == 200
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 67f92683f..2c29c5292 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -47,3 +47,5 @@
         block: |
           export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
         marker: "# {mark} ANSIBLE setup Kubeconfig"
+
+# Install helm / k9s
diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index c87788ee2..8d9233fc1 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -71,15 +71,6 @@
   tags: localhost
 
 # Utils
-#- name: Install registry on first node
-#  vars:
-#    caller_role_name: controller
-#  ansible.builtin.import_role:
-#    name: install_utils_registry
-#    tasks_from: main
-#  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-#  tags: registry
-
 - name: RKE2 install nerdctl
   vars:
     caller_role_name: controller
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
index f6114089a..b852fa56b 100644
--- a/roles/install_rke2_controller/tasks/tarball_install.yml
+++ b/roles/install_rke2_controller/tasks/tarball_install.yml
@@ -3,20 +3,38 @@
 - name: Install with tarball method
   become: true
   block:
-    - name: Install RKE2 server node
+    - name: TARBALL | Make temp dir
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: rke2-install.
+        path: "{{ tarball_tmp_dir | default(omit) }}"
+      register: temp_dir
+
+    - name: TARBALL | Get RKE2 Artifacts from URL
+      ansible.builtin.get_url:
+        url: "http://{{ hauler_server }}:8080/{{ item }}"
+        dest: "{{ temp_dir['path'] }}/{{ item }}"
+        validate_certs: false
+      loop:
+        - rke2-images.linux-amd64.tar.zst
+        - rke2.linux-amd64.tar.gz
+        - sha256sum-amd64.txt
+        - install.sh
+
+    - name: TARBALL | Install RKE2 server node
       ansible.builtin.shell:
         cmd: |
-          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=server sh {{ mount_rke2_path }}/install.sh
-        chdir: "{{ mount_rke2_path }}"
+          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ temp_dir['path'] }} INSTALL_RKE2_TYPE=server sh {{ temp_dir['path'] }}/install.sh
+        chdir: "{{ temp_dir['path'] }}"
         executable: /bin/bash
       register: install_server_output
       failed_when: false
       changed_when: false
 
-    - name: Display install output
+    - name: TARBALL | Display install output
       ansible.builtin.debug:
         var: install_server_output['stdout_lines']
 
-    - name: Pause for 5 seconds before start service
+    - name: TARBALL | Pause for 5 seconds before start service
       ansible.builtin.pause:
         seconds: 5
diff --git a/roles/install_rke2_controller/tasks/token.yml b/roles/install_rke2_controller/tasks/token.yml
index ced35ea11..45edd7fd6 100644
--- a/roles/install_rke2_controller/tasks/token.yml
+++ b/roles/install_rke2_controller/tasks/token.yml
@@ -19,6 +19,6 @@
     - name: Write token on mount path
       ansible.builtin.copy:
         content: "{{ rke2_config_token }}"
-        dest: "{{ mount_path }}/token"
+        dest: "{{ mount_rke2_path }}/token"
         follow: true
         mode: "0640"
diff --git a/roles/install_rke2_worker/tasks/main.yml b/roles/install_rke2_worker/tasks/main.yml
index a7ae0b60b..9262706af 100644
--- a/roles/install_rke2_worker/tasks/main.yml
+++ b/roles/install_rke2_worker/tasks/main.yml
@@ -49,14 +49,6 @@
   when: ansible_selinux['status'] == 'enabled'
 
 # Utils
-- name: Install registry on worker
-  vars:
-    caller_role_name: worker
-  ansible.builtin.import_role:
-    name: install_utils_registry
-    tasks_from: main
-  tags: registry
-
 - name: RKE2 install nerdctl
   vars:
     caller_role_name: worker
diff --git a/roles/install_utils_nerdctl/defaults/main.yml b/roles/install_utils_nerdctl/defaults/main.yml
index 9571b36d0..a73761e06 100644
--- a/roles/install_utils_nerdctl/defaults/main.yml
+++ b/roles/install_utils_nerdctl/defaults/main.yml
@@ -1,6 +1,5 @@
 ---
 # defaults file for install_utils_nerdctl
 
-# Mount
-mount_path: "{{ global_directory_mount }}"
-mount_pkg_nerdctl: "{{ global_directory_mount }}/utils/nerdctl"
\ No newline at end of file
+# Fileserver
+hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index d7212b1a5..6b636b582 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -10,14 +10,16 @@
     path: /usr/local/bin/nerdctl
   register: file_data
 
-- name: Copy Nerdctl bin into /usr/local/bin
-  ansible.builtin.copy:
-    src: "{{ mount_pkg_nerdctl }}"
-    dest: /usr/local/bin/
+- name: Download Nerdctl bin into /usr/local/bin
+  ansible.builtin.unarchive:
+    src: "http://{{ hauler_server }}:8080/nerdctl-*-linux-amd64.tar.gz"
+    dest: "/usr/local/bin/"
     owner: "{{ admin_user }}"
     group: "{{ admin_user }}"
     mode: '0750'
     remote_src: true
+    extra_opts: [--wildcards, --no-anchored, --strip-components=1]
+    validate_certs: false
   when: not file_data.stat.exists
 
 - name: Copy NERDCTL configuration file
@@ -34,4 +36,4 @@
     dest: /etc/sudoers.d
     owner: "root"
     group: "root"
-    mode: '0440'
\ No newline at end of file
+    mode: '0440'

From 7215d13db2125f5ab3cf0a3bedc7bf47b9feb1b3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 14:29:11 +0200
Subject: [PATCH 308/365] adding hauler store

---
 .../templates/airgap_hauler.yaml.j2                    | 10 ++++++----
 roles/install_rke2_common/tasks/token.yml              |  2 +-
 .../install_rke2_controller/tasks/tarball_install.yml  |  2 +-
 roles/install_utils_nerdctl/tasks/install.yml          |  3 +--
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 14dfc13eb..573a4a1d4 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -66,7 +66,9 @@ spec:
       path: https://get.rke2.io
     {% endif -%}
     # Addons
-    - path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
-    - path: https://github.com/containerd/nerdctl/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz
-    - path: https://github.com/derailed/k9s/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz
-    #- path: https://raw.githubusercontent.com/clemenko/rke_airgap_install/main/hauler_all_the_things.sh
+    - name: helm.tar.gz
+      path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
+    - name: nerdctl.tar.gz
+      path: https://github.com/containerd/nerdctl/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz
+    - name: k9s.tar.gz
+      path: https://github.com/derailed/k9s/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz
diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index 2cb3eec79..248e72202 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -7,7 +7,7 @@
     validate_certs: false
     return_content: false
   register: token_response
-  ignore_errors: true
+  failed_when: false
 
 - name: Store Master node-token
   ansible.builtin.set_fact:
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
index b852fa56b..8dae9610e 100644
--- a/roles/install_rke2_controller/tasks/tarball_install.yml
+++ b/roles/install_rke2_controller/tasks/tarball_install.yml
@@ -6,7 +6,7 @@
     - name: TARBALL | Make temp dir
       ansible.builtin.tempfile:
         state: directory
-        suffix: rke2-install.
+        suffix: rke2-install.XXXXXXXXXX
         path: "{{ tarball_tmp_dir | default(omit) }}"
       register: temp_dir
 
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 6b636b582..a89f6d1f8 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -12,13 +12,12 @@
 
 - name: Download Nerdctl bin into /usr/local/bin
   ansible.builtin.unarchive:
-    src: "http://{{ hauler_server }}:8080/nerdctl-*-linux-amd64.tar.gz"
+    src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
     dest: "/usr/local/bin/"
     owner: "{{ admin_user }}"
     group: "{{ admin_user }}"
     mode: '0750'
     remote_src: true
-    extra_opts: [--wildcards, --no-anchored, --strip-components=1]
     validate_certs: false
   when: not file_data.stat.exists
 

From 89adf1f8c5d6584545cfdaf64888b40e8095c075 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 15:26:43 +0200
Subject: [PATCH 309/365] adding hauler store

---
 .github/workflows/stage.yml                   |  7 ------
 meta/ee-bindeps.txt                           |  4 ++++
 roles/install_rke2_common/tasks/common.yml    | 22 +++++++++++++++++
 .../tasks/rpm_install.yml                     | 11 ---------
 roles/install_utils_nerdctl/tasks/install.yml |  1 +
 roles/install_utils_nerdctl/tasks/main.yml    |  4 +++-
 .../install_utils_nerdctl/tasks/prerequis.yml | 24 +++++++++++++++++++
 7 files changed, 54 insertions(+), 19 deletions(-)
 create mode 100644 roles/install_utils_nerdctl/tasks/prerequis.yml

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index ba560adb6..06b12de57 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -62,13 +62,6 @@ jobs:
           s3fs ${BUCKET} ${MOUNT_POINT} -o url=https://${REGION}.digitaloceanspaces.com -o passwd_file=./passwd-s3fs
           df -Th ${MOUNT_POINT}
 
-      - name: Test access Mount point
-        run: |
-          ls -ld ${MOUNT_POINT}
-          ls -l ${MOUNT_POINT}
-          cd ${MOUNT_POINT}
-          ls
-
       - name: Checkout files
         uses: actions/checkout@v4
 
diff --git a/meta/ee-bindeps.txt b/meta/ee-bindeps.txt
index 0071d0def..98a5615bb 100644
--- a/meta/ee-bindeps.txt
+++ b/meta/ee-bindeps.txt
@@ -14,3 +14,7 @@ zstd [platform:rpm]
 zstd [platform:dpkg]
 jq [platform:rpm]
 jq [platform:dpkg]
+tar [platform:rpm]
+tar [platform:dpkg]
+gzip [platform:rpm]
+gzip [platform:dpkg]
diff --git a/roles/install_rke2_common/tasks/common.yml b/roles/install_rke2_common/tasks/common.yml
index 3d996d62b..86ae412c8 100644
--- a/roles/install_rke2_common/tasks/common.yml
+++ b/roles/install_rke2_common/tasks/common.yml
@@ -32,3 +32,25 @@
     dest: /var/lib/rancher/rke2
     state: link
   when: rke2_data_dir != "/var/lib/rancher/rke2"
+
+# Common packages on all nodes
+- name: Install packages common
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - zstd
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+
+- name: Install packages common
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - zstd
+  become: true
+  when:
+    - ansible_os_family == "Debian"
diff --git a/roles/install_rke2_controller/tasks/rpm_install.yml b/roles/install_rke2_controller/tasks/rpm_install.yml
index 4624b2435..14194a274 100644
--- a/roles/install_rke2_controller/tasks/rpm_install.yml
+++ b/roles/install_rke2_controller/tasks/rpm_install.yml
@@ -1,16 +1,5 @@
 ---
 # RPM
-- name: Install packages common to controlers
-  ansible.builtin.dnf:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - zstd
-  become: true
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
-
 - name: Import a key from a file
   ansible.builtin.rpm_key:
     state: present
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index a89f6d1f8..2d74e7625 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -19,6 +19,7 @@
     mode: '0750'
     remote_src: true
     validate_certs: false
+    extra_opts: ['--strip-components=1']
   when: not file_data.stat.exists
 
 - name: Copy NERDCTL configuration file
diff --git a/roles/install_utils_nerdctl/tasks/main.yml b/roles/install_utils_nerdctl/tasks/main.yml
index a56565618..de428d08b 100644
--- a/roles/install_utils_nerdctl/tasks/main.yml
+++ b/roles/install_utils_nerdctl/tasks/main.yml
@@ -1,5 +1,7 @@
 ---
 # tasks file for install_utils_nerdctl
+- name: Tasks prerequis
+  ansible.builtin.import_tasks: prerequis.yml
 
 - name: Tasks to install nerdctl
-  ansible.builtin.import_tasks: install.yml
\ No newline at end of file
+  ansible.builtin.import_tasks: install.yml
diff --git a/roles/install_utils_nerdctl/tasks/prerequis.yml b/roles/install_utils_nerdctl/tasks/prerequis.yml
new file mode 100644
index 000000000..94eb82950
--- /dev/null
+++ b/roles/install_utils_nerdctl/tasks/prerequis.yml
@@ -0,0 +1,24 @@
+---
+# packages on all nodes needed
+- name: Install packages common
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - tar
+    - gzip
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+
+- name: Install packages common
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - tar
+    - gzip
+  become: true
+  when:
+    - ansible_os_family == "Debian"

From 0711d31a31e4c69e78594d4554fbdfb3e39e80ad Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 16:03:04 +0200
Subject: [PATCH 310/365] adding hauler store

---
 roles/install_utils_nerdctl/tasks/install.yml | 25 +++++++++++++++----
 .../install_utils_nerdctl/tasks/prerequis.yml |  2 ++
 2 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 2d74e7625..83ddb22be 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -10,17 +10,32 @@
     path: /usr/local/bin/nerdctl
   register: file_data
 
-- name: Download Nerdctl bin into /usr/local/bin
+#- name: Download Nerdctl bin into /usr/local/bin
+#  ansible.builtin.unarchive:
+#    src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
+#    dest: "/usr/local/bin/"
+#    owner: "{{ admin_user }}"
+#    group: "{{ admin_user }}"
+#    mode: '0750'
+#    remote_src: true
+#    validate_certs: false
+#    extra_opts: ['--strip-components=1']
+#  when: not file_data.stat.exists
+
+- name: Download Nerdctl archive
+  ansible.builtin.get_url:
+    url: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
+    dest: "/usr/local/bin/nerdctl-archive.tar.gz"
+    validate_certs: false
+
+- name: Unarchive Nerdctl
   ansible.builtin.unarchive:
-    src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
+    src: "/usr/local/bin/nerdctl-archive.tar.gz"
     dest: "/usr/local/bin/"
     owner: "{{ admin_user }}"
     group: "{{ admin_user }}"
     mode: '0750'
     remote_src: true
-    validate_certs: false
-    extra_opts: ['--strip-components=1']
-  when: not file_data.stat.exists
 
 - name: Copy NERDCTL configuration file
   ansible.builtin.template:
diff --git a/roles/install_utils_nerdctl/tasks/prerequis.yml b/roles/install_utils_nerdctl/tasks/prerequis.yml
index 94eb82950..53af4571c 100644
--- a/roles/install_utils_nerdctl/tasks/prerequis.yml
+++ b/roles/install_utils_nerdctl/tasks/prerequis.yml
@@ -7,6 +7,7 @@
   with_items:
     - tar
     - gzip
+    - unzip
   become: true
   when:
     - ansible_os_family == "RedHat"
@@ -19,6 +20,7 @@
   with_items:
     - tar
     - gzip
+    - unzip
   become: true
   when:
     - ansible_os_family == "Debian"

From e0f2db83760e84e89b313d843c23aadf7f3023a4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 16:55:32 +0200
Subject: [PATCH 311/365] adding hauler store

---
 README.md                                     |  6 +--
 .../templates/airgap_hauler.yaml.j2           |  4 +-
 roles/install_utils_nerdctl/tasks/install.yml | 40 +++++++++----------
 3 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/README.md b/README.md
index 1c07653e9..87799b2d5 100644
--- a/README.md
+++ b/README.md
@@ -41,14 +41,12 @@ Add-on from my part:
 
 - Some flexibility about path with the possibility to build and install on a choosen path.
 
-- Admin user (by default 'kuberoot') on first controller node with some admin tools.
+- Admin user (by default 'kuberoot') on first controller node with some admin tools (k9s, helm).
 
 - Nerdctl as complement of containerd to handle oci-archive.
 
 - K9S on first controller for admin purpose.
 
-- Firewalld settings if firewalld running.
-
 - Uninstall playbook to cleanup (and maybe reinstall if needed).
 
 - Collection Released, so possibilty to get back to older versions.
@@ -157,6 +155,8 @@ All prerequisites are set in folder `meta` and `meta/execution-environment.yml`.
 
 ## Some details
 
+I favored the tarball installation since it's the one the most compact and also leave an tar.zst on all nodes.
+
 **Build** have for purpose to create a tar zst with following content:
 
 ```bash
diff --git a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2 b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
index 573a4a1d4..ddc2de512 100644
--- a/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
+++ b/roles/build_airgap_hauler/templates/airgap_hauler.yaml.j2
@@ -69,6 +69,6 @@ spec:
     - name: helm.tar.gz
       path: https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz
     - name: nerdctl.tar.gz
-      path: https://github.com/containerd/nerdctl/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz
+      path: https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz
     - name: k9s.tar.gz
-      path: https://github.com/derailed/k9s/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz
+      path: https://github.com/derailed/k9s/releases/download/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 83ddb22be..76a9456fd 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -10,32 +10,32 @@
     path: /usr/local/bin/nerdctl
   register: file_data
 
-#- name: Download Nerdctl bin into /usr/local/bin
-#  ansible.builtin.unarchive:
-#    src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-#    dest: "/usr/local/bin/"
-#    owner: "{{ admin_user }}"
-#    group: "{{ admin_user }}"
-#    mode: '0750'
-#    remote_src: true
-#    validate_certs: false
-#    extra_opts: ['--strip-components=1']
-#  when: not file_data.stat.exists
-
-- name: Download Nerdctl archive
-  ansible.builtin.get_url:
-    url: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-    dest: "/usr/local/bin/nerdctl-archive.tar.gz"
-    validate_certs: false
-
-- name: Unarchive Nerdctl
+- name: Download Nerdctl bin into /usr/local/bin
   ansible.builtin.unarchive:
-    src: "/usr/local/bin/nerdctl-archive.tar.gz"
+    src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
     dest: "/usr/local/bin/"
     owner: "{{ admin_user }}"
     group: "{{ admin_user }}"
     mode: '0750'
     remote_src: true
+    validate_certs: false
+    extra_opts: ['--strip-components=1']
+  when: not file_data.stat.exists
+
+#- name: Download Nerdctl archive
+#  ansible.builtin.get_url:
+#    url: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
+#    dest: "/usr/local/bin/nerdctl-archive.tar.gz"
+#    validate_certs: false
+#
+#- name: Unarchive Nerdctl
+#  ansible.builtin.unarchive:
+#    src: "/usr/local/bin/nerdctl-archive.tar.gz"
+#    dest: "/usr/local/bin/"
+#    owner: "{{ admin_user }}"
+#    group: "{{ admin_user }}"
+#    mode: '0750'
+#    remote_src: true
 
 - name: Copy NERDCTL configuration file
   ansible.builtin.template:

From 1a00c7a73630b1e90f9cddadaafdee3714408ad8 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 17:39:45 +0200
Subject: [PATCH 312/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml |  4 +-
 roles/install_rke2_controller/tasks/main.yml  |  6 +-
 .../tasks/{post.yml => start.yml}             |  0
 .../tasks/tarball_install.yml                 |  2 +-
 roles/install_rke2_worker/tasks/install.yml   | 38 +++----------
 roles/install_rke2_worker/tasks/main.yml      |  4 ++
 .../install_rke2_worker/tasks/rpm_install.yml |  0
 roles/install_rke2_worker/tasks/start.yml     | 21 +++++++
 .../tasks/tarball_install.yml                 | 40 +++++++++++++
 roles/install_utils_nerdctl/tasks/install.yml |  2 +-
 .../install_utils_nerdctl/tasks/prerequis.yml |  2 -
 roles/install_utils_registry/README.md        | 14 -----
 .../install_utils_registry/defaults/main.yml  | 13 -----
 .../install_utils_registry/handlers/main.yml  | 24 --------
 roles/install_utils_registry/meta/main.yml    | 54 ------------------
 roles/install_utils_registry/tasks/deploy.yml | 21 -------
 .../tasks/load-kubevip.yml                    | 12 ----
 .../tasks/load-longhorn.yml                   | 12 ----
 .../tasks/load-neuvector.yml                  | 12 ----
 .../tasks/load-rancher.yml                    | 24 --------
 roles/install_utils_registry/tasks/main.yml   | 23 --------
 .../install_utils_registry/tasks/manifest.yml | 18 ------
 roles/install_utils_registry/tasks/post.yml   | 22 -------
 roles/install_utils_registry/tasks/push.yml   | 20 -------
 roles/install_utils_registry/tasks/wait.yml   | 10 ----
 .../templates/registry.yaml.j2                | 36 ------------
 roles/install_utils_registry/tests/inventory  |  2 -
 roles/install_utils_registry/tests/test.yml   |  6 --
 roles/set_nfs_export/README.md                | 14 -----
 roles/set_nfs_export/defaults/main.yml        |  6 --
 roles/set_nfs_export/handlers/main.yml        |  7 ---
 roles/set_nfs_export/meta/main.yml            | 54 ------------------
 roles/set_nfs_export/tasks/firewalld.yml      | 21 -------
 roles/set_nfs_export/tasks/install.yml        | 33 -----------
 roles/set_nfs_export/tasks/main.yml           | 22 -------
 roles/set_nfs_export/tasks/selinux.yml        | 26 ---------
 roles/set_nfs_export/tests/inventory          |  2 -
 roles/set_nfs_export/tests/test.yml           |  6 --
 roles/set_nfs_mount/README.md                 | 14 -----
 roles/set_nfs_mount/defaults/main.yml         |  5 --
 roles/set_nfs_mount/handlers/main.yml         |  2 -
 roles/set_nfs_mount/meta/main.yml             | 54 ------------------
 roles/set_nfs_mount/tasks/main.yml            | 15 -----
 roles/set_nfs_mount/tasks/rhel.yml            | 33 -----------
 roles/set_nfs_mount/tests/inventory           |  2 -
 roles/set_nfs_mount/tests/test.yml            |  6 --
 roles/uninstall_rkub/tasks/main.yml           |  5 +-
 roles/uninstall_rkub/tasks/nfs.yml            | 57 -------------------
 48 files changed, 83 insertions(+), 743 deletions(-)
 rename roles/install_rke2_controller/tasks/{post.yml => start.yml} (100%)
 create mode 100644 roles/install_rke2_worker/tasks/rpm_install.yml
 create mode 100644 roles/install_rke2_worker/tasks/start.yml
 create mode 100644 roles/install_rke2_worker/tasks/tarball_install.yml
 delete mode 100644 roles/install_utils_registry/README.md
 delete mode 100644 roles/install_utils_registry/defaults/main.yml
 delete mode 100644 roles/install_utils_registry/handlers/main.yml
 delete mode 100644 roles/install_utils_registry/meta/main.yml
 delete mode 100644 roles/install_utils_registry/tasks/deploy.yml
 delete mode 100644 roles/install_utils_registry/tasks/load-kubevip.yml
 delete mode 100644 roles/install_utils_registry/tasks/load-longhorn.yml
 delete mode 100644 roles/install_utils_registry/tasks/load-neuvector.yml
 delete mode 100644 roles/install_utils_registry/tasks/load-rancher.yml
 delete mode 100644 roles/install_utils_registry/tasks/main.yml
 delete mode 100644 roles/install_utils_registry/tasks/manifest.yml
 delete mode 100644 roles/install_utils_registry/tasks/post.yml
 delete mode 100644 roles/install_utils_registry/tasks/push.yml
 delete mode 100644 roles/install_utils_registry/tasks/wait.yml
 delete mode 100644 roles/install_utils_registry/templates/registry.yaml.j2
 delete mode 100644 roles/install_utils_registry/tests/inventory
 delete mode 100644 roles/install_utils_registry/tests/test.yml
 delete mode 100644 roles/set_nfs_export/README.md
 delete mode 100644 roles/set_nfs_export/defaults/main.yml
 delete mode 100644 roles/set_nfs_export/handlers/main.yml
 delete mode 100644 roles/set_nfs_export/meta/main.yml
 delete mode 100644 roles/set_nfs_export/tasks/firewalld.yml
 delete mode 100644 roles/set_nfs_export/tasks/install.yml
 delete mode 100644 roles/set_nfs_export/tasks/main.yml
 delete mode 100644 roles/set_nfs_export/tasks/selinux.yml
 delete mode 100644 roles/set_nfs_export/tests/inventory
 delete mode 100644 roles/set_nfs_export/tests/test.yml
 delete mode 100644 roles/set_nfs_mount/README.md
 delete mode 100644 roles/set_nfs_mount/defaults/main.yml
 delete mode 100644 roles/set_nfs_mount/handlers/main.yml
 delete mode 100644 roles/set_nfs_mount/meta/main.yml
 delete mode 100644 roles/set_nfs_mount/tasks/main.yml
 delete mode 100644 roles/set_nfs_mount/tasks/rhel.yml
 delete mode 100644 roles/set_nfs_mount/tests/inventory
 delete mode 100644 roles/set_nfs_mount/tests/test.yml
 delete mode 100644 roles/uninstall_rkub/tasks/nfs.yml

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 2c29c5292..f6a46ed88 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -46,6 +46,8 @@
         path: "$HOME/.bashrc"
         block: |
           export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
-        marker: "# {mark} ANSIBLE setup Kubeconfig"
+          export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
+          PATH=$PATH:{{ rke2_data_dir }}/bin
+        marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
 # Install helm / k9s
diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index 8d9233fc1..23849a1e9 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -50,10 +50,10 @@
   tags: selinux
   when: ansible_selinux['status'] == 'enabled'
 
-- name: RKE2 post install after selinux
-  ansible.builtin.import_tasks: post.yml
+- name: Start RKE2 after selinux config
+  ansible.builtin.import_tasks: start.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
-  tags: post
+  tags: start
 
 - name: RKE2 Get Token
   ansible.builtin.import_tasks: token.yml
diff --git a/roles/install_rke2_controller/tasks/post.yml b/roles/install_rke2_controller/tasks/start.yml
similarity index 100%
rename from roles/install_rke2_controller/tasks/post.yml
rename to roles/install_rke2_controller/tasks/start.yml
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
index 8dae9610e..b5c8305f9 100644
--- a/roles/install_rke2_controller/tasks/tarball_install.yml
+++ b/roles/install_rke2_controller/tasks/tarball_install.yml
@@ -6,7 +6,7 @@
     - name: TARBALL | Make temp dir
       ansible.builtin.tempfile:
         state: directory
-        suffix: rke2-install.XXXXXXXXXX
+        suffix: "-rke2-controller-install"
         path: "{{ tarball_tmp_dir | default(omit) }}"
       register: temp_dir
 
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index e305686e6..16198065c 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -1,7 +1,9 @@
 ---
+# As root
 - name: Install RKE2 worker
   become: true
   block:
+    # prerequis
     - name: Create directories
       ansible.builtin.file:
         path: "{{ item }}"
@@ -17,33 +19,11 @@
         dest: /etc/rancher/rke2/config.yaml
         mode: "0640"
 
-    - name: Install RKE2 worker nodes
-      ansible.builtin.shell:
-        cmd: |
-          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ mount_rke2_path }} INSTALL_RKE2_TYPE=agent sh {{ mount_rke2_path }}/install.sh
-        executable: /bin/bash
-        chdir: "{{ mount_rke2_path }}"
-      register: install_worker_output
-      failed_when: false
-      changed_when: false
+# Install regarding choosen method
+- name: RKE2 Install tarball method
+  ansible.builtin.import_tasks: tarball_install.yml
+  when: tarball_install
 
-    - name: Display output from install
-      ansible.builtin.debug:
-        var: install_worker_output['stdout_lines']
-
-    # Start
-    - name: Mask RKE2 agent service on the first server
-      ansible.builtin.systemd:
-        name: "rke2-server.service"
-        enabled: false
-        masked: true
-
-    - name: Start and enable rke2-server
-      ansible.builtin.systemd:
-        name: rke2-agent.service
-        state: started
-        enabled: true
-      notify: "Service (re)started"
-      register: rke2_service
-      until: rke2_service is succeeded
-      retries: 5
+- name: RKE2 Install rpm method
+  ansible.builtin.import_tasks: rpm_install.yml
+  when: rpm_install
diff --git a/roles/install_rke2_worker/tasks/main.yml b/roles/install_rke2_worker/tasks/main.yml
index 9262706af..1b4d5ccb3 100644
--- a/roles/install_rke2_worker/tasks/main.yml
+++ b/roles/install_rke2_worker/tasks/main.yml
@@ -48,6 +48,10 @@
     tasks_from: selinux
   when: ansible_selinux['status'] == 'enabled'
 
+- name: RKE2 start worker after Selinux
+  ansible.builtin.import_tasks: start.yml
+  tags: start
+
 # Utils
 - name: RKE2 install nerdctl
   vars:
diff --git a/roles/install_rke2_worker/tasks/rpm_install.yml b/roles/install_rke2_worker/tasks/rpm_install.yml
new file mode 100644
index 000000000..e69de29bb
diff --git a/roles/install_rke2_worker/tasks/start.yml b/roles/install_rke2_worker/tasks/start.yml
new file mode 100644
index 000000000..1b3eeaf47
--- /dev/null
+++ b/roles/install_rke2_worker/tasks/start.yml
@@ -0,0 +1,21 @@
+---
+# As root
+- name: Start RKE2 worker
+  become: true
+  block:
+    # Start
+    - name: Mask RKE2 agent service on the first server
+      ansible.builtin.systemd:
+        name: "rke2-server.service"
+        enabled: false
+        masked: true
+
+    - name: Start and enable rke2-server
+      ansible.builtin.systemd:
+        name: rke2-agent.service
+        state: started
+        enabled: true
+      notify: "Service (re)started"
+      register: rke2_service
+      until: rke2_service is succeeded
+      retries: 5
diff --git a/roles/install_rke2_worker/tasks/tarball_install.yml b/roles/install_rke2_worker/tasks/tarball_install.yml
new file mode 100644
index 000000000..2889f006b
--- /dev/null
+++ b/roles/install_rke2_worker/tasks/tarball_install.yml
@@ -0,0 +1,40 @@
+---
+# As root
+- name: Install with tarball method
+  become: true
+  block:
+    - name: TARBALL | Make temp dir
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: "-rke2-worker-install"
+        path: "{{ tarball_tmp_dir | default(omit) }}"
+      register: temp_dir
+
+    - name: TARBALL | Get RKE2 Artifacts from URL
+      ansible.builtin.get_url:
+        url: "http://{{ hauler_server }}:8080/{{ item }}"
+        dest: "{{ temp_dir['path'] }}/{{ item }}"
+        validate_certs: false
+      loop:
+        - rke2-images.linux-amd64.tar.zst
+        - rke2.linux-amd64.tar.gz
+        - sha256sum-amd64.txt
+        - install.sh
+
+    - name: TARBALL | Install RKE2 worker node
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ temp_dir['path'] }} INSTALL_RKE2_TYPE=agent sh {{ temp_dir['path'] }}/install.sh
+        chdir: "{{ temp_dir['path'] }}"
+        executable: /bin/bash
+      register: install_worker_output
+      failed_when: false
+      changed_when: false
+
+    - name: TARBALL | Display install output
+      ansible.builtin.debug:
+        var: install_worker_output['stdout_lines']
+
+    - name: TARBALL | Pause for 5 seconds before start service
+      ansible.builtin.pause:
+        seconds: 5
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 76a9456fd..7730c2ee4 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -13,7 +13,7 @@
 - name: Download Nerdctl bin into /usr/local/bin
   ansible.builtin.unarchive:
     src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-    dest: "/usr/local/bin/"
+    dest: "/usr/local/bin/nerdctl"
     owner: "{{ admin_user }}"
     group: "{{ admin_user }}"
     mode: '0750'
diff --git a/roles/install_utils_nerdctl/tasks/prerequis.yml b/roles/install_utils_nerdctl/tasks/prerequis.yml
index 53af4571c..94eb82950 100644
--- a/roles/install_utils_nerdctl/tasks/prerequis.yml
+++ b/roles/install_utils_nerdctl/tasks/prerequis.yml
@@ -7,7 +7,6 @@
   with_items:
     - tar
     - gzip
-    - unzip
   become: true
   when:
     - ansible_os_family == "RedHat"
@@ -20,7 +19,6 @@
   with_items:
     - tar
     - gzip
-    - unzip
   become: true
   when:
     - ansible_os_family == "Debian"
diff --git a/roles/install_utils_registry/README.md b/roles/install_utils_registry/README.md
deleted file mode 100644
index f6c579a29..000000000
--- a/roles/install_utils_registry/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-Role Name
-=========
-
-Install a minimal localhost docker registry
-
-License
--------
-
-Apache-2.0
-
-Author Information
-------------------
-
-morze.baltyk@proton.me
\ No newline at end of file
diff --git a/roles/install_utils_registry/defaults/main.yml b/roles/install_utils_registry/defaults/main.yml
deleted file mode 100644
index 95c56ecad..000000000
--- a/roles/install_utils_registry/defaults/main.yml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-# defaults file for install_local_registry
-
-# Mount share
-mount_path: "{{ global_directory_mount }}"
-mount_registry_path: "{{ mount_path }}/registry"
-mount_images_path: "{{ mount_path }}/images"
-mount_registry_tar: "{{ mount_path }}/images/registry/registry.tar"
-
-# General
-rke2_data_path: "{{ global_rke2_data_dir }}"
-rke2_images_path: "{{ global_rke2_data_dir }}/agent/images/"
-registry_namespace: "kube-registry"
diff --git a/roles/install_utils_registry/handlers/main.yml b/roles/install_utils_registry/handlers/main.yml
deleted file mode 100644
index e9f34c1da..000000000
--- a/roles/install_utils_registry/handlers/main.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# handlers file for install_local_registry
-- name: Flush handlers
-  ansible.builtin.meta: flush_handlers
-
-- name: Config file changed
-  ansible.builtin.set_fact:
-    rke2_restart_needed: true
-
-- name: Service (re)started
-  ansible.builtin.set_fact:
-    rke2_restart_needed: false
-
-- name: Restart rke2-server
-  ansible.builtin.systemd:
-    name: rke2-server.service
-    state: restarted
-  notify: "Service (re)started"
-
-- name: Restart rke2-agent
-  ansible.builtin.systemd:
-    name: rke2-agent.service
-    state: restarted
-  notify: "Service (re)started"
\ No newline at end of file
diff --git a/roles/install_utils_registry/meta/main.yml b/roles/install_utils_registry/meta/main.yml
deleted file mode 100644
index 96e75166d..000000000
--- a/roles/install_utils_registry/meta/main.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-galaxy_info:
-  standalone: false # Part of a collection
-  author: morze.baltyk@proton.me
-  description: Install a minimal localhost docker registry
-  company: Opensource
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: Apache-2.0
-
-  min_ansible_version: "2.15.0"
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
diff --git a/roles/install_utils_registry/tasks/deploy.yml b/roles/install_utils_registry/tasks/deploy.yml
deleted file mode 100644
index 5488e644e..000000000
--- a/roles/install_utils_registry/tasks/deploy.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: Kubernetes execution from Ansible controler
-  delegate_to: localhost
-  run_once: true
-  become: false
-  block:
-    - name: Create Namespace
-      kubernetes.core.k8s:
-        kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"
-        state: present
-        definition:
-          apiVersion: v1
-          kind: Namespace
-          metadata:
-            name: "{{ registry_namespace }}"
-
-    - name: Deploy registry manifest
-      kubernetes.core.k8s:
-        state: present
-        template: "registry.yaml.j2"
-        kubeconfig: "~/.kube/{{ inventory_hostname }}.yaml"
diff --git a/roles/install_utils_registry/tasks/load-kubevip.yml b/roles/install_utils_registry/tasks/load-kubevip.yml
deleted file mode 100644
index bc8687f98..000000000
--- a/roles/install_utils_registry/tasks/load-kubevip.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# Load kube-vip
-- name: Find kube-vip images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/kubevip/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy kube-vip images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/kube-vip/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load-longhorn.yml b/roles/install_utils_registry/tasks/load-longhorn.yml
deleted file mode 100644
index 87a4e2b14..000000000
--- a/roles/install_utils_registry/tasks/load-longhorn.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# Load Longhorn
-- name: Find longhorn images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/longhorn/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy longhorn images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/longhornio/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load-neuvector.yml b/roles/install_utils_registry/tasks/load-neuvector.yml
deleted file mode 100644
index ce567937e..000000000
--- a/roles/install_utils_registry/tasks/load-neuvector.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-# Load Neuvector
-- name: Find Neuvector images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/neuvector/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy Neuvector images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/neuvector/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/load-rancher.yml b/roles/install_utils_registry/tasks/load-rancher.yml
deleted file mode 100644
index e88ea2974..000000000
--- a/roles/install_utils_registry/tasks/load-rancher.yml
+++ /dev/null
@@ -1,24 +0,0 @@
----
-# Load Cert
-- name: Find Cert-manager images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/cert/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy Cert-manager images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/cert/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
-
-# Load Rancher
-- name: Find Rancher images on the target server
-  ansible.builtin.find:
-    paths: "{{ mount_images_path }}/rancher/"
-    patterns: "*.tar"
-  register: found_images
-
-- name: Copy Rancher images with skopeo
-  ansible.builtin.command: "skopeo copy docker-archive:{{ item.path }} docker://localhost:5000/rancher/{{ item.path | basename | regex_replace('.tar', '') | regex_replace('_', ':') }} --dest-tls-verify=false"
-  changed_when: false
-  with_items: "{{ found_images['files'] }}"
diff --git a/roles/install_utils_registry/tasks/main.yml b/roles/install_utils_registry/tasks/main.yml
deleted file mode 100644
index 839cc1f06..000000000
--- a/roles/install_utils_registry/tasks/main.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-# tasks file for install_local_registry
-- name: Push registry tar in RKE2 images
-  ansible.builtin.import_tasks: push.yml
-
-- name: Flush handlers
-  ansible.builtin.meta: flush_handlers
-
-- name: Copy manifest
-  ansible.builtin.import_tasks: manifest.yml
-  when: caller_role_name == "controller"
-
-- name: Kubernetes tasks
-  ansible.builtin.import_tasks: deploy.yml
-  when: caller_role_name == "controller"
-
-- name: Wait for local registry to be reachable
-  ansible.builtin.import_tasks: wait.yml
-  when: caller_role_name == "controller"
-
-- name: List images imported in registry
-  ansible.builtin.import_tasks: post.yml
-  when: caller_role_name == "controller"
diff --git a/roles/install_utils_registry/tasks/manifest.yml b/roles/install_utils_registry/tasks/manifest.yml
deleted file mode 100644
index 2fc2a72ba..000000000
--- a/roles/install_utils_registry/tasks/manifest.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: Ensure RKE2 manifests directory exists
-  ansible.builtin.file:
-    state: directory
-    path: "{{ rke2_data_path }}/server/manifests"
-    owner: root
-    group: root
-    mode: 0700
-
-- name: Copy registry manifest to first server
-  ansible.builtin.template:
-    src: "{{ item }}"
-    dest: "{{ rke2_data_path }}/server/manifests/{{ item | basename | regex_replace('.j2$', '') }}"
-    owner: root
-    group: root
-    mode: 0664
-  with_fileglob:
-    - "registry.yaml.j2"
diff --git a/roles/install_utils_registry/tasks/post.yml b/roles/install_utils_registry/tasks/post.yml
deleted file mode 100644
index 836167712..000000000
--- a/roles/install_utils_registry/tasks/post.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-# Result
-- name: List docker registry
-  ansible.builtin.shell:
-    cmd: |
-      set -o pipefail &&
-      source $HOME/.bashrc &&
-      for i in $(curl -sk localhost:5000/v2/_catalog | jq -r '.repositories[]'); do
-        for tag in $(curl -sk localhost:5000/v2/${i}/tags/list | jq -r '.tags[]'); do
-          echo ${i}:${tag};
-        done;
-      done
-    executable: /bin/bash
-  register: docker
-  changed_when: false
-  become: true
-  become_user: "{{ admin_user }}"
-
-- name: Display Output
-  ansible.builtin.debug:
-    var: docker['stdout_lines']
diff --git a/roles/install_utils_registry/tasks/push.yml b/roles/install_utils_registry/tasks/push.yml
deleted file mode 100644
index 1f42918fa..000000000
--- a/roles/install_utils_registry/tasks/push.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-- name: Pre-load registry image
-  ansible.builtin.copy:
-    src: "{{ mount_registry_tar }}"
-    dest: "{{ rke2_images_path }}"
-    remote_src: true
-    mode: "0750"
-    follow: true
-  notify: Restart rke2-server
-  when:  caller_role_name == "controller"
-
-- name: Pre-load registry image
-  ansible.builtin.copy:
-    src: "{{ mount_registry_tar }}"
-    dest: "{{ rke2_images_path }}"
-    remote_src: true
-    mode: "0750"
-    follow: true
-  notify: Restart rke2-agent
-  when: caller_role_name == "worker"
diff --git a/roles/install_utils_registry/tasks/wait.yml b/roles/install_utils_registry/tasks/wait.yml
deleted file mode 100644
index 14189ff47..000000000
--- a/roles/install_utils_registry/tasks/wait.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-- name: Flush handlers now
-  ansible.builtin.meta: flush_handlers
-
-- name: Wait for k8s apiserver
-  ansible.builtin.wait_for:
-    host: localhost
-    port: "5000"
-    state: present
-    timeout: 600
diff --git a/roles/install_utils_registry/templates/registry.yaml.j2 b/roles/install_utils_registry/templates/registry.yaml.j2
deleted file mode 100644
index 1336022a7..000000000
--- a/roles/install_utils_registry/templates/registry.yaml.j2
+++ /dev/null
@@ -1,36 +0,0 @@
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: registry
-  namespace: {{ registry_namespace }}
-  labels:
-    app: registry
-spec:
-  selector:
-    matchLabels:
-      app: registry
-  template:
-    metadata:
-      labels:
-        app: registry
-    spec:
-      containers:
-      - name: registry
-        image: registry
-        imagePullPolicy: Never
-        ports:
-        - name: registry
-          containerPort: 5000
-        securityContext:
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-        volumeMounts:
-        - name: registry
-          mountPath: /var/lib/registry
-      volumes:
-      - name: registry
-        hostPath:
-          path: "{{ mount_registry_path }}"
-      hostNetwork: true
\ No newline at end of file
diff --git a/roles/install_utils_registry/tests/inventory b/roles/install_utils_registry/tests/inventory
deleted file mode 100644
index 878877b07..000000000
--- a/roles/install_utils_registry/tests/inventory
+++ /dev/null
@@ -1,2 +0,0 @@
-localhost
-
diff --git a/roles/install_utils_registry/tests/test.yml b/roles/install_utils_registry/tests/test.yml
deleted file mode 100644
index 639d9522b..000000000
--- a/roles/install_utils_registry/tests/test.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Test
-  hosts: localhost
-  remote_user: root
-  roles:
-    - install_utils_registry
diff --git a/roles/set_nfs_export/README.md b/roles/set_nfs_export/README.md
deleted file mode 100644
index 1e293c72b..000000000
--- a/roles/set_nfs_export/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-Role Name
-=========
-
-Export NFS volume from Controler to share images
-
-License
--------
-
-Apache-2.0
-
-Author Information
-------------------
-
-morze.baltyk@proton.me
\ No newline at end of file
diff --git a/roles/set_nfs_export/defaults/main.yml b/roles/set_nfs_export/defaults/main.yml
deleted file mode 100644
index 491ccf2da..000000000
--- a/roles/set_nfs_export/defaults/main.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-# defaults file for export_nfs
-
-export_nfs_path: "{{ global_directory_package_target }}"
-export_nfs_registry_path: "{{ export_nfs_path }}/registry"
-symlink_mount_path: "{{ global_directory_mount }}"
diff --git a/roles/set_nfs_export/handlers/main.yml b/roles/set_nfs_export/handlers/main.yml
deleted file mode 100644
index a59f769a8..000000000
--- a/roles/set_nfs_export/handlers/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# handlers file for export_nfs
-
-- name: Restart_NFS_Server
-  ansible.builtin.systemd:
-    name: nfs-server
-    state: restarted
\ No newline at end of file
diff --git a/roles/set_nfs_export/meta/main.yml b/roles/set_nfs_export/meta/main.yml
deleted file mode 100644
index 412d411cc..000000000
--- a/roles/set_nfs_export/meta/main.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-galaxy_info:
-  standalone: false # Part of a collection
-  author: morze.baltyk@proton.me
-  description: Export NFS volume from Controler to share images
-  company: Opensource
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: Apache-2.0
-
-  min_ansible_version: "2.15.0"
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
diff --git a/roles/set_nfs_export/tasks/firewalld.yml b/roles/set_nfs_export/tasks/firewalld.yml
deleted file mode 100644
index 605fbbc1e..000000000
--- a/roles/set_nfs_export/tasks/firewalld.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-- name: Firewalld setup
-  become: true
-  when:
-    - ansible_facts['services']['firewalld.service'] is defined
-    - ansible_facts['services']['firewalld.service']['state'] == "running"
-  block:
-    - name: Firewalld NFS port enabled
-      ansible.posix.firewalld:
-        service: "{{ item }}"
-        permanent: true
-        state: enabled
-      loop:
-        - nfs
-        - rpc-bind
-        - mountd
-
-    - name: Always reload firewalld
-      ansible.builtin.service:
-        name: firewalld
-        state: reloaded
\ No newline at end of file
diff --git a/roles/set_nfs_export/tasks/install.yml b/roles/set_nfs_export/tasks/install.yml
deleted file mode 100644
index 87269fde3..000000000
--- a/roles/set_nfs_export/tasks/install.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-# share out directory
-- name: NFS share
-  become: true
-  block:
-    - name: Install NFS packages
-      ansible.builtin.dnf:
-        name: "{{ item }}"
-        state: present
-      with_items:
-        - nfs-utils
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
-    - name: Share out directory via NFS
-      ansible.builtin.lineinfile:
-        path: /etc/exports
-        line: "{{ export_nfs_path }} *(rw,fsid=1,sync,no_root_squash,no_all_squash)"
-      notify: Restart_NFS_Server
-
-    - name: Enable and start NFS server service
-      ansible.builtin.systemd:
-        name: nfs-server
-        enabled: true
-        state: started
-
-    - name: Create Symlink to get same path than other server
-      ansible.builtin.file:
-        src: "{{ export_nfs_path }}"
-        dest: "{{ symlink_mount_path }}"
-        state: link
-      when: export_nfs_path != symlink_mount_path
diff --git a/roles/set_nfs_export/tasks/main.yml b/roles/set_nfs_export/tasks/main.yml
deleted file mode 100644
index 7b5692462..000000000
--- a/roles/set_nfs_export/tasks/main.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-# tasks file for export_nfs
-- name: Gather facts
-  ansible.builtin.setup:
-    gather_subset:
-      - "distribution"
-      - "distribution_major_version"
-      - "!min"
-  when: >
-    ansible_os_family is not defined
-
-- name: Tasks for Linux
-  ansible.builtin.import_tasks: selinux.yml
-
-- name: Tasks for Linux
-  ansible.builtin.import_tasks: firewalld.yml
-
-- name: Tasks to install and setup NFS export
-  ansible.builtin.import_tasks: install.yml
-
-- name: Flush handlers
-  ansible.builtin.meta: flush_handlers
\ No newline at end of file
diff --git a/roles/set_nfs_export/tasks/selinux.yml b/roles/set_nfs_export/tasks/selinux.yml
deleted file mode 100644
index c358820cc..000000000
--- a/roles/set_nfs_export/tasks/selinux.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-- name: Create package directories
-  ansible.builtin.file:
-    path: "{{ export_nfs_registry_path }}"
-    state: directory
-    recurse: true
-
-- name: Test whether SELinux is enabled
-  ansible.builtin.command: /usr/sbin/selinuxenabled
-  ignore_errors: true
-  changed_when: false
-  register: selinux_status
-
-- name: SElinux config
-  when: selinux_status.rc == 0
-  block:
-    # chcon system_u:object_r:container_file_t:s0 /opt/rancher/registry
-    - name: Ensures registry container can be executed on path
-      community.general.sefcontext:
-        target: "{{ export_nfs_registry_path }}(/.*)?"
-        setype: container_file_t
-        state: present
-
-    - name: Restorecon
-      ansible.builtin.command: "restorecon -v {{ export_nfs_registry_path }}"
-      changed_when: false
diff --git a/roles/set_nfs_export/tests/inventory b/roles/set_nfs_export/tests/inventory
deleted file mode 100644
index 878877b07..000000000
--- a/roles/set_nfs_export/tests/inventory
+++ /dev/null
@@ -1,2 +0,0 @@
-localhost
-
diff --git a/roles/set_nfs_export/tests/test.yml b/roles/set_nfs_export/tests/test.yml
deleted file mode 100644
index 7e4dc23d9..000000000
--- a/roles/set_nfs_export/tests/test.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Test
-  hosts: localhost
-  remote_user: root
-  roles:
-    - set_nfs_export
diff --git a/roles/set_nfs_mount/README.md b/roles/set_nfs_mount/README.md
deleted file mode 100644
index ca61a96de..000000000
--- a/roles/set_nfs_mount/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-Role Name
-=========
-
-mount share nfs on workers to share images
-
-License
--------
-
-Apache-2.0
-
-Author Information
-------------------
-
-morze.baltyk@proton.me
\ No newline at end of file
diff --git a/roles/set_nfs_mount/defaults/main.yml b/roles/set_nfs_mount/defaults/main.yml
deleted file mode 100644
index f50ef7e78..000000000
--- a/roles/set_nfs_mount/defaults/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-# defaults file for mount_nfs
-master: "{{ global_master_ip }}"
-export_nfs_path: "{{ global_directory_package_target }}"
-nfs_mount_path: "{{ global_directory_mount }}"
diff --git a/roles/set_nfs_mount/handlers/main.yml b/roles/set_nfs_mount/handlers/main.yml
deleted file mode 100644
index 0f1387fea..000000000
--- a/roles/set_nfs_mount/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for mount_nfs
diff --git a/roles/set_nfs_mount/meta/main.yml b/roles/set_nfs_mount/meta/main.yml
deleted file mode 100644
index 7521aa303..000000000
--- a/roles/set_nfs_mount/meta/main.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-galaxy_info:
-  standalone: false # Part of a collection
-  author: morze.baltyk@proton.me
-  description: mount share nfs on workers to share images
-  company: Opensource
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: Apache-2.0
-
-  min_ansible_version: "2.15.0"
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
diff --git a/roles/set_nfs_mount/tasks/main.yml b/roles/set_nfs_mount/tasks/main.yml
deleted file mode 100644
index bef842696..000000000
--- a/roles/set_nfs_mount/tasks/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# tasks file for mount_nfs
-- name: Gather facts
-  ansible.builtin.setup:
-    gather_subset:
-      - "distribution"
-      - "distribution_major_version"
-      - "!min"
-  when: >
-    ansible_os_family is not defined
-
-- name: Tasks for RHEL-like OS
-  ansible.builtin.import_tasks: rhel.yml
-  when:
-    - ansible_os_family == "RedHat"
\ No newline at end of file
diff --git a/roles/set_nfs_mount/tasks/rhel.yml b/roles/set_nfs_mount/tasks/rhel.yml
deleted file mode 100644
index ecbd1a3cc..000000000
--- a/roles/set_nfs_mount/tasks/rhel.yml
+++ /dev/null
@@ -1,33 +0,0 @@
----
-# mount NFS directory
-- name: Mount NFS directory
-  become: true
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
-  block:
-    - name: Install NFS packages
-      ansible.builtin.dnf:
-        name: "{{ item }}"
-        state: present
-      with_items:
-        - nfs-utils
-
-    - name: Create mount directory
-      ansible.builtin.file:
-        path: "{{ nfs_mount_path }}"
-        state: directory
-        recurse: true
-
-    - name: Add NFS entry to /etc/fstab
-      ansible.builtin.lineinfile:
-        path: /etc/fstab
-        line: "{{ master }}:{{ export_nfs_path }} {{ nfs_mount_path }} nfs rw,hard,rsize=1048576,wsize=1048576 0 0"
-
-    - name: Mount NFS share
-      ansible.posix.mount:
-        path: "{{ nfs_mount_path }}"
-        src: "{{ master }}:{{ export_nfs_path }}"
-        fstype: nfs
-        opts: rw,hard,rsize=1048576,wsize=1048576
-        state: mounted
\ No newline at end of file
diff --git a/roles/set_nfs_mount/tests/inventory b/roles/set_nfs_mount/tests/inventory
deleted file mode 100644
index 878877b07..000000000
--- a/roles/set_nfs_mount/tests/inventory
+++ /dev/null
@@ -1,2 +0,0 @@
-localhost
-
diff --git a/roles/set_nfs_mount/tests/test.yml b/roles/set_nfs_mount/tests/test.yml
deleted file mode 100644
index 6c82a5dfb..000000000
--- a/roles/set_nfs_mount/tests/test.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Test
-  hosts: localhost
-  remote_user: root
-  roles:
-    - set_nfs_mount
diff --git a/roles/uninstall_rkub/tasks/main.yml b/roles/uninstall_rkub/tasks/main.yml
index ae8bc2712..8b6c04a85 100644
--- a/roles/uninstall_rkub/tasks/main.yml
+++ b/roles/uninstall_rkub/tasks/main.yml
@@ -24,9 +24,6 @@
 - name: Admin Uninstall
   ansible.builtin.import_tasks: admin.yml
 
-- name: NFS Uninstall
-  ansible.builtin.import_tasks: nfs.yml
-
 - name: RKE2 firewalld remove
   vars:
     firewalld_remove: "{{ firewalld_rules_to_remove }}"
@@ -35,4 +32,4 @@
     tasks_from: main
   when:
     - ansible_facts['services']['firewalld.service'] is defined
-    - ansible_facts['services']['firewalld.service']['state'] == "running"
\ No newline at end of file
+    - ansible_facts['services']['firewalld.service']['state'] == "running"
diff --git a/roles/uninstall_rkub/tasks/nfs.yml b/roles/uninstall_rkub/tasks/nfs.yml
deleted file mode 100644
index 74e51f55e..000000000
--- a/roles/uninstall_rkub/tasks/nfs.yml
+++ /dev/null
@@ -1,57 +0,0 @@
----
-- name: Remove NFS
-  become: true
-  block:
-    - name: Unmount NFS share
-      ansible.posix.mount:
-        path: "{{ nfs_mount_path }}"
-        state: unmounted
-
-    - name: Remove NFS entry from /etc/fstab
-      ansible.builtin.lineinfile:
-        path: /etc/fstab
-        regexp: ".*{{ nfs_mount_path }} nfs.*"
-        state: absent
-
-    - name: Remove mount directory
-      ansible.builtin.file:
-        path: "{{ nfs_mount_path }}"
-        state: absent
-
-    - name: Share out directory via NFS
-      ansible.builtin.lineinfile:
-        path: /etc/exports
-        line: "{{ export_nfs_path }} *(ro)"
-        state: absent
-
-    - name: Remove NFS packages
-      ansible.builtin.dnf:
-        name: "{{ item }}"
-        state: absent
-      with_items:
-        - nfs-utils
-      when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version | int >= 8
-
-# Remove NFS firewalld
-- name: Remove NFS Firewalld
-  become: true
-  when:
-    - ansible_facts['services']['firewalld.service'] is defined
-    - ansible_facts['services']['firewalld.service']['state'] == "running"
-  block:
-    - name: Firewalld NFS port enabled
-      ansible.posix.firewalld:
-        service: "{{ item }}"
-        permanent: true
-        state: disabled
-      loop:
-        - nfs
-        - mountd
-        - rpc-bind
-
-    - name: Always reload firewalld
-      ansible.builtin.service:
-        name: firewalld
-        state: reloaded
\ No newline at end of file

From c6a419bbbf2beacc4327f79e6fb0520301b3c429 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 17:54:35 +0200
Subject: [PATCH 313/365] adding hauler store

---
 roles/install_rke2_controller/tasks/localhost.yml | 10 +++++++---
 roles/uninstall_rkub/defaults/main.yml            |  2 --
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 7575248b1..6a59e8db3 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -18,8 +18,10 @@
       ansible.builtin.command: type kubecm
       register: is_installed
       changed_when: false
+      failed_when: false
 
     - name: Add kubeconfig to kubecm
+      when: is_installed.rc == 0
       block:
         - name: Test if default context already exist in your kubeconfig.
           ansible.builtin.command: "kubecm list default > /dev/null  2>&1"
@@ -38,10 +40,12 @@
           ansible.builtin.command: "kubecm switch default"
           changed_when: false
 
-  rescue:
     - name: No Kubecm
-      ansible.builtin.debug:
-        msg: "Kubecm is not installed on your localhost! Not a big problem, but I did not add it to your local kubeconfig."
+      when: is_installed.rc != 0
+      block:
+        - name: No Kubecm
+          ansible.builtin.debug:
+            msg: "Kubecm is not installed on your localhost! Not a big problem, but I did not add it to your local kubeconfig."
 
   always:
     - name: Message to you
diff --git a/roles/uninstall_rkub/defaults/main.yml b/roles/uninstall_rkub/defaults/main.yml
index 12689f1a4..c69355fc0 100644
--- a/roles/uninstall_rkub/defaults/main.yml
+++ b/roles/uninstall_rkub/defaults/main.yml
@@ -1,8 +1,6 @@
 ---
 # defaults file for uninstall_rke2
 admin_user: "{{ global_install_user }}"
-export_nfs_path: "{{ global_directory_package_target }}"
-nfs_mount_path: "{{ global_directory_mount }}"
 longhorn_datapath: "{{ global_longhorn_datapath }}"
 
 firewalld_rules_to_remove:

From 100183670b94b2ce0001c61fb3224c0d9e9e2835 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 18:07:35 +0200
Subject: [PATCH 314/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 23 ++++++++++++++++++-
 .../tasks/localhost.yml                       |  2 +-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index f6a46ed88..7859e8f2f 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -50,4 +50,25 @@
           PATH=$PATH:{{ rke2_data_dir }}/bin
         marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
-# Install helm / k9s
+    # Install helm / k9s
+    - name: Download helm bin to
+      ansible.builtin.unarchive:
+        src: "http://{{ hauler_server }}:8080/helm.tar.gz"
+        dest: "/usr/local/bin/helm"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+        remote_src: true
+        validate_certs: false
+        extra_opts: ['--strip-components=1']
+
+    - name: Download k9s bin into /usr/local/bin
+      ansible.builtin.unarchive:
+        src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
+        dest: "/usr/local/bin/k9s"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+        remote_src: true
+        validate_certs: false
+        extra_opts: ['--strip-components=1']
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 6a59e8db3..b2670dcf2 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -33,7 +33,7 @@
 
       rescue:
         - name: Add to kubecm
-          ansible.builtin.command: "kubecm add -c -f ~/.kube/{{ inventory_hostname }}.yaml"
+          ansible.builtin.command: "kubecm add -c --context-name {{ inventory_hostname }} -f ~/.kube/{{ inventory_hostname }}.yaml"
           changed_when: false
 
         - name: Switch to default

From b247335c607ef9a95634f79eb538b6bec7c8c253 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 19:06:22 +0200
Subject: [PATCH 315/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 11 ++-
 .../install_rke2_controller/tasks/arkade.yml  | 58 ---------------
 roles/install_utils_nerdctl/tasks/install.yml | 72 ++++++++++---------
 3 files changed, 47 insertions(+), 94 deletions(-)
 delete mode 100644 roles/install_rke2_controller/tasks/arkade.yml

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 7859e8f2f..f01678ea3 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -51,10 +51,17 @@
         marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
     # Install helm / k9s
+    - name: Ensure .local/bin dir exist
+      ansible.builtin.file:
+        path: "$HOME/.local/bin"
+        state: directory
+        mode: 0700
+        recurse: true
+
     - name: Download helm bin to
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/helm.tar.gz"
-        dest: "/usr/local/bin/helm"
+        dest: "$HOME/.local/bin"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
@@ -65,7 +72,7 @@
     - name: Download k9s bin into /usr/local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
-        dest: "/usr/local/bin/k9s"
+        dest: "$HOME/.local/bin"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
diff --git a/roles/install_rke2_controller/tasks/arkade.yml b/roles/install_rke2_controller/tasks/arkade.yml
deleted file mode 100644
index 7513c9b44..000000000
--- a/roles/install_rke2_controller/tasks/arkade.yml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-# As Admin User
-- name: Prepare arkade packages
-  become: true
-  become_user: "{{ admin_user }}"
-  block:
-    - name: Ensure Arkade directory exist
-      ansible.builtin.file:
-        path: "$HOME/.arkade/bin"
-        state: directory
-        recurse: true
-        owner: "{{ admin_user }}"
-        group: "{{ admin_user }}"
-        mode: '0700'
-
-    - name: Update .bashrc
-      ansible.builtin.blockinfile:
-        path: "$HOME/.bashrc"
-        block: |
-          export PATH=$PATH:$HOME/.arkade/bin
-        marker: "# {mark} ANSIBLE install arkade utils"
-
-# As root
-- name: Import arkade packages
-  become: true
-  block:
-    - name: Get user info
-      ansible.builtin.user:
-        name: "{{ admin_user }}"
-        state: present
-      register: user_info
-      check_mode: true
-
-    - name: Set homedir
-      ansible.builtin.set_fact:
-        homedir: "{{ user_info['home'] }}"
-
-    - name: Copy utils into .arkade/bin
-      ansible.builtin.copy:
-        src: "{{ mount_utils_path }}/{{ item }}"
-        dest: "{{ homedir }}/.arkade/bin/{{ item }}"
-        force: true
-        remote_src: true
-        mode: '0700'
-      loop:
-        - yq
-        - jq
-        - helm
-        - just
-        - kubectl
-        - k9s
-
-    - name: Ensure admin user access arkade utils
-      ansible.builtin.file:
-        path: "{{ homedir }}/.arkade/bin"
-        owner: "{{ admin_user }}"
-        group: "{{ admin_user }}"
-        recurse: true
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 7730c2ee4..0d2dcbdc6 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -1,26 +1,30 @@
 ---
-- name: Create the NERDCTL directory
-  ansible.builtin.file:
-    path: /etc/nerdctl
-    state: directory
-    mode: '0754'
+# As root
+- name: Install Nerdctl
+  become: true
+  block:
+    - name: Create the NERDCTL directory
+      ansible.builtin.file:
+        path: /etc/nerdctl
+        state: directory
+        mode: '0754'
 
-- name: Check if file does exist
-  ansible.builtin.stat:
-    path: /usr/local/bin/nerdctl
-  register: file_data
+    - name: Check if file does exist
+      ansible.builtin.stat:
+        path: /usr/local/bin/nerdctl
+      register: file_data
 
-- name: Download Nerdctl bin into /usr/local/bin
-  ansible.builtin.unarchive:
-    src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-    dest: "/usr/local/bin/nerdctl"
-    owner: "{{ admin_user }}"
-    group: "{{ admin_user }}"
-    mode: '0750'
-    remote_src: true
-    validate_certs: false
-    extra_opts: ['--strip-components=1']
-  when: not file_data.stat.exists
+    - name: Download Nerdctl bin into /usr/local/bin
+      ansible.builtin.unarchive:
+        src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
+        dest: "/usr/local/bin/nerdctl"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+        remote_src: true
+        validate_certs: false
+        extra_opts: ['--strip-components=1']
+      when: not file_data.stat.exists
 
 #- name: Download Nerdctl archive
 #  ansible.builtin.get_url:
@@ -37,18 +41,18 @@
 #    mode: '0750'
 #    remote_src: true
 
-- name: Copy NERDCTL configuration file
-  ansible.builtin.template:
-    src: nerdctl.toml
-    dest: /etc/nerdctl
-    owner: "{{ admin_user }}"
-    group: "{{ admin_user }}"
-    mode: '0644'
+    - name: Copy NERDCTL configuration file
+      ansible.builtin.template:
+        src: nerdctl.toml
+        dest: /etc/nerdctl
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0644'
 
-- name: Copy SUDO configuration
-  ansible.builtin.template:
-    src: secure-path
-    dest: /etc/sudoers.d
-    owner: "root"
-    group: "root"
-    mode: '0440'
+    - name: Copy SUDO configuration
+      ansible.builtin.template:
+        src: secure-path
+        dest: /etc/sudoers.d
+        owner: "root"
+        group: "root"
+        mode: '0440'

From a8e56c0f98f5c888f93afd735617c4dd426b9433 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 20:22:13 +0200
Subject: [PATCH 316/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 4 ++--
 roles/install_utils_nerdctl/tasks/install.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index f01678ea3..b02b97498 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -58,7 +58,7 @@
         mode: 0700
         recurse: true
 
-    - name: Download helm bin to
+    - name: Download helm bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/helm.tar.gz"
         dest: "$HOME/.local/bin"
@@ -69,7 +69,7 @@
         validate_certs: false
         extra_opts: ['--strip-components=1']
 
-    - name: Download k9s bin into /usr/local/bin
+    - name: Download k9s bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
         dest: "$HOME/.local/bin"
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 0d2dcbdc6..3f611222f 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -17,7 +17,7 @@
     - name: Download Nerdctl bin into /usr/local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-        dest: "/usr/local/bin/nerdctl"
+        dest: "/usr/local/bin"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'

From 9701d5a75022cc9690ffa09ce08ce57d5e428865 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 20:49:07 +0200
Subject: [PATCH 317/365] adding hauler store

---
 roles/deploy_hauler/defaults/main.yml |  9 +++++++++
 roles/deploy_hauler/tasks/main.yml    | 15 +++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/roles/deploy_hauler/defaults/main.yml b/roles/deploy_hauler/defaults/main.yml
index 6f6e48667..a0fecf6ce 100644
--- a/roles/deploy_hauler/defaults/main.yml
+++ b/roles/deploy_hauler/defaults/main.yml
@@ -2,3 +2,12 @@
 # defaults file for deploy_hauler
 deploy_hauler_directory: "{{ global_directory_package_target }}"
 deploy_hauler_server: "{{ global_hauler_ip }}"
+
+# Firewall rules
+hauler_firewalld_rules:
+  inbound:
+    - name: hauler
+      zone: public
+      ports:
+        - {port: 5000, protocol: tcp}
+        - {port: 8080, protocol: tcp}
diff --git a/roles/deploy_hauler/tasks/main.yml b/roles/deploy_hauler/tasks/main.yml
index ce18bf64c..5b4e1a24e 100644
--- a/roles/deploy_hauler/tasks/main.yml
+++ b/roles/deploy_hauler/tasks/main.yml
@@ -11,6 +11,21 @@
     ansible_os_family is not defined
   tags: [always]
 
+- name: Populate service facts
+  ansible.builtin.service_facts: {}
+  tags: [always]
+
+- name: Hauler firewalld
+  vars:
+    firewalld_rules: "{{ hauler_firewalld_rules }}"
+  ansible.builtin.import_role:
+    name: set_firewalld
+    tasks_from: main
+  when:
+    - ansible_facts['services']['firewalld.service'] is defined
+    - ansible_facts['services']['firewalld.service']['state'] == "running"
+  tags: firewalld
+
 - name: Hauler Install and settings for RHEL-like OS
   ansible.builtin.import_tasks: rhel.yml
   when: ansible_os_family == "RedHat"

From 19c2404965bd053ced8fa7bf81e09cf7328c41c0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 21:17:25 +0200
Subject: [PATCH 318/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 11 ++++++-----
 roles/install_utils_nerdctl/tasks/install.yml | 14 +++++++++-----
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index b02b97498..a24b48840 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -53,29 +53,30 @@
     # Install helm / k9s
     - name: Ensure .local/bin dir exist
       ansible.builtin.file:
-        path: "$HOME/.local/bin"
+        path: "$HOME/.local/bin/{{ item }}"
         state: directory
         mode: 0700
         recurse: true
+      loop:
+        - "helm"
+        - "k9s"
 
     - name: Download helm bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/helm.tar.gz"
-        dest: "$HOME/.local/bin"
+        dest: "$HOME/.local/bin/helm"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
         remote_src: true
         validate_certs: false
-        extra_opts: ['--strip-components=1']
 
     - name: Download k9s bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
-        dest: "$HOME/.local/bin"
+        dest: "$HOME/.local/bin/k9s"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
         remote_src: true
         validate_certs: false
-        extra_opts: ['--strip-components=1']
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 3f611222f..21fff5790 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -14,16 +14,20 @@
         path: /usr/local/bin/nerdctl
       register: file_data
 
+    - name: Create tmp dir
+      ansible.builtin.file:
+        path: /tmp/nerdctl
+        state: directory
+        mode: '0750'
+      when: not file_data.stat.exists
+
     - name: Download Nerdctl bin into /usr/local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-        dest: "/usr/local/bin"
-        owner: "{{ admin_user }}"
-        group: "{{ admin_user }}"
+        dest: "/tmp/nerdctl"
         mode: '0750'
         remote_src: true
         validate_certs: false
-        extra_opts: ['--strip-components=1']
       when: not file_data.stat.exists
 
 #- name: Download Nerdctl archive
@@ -35,7 +39,7 @@
 #- name: Unarchive Nerdctl
 #  ansible.builtin.unarchive:
 #    src: "/usr/local/bin/nerdctl-archive.tar.gz"
-#    dest: "/usr/local/bin/"
+#    dest: "/usr/local/bin/."
 #    owner: "{{ admin_user }}"
 #    group: "{{ admin_user }}"
 #    mode: '0750'

From 89ae4a61b87638087b8f0008e07f6ed031100abb Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 22:00:26 +0200
Subject: [PATCH 319/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 33 ++++++++++--
 roles/install_utils_nerdctl/tasks/install.yml | 52 +++++++++----------
 2 files changed, 54 insertions(+), 31 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index a24b48840..ffa0661af 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -58,25 +58,50 @@
         mode: 0700
         recurse: true
       loop:
-        - "helm"
-        - "k9s"
+        - "helm-tmp"
+        - "k9s-tmp"
 
     - name: Download helm bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/helm.tar.gz"
-        dest: "$HOME/.local/bin/helm"
+        dest: "$HOME/.local/bin/helm-tmp"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
         remote_src: true
         validate_certs: false
 
+    - name: Copy helm binary file
+      ansible.builtin.copy:
+        src: "$HOME/.local/bin/helm-tmp/linux-amd64/helm"
+        dest: "$HOME/.local/bin/helm"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+
     - name: Download k9s bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
-        dest: "$HOME/.local/bin/k9s"
+        dest: "$HOME/.local/bin/k9s-tmp"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
         remote_src: true
         validate_certs: false
+
+    - name: Copy k9s binary file
+      ansible.builtin.copy:
+        src: "$HOME/.local/bin/k9s-tmp/k9s"
+        dest: "$HOME/.local/bin/k9s"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+
+    - name: Cleanup tmp dir
+      ansible.builtin.file:
+        path: "$HOME/.local/bin/{{ item }}"
+        state: absent
+        recurse: true
+      loop:
+        - "helm-tmp"
+        - "k9s-tmp"
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index 21fff5790..b98c5104b 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -14,36 +14,34 @@
         path: /usr/local/bin/nerdctl
       register: file_data
 
-    - name: Create tmp dir
-      ansible.builtin.file:
-        path: /tmp/nerdctl
-        state: directory
-        mode: '0750'
+    - name: Push nerdctl when not already here
       when: not file_data.stat.exists
+      block:
+        - name: Create tmp dir
+          ansible.builtin.file:
+            path: /tmp/nerdctl
+            state: directory
+            mode: '0750'
 
-    - name: Download Nerdctl bin into /usr/local/bin
-      ansible.builtin.unarchive:
-        src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-        dest: "/tmp/nerdctl"
-        mode: '0750'
-        remote_src: true
-        validate_certs: false
-      when: not file_data.stat.exists
+        - name: Download Nerdctl bin into /usr/local/bin
+          ansible.builtin.unarchive:
+            src: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
+            dest: "/tmp/nerdctl"
+            mode: '0750'
+            remote_src: true
+            validate_certs: false
+
+        - name: Copy nerdctl binary file
+          ansible.builtin.copy:
+            src: "/tmp/nerdctl/nerdctl"
+            dest: "/usr/local/bin/nerdctl"
+            mode: '0750'
 
-#- name: Download Nerdctl archive
-#  ansible.builtin.get_url:
-#    url: "http://{{ hauler_server }}:8080/nerdctl.tar.gz"
-#    dest: "/usr/local/bin/nerdctl-archive.tar.gz"
-#    validate_certs: false
-#
-#- name: Unarchive Nerdctl
-#  ansible.builtin.unarchive:
-#    src: "/usr/local/bin/nerdctl-archive.tar.gz"
-#    dest: "/usr/local/bin/."
-#    owner: "{{ admin_user }}"
-#    group: "{{ admin_user }}"
-#    mode: '0750'
-#    remote_src: true
+        - name: Cleanup tmp dir
+          ansible.builtin.file:
+            path: /tmp/nerdctl
+            state: absent
+            recurse: true
 
     - name: Copy NERDCTL configuration file
       ansible.builtin.template:

From d8734fbfc708ae0357a0f651e1edb328725dc018 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 22:21:58 +0200
Subject: [PATCH 320/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index ffa0661af..ad1d950b7 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -53,18 +53,19 @@
     # Install helm / k9s
     - name: Ensure .local/bin dir exist
       ansible.builtin.file:
-        path: "$HOME/.local/bin/{{ item }}"
+        path: "{{ item }}"
         state: directory
         mode: 0700
         recurse: true
       loop:
-        - "helm-tmp"
-        - "k9s-tmp"
+        - "$HOME/helm-tmp"
+        - "$HOME/k9s-tmp"
+        - "$HOME/.local/bin"
 
     - name: Download helm bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/helm.tar.gz"
-        dest: "$HOME/.local/bin/helm-tmp"
+        dest: "$HOME/helm-tmp"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
@@ -73,7 +74,7 @@
 
     - name: Copy helm binary file
       ansible.builtin.copy:
-        src: "$HOME/.local/bin/helm-tmp/linux-amd64/helm"
+        src: "$HOME/helm-tmp/linux-amd64/helm"
         dest: "$HOME/.local/bin/helm"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
@@ -82,7 +83,7 @@
     - name: Download k9s bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
-        dest: "$HOME/.local/bin/k9s-tmp"
+        dest: "$HOME/k9s-tmp"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
@@ -91,7 +92,7 @@
 
     - name: Copy k9s binary file
       ansible.builtin.copy:
-        src: "$HOME/.local/bin/k9s-tmp/k9s"
+        src: "$HOME/k9s-tmp/k9s"
         dest: "$HOME/.local/bin/k9s"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
@@ -99,9 +100,9 @@
 
     - name: Cleanup tmp dir
       ansible.builtin.file:
-        path: "$HOME/.local/bin/{{ item }}"
+        path: "{{ item }}"
         state: absent
         recurse: true
       loop:
-        - "helm-tmp"
-        - "k9s-tmp"
+        - "$HOME/helm-tmp"
+        - "$HOME/k9s-tmp"

From a7cbdbb86d72853fcf2dac13cf5650b8b073e10a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 14 May 2024 22:24:06 +0200
Subject: [PATCH 321/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index ad1d950b7..3734086be 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -79,6 +79,7 @@
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
+        remote_src: true
 
     - name: Download k9s bin to .local/bin
       ansible.builtin.unarchive:
@@ -97,6 +98,7 @@
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
+        remote_src: true
 
     - name: Cleanup tmp dir
       ansible.builtin.file:

From 70e6c19af989fa749b4c0c976ceb143d33940f5a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 15 May 2024 09:58:56 +0200
Subject: [PATCH 322/365] adding hauler store

---
 roles/install_rke2_controller/tasks/admin.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 3734086be..0c22946f4 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -58,14 +58,14 @@
         mode: 0700
         recurse: true
       loop:
-        - "$HOME/helm-tmp"
-        - "$HOME/k9s-tmp"
+        - "/tmp/helm"
+        - "/tmp/k9s"
         - "$HOME/.local/bin"
 
     - name: Download helm bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/helm.tar.gz"
-        dest: "$HOME/helm-tmp"
+        dest: "/tmp/helm"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
@@ -74,7 +74,7 @@
 
     - name: Copy helm binary file
       ansible.builtin.copy:
-        src: "$HOME/helm-tmp/linux-amd64/helm"
+        src: "/tmp/helm/linux-amd64/helm"
         dest: "$HOME/.local/bin/helm"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
@@ -84,7 +84,7 @@
     - name: Download k9s bin to .local/bin
       ansible.builtin.unarchive:
         src: "http://{{ hauler_server }}:8080/k9s.tar.gz"
-        dest: "$HOME/k9s-tmp"
+        dest: "/tmp/k9s"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         mode: '0750'
@@ -93,7 +93,7 @@
 
     - name: Copy k9s binary file
       ansible.builtin.copy:
-        src: "$HOME/k9s-tmp/k9s"
+        src: "/tmp/k9s/k9s"
         dest: "$HOME/.local/bin/k9s"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
@@ -106,5 +106,5 @@
         state: absent
         recurse: true
       loop:
-        - "$HOME/helm-tmp"
-        - "$HOME/k9s-tmp"
+        - "/tmp/helm"
+        - "/tmp/k9s"

From ef25833a4f5f809958ef6817bbf213ee95c7c0ab Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 15 May 2024 13:47:22 +0200
Subject: [PATCH 323/365] adding hauler store

---
 roles/install_rke2_common/tasks/main.yml      |  4 +++
 roles/install_rke2_common/tasks/registry.yml  |  8 +++++
 .../templates/registries.yaml.j2              |  7 +++++
 .../tasks/rpm_install.yml                     | 28 ++++++++---------
 .../templates/config.yaml.j2                  | 30 +++++++++++++++++--
 .../templates/new-config.yaml.j2              | 30 -------------------
 .../templates/old-config.yaml.j2              |  4 +++
 .../install_rke2_worker/tasks/rpm_install.yml | 21 +++++++++++++
 .../templates/config.yaml.j2                  | 14 +++++++--
 .../templates/new-config.yaml.j2              | 18 -----------
 .../templates/old-config.yaml.j2              |  8 +++++
 11 files changed, 105 insertions(+), 67 deletions(-)
 create mode 100644 roles/install_rke2_common/tasks/registry.yml
 create mode 100644 roles/install_rke2_common/templates/registries.yaml.j2
 delete mode 100644 roles/install_rke2_controller/templates/new-config.yaml.j2
 create mode 100644 roles/install_rke2_controller/templates/old-config.yaml.j2
 delete mode 100644 roles/install_rke2_worker/templates/new-config.yaml.j2
 create mode 100644 roles/install_rke2_worker/templates/old-config.yaml.j2

diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index d81de22bd..f15423fcd 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -23,6 +23,10 @@
 - name: Tasks common to Linux servers for RKE2 installation
   ansible.builtin.import_tasks: common.yml
 
+- name: Set mirror registry (needed for rpm_install)
+  ansible.builtin.import_tasks: registry.yml
+  when: rpm_install
+
 - name: Get Token if one exist
   ansible.builtin.import_tasks: token.yml
 
diff --git a/roles/install_rke2_common/tasks/registry.yml b/roles/install_rke2_common/tasks/registry.yml
new file mode 100644
index 000000000..f4a025bda
--- /dev/null
+++ b/roles/install_rke2_common/tasks/registry.yml
@@ -0,0 +1,8 @@
+---
+- name: Configure RKE2 registries.yaml
+  ansible.builtin.template:
+    src: "{{ item }}"
+    dest: "/etc/rancher/rke2/{{ item | basename | regex_replace('.j2$', '') }}"
+    mode: "0640"
+  loop:
+    - "registries.yaml.j2"
diff --git a/roles/install_rke2_common/templates/registries.yaml.j2 b/roles/install_rke2_common/templates/registries.yaml.j2
new file mode 100644
index 000000000..a12a54aac
--- /dev/null
+++ b/roles/install_rke2_common/templates/registries.yaml.j2
@@ -0,0 +1,7 @@
+mirrors:
+  docker.io:
+    endpoint:
+      - http://{{ hauler_server }}:5000
+  {{ hauler_server }}:5000:
+    endpoint:
+      - http://{{ hauler_server }}:5000
diff --git a/roles/install_rke2_controller/tasks/rpm_install.yml b/roles/install_rke2_controller/tasks/rpm_install.yml
index 14194a274..3cc724439 100644
--- a/roles/install_rke2_controller/tasks/rpm_install.yml
+++ b/roles/install_rke2_controller/tasks/rpm_install.yml
@@ -1,23 +1,21 @@
 ---
 # RPM
-- name: Import a key from a file
-  ansible.builtin.rpm_key:
-    state: present
-    key: "{{ mount_rke2_path }}/public.key"
-  when:
-    - ansible_os_family == "RedHat"
-- name: Install RKE2 selinux packages (dependency for RKE2 common)
-  ansible.builtin.dnf:
-    name: "{{ mount_rke2_selinux_rpm_path }}"
-    state: present
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
+- name: Set repo Hauler Air Gap Server
+  ansible.builtin.yum_repository:
+    name: hauler
+    description: "Hauler Air Gap Server"
+    baseurl: "http://{{ hauler_server }}:8080"
+    gpgcheck: true
+    gpgkey: "http://{{ hauler_server }}:8080/public.key"
 
-- name: Install RKE2 common packages
+- name: Install RKE2 rpm packages
   ansible.builtin.dnf:
-    name: "{{ mount_rke2_common_rpm_path }}"
+    name: "{{ mount_rke2_selinux_rpm_path }}"
     state: present
+  loop:
+    - rke2-selinux
+    - rke2-common
+    - rke2-server
   when:
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
diff --git a/roles/install_rke2_controller/templates/config.yaml.j2 b/roles/install_rke2_controller/templates/config.yaml.j2
index c10b3a1da..92b2c3a71 100644
--- a/roles/install_rke2_controller/templates/config.yaml.j2
+++ b/roles/install_rke2_controller/templates/config.yaml.j2
@@ -1,4 +1,30 @@
-#profile: cis-1.23
+{% if inventory_hostname in groups['RKE2_CONTROLLERS'][0] %}
+{% else %}
+server: https://{{ master }}:9345
+{% endif %}
+{% if rke2_config_token is defined %}
+token: {{ rke2_config_token }}
+{% endif %}
+# Common
+{% if rke2_profile_activated %}
+profile: cis
+{% endif %}
+node-name: {{ inventory_hostname }}
+write-kubeconfig-mode: 0600
+data-dir: {{ rke2_data_dir }}
+cluster-cidr: {{ rke2_cluster_cidr }}
+service-cidr: {{ rke2_service_cidr }}
+# Config Controller
 selinux: true
+{% if ( rke2_cni is defined ) and ( rke2_cni | type_debug == "list" ) %}
+cni:
+{% for cni in rke2_cni %}
+  - {{ cni }}
+{% endfor %}
+{% else %}
+cni: {{ rke2_cni }}
+{% endif %}
+tls-san:
+  - cluster.local
+  - {{ control_plane_endpoint }}
 secrets-encryption: true
-write-kubeconfig-mode: 0600
diff --git a/roles/install_rke2_controller/templates/new-config.yaml.j2 b/roles/install_rke2_controller/templates/new-config.yaml.j2
deleted file mode 100644
index 92b2c3a71..000000000
--- a/roles/install_rke2_controller/templates/new-config.yaml.j2
+++ /dev/null
@@ -1,30 +0,0 @@
-{% if inventory_hostname in groups['RKE2_CONTROLLERS'][0] %}
-{% else %}
-server: https://{{ master }}:9345
-{% endif %}
-{% if rke2_config_token is defined %}
-token: {{ rke2_config_token }}
-{% endif %}
-# Common
-{% if rke2_profile_activated %}
-profile: cis
-{% endif %}
-node-name: {{ inventory_hostname }}
-write-kubeconfig-mode: 0600
-data-dir: {{ rke2_data_dir }}
-cluster-cidr: {{ rke2_cluster_cidr }}
-service-cidr: {{ rke2_service_cidr }}
-# Config Controller
-selinux: true
-{% if ( rke2_cni is defined ) and ( rke2_cni | type_debug == "list" ) %}
-cni:
-{% for cni in rke2_cni %}
-  - {{ cni }}
-{% endfor %}
-{% else %}
-cni: {{ rke2_cni }}
-{% endif %}
-tls-san:
-  - cluster.local
-  - {{ control_plane_endpoint }}
-secrets-encryption: true
diff --git a/roles/install_rke2_controller/templates/old-config.yaml.j2 b/roles/install_rke2_controller/templates/old-config.yaml.j2
new file mode 100644
index 000000000..c10b3a1da
--- /dev/null
+++ b/roles/install_rke2_controller/templates/old-config.yaml.j2
@@ -0,0 +1,4 @@
+#profile: cis-1.23
+selinux: true
+secrets-encryption: true
+write-kubeconfig-mode: 0600
diff --git a/roles/install_rke2_worker/tasks/rpm_install.yml b/roles/install_rke2_worker/tasks/rpm_install.yml
index e69de29bb..3cc724439 100644
--- a/roles/install_rke2_worker/tasks/rpm_install.yml
+++ b/roles/install_rke2_worker/tasks/rpm_install.yml
@@ -0,0 +1,21 @@
+---
+# RPM
+- name: Set repo Hauler Air Gap Server
+  ansible.builtin.yum_repository:
+    name: hauler
+    description: "Hauler Air Gap Server"
+    baseurl: "http://{{ hauler_server }}:8080"
+    gpgcheck: true
+    gpgkey: "http://{{ hauler_server }}:8080/public.key"
+
+- name: Install RKE2 rpm packages
+  ansible.builtin.dnf:
+    name: "{{ mount_rke2_selinux_rpm_path }}"
+    state: present
+  loop:
+    - rke2-selinux
+    - rke2-common
+    - rke2-server
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
diff --git a/roles/install_rke2_worker/templates/config.yaml.j2 b/roles/install_rke2_worker/templates/config.yaml.j2
index 093fb65f7..8e8e3d70f 100644
--- a/roles/install_rke2_worker/templates/config.yaml.j2
+++ b/roles/install_rke2_worker/templates/config.yaml.j2
@@ -1,8 +1,18 @@
 server: https://{{ master }}:9345
 token: {{ rke2_config_token }}
+
+# Common
+{% if rke2_profile_activated %}
+profile: cis
+{% endif %}
+node-name: {{ inventory_hostname }}
 write-kubeconfig-mode: 0600
-#profile: cis-1.23
+data-dir: {{ rke2_data_dir }}
+cluster-cidr: {{ rke2_cluster_cidr }}
+service-cidr: {{ rke2_service_cidr }}
+
+# Config Worker
 kube-apiserver-arg:
 - "authorization-mode=RBAC,Node"
 kubelet-arg:
-- "protect-kernel-defaults=true"
\ No newline at end of file
+- "protect-kernel-defaults=true"
diff --git a/roles/install_rke2_worker/templates/new-config.yaml.j2 b/roles/install_rke2_worker/templates/new-config.yaml.j2
deleted file mode 100644
index 8e8e3d70f..000000000
--- a/roles/install_rke2_worker/templates/new-config.yaml.j2
+++ /dev/null
@@ -1,18 +0,0 @@
-server: https://{{ master }}:9345
-token: {{ rke2_config_token }}
-
-# Common
-{% if rke2_profile_activated %}
-profile: cis
-{% endif %}
-node-name: {{ inventory_hostname }}
-write-kubeconfig-mode: 0600
-data-dir: {{ rke2_data_dir }}
-cluster-cidr: {{ rke2_cluster_cidr }}
-service-cidr: {{ rke2_service_cidr }}
-
-# Config Worker
-kube-apiserver-arg:
-- "authorization-mode=RBAC,Node"
-kubelet-arg:
-- "protect-kernel-defaults=true"
diff --git a/roles/install_rke2_worker/templates/old-config.yaml.j2 b/roles/install_rke2_worker/templates/old-config.yaml.j2
new file mode 100644
index 000000000..012222154
--- /dev/null
+++ b/roles/install_rke2_worker/templates/old-config.yaml.j2
@@ -0,0 +1,8 @@
+server: https://{{ master }}:9345
+token: {{ rke2_config_token }}
+write-kubeconfig-mode: 0600
+#profile: cis-1.23
+kube-apiserver-arg:
+- "authorization-mode=RBAC,Node"
+kubelet-arg:
+- "protect-kernel-defaults=true"

From 53a864204ed7c965ed42dfc99df89a24933a22e7 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 15 May 2024 14:56:19 +0200
Subject: [PATCH 324/365] corrects

---
 roles/install_rke2_controller/tasks/admin.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 0c22946f4..fc21c1e35 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -104,7 +104,6 @@
       ansible.builtin.file:
         path: "{{ item }}"
         state: absent
-        recurse: true
       loop:
         - "/tmp/helm"
         - "/tmp/k9s"

From d5189b1653a750d58109b4016b91050f07f408bc Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 15 May 2024 19:00:16 +0200
Subject: [PATCH 325/365] items

---
 roles/install_rke2_controller/tasks/rpm_install.yml | 2 +-
 roles/install_rke2_worker/tasks/rpm_install.yml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/install_rke2_controller/tasks/rpm_install.yml b/roles/install_rke2_controller/tasks/rpm_install.yml
index 3cc724439..df64d19ad 100644
--- a/roles/install_rke2_controller/tasks/rpm_install.yml
+++ b/roles/install_rke2_controller/tasks/rpm_install.yml
@@ -10,7 +10,7 @@
 
 - name: Install RKE2 rpm packages
   ansible.builtin.dnf:
-    name: "{{ mount_rke2_selinux_rpm_path }}"
+    name: "{{ item }}"
     state: present
   loop:
     - rke2-selinux
diff --git a/roles/install_rke2_worker/tasks/rpm_install.yml b/roles/install_rke2_worker/tasks/rpm_install.yml
index 3cc724439..df64d19ad 100644
--- a/roles/install_rke2_worker/tasks/rpm_install.yml
+++ b/roles/install_rke2_worker/tasks/rpm_install.yml
@@ -10,7 +10,7 @@
 
 - name: Install RKE2 rpm packages
   ansible.builtin.dnf:
-    name: "{{ mount_rke2_selinux_rpm_path }}"
+    name: "{{ item }}"
     state: present
   loop:
     - rke2-selinux

From b0518dc6104483984896636d158d2ef21d87ec62 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 15 May 2024 21:45:18 +0200
Subject: [PATCH 326/365] remote_src correction

---
 .github/workflows/stage.yml                   |  2 +-
 README.md                                     | 28 ++++++++++---------
 roles/install_utils_nerdctl/tasks/install.yml |  1 +
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml
index 06b12de57..c0ccf192c 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage.yml
@@ -1,5 +1,5 @@
 ---
-name: Stage deployment
+name: Stage airgap
 
 on:
   workflow_dispatch:
diff --git a/README.md b/README.md
index 87799b2d5..c35c55cc5 100644
--- a/README.md
+++ b/README.md
@@ -155,26 +155,30 @@ All prerequisites are set in folder `meta` and `meta/execution-environment.yml`.
 
 ## Some details
 
-I favored the tarball installation since it's the one the most compact and also leave an tar.zst on all nodes.
+I favored the tarball installation since it's the most compact and install rely on a archive tar.zst which stay on all nodes.
 
-**Build** have for purpose to create a tar zst with following content:
+The rpm install is much straight forward.
+
+**hauler_build** have for purpose to create a tar.zst with following content using hauler tool:
 
 ```bash
 rkub
-├── helm          # all helm charts
-├── images        # all images
-│   ├── cert
-│   ├── longhorn
-│   ├── neuvector
-│   ├── rancher
-│   └── registry
-├── rke2_1.26.11  # RKE2 binaries
-└── utils         # utilities packages downloaded with arkade
+├── airgap_hauler.yaml    # yaml listing all resources
+├── hauler                # hauler binary
+└── store                 # hauler store made from above yaml and hauler command
+    ├── blobs
+    │   └── sha256
+    │       ├── 024f2ae6c3625583f0e10ab4d68e4b8947b55d085c88e34c0bd916944ed05add
+    └── index.json
 ```
 
 **upload** push the big monster packages (around 7G) and unarchive on first node on chosen targeted path.
 
+**hauler_server** deploy a registry and a fileserver using hauler on target host.
+
 **install** RKE2 (currently only one master) with:
+
+  - install with tarball method by default or rpm method if given in argument
   - An admin user (by default `kuberoot`) on first master with some administation tools like `k9s` `kubectl` or `helm`.
   - Master export NFS with all the unarchive content + registry content
   - Workers mount the NFS to get above content
@@ -201,8 +205,6 @@ Improvments:
 
 * Improve collection to run as true collection
 
-* CI
-
 # Acknowledgements
 
 ## Special thanks to 📢
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index b98c5104b..f2de11149 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -36,6 +36,7 @@
             src: "/tmp/nerdctl/nerdctl"
             dest: "/usr/local/bin/nerdctl"
             mode: '0750'
+            remote_src: true
 
         - name: Cleanup tmp dir
           ansible.builtin.file:

From 818af2370315be2451a83eb93b963e55b20821e0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 15 May 2024 23:53:43 +0200
Subject: [PATCH 327/365] put test in workflows

---
 .../workflows/{stage.yml => stage_airgap.yml} |  55 +++-
 .github/workflows/stage_online.yml            | 303 ++++++++++++++++++
 .gitignore                                    |   1 +
 README.md                                     |  59 ++--
 playbooks/build.yml                           |   4 +-
 playbooks/hauler.yml                          |   8 +
 roles/install_utils_nerdctl/tasks/install.yml |   1 -
 test/basic_agent_tests.py                     |  20 ++
 test/basic_server_tests.py                    |  18 ++
 test/playbooks/hauler_build.yml               |   2 +-
 10 files changed, 431 insertions(+), 40 deletions(-)
 rename .github/workflows/{stage.yml => stage_airgap.yml} (88%)
 create mode 100644 .github/workflows/stage_online.yml
 create mode 100644 playbooks/hauler.yml
 create mode 100644 test/basic_agent_tests.py
 create mode 100644 test/basic_server_tests.py

diff --git a/.github/workflows/stage.yml b/.github/workflows/stage_airgap.yml
similarity index 88%
rename from .github/workflows/stage.yml
rename to .github/workflows/stage_airgap.yml
index c0ccf192c..26dca30a8 100644
--- a/.github/workflows/stage.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -1,5 +1,5 @@
 ---
-name: Stage airgap
+name: Stage airgap install
 
 on:
   workflow_dispatch:
@@ -13,7 +13,7 @@ env:
   BUCKET: "rkub-github-action-${{ github.run_id }}"
   #BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
-  WORKER_COUNT: "0"
+  WORKER_COUNT: "2"
   SIZE: "s-4vcpu-8gb"
 
 jobs:
@@ -176,7 +176,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip3 install ansible pytest-testinfra
+          pip3 install ansible
           ansible --version
 
       - name: Get key and hosts.ini
@@ -236,7 +236,7 @@ jobs:
 
       - name: Run playbook install.yml
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml
 
       #- name: Run playbook rancher.yml
       #  run: |
@@ -250,16 +250,51 @@ jobs:
       #  run: |
       #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
 
-      #- name: Run Python Tests
-      #  run: |
-      #    export DEFAULT_PRIVATE_KEY_FILE=.key
-      #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
-      #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    needs: Install
+    timeout-minutes: 10
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Download inventory
+        uses: actions/download-artifact@v4
+        with:
+          name: inventory
+
+      - name: Get key and hosts.ini
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+          cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install ansible
+          ansible --version
+
+      - name: Run Python Tests
+        run: |
+          export DEFAULT_PRIVATE_KEY_FILE=.key
+          pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --sudo basic_server_tests.py
+          pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --sudo basic_agent_tests.py
 
   delay:
     name: Delay
     runs-on: ubuntu-latest
-    needs: Install
+    needs: Test
     if: always()
 
     steps:
diff --git a/.github/workflows/stage_online.yml b/.github/workflows/stage_online.yml
new file mode 100644
index 000000000..e028e455b
--- /dev/null
+++ b/.github/workflows/stage_online.yml
@@ -0,0 +1,303 @@
+---
+name: Stage online install
+
+on:
+  workflow_dispatch:
+
+env:
+  DO_PAT: ${{secrets.DIGITALOCEAN_ACCESS_TOKEN}}
+  AWS_ACCESS_KEY_ID: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+  AWS_SECRET_ACCESS_KEY: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
+  REGION: ${{secrets.DIGITALOCEAN_REGION}}
+  MOUNT_POINT: "/opt/rkub"
+  BUCKET: "rkub-github-action-${{ github.run_id }}"
+  #BUCKET: "terraform-backend-github"
+  CONTROLLER_COUNT: "1"
+  WORKER_COUNT: "0"
+  SIZE: "s-4vcpu-8gb"
+
+jobs:
+  bucket:
+    name: Bucket
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Set up S3cmd cli tool
+        uses: s3-actions/s3cmd@main
+        with:
+          provider: digitalocean
+          region: ${{secrets.DIGITALOCEAN_REGION}}
+          access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+          secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
+
+      - name: Create Space Bucket
+        run: |
+          sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
+          if [[ $BUCKET != "terraform-backend-github" ]]; then s3cmd mb s3://${BUCKET}; fi
+          sleep 10
+
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    needs: Bucket
+    timeout-minutes: 20
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.3"
+
+      - name: Terraform Init
+        id: init
+        run: |
+          cd ./DO/infra
+          terraform init -backend-config="bucket=${BUCKET}"
+
+      - name: Terraform Validate
+        id: validate
+        run: |
+          cd ./DO/infra
+          terraform validate -no-color
+
+      - name: Terraform Plan
+        id: plan
+        run: |
+          cd ./DO/infra
+          terraform plan -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}" \
+          -var "do_worker_count=${WORKER_COUNT}" \
+          -var "do_controller_count=${CONTROLLER_COUNT}" \
+          -var "do_instance_size=${SIZE}" \
+          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
+          -var "mount_point=${MOUNT_POINT}" \
+          -var "terraform_backend_bucket_name=${BUCKET}"
+        continue-on-error: true
+
+      - name: Terraform Plan Status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Terraform Apply
+        run: |
+          cd ./DO/infra
+          terraform apply terraform.tfplan
+
+      - name: Display inventory
+        run: |
+          ls -l ${{ github.workspace }}/test/inventory/hosts.ini
+          cat inventory/hosts.ini
+
+      # No relative path allowed
+      - name: Inventory artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: inventory
+          path: |
+            ${{ github.workspace }}/test/inventory/hosts.ini
+          if-no-files-found: error
+
+  reachable:
+    name: Reachable
+    runs-on: ubuntu-latest
+    needs: deploy
+    timeout-minutes: 10
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Download inventory
+        uses: actions/download-artifact@v4
+        with:
+          name: inventory
+
+      - name: Check if inventory present
+        run: |
+          cat ${{ github.workspace }}/hosts.ini
+
+      - name: Set up Python
+        id: setup_python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.9
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install ansible pytest-testinfra
+          ansible --version
+
+      - name: Get key and hosts.ini
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+          cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Test if reachable
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root -vv --private-key .key
+
+      - name: Wait for cloud-init to finish
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v --private-key .key
+
+  install:
+    name: Install
+    runs-on: ubuntu-latest
+    needs: [ Reachable, Package ]
+    timeout-minutes: 60
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Install requirements
+        run: |
+          cd ..
+          make prerequis
+
+      - name: Download inventory
+        uses: actions/download-artifact@v4
+        with:
+          name: inventory
+
+      - name: Get key and hosts.ini
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+          cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Run playbook hauler_server.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/hauler_server.yml -e dir_target=${MOUNT_POINT}
+
+      - name: Run playbook install.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
+
+      #- name: Run playbook rancher.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
+
+      #- name: Run playbook longhorn.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/longhorn.yml
+
+      #- name: Run playbook neuvector.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
+
+      #- name: Run Python Tests
+      #  run: |
+      #    export DEFAULT_PRIVATE_KEY_FILE=.key
+      #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
+      #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
+
+  delay:
+    name: Delay
+    runs-on: ubuntu-latest
+    needs: Install
+    if: always()
+
+    steps:
+      - name: Delay half an hour
+        uses: whatnick/wait-action@master
+        with:
+          time: '1800s'
+
+  cleanup:
+    name: Cleanup
+    runs-on: ubuntu-latest
+    needs: Delay
+    if: always()
+    timeout-minutes: 30
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test/DO/infra
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.7.3"
+
+      - name: Get key
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Terraform Init
+        id: init
+        run: |
+          terraform init -backend-config="bucket=${BUCKET}"
+        continue-on-error: true
+
+      - name: Terraform plan delete stack
+        id: plan
+        run: |
+          terraform plan -destroy -out=terraform.tfplan \
+          -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
+          -var "do_token=${DO_PAT}" \
+          -var "do_worker_count=${WORKER_COUNT}" \
+          -var "do_controller_count=${CONTROLLER_COUNT}" \
+          -var "do_instance_size=${SIZE}" \
+          -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
+          -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
+          -var "mount_point=${MOUNT_POINT}" \
+          -var "terraform_backend_bucket_name=${BUCKET}"
+        continue-on-error: true
+
+      - name: Terraform Apply
+        run: |
+          terraform apply terraform.tfplan
+        continue-on-error: true
+
+      - name: Set up S3cmd cli tool
+        uses: s3-actions/s3cmd@main
+        with:
+          provider: digitalocean
+          region: ${{secrets.DIGITALOCEAN_REGION}}
+          access_key: ${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}
+          secret_key: ${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}
+
+      - name: Remove Space bucket
+        run: |
+          sed -i -e 's/signature_v2.*$/signature_v2 = True/' ~/.s3cfg
+          if [[ $BUCKET != "terraform-backend-github" ]]; then s3cmd rb s3://${BUCKET} --recursive; fi
+          sleep 10
diff --git a/.gitignore b/.gitignore
index 87c7b8b8e..2ea911878 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,4 @@ hosts.ini
 .key
 Chart.lock
 .venv/
+AWS
diff --git a/README.md b/README.md
index c35c55cc5..cf1436f0f 100644
--- a/README.md
+++ b/README.md
@@ -73,49 +73,56 @@ Add-on from my part:
 2. Build your package by running (works on Debian-like and Redhat-like and it targets localhost):
 
 ```sh
-ansible-playbook playbooks/tasks/build.yml                    # All arguments below are not mandatory
+ansible-playbook mozebaltyk.rkub.build.yml                    # All arguments below are not mandatory
 -e "dir_build=$HOME/rkub"                                     # Directory where to upload everything (count 30G)
 -e "package_name=rkub.zst"                                    # Name of the package, by default rkub.zst
 -e "archive=true"                                             # Archive tar.zst true or false (default value "true")
--e "stable=false"                                             # Stable channels or defined version in Rkub collection (default value "false")
+-e "stable=false"                                             # Stable channels or take version as defined in Rkub collection (default value "false")
 -e "el=9"                                                     # RHEL version (take default value from localhost if OS is different from RedHat-like take value "8")
--e "all=false"                                                # if you want to install all components kubevip,longhorn,rancher,neuvector (default value "false")
--e "kubevip=true longhorn=true rancher=true neuvector=true"   # which extras components you want to add to package (default value from var 'all')
+-e "all=false"                                                # Add all components kubevip,longhorn,rancher,neuvector (default value "false")
+-e "kubevip=true longhorn=true rancher=true neuvector=true"   # Add extras components to package (default value from var 'all')
 -u admin -Kk                                                  # Other Ansible Arguments (like -vvv)
 ```
 
 3. Push your package to first controler:
 
 ```sh
-ansible-playbook playbooks/tasks/upload.yml        # All arguments below are not mandatory
--e package_path=/home/me/rkub.zst                  # Will be prompt if not given in the command
--e dir_target=/opt/rkub                            # Directory where to sync and unarchive (by default /opt/rkub, count 50G available)
+ansible-playbook mozebaltyk.rkub.upload.yml        # All arguments below are not mandatory
+-e "package_path=/home/me/rkub.zst"                # Will be prompt if not given in the command
+-e "dir_target=/opt/rkub"                          # Directory where to sync and unarchive (by default /opt/rkub, count 50G available)
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-4. Start installation:
+4. Deploy Hauler services:
 
 ```sh
-ansible-playbook playbooks/tasks/install.yml       # All arguments below are not mandatory
--e dir_target=/opt/rkub                            # Dir on first master where to find package unarchive by previous task (by default /opt/rkub, count 50G available)
+ansible-playbook mozebaltyk.rkub.hauler.yml        # All arguments below are not mandatory
+-e "dir_target=/opt/rkub"                          # Directory where to find package untar with previous playbook
+-u admin -Kk                                       # Other Ansible Arguments (like -vvv)
+```
+
+5. Start installation:
+
+```sh
+ansible-playbook mozebaltyk.rkub.install.yml       # All arguments below are not mandatory
 -e domain="example.com"                            # By default take the host domain from master server
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-5. Deploy Rancher:
+6. Deploy Rancher:
 
 ```sh
-ansible-playbook playbooks/tasks/rancher.yml       # All arguments below are not mandatory
+ansible-playbook mozebaltyk.rkub.rancher.yml       # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -e password="BootStrapAllTheThings"                # Default password is "BootStrapAllTheThings"
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-6. Deploy Longhorn:
+7. Deploy Longhorn:
 
 ```sh
-ansible-playbook playbooks/tasks/longhorn.yml      # All arguments below are not mandatory
+ansible-playbook mozebaltyk.rkub.longhorn.yml      # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -e datapath="/opt/longhorn"                        # Longhorn Path for PVC, by default equal "{{ dir_target }}/longhorn".
@@ -123,16 +130,16 @@ ansible-playbook playbooks/tasks/longhorn.yml      # All arguments below are not
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-7. Deploy Neuvector
+8. Deploy Neuvector
 
 ```sh
-ansible-playbook playbooks/tasks/neuvector.yml     # All arguments below are not mandatory
+ansible-playbook mozebaltyk.rkub.neuvector.yml     # All arguments below are not mandatory
 -e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-8. Bonus:
+9. Bonus:
 
 With make command, all playbooks above are in the makefile. `make` alone display options and small descriptions.
 
@@ -159,7 +166,7 @@ I favored the tarball installation since it's the most compact and install rely
 
 The rpm install is much straight forward.
 
-**hauler_build** have for purpose to create a tar.zst with following content using hauler tool:
+**build** have for purpose to create a tar.zst with following content using hauler tool:
 
 ```bash
 rkub
@@ -174,17 +181,17 @@ rkub
 
 **upload** push the big monster packages (around 7G) and unarchive on first node on chosen targeted path.
 
-**hauler_server** deploy a registry and a fileserver using hauler on target host.
+**hauler** (by default on first controller but could be on dedicated server)
+  - deploy a registry as systemd service and make it available on port 5000 using hauler.
+  - deploy a fileserver as systemd service and make it available on port 8080 using hauler.
 
 **install** RKE2 (currently only one master) with:
-
-  - install with tarball method by default or rpm method if given in argument
+  - Install with tarball method by default or rpm method if given in argument.
   - An admin user (by default `kuberoot`) on first master with some administation tools like `k9s` `kubectl` or `helm`.
-  - Master export NFS with all the unarchive content + registry content
-  - Workers mount the NFS to get above content
-  - A minimal registry is deploy on each nodes pointing to the NFS mount and responding to `localhost:5000`
-  - Nerdctl as complement to containerd and allow oci-archive
-  - Firewalld settings if firewalld running
+  - Nerdctl as complement to containerd and allow oci-archive.
+  - Firewalld settings if firewalld running.
+  - Selinux rpm if selinux enabled.
+  - Fetch and add kubeconfig to ansible controller in directory ./kube (and add to kubecm if present).
 
 **deploy** keeping this order, *Rancher*, *Longhorn*, *Neuvector*
   - Those are simple playbooks which deploy with helm charts
diff --git a/playbooks/build.yml b/playbooks/build.yml
index e64bdbf19..9410f8b31 100644
--- a/playbooks/build.yml
+++ b/playbooks/build.yml
@@ -1,9 +1,9 @@
 ---
-- name: Build RKE2 package
+- name: Build RKE2 Package with Hauler
   hosts: localhost
   connection: local
   gather_facts: false
   vars_files: ../vars/main.yml
   tags: build
   roles:
-    - {role: mozebaltyk.rkub.build_airgap_package, tags: package}
+    - {role: mozebaltyk.rkub.build_airgap_hauler, tags: hauler}
diff --git a/playbooks/hauler.yml b/playbooks/hauler.yml
new file mode 100644
index 000000000..e6b04e927
--- /dev/null
+++ b/playbooks/hauler.yml
@@ -0,0 +1,8 @@
+---
+- name: Hauler Server
+  hosts: "{{ hauler_ip | default('RKE2_CONTROLLERS[0]') }}"
+  gather_facts: false
+  vars_files: ../vars/main.yml
+  tags: [ registry, fileserver ]
+  roles:
+    - {role: mozebaltyk.rkub.deploy_hauler, tags: hauler}
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index f2de11149..fea31986c 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -42,7 +42,6 @@
           ansible.builtin.file:
             path: /tmp/nerdctl
             state: absent
-            recurse: true
 
     - name: Copy NERDCTL configuration file
       ansible.builtin.template:
diff --git a/test/basic_agent_tests.py b/test/basic_agent_tests.py
new file mode 100644
index 000000000..91263d86a
--- /dev/null
+++ b/test/basic_agent_tests.py
@@ -0,0 +1,20 @@
+"""
+basic_tests.py - Using testinfra to run tests on ansible playbook rke2-ansible
+"""
+
+import testinfra
+
+
+def test_rke2_config(host):
+    rke2_config = host.file("/etc/rancher/rke2/config.yaml")
+    assert rke2_config.contains("token:")
+    assert rke2_config.contains("server:")
+    assert rke2_config.user == "root"
+    assert rke2_config.group == "root"
+    assert rke2_config.mode == 0o640
+
+
+def test_rke2_server_running_and_enabled(host):
+    rke2_server = host.service("rke2-agent")
+    assert rke2_server.is_running
+    assert rke2_server.is_enabled
diff --git a/test/basic_server_tests.py b/test/basic_server_tests.py
new file mode 100644
index 000000000..bb4720129
--- /dev/null
+++ b/test/basic_server_tests.py
@@ -0,0 +1,18 @@
+"""
+basic_tests.py - Using testinfra to run tests on ansible playbook rke2-ansible
+"""
+
+import testinfra
+
+
+def test_rke2_config(host):
+    rke2_config = host.file("/etc/rancher/rke2/config.yaml")
+    assert rke2_config.user == "root"
+    assert rke2_config.group == "root"
+    assert rke2_config.mode == 0o640
+
+
+def test_rke2_server_running_and_enabled(host):
+    rke2_server = host.service("rke2-server")
+    assert rke2_server.is_running
+    assert rke2_server.is_enabled
diff --git a/test/playbooks/hauler_build.yml b/test/playbooks/hauler_build.yml
index 064903a46..8c2de888f 100644
--- a/test/playbooks/hauler_build.yml
+++ b/test/playbooks/hauler_build.yml
@@ -1,5 +1,5 @@
 ---
-- name: Build Hauler Package
+- name: Build RKE2 Package with Hauler
   hosts: localhost
   connection: local
   gather_facts: false

From abfd4f9a492cd2bf6afb5f6377c190a8b39be6b1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 00:30:56 +0200
Subject: [PATCH 328/365] put test in workflows

---
 .github/workflows/stage_airgap.yml              | 5 -----
 roles/install_rke2_common/defaults/main.yml     | 7 -------
 roles/install_rke2_controller/defaults/main.yml | 5 ++---
 roles/install_rke2_worker/defaults/main.yml     | 6 ++++++
 4 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index 26dca30a8..558c236c0 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -129,11 +129,6 @@ jobs:
           cd ./DO/infra
           terraform apply terraform.tfplan
 
-      - name: Display inventory
-        run: |
-          ls -l ${{ github.workspace }}/test/inventory/hosts.ini
-          cat inventory/hosts.ini
-
       # No relative path allowed
       - name: Inventory artifacts
         uses: actions/upload-artifact@v4
diff --git a/roles/install_rke2_common/defaults/main.yml b/roles/install_rke2_common/defaults/main.yml
index 3d618dccf..bc83c9918 100644
--- a/roles/install_rke2_common/defaults/main.yml
+++ b/roles/install_rke2_common/defaults/main.yml
@@ -1,9 +1,2 @@
 ---
 # defaults file for install_common
-
-# RKE2
-admin_user: "{{ global_install_user }}"
-rke2_data_dir: "{{ global_rke2_data_dir }}"
-
-# Fileserver
-hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 0a86cf541..8cb0b1a74 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -6,9 +6,8 @@ control_plane_endpoint: "{{ global_rke2_api_ip }}"
 rpm_install: "{{ global_rpm_install | bool }}"
 tarball_install: "{{ global_tarball_install | bool }}"
 
-# Mount share
-mount_path: "{{ global_directory_package_target }}"
-mount_rke2_path: "{{ mount_path }}/fileserver"
+# Fileserver
+hauler_server: "{{ global_hauler_ip }}"
 
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
diff --git a/roles/install_rke2_worker/defaults/main.yml b/roles/install_rke2_worker/defaults/main.yml
index da29a716e..e5e9dc249 100644
--- a/roles/install_rke2_worker/defaults/main.yml
+++ b/roles/install_rke2_worker/defaults/main.yml
@@ -2,6 +2,12 @@
 # defaults file for install_worker
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
+control_plane_endpoint: "{{ global_rke2_api_ip }}"
+rpm_install: "{{ global_rpm_install | bool }}"
+tarball_install: "{{ global_tarball_install | bool }}"
+
+# Fileserver
+hauler_server: "{{ global_hauler_ip }}"
 
 # Worker options
 rke2_data_dir: "{{ global_rke2_data_dir }}"

From 0562654c98ed913508ebaa562750cf4a29e386ab Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 01:06:10 +0200
Subject: [PATCH 329/365] put test in workflows

---
 roles/install_rke2_controller/defaults/main.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 8cb0b1a74..bee12c2ee 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -8,6 +8,8 @@ tarball_install: "{{ global_tarball_install | bool }}"
 
 # Fileserver
 hauler_server: "{{ global_hauler_ip }}"
+mount_path: "{{ global_directory_package_target }}"
+mount_rke2_path: "{{ mount_path }}/fileserver"
 
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"

From fcd4ce09795d4635e5d9648b00e44e34e41d8f2a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 07:37:31 +0200
Subject: [PATCH 330/365] put test in workflows

---
 roles/install_rke2_common/tasks/token.yml       | 6 +++++-
 roles/install_rke2_controller/defaults/main.yml | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index 248e72202..1ca3e3492 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -9,7 +9,11 @@
   register: token_response
   failed_when: false
 
-- name: Store Master node-token
+- name: Debug URL
+  ansible.builtin.debug:
+    var: token_response
+
+- name: Set variable with token
   ansible.builtin.set_fact:
     rke2_config_token: "{{ token_response['content'] }}"
   when: token_response.status == 200
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index bee12c2ee..11ea40d54 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -8,6 +8,8 @@ tarball_install: "{{ global_tarball_install | bool }}"
 
 # Fileserver
 hauler_server: "{{ global_hauler_ip }}"
+
+# currently needed to store token - need to be replace
 mount_path: "{{ global_directory_package_target }}"
 mount_rke2_path: "{{ mount_path }}/fileserver"
 

From 5bd160dfaff09b4557029cde1ea263f867ae4c4a Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 09:54:07 +0200
Subject: [PATCH 331/365] put test in workflows

---
 roles/install_rke2_common/tasks/token.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index 1ca3e3492..b3f75c787 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -5,7 +5,7 @@
     url: "http://{{ hauler_server }}:8080/token"
     method: GET
     validate_certs: false
-    return_content: false
+    return_content: true
   register: token_response
   failed_when: false
 

From 5ff8f1aea6067545dd6c51bb40a5559c476d2087 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 12:40:12 +0200
Subject: [PATCH 332/365] put test in workflows

---
 .github/workflows/stage_airgap.yml         | 10 +++++-----
 README.md                                  |  6 +-----
 roles/build_airgap_hauler/tasks/hauler.yml |  5 ++---
 3 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index 558c236c0..efa2c0ad7 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -69,7 +69,7 @@ jobs:
         run: |
           cd ./test
           if [[ $BUCKET != "terraform-backend-github" ]]; then \
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/hauler_build.yml -e dir_build="${MOUNT_POINT}" -e archive="false"; \
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/hauler_build.yml -e dir_build="${MOUNT_POINT}" -e rancher="true" -e archive="false"; \
           fi
 
   deploy:
@@ -233,9 +233,9 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml
 
-      #- name: Run playbook rancher.yml
-      #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
+      - name: Run playbook rancher.yml
+        run: |
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
 
       #- name: Run playbook longhorn.yml
       #  run: |
@@ -277,7 +277,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip3 install ansible
+          pip3 install ansible pytest-testinfra
           ansible --version
 
       - name: Run Python Tests
diff --git a/README.md b/README.md
index cf1436f0f..66a8ee1ed 100644
--- a/README.md
+++ b/README.md
@@ -113,7 +113,6 @@ ansible-playbook mozebaltyk.rkub.install.yml       # All arguments below are not
 
 ```sh
 ansible-playbook mozebaltyk.rkub.rancher.yml       # All arguments below are not mandatory
--e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -e password="BootStrapAllTheThings"                # Default password is "BootStrapAllTheThings"
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
@@ -123,7 +122,6 @@ ansible-playbook mozebaltyk.rkub.rancher.yml       # All arguments below are not
 
 ```sh
 ansible-playbook mozebaltyk.rkub.longhorn.yml      # All arguments below are not mandatory
--e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -e datapath="/opt/longhorn"                        # Longhorn Path for PVC, by default equal "{{ dir_target }}/longhorn".
                                                    # The best is to have a dedicated LVM filesystem for this one.
@@ -134,7 +132,6 @@ ansible-playbook mozebaltyk.rkub.longhorn.yml      # All arguments below are not
 
 ```sh
 ansible-playbook mozebaltyk.rkub.neuvector.yml     # All arguments below are not mandatory
--e dir_mount=/mnt/rkub                             # NFS mount point, by default value is /mnt/rkub
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
@@ -163,8 +160,7 @@ All prerequisites are set in folder `meta` and `meta/execution-environment.yml`.
 ## Some details
 
 I favored the tarball installation since it's the most compact and install rely on a archive tar.zst which stay on all nodes.
-
-The rpm install is much straight forward.
+The rpm install is much straight forward but match only system with RPM (so mainly Redhat-like).
 
 **build** have for purpose to create a tar.zst with following content using hauler tool:
 
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index ffde3f5ec..6284d6488 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -53,11 +53,10 @@
     chdir: "{{ directory_package }}"
   changed_when: false
 
-# zstd not include in ansible module archive
 - name: Compress files using zstd and create an archive
   ansible.builtin.command:
-    "tar -I zstd -vcf {{ tar_zst_name }} -C {{ directory_package }} ."
+    "hauler store save -f ../{{ tar_zst_name }}"
   args:
-    chdir: "{{ directory_package }}/.."
+    chdir: "{{ directory_package }}"
   changed_when: false
   when: archive_wanted

From 3e8842e653b142b8b660cfafe66583d1a1f98e72 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 13:13:02 +0200
Subject: [PATCH 333/365] put test in workflows

---
 README.md                                     | 22 +++++++++++++++++--
 roles/build_airgap_hauler/tasks/neuvector.yml |  1 +
 roles/build_airgap_hauler/tasks/rancher.yml   |  1 +
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 66a8ee1ed..b51d2d76c 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <h1 style="text-align: center;"><code> Ansible Collection - Rkub  </code></h1>
 
-Ansible Collection to deploy a RKE2 cluster in airgap mode with Rancher, Longhorn and Neuvector.
+Ansible Collection to deploy and test Rancher stacks (RKE2, Rancher, Longhorn and Neuvector).
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
@@ -11,7 +11,7 @@ Ansible Collection to deploy a RKE2 cluster in airgap mode with Rancher, Longhor
 This Ansible collection will install in airgap environnement RKE2 (one controler and several workers, currently no HA):
 
 <!-- Autogenerated -->
-**Current develop - Ansible Collection Rkub 1.0.3 include:**
+**Current develop - Ansible Collection Rkub 1.0.3 include by default:**
 
 - [RKE2 1.27.10](https://docs.rke2.io) - Security focused Kubernetes (channel stable)
 
@@ -51,6 +51,24 @@ Add-on from my part:
 
 - Collection Released, so possibilty to get back to older versions.
 
+## Use Case
+
+Currently only install:
+  - on Rocky8
+  - airgap tarball or rpm
+  - Defined or Stable channels
+  - Canal CNI
+  - Digital Ocean
+
+But the target to handle all the usecase below:
+
+| OS     | Versions                | Method         | CNI    | Cloud providers | Extra Install   |
+|--------|-------------------------|----------------|--------|-----------------|-----------------|
+| Rocky8 | Defined in collections  | airgap tarball | Canal  | Digital Ocean   | Kubevip         |
+| Ubuntu | Stable channels         | airgap rpm     | Calico | AWS             | Longhorn        |
+|        | Custom                  | online         |        | Azure           | Rancher         |
+|        |                         |                |        |                 | Neuvector       |
+
 ## Prerequisites
 
 - Linux Host as a package builder (can be a VM or your WSL). Count 10G of free space in the build directory of your package builder.
diff --git a/roles/build_airgap_hauler/tasks/neuvector.yml b/roles/build_airgap_hauler/tasks/neuvector.yml
index ef8e28e8c..0a1a92c38 100644
--- a/roles/build_airgap_hauler/tasks/neuvector.yml
+++ b/roles/build_airgap_hauler/tasks/neuvector.yml
@@ -10,6 +10,7 @@
   ansible.builtin.shell:
     cmd: |
       set -o pipefail
+      helm repo update
       helm template neuvector/core --version {{ neuvector_version }} | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g
     executable: /bin/bash
   changed_when: false
diff --git a/roles/build_airgap_hauler/tasks/rancher.yml b/roles/build_airgap_hauler/tasks/rancher.yml
index 093faeb70..95b936fce 100644
--- a/roles/build_airgap_hauler/tasks/rancher.yml
+++ b/roles/build_airgap_hauler/tasks/rancher.yml
@@ -10,6 +10,7 @@
   ansible.builtin.shell:
     cmd: |
       set -o pipefail
+      helm repo update
       helm template jetstack/cert-manager --version {{ cert_manager_version }} | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g
     executable: /bin/bash
   changed_when: false

From 36c2ad319404a5b96a6630d5170d8ab36efb8ef6 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 13:29:48 +0200
Subject: [PATCH 334/365] put test in workflows

---
 roles/set_versions/tasks/defined_versions.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/set_versions/tasks/defined_versions.yml b/roles/set_versions/tasks/defined_versions.yml
index e88696254..3f7eb10ad 100644
--- a/roles/set_versions/tasks/defined_versions.yml
+++ b/roles/set_versions/tasks/defined_versions.yml
@@ -3,9 +3,9 @@
   ansible.builtin.set_fact:
     rke2_version: "{{ global_versions['rke2'] }}"
     kubevip_version: "{{ global_versions['kubevip'] }}"
-    longhorn_version: "{{ global_versions['cert_manager'] }}"
-    cert_manager_version: "{{ global_versions['rancher'] }}"
-    rancher_version: "{{ global_versions['longhorn'] }}"
+    longhorn_version: "{{ global_versions['longhorn'] }}"
+    cert_manager_version: "{{ global_versions['cert_manager'] }}"
+    rancher_version: "{{ global_versions['rancher'] }}"
     neuvector_version: "{{ global_versions['neuvector'] }}"
     helm_version: "{{ global_versions['helm'] }}"
     nerdctl_version: "{{ global_versions['nerdctl'] }}"

From 61d1262cffaae97977c243938dc18ee6fff234b2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 14:07:37 +0200
Subject: [PATCH 335/365] put test in workflows

---
 .github/workflows/stage_airgap.yml            | 8 ++++----
 README.md                                     | 2 +-
 roles/build_airgap_hauler/tasks/neuvector.yml | 1 -
 roles/build_airgap_hauler/tasks/rancher.yml   | 7 -------
 4 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index efa2c0ad7..8b251f503 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -69,7 +69,7 @@ jobs:
         run: |
           cd ./test
           if [[ $BUCKET != "terraform-backend-github" ]]; then \
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/hauler_build.yml -e dir_build="${MOUNT_POINT}" -e rancher="true" -e archive="false"; \
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook playbooks/hauler_build.yml -e dir_build="${MOUNT_POINT}" -e longhorn="true" -e archive="false"; \
           fi
 
   deploy:
@@ -233,9 +233,9 @@ jobs:
         run: |
           ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml
 
-      - name: Run playbook rancher.yml
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
+      #- name: Run playbook rancher.yml
+      #  run: |
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
 
       #- name: Run playbook longhorn.yml
       #  run: |
diff --git a/README.md b/README.md
index b51d2d76c..51aad68a1 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ But the target to handle all the usecase below:
 | OS     | Versions                | Method         | CNI    | Cloud providers | Extra Install   |
 |--------|-------------------------|----------------|--------|-----------------|-----------------|
 | Rocky8 | Defined in collections  | airgap tarball | Canal  | Digital Ocean   | Kubevip         |
-| Ubuntu | Stable channels         | airgap rpm     | Calico | AWS             | Longhorn        |
+| Ubuntu | Stable channels         | airgap rpm     |        | AWS             | Longhorn        |
 |        | Custom                  | online         |        | Azure           | Rancher         |
 |        |                         |                |        |                 | Neuvector       |
 
diff --git a/roles/build_airgap_hauler/tasks/neuvector.yml b/roles/build_airgap_hauler/tasks/neuvector.yml
index 0a1a92c38..ef8e28e8c 100644
--- a/roles/build_airgap_hauler/tasks/neuvector.yml
+++ b/roles/build_airgap_hauler/tasks/neuvector.yml
@@ -10,7 +10,6 @@
   ansible.builtin.shell:
     cmd: |
       set -o pipefail
-      helm repo update
       helm template neuvector/core --version {{ neuvector_version }} | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g
     executable: /bin/bash
   changed_when: false
diff --git a/roles/build_airgap_hauler/tasks/rancher.yml b/roles/build_airgap_hauler/tasks/rancher.yml
index 95b936fce..99ecc1142 100644
--- a/roles/build_airgap_hauler/tasks/rancher.yml
+++ b/roles/build_airgap_hauler/tasks/rancher.yml
@@ -10,7 +10,6 @@
   ansible.builtin.shell:
     cmd: |
       set -o pipefail
-      helm repo update
       helm template jetstack/cert-manager --version {{ cert_manager_version }} | awk '$1 ~ /image:/ {print $2}' | sed s/\"//g
     executable: /bin/bash
   changed_when: false
@@ -21,12 +20,6 @@
     list_images_certmanager: "{{ certmanager_images['stdout'].splitlines() }}"
 
 # Rancher
-- name: Add Rancher helm repo
-  kubernetes.core.helm_repository:
-    name: rancher-latest
-    repo_url: "https://releases.rancher.com/server-charts/latest"
-    force_update: true
-
 - name: Get Rancher images from URL
   ansible.builtin.uri:
     url: "https://github.com/rancher/rancher/releases/download/v{{ rancher_version }}/rancher-images.txt"

From 111eee2f696ba8b80df0a936bc0092584cec2251 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 16 May 2024 16:06:23 +0200
Subject: [PATCH 336/365] put test in workflows

---
 .github/workflows/stage_airgap.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index 8b251f503..ab91396da 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -283,8 +283,8 @@ jobs:
       - name: Run Python Tests
         run: |
           export DEFAULT_PRIVATE_KEY_FILE=.key
-          pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --sudo basic_server_tests.py
-          pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --sudo basic_agent_tests.py
+          pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_server_tests.py
+          pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_agent_tests.py
 
   delay:
     name: Delay

From a091ff8b4e1877fd8a96419802541552a4ea0ed0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 17 May 2024 07:37:19 +0200
Subject: [PATCH 337/365] online install

---
 README.md                                     |  12 +-
 playbooks/vars/main.yml                       |   1 +
 roles/build_airgap_hauler/tasks/hauler.yml    |   3 +-
 roles/install_rke2_common/handlers/main.yml   |   5 -
 roles/install_rke2_common/tasks/common.yml    |   6 +-
 roles/install_rke2_common/tasks/main.yml      |   4 -
 roles/install_rke2_common/tasks/registry.yml  |   8 -
 roles/install_rke2_common/tasks/rhel.yml      |   4 -
 .../install_rke2_common/tasks/rpm_install.yml | 101 ++++++++++++
 roles/install_rke2_common/tasks/selinux.yml   |  25 ---
 .../tasks/tarball_install.yml                 | 145 ++++++++++++++++++
 roles/install_rke2_common/tasks/token.yml     |  15 +-
 .../install_rke2_controller/defaults/main.yml |   1 +
 roles/install_rke2_controller/tasks/admin.yml |  76 ++++++++-
 .../install_rke2_controller/tasks/config.yml  |  64 ++++++++
 .../install_rke2_controller/tasks/install.yml |  77 ++--------
 .../tasks/localhost.yml                       |   2 +-
 roles/install_rke2_controller/tasks/main.yml  |  22 +--
 .../tasks/rpm_install.yml                     |  21 ---
 .../tasks/tarball_install.yml                 |  40 -----
 roles/install_rke2_controller/tasks/token.yml |  14 +-
 roles/install_rke2_worker/defaults/main.yml   |   1 +
 roles/install_rke2_worker/tasks/config.yml    |  20 +++
 roles/install_rke2_worker/tasks/install.yml   |  32 ++--
 roles/install_rke2_worker/tasks/main.yml      |  18 +--
 .../install_rke2_worker/tasks/rpm_install.yml |  21 ---
 .../tasks/tarball_install.yml                 |  40 -----
 roles/set_versions/tasks/only_rke2.yml        |  26 ++++
 28 files changed, 501 insertions(+), 303 deletions(-)
 delete mode 100644 roles/install_rke2_common/tasks/registry.yml
 create mode 100644 roles/install_rke2_common/tasks/rpm_install.yml
 delete mode 100644 roles/install_rke2_common/tasks/selinux.yml
 create mode 100644 roles/install_rke2_common/tasks/tarball_install.yml
 create mode 100644 roles/install_rke2_controller/tasks/config.yml
 delete mode 100644 roles/install_rke2_controller/tasks/rpm_install.yml
 delete mode 100644 roles/install_rke2_controller/tasks/tarball_install.yml
 create mode 100644 roles/install_rke2_worker/tasks/config.yml
 delete mode 100644 roles/install_rke2_worker/tasks/rpm_install.yml
 delete mode 100644 roles/install_rke2_worker/tasks/tarball_install.yml
 create mode 100644 roles/set_versions/tasks/only_rke2.yml

diff --git a/README.md b/README.md
index 51aad68a1..46fba6137 100644
--- a/README.md
+++ b/README.md
@@ -88,14 +88,17 @@ But the target to handle all the usecase below:
 
 - Complete directory inside `./plugins/inventory/hosts.yml`.
 
-2. Build your package by running (works on Debian-like and Redhat-like and it targets localhost):
+2. Build your package by running (works on Debian-like or Redhat-like and targets localhost).
+This step concern only an airgap install. If targeted servers have an internet access then skip and go to step 5:
+
 
 ```sh
 ansible-playbook mozebaltyk.rkub.build.yml                    # All arguments below are not mandatory
--e "dir_build=$HOME/rkub"                                     # Directory where to upload everything (count 30G)
+-e "dir_build=$HOME/rkub"                                     # Directory where to upload everything (count 10G)
 -e "package_name=rkub.zst"                                    # Name of the package, by default rkub.zst
 -e "archive=true"                                             # Archive tar.zst true or false (default value "true")
 -e "stable=false"                                             # Stable channels or take version as defined in Rkub collection (default value "false")
+-e "method=tarball"                                           # Method for install, value possible "tarball" or "rpm" (default value "tarball")
 -e "el=9"                                                     # RHEL version (take default value from localhost if OS is different from RedHat-like take value "8")
 -e "all=false"                                                # Add all components kubevip,longhorn,rancher,neuvector (default value "false")
 -e "kubevip=true longhorn=true rancher=true neuvector=true"   # Add extras components to package (default value from var 'all')
@@ -107,7 +110,7 @@ ansible-playbook mozebaltyk.rkub.build.yml                    # All arguments be
 ```sh
 ansible-playbook mozebaltyk.rkub.upload.yml        # All arguments below are not mandatory
 -e "package_path=/home/me/rkub.zst"                # Will be prompt if not given in the command
--e "dir_target=/opt/rkub"                          # Directory where to sync and unarchive (by default /opt/rkub, count 50G available)
+-e "dir_target=/opt/rkub"                          # Directory where to sync and unarchive (by default /opt/rkub, count 30G available)
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
@@ -124,6 +127,9 @@ ansible-playbook mozebaltyk.rkub.hauler.yml        # All arguments below are not
 ```sh
 ansible-playbook mozebaltyk.rkub.install.yml       # All arguments below are not mandatory
 -e domain="example.com"                            # By default take the host domain from master server
+-e "method=tarball"                                # Method for install, value possible "tarball" or "rpm" (default value "tarball")
+-e "airgap=true"                                   # if servers have internet access then set airgap to false (default value "true")
+  -e "stable=false"                                # if airgap false then choose btw Stable channels or version from this collection. (default value "false")
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index c5652d8e2..7d8a1016a 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -36,6 +36,7 @@ global_install_user: "{{ install_user | default('kuberoot') }}"
 global_method_install: "{{ method | default('tarball') }}"
 global_rpm_install: "{{ global_method_install == 'rpm' }}"
 global_tarball_install: "{{ global_method_install == 'tarball' }}"
+global_airgap_install: "{{ airgap | default('true') }}"
 
 # Local
 global_directory_package_build: "{{ dir_build | default('$HOME/rkub') }}"
diff --git a/roles/build_airgap_hauler/tasks/hauler.yml b/roles/build_airgap_hauler/tasks/hauler.yml
index 6284d6488..73dd9d3fd 100644
--- a/roles/build_airgap_hauler/tasks/hauler.yml
+++ b/roles/build_airgap_hauler/tasks/hauler.yml
@@ -14,9 +14,10 @@
       set -o pipefail
       curl -sfL https://get.hauler.dev | HAULER_VERSION={{ hauler_version }} bash
     executable: /bin/bash
+    creates: /usr/local/bin/hauler
   changed_when: false
 
-- name: Download and Unarchive hauler archive from URL
+- name: Download and Unarchive hauler from URL
   ansible.builtin.unarchive:
     src: "https://github.com/rancherfederal/hauler/releases/download/v{{ hauler_version }}/hauler_{{ hauler_version }}_linux_amd64.tar.gz"
     dest: "{{ directory_package }}"
diff --git a/roles/install_rke2_common/handlers/main.yml b/roles/install_rke2_common/handlers/main.yml
index 16e05a870..0e3edc447 100644
--- a/roles/install_rke2_common/handlers/main.yml
+++ b/roles/install_rke2_common/handlers/main.yml
@@ -22,8 +22,3 @@
     name: rke2-agent.service
     state: restarted
   notify: "Service (re)started"
-
-- name: Restart systemd-sysctl
-  ansible.builtin.systemd:
-    state: restarted
-    name: systemd-sysctl
diff --git a/roles/install_rke2_common/tasks/common.yml b/roles/install_rke2_common/tasks/common.yml
index 86ae412c8..264ab92a4 100644
--- a/roles/install_rke2_common/tasks/common.yml
+++ b/roles/install_rke2_common/tasks/common.yml
@@ -11,7 +11,11 @@
     src: rke2.conf
     dest: /etc/sysctl.d/rke2.conf
     mode: '0600'
-  notify: Restart systemd-sysctl
+
+- name: Restart_sysctl
+  ansible.builtin.systemd:
+    state: restarted
+    name: systemd-sysctl
 
 # Prepare Dir
 - name: Ensure data_dir exists
diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index f15423fcd..d81de22bd 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -23,10 +23,6 @@
 - name: Tasks common to Linux servers for RKE2 installation
   ansible.builtin.import_tasks: common.yml
 
-- name: Set mirror registry (needed for rpm_install)
-  ansible.builtin.import_tasks: registry.yml
-  when: rpm_install
-
 - name: Get Token if one exist
   ansible.builtin.import_tasks: token.yml
 
diff --git a/roles/install_rke2_common/tasks/registry.yml b/roles/install_rke2_common/tasks/registry.yml
deleted file mode 100644
index f4a025bda..000000000
--- a/roles/install_rke2_common/tasks/registry.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-- name: Configure RKE2 registries.yaml
-  ansible.builtin.template:
-    src: "{{ item }}"
-    dest: "/etc/rancher/rke2/{{ item | basename | regex_replace('.j2$', '') }}"
-    mode: "0640"
-  loop:
-    - "registries.yaml.j2"
diff --git a/roles/install_rke2_common/tasks/rhel.yml b/roles/install_rke2_common/tasks/rhel.yml
index 5e98965cb..741abd804 100644
--- a/roles/install_rke2_common/tasks/rhel.yml
+++ b/roles/install_rke2_common/tasks/rhel.yml
@@ -6,10 +6,6 @@
     - ansible_os_family == "RedHat"
     - ansible_distribution_major_version | int >= 8
   block:
-    - name: Display message
-      ansible.builtin.debug:
-        msg: "Specific actions regarding servers in RHEL 8/9"
-
     # Desactivate Cloud services
     - name: Disable service nm-cloud-setup
       ansible.builtin.systemd:
diff --git a/roles/install_rke2_common/tasks/rpm_install.yml b/roles/install_rke2_common/tasks/rpm_install.yml
new file mode 100644
index 000000000..7c75e0f1a
--- /dev/null
+++ b/roles/install_rke2_common/tasks/rpm_install.yml
@@ -0,0 +1,101 @@
+---
+# NB:
+# - Airgap does not need to have rke2 version variable, since it take what is present in Hauler repo.
+# - RPM apply only for Redhat-like OS
+
+# Define which type of node
+- name: Define server install
+  ansible.builtin.set_fact:
+    type_node: "server"
+  when: caller_role_name == "controller"
+
+- name: Define agent install
+  ansible.builtin.set_fact:
+    type_node: "agent"
+  when: caller_role_name == "worker"
+
+# Not airgap
+- name: Set repo for RPM with internet access
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+    - not airgap_install
+  block:
+    - name: TARBALL | Versions needed to set repo
+      ansible.builtin.import_role:
+        name: set_versions
+        tasks_from: only_rke2
+
+    - name: Set Official RKE2 common repo
+      ansible.builtin.yum_repository:
+        name: rancher-rke2-common-latest
+        description: "Rancher RKE2 Common Latest"
+        baseurl: "https://rpm.rancher.io/rke2/latest/common/centos/{{ ansible_distribution_major_version }}/noarch"
+        gpgcheck: true
+        gpgkey: "https://rpm.rancher.io/public.key"
+
+    - name: Set Official RKE2 version repo
+      ansible.builtin.yum_repository:
+        name: rancher-rke2-latest
+        description: "Rancher RKE2 Latest"
+        baseurl: "https://rpm.rancher.io/rke2/latest/{{ rke2_version.split('.')[:2] | join('.') }}/centos/{{ ansible_distribution_major_version }}/x86_64"
+        gpgcheck: true
+        gpgkey: "https://rpm.rancher.io/public.key"
+
+# Airgap
+- name: Set Hauler as an airgap repo and registry for RPM
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+    - airgap_install
+  block:
+    - name: Set repo Hauler Airgap Server
+      ansible.builtin.yum_repository:
+        name: hauler
+        description: "Hauler Airgap Server"
+        baseurl: "http://{{ hauler_server }}:8080"
+        gpgcheck: true
+        gpgkey: "http://{{ hauler_server }}:8080/public.key"
+
+    - name: Set mirror registry (needed for rpm_install in airgap)
+      ansible.builtin.template:
+        src: "{{ item }}"
+        dest: "/etc/rancher/rke2/{{ item | basename | regex_replace('.j2$', '') }}"
+        mode: "0640"
+      loop:
+        - "registries.yaml.j2"
+
+# Install needed
+- name: Install RKE2 with rpm method
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+  block:
+    - name: Install RKE2 rpm packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      loop:
+        - "rke2-{{ type_node }}"
+
+    # https://docs.rke2.io/install/airgap
+    # - only if selinux activated
+    # - common to tarball and rpm install
+    - name: Install common packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - iptables
+        - container-selinux
+        - libnetfilter_conntrack
+        - libnfnetlink
+        - libnftnl
+        - policycoreutils-python-utils
+        - cryptsetup
+        - rke2-common
+        - rke2-selinux
+      when: ansible_selinux['status'] == 'enabled'
diff --git a/roles/install_rke2_common/tasks/selinux.yml b/roles/install_rke2_common/tasks/selinux.yml
deleted file mode 100644
index e44bd4182..000000000
--- a/roles/install_rke2_common/tasks/selinux.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# https://docs.rke2.io/install/airgap => only if selinux activated
-
-- name: Set repo Hauler Air Gap Server
-  ansible.builtin.yum_repository:
-    name: hauler
-    description: "Hauler Air Gap Server"
-    baseurl: "http://{{ hauler_server }}:8080"
-    gpgcheck: true
-    gpgkey: "http://{{ hauler_server }}:8080/public.key"
-
-- name: Install common packages
-  ansible.builtin.dnf:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - iptables
-    - container-selinux
-    - libnetfilter_conntrack
-    - libnfnetlink
-    - libnftnl
-    - policycoreutils-python-utils
-    - cryptsetup
-    - rke2-common
-    - rke2-selinux
diff --git a/roles/install_rke2_common/tasks/tarball_install.yml b/roles/install_rke2_common/tasks/tarball_install.yml
new file mode 100644
index 000000000..1f74e47f9
--- /dev/null
+++ b/roles/install_rke2_common/tasks/tarball_install.yml
@@ -0,0 +1,145 @@
+---
+# NB:
+# - Airgap does not need to have rke2 version variable, since it take what is present in Hauler repo.
+# - Tarball Should work for all Linux
+
+# Define which type of node
+- name: Define server install
+  ansible.builtin.set_fact:
+    type_node: "server"
+  when: caller_role_name == "controller"
+
+- name: Define agent install
+  ansible.builtin.set_fact:
+    type_node: "agent"
+  when: caller_role_name == "worker"
+
+# Not Airgap
+- name: Install with tarball method
+  become: true
+  when:
+    - not airgap_install
+  block:
+    - name: TARBALL | Versions needed to set repo
+      ansible.builtin.import_role:
+        name: set_versions
+        tasks_from: only_rke2
+
+    - name: TARBALL | Install RKE2 node
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail
+          curl -sfL https://get.rke2.io | INSTALL_RKE2_METHOD=tar INSTALL_RKE2_TYPE={{ type_node }} INSTALL_RKE2_VERSION=v{{ rke2_version }}+rke2r1 sh -
+        executable: /bin/bash
+      register: install_output
+      failed_when: false
+      changed_when: false
+
+    - name: TARBALL | Display install output
+      ansible.builtin.debug:
+        var: install_output['stdout']
+
+# Airgap
+- name: Install with tarball method
+  become: true
+  when:
+    - airgap_install
+  block:
+    - name: TARBALL | Make temp dir
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: "-rke2-install"
+        path: "{{ tarball_tmp_dir | default(omit) }}"
+      register: temp_dir
+
+    - name: TARBALL | Get RKE2 Artifacts from URL
+      ansible.builtin.get_url:
+        url: "http://{{ hauler_server }}:8080/{{ item }}"
+        dest: "{{ temp_dir['path'] }}/{{ item }}"
+        validate_certs: false
+      loop:
+        - rke2-images.linux-amd64.tar.zst
+        - rke2.linux-amd64.tar.gz
+        - sha256sum-amd64.txt
+        - install.sh
+
+    - name: TARBALL | Install RKE2 server node
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail
+          INSTALL_RKE2_ARTIFACT_PATH={{ temp_dir['path'] }} INSTALL_RKE2_TYPE={{ type_node }} sh {{ temp_dir['path'] }}/install.sh
+        chdir: "{{ temp_dir['path'] }}"
+        executable: /bin/bash
+      register: install_server_output
+      failed_when: false
+      changed_when: false
+
+    - name: TARBALL | Display install output
+      ansible.builtin.debug:
+        var: install_server_output['stdout_lines']
+
+### RPM apply only for Redhat-like OS ###
+
+# Not airgap
+- name: Set repo for RPM with internet access
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+    - not airgap_install
+  block:
+    - name: Set Official RKE2 common repo
+      ansible.builtin.yum_repository:
+        name: rancher-rke2-common-latest
+        description: "Rancher RKE2 Common Latest"
+        baseurl: "https://rpm.rancher.io/rke2/latest/common/centos/{{ ansible_distribution_major_version }}/noarch"
+        gpgcheck: true
+        gpgkey: "https://rpm.rancher.io/public.key"
+
+    - name: Set Official RKE2 version repo
+      ansible.builtin.yum_repository:
+        name: rancher-rke2-latest
+        description: "Rancher RKE2 Latest"
+        baseurl: "https://rpm.rancher.io/rke2/latest/{{ rke2_version.split('.')[:2] | join('.') }}/centos/{{ ansible_distribution_major_version }}/x86_64"
+        gpgcheck: true
+        gpgkey: "https://rpm.rancher.io/public.key"
+
+# Airgap
+- name: Set Hauler as an airgap repo for RPM
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+    - airgap_install
+  block:
+    - name: Set repo Hauler Airgap Server
+      ansible.builtin.yum_repository:
+        name: hauler
+        description: "Hauler Airgap Server"
+        baseurl: "http://{{ hauler_server }}:8080"
+        gpgcheck: true
+        gpgkey: "http://{{ hauler_server }}:8080/public.key"
+
+# Install needed only if selinux enabled
+- name: Set Hauler as an airgap repo for RPM
+  become: true
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution_major_version | int >= 8
+    - ansible_selinux['status'] == 'enabled'
+  block:
+    # https://docs.rke2.io/install/airgap => only if selinux activated common to tarball or rpm install
+    - name: Install common packages
+      ansible.builtin.dnf:
+        name: "{{ item }}"
+        state: present
+      with_items:
+        - iptables
+        - container-selinux
+        - libnetfilter_conntrack
+        - libnfnetlink
+        - libnftnl
+        - policycoreutils-python-utils
+        - cryptsetup
+        - rke2-common
+        - rke2-selinux
diff --git a/roles/install_rke2_common/tasks/token.yml b/roles/install_rke2_common/tasks/token.yml
index b3f75c787..1497af433 100644
--- a/roles/install_rke2_common/tasks/token.yml
+++ b/roles/install_rke2_common/tasks/token.yml
@@ -1,6 +1,6 @@
 ---
-## Get Token if one exist
-- name: Get token from URL
+## Get Token if one exist from Hauler
+- name: Get token from URL if exist
   ansible.builtin.uri:
     url: "http://{{ hauler_server }}:8080/token"
     method: GET
@@ -9,11 +9,14 @@
   register: token_response
   failed_when: false
 
-- name: Debug URL
-  ansible.builtin.debug:
-    var: token_response
-
 - name: Set variable with token
   ansible.builtin.set_fact:
     rke2_config_token: "{{ token_response['content'] }}"
   when: token_response.status == 200
+
+## Get Token from first master
+- name: Set token from first master for other nodes
+  ansible.builtin.set_fact:
+    rke2_config_token: "{{ hostvars[groups['RKE2_CONTROLLERS'][0]].rke2_config_token }}"
+  when:
+    - inventory_hostname not in groups['RKE2_CONTROLLERS'][0]
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 11ea40d54..9681d79a9 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -5,6 +5,7 @@ master: "{{ global_master_ip }}"
 control_plane_endpoint: "{{ global_rke2_api_ip }}"
 rpm_install: "{{ global_rpm_install | bool }}"
 tarball_install: "{{ global_tarball_install | bool }}"
+airgap_install: "{{ global_airgap_install | bool }}"
 
 # Fileserver
 hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index fc21c1e35..58ce17f81 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -1,5 +1,5 @@
 ---
-# Admin setup
+# Admin setup on first master
 - name: Admin setup
   become_user: "{{ admin_user }}"
   become: true
@@ -50,7 +50,79 @@
           PATH=$PATH:{{ rke2_data_dir }}/bin
         marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
-    # Install helm / k9s
+# Install helm / k9s
+- name: Install admin tools not in Airgap
+  become_user: "{{ admin_user }}"
+  become: true
+  when:
+    - not airgap_install
+  block:
+    - name: Download Helm command line tool
+      ansible.builtin.uri:
+        url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+        return_content: true
+      register: helm_installer
+
+    - name: Install Helm
+      ansible.builtin.command:
+        cmd: bash
+        stdin: "{{ helm_installer.content }}"
+        creates: /usr/local/bin/helm
+      environment:
+        DESIRED_VERSION: "{{ helm_version | default('') }}"
+
+    - name: Get K9S binary latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/derailed/k9s/releases/latest"
+        method: GET
+        return_content: true
+      register: k9s_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        k9s_version: "{{ k9s_release.json.tag_name | regex_replace('^v', '') }}"
+
+    - name: Ensure .local/bin dir exist
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: 0700
+        recurse: true
+      loop:
+        - "/tmp/k9s"
+
+    - name: Download k9s bin to .local/bin
+      ansible.builtin.unarchive:
+        src: "https://github.com/derailed/k9s/releases/download/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz"
+        dest: "/tmp/k9s"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+        remote_src: true
+        validate_certs: false
+
+    - name: Copy k9s binary file
+      ansible.builtin.copy:
+        src: "/tmp/k9s/k9s"
+        dest: "$HOME/.local/bin/k9s"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: '0750'
+        remote_src: true
+
+    - name: Cleanup tmp dir
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - "/tmp/k9s"
+
+- name: Install admin tools in Airgap
+  become_user: "{{ admin_user }}"
+  become: true
+  when:
+    - airgap_install
+  block:
     - name: Ensure .local/bin dir exist
       ansible.builtin.file:
         path: "{{ item }}"
diff --git a/roles/install_rke2_controller/tasks/config.yml b/roles/install_rke2_controller/tasks/config.yml
new file mode 100644
index 000000000..64a5d2fb8
--- /dev/null
+++ b/roles/install_rke2_controller/tasks/config.yml
@@ -0,0 +1,64 @@
+---
+# As root
+- name: Controller install as root
+  become: true
+  block:
+    # prerequis
+    - name: Create etcd group
+      ansible.builtin.group:
+        name: etcd
+        state: present
+
+    - name: Create etcd user
+      ansible.builtin.user:
+        name: etcd
+        comment: "etcd user"
+        shell: /sbin/nologin
+        system: true
+        createhome: false
+
+    - name: Create directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+        mode: '0750'
+      with_items:
+        - /etc/rancher/rke2/
+        - "{{ rke2_data_dir }}/server/manifests/"
+        - "{{ rke2_data_dir }}/agent/images"
+
+    # Config
+    - name: Configure RKE2 config.yaml
+      ansible.builtin.template:
+        src: config.yaml.j2
+        dest: /etc/rancher/rke2/config.yaml
+        mode: "0640"
+
+    - name: Set up audit policy file
+      ansible.builtin.copy:
+        content: |
+          apiVersion: audit.k8s.io/v1
+          kind: Policy
+          rules:
+          - level: RequestResponse
+        dest: /etc/rancher/rke2/audit-policy.yaml
+        mode: "0640"
+
+    - name: Set up ssl passthrough for nginx
+      ansible.builtin.copy:
+        content: |
+          apiVersion: helm.cattle.io/v1
+          kind: HelmChartConfig
+          metadata:
+            name: rke2-ingress-nginx
+            namespace: kube-system
+          spec:
+            valuesContent: |-
+              controller:
+                config:
+                  use-forwarded-headers: true
+                extraArgs:
+                  enable-ssl-passthrough: true
+        dest: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
+        mode: "0640"
diff --git a/roles/install_rke2_controller/tasks/install.yml b/roles/install_rke2_controller/tasks/install.yml
index b4bedc2e7..3a1742e3d 100644
--- a/roles/install_rke2_controller/tasks/install.yml
+++ b/roles/install_rke2_controller/tasks/install.yml
@@ -1,73 +1,16 @@
 ---
-# As root
-- name: Controller install as root
-  become: true
-  block:
-    # prerequis
-    - name: Create etcd group
-      ansible.builtin.group:
-        name: etcd
-        state: present
-
-    - name: Create etcd user
-      ansible.builtin.user:
-        name: etcd
-        comment: "etcd user"
-        shell: /sbin/nologin
-        system: true
-        createhome: false
-
-    - name: Create directories
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: directory
-        recurse: true
-        mode: '0750'
-      with_items:
-        - /etc/rancher/rke2/
-        - "{{ rke2_data_dir }}/server/manifests/"
-        - "{{ rke2_data_dir }}/agent/images"
-
-    # Config
-    - name: Configure RKE2 config.yaml
-      ansible.builtin.template:
-        src: config.yaml.j2
-        dest: /etc/rancher/rke2/config.yaml
-        mode: "0640"
-
-    - name: Set up audit policy file
-      ansible.builtin.copy:
-        content: |
-          apiVersion: audit.k8s.io/v1
-          kind: Policy
-          rules:
-          - level: RequestResponse
-        dest: /etc/rancher/rke2/audit-policy.yaml
-        mode: "0640"
-
-    - name: Set up ssl passthrough for nginx
-      ansible.builtin.copy:
-        content: |
-          apiVersion: helm.cattle.io/v1
-          kind: HelmChartConfig
-          metadata:
-            name: rke2-ingress-nginx
-            namespace: kube-system
-          spec:
-            valuesContent: |-
-              controller:
-                config:
-                  use-forwarded-headers: true
-                extraArgs:
-                  enable-ssl-passthrough: true
-        dest: /var/lib/rancher/rke2/server/manifests/rke2-ingress-nginx-config.yaml
-        mode: "0640"
-
-# Install regarding choosen method
 - name: RKE2 Install tarball method
-  ansible.builtin.import_tasks: tarball_install.yml
+  vars:
+    caller_role_name: controller
+  ansible.builtin.import_role:
+    name: install_rke2_common
+    tasks_from: tarball_install
   when: tarball_install
 
 - name: RKE2 Install rpm method
-  ansible.builtin.import_tasks: rpm_install.yml
+  vars:
+    caller_role_name: controller
+  ansible.builtin.import_role:
+    name: install_rke2_common
+    tasks_from: rpm_install
   when: rpm_install
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index b2670dcf2..5ab715a5e 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -1,5 +1,5 @@
 ---
-# All tasks to do realize on ansible controler
+# All tasks on ansible controller
 - name: Fetch RKE2 kubeconfig to localhost
   ansible.builtin.fetch:
     src: "$HOME/.kube/{{ inventory_hostname }}.yaml"
diff --git a/roles/install_rke2_controller/tasks/main.yml b/roles/install_rke2_controller/tasks/main.yml
index 23849a1e9..85386a98b 100644
--- a/roles/install_rke2_controller/tasks/main.yml
+++ b/roles/install_rke2_controller/tasks/main.yml
@@ -28,7 +28,7 @@
   tags: firewalld
 
 # Start install
-- name: RKE2 common to worker and controler tasks
+- name: RKE2 common tasks
   vars:
     caller_role_name: controller
   ansible.builtin.import_role:
@@ -36,21 +36,18 @@
     tasks_from: main
   tags: common
 
+# Install first node
+- name: RKE2 config controler before install
+  ansible.builtin.import_tasks: config.yml
+  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
+  tags: config
+
 - name: RKE2 Install controler
   ansible.builtin.import_tasks: install.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
   tags: install
 
-- name: Tasks if SELinux is activated for RKE2 installation
-  vars:
-    caller_role_name: controller
-  ansible.builtin.import_role:
-    name: install_rke2_common
-    tasks_from: selinux
-  tags: selinux
-  when: ansible_selinux['status'] == 'enabled'
-
-- name: Start RKE2 after selinux config
+- name: RKE2 start controller
   ansible.builtin.import_tasks: start.yml
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
   tags: start
@@ -70,6 +67,9 @@
   when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
   tags: localhost
 
+# Install other controllers
+# ...
+
 # Utils
 - name: RKE2 install nerdctl
   vars:
diff --git a/roles/install_rke2_controller/tasks/rpm_install.yml b/roles/install_rke2_controller/tasks/rpm_install.yml
deleted file mode 100644
index df64d19ad..000000000
--- a/roles/install_rke2_controller/tasks/rpm_install.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-# RPM
-- name: Set repo Hauler Air Gap Server
-  ansible.builtin.yum_repository:
-    name: hauler
-    description: "Hauler Air Gap Server"
-    baseurl: "http://{{ hauler_server }}:8080"
-    gpgcheck: true
-    gpgkey: "http://{{ hauler_server }}:8080/public.key"
-
-- name: Install RKE2 rpm packages
-  ansible.builtin.dnf:
-    name: "{{ item }}"
-    state: present
-  loop:
-    - rke2-selinux
-    - rke2-common
-    - rke2-server
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
diff --git a/roles/install_rke2_controller/tasks/tarball_install.yml b/roles/install_rke2_controller/tasks/tarball_install.yml
deleted file mode 100644
index b5c8305f9..000000000
--- a/roles/install_rke2_controller/tasks/tarball_install.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-# As root
-- name: Install with tarball method
-  become: true
-  block:
-    - name: TARBALL | Make temp dir
-      ansible.builtin.tempfile:
-        state: directory
-        suffix: "-rke2-controller-install"
-        path: "{{ tarball_tmp_dir | default(omit) }}"
-      register: temp_dir
-
-    - name: TARBALL | Get RKE2 Artifacts from URL
-      ansible.builtin.get_url:
-        url: "http://{{ hauler_server }}:8080/{{ item }}"
-        dest: "{{ temp_dir['path'] }}/{{ item }}"
-        validate_certs: false
-      loop:
-        - rke2-images.linux-amd64.tar.zst
-        - rke2.linux-amd64.tar.gz
-        - sha256sum-amd64.txt
-        - install.sh
-
-    - name: TARBALL | Install RKE2 server node
-      ansible.builtin.shell:
-        cmd: |
-          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ temp_dir['path'] }} INSTALL_RKE2_TYPE=server sh {{ temp_dir['path'] }}/install.sh
-        chdir: "{{ temp_dir['path'] }}"
-        executable: /bin/bash
-      register: install_server_output
-      failed_when: false
-      changed_when: false
-
-    - name: TARBALL | Display install output
-      ansible.builtin.debug:
-        var: install_server_output['stdout_lines']
-
-    - name: TARBALL | Pause for 5 seconds before start service
-      ansible.builtin.pause:
-        seconds: 5
diff --git a/roles/install_rke2_controller/tasks/token.yml b/roles/install_rke2_controller/tasks/token.yml
index 45edd7fd6..dd9061596 100644
--- a/roles/install_rke2_controller/tasks/token.yml
+++ b/roles/install_rke2_controller/tasks/token.yml
@@ -1,13 +1,14 @@
 ---
-# As root
-- name: Get and write token
+# On controller[0] as root
+- name: Get token on first master
+  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
   become: true
   block:
     - name: Wait for node-token
       ansible.builtin.wait_for:
         path: "{{ rke2_data_dir }}/server/node-token"
 
-    - name: Read node-token from master
+    - name: Read node-token from first master
       ansible.builtin.slurp:
         src: "{{ rke2_data_dir }}/server/node-token"
       register: node_token
@@ -15,10 +16,3 @@
     - name: Store Master node-token
       ansible.builtin.set_fact:
         rke2_config_token: "{{ node_token['content'] | b64decode | regex_replace('\n', '') }}"
-
-    - name: Write token on mount path
-      ansible.builtin.copy:
-        content: "{{ rke2_config_token }}"
-        dest: "{{ mount_rke2_path }}/token"
-        follow: true
-        mode: "0640"
diff --git a/roles/install_rke2_worker/defaults/main.yml b/roles/install_rke2_worker/defaults/main.yml
index e5e9dc249..f389ba5dc 100644
--- a/roles/install_rke2_worker/defaults/main.yml
+++ b/roles/install_rke2_worker/defaults/main.yml
@@ -5,6 +5,7 @@ master: "{{ global_master_ip }}"
 control_plane_endpoint: "{{ global_rke2_api_ip }}"
 rpm_install: "{{ global_rpm_install | bool }}"
 tarball_install: "{{ global_tarball_install | bool }}"
+airgap_install: "{{ global_airgap_install | bool }}"
 
 # Fileserver
 hauler_server: "{{ global_hauler_ip }}"
diff --git a/roles/install_rke2_worker/tasks/config.yml b/roles/install_rke2_worker/tasks/config.yml
new file mode 100644
index 000000000..d2a8e23f1
--- /dev/null
+++ b/roles/install_rke2_worker/tasks/config.yml
@@ -0,0 +1,20 @@
+---
+# As root
+- name: Install RKE2 worker
+  become: true
+  block:
+    # prerequis
+    - name: Create directories
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+        mode: '0750'
+      with_items:
+        - /etc/rancher/rke2/
+
+    - name: Configure RKE2 config.yaml
+      ansible.builtin.template:
+        src: config.yaml.j2
+        dest: /etc/rancher/rke2/config.yaml
+        mode: "0640"
diff --git a/roles/install_rke2_worker/tasks/install.yml b/roles/install_rke2_worker/tasks/install.yml
index 16198065c..7a39f2188 100644
--- a/roles/install_rke2_worker/tasks/install.yml
+++ b/roles/install_rke2_worker/tasks/install.yml
@@ -1,29 +1,17 @@
 ---
-# As root
-- name: Install RKE2 worker
-  become: true
-  block:
-    # prerequis
-    - name: Create directories
-      ansible.builtin.file:
-        path: "{{ item }}"
-        state: directory
-        recurse: true
-        mode: '0750'
-      with_items:
-        - /etc/rancher/rke2/
-
-    - name: Configure RKE2 config.yaml
-      ansible.builtin.template:
-        src: config.yaml.j2
-        dest: /etc/rancher/rke2/config.yaml
-        mode: "0640"
-
 # Install regarding choosen method
 - name: RKE2 Install tarball method
-  ansible.builtin.import_tasks: tarball_install.yml
+  vars:
+    caller_role_name: worker
+  ansible.builtin.import_role:
+    name: install_rke2_common
+    tasks_from: tarball_install
   when: tarball_install
 
 - name: RKE2 Install rpm method
-  ansible.builtin.import_tasks: rpm_install.yml
+  vars:
+    caller_role_name: worker
+  ansible.builtin.import_role:
+    name: install_rke2_common
+    tasks_from: rpm_install
   when: rpm_install
diff --git a/roles/install_rke2_worker/tasks/main.yml b/roles/install_rke2_worker/tasks/main.yml
index 1b4d5ccb3..035d64eb1 100644
--- a/roles/install_rke2_worker/tasks/main.yml
+++ b/roles/install_rke2_worker/tasks/main.yml
@@ -27,8 +27,8 @@
     - ansible_facts['services']['firewalld.service']['state'] == "running"
   tags: firewalld
 
-# Start install
-- name: RKE2 common to worker and controler tasks
+# Start install workers
+- name: RKE2 common tasks
   vars:
     caller_role_name: worker
   ansible.builtin.import_role:
@@ -36,19 +36,15 @@
     tasks_from: main
   tags: common
 
+- name: RKE2 config worker before install
+  ansible.builtin.import_tasks: config.yml
+  tags: config
+
 - name: RKE2 Install worker
   ansible.builtin.import_tasks: install.yml
   tags: install
 
-- name: Tasks if SELinux is activated for RKE2 installation
-  vars:
-    caller_role_name: worker
-  ansible.builtin.import_role:
-    name: install_rke2_common
-    tasks_from: selinux
-  when: ansible_selinux['status'] == 'enabled'
-
-- name: RKE2 start worker after Selinux
+- name: RKE2 start worker
   ansible.builtin.import_tasks: start.yml
   tags: start
 
diff --git a/roles/install_rke2_worker/tasks/rpm_install.yml b/roles/install_rke2_worker/tasks/rpm_install.yml
deleted file mode 100644
index df64d19ad..000000000
--- a/roles/install_rke2_worker/tasks/rpm_install.yml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-# RPM
-- name: Set repo Hauler Air Gap Server
-  ansible.builtin.yum_repository:
-    name: hauler
-    description: "Hauler Air Gap Server"
-    baseurl: "http://{{ hauler_server }}:8080"
-    gpgcheck: true
-    gpgkey: "http://{{ hauler_server }}:8080/public.key"
-
-- name: Install RKE2 rpm packages
-  ansible.builtin.dnf:
-    name: "{{ item }}"
-    state: present
-  loop:
-    - rke2-selinux
-    - rke2-common
-    - rke2-server
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution_major_version | int >= 8
diff --git a/roles/install_rke2_worker/tasks/tarball_install.yml b/roles/install_rke2_worker/tasks/tarball_install.yml
deleted file mode 100644
index 2889f006b..000000000
--- a/roles/install_rke2_worker/tasks/tarball_install.yml
+++ /dev/null
@@ -1,40 +0,0 @@
----
-# As root
-- name: Install with tarball method
-  become: true
-  block:
-    - name: TARBALL | Make temp dir
-      ansible.builtin.tempfile:
-        state: directory
-        suffix: "-rke2-worker-install"
-        path: "{{ tarball_tmp_dir | default(omit) }}"
-      register: temp_dir
-
-    - name: TARBALL | Get RKE2 Artifacts from URL
-      ansible.builtin.get_url:
-        url: "http://{{ hauler_server }}:8080/{{ item }}"
-        dest: "{{ temp_dir['path'] }}/{{ item }}"
-        validate_certs: false
-      loop:
-        - rke2-images.linux-amd64.tar.zst
-        - rke2.linux-amd64.tar.gz
-        - sha256sum-amd64.txt
-        - install.sh
-
-    - name: TARBALL | Install RKE2 worker node
-      ansible.builtin.shell:
-        cmd: |
-          set -o pipefail && INSTALL_RKE2_ARTIFACT_PATH={{ temp_dir['path'] }} INSTALL_RKE2_TYPE=agent sh {{ temp_dir['path'] }}/install.sh
-        chdir: "{{ temp_dir['path'] }}"
-        executable: /bin/bash
-      register: install_worker_output
-      failed_when: false
-      changed_when: false
-
-    - name: TARBALL | Display install output
-      ansible.builtin.debug:
-        var: install_worker_output['stdout_lines']
-
-    - name: TARBALL | Pause for 5 seconds before start service
-      ansible.builtin.pause:
-        seconds: 5
diff --git a/roles/set_versions/tasks/only_rke2.yml b/roles/set_versions/tasks/only_rke2.yml
new file mode 100644
index 000000000..5bd30c142
--- /dev/null
+++ b/roles/set_versions/tasks/only_rke2.yml
@@ -0,0 +1,26 @@
+---
+# Stable version from URL
+- name: Set RKE2 Versions variables
+  when: stable_channel_wanted
+  block:
+    # export RKE_VERSION=$(curl -s https://update.rke2.io/v1-release/channels | jq -r '.data[] | select(.id=="stable") | .latest' | awk -F"+" '{print $1}'| sed 's/v//')
+    - name: Get RKE2 latest stable version
+      ansible.builtin.uri:
+        url: "https://update.rke2.io/v1-release/channels"
+        method: GET
+        return_content: true
+      register: rke2_channels
+
+    - name: Extract latest stable version
+      ansible.builtin.set_fact:
+        rke2_version: "{{ rke2_channels.json.data | selectattr('id', 'equalto', 'stable') | map(attribute='latest') | first | regex_replace('\\+.*', '') | regex_replace('^v', '') }}"
+
+# Version defined in this Ansible collection
+- name: Set RKE2 Versions variables
+  ansible.builtin.set_fact:
+    rke2_version: "{{ global_versions['rke2'] }}"
+  when: not stable_channel_wanted
+
+- name: Display RKE2 version
+  ansible.builtin.debug:
+    msg:  "RKE2 version to be installed is {{ rke2_version }}"

From fb035ce001bc0d4cea14ac241b047ce5773ea7c3 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 17 May 2024 13:52:42 +0200
Subject: [PATCH 338/365] install non-airgap

---
 .github/workflows/stage_airgap.yml            |  4 +-
 .github/workflows/stage_online.yml            | 10 +--
 roles/install_rke2_controller/tasks/admin.yml | 14 ++--
 roles/install_rke2_worker/tasks/start.yml     |  5 +-
 roles/install_utils_nerdctl/tasks/install.yml | 67 ++++++++++++++++++-
 5 files changed, 79 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index ab91396da..f3d3efd9b 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -13,8 +13,8 @@ env:
   BUCKET: "rkub-github-action-${{ github.run_id }}"
   #BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
-  WORKER_COUNT: "2"
-  SIZE: "s-4vcpu-8gb"
+  WORKER_COUNT: "1"
+  SIZE: "s-2vcpu-4gb"
 
 jobs:
   bucket:
diff --git a/.github/workflows/stage_online.yml b/.github/workflows/stage_online.yml
index e028e455b..497414954 100644
--- a/.github/workflows/stage_online.yml
+++ b/.github/workflows/stage_online.yml
@@ -13,8 +13,8 @@ env:
   BUCKET: "rkub-github-action-${{ github.run_id }}"
   #BUCKET: "terraform-backend-github"
   CONTROLLER_COUNT: "1"
-  WORKER_COUNT: "0"
-  SIZE: "s-4vcpu-8gb"
+  WORKER_COUNT: "1"
+  SIZE: "s-2vcpu-4gb"
 
 jobs:
   bucket:
@@ -195,13 +195,9 @@ jobs:
         env:
           SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
 
-      - name: Run playbook hauler_server.yml
-        run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/hauler_server.yml -e dir_target=${MOUNT_POINT}
-
       - name: Run playbook install.yml
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e dir_target=${MOUNT_POINT}
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e "airgap=false" -e "method=tarball"
 
       #- name: Run playbook rancher.yml
       #  run: |
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 58ce17f81..0fc772c0f 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -50,13 +50,13 @@
           PATH=$PATH:{{ rke2_data_dir }}/bin
         marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
-# Install helm / k9s
+# Install helm / k9s non-airgap
 - name: Install admin tools not in Airgap
-  become_user: "{{ admin_user }}"
   become: true
   when:
     - not airgap_install
   block:
+    # helm
     - name: Download Helm command line tool
       ansible.builtin.uri:
         url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
@@ -71,6 +71,7 @@
       environment:
         DESIRED_VERSION: "{{ helm_version | default('') }}"
 
+    # k9s
     - name: Get K9S binary latest release
       ansible.builtin.uri:
         url: "https://api.github.com/repos/derailed/k9s/releases/latest"
@@ -95,8 +96,6 @@
       ansible.builtin.unarchive:
         src: "https://github.com/derailed/k9s/releases/download/v{{ k9s_version }}/k9s_Linux_amd64.tar.gz"
         dest: "/tmp/k9s"
-        owner: "{{ admin_user }}"
-        group: "{{ admin_user }}"
         mode: '0750'
         remote_src: true
         validate_certs: false
@@ -104,10 +103,8 @@
     - name: Copy k9s binary file
       ansible.builtin.copy:
         src: "/tmp/k9s/k9s"
-        dest: "$HOME/.local/bin/k9s"
-        owner: "{{ admin_user }}"
-        group: "{{ admin_user }}"
-        mode: '0750'
+        dest: "/usr/local/bin/k9s"
+        mode: '0755'
         remote_src: true
 
     - name: Cleanup tmp dir
@@ -117,6 +114,7 @@
       loop:
         - "/tmp/k9s"
 
+# Install helm / k9s airgap
 - name: Install admin tools in Airgap
   become_user: "{{ admin_user }}"
   become: true
diff --git a/roles/install_rke2_worker/tasks/start.yml b/roles/install_rke2_worker/tasks/start.yml
index 1b3eeaf47..c49e0216f 100644
--- a/roles/install_rke2_worker/tasks/start.yml
+++ b/roles/install_rke2_worker/tasks/start.yml
@@ -4,13 +4,14 @@
   become: true
   block:
     # Start
-    - name: Mask RKE2 agent service on the first server
+    - name: Mask RKE2 server service on the first server
       ansible.builtin.systemd:
         name: "rke2-server.service"
         enabled: false
         masked: true
+      retries: 5
 
-    - name: Start and enable rke2-server
+    - name: Start and enable rke2-agent
       ansible.builtin.systemd:
         name: rke2-agent.service
         state: started
diff --git a/roles/install_utils_nerdctl/tasks/install.yml b/roles/install_utils_nerdctl/tasks/install.yml
index fea31986c..7f47d9af1 100644
--- a/roles/install_utils_nerdctl/tasks/install.yml
+++ b/roles/install_utils_nerdctl/tasks/install.yml
@@ -1,7 +1,66 @@
 ---
-# As root
-- name: Install Nerdctl
+# Non-airgap
+- name: Install Nerdctl in non-Airgap
   become: true
+  when:
+    - not airgap_install
+  block:
+    - name: Create the NERDCTL directory
+      ansible.builtin.file:
+        path: /etc/nerdctl
+        state: directory
+        mode: '0754'
+
+    - name: Check if file does exist
+      ansible.builtin.stat:
+        path: /usr/local/bin/nerdctl
+      register: file_data
+
+    - name: Download and install nerdctl when not already here
+      when: not file_data.stat.exists
+      block:
+        - name: Get Nerdctl binary latest release
+          ansible.builtin.uri:
+            url: "https://api.github.com/repos/containerd/nerdctl/releases/latest"
+            method: GET
+            return_content: true
+          register: nerdctl_release
+
+        - name: Extract latest release tag
+          ansible.builtin.set_fact:
+            nerdctl_version: "{{ nerdctl_release.json.tag_name | regex_replace('^v', '') }}"
+
+        - name: Create tmp dir
+          ansible.builtin.file:
+            path: /tmp/nerdctl
+            state: directory
+            mode: '0750'
+
+        - name: Download Nerdctl bin into /usr/local/bin
+          ansible.builtin.unarchive:
+            src: "https://github.com/containerd/nerdctl/releases/download/v{{ nerdctl_version }}/nerdctl-{{ nerdctl_version }}-linux-amd64.tar.gz"
+            dest: "/tmp/nerdctl"
+            mode: '0750'
+            remote_src: true
+            validate_certs: false
+
+        - name: Copy nerdctl binary file
+          ansible.builtin.copy:
+            src: "/tmp/nerdctl/nerdctl"
+            dest: "/usr/local/bin/nerdctl"
+            mode: '0750'
+            remote_src: true
+
+        - name: Cleanup tmp dir
+          ansible.builtin.file:
+            path: /tmp/nerdctl
+            state: absent
+
+# Airgap
+- name: Install Nerdctl in Airgap
+  become: true
+  when:
+    - airgap_install
   block:
     - name: Create the NERDCTL directory
       ansible.builtin.file:
@@ -43,6 +102,10 @@
             path: /tmp/nerdctl
             state: absent
 
+# Common
+- name: Config Nerdctl
+  become: true
+  block:
     - name: Copy NERDCTL configuration file
       ansible.builtin.template:
         src: nerdctl.toml

From 040a5047fbb37150f295103bc91717ddaf1ecfb8 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 17 May 2024 14:01:05 +0200
Subject: [PATCH 339/365] stage online install

---
 .github/workflows/stage_online.yml | 51 +++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/stage_online.yml b/.github/workflows/stage_online.yml
index 497414954..f26e49749 100644
--- a/.github/workflows/stage_online.yml
+++ b/.github/workflows/stage_online.yml
@@ -40,7 +40,7 @@ jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-    needs: Bucket
+    needs: [ Bucket ]
     timeout-minutes: 20
 
     defaults:
@@ -111,7 +111,7 @@ jobs:
   reachable:
     name: Reachable
     runs-on: ubuntu-latest
-    needs: deploy
+    needs: [ Deploy ]
     timeout-minutes: 10
 
     defaults:
@@ -164,7 +164,7 @@ jobs:
   install:
     name: Install
     runs-on: ubuntu-latest
-    needs: [ Reachable, Package ]
+    needs: [ Reachable ]
     timeout-minutes: 60
 
     defaults:
@@ -217,10 +217,51 @@ jobs:
       #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
       #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
 
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    needs: [ Install ]
+    timeout-minutes: 10
+
+    defaults:
+      run:
+        shell: bash
+        working-directory: ./test
+
+    steps:
+      - name: Checkout files
+        uses: actions/checkout@v4
+
+      - name: Download inventory
+        uses: actions/download-artifact@v4
+        with:
+          name: inventory
+
+      - name: Get key and hosts.ini
+        run: |
+          echo "$SSH_KEY" > .key
+          chmod 400 .key
+          cp ${{ github.workspace }}/hosts.ini inventory/hosts.ini
+        shell: bash
+        env:
+          SSH_KEY: ${{secrets.SSH_PRIVATE_KEY}}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install ansible pytest-testinfra
+          ansible --version
+
+      - name: Run Python Tests
+        run: |
+          export DEFAULT_PRIVATE_KEY_FILE=.key
+          pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_server_tests.py
+          pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_agent_tests.py
+
   delay:
     name: Delay
     runs-on: ubuntu-latest
-    needs: Install
+    needs: [ Test ]
     if: always()
 
     steps:
@@ -232,7 +273,7 @@ jobs:
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
-    needs: Delay
+    needs: [ Delay ]
     if: always()
     timeout-minutes: 30
 

From 7c5a729068134f96aa4f1e19f1b473c77198daba Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 17 May 2024 15:13:38 +0200
Subject: [PATCH 340/365] pytest

---
 .github/workflows/stage_airgap.yml |  8 ++++----
 .github/workflows/stage_online.yml | 14 ++++----------
 .gitignore                         |  1 +
 test/ansible.cfg                   |  1 +
 4 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index f3d3efd9b..32a886112 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -276,15 +276,15 @@ jobs:
 
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
-          pip3 install ansible pytest-testinfra
+          python3 -m pip install --upgrade pip
+          python3 -m pip install -U pytest-testinfra ansible pytest-sugar pytest
           ansible --version
 
       - name: Run Python Tests
         run: |
           export DEFAULT_PRIVATE_KEY_FILE=.key
-          pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_server_tests.py
-          pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_agent_tests.py
+          python3 -m pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible basic_server_tests.py
+          python3 -m pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible basic_agent_tests.py
 
   delay:
     name: Delay
diff --git a/.github/workflows/stage_online.yml b/.github/workflows/stage_online.yml
index f26e49749..b558e9a54 100644
--- a/.github/workflows/stage_online.yml
+++ b/.github/workflows/stage_online.yml
@@ -211,12 +211,6 @@ jobs:
       #  run: |
       #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
 
-      #- name: Run Python Tests
-      #  run: |
-      #    export DEFAULT_PRIVATE_KEY_FILE=.key
-      #    pytest --hosts=rke2_servers --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_server_tests.py
-      #    pytest --hosts=rke2_agents --ansible-inventory=hosts.ini --force-ansible --connection=ansible --sudo test/basic_agent_tests.py
-
   test:
     name: Test
     runs-on: ubuntu-latest
@@ -248,15 +242,15 @@ jobs:
 
       - name: Install dependencies
         run: |
-          python -m pip install --upgrade pip
-          pip3 install ansible pytest-testinfra
+          python3 -m pip install --upgrade pip
+          python3 -m pip install -U pytest-testinfra ansible pytest-sugar pytest
           ansible --version
 
       - name: Run Python Tests
         run: |
           export DEFAULT_PRIVATE_KEY_FILE=.key
-          pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_server_tests.py
-          pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible --user=root basic_agent_tests.py
+          python3 -m pytest --hosts=RKE2_CONTROLLERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible basic_server_tests.py
+          python3 -m pytest --hosts=RKE2_WORKERS --ansible-inventory=inventory/hosts.ini --force-ansible --connection=ansible basic_agent_tests.py
 
   delay:
     name: Delay
diff --git a/.gitignore b/.gitignore
index 2ea911878..d7b19d5ef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,4 +25,5 @@ hosts.ini
 .key
 Chart.lock
 .venv/
+__pycache__
 AWS
diff --git a/test/ansible.cfg b/test/ansible.cfg
index 4510ec4bb..6ea80a8dd 100644
--- a/test/ansible.cfg
+++ b/test/ansible.cfg
@@ -1,4 +1,5 @@
 [defaults]
+remote_user = root
 inventory =  ./inventory/hosts.ini
 roles_path = ../roles
 host_key_checking = False

From c55afee526309cd6f879d11f099a6472e87be172 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Fri, 17 May 2024 15:44:35 +0200
Subject: [PATCH 341/365] pytest

---
 test/ansible.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/ansible.cfg b/test/ansible.cfg
index 6ea80a8dd..671228f21 100644
--- a/test/ansible.cfg
+++ b/test/ansible.cfg
@@ -7,4 +7,4 @@ display_skipped_hosts = false
 deprecation_warnings = false
 force_color       = True
 stdout_callback   = yaml
-private_key_file = ./DO/.key
+private_key_file = ./.key

From 3dec0a8386d74add58570b6c4a1e3ec09917c0df Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 18 May 2024 10:27:05 +0200
Subject: [PATCH 342/365] add timeout extended for VPC deletion

---
 test/DO/infra/main.tf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index f4ee7dc7a..ebb961902 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -38,7 +38,21 @@ data "digitalocean_ssh_key" "terraform" {
 resource "digitalocean_vpc" "rkub-project-network" {
   name     = "rkub-${var.GITHUB_RUN_ID}-network"
   region   = var.region
+
+  timeouts {
+    delete = "30m"
+  }
+}
+
+# https://github.com/digitalocean/terraform-provider-digitalocean/issues/446
+resource "time_sleep" "wait_300_seconds_to_destroy" {
+  depends_on = [digitalocean_vpc.rkub-project-network]
+  destroy_duration = "300s"
+}
+resource "null_resource" "placeholder" {
+  depends_on = [time_sleep.wait_300_seconds_to_destroy]
 }
+#
 
 locals {
   cloud_init_config = yamlencode({

From c25063d1a18112bb8becf0b4e7dcca46cdbefdfe Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 18 May 2024 23:02:03 +0200
Subject: [PATCH 343/365] deploy longhorn non-airgap

---
 roles/deploy_longhorn/defaults/main.yml |  5 +--
 roles/deploy_longhorn/tasks/deploy.yml  | 45 +++++++++++++++++++++++--
 2 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/roles/deploy_longhorn/defaults/main.yml b/roles/deploy_longhorn/defaults/main.yml
index 83783a3b3..157c10fc8 100644
--- a/roles/deploy_longhorn/defaults/main.yml
+++ b/roles/deploy_longhorn/defaults/main.yml
@@ -1,7 +1,5 @@
 ---
 # defaults file for deploy_longhorn
-longhorn_version: "{{ global_LONGHORN_VERSION }}"
-longhorn_charts: "longhorn-{{ longhorn_version }}.tgz"
 longhorn_servicename: "longhorn"
 longhorn_domain: "{{ global_domain }}"
 longhorn_url: "{{ longhorn_servicename }}.{{ longhorn_domain }}"
@@ -11,5 +9,4 @@ longhorn_replica: "{{ global_longhorn_replica }}"
 # General
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
-mount_path: "{{ global_directory_mount }}"
-mount_helm_path: "{{ mount_path }}/helm"
+airgap_install: "{{ global_airgap_install | bool }}"
diff --git a/roles/deploy_longhorn/tasks/deploy.yml b/roles/deploy_longhorn/tasks/deploy.yml
index b04b2ff1c..b787dd1ca 100644
--- a/roles/deploy_longhorn/tasks/deploy.yml
+++ b/roles/deploy_longhorn/tasks/deploy.yml
@@ -1,22 +1,63 @@
 ---
+# Airgap
 - name: "Deploy Longhorn"
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
   become_method: ansible.builtin.sudo
   become_flags: "-i"
+  when: airgap_install
   block:
     - name: Deploy helm charts
       kubernetes.core.helm:
         atomic: true
         name: "longhorn"
-        chart_ref: "{{ mount_helm_path }}/{{ longhorn_charts }}"
+        chart_ref: "oci://{{ master }}:5000/hauler/longhorn"
         release_namespace: "longhorn-system"
         create_namespace: true
         values:
           global:
             cattle:
-              systemDefaultRegistry: "localhost:5000"
+              systemDefaultRegistry: "{{ master }}:5000"
+          ingress:
+            enabled: true
+            host: "{{ longhorn_url }}"
+          defaultSettings:
+            defaultDataPath: "{{ longhorn_datapath }}"
+            nodeDownPodDeletionPolicy: delete-both-statefulset-and-deployment-pod
+          persistence:
+            defaultClassReplicaCount: "{{ longhorn_replica }}"
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+# Non-Airgap
+- name: "Deploy Longhorn"
+  run_once: true
+  become: true
+  become_user: "{{ admin_user }}"
+  become_method: ansible.builtin.sudo
+  become_flags: "-i"
+  when: not airgap_install
+  block:
+    - name: Longhorn Versions needed
+      ansible.builtin.import_role:
+        name: set_versions
+        tasks_from: only_longhorn
+
+    - name: Add longhorn chart repo
+      kubernetes.core.helm_repository:
+        name: longhorn
+        repo_url: "https://charts.longhorn.io"
+        force_update: true
+
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "longhorn"
+        chart_ref: "longhorn/longhorn"
+        chart_version: "{{ longhorn_version }}"
+        release_namespace: "longhorn-system"
+        create_namespace: true
+        values:
           ingress:
             enabled: true
             host: "{{ longhorn_url }}"

From 2724d2432ab56fbe670624da02d9f147371d4894 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 18 May 2024 23:07:19 +0200
Subject: [PATCH 344/365] correct rke2 install

---
 roles/install_rke2_common/tasks/main.yml      |  2 +
 .../install_rke2_controller/defaults/main.yml |  8 +-
 roles/install_rke2_controller/tasks/admin.yml | 75 ++++++++++++-------
 .../tasks/localhost.yml                       | 30 ++++----
 roles/install_rke2_controller/tasks/start.yml |  1 +
 roles/install_rke2_worker/defaults/main.yml   |  2 +-
 roles/set_versions/tasks/only_longhorn.yml    | 27 +++++++
 roles/set_versions/tasks/only_rke2.yml        |  1 +
 8 files changed, 100 insertions(+), 46 deletions(-)
 create mode 100644 roles/set_versions/tasks/only_longhorn.yml

diff --git a/roles/install_rke2_common/tasks/main.yml b/roles/install_rke2_common/tasks/main.yml
index d81de22bd..2dbf31f1f 100644
--- a/roles/install_rke2_common/tasks/main.yml
+++ b/roles/install_rke2_common/tasks/main.yml
@@ -12,6 +12,8 @@
 
 - name: Populate service facts
   ansible.builtin.service_facts: {}
+  when: >
+    ansible_facts['services'] is not defined
   tags: [always]
 
 - name: Specific config for NetworkManager
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 9681d79a9..4a2a0976f 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -10,19 +10,17 @@ airgap_install: "{{ global_airgap_install | bool }}"
 # Fileserver
 hauler_server: "{{ global_hauler_ip }}"
 
-# currently needed to store token - need to be replace
-mount_path: "{{ global_directory_package_target }}"
-mount_rke2_path: "{{ mount_path }}/fileserver"
-
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
+rkub_local_kubeconfig: "~/.kube/rkub.yaml"
+rkub_context_name: "rkub-{{ inventory_hostname }}"
 
 # Controller options
 rke2_data_dir: "{{ global_rke2_data_dir }}"
 rke2_cluster_cidr: "{{ global_rke2_cluster_cidr }}"
 rke2_service_cidr: "{{ global_rke2_service_cidr }}"
 rke2_cni: "{{ global_rke2_cni }}"
-rke2_profile_activated: "{{ global_rke2_profile_activated }}"
+rke2_profile_activated: "{{ global_rke2_profile_activated | bool }}"
 
 # Firewall rules
 controller_firewalld_rules:
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index 0fc772c0f..a48fd0289 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -1,54 +1,72 @@
 ---
 # Admin setup on first master
 - name: Admin setup
-  become_user: "{{ admin_user }}"
   become: true
   block:
     - name: Remove old Kubeconfig file
       ansible.builtin.file:
-        path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
+        path: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
         state: absent
 
     - name: Ensure .kube dir exist
       ansible.builtin.file:
-        path: "$HOME/.kube"
+        path: "/home/{{ admin_user }}/.kube"
         state: directory
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
         mode: 0700
         recurse: true
 
-    - name: Get Kubernetes config file
-      run_once: true
-      ansible.builtin.slurp:
-        src: "{{ rke2_kubeconfig_file }}"
-      register: kubeconfig_base64
-      become: false
+    - name: Update Admin .bashrc
+      ansible.builtin.blockinfile:
+        path: "/home/{{ admin_user }}/.bashrc"
+        block: |
+          export KUBECONFIG=$HOME/.kube/{{ inventory_hostname }}.yaml
+          export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
+        marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
-    - name: Copy kubeconfig in Admin home dir
+    - name: Copy kubeconfig to admin homedir
       ansible.builtin.copy:
-        content: "{{ kubeconfig_base64.content | b64decode | replace('127.0.0.1', control_plane_endpoint) }}"
+        src: "{{ rke2_kubeconfig_file }}"
         dest: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
         owner: "{{ admin_user }}"
         group: "{{ admin_user }}"
         force: true
         remote_src: true
         mode: '0600'
-      run_once: true
-      become: false
 
-    - name: Change localhost with master ip in kubeconfig
+    - name: Change localhost with control_plane_endpoint in kubeconfig
       ansible.builtin.lineinfile:
-        path: "$HOME/.kube/{{ inventory_hostname }}.yaml"
+        path: /home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml
         search_string: '127.0.0.1'
-        line: "    server: https://{{ master }}:6443"
+        line: "    server: https://{{ control_plane_endpoint }}:6443"
+
+# Push kubectl on admin user
+- name: Push Kubectl
+  become: true
+  block:
+    - name: Ensure dir exist
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        mode: 0750
+        recurse: true
+      loop:
+        - "$HOME/.local"
+        - "$HOME/.local/bin"
+
+    - name: Copy kubectl binary to admin user
+      ansible.builtin.copy:
+        src: "{{ rke2_data_dir }}/bin/kubectl"
+        dest: "/home/{{ admin_user }}/.local/bin/kubectl"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        force: true
+        remote_src: true
+        mode: '0750'
 
-    - name: Update Admin .bashrc
-      ansible.builtin.blockinfile:
-        path: "$HOME/.bashrc"
-        block: |
-          export KUBECONFIG="~/.kube/{{ inventory_hostname }}.yaml"
-          export CRI_CONFIG_FILE={{ rke2_data_dir }}/agent/etc/crictl.yaml
-          PATH=$PATH:{{ rke2_data_dir }}/bin
-        marker: "# {mark} ANSIBLE setup Kubeconfig and RKE2"
 
 # Install helm / k9s non-airgap
 - name: Install admin tools not in Airgap
@@ -103,9 +121,12 @@
     - name: Copy k9s binary file
       ansible.builtin.copy:
         src: "/tmp/k9s/k9s"
-        dest: "/usr/local/bin/k9s"
-        mode: '0755'
+        dest: "/home/{{ admin_user }}/.local/bin/k9s"
+        owner: "{{ admin_user }}"
+        group: "{{ admin_user }}"
+        force: true
         remote_src: true
+        mode: '0750'
 
     - name: Cleanup tmp dir
       ansible.builtin.file:
@@ -121,7 +142,7 @@
   when:
     - airgap_install
   block:
-    - name: Ensure .local/bin dir exist
+    - name: Ensure dir exist
       ansible.builtin.file:
         path: "{{ item }}"
         state: directory
diff --git a/roles/install_rke2_controller/tasks/localhost.yml b/roles/install_rke2_controller/tasks/localhost.yml
index 5ab715a5e..126478392 100644
--- a/roles/install_rke2_controller/tasks/localhost.yml
+++ b/roles/install_rke2_controller/tasks/localhost.yml
@@ -1,9 +1,10 @@
 ---
 # All tasks on ansible controller
+# kubeconfig to localhost
 - name: Fetch RKE2 kubeconfig to localhost
   ansible.builtin.fetch:
     src: "$HOME/.kube/{{ inventory_hostname }}.yaml"
-    dest: "~/.kube/{{ inventory_hostname }}.yaml"
+    dest: "{{ rkub_local_kubeconfig }}"
     flat: true
     validate_checksum: true
   become_user: "{{ admin_user }}"
@@ -15,7 +16,7 @@
   become: false
   block:
     - name: Check kubecm is installed (part of prerequisites)
-      ansible.builtin.command: type kubecm
+      ansible.builtin.command: which kubecm
       register: is_installed
       changed_when: false
       failed_when: false
@@ -23,23 +24,26 @@
     - name: Add kubeconfig to kubecm
       when: is_installed.rc == 0
       block:
-        - name: Test if default context already exist in your kubeconfig.
-          ansible.builtin.command: "kubecm list default > /dev/null  2>&1"
+        - name: Test if context_name already exist in your kubeconfig.
+          ansible.builtin.command: "kubecm list {{ rkub_context_name }} > /dev/null  2>&1"
+          register: context_name_exist
           changed_when: false
+          failed_when: false
 
-        - name: Message to you
-          ansible.builtin.debug:
-            msg: "Kubeconfig was added to your kubecm."
-
-      rescue:
         - name: Add to kubecm
-          ansible.builtin.command: "kubecm add -c --context-name {{ inventory_hostname }} -f ~/.kube/{{ inventory_hostname }}.yaml"
+          ansible.builtin.command: "kubecm add -cf {{ rkub_local_kubeconfig }} --context-name {{ rkub_context_name }}"
           changed_when: false
+          when: context_name_exist.rc != 0
 
-        - name: Switch to default
-          ansible.builtin.command: "kubecm switch default"
+        - name: Switch to new cluster
+          ansible.builtin.command: "kubecm switch {{ rkub_context_name }}"
           changed_when: false
 
+      always:
+        - name: Message to you
+          ansible.builtin.debug:
+            msg: "Kubeconfig was added to your kubecm."
+
     - name: No Kubecm
       when: is_installed.rc != 0
       block:
@@ -50,7 +54,7 @@
   always:
     - name: Message to you
       ansible.builtin.debug:
-        msg: "Kubeconfig of this cluster was imported in your localhost in ~/.kube/{{ inventory_hostname }}.yaml"
+        msg: "Kubeconfig of this cluster was imported in your localhost in {{ rkub_local_kubeconfig }}"
 
 # Check Flux to Kube API
 - name: Check if flux 6443 is open between localhost and master
diff --git a/roles/install_rke2_controller/tasks/start.yml b/roles/install_rke2_controller/tasks/start.yml
index 000835cba..464c0b0f0 100644
--- a/roles/install_rke2_controller/tasks/start.yml
+++ b/roles/install_rke2_controller/tasks/start.yml
@@ -9,6 +9,7 @@
         name: "rke2-agent.service"
         enabled: false
         masked: true
+      retries: 5
 
     - name: Start and enable rke2-server
       ansible.builtin.systemd:
diff --git a/roles/install_rke2_worker/defaults/main.yml b/roles/install_rke2_worker/defaults/main.yml
index f389ba5dc..47d88bec0 100644
--- a/roles/install_rke2_worker/defaults/main.yml
+++ b/roles/install_rke2_worker/defaults/main.yml
@@ -14,7 +14,7 @@ hauler_server: "{{ global_hauler_ip }}"
 rke2_data_dir: "{{ global_rke2_data_dir }}"
 rke2_cluster_cidr: "{{ global_rke2_cluster_cidr }}"
 rke2_service_cidr: "{{ global_rke2_service_cidr }}"
-rke2_profile_activated: "{{ global_rke2_profile_activated }}"
+rke2_profile_activated: "{{ global_rke2_profile_activated | bool }}"
 
 # Firewall rules
 worker_firewalld_rules:
diff --git a/roles/set_versions/tasks/only_longhorn.yml b/roles/set_versions/tasks/only_longhorn.yml
new file mode 100644
index 000000000..5b90467d3
--- /dev/null
+++ b/roles/set_versions/tasks/only_longhorn.yml
@@ -0,0 +1,27 @@
+---
+# Stable version from URL
+- name: Set Longhorn Versions variables
+  when: stable_channel_wanted
+  block:
+    # export LONGHORN_VERSION=$(curl -s https://api.github.com/repos/longhorn/longhorn/releases/latest | jq -r .tag_name)
+    - name: Get Longhorn latest stable version
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/longhorn/longhorn/releases/latest"
+        method: GET
+        return_content: true
+      register: longhorn_release
+
+    - name: Extract latest stable version
+      ansible.builtin.set_fact:
+        longhorn_version: "{{ longhorn_release.json.tag_name | regex_replace('^v', '') }}"
+
+# Version defined in this Ansible collection
+- name: Set Longhorn Versions variables
+  ansible.builtin.set_fact:
+    longhorn_version: "{{ global_versions['longhorn'] }}"
+  when: not stable_channel_wanted
+
+# Common
+- name: Display Longhorn version
+  ansible.builtin.debug:
+    msg:  "Longhorn version to be installed is {{ longhorn_version }}"
diff --git a/roles/set_versions/tasks/only_rke2.yml b/roles/set_versions/tasks/only_rke2.yml
index 5bd30c142..3a9de92da 100644
--- a/roles/set_versions/tasks/only_rke2.yml
+++ b/roles/set_versions/tasks/only_rke2.yml
@@ -21,6 +21,7 @@
     rke2_version: "{{ global_versions['rke2'] }}"
   when: not stable_channel_wanted
 
+# Common
 - name: Display RKE2 version
   ansible.builtin.debug:
     msg:  "RKE2 version to be installed is {{ rke2_version }}"

From 38635689fe7f3282b4ca8c24906fef639299686b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sat, 18 May 2024 23:09:38 +0200
Subject: [PATCH 345/365] add lb and dns in DO terraform

---
 test/DO/infra/main.tf      | 44 ++++++++++++++++++++++++++++++++++++--
 test/DO/infra/variables.tf |  5 +++++
 2 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index ebb961902..9763752e4 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -32,6 +32,42 @@ data "digitalocean_ssh_key" "terraform" {
   name = "terraform"
 }
 
+###
+### LB / Domain / DNS
+###
+
+resource "digitalocean_loadbalancer" "www-lb" {
+  name = "rkub-${var.GITHUB_RUN_ID}-lb"
+  region = var.region
+
+  forwarding_rule {
+    entry_port = 80
+    entry_protocol = "http"
+
+    target_port = 80
+    target_protocol = "http"
+  }
+
+  healthcheck {
+    port = 22
+    protocol = "tcp"
+  }
+
+  droplet_ids = flatten([digitalocean_droplet.controllers.*.id])
+  vpc_uuid = digitalocean_vpc.rkub-project-network.id
+}
+resource "digitalocean_domain" "rkub-domain" {
+   name = var.domain
+   ip_address = digitalocean_loadbalancer.www-lb.ip
+}
+
+resource "digitalocean_record" "wildcard" {
+  domain = "${digitalocean_domain.rkub-domain.name}"
+  type   = "A"
+  name   = "*"
+  value  = digitalocean_loadbalancer.www-lb.ip
+}
+
 ###
 ### VPC
 ###
@@ -54,6 +90,10 @@ resource "null_resource" "placeholder" {
 }
 #
 
+
+###
+### Cloud-init
+###
 locals {
   cloud_init_config = yamlencode({
     yum_repos = {
@@ -108,7 +148,7 @@ data "cloudinit_config" "server_config" {
 resource "digitalocean_droplet" "controllers" {
     count = var.do_controller_count
     image = var.do_system
-    name = "controller${count.index}"
+    name = "controller${count.index}.${var.domain}"
     region = var.region
     size = var.do_instance_size
     tags   = [
@@ -130,7 +170,7 @@ output "ip_address_controllers" {
 resource "digitalocean_droplet" "workers" {
     count = var.do_worker_count
     image = var.do_system
-    name = "worker${count.index}"
+    name = "worker${count.index}.${var.domain}"
     region = var.region
     size = var.do_instance_size
     tags   = [
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index e6c673bbd..95c2886ae 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -33,6 +33,11 @@ variable "do_system" {
   default = "rockylinux-8-x64"
 }
 
+variable "domain" {
+  description = "Domain given to loadbalancer and VMs"
+  default = "rkub.com"
+}
+
 variable "region" {
   description = "Unique bucket name for storing terraform backend data"
   default = "fra1"

From 5f5de40dc787778f3d7be698d79400579c3f745b Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Sun, 19 May 2024 10:32:04 +0200
Subject: [PATCH 346/365] terraform corrections

---
 test/DO/infra/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index 9763752e4..d7fd9699d 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -192,7 +192,7 @@ resource "digitalocean_project" "rkub" {
   description = "A CI project to test the Rkub development from github."
   purpose     = "Cluster k8s"
   environment = "Staging"
-  resources = flatten([digitalocean_droplet.controllers.*.urn, digitalocean_droplet.workers.*.urn])
+  resources = flatten([digitalocean_droplet.controllers.*.urn, digitalocean_droplet.workers.*.urn, digitalocean_loadbalancer.www-lb.*.urn, digitalocean_domain.rkub-domain.*.urn ])
 }
 
 ###

From 6e7e717bca2cd3ec51ae50042e3522516d414240 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 20 May 2024 12:27:51 +0200
Subject: [PATCH 347/365] DO terraform add args airgap

---
 .github/workflows/stage_online.yml |  2 +
 test/DO/infra/local.tf             | 73 ++++++++++++++++++++++++++++++
 test/DO/infra/main.tf              | 53 +---------------------
 test/DO/infra/variables.tf         |  7 ++-
 4 files changed, 83 insertions(+), 52 deletions(-)
 create mode 100644 test/DO/infra/local.tf

diff --git a/.github/workflows/stage_online.yml b/.github/workflows/stage_online.yml
index b558e9a54..d93d5d912 100644
--- a/.github/workflows/stage_online.yml
+++ b/.github/workflows/stage_online.yml
@@ -82,6 +82,7 @@ jobs:
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
+          -var "airgap=false" \
           -var "terraform_backend_bucket_name=${BUCKET}"
         continue-on-error: true
 
@@ -311,6 +312,7 @@ jobs:
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
+          -var "airgap=false" \
           -var "terraform_backend_bucket_name=${BUCKET}"
         continue-on-error: true
 
diff --git a/test/DO/infra/local.tf b/test/DO/infra/local.tf
new file mode 100644
index 000000000..c64ca9184
--- /dev/null
+++ b/test/DO/infra/local.tf
@@ -0,0 +1,73 @@
+# Local resources
+
+###
+### Cloud-init
+###
+
+# non-airgap
+locals {
+  cloud_init_config = yamlencode({
+    packages = [
+      "ansible",
+      "make"
+    ]
+  })
+}
+
+# Convert our cloud-init config to userdata
+# Userdata runs at first boot when the droplets are created
+data "cloudinit_config" "server_airgap_config" {
+  gzip          = false
+  base64_encode = false
+  part {
+    content_type = "text/cloud-config"
+    content      = local.cloud_init_config
+  }
+}
+
+# airgap
+locals {
+  cloud_init_airgap_config = yamlencode({
+    yum_repos = {
+      epel-release = {
+        name = "Extra Packages for Enterprise Linux 8 - Release"
+        baseurl = "http://download.fedoraproject.org/pub/epel/8/Everything/$basearch"
+        enabled = true
+        failovermethod = "priority"
+        gpgcheck = true
+        gpgkey = "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8"
+      }
+    },
+    packages = [
+      "epel-release",
+      "s3fs-fuse",
+      "git",
+      "ansible",
+      "make"
+    ],
+    write_files = [{
+      owner       = "root:root"
+      path        = "/etc/passwd-s3fs"
+      permissions = "0600"
+      content     = "${var.spaces_access_key_id}:${var.spaces_access_key_secret}"
+    }],
+    runcmd = [
+      "systemctl daemon-reload",
+      "mkdir -p ${var.mount_point}",
+      "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
+      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,nonempty,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
+      "systemctl daemon-reload",
+    ]
+  })
+}
+
+# Convert our cloud-init config to userdata
+# Userdata runs at first boot when the droplets are created
+data "cloudinit_config" "server_airgap_config" {
+  gzip          = false
+  base64_encode = false
+  part {
+    content_type = "text/cloud-config"
+    content      = local.cloud_init_airgap_config
+  }
+}
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index d7fd9699d..adae1e144 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -90,56 +90,6 @@ resource "null_resource" "placeholder" {
 }
 #
 
-
-###
-### Cloud-init
-###
-locals {
-  cloud_init_config = yamlencode({
-    yum_repos = {
-      epel-release = {
-        name = "Extra Packages for Enterprise Linux 8 - Release"
-        baseurl = "http://download.fedoraproject.org/pub/epel/8/Everything/$basearch"
-        enabled = true
-        failovermethod = "priority"
-        gpgcheck = true
-        gpgkey = "http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8"
-      }
-    },
-    packages = [
-      "epel-release",
-      "s3fs-fuse",
-      "git",
-      "ansible",
-      "make"
-    ],
-    write_files = [{
-      owner       = "root:root"
-      path        = "/etc/passwd-s3fs"
-      permissions = "0600"
-      content     = "${var.spaces_access_key_id}:${var.spaces_access_key_secret}"
-    }],
-    runcmd = [
-      "systemctl daemon-reload",
-      "mkdir -p ${var.mount_point}",
-      "s3fs ${var.terraform_backend_bucket_name} ${var.mount_point} -o url=https://${var.region}.digitaloceanspaces.com",
-      "echo \"s3fs#${var.terraform_backend_bucket_name} ${var.mount_point} fuse _netdev,allow_other,nonempty,use_cache=/tmp/cache,url=https://${var.region}.digitaloceanspaces.com 0 0\" >> /etc/fstab",
-      "systemctl daemon-reload",
-    ]
-  })
-}
-
-# Convert our cloud-init config to userdata
-# Userdata runs at first boot when the droplets are created
-data "cloudinit_config" "server_config" {
-  gzip          = false
-  base64_encode = false
-  part {
-    content_type = "text/cloud-config"
-    content      = local.cloud_init_config
-  }
-}
-
 ###
 ### Droplet INSTANCES
 ###
@@ -158,7 +108,8 @@ resource "digitalocean_droplet" "controllers" {
       ]
     vpc_uuid = digitalocean_vpc.rkub-project-network.id
     ssh_keys = [ data.digitalocean_ssh_key.terraform.id ]
-    user_data = data.cloudinit_config.server_config.rendered
+    #user_data = data.cloudinit_config.server_config.rendered
+    user_data = var.airgap ? data.cloudinit_config.server_airgap_config.rendered : null
 }
 
 output "ip_address_controllers" {
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index 95c2886ae..4a857fc88 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -43,10 +43,15 @@ variable "region" {
   default = "fra1"
 }
 
+variable "airgap" {
+  description = "if airgap true, mount s3 bucket with rkub package"
+  default = "true"
+}
+
 variable "GITHUB_RUN_ID" {
   type    = string
   description = "github run id"
-  default = "test"
+  default = "quickstart"
 }
 
 variable "terraform_backend_bucket_name" {

From ac232fd52bec27aa3e5b4928bd6f1f16991eb2c4 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 20 May 2024 12:30:29 +0200
Subject: [PATCH 348/365] change longhorn default datapath

---
 playbooks/vars/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 7d8a1016a..0e33afd28 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -63,7 +63,7 @@ global_rke2_profile_activated: "{{ profile_cis | default('false') }}"
 global_rke2_disable: "{{ disable | default(omit) }}" # Valid items to not deploy: rke2-canal, rke2-coredns, rke2-ingress-nginx, rke2-metrics-server
 
 # Longhorn
-default_longhorn_datapath: "{{ global_directory_package_target }}/longhorn"
+default_longhorn_datapath: "/data/longhorn"
 global_longhorn_datapath: "{{ datapath | default(default_longhorn_datapath) }}"
 global_longhorn_replica: 2
 

From 5053d9f3b30a5471a7c10da20025bafefd8266bd Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Mon, 20 May 2024 12:31:18 +0200
Subject: [PATCH 349/365] update versions

---
 CHANGELOG.md | 4 ++--
 README.md    | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96eec2d5f..6b0972710 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,9 +5,9 @@
 
 ### Versions
 
-- rke2 version: 1.27.10
+- rke2 version: 1.27.12
 
-- kube-vip: 0.7.0
+- kube-vip: 0.8.0
 
 - cert-manager version: 1.14.1
 
diff --git a/README.md b/README.md
index 46fba6137..3093aea61 100644
--- a/README.md
+++ b/README.md
@@ -13,9 +13,9 @@ This Ansible collection will install in airgap environnement RKE2 (one controler
 <!-- Autogenerated -->
 **Current develop - Ansible Collection Rkub 1.0.3 include by default:**
 
-- [RKE2 1.27.10](https://docs.rke2.io) - Security focused Kubernetes (channel stable)
+- [RKE2 1.27.12](https://docs.rke2.io) - Security focused Kubernetes (channel stable)
 
-- [Kube-vip 0.7.0](https://kube-vip.io/) - Virtual IP and load balancer
+- [Kube-vip 0.8.0](https://kube-vip.io/) - Virtual IP and load balancer
 
 - [Cert-manager 1.14.1](https://cert-manager.io/docs/) - Certificate manager
 
@@ -24,6 +24,7 @@ This Ansible collection will install in airgap environnement RKE2 (one controler
 - [Longhorn 1.6.0](https://longhorn.io) - Unified storage layer
 
 - [Neuvector 2.7.2](https://neuvector.com/) - Kubernetes Security Platform
+
 <!-- END -->
 
 This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/).
@@ -147,7 +148,7 @@ ansible-playbook mozebaltyk.rkub.rancher.yml       # All arguments below are not
 ```sh
 ansible-playbook mozebaltyk.rkub.longhorn.yml      # All arguments below are not mandatory
 -e domain="example.com"                            # Domain use for ingress, by default take the host domain from master server
--e datapath="/opt/longhorn"                        # Longhorn Path for PVC, by default equal "{{ dir_target }}/longhorn".
+-e datapath="/data/longhorn"                       # Longhorn Path for PVC (default "/data/longhorn").
                                                    # The best is to have a dedicated LVM filesystem for this one.
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```

From 9a0391be22dc6017e29edd82e4d0ed39701399c0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 21 May 2024 00:10:03 +0200
Subject: [PATCH 350/365] change url

---
 playbooks/vars/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/vars/main.yml b/playbooks/vars/main.yml
index 0e33afd28..fe3e262ad 100644
--- a/playbooks/vars/main.yml
+++ b/playbooks/vars/main.yml
@@ -50,7 +50,7 @@ global_directory_package_target: "{{ dir_target | default('/opt/rkub') }}"
 # Options General
 global_hauler_ip: "{{ hauler_ip | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address']) }}"
 global_master_ip: "{{ master_ip | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address']) }}"
-global_domain:    "{{ domain | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_domain']) }}"
+global_domain:    "{{ domain | default(hostvars[groups['RKE2_CONTROLLERS'][0]]['ansible_default_ipv4']['address'] + '.sslip.io') }}"
 
 # Options RKE2
 global_rke2_data_dir: "{{ data_dir | default('/var/lib/rancher/rke2') }}"

From edac72d43a991e2ac9346bef4cb55657b4207eb0 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 21 May 2024 00:10:59 +0200
Subject: [PATCH 351/365] corrections in playbooks

---
 test/playbooks/longhorn.yml  | 3 +--
 test/playbooks/neuvector.yml | 7 +++----
 test/playbooks/rancher.yml   | 7 +++----
 3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/test/playbooks/longhorn.yml b/test/playbooks/longhorn.yml
index 724a433bb..3ef6b0551 100644
--- a/test/playbooks/longhorn.yml
+++ b/test/playbooks/longhorn.yml
@@ -1,8 +1,7 @@
 ---
 - name: Install Longhorn
   hosts: RKE2_CONTROLLERS:RKE2_WORKERS
-  gather_facts: true
-  become: true
+  gather_facts: false
   vars_files: ../../playbooks/vars/main.yml
   tags: [ controller, worker ]
   roles:
diff --git a/test/playbooks/neuvector.yml b/test/playbooks/neuvector.yml
index b769e40ce..265af6dd5 100644
--- a/test/playbooks/neuvector.yml
+++ b/test/playbooks/neuvector.yml
@@ -1,9 +1,8 @@
 ---
 - name: Install Neuvector
-  hosts: RKE2_CONTROLLERS:RKE2_WORKERS
-  gather_facts: true
-  become: true
+  hosts: RKE2_CONTROLLERS
+  gather_facts: false
   vars_files: ../../playbooks/vars/main.yml
-  tags: [ controller, worker ]
+  tags: [ controller ]
   roles:
     - {role: deploy_neuvector, tags: neuvector}
diff --git a/test/playbooks/rancher.yml b/test/playbooks/rancher.yml
index d233bd423..414c04d7c 100644
--- a/test/playbooks/rancher.yml
+++ b/test/playbooks/rancher.yml
@@ -1,9 +1,8 @@
 ---
 - name: Install Rancher
-  hosts: RKE2_CONTROLLERS:RKE2_WORKERS
-  gather_facts: true
-  become: true
+  hosts: RKE2_CONTROLLERS
+  gather_facts: false
   vars_files: ../../playbooks/vars/main.yml
-  tags: [ controller, worker ]
+  tags: [ controller ]
   roles:
     - {role: deploy_rancher, tags: rancher}

From ad9042c6372456b95535e51bf442a0a1f428db97 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 21 May 2024 00:12:48 +0200
Subject: [PATCH 352/365] set versions individually

---
 roles/set_versions/tasks/only_kubevip.yml   | 27 +++++++++++++
 roles/set_versions/tasks/only_neuvector.yml | 27 +++++++++++++
 roles/set_versions/tasks/only_rancher.yml   | 42 +++++++++++++++++++++
 3 files changed, 96 insertions(+)
 create mode 100644 roles/set_versions/tasks/only_kubevip.yml
 create mode 100644 roles/set_versions/tasks/only_neuvector.yml
 create mode 100644 roles/set_versions/tasks/only_rancher.yml

diff --git a/roles/set_versions/tasks/only_kubevip.yml b/roles/set_versions/tasks/only_kubevip.yml
new file mode 100644
index 000000000..8f502f87c
--- /dev/null
+++ b/roles/set_versions/tasks/only_kubevip.yml
@@ -0,0 +1,27 @@
+---
+# Stable version from URL
+- name: Set Kube-vip Versions variables
+  when: stable_channel_wanted
+  block:
+    # export KUBEVIP_VERSION=$(curl -s https://api.github.com/repos/kube-vip/kube-vip/releases/latest | jq -r .tag_name)
+    - name: Get Kube-vip latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/kube-vip/kube-vip/releases/latest"
+        method: GET
+        return_content: true
+      register: kubevip_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        kubevip_version: "{{ kubevip_release.json.tag_name | regex_replace('^v', '') }}"
+
+# Version defined in this Ansible collection
+- name: Set Kube-vip Versions variables
+  ansible.builtin.set_fact:
+    kubevip_version: "{{ global_versions['kubevip'] }}"
+  when: not stable_channel_wanted
+
+# Common
+- name: Display kube-vip version
+  ansible.builtin.debug:
+    msg:  "Kube-vip version to be installed is {{ kubevip_version }}"
diff --git a/roles/set_versions/tasks/only_neuvector.yml b/roles/set_versions/tasks/only_neuvector.yml
new file mode 100644
index 000000000..698ad8730
--- /dev/null
+++ b/roles/set_versions/tasks/only_neuvector.yml
@@ -0,0 +1,27 @@
+---
+# Stable version from URL
+- name: Set Neuvector Versions variables
+  when: stable_channel_wanted
+  block:
+    # export NEU_VERSION=$(curl -s https://api.github.com/repos/neuvector/neuvector-helm/releases/latest | jq -r .tag_name)
+    - name: Get Neuvector latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/neuvector/neuvector-helm/releases/latest"
+        method: GET
+        return_content: true
+      register: neuvector_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        neuvector_version: "{{ neuvector_release.json.tag_name | regex_replace('^v', '') }}"
+
+# Version defined in this Ansible collection
+- name: Set Neuvector Versions variables
+  ansible.builtin.set_fact:
+    neuvector_version: "{{ global_versions['neuvector'] }}"
+  when: not stable_channel_wanted
+
+# Common
+- name: Display Neuvector version
+  ansible.builtin.debug:
+    msg:  "Neuvector version to be installed is {{ neuvector_version }}"
diff --git a/roles/set_versions/tasks/only_rancher.yml b/roles/set_versions/tasks/only_rancher.yml
new file mode 100644
index 000000000..e97880082
--- /dev/null
+++ b/roles/set_versions/tasks/only_rancher.yml
@@ -0,0 +1,42 @@
+---
+# Stable version from URL
+- name: Set Rancher Versions variables
+  when: stable_channel_wanted
+  block:
+    # export CERT_VERSION=$(curl -s https://api.github.com/repos/cert-manager/cert-manager/releases/latest | jq -r .tag_name)
+    - name: Get Cert-Manager latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/cert-manager/cert-manager/releases/latest"
+        method: GET
+        return_content: true
+      register: cert_manager_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        cert_manager_version: "{{ cert_manager_release.json.tag_name | regex_replace('^v', '') }}"
+
+    # export RANCHER_VERSION=$(curl -s https://api.github.com/repos/rancher/rancher/releases/latest | jq -r .tag_name)
+    - name: Get Rancher latest release
+      ansible.builtin.uri:
+        url: "https://api.github.com/repos/rancher/rancher/releases/latest"
+        method: GET
+        return_content: true
+      register: rancher_release
+
+    - name: Extract latest release tag
+      ansible.builtin.set_fact:
+        rancher_version: "{{ rancher_release.json.tag_name | regex_replace('^v', '') }}"
+
+# Version defined in this Ansible collection
+- name: Set Rancher Versions variables
+  ansible.builtin.set_fact:
+    cert_manager_version: "{{ global_versions['cert_manager'] }}"
+    rancher_version: "{{ global_versions['rancher'] }}"
+  when: not stable_channel_wanted
+
+# Common
+- name: Display Rancher version
+  ansible.builtin.debug:
+    msg:
+      - "Cert-manager version to be installed is {{ cert_manager_version }}"
+      - "Rancher version to be installed is {{ rancher_version }}"

From a260c4358a4ee8426b3281b261ce49320fe5024c Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 21 May 2024 00:14:37 +0200
Subject: [PATCH 353/365] =?UTF-8?q?minor=20reorg=20in=20DO=20infra=C2=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 test/DO/README.md            |  2 +-
 test/DO/backend/variables.tf |  2 +-
 test/DO/infra/local.tf       |  2 +-
 test/DO/infra/main.tf        | 38 +-----------------------------------
 test/DO/infra/removed        | 35 +++++++++++++++++++++++++++++++++
 test/DO/infra/variables.tf   |  2 +-
 6 files changed, 40 insertions(+), 41 deletions(-)
 create mode 100644 test/DO/infra/removed

diff --git a/test/DO/README.md b/test/DO/README.md
index decb25b5e..2be09b27c 100644
--- a/test/DO/README.md
+++ b/test/DO/README.md
@@ -61,7 +61,7 @@ terraform init \
 # recommended method
 export AWS_ACCESS_KEY_ID=DOxxxxxxxxxxxxxxxx
 export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxx
-terraform init -backend-config="bucket=terraform-backend-github"
+terraform init -backend-config="bucket=terraform-backend-rkub-quickstart"
 
 # auto-approve (default: size=s-1vcpu-1gb, 1 controller + 2 workers)
 terraform apply -var "GITHUB_RUN_ID=${GITHUB_RUN_ID}" -var "do_token=${DO_PAT}" -auto-approve
diff --git a/test/DO/backend/variables.tf b/test/DO/backend/variables.tf
index 4a34701f7..ae2938f87 100644
--- a/test/DO/backend/variables.tf
+++ b/test/DO/backend/variables.tf
@@ -18,7 +18,7 @@ variable "GITHUB_RUN_ID" {
 
 variable "terraform_backend_bucket_name" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "terraform-backend-github"
+  default = "terraform-backend-rkub-quickstart"
 }
 
 variable "region" {
diff --git a/test/DO/infra/local.tf b/test/DO/infra/local.tf
index c64ca9184..9fefd6670 100644
--- a/test/DO/infra/local.tf
+++ b/test/DO/infra/local.tf
@@ -16,7 +16,7 @@ locals {
 
 # Convert our cloud-init config to userdata
 # Userdata runs at first boot when the droplets are created
-data "cloudinit_config" "server_airgap_config" {
+data "cloudinit_config" "server_config" {
   gzip          = false
   base64_encode = false
   part {
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index adae1e144..7c0ad4b8d 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -32,42 +32,6 @@ data "digitalocean_ssh_key" "terraform" {
   name = "terraform"
 }
 
-###
-### LB / Domain / DNS
-###
-
-resource "digitalocean_loadbalancer" "www-lb" {
-  name = "rkub-${var.GITHUB_RUN_ID}-lb"
-  region = var.region
-
-  forwarding_rule {
-    entry_port = 80
-    entry_protocol = "http"
-
-    target_port = 80
-    target_protocol = "http"
-  }
-
-  healthcheck {
-    port = 22
-    protocol = "tcp"
-  }
-
-  droplet_ids = flatten([digitalocean_droplet.controllers.*.id])
-  vpc_uuid = digitalocean_vpc.rkub-project-network.id
-}
-resource "digitalocean_domain" "rkub-domain" {
-   name = var.domain
-   ip_address = digitalocean_loadbalancer.www-lb.ip
-}
-
-resource "digitalocean_record" "wildcard" {
-  domain = "${digitalocean_domain.rkub-domain.name}"
-  type   = "A"
-  name   = "*"
-  value  = digitalocean_loadbalancer.www-lb.ip
-}
-
 ###
 ### VPC
 ###
@@ -143,7 +107,7 @@ resource "digitalocean_project" "rkub" {
   description = "A CI project to test the Rkub development from github."
   purpose     = "Cluster k8s"
   environment = "Staging"
-  resources = flatten([digitalocean_droplet.controllers.*.urn, digitalocean_droplet.workers.*.urn, digitalocean_loadbalancer.www-lb.*.urn, digitalocean_domain.rkub-domain.*.urn ])
+  resources = flatten([digitalocean_droplet.controllers.*.urn, digitalocean_droplet.workers.*.urn ])
 }
 
 ###
diff --git a/test/DO/infra/removed b/test/DO/infra/removed
new file mode 100644
index 000000000..fe24d6916
--- /dev/null
+++ b/test/DO/infra/removed
@@ -0,0 +1,35 @@
+###
+### LB / Domain / DNS
+###
+
+resource "digitalocean_loadbalancer" "www-lb" {
+  name = "rkub-${var.GITHUB_RUN_ID}-lb"
+  region = var.region
+
+  forwarding_rule {
+    entry_port = 80
+    entry_protocol = "http"
+
+    target_port = 80
+    target_protocol = "http"
+  }
+
+  healthcheck {
+    port = 22
+    protocol = "tcp"
+  }
+
+  droplet_ids = flatten([digitalocean_droplet.controllers.*.id])
+  vpc_uuid = digitalocean_vpc.rkub-project-network.id
+}
+resource "digitalocean_domain" "rkub-domain" {
+   name = var.domain
+   ip_address = digitalocean_loadbalancer.www-lb.ip
+}
+
+resource "digitalocean_record" "wildcard" {
+  domain = "${digitalocean_domain.rkub-domain.name}"
+  type   = "A"
+  name   = "*"
+  value  = digitalocean_loadbalancer.www-lb.ip
+}
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index 4a857fc88..6d5fa694f 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -56,7 +56,7 @@ variable "GITHUB_RUN_ID" {
 
 variable "terraform_backend_bucket_name" {
   description = "Unique bucket name for storing terraform backend data"
-  default = "terraform-backend-github"
+  default = "terraform-backend-rkub-quickstart"
 }
 
 variable "mount_point" {

From 50ea4f53fe13fc576db990287f9112f6a72da676 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Tue, 21 May 2024 00:17:34 +0200
Subject: [PATCH 354/365] complete roles deploying with helm

---
 README.md                                     |   2 +
 roles/deploy_certmanager/README.md            |  72 -------------
 roles/deploy_certmanager/defaults/main.yml    |   9 --
 roles/deploy_certmanager/handlers/main.yml    |   2 -
 roles/deploy_certmanager/meta/main.yml        |  54 ----------
 roles/deploy_certmanager/tasks/deploy.yml     |  29 -----
 roles/deploy_certmanager/tasks/main.yml       |   5 -
 roles/deploy_certmanager/tests/inventory      |   2 -
 roles/deploy_certmanager/tests/test.yml       |   6 --
 roles/deploy_longhorn/handlers/main.yml       |   2 -
 roles/deploy_longhorn/tasks/deploy.yml        |   6 ++
 roles/deploy_longhorn/tasks/main.yml          |   6 +-
 roles/deploy_neuvector/defaults/main.yml      |   5 +-
 roles/deploy_neuvector/handlers/main.yml      |   2 -
 roles/deploy_neuvector/tasks/deploy.yml       |  74 ++++++++++++-
 roles/deploy_neuvector/tasks/main.yml         |  15 +--
 roles/deploy_rancher/defaults/main.yml        |   5 +-
 roles/deploy_rancher/handlers/main.yml        |   2 -
 roles/deploy_rancher/tasks/deploy.yml         | 102 +++++++++++++++++-
 roles/deploy_rancher/tasks/main.yml           |  15 +--
 .../install_rke2_common/tasks/rpm_install.yml |   1 +
 .../tasks/tarball_install.yml                 |   1 +
 roles/install_rke2_controller/tasks/admin.yml |   4 +-
 23 files changed, 204 insertions(+), 217 deletions(-)
 delete mode 100644 roles/deploy_certmanager/README.md
 delete mode 100644 roles/deploy_certmanager/defaults/main.yml
 delete mode 100644 roles/deploy_certmanager/handlers/main.yml
 delete mode 100644 roles/deploy_certmanager/meta/main.yml
 delete mode 100644 roles/deploy_certmanager/tasks/deploy.yml
 delete mode 100644 roles/deploy_certmanager/tasks/main.yml
 delete mode 100644 roles/deploy_certmanager/tests/inventory
 delete mode 100644 roles/deploy_certmanager/tests/test.yml
 delete mode 100644 roles/deploy_longhorn/handlers/main.yml
 delete mode 100644 roles/deploy_neuvector/handlers/main.yml
 delete mode 100644 roles/deploy_rancher/handlers/main.yml

diff --git a/README.md b/README.md
index 3093aea61..6a3f13d91 100644
--- a/README.md
+++ b/README.md
@@ -249,6 +249,8 @@ Improvments:
 
 - [rancher/RKE2](https://github.com/rancher/rke2)
 
+- [rancher/quickstart](https://github.com/rancher/quickstart)
+
 
 Get the latest stable version:
 
diff --git a/roles/deploy_certmanager/README.md b/roles/deploy_certmanager/README.md
deleted file mode 100644
index f07bc84ab..000000000
--- a/roles/deploy_certmanager/README.md
+++ /dev/null
@@ -1,72 +0,0 @@
-Role Name
-=========
-
-Role to deploy Cert-manager
-
-Requirements
-------------
-
-*Example below show that the roles have two flavors and different requirements in functions of what you want*
-
-if idm set to true:
-- Access to a IDM server if you want to create users account.
-- Credentials access to connect to IDM
-
-if idm set to false:
-- create local account on Linux servers
-
-Role Variables
---------------
-
-| **VarName**        | **Type** | **Content**               | **Mandatory** |
-|--------------------|----------|---------------------------|:-------------:|
-| idm                | boolean  | true / false              | x             |
-| svc_account        | string   | Service Account           | x             |
-| svc_account_passwd | string   | pwd (can be omited)       |               |
-| svc_group          | string   | Group                     |               |
-| svc_owner          | string   | Owner of the account      | if idm true   |
-| list_svc_account   | list     | Users which goes in group | if idm true   |
-| idm_server         | string   | Service Account PWD       | if idm true   |
-| idm_pwd            | string   | sudo group                | if idm true   |
-
-**Mandatory** is the minimum variables that need to be set to make the role work
-*the variables not mandatory either have a default value defined or can be omited*
-
-Dependencies
-------------
-
-Dependencies with some others roles (if there is some).
-
-Example Playbook
-----------------
-Give some example about how to use or implement your Roles
-
-
-```yml
-- name: Trigger Role Example in a Playbooks
-  hosts: RANDOM_GROUP_DEFINED_IN_YOUR_INVENTORY
-  remote_user: ansible
-  become: true
-
-  roles:
-  - { role: 'example',   tags: 'example'  }
-```
-
-```yml
-# Example for one user
-- import_role:
-    name: "example"
-  vars:
-    svc_account:         "{{ tomcat_svc_account }}"
-    svc_group:           "{{ tomcat_svc_group   }}"
-```
-
-License
--------
-
-Apache-2.0
-
-Author Information
-------------------
-
-morze.baltyk@proton.me
\ No newline at end of file
diff --git a/roles/deploy_certmanager/defaults/main.yml b/roles/deploy_certmanager/defaults/main.yml
deleted file mode 100644
index 16a2b98bb..000000000
--- a/roles/deploy_certmanager/defaults/main.yml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-# defaults file for deploy_certmanager
-cert_version: "v{{ global_CERT_VERSION }}"
-cert_charts: "cert-manager-{{ cert_version }}.tgz"
-
-# General
-admin_user: "{{ global_install_user }}"
-mount_path: "{{ global_directory_mount }}"
-mount_helm_path: "{{ mount_path }}/helm"
\ No newline at end of file
diff --git a/roles/deploy_certmanager/handlers/main.yml b/roles/deploy_certmanager/handlers/main.yml
deleted file mode 100644
index 8664e076c..000000000
--- a/roles/deploy_certmanager/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for deploy_cert
diff --git a/roles/deploy_certmanager/meta/main.yml b/roles/deploy_certmanager/meta/main.yml
deleted file mode 100644
index d072f19dd..000000000
--- a/roles/deploy_certmanager/meta/main.yml
+++ /dev/null
@@ -1,54 +0,0 @@
----
-galaxy_info:
-  standalone: false # Part of a collection
-  author: morze.baltyk@proton.me
-  description: Role to deploy Cert-manager
-  company: Opensource
-
-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Choose a valid license ID from https://spdx.org - some suggested licenses:
-  # - BSD-3-Clause (default)
-  # - MIT
-  # - GPL-2.0-or-later
-  # - GPL-3.0-only
-  # - Apache-2.0
-  # - CC-BY-4.0
-  license: Apache-2.0
-
-  min_ansible_version: "2.15.0"
-
-  # If this a Container Enabled role, provide the minimum Ansible Container version.
-  # min_ansible_container_version:
-
-  #
-  # Provide a list of supported platforms, and for each platform a list of versions.
-  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
-  # To view available platforms and versions (or releases), visit:
-  # https://galaxy.ansible.com/api/v1/platforms/
-  #
-  # platforms:
-  # - name: Fedora
-  #   versions:
-  #   - all
-  #   - 25
-  # - name: SomePlatform
-  #   versions:
-  #   - all
-  #   - 1.0
-  #   - 7
-  #   - 99.99
-
-  galaxy_tags: []
-    # List tags for your role here, one per line. A tag is a keyword that describes
-    # and categorizes the role. Users find roles by searching for tags. Be sure to
-    # remove the '[]' above, if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
-    #       Maximum 20 tags per role.
-
-dependencies: []
-  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
-  # if you add dependencies to this list.
diff --git a/roles/deploy_certmanager/tasks/deploy.yml b/roles/deploy_certmanager/tasks/deploy.yml
deleted file mode 100644
index 5c2d35abd..000000000
--- a/roles/deploy_certmanager/tasks/deploy.yml
+++ /dev/null
@@ -1,29 +0,0 @@
----
-- name: "Deploy Certmanager"
-  run_once: true
-  become: true
-  become_user: "{{ admin_user }}"
-  become_method: ansible.builtin.sudo
-  become_flags: "-i"
-  block:
-    - name: Deploy helm charts
-      kubernetes.core.helm:
-        atomic: true
-        name: "cert-manager"
-        chart_ref: "{{ mount_helm_path }}/{{ cert_charts }}"
-        release_namespace: "cert-manager"
-        create_namespace: true
-        values:
-          installCRDs: true
-          image:
-            repository: localhost:5000/cert/cert-manager-controller
-          webhook:
-            image:
-              repository: localhost:5000/cert/cert-manager-webhook
-          cainjector:
-            image:
-              repository: localhost:5000/cert/cert-manager-cainjector
-          startupapicheck:
-            image:
-              repository: localhost:5000/cert/cert-manager-ctl
-        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
diff --git a/roles/deploy_certmanager/tasks/main.yml b/roles/deploy_certmanager/tasks/main.yml
deleted file mode 100644
index f5fad2371..000000000
--- a/roles/deploy_certmanager/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-# tasks file for deploy_cert
-- name: Deploy with the Helm Charts on master
-  ansible.builtin.import_tasks: deploy.yml
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
diff --git a/roles/deploy_certmanager/tests/inventory b/roles/deploy_certmanager/tests/inventory
deleted file mode 100644
index 878877b07..000000000
--- a/roles/deploy_certmanager/tests/inventory
+++ /dev/null
@@ -1,2 +0,0 @@
-localhost
-
diff --git a/roles/deploy_certmanager/tests/test.yml b/roles/deploy_certmanager/tests/test.yml
deleted file mode 100644
index e2ba1a6d7..000000000
--- a/roles/deploy_certmanager/tests/test.yml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-- name: Test
-  hosts: localhost
-  remote_user: root
-  roles:
-    - deploy_certmanager
diff --git a/roles/deploy_longhorn/handlers/main.yml b/roles/deploy_longhorn/handlers/main.yml
deleted file mode 100644
index 963115ec7..000000000
--- a/roles/deploy_longhorn/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for deploy_longhorn
diff --git a/roles/deploy_longhorn/tasks/deploy.yml b/roles/deploy_longhorn/tasks/deploy.yml
index b787dd1ca..bd142c576 100644
--- a/roles/deploy_longhorn/tasks/deploy.yml
+++ b/roles/deploy_longhorn/tasks/deploy.yml
@@ -42,6 +42,7 @@
       ansible.builtin.import_role:
         name: set_versions
         tasks_from: only_longhorn
+      run_once: true
 
     - name: Add longhorn chart repo
       kubernetes.core.helm_repository:
@@ -67,3 +68,8 @@
           persistence:
             defaultClassReplicaCount: "{{ longhorn_replica }}"
         kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+# Common
+- name: Display Longhorn URL
+  ansible.builtin.debug:
+    msg:  "Longhorn URL : {{ longhorn_url }}"
diff --git a/roles/deploy_longhorn/tasks/main.yml b/roles/deploy_longhorn/tasks/main.yml
index e04e970b7..1d65fcdb3 100644
--- a/roles/deploy_longhorn/tasks/main.yml
+++ b/roles/deploy_longhorn/tasks/main.yml
@@ -5,13 +5,15 @@
     gather_subset:
       - "distribution"
       - "distribution_major_version"
+      - "default_ipv4"
       - "!min"
   when: >
     ansible_os_family is not defined
+  tags: [always]
 
-- name: Tasks for RHEL-like OS
+- name: Prerequis needed on all nodes
   ansible.builtin.import_tasks: install.yml
 
 - name: Deploy with the Helm Charts on master
   ansible.builtin.import_tasks: deploy.yml
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
+  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
diff --git a/roles/deploy_neuvector/defaults/main.yml b/roles/deploy_neuvector/defaults/main.yml
index b08038e02..c46379ba4 100644
--- a/roles/deploy_neuvector/defaults/main.yml
+++ b/roles/deploy_neuvector/defaults/main.yml
@@ -1,7 +1,5 @@
 ---
 # defaults file for deploy_neuvector
-neuvector_version: "{{ global_NEU_VERSION }}"
-neuvector_charts: "core-{{ neuvector_version }}.tgz"
 neuvector_servicename: "neuvector"
 neuvector_domain: "{{ global_domain }}"
 neuvector_url: "{{ neuvector_servicename }}.{{ neuvector_domain }}"
@@ -9,5 +7,4 @@ neuvector_url: "{{ neuvector_servicename }}.{{ neuvector_domain }}"
 # General
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
-mount_path: "{{ global_directory_mount }}"
-mount_helm_path: "{{ mount_path }}/helm"
\ No newline at end of file
+airgap_install: "{{ global_airgap_install | bool }}"
diff --git a/roles/deploy_neuvector/handlers/main.yml b/roles/deploy_neuvector/handlers/main.yml
deleted file mode 100644
index 0cd74fa5a..000000000
--- a/roles/deploy_neuvector/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for deploy_neuvector
diff --git a/roles/deploy_neuvector/tasks/deploy.yml b/roles/deploy_neuvector/tasks/deploy.yml
index 67be841d7..242c01d3e 100644
--- a/roles/deploy_neuvector/tasks/deploy.yml
+++ b/roles/deploy_neuvector/tasks/deploy.yml
@@ -1,21 +1,22 @@
 ---
+# Airgap
 - name: "Deploy Neuvector"
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
   become_method: ansible.builtin.sudo
   become_flags: "-i"
+  when: airgap_install
   block:
     - name: Deploy helm charts
       kubernetes.core.helm:
         atomic: true
         name: "neuvector"
-        chart_ref: "{{ mount_helm_path }}/{{ neuvector_charts }}"
+        chart_ref: "neuvector/core"
         release_namespace: "neuvector"
         create_namespace: true
         values:
-          imagePullSecrets: regsecret
-          registry: localhost:5000
+          registry: "{{ master }}:5000"
           k3s:
             enabled: true
             runtimePath: /run/k3s/containerd/containerd.sock
@@ -44,4 +45,69 @@
             updater:
               image:
                 repository: neuvector/updater
-        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+# Non-Airgap
+- name: "Deploy Neuvector"
+  run_once: true
+  become: true
+  become_user: "{{ admin_user }}"
+  become_method: ansible.builtin.sudo
+  become_flags: "-i"
+  when: not airgap_install
+  block:
+    - name: Neuvector Versions needed
+      ansible.builtin.import_role:
+        name: set_versions
+        tasks_from: only_neuvector
+      run_once: true
+
+    - name: Add Neuvector chart repo
+      kubernetes.core.helm_repository:
+        name: neuvector
+        repo_url: "https://neuvector.github.io/neuvector-helm/"
+        force_update: true
+
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "neuvector"
+        chart_ref: "neuvector/core"
+        chart_version: "{{ neuvector_version }}"
+        release_namespace: "neuvector"
+        create_namespace: true
+        values:
+          k3s:
+            enabled: true
+            runtimePath: /run/k3s/containerd/containerd.sock
+          manager:
+            image:
+              repository: neuvector/manager
+            ingress:
+              enabled: true
+              ingress:
+                host: "{{ neuvector_url }}"
+            svc:
+              type: ClusterIP
+          controller:
+            image:
+              repository: neuvector/controller
+            pvc:
+              enabled: true
+              capacity: 500Mi
+          enforcer:
+            image:
+              repository: neuvector/enforcer
+          internal:
+            certmanager:
+              enabled: true
+          cve:
+            updater:
+              image:
+                repository: neuvector/updater
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+# Common
+- name: Display Neuvector URL
+  ansible.builtin.debug:
+    msg:  "Neuvector URL : {{ neuvector_url }}"
diff --git a/roles/deploy_neuvector/tasks/main.yml b/roles/deploy_neuvector/tasks/main.yml
index f29892c31..124b2fbd1 100644
--- a/roles/deploy_neuvector/tasks/main.yml
+++ b/roles/deploy_neuvector/tasks/main.yml
@@ -1,11 +1,14 @@
 ---
 # tasks file for deploy_neuvector
-- name: Install Cert-manager as Neuvector prerequisites
-  ansible.builtin.import_role:
-    name: deploy_certmanager
-    tasks_from: main
-  tags: certmanager
+- name: Gather facts
+  ansible.builtin.setup:
+    gather_subset:
+      - "default_ipv4"
+      - "!all,!min"
+  when: >
+    ansible_default_ipv4 is not defined
+  tags: [always]
 
 - name: Deploy with the Helm Charts on master
   ansible.builtin.import_tasks: deploy.yml
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
+  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
diff --git a/roles/deploy_rancher/defaults/main.yml b/roles/deploy_rancher/defaults/main.yml
index 09efefaf9..902778ba2 100644
--- a/roles/deploy_rancher/defaults/main.yml
+++ b/roles/deploy_rancher/defaults/main.yml
@@ -1,7 +1,5 @@
 ---
 # defaults file for deploy_rancher
-rancher_version: "{{ global_RANCHER_VERSION }}"
-rancher_charts: "rancher-{{ rancher_version }}.tgz"
 rancher_servicename: "rancher"
 rancher_domain: "{{ global_domain }}"
 rancher_url: "{{ rancher_servicename }}.{{ rancher_domain }}"
@@ -10,5 +8,4 @@ rancher_password: "{{ global_rancher_password }}"
 # General
 admin_user: "{{ global_install_user }}"
 master: "{{ global_master_ip }}"
-mount_path: "{{ global_directory_mount }}"
-mount_helm_path: "{{ mount_path }}/helm"
\ No newline at end of file
+airgap_install: "{{ global_airgap_install | bool }}"
diff --git a/roles/deploy_rancher/handlers/main.yml b/roles/deploy_rancher/handlers/main.yml
deleted file mode 100644
index 2bf8e91f3..000000000
--- a/roles/deploy_rancher/handlers/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-# handlers file for deploy_rancher
diff --git a/roles/deploy_rancher/tasks/deploy.yml b/roles/deploy_rancher/tasks/deploy.yml
index a56064984..7a015736d 100644
--- a/roles/deploy_rancher/tasks/deploy.yml
+++ b/roles/deploy_rancher/tasks/deploy.yml
@@ -1,26 +1,120 @@
 ---
+# Airgap
+- name: "Deploy Cert-manager and Rancher"
+  run_once: true
+  become: true
+  become_user: "{{ admin_user }}"
+  become_method: ansible.builtin.sudo
+  become_flags: "-i"
+  when: airgap_install
+  block:
+    # Cert-manager
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "cert-manager"
+        chart_ref: "oci://{{ master }}:5000/hauler/cert-manager"
+        release_namespace: "cert-manager"
+        create_namespace: true
+        values:
+          installCRDs: true
+          image:
+            repository: "{{ master }}:5000/cert/cert-manager-controller"
+          webhook:
+            image:
+              repository: "{{ master }}:5000/cert/cert-manager-webhook"
+          cainjector:
+            image:
+              repository: "{{ master }}:5000/cert/cert-manager-cainjector"
+          startupapicheck:
+            image:
+              repository: "{{ master }}:5000/cert/cert-manager-ctl"
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+    # Rancher
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "rancher"
+        chart_ref: "oci://{{ master }}:5000/hauler/rancher"
+        release_namespace: "cattle-system"
+        create_namespace: true
+        values:
+          useBundledSystemChart: true
+          bootstrapPassword: "{{ rancher_password }}"
+          replicas: 1
+          systemDefaultRegistry: "{{ master }}:5000"
+          rancherImage: "{{ master }}:5000/rancher/rancher"
+          hostname: "{{ rancher_url }}"
+          auditLog:
+            level: 2
+            destination: hostPath
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+# Non-Airgap
 - name: "Deploy Rancher"
   run_once: true
   become: true
   become_user: "{{ admin_user }}"
   become_method: ansible.builtin.sudo
   become_flags: "-i"
+  when: not airgap_install
   block:
+    # Get Versions
+    - name: Rancher Versions needed
+      ansible.builtin.import_role:
+        name: set_versions
+        tasks_from: only_rancher
+      run_once: true
+
+    # Cert-manager
+    - name: Add Cert-Manager chart repo
+      kubernetes.core.helm_repository:
+        name: jetstack
+        repo_url: "https://charts.jetstack.io"
+        force_update: true
+
+    - name: Deploy helm charts
+      kubernetes.core.helm:
+        atomic: true
+        name: "cert-manager"
+        chart_ref: "jetstack/cert-manager"
+        chart_version: "{{ cert_manager_version }}"
+        release_namespace: "cert-manager"
+        create_namespace: true
+        values:
+          installCRDs: true
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+    # Rancher
+    - name: Add Rancher chart repo
+      kubernetes.core.helm_repository:
+        name: rancher
+        repo_url: "https://releases.rancher.com/server-charts/latest"
+        force_update: true
+
+
     - name: Deploy helm charts
       kubernetes.core.helm:
         atomic: true
         name: "rancher"
-        chart_ref: "{{ mount_helm_path }}/{{ rancher_charts }}"
+        chart_ref: "rancher/rancher"
+        chart_version: "{{ rancher_version }}"
         release_namespace: "cattle-system"
         create_namespace: true
         values:
           useBundledSystemChart: true
           bootstrapPassword: "{{ rancher_password }}"
           replicas: 1
-          systemDefaultRegistry: localhost:5000
-          rancherImage: localhost:5000/rancher/rancher
+          #systemDefaultRegistry: "{{ master }}:5000"
+          #rancherImage: "{{ master }}:5000/rancher/rancher"
           hostname: "{{ rancher_url }}"
           auditLog:
             level: 2
             destination: hostPath
-        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
\ No newline at end of file
+        kubeconfig: "/home/{{ admin_user }}/.kube/{{ inventory_hostname }}.yaml"
+
+# Common
+- name: Display Rancher URL
+  ansible.builtin.debug:
+    msg:  "Rancher URL : {{ rancher_url }}"
diff --git a/roles/deploy_rancher/tasks/main.yml b/roles/deploy_rancher/tasks/main.yml
index ca1101f7d..48b0ffadc 100644
--- a/roles/deploy_rancher/tasks/main.yml
+++ b/roles/deploy_rancher/tasks/main.yml
@@ -1,11 +1,14 @@
 ---
 # tasks file for deploy_rancher
-- name: Install Cert-manager as Rancher prerequisites
-  ansible.builtin.import_role:
-    name: deploy_certmanager
-    tasks_from: main
-  tags: certmanager
+- name: Gather facts
+  ansible.builtin.setup:
+    gather_subset:
+      - "default_ipv4"
+      - "!all,!min"
+  when: >
+    ansible_default_ipv4 is not defined
+  tags: [always]
 
 - name: Deploy with the Helm Charts on master
   ansible.builtin.import_tasks: deploy.yml
-  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
\ No newline at end of file
+  when: inventory_hostname in groups['RKE2_CONTROLLERS'][0]
diff --git a/roles/install_rke2_common/tasks/rpm_install.yml b/roles/install_rke2_common/tasks/rpm_install.yml
index 7c75e0f1a..87fe4faa4 100644
--- a/roles/install_rke2_common/tasks/rpm_install.yml
+++ b/roles/install_rke2_common/tasks/rpm_install.yml
@@ -26,6 +26,7 @@
       ansible.builtin.import_role:
         name: set_versions
         tasks_from: only_rke2
+      run_once: true
 
     - name: Set Official RKE2 common repo
       ansible.builtin.yum_repository:
diff --git a/roles/install_rke2_common/tasks/tarball_install.yml b/roles/install_rke2_common/tasks/tarball_install.yml
index 1f74e47f9..dcf11444e 100644
--- a/roles/install_rke2_common/tasks/tarball_install.yml
+++ b/roles/install_rke2_common/tasks/tarball_install.yml
@@ -24,6 +24,7 @@
       ansible.builtin.import_role:
         name: set_versions
         tasks_from: only_rke2
+      run_once: true
 
     - name: TARBALL | Install RKE2 node
       ansible.builtin.shell:
diff --git a/roles/install_rke2_controller/tasks/admin.yml b/roles/install_rke2_controller/tasks/admin.yml
index a48fd0289..6b834eef9 100644
--- a/roles/install_rke2_controller/tasks/admin.yml
+++ b/roles/install_rke2_controller/tasks/admin.yml
@@ -54,8 +54,8 @@
         mode: 0750
         recurse: true
       loop:
-        - "$HOME/.local"
-        - "$HOME/.local/bin"
+        - "/home/{{ admin_user }}/.local"
+        - "/home/{{ admin_user }}/.local/bin"
 
     - name: Copy kubectl binary to admin user
       ansible.builtin.copy:

From a5eadb1586e11c0360551897541701351e2c0b38 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Wed, 22 May 2024 18:04:18 +0200
Subject: [PATCH 355/365] make quickstart

---
 .gitignore            |  1 +
 Makefile              | 67 +++++++++++++++++++++++++++++++++----------
 README.md             | 25 ++++++++--------
 test/DO/infra/main.tf |  8 +++---
 4 files changed, 70 insertions(+), 31 deletions(-)

diff --git a/.gitignore b/.gitignore
index d7b19d5ef..c060c09ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,4 +26,5 @@ hosts.ini
 Chart.lock
 .venv/
 __pycache__
+.pytest_cache
 AWS
diff --git a/Makefile b/Makefile
index 48ac407a5..23ee3ab06 100644
--- a/Makefile
+++ b/Makefile
@@ -18,26 +18,63 @@ export EE_PACKAGE_PATH ?= $$HOME/$(EE_PACKAGE_NAME)
 prerequis:
 	$(MAKE) -C ./scripts/prerequis all
 
+.PHONY: quickstart
+## Create a RKE2 cluster on Digital Ocean
+quickstart:
+	# Checks vars settings
+	@for v in AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY DO_PAT; do \
+    eval test -n \"\$$$$v\" || { echo "You must set environment variable $$v"; exit 1; } && echo $$v; \
+    done
+	# S3 bucket for Backend
+	cd ./test/DO/backend && terraform init
+	cd ./test/DO/backend && terraform plan -out=terraform.tfplan \
+	  -var "do_token=$(DO_PAT)" \
+	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
+	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
+	cd ./test/DO/backend && terraform apply "terraform.tfplan"
+	# Create infra with Terrafrom
+	cd ./test/DO/infra && terraform init
+	cd ./test/DO/infra && terraform plan -out=terraform.tfplan \
+	  -var "do_token=$(DO_PAT)" \
+	  -var "do_worker_count=0" \
+	  -var "do_controller_count=1" \
+	  -var "do_instance_size=s-2vcpu-4gb" \
+	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
+	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
+	cd ./test/DO/infra && terraform apply "terraform.tfplan"
+	# Run playbooks
+	cd ./test && ansible-playbook playbooks/install.yml -e "stable=true" -e "airgap=false" -e "method=rpm" --private-key DO/.key -u root
+
+.PHONY: quickstart-cleanup
+## Remove RKE2 cluster from quickstart on Digital Ocean
+quickstart-cleanup:
+	# Checks vars settings
+	@for v in AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY DO_PAT; do \
+    eval test -n \"\$$$$v\" || { echo "You must set environment variable $$v"; exit 1; } && echo $$v; \
+    done
+	# Delete infra with Terrafrom
+	cd ./test/DO/infra && terraform init
+	cd ./test/DO/infra && terraform plan -destroy -out=terraform.tfplan \
+	  -var "do_token=$(DO_PAT)" \
+	  -var "do_worker_count=0" \
+	  -var "do_controller_count=1" \
+	  -var "do_instance_size=s-2vcpu-4gb" \
+	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
+	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
+	cd ./test/DO/infra && terraform apply "terraform.tfplan"
+	# Remove S3 bucket for Backend
+	cd ./test/DO/backend && terraform init
+	cd ./test/DO/backend && terraform plan -destroy -out=terraform.tfplan \
+	  -var "do_token=$(DO_PAT)" \
+	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
+	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
+	cd ./test/DO/backend && terraform apply "terraform.tfplan"
+
 .PHONY: build
 ## Run playbook to build rkub zst package on localhost.
 build:
 	ansible-playbook ./playbooks/tasks/build.yml
 
-.PHONY: upload
-## Run playbook to upload rkub zst package.
-upload:
-	ansible-playbook ./playbooks/tasks/upload.yml $(ANSIBLE_ARGS)
-
-.PHONY: install
-## Run playbook to install rkub.
-install:
-	ansible-playbook ./playbooks/tasks/install.yml $(ANSIBLE_ARGS)
-
-.PHONY: uninstall
-## Run playbook to uninstall rkub.
-uninstall:
-	ansible-playbook ./playbooks/tasks/uninstall.yml $(ANSIBLE_ARGS)
-
 .PHONY: ee-container
 ## Create an execution-env container with all dependencies inside
 ee-container:
diff --git a/README.md b/README.md
index 6a3f13d91..04615252f 100644
--- a/README.md
+++ b/README.md
@@ -42,33 +42,34 @@ Add-on from my part:
 
 - Some flexibility about path with the possibility to build and install on a choosen path.
 
-- Admin user (by default 'kuberoot') on first controller node with some admin tools (k9s, helm).
+- Admin user (by default 'kuberoot') on first controller node with some admin tools (k9s, helm and kubectl).
 
-- Nerdctl as complement of containerd to handle oci-archive.
+- Import kubeconfig on Ansible controller host and add it to kubecm if present (to be able to admin rke2 cluster from localhost).
 
-- K9S on first controller for admin purpose.
+- Nerdctl as complement of containerd to handle oci-archive.
 
 - Uninstall playbook to cleanup (and maybe reinstall if needed).
 
-- Collection Released, so possibilty to get back to older versions.
+- Ansible Collection Released, so possibilty to get back to older versions.
 
 ## Use Case
 
 Currently only install:
   - on Rocky8
-  - airgap tarball or rpm
-  - Defined or Stable channels
+  - airgap or online install
+  - tarball or rpm method
+  - Defined versions or versions from Stable channels
   - Canal CNI
   - Digital Ocean
 
 But the target to handle all the usecase below:
 
-| OS     | Versions                | Method         | CNI    | Cloud providers | Extra Install   |
-|--------|-------------------------|----------------|--------|-----------------|-----------------|
-| Rocky8 | Defined in collections  | airgap tarball | Canal  | Digital Ocean   | Kubevip         |
-| Ubuntu | Stable channels         | airgap rpm     |        | AWS             | Longhorn        |
-|        | Custom                  | online         |        | Azure           | Rancher         |
-|        |                         |                |        |                 | Neuvector       |
+| OS     | Versions                    | Method         | CNI    | Cloud providers |  Cluster Arch         | Extra Install   |
+|--------|-----------------------------|----------------|--------|-----------------|-----------------------|-----------------|
+| Rocky8 | Defined in this collection  | airgap tarball | Canal  | Digital Ocean   | Standalone            | Kubevip         |
+| Ubuntu | Stable channels             | airgap rpm     |        | AWS             | One Master, x Workers | Longhorn        |
+|        | Custom                      | online tarball |        | Azure           | 3 Masters, x Workers  | Rancher         |
+|        |                             | online rpm     |        |                 |                       | Neuvector       |
 
 ## Prerequisites
 
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index 7c0ad4b8d..6752e0c83 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -40,17 +40,17 @@ resource "digitalocean_vpc" "rkub-project-network" {
   region   = var.region
 
   timeouts {
-    delete = "30m"
+    delete = "10m"
   }
 }
 
 # https://github.com/digitalocean/terraform-provider-digitalocean/issues/446
-resource "time_sleep" "wait_300_seconds_to_destroy" {
+resource "time_sleep" "wait_200_seconds_to_destroy" {
   depends_on = [digitalocean_vpc.rkub-project-network]
-  destroy_duration = "300s"
+  destroy_duration = "200s"
 }
 resource "null_resource" "placeholder" {
-  depends_on = [time_sleep.wait_300_seconds_to_destroy]
+  depends_on = [time_sleep.wait_200_seconds_to_destroy]
 }
 #
 

From cab23b4ceca44e76d49eb5bc198b9d4d87b068b1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 13:46:38 +0200
Subject: [PATCH 356/365] uniformize pipeline and makefile

---
 .github/workflows/stage_airgap.yml            | 24 +++----
 .github/workflows/stage_online.yml            | 28 ++++----
 .gitignore                                    |  2 +-
 Makefile                                      | 45 ++++++------
 .../install_rke2_controller/defaults/main.yml |  2 +-
 test/DO/backend/main.tf                       |  2 +-
 test/DO/backend/variables.tf                  |  2 +-
 test/DO/infra/main.tf                         | 71 ++++++++-----------
 test/DO/infra/output.tf                       |  7 ++
 test/DO/infra/provider.tf                     | 29 ++++++++
 test/DO/infra/variables.tf                    |  8 +--
 11 files changed, 119 insertions(+), 101 deletions(-)
 create mode 100644 test/DO/infra/output.tf
 create mode 100644 test/DO/infra/provider.tf

diff --git a/.github/workflows/stage_airgap.yml b/.github/workflows/stage_airgap.yml
index 32a886112..a180bb5a2 100644
--- a/.github/workflows/stage_airgap.yml
+++ b/.github/workflows/stage_airgap.yml
@@ -110,10 +110,10 @@ jobs:
           cd ./DO/infra
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=${WORKER_COUNT}" \
-          -var "do_controller_count=${CONTROLLER_COUNT}" \
-          -var "do_instance_size=${SIZE}" \
+          -var "token=${DO_PAT}" \
+          -var "worker_count=${WORKER_COUNT}" \
+          -var "controller_count=${CONTROLLER_COUNT}" \
+          -var "instance_size=${SIZE}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
@@ -185,11 +185,11 @@ jobs:
 
       - name: Test if reachable
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root -vv --private-key .key
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root
 
       - name: Wait for cloud-init to finish
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v --private-key .key
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v
 
   install:
     name: Install
@@ -227,11 +227,11 @@ jobs:
 
       - name: Run playbook hauler_server.yml
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/hauler_server.yml -e dir_target=${MOUNT_POINT}
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/hauler_server.yml -e dir_target=${MOUNT_POINT}
 
       - name: Run playbook install.yml
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/install.yml
 
       #- name: Run playbook rancher.yml
       #  run: |
@@ -338,10 +338,10 @@ jobs:
         run: |
           terraform plan -destroy -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=${WORKER_COUNT}" \
-          -var "do_controller_count=${CONTROLLER_COUNT}" \
-          -var "do_instance_size=${SIZE}" \
+          -var "token=${DO_PAT}" \
+          -var "worker_count=${WORKER_COUNT}" \
+          -var "controller_count=${CONTROLLER_COUNT}" \
+          -var "instance_size=${SIZE}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
diff --git a/.github/workflows/stage_online.yml b/.github/workflows/stage_online.yml
index d93d5d912..ece93b144 100644
--- a/.github/workflows/stage_online.yml
+++ b/.github/workflows/stage_online.yml
@@ -75,10 +75,10 @@ jobs:
           cd ./DO/infra
           terraform plan -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=${WORKER_COUNT}" \
-          -var "do_controller_count=${CONTROLLER_COUNT}" \
-          -var "do_instance_size=${SIZE}" \
+          -var "token=${DO_PAT}" \
+          -var "worker_count=${WORKER_COUNT}" \
+          -var "controller_count=${CONTROLLER_COUNT}" \
+          -var "instance_size=${SIZE}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
@@ -156,11 +156,11 @@ jobs:
 
       - name: Test if reachable
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root -vv --private-key .key
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m ping -u root
 
       - name: Wait for cloud-init to finish
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v --private-key .key
+          ANSIBLE_HOST_KEY_CHECKING=False ansible RKE2_CLUSTER -m shell -a "cloud-init status --wait" -u root -v
 
   install:
     name: Install
@@ -198,19 +198,19 @@ jobs:
 
       - name: Run playbook install.yml
         run: |
-          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/install.yml -e "airgap=false" -e "method=tarball"
+          ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/install.yml -e "airgap=false" -e "method=tarball"
 
       #- name: Run playbook rancher.yml
       #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/rancher.yml
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/rancher.yml
 
       #- name: Run playbook longhorn.yml
       #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/longhorn.yml
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/longhorn.yml
 
       #- name: Run playbook neuvector.yml
       #  run: |
-      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root --private-key .key playbooks/neuvector.yml
+      #    ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -u root playbooks/neuvector.yml
 
   test:
     name: Test
@@ -305,10 +305,10 @@ jobs:
         run: |
           terraform plan -destroy -out=terraform.tfplan \
           -var "GITHUB_RUN_ID=$GITHUB_RUN_ID" \
-          -var "do_token=${DO_PAT}" \
-          -var "do_worker_count=${WORKER_COUNT}" \
-          -var "do_controller_count=${CONTROLLER_COUNT}" \
-          -var "do_instance_size=${SIZE}" \
+          -var "token=${DO_PAT}" \
+          -var "worker_count=${WORKER_COUNT}" \
+          -var "controller_count=${CONTROLLER_COUNT}" \
+          -var "instance_size=${SIZE}" \
           -var "spaces_access_key_id=${{secrets.DIGITALOCEAN_SPACES_ACCESS_TOKEN}}" \
           -var "spaces_access_key_secret=${{secrets.DIGITALOCEAN_SPACES_SECRET_KEY}}" \
           -var "mount_point=${MOUNT_POINT}" \
diff --git a/.gitignore b/.gitignore
index c060c09ea..d6acbf124 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,7 +22,7 @@ node_modules
 package*.json
 *.tfstate
 hosts.ini
-.key
+.key*
 Chart.lock
 .venv/
 __pycache__
diff --git a/Makefile b/Makefile
index 23ee3ab06..ed0ff0527 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,6 @@
 # Rkub Makefile
-
-export INVENTORY       ?= ./plugins/inventory
-export ANSIBLE_USER    ?= admin
-export EXTRA_VARS      := $(shell for n in $$INSTALL_VARS; do echo "-e $$n "; done )
-export OPT             ?=
-export ANSIBLE_ARGS     = -i $(INVENTORY) -u $(ANSIBLE_USER) $(EXTRA_VARS) $(OPT)
+export WORKERS         ?= 0
+export MASTERS         ?= 1
 
 export REGISTRY        ?= localhost:5000
 export EE_IMAGE        ?= ee-rkub
@@ -26,24 +22,25 @@ quickstart:
     eval test -n \"\$$$$v\" || { echo "You must set environment variable $$v"; exit 1; } && echo $$v; \
     done
 	# S3 bucket for Backend
-	cd ./test/DO/backend && terraform init
-	cd ./test/DO/backend && terraform plan -out=terraform.tfplan \
-	  -var "do_token=$(DO_PAT)" \
+	@cd ./test/DO/backend && terraform init
+	@cd ./test/DO/backend && terraform plan -out=terraform.tfplan \
+	  -var "token=$(DO_PAT)" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
-	cd ./test/DO/backend && terraform apply "terraform.tfplan"
+	@cd ./test/DO/backend && terraform apply "terraform.tfplan"
 	# Create infra with Terrafrom
-	cd ./test/DO/infra && terraform init
-	cd ./test/DO/infra && terraform plan -out=terraform.tfplan \
-	  -var "do_token=$(DO_PAT)" \
-	  -var "do_worker_count=0" \
-	  -var "do_controller_count=1" \
-	  -var "do_instance_size=s-2vcpu-4gb" \
+	@cd ./test/DO/infra && terraform init
+	@cd ./test/DO/infra && terraform plan -out=terraform.tfplan \
+	  -var "token=$(DO_PAT)" \
+	  -var "worker_count=$(WORKERS)" \
+	  -var "controller_count=$(MASTERS)" \
+	  -var "instance_size=s-2vcpu-4gb" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
-	cd ./test/DO/infra && terraform apply "terraform.tfplan"
+	@cd ./test/DO/infra && terraform apply "terraform.tfplan"
 	# Run playbooks
-	cd ./test && ansible-playbook playbooks/install.yml -e "stable=true" -e "airgap=false" -e "method=rpm" --private-key DO/.key -u root
+	@sleep 10
+	@cd ./test && ansible-playbook playbooks/install.yml -e "stable=true" -e "airgap=false" -e "method=rpm" -u root
 
 .PHONY: quickstart-cleanup
 ## Remove RKE2 cluster from quickstart on Digital Ocean
@@ -55,17 +52,17 @@ quickstart-cleanup:
 	# Delete infra with Terrafrom
 	cd ./test/DO/infra && terraform init
 	cd ./test/DO/infra && terraform plan -destroy -out=terraform.tfplan \
-	  -var "do_token=$(DO_PAT)" \
-	  -var "do_worker_count=0" \
-	  -var "do_controller_count=1" \
-	  -var "do_instance_size=s-2vcpu-4gb" \
+	  -var "token=$(DO_PAT)" \
+	  -var "worker_count=$(WORKERS)" \
+	  -var "controller_count=$(MASTERS)" \
+	  -var "instance_size=s-2vcpu-4gb" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
 	cd ./test/DO/infra && terraform apply "terraform.tfplan"
 	# Remove S3 bucket for Backend
 	cd ./test/DO/backend && terraform init
 	cd ./test/DO/backend && terraform plan -destroy -out=terraform.tfplan \
-	  -var "do_token=$(DO_PAT)" \
+	  -var "token=$(DO_PAT)" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
 	cd ./test/DO/backend && terraform apply "terraform.tfplan"
@@ -73,7 +70,7 @@ quickstart-cleanup:
 .PHONY: build
 ## Run playbook to build rkub zst package on localhost.
 build:
-	ansible-playbook ./playbooks/tasks/build.yml
+	ansible-playbook ./playbooks/build.yml
 
 .PHONY: ee-container
 ## Create an execution-env container with all dependencies inside
diff --git a/roles/install_rke2_controller/defaults/main.yml b/roles/install_rke2_controller/defaults/main.yml
index 4a2a0976f..d69b36a9e 100644
--- a/roles/install_rke2_controller/defaults/main.yml
+++ b/roles/install_rke2_controller/defaults/main.yml
@@ -12,7 +12,7 @@ hauler_server: "{{ global_hauler_ip }}"
 
 # RKE2 config
 rke2_kubeconfig_file: "/etc/rancher/rke2/rke2.yaml"
-rkub_local_kubeconfig: "~/.kube/rkub.yaml"
+rkub_local_kubeconfig: "~/.kube/rkub-{{ inventory_hostname }}.yaml"
 rkub_context_name: "rkub-{{ inventory_hostname }}"
 
 # Controller options
diff --git a/test/DO/backend/main.tf b/test/DO/backend/main.tf
index a8ff236ea..e005b7e5e 100644
--- a/test/DO/backend/main.tf
+++ b/test/DO/backend/main.tf
@@ -8,7 +8,7 @@ terraform {
 }
 
 provider "digitalocean" {
-  token = var.do_token
+  token = var.token
   spaces_access_id  = var.spaces_access_key_id
   spaces_secret_key = var.spaces_access_key_secret
 }
diff --git a/test/DO/backend/variables.tf b/test/DO/backend/variables.tf
index ae2938f87..73049fd1c 100644
--- a/test/DO/backend/variables.tf
+++ b/test/DO/backend/variables.tf
@@ -1,4 +1,4 @@
-variable "do_token" {
+variable "token" {
   description = "Digital Ocean API Token"
 }
 
diff --git a/test/DO/infra/main.tf b/test/DO/infra/main.tf
index 6752e0c83..50cbabb44 100644
--- a/test/DO/infra/main.tf
+++ b/test/DO/infra/main.tf
@@ -1,35 +1,30 @@
 ###
-### Provider part
+### SSH
 ###
-terraform {
-  required_providers {
-    digitalocean = {
-      source = "digitalocean/digitalocean"
-      version = "~> 2.0"
-    }
-  }
-  backend "s3" {
-    skip_region_validation      = true
-    skip_credentials_validation = true
-    skip_metadata_api_check     = true
-    skip_requesting_account_id  = true
-    use_path_style              = true
-    skip_s3_checksum            = true
-    endpoints = {
-      s3 = "https://fra1.digitaloceanspaces.com"
-    }
-    region                      = "fra1"
-    // bucket                   = "terraform-backend-github"
-    key                         = "terraform.tfstate"
-  }
+
+# Generate an SSH key pair
+resource "tls_private_key" "global_key" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
 }
 
-provider "digitalocean" {
-  token = var.do_token
+# Save the public key to a local file
+resource "local_file" "ssh_public_key" {
+  filename = "${path.module}/.key.pub"
+  content  = tls_private_key.global_key.public_key_openssh
 }
 
-data "digitalocean_ssh_key" "terraform" {
-  name = "terraform"
+# Save the private key to a local file
+resource "local_sensitive_file" "ssh_private_key" {
+  filename        = "${path.module}/.key.private"
+  content         = tls_private_key.global_key.private_key_pem
+  file_permission = "0600"
+}
+
+# Upload the public key to DigitalOcean
+resource "digitalocean_ssh_key" "ssh_key" {
+  name       = "rkub-${var.GITHUB_RUN_ID}-ssh"
+  public_key = tls_private_key.global_key.public_key_openssh
 }
 
 ###
@@ -60,19 +55,19 @@ resource "null_resource" "placeholder" {
 
 # Droplet Instance for RKE2 Cluster - Manager
 resource "digitalocean_droplet" "controllers" {
-    count = var.do_controller_count
+    count = var.controller_count
     image = var.do_system
     name = "controller${count.index}.${var.domain}"
     region = var.region
-    size = var.do_instance_size
+    size = var.instance_size
     tags   = [
       "rkub-${var.GITHUB_RUN_ID}",
       "controller",
       "${var.do_system}_controllers",
       ]
     vpc_uuid = digitalocean_vpc.rkub-project-network.id
-    ssh_keys = [ data.digitalocean_ssh_key.terraform.id ]
-    #user_data = data.cloudinit_config.server_config.rendered
+    ssh_keys = [ digitalocean_ssh_key.ssh_key.fingerprint ]
+    # if airgap, S3 bucket is mounted on master to get the resources
     user_data = var.airgap ? data.cloudinit_config.server_airgap_config.rendered : null
 }
 
@@ -83,20 +78,18 @@ output "ip_address_controllers" {
 
 # Droplet Instance for RKE2 Cluster - Workers
 resource "digitalocean_droplet" "workers" {
-    count = var.do_worker_count
+    count = var.worker_count
     image = var.do_system
     name = "worker${count.index}.${var.domain}"
     region = var.region
-    size = var.do_instance_size
+    size = var.instance_size
     tags   = [
       "rkub-${var.GITHUB_RUN_ID}",
       "worker",
       "${var.do_system}_workers",
       ]
     vpc_uuid = digitalocean_vpc.rkub-project-network.id
-    ssh_keys = [
-      data.digitalocean_ssh_key.terraform.id
-    ]
+    ssh_keys = [ digitalocean_ssh_key.ssh_key.fingerprint ]
 }
 
 ###
@@ -122,11 +115,3 @@ resource "local_file" "ansible_inventory" {
   )
   filename = "../../inventory/hosts.ini"
 }
-
-###
-### Display
-###
-output "ip_address_workers" {
-  value = digitalocean_droplet.workers[*].ipv4_address
-  description = "The public IP address of your rke2 workers."
-}
diff --git a/test/DO/infra/output.tf b/test/DO/infra/output.tf
new file mode 100644
index 000000000..132922ee2
--- /dev/null
+++ b/test/DO/infra/output.tf
@@ -0,0 +1,7 @@
+###
+### Display
+###
+output "ip_address_workers" {
+  value = digitalocean_droplet.workers[*].ipv4_address
+  description = "The public IP address of your rke2 workers."
+}
diff --git a/test/DO/infra/provider.tf b/test/DO/infra/provider.tf
new file mode 100644
index 000000000..897a9a6b5
--- /dev/null
+++ b/test/DO/infra/provider.tf
@@ -0,0 +1,29 @@
+###
+### Provider part
+###
+terraform {
+  required_providers {
+    digitalocean = {
+      source = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+  backend "s3" {
+    // Nothing here can be variabilized
+    skip_region_validation      = true
+    skip_credentials_validation = true
+    skip_metadata_api_check     = true
+    skip_requesting_account_id  = true
+    use_path_style              = true
+    skip_s3_checksum            = true
+    endpoints = {
+      s3 = "https://fra1.digitaloceanspaces.com"
+    }
+    region                      = "fra1"
+    key                         = "terraform.tfstate"
+  }
+}
+
+provider "digitalocean" {
+  token = var.token
+}
diff --git a/test/DO/infra/variables.tf b/test/DO/infra/variables.tf
index 6d5fa694f..a2ca83b33 100644
--- a/test/DO/infra/variables.tf
+++ b/test/DO/infra/variables.tf
@@ -1,21 +1,21 @@
-variable "do_token" {
+variable "token" {
   description = "Digital Ocean API Token"
 }
 
 ### s-2vcpu-4gb
-variable "do_instance_size" {
+variable "instance_size" {
   type = string
   description = "VM size"
   default = "s-2vcpu-4gb"
 }
 
-variable "do_controller_count" {
+variable "controller_count" {
   type    = number
   description = "number of controllers"
   default = "1"
 }
 
-variable "do_worker_count" {
+variable "worker_count" {
   type    = number
   description = "number of workers"
   default = "2"

From 7a7c75e179bc09924905b73adb76f10b2eada2c2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 13:47:13 +0200
Subject: [PATCH 357/365] uniformize pipeline and makefile

---
 test/ansible.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/ansible.cfg b/test/ansible.cfg
index 671228f21..5f750f1eb 100644
--- a/test/ansible.cfg
+++ b/test/ansible.cfg
@@ -7,4 +7,4 @@ display_skipped_hosts = false
 deprecation_warnings = false
 force_color       = True
 stdout_callback   = yaml
-private_key_file = ./.key
+private_key_file = ./DO/infra/.key.private

From 8818bdb167b2647451efbec156028d08f3be79d1 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 14:04:30 +0200
Subject: [PATCH 358/365] Quickstart

---
 README.md | 123 ++++++++++++++++++++++++++++++------------------------
 1 file changed, 69 insertions(+), 54 deletions(-)

diff --git a/README.md b/README.md
index 04615252f..3a4d3babf 100644
--- a/README.md
+++ b/README.md
@@ -55,14 +55,20 @@ Add-on from my part:
 ## Use Case
 
 Currently only install:
-  - on Rocky8
-  - airgap or online install
-  - tarball or rpm method
-  - Defined versions or versions from Stable channels
-  - Canal CNI
-  - Digital Ocean
 
-But the target to handle all the usecase below:
+- on Rocky8
+
+- airgap or online install
+
+- tarball or rpm method
+
+- Defined versions or versions from Stable channels
+
+- Canal CNI
+
+- Digital Ocean
+
+But the target would be to handle all the usecase below:
 
 | OS     | Versions                    | Method         | CNI    | Cloud providers |  Cluster Arch         | Extra Install   |
 |--------|-----------------------------|----------------|--------|-----------------|-----------------------|-----------------|
@@ -79,21 +85,45 @@ But the target to handle all the usecase below:
 
 - A minimum of 2 hosts RHEL-like (2 vCPU and 8G of RAM) for the cluster RKE2 with 80G at least on target directory.
 
-## Getting started
+## Quickstart
 
-1. Preparation steps:
+As prerequisities, you will need a Digital Ocean accompte and set your `Token` and a `Spaces key` inside API tabs.
 
 - Clone the main branch of this project to a machine with an internet access:
       `git clone -b main https://github.com/MozeBaltyk/Rkub.git`
 
 - Execute `make prerequis` to install all prerequisites defined in meta directory.
 
-- Complete directory inside `./plugins/inventory/hosts.yml`.
+- Export vars and Execute as below:
+
+```bash
+export DO_PAT="xxxxxxxxxx"
+export AWS_ACCESS_KEY_ID="xxxxxxxxxxxx"
+export AWS_SECRET_ACCESS_KEY="xxxxxxxxxxx"
+export WORKERS=2
+
+# Create RKE2 cluster
+make quickstart
+
+# Delete RKE2 cluster
+make quickstart-cleanup
+```
+
+## Global Usage
+
+1. Preparation steps for classic ansible controller:
+
+- Create some SSH keys and deploy it on target hosts.
+
+- Define an ansible.cfg
+
+- Define an inventory (example in `./plugins/inventory/hosts.yml`).
+
+then use it...
 
 2. Build your package by running (works on Debian-like or Redhat-like and targets localhost).
 This step concern only an airgap install. If targeted servers have an internet access then skip and go to step 5:
 
-
 ```sh
 ansible-playbook mozebaltyk.rkub.build.yml                    # All arguments below are not mandatory
 -e "dir_build=$HOME/rkub"                                     # Directory where to upload everything (count 10G)
@@ -162,17 +192,6 @@ ansible-playbook mozebaltyk.rkub.neuvector.yml     # All arguments below are not
 -u admin -Kk                                       # Other Ansible Arguments (like -vvv)
 ```
 
-9. Bonus:
-
-With make command, all playbooks above are in the makefile. `make` alone display options and small descriptions.
-
-```bash
-# Example with make
-make install                                       # All arguments below are not mandatory
-ANSIBLE_USER=admin                                 # equal to '-u admin'
-"OPT=-e domain=example.com -Kk"                    # redefine vars or add options to ansible-playbook command
-```
-
 ## Container methode
 
 1. This is a custom script which imitate Execution-Environement:
@@ -186,7 +205,8 @@ All prerequisites are set in folder `meta` and `meta/execution-environment.yml`.
 ## Some details
 
 I favored the tarball installation since it's the most compact and install rely on a archive tar.zst which stay on all nodes.
-The rpm install is much straight forward but match only system with RPM (so mainly Redhat-like).
+The rpm install is much straight forward but match only system with RPM (so mainly Redhat-like) and require a registry.
+But the rpm method with the stable channel is used for the quickstart install.
 
 **build** have for purpose to create a tar.zst with following content using hauler tool:
 
@@ -201,24 +221,33 @@ rkub
     └── index.json
 ```
 
+It will store and build package regarding:
+
+- Chosen install method for rke2 (tarbal or rpm)
+- Chosen components (kube-vip, longhorn, rancher, neuvector)
+- Chosen channels stable or versions defined in this collection
+
 **upload** push the big monster packages (around 7G) and unarchive on first node on chosen targeted path.
 
 **hauler** (by default on first controller but could be on dedicated server)
-  - deploy a registry as systemd service and make it available on port 5000 using hauler.
-  - deploy a fileserver as systemd service and make it available on port 8080 using hauler.
+
+- deploy a registry as systemd service and make it available on port 5000 using hauler.
+- deploy a fileserver as systemd service and make it available on port 8080 using hauler.
 
 **install** RKE2 (currently only one master) with:
-  - Install with tarball method by default or rpm method if given in argument.
-  - An admin user (by default `kuberoot`) on first master with some administation tools like `k9s` `kubectl` or `helm`.
-  - Nerdctl as complement to containerd and allow oci-archive.
-  - Firewalld settings if firewalld running.
-  - Selinux rpm if selinux enabled.
-  - Fetch and add kubeconfig to ansible controller in directory ./kube (and add to kubecm if present).
+
+- Install rke2 with tarball method by default or rpm method if given in argument.
+- An admin user (by default `kuberoot`) on first master with some administation tools like `k9s` `kubectl` or `helm`.
+- Nerdctl as complement to containerd and allow oci-archive.
+- Firewalld settings if firewalld running.
+- Selinux rpm if selinux enabled.
+- Fetch and add kubeconfig to ansible controller in directory ./kube (and add to kubecm if present).
 
 **deploy** keeping this order, *Rancher*, *Longhorn*, *Neuvector*
-  - Those are simple playbooks which deploy with helm charts
-  - It use the default ingress from RKE2 *Nginx-ingress* in https (currently Self-sign certificate)
-  - *Rancher* need *Certmanager*, So it deploy first Certmanager
+
+- Those are simple playbooks which deploy with helm charts either in airgap or online mode.
+- It use the default ingress from RKE2 *Nginx-ingress* in https (currently Self-sign certificate)
+- *Rancher* need *Certmanager*, So it deploy first Certmanager
 
 ## Roadmap
 
@@ -228,21 +257,17 @@ Milestones:
 
 * HA masters with kubevip
 
-* Add a option to chooce by url mode or airgap mode
-
-Improvments:
-
-* Improve collection to run as true collection
+* Allow several providers (currently only DO)
 
 # Acknowledgements
 
 ## Special thanks to 📢
 
-* Clemenko, for the idea [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh).
+* Clemenko, for the idea [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/).
 
-## References:
+## References
 
-- [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/blob/main/air_gap_all_the_things.sh)
+- [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/)
 
 - [rancherfederal/RKE2-ansible](https://github.com/rancherfederal/rke2-ansible)
 
@@ -252,20 +277,10 @@ Improvments:
 
 - [rancher/quickstart](https://github.com/rancher/quickstart)
 
-
-Get the latest stable version:
-
-```bash
-## RKE2
-curl -s https://raw.githubusercontent.com/rancher/rke2/master/channels.yaml | yq -N '.channels[] | select(.name == "stable") | .latest'
-
-## K3S
-curl -s https://raw.githubusercontent.com/k3s-io/k3s/master/channel.yaml | yq -N '.channels[] | select(.name == "stable") | .latest'
-```
-
 ## Repo Activity
-![Alt](https://repobeats.axiom.co/api/embed/2664e49768529526895630ae70e2a366a70de78f.svg "Repobeats analytics image")
 
+![Alt](https://repobeats.axiom.co/api/embed/2664e49768529526895630ae70e2a366a70de78f.svg "Repobeats analytics image")
 
 ## Project status
+
 Still on developement

From 783c4e37aecdffdb6f0a8334a84a17539fdf6395 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 14:06:21 +0200
Subject: [PATCH 359/365] start Azure providers

---
 test/Azure/infra/main.tf      |  0
 test/Azure/infra/output.tf    |  0
 test/Azure/infra/provider.tf  | 27 +++++++++++
 test/Azure/infra/variables.tf | 85 +++++++++++++++++++++++++++++++++++
 4 files changed, 112 insertions(+)
 create mode 100644 test/Azure/infra/main.tf
 create mode 100644 test/Azure/infra/output.tf
 create mode 100644 test/Azure/infra/provider.tf
 create mode 100644 test/Azure/infra/variables.tf

diff --git a/test/Azure/infra/main.tf b/test/Azure/infra/main.tf
new file mode 100644
index 000000000..e69de29bb
diff --git a/test/Azure/infra/output.tf b/test/Azure/infra/output.tf
new file mode 100644
index 000000000..e69de29bb
diff --git a/test/Azure/infra/provider.tf b/test/Azure/infra/provider.tf
new file mode 100644
index 000000000..defd386d7
--- /dev/null
+++ b/test/Azure/infra/provider.tf
@@ -0,0 +1,27 @@
+###
+### Provider part
+###
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~>3.0"
+    }
+  }
+  backend "s3" {
+    // Nothing here can be variabilized
+    resource_group_name  = "tfstate"
+    storage_account_name = "<storage_account_name>"
+    container_name       = "tfstate"
+    key                  = "terraform.tfstate"
+  }
+}
+
+provider "azurerm" {
+  features {}
+
+  subscription_id = var.azure_subscription_id
+  client_id       = var.azure_client_id
+  client_secret   = var.azure_client_secret
+  tenant_id       = var.azure_tenant_id
+}
diff --git a/test/Azure/infra/variables.tf b/test/Azure/infra/variables.tf
new file mode 100644
index 000000000..8f9059ea3
--- /dev/null
+++ b/test/Azure/infra/variables.tf
@@ -0,0 +1,85 @@
+variable "token" {
+  description = "Azure API Token"
+}
+
+### s-2vcpu-4gb
+variable "instance_size" {
+  type = string
+  description = "VM size"
+  default = "s-2vcpu-4gb"
+}
+
+variable "controller_count" {
+  type    = number
+  description = "number of controllers"
+  default = "1"
+}
+
+variable "worker_count" {
+  type    = number
+  description = "number of workers"
+  default = "2"
+}
+
+variable "az_user" {
+  type    = string
+  description = "user created on VM"
+  default = "terraform"
+}
+
+variable "az_system" {
+  type    = string
+  description = "os used for VM"
+  default = "rockylinux-8-x64"
+}
+
+variable "domain" {
+  description = "Domain given to loadbalancer and VMs"
+  default = "rkub.com"
+}
+
+variable "region" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "fra1"
+}
+
+variable "airgap" {
+  description = "if airgap true, mount s3 bucket with rkub package"
+  default = "true"
+}
+
+variable "GITHUB_RUN_ID" {
+  type    = string
+  description = "github run id"
+  default = "quickstart"
+}
+
+variable "terraform_backend_bucket_name" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "terraform-backend-rkub-quickstart"
+}
+
+variable "mount_point" {
+  description = "Unique bucket name for storing terraform backend data"
+  default = "/opt/rkub"
+}
+
+##
+## Azure credentials
+##
+
+variable "azure_subscription_id" {
+  description = "Azure Subscription ID"
+}
+
+variable "azure_client_id" {
+  description = "Azure Client ID"
+}
+
+variable "azure_client_secret" {
+  description = "Azure Client Secret"
+}
+
+variable "azure_tenant_id" {
+  description = "Azure tenant ID"
+}

From faa6dbd55f22592d602df7794e830ed9be15b574 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 14:20:31 +0200
Subject: [PATCH 360/365] vars size

---
 Makefile | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index ed0ff0527..a5d205e16 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,7 @@
 # Rkub Makefile
 export WORKERS         ?= 0
 export MASTERS         ?= 1
+export SIZE_MATTERS    ?= "s-2vcpu-4gb"
 
 export REGISTRY        ?= localhost:5000
 export EE_IMAGE        ?= ee-rkub
@@ -34,7 +35,7 @@ quickstart:
 	  -var "token=$(DO_PAT)" \
 	  -var "worker_count=$(WORKERS)" \
 	  -var "controller_count=$(MASTERS)" \
-	  -var "instance_size=s-2vcpu-4gb" \
+	  -var "instance_size=$(SIZE_MATTERS)" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
 	@cd ./test/DO/infra && terraform apply "terraform.tfplan"
@@ -50,22 +51,22 @@ quickstart-cleanup:
     eval test -n \"\$$$$v\" || { echo "You must set environment variable $$v"; exit 1; } && echo $$v; \
     done
 	# Delete infra with Terrafrom
-	cd ./test/DO/infra && terraform init
-	cd ./test/DO/infra && terraform plan -destroy -out=terraform.tfplan \
+	@cd ./test/DO/infra && terraform init
+	@cd ./test/DO/infra && terraform plan -destroy -out=terraform.tfplan \
 	  -var "token=$(DO_PAT)" \
 	  -var "worker_count=$(WORKERS)" \
 	  -var "controller_count=$(MASTERS)" \
-	  -var "instance_size=s-2vcpu-4gb" \
+	  -var "instance_size=$(SIZE_MATTERS)" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
-	cd ./test/DO/infra && terraform apply "terraform.tfplan"
+	@cd ./test/DO/infra && terraform apply "terraform.tfplan"
 	# Remove S3 bucket for Backend
-	cd ./test/DO/backend && terraform init
-	cd ./test/DO/backend && terraform plan -destroy -out=terraform.tfplan \
+	@cd ./test/DO/backend && terraform init
+	@cd ./test/DO/backend && terraform plan -destroy -out=terraform.tfplan \
 	  -var "token=$(DO_PAT)" \
 	  -var "spaces_access_key_id=$(AWS_ACCESS_KEY_ID)" \
 	  -var "spaces_access_key_secret=$(AWS_SECRET_ACCESS_KEY)"
-	cd ./test/DO/backend && terraform apply "terraform.tfplan"
+	@cd ./test/DO/backend && terraform apply "terraform.tfplan"
 
 .PHONY: build
 ## Run playbook to build rkub zst package on localhost.

From 743b21ebd62d9e0b4e5e7f64416a45223517d8d2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 14:21:36 +0200
Subject: [PATCH 361/365] badge workflows

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 3a4d3babf..96bcfa492 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,8 @@ Ansible Collection to deploy and test Rancher stacks (RKE2, Rancher, Longhorn an
 
 [![Releases](https://img.shields.io/github/release/MozeBaltyk/rkub)](https://github.com/MozeBaltyk/rkub/releases)
 [![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0/)
-[![Stage airgap](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage.yml/badge.svg)](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage.yml)
+[![Stage airgap](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage_airgap.yml/badge.svg)](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage_airgap.yml)
+[![Stage online](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage_online.yml/badge.svg)](https://github.com/MozeBaltyk/Rkub/actions/workflows/stage_online.yml)
 
 ## Description
 

From 9f3123e4a85058c3db1317d4367ce57e79787bb2 Mon Sep 17 00:00:00 2001
From: MozeBaltyk <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 14:29:34 +0200
Subject: [PATCH 362/365] readme

---
 README.md | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 96bcfa492..df85c7180 100644
--- a/README.md
+++ b/README.md
@@ -28,10 +28,7 @@ This Ansible collection will install in airgap environnement RKE2 (one controler
 
 <!-- END -->
 
-This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/).
-I tried it and like the idea but I was frustrated with Shell scripting limitations. So I decided to rewrite it in Ansible.
-
-With Ansible:
+This Project is mainly inspired from [Clemenko/rke_airgap_install](https://github.com/clemenko/rke_airgap_install/) but Shell scripting brings limitations. So Let's rewrite it in Ansible which comes with below benefices:
 
 - Idempotency: can be relaunch multiple time.
 
@@ -53,6 +50,8 @@ Add-on from my part:
 
 - Ansible Collection Released, so possibilty to get back to older versions.
 
+- Quickstart script to triggers an RKE2 cluster in Digital Ocean and delete it once required.
+
 ## Use Case
 
 Currently only install:

From f0d586d61a8c639e6d564683da23f96b14cb8f9c Mon Sep 17 00:00:00 2001
From: ccaron <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 15:11:11 +0200
Subject: [PATCH 363/365] changelog.md

---
 CHANGELOG.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b0972710..787ca6b48 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,19 +31,19 @@
   - [x] Deploy Neuvector.
   - [x] Script to containerize in an Execution-Env.
   - [x] Script to uninstall everything
-  - [ ] More install customization and options 🚧
-  - [ ] Improve collection to run as true collection 🚧
-  - [ ] CI 🚧
+  - [x] More install customization and options
+  - [x] Improve collection to run as true collection
+  - [x] CI workflows
+  - [x] Quickstart script
 
 Use case:
   - [x] airgap
-  - [ ] non-airgap 🚧
-  - [ ] standalone 🚧
+  - [x] non-airgap
+  - [x] standalone
   - [x] one-master-and-x-workers
   - [ ] masters-HA 🚧
   - [ ] update/upgrade 🚧
   - [ ] change-config 🚧
-
 <!-- End Features -->
 
 <!-- Fix -->

From c82697e153c615ac343665460f16587eae06e244 Mon Sep 17 00:00:00 2001
From: ccaron <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 15:12:30 +0200
Subject: [PATCH 364/365] changelog.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 787ca6b48..12eb9a68c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # CHANGELOG.md
 
 <!-- Release -->
-## 1.0.3 (2024-01-24)
+## 1.0.3 (2024-05-23)
 
 ### Versions
 

From 14ddd16b913893debdc504e38b641828547750b2 Mon Sep 17 00:00:00 2001
From: ccaron <morze.baltyk@proton.me>
Date: Thu, 23 May 2024 15:12:51 +0200
Subject: [PATCH 365/365] correct readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index df85c7180..20ac05b21 100644
--- a/README.md
+++ b/README.md
@@ -36,7 +36,7 @@ This Project is mainly inspired from [Clemenko/rke_airgap_install](https://githu
 
 - OS agnositc: can be launch on any Linux systems (at least for the package build, for the install part, it depends on your participation 😸)
 
-Add-on from my part:
+Add-on from this Ansible collection:
 
 - Some flexibility about path with the possibility to build and install on a choosen path.