From 5f925ca116c23a51d3043ebab314b15ff8e21ae4 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 16 Sep 2021 23:57:31 +0200
Subject: all hosts have been converted to use apt pinning

---
 chaos-at-home/ch-dione.yml                         |  2 ++
 dan/emc-master.yml                                 |  2 +-
 inventory/host_vars/ch-dione.yml                   |  7 +++++
 inventory/host_vars/ch-helene.yml                  |  2 +-
 inventory/host_vars/sgg-icecast.yml                |  3 ++-
 inventory/host_vars/sk-cloudio/nextcloud.yml       |  8 +++---
 inventory/host_vars/sk-tomnext-nc.yml              |  2 +-
 roles/containerd/tasks/main.yml                    |  6 -----
 roles/docker/engine/tasks/main.yml                 |  6 -----
 roles/kubernetes/base/tasks/main.yml               |  9 -------
 roles/kubernetes/kubeadm/base/tasks/main.yml       |  9 -------
 roles/kubernetes/kubeadm/upgrade                   | 30 ++++++++++++++--------
 .../blackmagic/desktopvideo/tasks/main.yml         |  7 -----
 .../blackmagic/mediaexpress/tasks/main.yml         |  6 -----
 14 files changed, 38 insertions(+), 61 deletions(-)

diff --git a/chaos-at-home/ch-dione.yml b/chaos-at-home/ch-dione.yml
index 3c358470..dd973a5a 100644
--- a/chaos-at-home/ch-dione.yml
+++ b/chaos-at-home/ch-dione.yml
@@ -11,6 +11,8 @@
   - role: core/admin-users
   - role: apt-repo/spreadspace
   - role: streaming/blackmagic/desktopvideo
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
   post_tasks:
   - name: install lm-sensors and i7z
     apt:
diff --git a/dan/emc-master.yml b/dan/emc-master.yml
index 118710a2..edfc0ffe 100644
--- a/dan/emc-master.yml
+++ b/dan/emc-master.yml
@@ -8,6 +8,6 @@
   - role: core/zsh
   - role: core/ntp
   - role: apt-repo/spreadspace
-  - role: monitoring/prometheus/exporter
+#  - role: monitoring/prometheus/exporter
   - role: storage/lvm/groups
   - role: elevate/emc-stats
diff --git a/inventory/host_vars/ch-dione.yml b/inventory/host_vars/ch-dione.yml
index 9e327b21..93a94476 100644
--- a/inventory/host_vars/ch-dione.yml
+++ b/inventory/host_vars/ch-dione.yml
@@ -78,3 +78,10 @@ ntp_server:
 
 blackmagic_desktopvideo_version: 11.7a12
 blackmagic_desktopvideo_include_gui: yes
+
+
+kubernetes_version: 1.22.2
+kubernetes_cri_tools_pkg_version: 1.21.0~2
+kubernetes_container_runtime: containerd
+kubernetes_standalone_max_pods: 42
+kubernetes_standalone_cni_variant: with-portmap
diff --git a/inventory/host_vars/ch-helene.yml b/inventory/host_vars/ch-helene.yml
index 6f35acd3..08c750ef 100644
--- a/inventory/host_vars/ch-helene.yml
+++ b/inventory/host_vars/ch-helene.yml
@@ -75,7 +75,7 @@ blackmagic_desktopvideo_include_gui: yes
 
 
 
-kubernetes_version: 1.21.4
+kubernetes_version: 1.22.2
 kubernetes_cri_tools_pkg_version: 1.21.0~2
 kubernetes_container_runtime: containerd
 kubernetes_standalone_max_pods: 42
diff --git a/inventory/host_vars/sgg-icecast.yml b/inventory/host_vars/sgg-icecast.yml
index 887ef8ac..eec37447 100644
--- a/inventory/host_vars/sgg-icecast.yml
+++ b/inventory/host_vars/sgg-icecast.yml
@@ -51,7 +51,8 @@ kubelet_storage:
   size: 2G
   fs: ext4
 
-kubernetes_version: 1.21.1
+kubernetes_version: 1.22.2
+kubernetes_cri_tools_pkg_version: 1.21.0~2
 kubernetes_container_runtime: docker
 kubernetes_standalone_max_pods: 42
 kubernetes_standalone_cni_variant: with-portmap
diff --git a/inventory/host_vars/sk-cloudio/nextcloud.yml b/inventory/host_vars/sk-cloudio/nextcloud.yml
index d7db2ea5..594dd8ac 100644
--- a/inventory/host_vars/sk-cloudio/nextcloud.yml
+++ b/inventory/host_vars/sk-cloudio/nextcloud.yml
@@ -8,7 +8,7 @@ nextcloud_zfs:
 nextcloud_instances:
   wolke.elevate.at:
     # new: true
-    version: 21.0.3
+    version: 21.0.4
     port: 8100
     hostnames:
     - wolke.elevate.at
@@ -20,7 +20,7 @@ nextcloud_instances:
       password: "{{ vault_nextcloud_database_passwords['wolke.elevate.at'] }}"
   insomnia.skillz.biz:
     # new: true
-    version: 21.0.3
+    version: 21.0.4
     port: 8101
     hostnames:
       - insomnia.skillz.biz
@@ -32,7 +32,7 @@ nextcloud_instances:
       password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}"
   nc.skillz.biz:
     # new: true
-    version: 21.0.3
+    version: 21.0.4
     port: 8102
     hostnames:
       - nc.skillz.biz
@@ -44,7 +44,7 @@ nextcloud_instances:
       password: "{{ vault_nextcloud_database_passwords['nc.skillz.biz'] }}"
   wae.elevate.at:
     # new: true
-    version: 21.0.3
+    version: 21.0.4
     port: 8104
     hostnames:
     - wae.elevate.at
diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml
index c9f0be3e..5e0f9997 100644
--- a/inventory/host_vars/sk-tomnext-nc.yml
+++ b/inventory/host_vars/sk-tomnext-nc.yml
@@ -123,7 +123,7 @@ nextcloud_zfs:
 nextcloud_instances:
   team.tomwaitz.eu:
     # new: true
-    version: 21.0.3
+    version: 21.0.4
     port: 8100
     hostnames:
       - team.tomwaitz.eu
diff --git a/roles/containerd/tasks/main.yml b/roles/containerd/tasks/main.yml
index 56970268..780b0aa9 100644
--- a/roles/containerd/tasks/main.yml
+++ b/roles/containerd/tasks/main.yml
@@ -41,12 +41,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  dpkg_selections:
-    name: "{{ containerd_pkg_name }}"
-    selection: install
-
 - name: fetch containerd default config
   check_mode: no
   command: containerd config default
diff --git a/roles/docker/engine/tasks/main.yml b/roles/docker/engine/tasks/main.yml
index d07d6d63..0ed1b44f 100644
--- a/roles/docker/engine/tasks/main.yml
+++ b/roles/docker/engine/tasks/main.yml
@@ -52,12 +52,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  dpkg_selections:
-    name: "{{ docker_pkg_name }}"
-    selection: install
-
 - name: start and enable docker
   service:
     name: docker
diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index 72cad066..04994fcc 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -44,15 +44,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  loop:
-  - kubelet
-  - cri-tools
-  dpkg_selections:
-    name: "{{ item }}"
-    selection: install
-
 - name: configure endpoints for crictl
   copy:
     dest: /etc/crictl.yaml
diff --git a/roles/kubernetes/kubeadm/base/tasks/main.yml b/roles/kubernetes/kubeadm/base/tasks/main.yml
index abc0f3af..53c7c6f1 100644
--- a/roles/kubernetes/kubeadm/base/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/base/tasks/main.yml
@@ -23,15 +23,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  loop:
-  - kubeadm
-  - kubectl
-  dpkg_selections:
-    name: "{{ item }}"
-    selection: install
-
 - name: set kubelet node-ip
   when: kubernetes_overlay_node_ip is defined
   lineinfile:
diff --git a/roles/kubernetes/kubeadm/upgrade b/roles/kubernetes/kubeadm/upgrade
index dc0a360a..52fe1a5d 100644
--- a/roles/kubernetes/kubeadm/upgrade
+++ b/roles/kubernetes/kubeadm/upgrade
@@ -4,18 +4,22 @@ Cluster Upgrades:
 primary master:
 ---------------
 
-VERSION=1.20.2
+VERSION=1.22.2
+
 
 apt-get update
-apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" && apt-mark hold kubeadm
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
+apt-get install -y "kubeadm=$VERSION-00"
 kubeadm version
 kubeadm upgrade plan
 
 kubectl drain $(hostname) --ignore-daemonsets --delete-local-data
 kubeadm upgrade apply "v$VERSION"
-
 sed "s/^kubernetesVersion: .*$/kubernetesVersion: $VERSION/" -i /etc/kubernetes/kubeadm.config
-apt-get update && apt-get install -y --allow-change-held-packages "kubelet=$VERSION-00" "kubectl=$VERSION-00" && apt-mark hold kubelet kubectl
+
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref
+apt-get update && apt-get install -y "kubelet=$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
 
@@ -25,14 +29,17 @@ kubectl uncordon $(hostname)
 secondary master:
 -----------------
 
-VERSION=1.20.2
+VERSION=1.22.2
 
 apt-get update
-apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" && apt-mark hold kubeadm
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
+apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00"
 
 kubectl drain $(hostname) --ignore-daemonsets --delete-local-data
 kubeadm upgrade node
-apt-mark unhold kubelet kubectl && apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00" && apt-mark hold kubelet kubectl
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref
+apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
 
@@ -42,15 +49,18 @@ kubectl uncordon $(hostname)
 worker nodes:
 -------------
 
-VERSION=1.20.2
+VERSION=1.22.2
 
 apt-get update
-apt-get install -y --allow-change-held-packages "kubeadm=$VERSION-00" && apt-mark hold kubeadm
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubeadm.pref
+apt-get install -y "kubeadm=$VERSION-00"
 
 @primary master: kubectl drain <node> --ignore-daemonsets --delete-local-data
 
 kubeadm upgrade node
-apt-mark unhold kubelet kubectl && apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00" && apt-mark hold kubelet kubectl
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubelet.pref
+sed "s/^Pin: version .*$/Pin: version $VERSION-00/" -i /etc/apt/preferences.d/kubectl.pref
+apt-get update && apt-get install -y kubelet="$VERSION-00" "kubectl=$VERSION-00"
 
 // security updates + reboot ?
 
diff --git a/roles/streaming/blackmagic/desktopvideo/tasks/main.yml b/roles/streaming/blackmagic/desktopvideo/tasks/main.yml
index 98d2d28b..3906e206 100644
--- a/roles/streaming/blackmagic/desktopvideo/tasks/main.yml
+++ b/roles/streaming/blackmagic/desktopvideo/tasks/main.yml
@@ -39,13 +39,6 @@
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  loop: "{{ blackmagic_desktopvideo_packages }}"
-  dpkg_selections:
-    name: "{{ item }}"
-    selection: install
-
 - name: install improved kill mode for DesktopVideoHelper (1/2)
   file:
     name: /etc/systemd/system/DesktopVideoHelper.service.d
diff --git a/roles/streaming/blackmagic/mediaexpress/tasks/main.yml b/roles/streaming/blackmagic/mediaexpress/tasks/main.yml
index 9aa83c28..9b894c43 100644
--- a/roles/streaming/blackmagic/mediaexpress/tasks/main.yml
+++ b/roles/streaming/blackmagic/mediaexpress/tasks/main.yml
@@ -26,9 +26,3 @@
     # allow_downgrade: yes
     ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
-
-  ## TODO: remove this when all machines are migrated to use pin files
-- name: unhold packages (we now use APT pinning)
-  dpkg_selections:
-    name: mediaexpress
-    selection: install
-- 
cgit v1.2.3