Avoid that some read-only tasks cause an ansible-change (#1910)

pull/1937/head
Günther Grill 2017-11-06 14:51:07 +01:00 committed by Matthew Mosesohn
parent ad0cd6939a
commit 0d55ed3600
5 changed files with 7 additions and 0 deletions

View File

@ -3,6 +3,7 @@
raw: stat /opt/bin/.bootstrapped raw: stat /opt/bin/.bootstrapped
register: need_bootstrap register: need_bootstrap
failed_when: false failed_when: false
changed_when: false
tags: tags:
- facts - facts

View File

@ -5,6 +5,7 @@
raw: which "{{ item }}" raw: which "{{ item }}"
register: need_bootstrap register: need_bootstrap
failed_when: false failed_when: false
changed_when: false
with_items: with_items:
- python - python
- pip - pip

View File

@ -5,6 +5,7 @@
raw: which "{{ item }}" raw: which "{{ item }}"
register: need_bootstrap register: need_bootstrap
failed_when: false failed_when: false
changed_when: false
with_items: with_items:
- python - python
- pip - pip

View File

@ -2,10 +2,12 @@
- name: Rotate Tokens | Get default token name - name: Rotate Tokens | Get default token name
shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token" shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
register: default_token register: default_token
changed_when: false
- name: Rotate Tokens | Get default token data - name: Rotate Tokens | Get default token data
command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson" command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson"
register: default_token_data register: default_token_data
changed_when: false
run_once: true run_once: true
- name: Rotate Tokens | Test if default certificate is expired - name: Rotate Tokens | Test if default certificate is expired

View File

@ -80,6 +80,7 @@
- name: "Gen_certs | Get certificate serials on kube masters" - name: "Gen_certs | Get certificate serials on kube masters"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2" shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
register: "master_certificate_serials" register: "master_certificate_serials"
changed_when: false
with_items: with_items:
- "admin-{{ inventory_hostname }}.pem" - "admin-{{ inventory_hostname }}.pem"
- "apiserver.pem" - "apiserver.pem"
@ -98,6 +99,7 @@
- name: "Gen_certs | Get certificate serials on kube nodes" - name: "Gen_certs | Get certificate serials on kube nodes"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2" shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
register: "node_certificate_serials" register: "node_certificate_serials"
changed_when: false
with_items: with_items:
- "node-{{ inventory_hostname }}.pem" - "node-{{ inventory_hostname }}.pem"
- "kube-proxy-{{ inventory_hostname }}.pem" - "kube-proxy-{{ inventory_hostname }}.pem"