diff --git a/.ansible-lint b/.ansible-lint index 356de88a2..cdace7948 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -15,5 +15,4 @@ skip_list: - '502' - '503' - '504' - - '602' - '701' diff --git a/contrib/vault/roles/vault/tasks/shared/sync_file.yml b/contrib/vault/roles/vault/tasks/shared/sync_file.yml index 00750df2f..12ea90fa9 100644 --- a/contrib/vault/roles/vault/tasks/shared/sync_file.yml +++ b/contrib/vault/roles/vault/tasks/shared/sync_file.yml @@ -5,17 +5,19 @@ set_fact: sync_file_dir: "{{ sync_file_path | dirname }}" sync_file: "{{ sync_file_path | basename }}" - when: sync_file_path is defined and sync_file_path != '' + when: + - sync_file_path is defined + - sync_file_path - name: "sync_file | Set fact for sync_file_path when undefined" set_fact: sync_file_path: "{{ (sync_file_dir, sync_file)|join('/') }}" - when: sync_file_path is not defined or sync_file_path == '' + when: sync_file_path is not defined or not sync_file_path - name: "sync_file | Set fact for key path name" set_fact: sync_file_key_path: "{{ sync_file_path.rsplit('.', 1)|first + '-key.' + sync_file_path.rsplit('.', 1)|last }}" - when: sync_file_key_path is not defined or sync_file_key_path == '' + when: sync_file_key_path is not defined or not sync_file_key_path - name: "sync_file | Check if {{sync_file_path}} file exists" stat: @@ -46,17 +48,17 @@ - name: "sync_file | Remove sync sources with files that do not match sync_file_srcs|first" set_fact: _: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}" - when: >- - sync_file_srcs|d([])|length > 1 and - inventory_hostname != sync_file_srcs|first + when: + - sync_file_srcs|d([])|length > 1 + - inventory_hostname != sync_file_srcs|first - name: "sync_file | Remove sync sources with keys that do not match sync_file_srcs|first" set_fact: _: "{% if inventory_hostname in sync_file_srcs %}{{ sync_file_srcs.remove(inventory_hostname) }}{% endif %}" - when: >- - sync_file_is_cert|d() and - sync_file_key_srcs|d([])|length > 1 and - inventory_hostname != sync_file_key_srcs|first + when: + - sync_file_is_cert|d() + - sync_file_key_srcs|d([])|length > 1 + - inventory_hostname != sync_file_key_srcs|first - name: "sync_file | Consolidate file and key sources" set_fact: diff --git a/roles/container-engine/docker/tasks/set_facts_dns.yml b/roles/container-engine/docker/tasks/set_facts_dns.yml index 6ca2b9ade..3e621f524 100644 --- a/roles/container-engine/docker/tasks/set_facts_dns.yml +++ b/roles/container-engine/docker/tasks/set_facts_dns.yml @@ -43,12 +43,12 @@ - name: add system nameservers to docker options set_fact: docker_dns_servers: "{{ docker_dns_servers | union(system_nameservers.stdout_lines) | unique }}" - when: system_nameservers.stdout != "" + when: system_nameservers.stdout - name: add system search domains to docker options set_fact: docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split()|default([])) | unique }}" - when: system_search_domains.stdout != "" + when: system_search_domains.stdout - name: check number of nameservers fail: diff --git a/roles/download/tasks/set_docker_image_facts.yml b/roles/download/tasks/set_docker_image_facts.yml index 6fbdd5a12..935f1bf3f 100644 --- a/roles/download/tasks/set_docker_image_facts.yml +++ b/roles/download/tasks/set_docker_image_facts.yml @@ -1,7 +1,7 @@ --- - set_fact: pull_by_digest: >- - {%- if download.sha256 is defined and download.sha256 != '' -%}true{%- else -%}false{%- endif -%} + {%- if download.sha256 is defined and download.sha256 -%}true{%- else -%}false{%- endif -%} - set_fact: pull_args: >- @@ -25,6 +25,9 @@ - name: Check the local digest sha256 corresponds to the given image tag assert: that: "{{download.repo}}:{{download.tag}} in docker_images.stdout.split(',')" - when: not download_always_pull and not pull_required and pull_by_digest + when: + - not download_always_pull + - not pull_required + - pull_by_digest tags: - asserts diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml index 57f87973c..7688eef24 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml +++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/credentials-check.yml @@ -3,56 +3,65 @@ - name: "OCI Cloud Controller | Credentials Check | oci_private_key" fail: msg: "oci_private_key is missing" - when: (not oci_use_instance_principals) and - (oci_private_key is not defined or oci_private_key == "") + when: + - not oci_use_instance_principals + - oci_private_key is not defined or not oci_private_key - name: "OCI Cloud Controller | Credentials Check | oci_region_id" fail: msg: "oci_region_id is missing" - when: (not oci_use_instance_principals) and - (oci_region_id is not defined or oci_region_id == "") + when: + - not oci_use_instance_principals + - oci_region_id is not defined or not oci_region_id - name: "OCI Cloud Controller | Credentials Check | oci_tenancy_id" fail: msg: "oci_tenancy_id is missing" - when: (not oci_use_instance_principals) and - (oci_tenancy_id is not defined or oci_tenancy_id == "") + when: + - not oci_use_instance_principals + - oci_tenancy_id is not defined or not oci_tenancy_id - name: "OCI Cloud Controller | Credentials Check | oci_user_id" fail: msg: "oci_user_id is missing" - when: (not oci_use_instance_principals) and - (oci_user_id is not defined or oci_user_id == "") + when: + - not oci_use_instance_principals + - oci_user_id is not defined or not oci_user_id - name: "OCI Cloud Controller | Credentials Check | oci_user_fingerprint" fail: msg: "oci_user_fingerprint is missing" - when: (not oci_use_instance_principals) and - (oci_user_fingerprint is not defined or oci_user_fingerprint == "") + when: + - not oci_use_instance_principals + - oci_user_fingerprint is not defined or not oci_user_fingerprint - name: "OCI Cloud Controller | Credentials Check | oci_compartment_id" fail: msg: "oci_compartment_id is missing. This is the compartment in which the cluster resides" - when: oci_compartment_id is not defined or oci_compartment_id == "" + when: + - oci_compartment_id is not defined or not oci_compartment_id - name: "OCI Cloud Controller | Credentials Check | oci_vnc_id" fail: msg: "oci_vnc_id is missin. This is the Virtual Cloud Network in which the cluster resides" - when: oci_vnc_id is not defined or oci_vnc_id == "" + when: + - oci_vnc_id is not defined or not oci_vnc_id - name: "OCI Cloud Controller | Credentials Check | oci_subnet1_id" fail: msg: "oci_subnet1_id is missing. This is the first subnet to which loadbalancers will be added" - when: oci_subnet1_id is not defined or oci_subnet1_id == "" + when: + - oci_subnet1_id is not defined or not oci_subnet1_id - name: "OCI Cloud Controller | Credentials Check | oci_subnet2_id" fail: msg: "oci_subnet2_id is missing. Two subnets are required for load balancer high availability" when: - - oci_cloud_controller_version | version_compare('0.7.0', '<') - - oci_subnet2_id is not defined or oci_subnet2_id == "" + - oci_cloud_controller_version | version_compare('0.7.0', '<') + - oci_subnet2_id is not defined or not oci_subnet2_id - name: "OCI Cloud Controller | Credentials Check | oci_security_list_management" fail: msg: "oci_security_list_management is missing, or not defined correctly. Valid options are (All, Frontend, None)." - when: oci_security_list_management is not defined or oci_security_list_management not in ["All", "Frontend", "None"] + when: + - oci_security_list_management is not defined or oci_security_list_management not in ["All", "Frontend", "None"] diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml index c8dfd81ba..2a9843de7 100644 --- a/roles/kubernetes-apps/helm/tasks/main.yml +++ b/roles/kubernetes-apps/helm/tasks/main.yml @@ -46,7 +46,7 @@ {% if rbac_enabled %} --service-account=tiller{% endif %} {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %} {% if kube_version is version('v1.11.1', '>=') %} --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{% endif %} - {% if tiller_override is defined and tiller_override != "" %} --override {{ tiller_override }}{% endif %} + {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %} {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %} {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %} {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %} @@ -67,7 +67,7 @@ {% if rbac_enabled %} --service-account=tiller{% endif %} {% if tiller_node_selectors is defined %} --node-selectors {{ tiller_node_selectors }}{% endif %} {% if kube_version is version('v1.11.1', '>=') %} --override spec.template.spec.priorityClassName={% if tiller_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{% endif %} - {% if tiller_override is defined and tiller_override != "" %} --override {{ tiller_override }}{% endif %} + {% if tiller_override is defined and tiller_override %} --override {{ tiller_override }}{% endif %} {% if tiller_max_history is defined %} --history-max={{ tiller_max_history }}{% endif %} {% if tiller_enable_tls %} --tiller-tls --tiller-tls-verify --tiller-tls-cert={{ tiller_tls_cert }} --tiller-tls-key={{ tiller_tls_key }} --tls-ca-cert={{ tiller_tls_ca_cert }} {% endif %} {% if tiller_secure_release_info %} --override 'spec.template.spec.containers[0].command'='{/tiller,--storage=secret}' {% endif %} @@ -76,7 +76,7 @@ | {{bin_dir}}/kubectl apply -f - changed_when: false when: - - (tiller_override is defined and tiller_override != "") or (kube_version is version('v1.11.1', '>=')) + - (tiller_override is defined and tiller_override) or (kube_version is version('v1.11.1', '>=')) - inventory_hostname == groups['kube-master'][0] environment: "{{proxy_env}}" diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml index 05f8f4703..aa3676498 100644 --- a/roles/kubernetes-apps/registry/tasks/main.yml +++ b/roles/kubernetes-apps/registry/tasks/main.yml @@ -59,8 +59,8 @@ - { name: registry-pvc, file: registry-pvc.yml, type: pvc } register: registry_manifests when: - - registry_storage_class != none and registry_storage_class != "" - - registry_disk_size != none and registry_disk_size != "" + - registry_storage_class != none and registry_storage_class + - registry_disk_size != none and registry_disk_size - inventory_hostname == groups['kube-master'][0] - name: Registry | Apply PVC manifests @@ -73,6 +73,6 @@ state: "latest" with_items: "{{ registry_manifests.results }}" when: - - registry_storage_class != none and registry_storage_class != "" - - registry_disk_size != none and registry_disk_size != "" + - registry_storage_class != none and registry_storage_class + - registry_disk_size != none and registry_disk_size - inventory_hostname == groups['kube-master'][0] diff --git a/roles/kubernetes/node/tasks/azure-credential-check.yml b/roles/kubernetes/node/tasks/azure-credential-check.yml index f53622c41..840b5bbfc 100644 --- a/roles/kubernetes/node/tasks/azure-credential-check.yml +++ b/roles/kubernetes/node/tasks/azure-credential-check.yml @@ -2,57 +2,57 @@ - name: check azure_tenant_id value fail: msg: "azure_tenant_id is missing" - when: azure_tenant_id is not defined or azure_tenant_id == "" + when: azure_tenant_id is not defined or not azure_tenant_id - name: check openstack_username value fail: msg: "azure_subscription_id is missing" - when: azure_subscription_id is not defined or azure_subscription_id == "" + when: azure_subscription_id is not defined or not azure_subscription_id - name: check azure_aad_client_id value fail: msg: "azure_aad_client_id is missing" - when: azure_aad_client_id is not defined or azure_aad_client_id == "" + when: azure_aad_client_id is not defined or not azure_aad_client_id - name: check azure_aad_client_secret value fail: msg: "azure_aad_client_secret is missing" - when: azure_aad_client_secret is not defined or azure_aad_client_secret == "" + when: azure_aad_client_secret is not defined or not azure_aad_client_secret - name: check azure_resource_group value fail: msg: "azure_resource_group is missing" - when: azure_resource_group is not defined or azure_resource_group == "" + when: azure_resource_group is not defined or not azure_resource_group - name: check azure_location value fail: msg: "azure_location is missing" - when: azure_location is not defined or azure_location == "" + when: azure_location is not defined or not azure_location - name: check azure_subnet_name value fail: msg: "azure_subnet_name is missing" - when: azure_subnet_name is not defined or azure_subnet_name == "" + when: azure_subnet_name is not defined or not azure_subnet_name - name: check azure_security_group_name value fail: msg: "azure_security_group_name is missing" - when: azure_security_group_name is not defined or azure_security_group_name == "" + when: azure_security_group_name is not defined or not azure_security_group_name - name: check azure_vnet_name value fail: msg: "azure_vnet_name is missing" - when: azure_vnet_name is not defined or azure_vnet_name == "" + when: azure_vnet_name is not defined or not azure_vnet_name - name: check azure_vnet_resource_group value fail: msg: "azure_vnet_resource_group is missing" - when: azure_vnet_resource_group is not defined or azure_vnet_resource_group == "" + when: azure_vnet_resource_group is not defined or not azure_vnet_resource_group - name: check azure_route_table_name value fail: msg: "azure_route_table_name is missing" - when: azure_route_table_name is not defined or azure_route_table_name == "" + when: azure_route_table_name is not defined or not azure_route_table_name - name: check azure_loadbalancer_sku value fail: diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 8d9d9d2a4..9c249fc77 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -194,7 +194,7 @@ - cloud_provider is defined - cloud_provider == 'openstack' - openstack_cacert is defined - - openstack_cacert != "" + - openstack_cacert tags: - cloud-provider diff --git a/roles/kubernetes/node/tasks/openstack-credential-check.yml b/roles/kubernetes/node/tasks/openstack-credential-check.yml index 6fc3110c9..6ff17325f 100644 --- a/roles/kubernetes/node/tasks/openstack-credential-check.yml +++ b/roles/kubernetes/node/tasks/openstack-credential-check.yml @@ -2,31 +2,33 @@ - name: check openstack_auth_url value fail: msg: "openstack_auth_url is missing" - when: openstack_auth_url is not defined or openstack_auth_url == "" + when: openstack_auth_url is not defined or not openstack_auth_url - name: check openstack_username value fail: msg: "openstack_username is missing" - when: openstack_username is not defined or openstack_username == "" + when: openstack_username is not defined or not openstack_username - name: check openstack_password value fail: msg: "openstack_password is missing" - when: openstack_password is not defined or openstack_password == "" + when: openstack_password is not defined or not openstack_password - name: check openstack_region value fail: msg: "openstack_region is missing" - when: openstack_region is not defined or openstack_region == "" + when: openstack_region is not defined or not openstack_region - name: check openstack_tenant_id value fail: msg: "one of openstack_tenant_id or openstack_trust_id must be specified" - when: (openstack_tenant_id is not defined or openstack_tenant_id == "") and - openstack_trust_id is not defined + when: + - openstack_tenant_id is not defined or not openstack_tenant_id + - openstack_trust_id is not defined - name: check openstack_trust_id value fail: msg: "one of openstack_tenant_id or openstack_trust_id must be specified" - when: (openstack_trust_id is not defined or openstack_trust_id == "") and - openstack_tenant_id is not defined + when: + - openstack_trust_id is not defined or not openstack_trust_id + - openstack_tenant_id is not defined diff --git a/roles/kubernetes/node/tasks/vsphere-credential-check.yml b/roles/kubernetes/node/tasks/vsphere-credential-check.yml index 9beeb6b50..873eb71c3 100644 --- a/roles/kubernetes/node/tasks/vsphere-credential-check.yml +++ b/roles/kubernetes/node/tasks/vsphere-credential-check.yml @@ -2,7 +2,7 @@ - name: check vsphere environment variables fail: msg: "{{ item.name }} is missing" - when: item.value is not defined or item.value == '' + when: item.value is not defined or not item.value with_items: - name: vsphere_vcenter_ip value: "{{ vsphere_vcenter_ip }}" diff --git a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml index 81ed421d7..99587ac03 100644 --- a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml +++ b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml @@ -15,4 +15,4 @@ changed_when: no - name: Disable swap command: /sbin/swapoff -a - when: swapon.stdout != "" + when: swapon.stdout diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 6ac994c58..79df9b396 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -146,7 +146,7 @@ when: - kube_network_plugin == 'calico' - 'calico_version_on_server.stdout is defined' - - 'calico_version_on_server.stdout != ""' + - calico_version_on_server.stdout - inventory_hostname == groups['kube-master'][0] run_once: yes diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml index 47370c205..660b7367a 100644 --- a/roles/kubernetes/tokens/tasks/gen_tokens.yml +++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml @@ -54,5 +54,8 @@ - name: Gen_tokens | Copy tokens on masters shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /" - when: inventory_hostname in groups['kube-master'] and sync_tokens|default(false) and - inventory_hostname != groups['kube-master'][0] and tokens_data.stdout != '' + when: + - inventory_hostname in groups['kube-master'] + - sync_tokens|default(false) + - inventory_hostname != groups['kube-master'][0] + - tokens_data.stdout diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 719bbe78a..3b93d2c7f 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -38,7 +38,7 @@ - calico_version_on_server.stdout is version('v3.0.0', '<') when: - - 'calico_version_on_server.stdout is defined' - - 'calico_version_on_server.stdout != ""' + - calico_version_on_server.stdout is defined + - calico_version_on_server.stdout - inventory_hostname == groups['kube-master'][0] run_once: yes diff --git a/roles/upgrade/pre-upgrade/tasks/main.yml b/roles/upgrade/pre-upgrade/tasks/main.yml index f8ad23f72..242834088 100644 --- a/roles/upgrade/pre-upgrade/tasks/main.yml +++ b/roles/upgrade/pre-upgrade/tasks/main.yml @@ -23,7 +23,7 @@ - set_fact: needs_cordoning: >- - {% if kubectl_node_ready.stdout == "True" and kubectl_node_schedulable.stdout == "" -%} + {% if kubectl_node_ready.stdout == "True" and not kubectl_node_schedulable.stdout -%} true {%- else -%} false @@ -43,7 +43,7 @@ when: - drain_nodes - needs_cordoning - - 'drain_pod_selector != ""' + - drain_pod_selector - name: Ensure minimum version for drain label selector if necessary assert: @@ -51,7 +51,7 @@ when: - drain_nodes - needs_cordoning - - 'drain_pod_selector != ""' + - drain_pod_selector - name: Drain node command: >- @@ -61,7 +61,7 @@ --grace-period {{ drain_grace_period }} --timeout {{ drain_timeout }} --delete-local-data {{ inventory_hostname }} - {% if drain_pod_selector != "" %}--pod-selector '{{ drain_pod_selector }}'{% endif %} + {% if drain_pod_selector %}--pod-selector '{{ drain_pod_selector }}'{% endif %} delegate_to: "{{ groups['kube-master'][0] }}" when: - drain_nodes diff --git a/tests/testcases/040_check-network-adv.yml b/tests/testcases/040_check-network-adv.yml index 90bdcd5a5..8b85760f8 100644 --- a/tests/testcases/040_check-network-adv.yml +++ b/tests/testcases/040_check-network-adv.yml @@ -73,7 +73,7 @@ run_once: true when: - agents.content is defined - - agents.content != '' + - agents.content - agents.content[0] == '{' - name: Check netchecker status @@ -120,7 +120,7 @@ run_once: true when: - not agents.content == '{}' - - result.content != '' + - result.content - result.content[0] == '{' - debug: var=result