From 8f5f75211fa7ef10546eea1888ccb1dd4ea371d9 Mon Sep 17 00:00:00 2001 From: Bas Date: Fri, 26 Jul 2024 03:42:20 +0200 Subject: [PATCH] Improving yamllint configuration (#11389) Signed-off-by: Bas Meijer --- .yamllint | 9 +++++- .../roles/generate-inventory/tasks/main.yml | 2 +- .../roles/generate-inventory_2/tasks/main.yml | 4 +-- .../roles/generate-templates/tasks/main.yml | 4 +-- .../dind/roles/dind-cluster/tasks/main.yaml | 4 +-- contrib/dind/roles/dind-host/tasks/main.yaml | 2 +- .../roles/kvm-setup/tasks/sysctl.yml | 2 +- .../kvm-setup/roles/kvm-setup/tasks/user.yml | 8 +++--- contrib/mitogen/mitogen.yml | 6 ++-- .../roles/glusterfs/client/tasks/main.yml | 2 +- .../roles/glusterfs/server/tasks/main.yml | 4 +-- .../kubernetes-pv/ansible/tasks/main.yaml | 2 +- .../provision/tasks/bootstrap/deploy.yml | 2 +- .../provision/tasks/bootstrap/topology.yml | 2 +- .../roles/provision/tasks/glusterfs.yml | 4 +-- .../heketi/roles/provision/tasks/heketi.yml | 2 +- .../heketi/roles/provision/tasks/secret.yml | 2 +- .../heketi/roles/provision/tasks/storage.yml | 2 +- .../roles/provision/tasks/storageclass.yml | 2 +- .../heketi/roles/provision/tasks/topology.yml | 2 +- contrib/offline/generate_list.yml | 2 +- .../molecule/default/converge.yml | 2 +- roles/bastion-ssh-config/tasks/main.yml | 2 +- roles/bootstrap-os/tasks/centos.yml | 10 +++---- roles/bootstrap-os/tasks/fedora.yml | 2 +- roles/bootstrap-os/tasks/main.yml | 4 +-- roles/bootstrap-os/tasks/redhat.yml | 2 +- .../containerd/tasks/main.yml | 16 +++++------ .../cri-dockerd/molecule/default/prepare.yml | 6 ++-- .../cri-dockerd/tasks/main.yml | 4 +-- .../cri-o/molecule/default/prepare.yml | 6 ++-- roles/container-engine/cri-o/tasks/main.yaml | 28 +++++++++---------- .../cri-o/tasks/setup-amazon.yaml | 2 +- .../container-engine/crictl/handlers/main.yml | 2 +- .../container-engine/crictl/tasks/crictl.yml | 4 +-- roles/container-engine/crun/tasks/main.yml | 2 +- .../docker-storage/tasks/main.yml | 6 ++-- roles/container-engine/docker/tasks/main.yml | 4 +-- .../container-engine/docker/tasks/systemd.yml | 14 +++++----- .../gvisor/molecule/default/prepare.yml | 6 ++-- roles/container-engine/gvisor/tasks/main.yml | 2 +- .../molecule/default/prepare.yml | 6 ++-- .../kata-containers/tasks/main.yml | 10 +++---- .../nerdctl/handlers/main.yml | 2 +- roles/container-engine/nerdctl/tasks/main.yml | 6 ++-- roles/container-engine/runc/tasks/main.yml | 2 +- roles/container-engine/skopeo/tasks/main.yml | 2 +- .../youki/molecule/default/prepare.yml | 6 ++-- roles/container-engine/youki/tasks/main.yml | 2 +- roles/download/tasks/download_file.yml | 2 +- roles/download/tasks/prep_download.yml | 4 +-- roles/download/tasks/prep_kubeadm_images.yml | 4 +-- roles/etcd/handlers/backup.yml | 2 +- roles/etcd/tasks/configure.yml | 4 +-- roles/etcd/tasks/gen_certs_script.yml | 10 +++---- roles/etcd/tasks/install_docker.yml | 4 +-- roles/etcd/tasks/install_host.yml | 2 +- roles/etcd/tasks/refresh_config.yml | 4 +-- roles/etcd/tasks/upd_ca_trust.yml | 2 +- roles/etcdctl_etcdutl/tasks/main.yml | 4 +-- .../kubernetes-apps/ansible/tasks/coredns.yml | 4 +-- .../ansible/tasks/dashboard.yml | 2 +- .../ansible/tasks/etcd_metrics.yml | 2 +- .../ansible/tasks/netchecker.yml | 2 +- .../ansible/tasks/nodelocaldns.yml | 4 +-- roles/kubernetes-apps/argocd/tasks/main.yml | 4 +-- .../cloud_controller/oci/tasks/main.yml | 4 +-- .../cluster_roles/tasks/main.yml | 4 +-- .../cluster_roles/tasks/oci.yml | 2 +- .../nvidia_gpu/tasks/main.yml | 4 +-- .../container_runtimes/gvisor/tasks/main.yaml | 4 +-- .../kata_containers/tasks/main.yaml | 4 +-- .../csi_driver/aws_ebs/tasks/main.yml | 2 +- .../csi_driver/azuredisk/tasks/main.yml | 4 +-- .../cinder/tasks/cinder-write-cacert.yml | 2 +- .../csi_driver/cinder/tasks/main.yml | 4 +-- .../csi_driver/csi_crd/tasks/main.yml | 2 +- .../csi_driver/gcp_pd/tasks/main.yml | 4 +-- .../csi_driver/upcloud/tasks/main.yml | 2 +- .../csi_driver/vsphere/tasks/main.yml | 4 +-- .../hcloud/tasks/main.yml | 2 +- .../huaweicloud/tasks/main.yml | 2 +- .../openstack/tasks/main.yml | 2 +- .../vsphere/tasks/main.yml | 4 +-- .../cephfs_provisioner/tasks/main.yml | 4 +-- .../local_path_provisioner/tasks/main.yml | 6 ++-- .../local_volume_provisioner/tasks/main.yml | 4 +-- .../rbd_provisioner/tasks/main.yml | 4 +-- roles/kubernetes-apps/helm/tasks/main.yml | 4 +-- .../alb_ingress_controller/tasks/main.yml | 4 +-- .../cert_manager/tasks/main.yml | 4 +-- .../ingress_nginx/tasks/main.yml | 4 +-- roles/kubernetes-apps/krew/tasks/krew.yml | 6 ++-- roles/kubernetes-apps/metallb/tasks/main.yml | 8 +++--- .../metrics_server/tasks/main.yml | 4 +-- .../node_feature_discovery/tasks/main.yml | 4 +-- .../aws-ebs-csi/tasks/main.yml | 2 +- .../azuredisk-csi/tasks/main.yml | 2 +- .../cinder-csi/tasks/main.yml | 2 +- .../gcp-pd-csi/tasks/main.yml | 2 +- .../openstack/tasks/main.yml | 2 +- .../upcloud-csi/tasks/main.yml | 2 +- .../policy_controller/calico/tasks/main.yml | 2 +- roles/kubernetes-apps/registry/tasks/main.yml | 6 ++-- .../scheduler_plugins/tasks/main.yml | 4 +-- .../snapshots/cinder-csi/tasks/main.yml | 2 +- .../snapshot-controller/tasks/main.yml | 2 +- roles/kubernetes/client/tasks/main.yml | 4 +-- .../control-plane/tasks/encrypt-at-rest.yml | 2 +- .../control-plane/tasks/kubeadm-etcd.yml | 2 +- .../control-plane/tasks/kubeadm-secondary.yml | 4 +-- .../control-plane/tasks/kubeadm-setup.yml | 24 ++++++++-------- roles/kubernetes/control-plane/tasks/main.yml | 14 +++++----- .../kubeadm/tasks/kubeadm_etcd_node.yml | 2 +- roles/kubernetes/kubeadm/tasks/main.yml | 8 +++--- roles/kubernetes/node/tasks/install.yml | 4 +-- roles/kubernetes/node/tasks/kubelet.yml | 6 ++-- .../node/tasks/loadbalancer/haproxy.yml | 6 ++-- .../node/tasks/loadbalancer/kube-vip.yml | 2 +- .../node/tasks/loadbalancer/nginx-proxy.yml | 6 ++-- roles/kubernetes/node/tasks/main.yml | 10 +++---- .../tasks/0050-create_directories.yml | 10 +++---- .../preinstall/tasks/0060-resolvconf.yml | 4 +-- .../tasks/0061-systemd-resolved.yml | 4 +-- .../0062-networkmanager-unmanaged-devices.yml | 4 +-- .../preinstall/tasks/0070-system-packages.yml | 2 +- .../tasks/0080-system-configurations.yml | 4 +-- .../tasks/0081-ntp-configurations.yml | 2 +- .../preinstall/tasks/0090-etchosts.yml | 2 +- .../preinstall/tasks/0100-dhclient-hooks.yml | 6 ++-- roles/kubernetes/tokens/tasks/gen_tokens.yml | 2 +- roles/kubernetes/tokens/tasks/main.yml | 2 +- .../kubespray-defaults/defaults/main/main.yml | 2 +- .../calico/tasks/calico_apiserver_certs.yml | 8 +++--- roles/network_plugin/calico/tasks/install.yml | 18 ++++++------ .../calico/tasks/typha_certs.yml | 7 +++-- roles/network_plugin/cilium/tasks/install.yml | 14 +++++----- roles/network_plugin/cni/tasks/main.yml | 4 +-- .../network_plugin/custom_cni/tasks/main.yml | 2 +- roles/network_plugin/flannel/tasks/main.yml | 2 +- .../network_plugin/kube-ovn/defaults/main.yml | 2 +- roles/network_plugin/kube-ovn/tasks/main.yml | 2 +- .../network_plugin/kube-router/tasks/main.yml | 8 +++--- roles/network_plugin/macvlan/tasks/main.yml | 12 ++++---- roles/network_plugin/multus/tasks/main.yml | 4 +-- roles/network_plugin/ovn4nfv/tasks/main.yml | 2 +- roles/network_plugin/weave/tasks/main.yml | 4 +-- .../etcd/tasks/recover_lost_quorum.yml | 2 +- roles/reset/tasks/main.yml | 2 +- scripts/collect-info.yaml | 2 +- .../roles/kubevirt-images/tasks/main.yml | 6 ++-- .../roles/packet-ci/tasks/create-vms.yml | 4 +-- tests/testcases/100_check-k8s-conformance.yml | 2 +- .../roles/cluster-dump/tasks/main.yml | 2 +- 154 files changed, 342 insertions(+), 334 deletions(-) diff --git a/.yamllint b/.yamllint index aa14324a9..eb061917e 100644 --- a/.yamllint +++ b/.yamllint @@ -6,7 +6,7 @@ ignore: | .github/ # Generated file tests/files/custom_cni/cilium.yaml - +# https://ansible.readthedocs.io/projects/lint/rules/yaml/ rules: braces: min-spaces-inside: 0 @@ -14,9 +14,16 @@ rules: brackets: min-spaces-inside: 0 max-spaces-inside: 1 + comments: + min-spaces-from-content: 1 + # https://github.com/adrienverge/yamllint/issues/384 + comments-indentation: false indentation: spaces: 2 indent-sequences: consistent line-length: disable new-line-at-end-of-file: disable + octal-values: + forbid-implicit-octal: true # yamllint defaults to false + forbid-explicit-octal: true # yamllint defaults to false truthy: disable diff --git a/contrib/azurerm/roles/generate-inventory/tasks/main.yml b/contrib/azurerm/roles/generate-inventory/tasks/main.yml index 3eb121aa0..f93f1b6b2 100644 --- a/contrib/azurerm/roles/generate-inventory/tasks/main.yml +++ b/contrib/azurerm/roles/generate-inventory/tasks/main.yml @@ -12,4 +12,4 @@ template: src: inventory.j2 dest: "{{ playbook_dir }}/inventory" - mode: 0644 + mode: "0644" diff --git a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml index c628154a0..267755b12 100644 --- a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml +++ b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml @@ -22,10 +22,10 @@ template: src: inventory.j2 dest: "{{ playbook_dir }}/inventory" - mode: 0644 + mode: "0644" - name: Generate Load Balancer variables template: src: loadbalancer_vars.j2 dest: "{{ playbook_dir }}/loadbalancer_vars.yml" - mode: 0644 + mode: "0644" diff --git a/contrib/azurerm/roles/generate-templates/tasks/main.yml b/contrib/azurerm/roles/generate-templates/tasks/main.yml index 294ee96fc..057d4d005 100644 --- a/contrib/azurerm/roles/generate-templates/tasks/main.yml +++ b/contrib/azurerm/roles/generate-templates/tasks/main.yml @@ -8,13 +8,13 @@ path: "{{ base_dir }}" state: directory recurse: true - mode: 0755 + mode: "0755" - name: Store json files in base_dir template: src: "{{ item }}" dest: "{{ base_dir }}/{{ item }}" - mode: 0644 + mode: "0644" with_items: - network.json - storage.json diff --git a/contrib/dind/roles/dind-cluster/tasks/main.yaml b/contrib/dind/roles/dind-cluster/tasks/main.yaml index 1cf819f68..dcb086c64 100644 --- a/contrib/dind/roles/dind-cluster/tasks/main.yaml +++ b/contrib/dind/roles/dind-cluster/tasks/main.yaml @@ -35,7 +35,7 @@ path-exclude=/usr/share/doc/* path-include=/usr/share/doc/*/copyright dest: /etc/dpkg/dpkg.cfg.d/01_nodoc - mode: 0644 + mode: "0644" when: - ansible_os_family == 'Debian' @@ -64,7 +64,7 @@ copy: content: "{{ distro_user }} ALL=(ALL) NOPASSWD:ALL" dest: "/etc/sudoers.d/{{ distro_user }}" - mode: 0640 + mode: "0640" - name: "Add my pubkey to {{ distro_user }} user authorized keys" ansible.posix.authorized_key: diff --git a/contrib/dind/roles/dind-host/tasks/main.yaml b/contrib/dind/roles/dind-host/tasks/main.yaml index e44047f4d..56c8ff4c5 100644 --- a/contrib/dind/roles/dind-host/tasks/main.yaml +++ b/contrib/dind/roles/dind-host/tasks/main.yaml @@ -42,7 +42,7 @@ template: src: inventory_builder.sh.j2 dest: /tmp/kubespray.dind.inventory_builder.sh - mode: 0755 + mode: "0755" tags: - addresses diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml index 52bc83f09..6934eccf3 100644 --- a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml +++ b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml @@ -20,7 +20,7 @@ br-netfilter owner: root group: root - mode: 0644 + mode: "0644" when: br_netfilter is defined diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml index c2d312302..e8ab34afd 100644 --- a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml +++ b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml @@ -11,7 +11,7 @@ state: directory owner: "{{ k8s_deployment_user }}" group: "{{ k8s_deployment_user }}" - mode: 0700 + mode: "0700" - name: Configure sudo for deployment user copy: @@ -20,13 +20,13 @@ dest: "/etc/sudoers.d/55-k8s-deployment" owner: root group: root - mode: 0644 + mode: "0644" - name: Write private SSH key copy: src: "{{ k8s_deployment_user_pkey_path }}" dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa" - mode: 0400 + mode: "0400" owner: "{{ k8s_deployment_user }}" group: "{{ k8s_deployment_user }}" when: k8s_deployment_user_pkey_path is defined @@ -41,7 +41,7 @@ - name: Fix ssh-pub-key permissions file: path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys" - mode: 0600 + mode: "0600" owner: "{{ k8s_deployment_user }}" group: "{{ k8s_deployment_user }}" when: k8s_deployment_user_pkey_path is defined diff --git a/contrib/mitogen/mitogen.yml b/contrib/mitogen/mitogen.yml index 1ccc9a99c..77018d693 100644 --- a/contrib/mitogen/mitogen.yml +++ b/contrib/mitogen/mitogen.yml @@ -14,7 +14,7 @@ file: path: "{{ item }}" state: directory - mode: 0755 + mode: "0755" become: false loop: - "{{ playbook_dir }}/plugins/mitogen" @@ -25,7 +25,7 @@ url: "{{ mitogen_url }}" dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz" validate_certs: true - mode: 0644 + mode: "0644" - name: Extract archive unarchive: @@ -40,7 +40,7 @@ - name: Add strategy to ansible.cfg community.general.ini_file: path: ansible.cfg - mode: 0644 + mode: "0644" section: "{{ item.section | d('defaults') }}" option: "{{ item.option }}" value: "{{ item.value }}" diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml index 248f21efa..947cf8aa2 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml @@ -15,7 +15,7 @@ file: path: "{{ item }}" state: directory - mode: 0775 + mode: "0775" with_items: - "{{ gluster_mount_dir }}" when: ansible_os_family in ["Debian","RedHat"] and groups['gfs-cluster'] is defined diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml index 50f849c01..6bdc41420 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml @@ -49,7 +49,7 @@ file: path: "{{ item }}" state: directory - mode: 0775 + mode: "0775" with_items: - "{{ gluster_brick_dir }}" - "{{ gluster_mount_dir }}" @@ -101,7 +101,7 @@ template: dest: "{{ gluster_mount_dir }}/.test-file.txt" src: test-file.txt - mode: 0644 + mode: "0644" when: groups['gfs-cluster'] is defined and inventory_hostname == groups['gfs-cluster'][0] - name: Unmount glusterfs diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml index ed62e282e..cf2bd0ee5 100644 --- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml +++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.dest }}" - mode: 0644 + mode: "0644" with_items: - { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json} - { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml} diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml index 866fe30bf..94d440150 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml @@ -4,7 +4,7 @@ template: src: "heketi-bootstrap.json.j2" dest: "{{ kube_config_dir }}/heketi-bootstrap.json" - mode: 0640 + mode: "0640" register: "rendering" - name: "Kubernetes Apps | Install and configure Heketi Bootstrap" kube: diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml index 2f3efd4dd..b011c024b 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml @@ -10,7 +10,7 @@ template: src: "topology.json.j2" dest: "{{ kube_config_dir }}/topology.json" - mode: 0644 + mode: "0644" - name: "Copy topology configuration into container." changed_when: false command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json" diff --git a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml index 973c66851..239e780d8 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml @@ -3,7 +3,7 @@ template: src: "glusterfs-daemonset.json.j2" dest: "{{ kube_config_dir }}/glusterfs-daemonset.json" - mode: 0644 + mode: "0644" become: true register: "rendering" - name: "Kubernetes Apps | Install and configure GlusterFS daemonset" @@ -33,7 +33,7 @@ template: src: "heketi-service-account.json.j2" dest: "{{ kube_config_dir }}/heketi-service-account.json" - mode: 0644 + mode: "0644" become: true register: "rendering" - name: "Kubernetes Apps | Install and configure Heketi Service Account" diff --git a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml index a8549df45..30c68c2bc 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml @@ -4,7 +4,7 @@ template: src: "heketi-deployment.json.j2" dest: "{{ kube_config_dir }}/heketi-deployment.json" - mode: 0644 + mode: "0644" register: "rendering" - name: "Kubernetes Apps | Install and configure Heketi" diff --git a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml index c455b6f6d..816bb156c 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml @@ -28,7 +28,7 @@ template: src: "heketi.json.j2" dest: "{{ kube_config_dir }}/heketi.json" - mode: 0644 + mode: "0644" - name: "Deploy Heketi config secret" when: "secret_state.stdout | length == 0" diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml index 055e179a3..c3f8ebf2e 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml @@ -5,7 +5,7 @@ template: src: "heketi-storage.json.j2" dest: "{{ kube_config_dir }}/heketi-storage.json" - mode: 0644 + mode: "0644" register: "rendering" - name: "Kubernetes Apps | Install and configure Heketi Storage" kube: diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml index bd4f6666b..fc57302bc 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml @@ -16,7 +16,7 @@ template: src: "storageclass.yml.j2" dest: "{{ kube_config_dir }}/storageclass.yml" - mode: 0644 + mode: "0644" register: "rendering" - name: "Kubernetes Apps | Install and configure Storace Class" kube: diff --git a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml index aa662083e..edd5bd9e8 100644 --- a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml +++ b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml @@ -10,7 +10,7 @@ template: src: "topology.json.j2" dest: "{{ kube_config_dir }}/topology.json" - mode: 0644 + mode: "0644" - name: "Copy topology configuration into container." # noqa no-handler when: "rendering.changed" command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json" diff --git a/contrib/offline/generate_list.yml b/contrib/offline/generate_list.yml index bebf34968..6b2bcf806 100644 --- a/contrib/offline/generate_list.yml +++ b/contrib/offline/generate_list.yml @@ -16,7 +16,7 @@ template: src: ./contrib/offline/temp/{{ item }}.list.template dest: ./contrib/offline/temp/{{ item }}.list - mode: 0644 + mode: "0644" with_items: - files - images diff --git a/roles/bastion-ssh-config/molecule/default/converge.yml b/roles/bastion-ssh-config/molecule/default/converge.yml index 54a624705..a89615573 100644 --- a/roles/bastion-ssh-config/molecule/default/converge.yml +++ b/roles/bastion-ssh-config/molecule/default/converge.yml @@ -12,4 +12,4 @@ dest: "{{ ssh_bastion_confing__name }}" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - mode: 0644 + mode: "0644" diff --git a/roles/bastion-ssh-config/tasks/main.yml b/roles/bastion-ssh-config/tasks/main.yml index 920763eb5..99847ef8e 100644 --- a/roles/bastion-ssh-config/tasks/main.yml +++ b/roles/bastion-ssh-config/tasks/main.yml @@ -19,4 +19,4 @@ template: src: "{{ ssh_bastion_confing__name }}.j2" dest: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}" - mode: 0640 + mode: "0640" diff --git a/roles/bootstrap-os/tasks/centos.yml b/roles/bootstrap-os/tasks/centos.yml index fcd20d562..11559a872 100644 --- a/roles/bootstrap-os/tasks/centos.yml +++ b/roles/bootstrap-os/tasks/centos.yml @@ -12,7 +12,7 @@ value: "{{ http_proxy | default(omit) }}" state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" no_extra_spaces: true - mode: 0644 + mode: "0644" become: true when: not skip_http_proxy_on_os_packages @@ -21,7 +21,7 @@ get_url: url: https://yum.oracle.com/public-yum-ol7.repo dest: /etc/yum.repos.d/public-yum-ol7.repo - mode: 0644 + mode: "0644" when: - use_oracle_public_repo | default(true) - '''ID="ol"'' in os_release.stdout_lines' @@ -34,7 +34,7 @@ section: "{{ item }}" option: enabled value: "1" - mode: 0644 + mode: "0644" with_items: - ol7_latest - ol7_addons @@ -59,7 +59,7 @@ section: "ol{{ ansible_distribution_major_version }}_addons" option: "{{ item.option }}" value: "{{ item.value }}" - mode: 0644 + mode: "0644" with_items: - { option: "name", value: "ol{{ ansible_distribution_major_version }}_addons" } - { option: "enabled", value: "1" } @@ -75,7 +75,7 @@ section: "extras" option: "{{ item.option }}" value: "{{ item.value }}" - mode: 0644 + mode: "0644" with_items: - { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" } - { option: "enabled", value: "1" } diff --git a/roles/bootstrap-os/tasks/fedora.yml b/roles/bootstrap-os/tasks/fedora.yml index 85f8ff563..d4a43c314 100644 --- a/roles/bootstrap-os/tasks/fedora.yml +++ b/roles/bootstrap-os/tasks/fedora.yml @@ -17,7 +17,7 @@ value: "{{ http_proxy | default(omit) }}" state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" no_extra_spaces: true - mode: 0644 + mode: "0644" become: true when: not skip_http_proxy_on_os_packages diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml index b8f676fae..e62fbf496 100644 --- a/roles/bootstrap-os/tasks/main.yml +++ b/roles/bootstrap-os/tasks/main.yml @@ -36,7 +36,7 @@ file: path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}" state: directory - mode: 0700 + mode: "0700" - name: Gather facts setup: @@ -61,4 +61,4 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/bootstrap-os/tasks/redhat.yml b/roles/bootstrap-os/tasks/redhat.yml index c3621466e..0aae5a0d6 100644 --- a/roles/bootstrap-os/tasks/redhat.yml +++ b/roles/bootstrap-os/tasks/redhat.yml @@ -12,7 +12,7 @@ value: "{{ http_proxy | default(omit) }}" state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" no_extra_spaces: true - mode: 0644 + mode: "0644" become: true when: not skip_http_proxy_on_os_packages diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index f1b977717..657d1ad75 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -35,7 +35,7 @@ unarchive: src: "{{ downloads.containerd.dest }}" dest: "{{ containerd_bin_dir }}" - mode: 0755 + mode: "0755" remote_src: yes extra_opts: - --strip-components=1 @@ -60,7 +60,7 @@ template: src: containerd.service.j2 dest: /etc/systemd/system/containerd.service - mode: 0644 + mode: "0644" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 @@ -70,7 +70,7 @@ file: dest: "{{ item }}" state: directory - mode: 0755 + mode: "0755" owner: root group: root with_items: @@ -83,7 +83,7 @@ template: src: http-proxy.conf.j2 dest: "{{ containerd_systemd_dir }}/http-proxy.conf" - mode: 0644 + mode: "0644" notify: Restart containerd when: http_proxy is defined or https_proxy is defined @@ -102,7 +102,7 @@ content: "{{ item.value }}" dest: "{{ containerd_cfg_dir }}/{{ item.key }}" owner: "root" - mode: 0644 + mode: "0644" with_dict: "{{ containerd_base_runtime_specs | default({}) }}" notify: Restart containerd @@ -111,7 +111,7 @@ src: config.toml.j2 dest: "{{ containerd_cfg_dir }}/config.toml" owner: "root" - mode: 0640 + mode: "0640" notify: Restart containerd - name: Containerd | Configure containerd registries @@ -121,13 +121,13 @@ file: path: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}" state: directory - mode: 0755 + mode: "0755" loop: "{{ containerd_registries_mirrors }}" - name: Containerd | Write hosts.toml file template: src: hosts.toml.j2 dest: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}/hosts.toml" - mode: 0640 + mode: "0640" loop: "{{ containerd_registries_mirrors }}" # you can sometimes end up in a state where everything is installed diff --git a/roles/container-engine/cri-dockerd/molecule/default/prepare.yml b/roles/container-engine/cri-dockerd/molecule/default/prepare.yml index 83449f842..b5328422a 100644 --- a/roles/container-engine/cri-dockerd/molecule/default/prepare.yml +++ b/roles/container-engine/cri-dockerd/molecule/default/prepare.yml @@ -28,7 +28,7 @@ src: "{{ item }}" dest: "/tmp/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - container.json - sandbox.json @@ -37,12 +37,12 @@ path: /etc/cni/net.d state: directory owner: "{{ kube_owner }}" - mode: 0755 + mode: "0755" - name: Setup CNI copy: src: "{{ item }}" dest: "/etc/cni/net.d/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - 10-mynet.conf diff --git a/roles/container-engine/cri-dockerd/tasks/main.yml b/roles/container-engine/cri-dockerd/tasks/main.yml index 730e379eb..f7d1b1831 100644 --- a/roles/container-engine/cri-dockerd/tasks/main.yml +++ b/roles/container-engine/cri-dockerd/tasks/main.yml @@ -8,7 +8,7 @@ copy: src: "{{ local_release_dir }}/cri-dockerd" dest: "{{ bin_dir }}/cri-dockerd" - mode: 0755 + mode: "0755" remote_src: true notify: - Restart and enable cri-dockerd @@ -17,7 +17,7 @@ template: src: "{{ item }}.j2" dest: "/etc/systemd/system/{{ item }}" - mode: 0644 + mode: "0644" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{ item }}'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 diff --git a/roles/container-engine/cri-o/molecule/default/prepare.yml b/roles/container-engine/cri-o/molecule/default/prepare.yml index 103b0d33e..c769d7cd2 100644 --- a/roles/container-engine/cri-o/molecule/default/prepare.yml +++ b/roles/container-engine/cri-o/molecule/default/prepare.yml @@ -33,7 +33,7 @@ src: "{{ item }}" dest: "/tmp/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - container.json - sandbox.json @@ -42,12 +42,12 @@ path: /etc/cni/net.d state: directory owner: "{{ kube_owner }}" - mode: 0755 + mode: "0755" - name: Setup CNI copy: src: "{{ item }}" dest: "/etc/cni/net.d/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - 10-mynet.conf diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml index 2d73e74e2..a7b234563 100644 --- a/roles/container-engine/cri-o/tasks/main.yaml +++ b/roles/container-engine/cri-o/tasks/main.yaml @@ -56,27 +56,27 @@ file: path: "{{ item }}" state: directory - mode: 0755 + mode: "0755" - name: Cri-o | install cri-o config template: src: crio.conf.j2 dest: /etc/crio/crio.conf - mode: 0644 + mode: "0644" register: config_install - name: Cri-o | install config.json template: src: config.json.j2 dest: /etc/crio/config.json - mode: 0644 + mode: "0644" register: reg_auth_install - name: Cri-o | copy binaries copy: src: "{{ local_release_dir }}/cri-o/bin/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" - mode: 0755 + mode: "0755" remote_src: true with_items: - "{{ crio_bin_files }}" @@ -86,7 +86,7 @@ copy: src: "{{ local_release_dir }}/cri-o/contrib/crio.service" dest: /etc/systemd/system/crio.service - mode: 0755 + mode: "0755" remote_src: true notify: Restart crio @@ -115,7 +115,7 @@ copy: src: "{{ local_release_dir }}/cri-o/contrib/policy.json" dest: /etc/containers/policy.json - mode: 0755 + mode: "0755" remote_src: true notify: Restart crio @@ -123,7 +123,7 @@ copy: src: mounts.conf dest: /etc/containers/mounts.conf - mode: 0644 + mode: "0644" when: - ansible_os_family == 'RedHat' notify: Restart crio @@ -133,7 +133,7 @@ path: /etc/containers/oci/hooks.d state: directory owner: root - mode: 0755 + mode: "0755" - name: Cri-o | set overlay driver community.general.ini_file: @@ -141,7 +141,7 @@ section: storage option: "{{ item.option }}" value: "{{ item.value }}" - mode: 0644 + mode: "0644" with_items: - option: driver value: '"overlay"' @@ -157,20 +157,20 @@ section: storage.options.overlay option: mountopt value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}' - mode: 0644 + mode: "0644" - name: Cri-o | create directory registries configs file: path: /etc/containers/registries.conf.d state: directory owner: root - mode: 0755 + mode: "0755" - name: Cri-o | write registries configs template: src: registry.conf.j2 dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':|/', '_') }}.conf" - mode: 0644 + mode: "0644" loop: "{{ crio_registries }}" notify: Restart crio @@ -178,14 +178,14 @@ template: src: unqualified.conf.j2 dest: "/etc/containers/registries.conf.d/01-unqualified.conf" - mode: 0644 + mode: "0644" notify: Restart crio - name: Cri-o | write cri-o proxy drop-in template: src: http-proxy.conf.j2 dest: /etc/systemd/system/crio.service.d/http-proxy.conf - mode: 0644 + mode: "0644" notify: Restart crio when: http_proxy is defined or https_proxy is defined diff --git a/roles/container-engine/cri-o/tasks/setup-amazon.yaml b/roles/container-engine/cri-o/tasks/setup-amazon.yaml index e6e099d65..2462c30fd 100644 --- a/roles/container-engine/cri-o/tasks/setup-amazon.yaml +++ b/roles/container-engine/cri-o/tasks/setup-amazon.yaml @@ -20,7 +20,7 @@ option: enabled value: "0" backup: yes - mode: 0644 + mode: "0644" when: - amzn2_extras_file_stat.stat.exists - not amzn2_extras_docker_repo.changed diff --git a/roles/container-engine/crictl/handlers/main.yml b/roles/container-engine/crictl/handlers/main.yml index 53195869f..785823fc4 100644 --- a/roles/container-engine/crictl/handlers/main.yml +++ b/roles/container-engine/crictl/handlers/main.yml @@ -9,4 +9,4 @@ copy: dest: /etc/bash_completion.d/crictl content: "{{ cri_completion.stdout }}" - mode: 0644 + mode: "0644" diff --git a/roles/container-engine/crictl/tasks/crictl.yml b/roles/container-engine/crictl/tasks/crictl.yml index cffa05056..72bde5d35 100644 --- a/roles/container-engine/crictl/tasks/crictl.yml +++ b/roles/container-engine/crictl/tasks/crictl.yml @@ -9,13 +9,13 @@ src: crictl.yaml.j2 dest: /etc/crictl.yaml owner: root - mode: 0644 + mode: "0644" - name: Copy crictl binary from download dir copy: src: "{{ local_release_dir }}/crictl" dest: "{{ bin_dir }}/crictl" - mode: 0755 + mode: "0755" remote_src: true notify: - Get crictl completion diff --git a/roles/container-engine/crun/tasks/main.yml b/roles/container-engine/crun/tasks/main.yml index c21bb3ffe..f4ec76459 100644 --- a/roles/container-engine/crun/tasks/main.yml +++ b/roles/container-engine/crun/tasks/main.yml @@ -8,5 +8,5 @@ copy: src: "{{ downloads.crun.dest }}" dest: "{{ bin_dir }}/crun" - mode: 0755 + mode: "0755" remote_src: true diff --git a/roles/container-engine/docker-storage/tasks/main.yml b/roles/container-engine/docker-storage/tasks/main.yml index ec129753d..e3c713db2 100644 --- a/roles/container-engine/docker-storage/tasks/main.yml +++ b/roles/container-engine/docker-storage/tasks/main.yml @@ -10,12 +10,12 @@ template: src: docker-storage-setup.j2 dest: /etc/sysconfig/docker-storage-setup - mode: 0644 + mode: "0644" - name: Docker-storage-override-directory | docker service storage-setup override dir file: dest: /etc/systemd/system/docker.service.d - mode: 0755 + mode: "0755" owner: root group: root state: directory @@ -30,7 +30,7 @@ owner: root group: root - mode: 0644 + mode: "0644" # https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository - name: Docker-storage-setup | install lvm2 diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml index 1ccee8c4c..55b3a0be6 100644 --- a/roles/container-engine/docker/tasks/main.yml +++ b/roles/container-engine/docker/tasks/main.yml @@ -82,14 +82,14 @@ template: src: "fedora_docker.repo.j2" dest: "{{ yum_repo_dir }}/docker.repo" - mode: 0644 + mode: "0644" when: ansible_distribution == "Fedora" and not is_ostree - name: Configure docker repository on RedHat/CentOS/OracleLinux/AlmaLinux/KylinLinux template: src: "rh_docker.repo.j2" dest: "{{ yum_repo_dir }}/docker-ce.repo" - mode: 0644 + mode: "0644" when: - ansible_os_family == "RedHat" - ansible_distribution != "Fedora" diff --git a/roles/container-engine/docker/tasks/systemd.yml b/roles/container-engine/docker/tasks/systemd.yml index 57d9b9c5a..22fe3a02d 100644 --- a/roles/container-engine/docker/tasks/systemd.yml +++ b/roles/container-engine/docker/tasks/systemd.yml @@ -3,13 +3,13 @@ file: path: /etc/systemd/system/docker.service.d state: directory - mode: 0755 + mode: "0755" - name: Write docker proxy drop-in template: src: http-proxy.conf.j2 dest: /etc/systemd/system/docker.service.d/http-proxy.conf - mode: 0644 + mode: "0644" notify: Restart docker when: http_proxy is defined or https_proxy is defined @@ -27,7 +27,7 @@ template: src: docker.service.j2 dest: /etc/systemd/system/docker.service - mode: 0644 + mode: "0644" register: docker_service_file notify: Restart docker when: @@ -38,14 +38,14 @@ template: src: docker-options.conf.j2 dest: "/etc/systemd/system/docker.service.d/docker-options.conf" - mode: 0644 + mode: "0644" notify: Restart docker - name: Write docker dns systemd drop-in template: src: docker-dns.conf.j2 dest: "/etc/systemd/system/docker.service.d/docker-dns.conf" - mode: 0644 + mode: "0644" notify: Restart docker when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' @@ -53,14 +53,14 @@ copy: src: cleanup-docker-orphans.sh dest: "{{ bin_dir }}/cleanup-docker-orphans.sh" - mode: 0755 + mode: "0755" when: docker_orphan_clean_up | bool - name: Write docker orphan clean up systemd drop-in template: src: docker-orphan-cleanup.conf.j2 dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf" - mode: 0644 + mode: "0644" notify: Restart docker when: docker_orphan_clean_up | bool diff --git a/roles/container-engine/gvisor/molecule/default/prepare.yml b/roles/container-engine/gvisor/molecule/default/prepare.yml index 3ec360225..57c21f2dd 100644 --- a/roles/container-engine/gvisor/molecule/default/prepare.yml +++ b/roles/container-engine/gvisor/molecule/default/prepare.yml @@ -29,7 +29,7 @@ src: "{{ item }}" dest: "/tmp/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - container.json - sandbox.json @@ -38,12 +38,12 @@ path: /etc/cni/net.d state: directory owner: root - mode: 0755 + mode: "0755" - name: Setup CNI copy: src: "{{ item }}" dest: "/etc/cni/net.d/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - 10-mynet.conf diff --git a/roles/container-engine/gvisor/tasks/main.yml b/roles/container-engine/gvisor/tasks/main.yml index 1a8277b72..13b19a2f6 100644 --- a/roles/container-engine/gvisor/tasks/main.yml +++ b/roles/container-engine/gvisor/tasks/main.yml @@ -13,7 +13,7 @@ copy: src: "{{ item.src }}" dest: "{{ bin_dir }}/{{ item.dest }}" - mode: 0755 + mode: "0755" remote_src: yes with_items: - { src: "{{ downloads.gvisor_runsc.dest }}", dest: "runsc" } diff --git a/roles/container-engine/kata-containers/molecule/default/prepare.yml b/roles/container-engine/kata-containers/molecule/default/prepare.yml index 9d7019a6d..a5abd27bb 100644 --- a/roles/container-engine/kata-containers/molecule/default/prepare.yml +++ b/roles/container-engine/kata-containers/molecule/default/prepare.yml @@ -29,7 +29,7 @@ src: "{{ item }}" dest: "/tmp/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - container.json - sandbox.json @@ -38,12 +38,12 @@ path: /etc/cni/net.d state: directory owner: "{{ kube_owner }}" - mode: 0755 + mode: "0755" - name: Setup CNI copy: src: "{{ item }}" dest: "/etc/cni/net.d/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - 10-mynet.conf diff --git a/roles/container-engine/kata-containers/tasks/main.yml b/roles/container-engine/kata-containers/tasks/main.yml index e795b1f8d..38778987d 100644 --- a/roles/container-engine/kata-containers/tasks/main.yml +++ b/roles/container-engine/kata-containers/tasks/main.yml @@ -8,7 +8,7 @@ unarchive: src: "{{ downloads.kata_containers.dest }}" dest: "/" - mode: 0755 + mode: "0755" owner: root group: root remote_src: yes @@ -17,13 +17,13 @@ file: path: "{{ kata_containers_config_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Kata-containers | Set configuration template: src: "{{ item }}.j2" dest: "{{ kata_containers_config_dir }}/{{ item }}" - mode: 0644 + mode: "0644" with_items: - configuration-qemu.toml @@ -33,7 +33,7 @@ template: dest: "{{ kata_containers_containerd_bin_dir }}/containerd-shim-kata-{{ item }}-v2" src: containerd-shim-kata-v2.j2 - mode: 0755 + mode: "0755" with_items: - qemu @@ -48,7 +48,7 @@ - name: Kata-containers | Persist vhost kernel modules copy: dest: /etc/modules-load.d/kubespray-kata-containers.conf - mode: 0644 + mode: "0644" content: | vhost_vsock vhost_net diff --git a/roles/container-engine/nerdctl/handlers/main.yml b/roles/container-engine/nerdctl/handlers/main.yml index 27895ff74..98de60c1c 100644 --- a/roles/container-engine/nerdctl/handlers/main.yml +++ b/roles/container-engine/nerdctl/handlers/main.yml @@ -9,4 +9,4 @@ copy: dest: /etc/bash_completion.d/nerdctl content: "{{ nerdctl_completion.stdout }}" - mode: 0644 + mode: "0644" diff --git a/roles/container-engine/nerdctl/tasks/main.yml b/roles/container-engine/nerdctl/tasks/main.yml index e4e4ebd15..d3cd0070c 100644 --- a/roles/container-engine/nerdctl/tasks/main.yml +++ b/roles/container-engine/nerdctl/tasks/main.yml @@ -8,7 +8,7 @@ copy: src: "{{ local_release_dir }}/nerdctl" dest: "{{ bin_dir }}/nerdctl" - mode: 0755 + mode: "0755" remote_src: true owner: root group: root @@ -21,7 +21,7 @@ file: path: /etc/nerdctl state: directory - mode: 0755 + mode: "0755" owner: root group: root become: true @@ -30,7 +30,7 @@ template: src: nerdctl.toml.j2 dest: /etc/nerdctl/nerdctl.toml - mode: 0644 + mode: "0644" owner: root group: root become: true diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml index 542a447d5..3ee3fdae0 100644 --- a/roles/container-engine/runc/tasks/main.yml +++ b/roles/container-engine/runc/tasks/main.yml @@ -27,7 +27,7 @@ copy: src: "{{ downloads.runc.dest }}" dest: "{{ runc_bin_dir }}/runc" - mode: 0755 + mode: "0755" remote_src: true - name: Runc | Remove orphaned binary diff --git a/roles/container-engine/skopeo/tasks/main.yml b/roles/container-engine/skopeo/tasks/main.yml index cef0424cd..95bb9697f 100644 --- a/roles/container-engine/skopeo/tasks/main.yml +++ b/roles/container-engine/skopeo/tasks/main.yml @@ -28,5 +28,5 @@ copy: src: "{{ downloads.skopeo.dest }}" dest: "{{ bin_dir }}/skopeo" - mode: 0755 + mode: "0755" remote_src: true diff --git a/roles/container-engine/youki/molecule/default/prepare.yml b/roles/container-engine/youki/molecule/default/prepare.yml index 119f58add..a72bdad7f 100644 --- a/roles/container-engine/youki/molecule/default/prepare.yml +++ b/roles/container-engine/youki/molecule/default/prepare.yml @@ -29,7 +29,7 @@ src: "{{ item }}" dest: "/tmp/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - container.json - sandbox.json @@ -38,12 +38,12 @@ path: /etc/cni/net.d state: directory owner: root - mode: 0755 + mode: "0755" - name: Setup CNI copy: src: "{{ item }}" dest: "/etc/cni/net.d/{{ item }}" owner: root - mode: 0644 + mode: "0644" with_items: - 10-mynet.conf diff --git a/roles/container-engine/youki/tasks/main.yml b/roles/container-engine/youki/tasks/main.yml index e88f663e3..86182a366 100644 --- a/roles/container-engine/youki/tasks/main.yml +++ b/roles/container-engine/youki/tasks/main.yml @@ -8,5 +8,5 @@ copy: src: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-{{ youki_version }}/youki" dest: "{{ youki_bin_dir }}/youki" - mode: 0755 + mode: "0755" remote_src: true diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml index 9773366f0..00dd33a28 100644 --- a/roles/download/tasks/download_file.yml +++ b/roles/download/tasks/download_file.yml @@ -22,7 +22,7 @@ file: path: "{{ download.dest | dirname }}" owner: "{{ download.owner | default(omit) }}" - mode: 0755 + mode: "0755" state: directory recurse: yes diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index 58e508491..a8a79d711 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -69,7 +69,7 @@ file: path: "{{ local_release_dir }}/images" state: directory - mode: 0755 + mode: "0755" owner: "{{ ansible_ssh_user | default(ansible_user_id) }}" when: - ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] @@ -78,7 +78,7 @@ file: path: "{{ download_cache_dir }}/images" state: directory - mode: 0755 + mode: "0755" delegate_to: localhost connection: local delegate_facts: no diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml index fdfed1d08..ca7055c49 100644 --- a/roles/download/tasks/prep_kubeadm_images.yml +++ b/roles/download/tasks/prep_kubeadm_images.yml @@ -18,7 +18,7 @@ template: src: "kubeadm-images.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-images.yaml" - mode: 0644 + mode: "0644" when: - not skip_kubeadm_images | default(false) @@ -26,7 +26,7 @@ copy: src: "{{ downloads.kubeadm.dest }}" dest: "{{ bin_dir }}/kubeadm" - mode: 0755 + mode: "0755" remote_src: true - name: Prep_kubeadm_images | Set kubeadm binary permissions diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml index b79dd0148..9c05a3ad0 100644 --- a/roles/etcd/handlers/backup.yml +++ b/roles/etcd/handlers/backup.yml @@ -16,7 +16,7 @@ state: directory owner: root group: root - mode: 0600 + mode: "0600" listen: Restart etcd when: etcd_cluster_is_healthy.rc == 0 diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 438dbc7df..6afc5eba0 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -50,7 +50,7 @@ src: "etcd-{{ etcd_deployment_type }}.service.j2" dest: /etc/systemd/system/etcd.service backup: yes - mode: 0644 + mode: "0644" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service'" @@ -61,7 +61,7 @@ src: "etcd-events-{{ etcd_deployment_type }}.service.j2" dest: /etc/systemd/system/etcd-events.service backup: yes - mode: 0644 + mode: "0644" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml index 33e9d94c6..711c14d64 100644 --- a/roles/etcd/tasks/gen_certs_script.yml +++ b/roles/etcd/tasks/gen_certs_script.yml @@ -13,7 +13,7 @@ path: "{{ etcd_script_dir }}" state: directory owner: root - mode: 0700 + mode: "0700" run_once: yes when: inventory_hostname == groups['etcd'][0] @@ -21,7 +21,7 @@ template: src: "openssl.conf.j2" dest: "{{ etcd_config_dir }}/openssl.conf" - mode: 0640 + mode: "0640" run_once: yes delegate_to: "{{ groups['etcd'][0] }}" when: @@ -32,7 +32,7 @@ template: src: "make-ssl-etcd.sh.j2" dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh" - mode: 0700 + mode: "0700" run_once: yes when: - gen_certs | default(false) @@ -90,7 +90,7 @@ content: "{{ item.content | b64decode }}" group: "{{ etcd_cert_group }}" owner: "{{ etcd_owner }}" - mode: 0640 + mode: "0640" with_items: "{{ etcd_master_certs.results }}" when: - inventory_hostname in groups['etcd'] @@ -122,7 +122,7 @@ content: "{{ item.content | b64decode }}" group: "{{ etcd_cert_group }}" owner: "{{ etcd_owner }}" - mode: 0640 + mode: "0640" with_items: "{{ etcd_master_node_certs.results }}" when: - inventory_hostname in groups['etcd'] diff --git a/roles/etcd/tasks/install_docker.yml b/roles/etcd/tasks/install_docker.yml index cc2fdecf5..a7aba5094 100644 --- a/roles/etcd/tasks/install_docker.yml +++ b/roles/etcd/tasks/install_docker.yml @@ -28,7 +28,7 @@ src: etcd.j2 dest: "{{ bin_dir }}/etcd" owner: 'root' - mode: 0750 + mode: "0750" backup: yes when: etcd_cluster_setup @@ -37,6 +37,6 @@ src: etcd-events.j2 dest: "{{ bin_dir }}/etcd-events" owner: 'root' - mode: 0750 + mode: "0750" backup: yes when: etcd_events_cluster_setup diff --git a/roles/etcd/tasks/install_host.yml b/roles/etcd/tasks/install_host.yml index d4baa2aac..7bfc7e2ab 100644 --- a/roles/etcd/tasks/install_host.yml +++ b/roles/etcd/tasks/install_host.yml @@ -24,7 +24,7 @@ copy: src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" - mode: 0755 + mode: "0755" remote_src: yes with_items: - etcd diff --git a/roles/etcd/tasks/refresh_config.yml b/roles/etcd/tasks/refresh_config.yml index d5e004532..effebbddb 100644 --- a/roles/etcd/tasks/refresh_config.yml +++ b/roles/etcd/tasks/refresh_config.yml @@ -3,7 +3,7 @@ template: src: etcd.env.j2 dest: /etc/etcd.env - mode: 0640 + mode: "0640" notify: Restart etcd when: is_etcd_master and etcd_cluster_setup @@ -11,6 +11,6 @@ template: src: etcd-events.env.j2 dest: /etc/etcd-events.env - mode: 0640 + mode: "0640" notify: Restart etcd-events when: is_etcd_master and etcd_events_cluster_setup diff --git a/roles/etcd/tasks/upd_ca_trust.yml b/roles/etcd/tasks/upd_ca_trust.yml index 22c5901e5..ec81e17f1 100644 --- a/roles/etcd/tasks/upd_ca_trust.yml +++ b/roles/etcd/tasks/upd_ca_trust.yml @@ -21,7 +21,7 @@ src: "{{ etcd_cert_dir }}/ca.pem" dest: "{{ ca_cert_path }}" remote_src: true - mode: 0640 + mode: "0640" register: etcd_ca_cert - name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Flatcar) # noqa no-handler diff --git a/roles/etcdctl_etcdutl/tasks/main.yml b/roles/etcdctl_etcdutl/tasks/main.yml index be0eea4e7..b9e6832f5 100644 --- a/roles/etcdctl_etcdutl/tasks/main.yml +++ b/roles/etcdctl_etcdutl/tasks/main.yml @@ -31,7 +31,7 @@ copy: src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" - mode: 0755 + mode: "0755" remote_src: yes with_items: - etcdctl @@ -42,4 +42,4 @@ template: src: etcdctl.sh.j2 dest: "{{ bin_dir }}/etcdctl.sh" - mode: 0755 + mode: "0755" diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml index 897c6189f..46e2006b9 100644 --- a/roles/kubernetes-apps/ansible/tasks/coredns.yml +++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" loop: - { name: coredns, file: coredns-clusterrole.yml, type: clusterrole } - { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding } @@ -31,7 +31,7 @@ template: src: "{{ item.src }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment } - { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc } diff --git a/roles/kubernetes-apps/ansible/tasks/dashboard.yml b/roles/kubernetes-apps/ansible/tasks/dashboard.yml index 480b3dbf1..587267477 100644 --- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml +++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { file: dashboard.yml, type: deploy, name: kubernetes-dashboard } register: manifests diff --git a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml index 548de89fd..580ab66db 100644 --- a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml +++ b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics } - { file: etcd_metrics-service.yml, type: service, name: etcd-metrics } diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml index 0011e7fc8..2cf4b5dc9 100644 --- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml +++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml @@ -29,7 +29,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ netchecker_templates }}" register: manifests when: diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml index b438afb88..7e522e29e 100644 --- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml +++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml @@ -20,7 +20,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap } - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa } @@ -51,7 +51,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset } register: nodelocaldns_second_manifests diff --git a/roles/kubernetes-apps/argocd/tasks/main.yml b/roles/kubernetes-apps/argocd/tasks/main.yml index e11f0976b..3cfe06fc7 100644 --- a/roles/kubernetes-apps/argocd/tasks/main.yml +++ b/roles/kubernetes-apps/argocd/tasks/main.yml @@ -36,7 +36,7 @@ url: "{{ item.url }}" unarchive: false owner: "root" - mode: 0644 + mode: "0644" sha256: "" download: "{{ download_defaults | combine(download_argocd) }}" with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" @@ -73,7 +73,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}" loop_control: label: "{{ item.file }}" diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml index 6bfcc25e4..a5913ecc7 100644 --- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml +++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml @@ -7,7 +7,7 @@ template: src: controller-manager-config.yml.j2 dest: "{{ kube_config_dir }}/controller-manager-config.yml" - mode: 0644 + mode: "0644" when: inventory_hostname == groups['kube_control_plane'][0] - name: "OCI Cloud Controller | Slurp Configuration" @@ -24,7 +24,7 @@ template: src: oci-cloud-provider.yml.j2 dest: "{{ kube_config_dir }}/oci-cloud-provider.yml" - mode: 0644 + mode: "0644" when: inventory_hostname == groups['kube_control_plane'][0] - name: "OCI Cloud Controller | Apply Manifests" diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml index fdb3205d6..8d7230e0a 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml @@ -15,7 +15,7 @@ template: src: "node-crb.yml.j2" dest: "{{ kube_config_dir }}/node-crb.yml" - mode: 0640 + mode: "0640" register: node_crb_manifest when: - rbac_enabled @@ -70,7 +70,7 @@ copy: src: k8s-cluster-critical-pc.yml dest: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml" - mode: 0640 + mode: "0640" when: inventory_hostname == groups['kube_control_plane'] | last - name: PriorityClass | Create k8s-cluster-critical diff --git a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml index eb074634e..e5bef6701 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml @@ -3,7 +3,7 @@ copy: src: "oci-rbac.yml" dest: "{{ kube_config_dir }}/oci-rbac.yml" - mode: 0640 + mode: "0640" when: - cloud_provider is defined - cloud_provider == 'oci' diff --git a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml index 8cba9bf37..325fb5f21 100644 --- a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml +++ b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml @@ -26,14 +26,14 @@ path: "{{ kube_config_dir }}/addons/container_engine_accelerator" owner: root group: root - mode: 0755 + mode: "0755" recurse: true - name: Container Engine Acceleration Nvidia GPU | Create manifests for nvidia accelerators template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: nvidia-driver-install-daemonset, file: nvidia-driver-install-daemonset.yml, type: daemonset } - { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset } diff --git a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml index 90562f229..143c8d843 100644 --- a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml +++ b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml @@ -4,7 +4,7 @@ path: "{{ kube_config_dir }}/addons/gvisor" owner: root group: root - mode: 0755 + mode: "0755" recurse: true - name: GVisor | Templates List @@ -16,7 +16,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ gvisor_templates }}" register: gvisor_manifests when: diff --git a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml index a07c7c288..cd85a6d69 100644 --- a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml +++ b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml @@ -5,7 +5,7 @@ path: "{{ kube_config_dir }}/addons/kata_containers" owner: root group: root - mode: 0755 + mode: "0755" recurse: true - name: Kata Containers | Templates list @@ -17,7 +17,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/kata_containers/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ kata_containers_templates }}" register: kata_containers_manifests when: diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml index 5570dccfd..fc905e445 100644 --- a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: aws-ebs-csi-driver, file: aws-ebs-csi-driver.yml} - {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice-rbac.yml} diff --git a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml index a94656f48..82d222e50 100644 --- a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml @@ -7,7 +7,7 @@ src: "azure-csi-cloud-config.j2" dest: "{{ kube_config_dir }}/azure_csi_cloud_config" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" when: inventory_hostname == groups['kube_control_plane'][0] - name: Azure CSI Driver | Get base64 cloud-config @@ -20,7 +20,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml} - {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml} diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml index c6d14a2aa..dd614fe6c 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml +++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml @@ -7,5 +7,5 @@ src: "{{ cinder_cacert }}" dest: "{{ kube_config_dir }}/cinder-cacert.pem" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" delegate_to: "{{ delegate_host_to_write_cacert }}" diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml index 47ce6cd89..f2d1026e8 100644 --- a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml @@ -18,7 +18,7 @@ src: "cinder-csi-cloud-config.j2" dest: "{{ kube_config_dir }}/cinder_cloud_config" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" when: inventory_hostname == groups['kube_control_plane'][0] - name: Cinder CSI Driver | Get base64 cloud-config @@ -31,7 +31,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: cinder-csi-driver, file: cinder-csi-driver.yml} - {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml} diff --git a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml index 479093120..75111db58 100644 --- a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: volumesnapshotclasses, file: volumesnapshotclasses.yml} - {name: volumesnapshotcontents, file: volumesnapshotcontents.yml} diff --git a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml index be511caa4..6ae54d466 100644 --- a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml @@ -9,7 +9,7 @@ src: "{{ gcp_pd_csi_sa_cred_file }}" dest: "{{ kube_config_dir }}/cloud-sa.json" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" when: inventory_hostname == groups['kube_control_plane'][0] - name: GCP PD CSI Driver | Get base64 cloud-sa.json @@ -22,7 +22,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: gcp-pd-csi-cred-secret, file: gcp-pd-csi-cred-secret.yml} - {name: gcp-pd-csi-setup, file: gcp-pd-csi-setup.yml} diff --git a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml index 8f0b69f8c..aafb0fdb4 100644 --- a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml @@ -16,7 +16,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: upcloud-csi-cred-secret, file: upcloud-csi-cred-secret.yml} - {name: upcloud-csi-setup, file: upcloud-csi-setup.yml} diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml index 102dd8be0..6bbb4ffa4 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml @@ -6,7 +6,7 @@ template: src: "{{ item }}.j2" dest: "{{ kube_config_dir }}/{{ item }}" - mode: 0640 + mode: "0640" with_items: - vsphere-csi-cloud-config when: inventory_hostname == groups['kube_control_plane'][0] @@ -15,7 +15,7 @@ template: src: "{{ item }}.j2" dest: "{{ kube_config_dir }}/{{ item }}" - mode: 0644 + mode: "0644" with_items: - vsphere-csi-namespace.yml - vsphere-csi-driver.yml diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml index c626e78e9..6b482ccd3 100644 --- a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml @@ -4,7 +4,7 @@ src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" with_items: - {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml} - {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml} diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml index 880be0dfc..3d82ded77 100644 --- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml @@ -24,7 +24,7 @@ src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" with_items: - {name: external-huawei-cloud-config-secret, file: external-huawei-cloud-config-secret.yml} - {name: external-huawei-cloud-controller-manager-roles, file: external-huawei-cloud-controller-manager-roles.yml} diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml index 787dbb444..8c930f3aa 100644 --- a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml @@ -24,7 +24,7 @@ src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" with_items: - {name: external-openstack-cloud-config-secret, file: external-openstack-cloud-config-secret.yml} - {name: external-openstack-cloud-controller-manager-roles, file: external-openstack-cloud-controller-manager-roles.yml} diff --git a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml index 60b8ec83b..585eb9817 100644 --- a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml +++ b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml @@ -6,7 +6,7 @@ template: src: "{{ item }}.j2" dest: "{{ kube_config_dir }}/{{ item }}" - mode: 0640 + mode: "0640" with_items: - external-vsphere-cpi-cloud-config when: inventory_hostname == groups['kube_control_plane'][0] @@ -15,7 +15,7 @@ template: src: "{{ item }}.j2" dest: "{{ kube_config_dir }}/{{ item }}" - mode: 0644 + mode: "0644" with_items: - external-vsphere-cpi-cloud-config-secret.yml - external-vsphere-cloud-controller-manager-roles.yml diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml index 86cba2d57..4993eebab 100644 --- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml @@ -33,7 +33,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -54,7 +54,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ cephfs_provisioner_templates }}" register: cephfs_provisioner_manifests when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml index 71036ca9d..f3ae87a37 100644 --- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -13,7 +13,7 @@ file: path: "{{ local_path_provisioner_claim_root }}" state: directory - mode: 0755 + mode: "0755" - name: Local Path Provisioner | Render Template set_fact: @@ -30,7 +30,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ local_path_provisioner_templates }}" register: local_path_provisioner_manifests when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml index 2308b5ca6..bc35b4782 100644 --- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml @@ -12,7 +12,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Local Volume Provisioner | Templates list set_fact: @@ -29,7 +29,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ local_volume_provisioner_templates }}" register: local_volume_provisioner_manifests when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml index 76445dae0..0a1f5b2e2 100644 --- a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml @@ -33,7 +33,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -54,7 +54,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ rbd_provisioner_templates }}" register: rbd_provisioner_manifests when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml index eae0e2171..61596aefb 100644 --- a/roles/kubernetes-apps/helm/tasks/main.yml +++ b/roles/kubernetes-apps/helm/tasks/main.yml @@ -32,7 +32,7 @@ copy: src: "{{ local_release_dir }}/helm-{{ helm_version }}/linux-{{ image_arch }}/helm" dest: "{{ bin_dir }}/helm" - mode: 0755 + mode: "0755" remote_src: true - name: Helm | Get helm completion @@ -45,5 +45,5 @@ copy: dest: /etc/bash_completion.d/helm.sh content: "{{ helm_completion.stdout }}" - mode: 0755 + mode: "0755" become: True diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml index 8a188a4cb..451487738 100644 --- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml @@ -6,13 +6,13 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: ALB Ingress Controller | Create manifests template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole } - { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding } diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml index 4af64adc5..8012e77d5 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml @@ -24,7 +24,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -38,7 +38,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ cert_manager_templates }}" register: cert_manager_manifests when: diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml index 518094af7..be26060b8 100644 --- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml +++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml @@ -6,7 +6,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -50,7 +50,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ ingress_nginx_templates }}" register: ingress_nginx_manifests when: diff --git a/roles/kubernetes-apps/krew/tasks/krew.yml b/roles/kubernetes-apps/krew/tasks/krew.yml index a8b52010b..e46dbb48d 100644 --- a/roles/kubernetes-apps/krew/tasks/krew.yml +++ b/roles/kubernetes-apps/krew/tasks/krew.yml @@ -8,13 +8,13 @@ template: src: krew.j2 dest: /etc/bash_completion.d/krew - mode: 0644 + mode: "0644" - name: Krew | Copy krew manifest template: src: krew.yml.j2 dest: "{{ local_release_dir }}/krew.yml" - mode: 0644 + mode: "0644" - name: Krew | Install krew # noqa command-instead-of-shell shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml" @@ -33,6 +33,6 @@ copy: dest: /etc/bash_completion.d/krew.sh content: "{{ krew_completion.stdout }}" - mode: 0755 + mode: "0755" become: True when: krew_completion.rc == 0 diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml index 6a804cbef..5e6757b3d 100644 --- a/roles/kubernetes-apps/metallb/tasks/main.yml +++ b/roles/kubernetes-apps/metallb/tasks/main.yml @@ -16,7 +16,7 @@ template: src: "metallb.yaml.j2" dest: "{{ kube_config_dir }}/metallb.yaml" - mode: 0644 + mode: "0644" register: metallb_rendering when: - inventory_hostname == groups['kube_control_plane'][0] @@ -47,7 +47,7 @@ ansible.builtin.template: src: pools.yaml.j2 dest: "{{ kube_config_dir }}/pools.yaml" - mode: 0644 + mode: "0644" register: pools_rendering - name: MetalLB | Create address pools configuration @@ -67,7 +67,7 @@ ansible.builtin.template: src: layer2.yaml.j2 dest: "{{ kube_config_dir }}/layer2.yaml" - mode: 0644 + mode: "0644" register: layer2_rendering - name: MetalLB | Create layer2 configuration @@ -87,7 +87,7 @@ ansible.builtin.template: src: layer3.yaml.j2 dest: "{{ kube_config_dir }}/layer3.yaml" - mode: 0644 + mode: "0644" register: layer3_rendering - name: MetalLB | Create layer3 configuration diff --git a/roles/kubernetes-apps/metrics_server/tasks/main.yml b/roles/kubernetes-apps/metrics_server/tasks/main.yml index 1fe617de8..3517686cb 100644 --- a/roles/kubernetes-apps/metrics_server/tasks/main.yml +++ b/roles/kubernetes-apps/metrics_server/tasks/main.yml @@ -19,7 +19,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -39,7 +39,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ metrics_server_templates }}" register: metrics_server_manifests when: diff --git a/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml b/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml index b7e930afe..eb2237a8c 100644 --- a/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml +++ b/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] @@ -31,7 +31,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/node_feature_discovery/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ node_feature_discovery_templates }}" register: node_feature_discovery_manifests when: diff --git a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml index b49acdfbd..d31f9c6d9 100644 --- a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "aws-ebs-csi-storage-class.yml.j2" dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml index 9abffbe1f..4a2bff006 100644 --- a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "azure-csi-storage-class.yml.j2" dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml index 52de1c5a2..78ebe78de 100644 --- a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "cinder-csi-storage-class.yml.j2" dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml index 29997e7c6..f58e4cbde 100644 --- a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "gcp-pd-csi-storage-class.yml.j2" dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml index 3387e7ff4..90b3ad7f4 100644 --- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "openstack-storage-class.yml.j2" dest: "{{ kube_config_dir }}/openstack-storage-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml index 26104a092..aed567937 100644 --- a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml +++ b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "upcloud-csi-storage-class.yml.j2" dest: "{{ kube_config_dir }}/upcloud-csi-storage-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml index ba2eebbce..fa0c994a1 100644 --- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml +++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment} - {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa} diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml index a915e0773..4e4979d1e 100644 --- a/roles/kubernetes-apps/registry/tasks/main.yml +++ b/roles/kubernetes-apps/registry/tasks/main.yml @@ -31,7 +31,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" - name: Registry | Templates list set_fact: @@ -54,7 +54,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: "{{ registry_templates }}" register: registry_manifests when: inventory_hostname == groups['kube_control_plane'][0] @@ -74,7 +74,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: registry-pvc, file: registry-pvc.yml, type: pvc } register: registry_manifests diff --git a/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml b/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml index d17b19128..404a2cb93 100644 --- a/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml +++ b/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml @@ -5,7 +5,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: inventory_hostname == groups['kube_control_plane'][0] tags: - scheduler_plugins @@ -14,7 +14,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/scheduler-plugins/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - { name: appgroup, file: appgroup.diktyo.x-k8s.io_appgroups.yaml, type: crd } - { name: networktopology, file: networktopology.diktyo.x-k8s.io_networktopologies.yaml, type: crd } diff --git a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml index 7e9116f15..35ec4cd85 100644 --- a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml +++ b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml @@ -3,7 +3,7 @@ template: src: "cinder-csi-snapshot-class.yml.j2" dest: "{{ kube_config_dir }}/cinder-csi-snapshot-class.yml" - mode: 0644 + mode: "0644" register: manifests when: - inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml index e6da2920a..0c5d3aeba 100644 --- a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml +++ b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml @@ -13,7 +13,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: snapshot-ns, file: snapshot-ns.yml, apply: not snapshot_namespace_exists} - {name: rbac-snapshot-controller, file: rbac-snapshot-controller.yml} diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index e6197611e..cc7887750 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -80,7 +80,7 @@ copy: content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}" dest: "{{ artifacts_dir }}/admin.conf" - mode: 0600 + mode: "0600" delegate_to: localhost connection: local become: no @@ -106,7 +106,7 @@ #!/bin/bash ${BASH_SOURCE%/*}/kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf "$@" dest: "{{ artifacts_dir }}/kubectl.sh" - mode: 0755 + mode: "0755" become: no run_once: yes delegate_to: localhost diff --git a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml index 209e4c730..9b998c52b 100644 --- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml +++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml @@ -37,4 +37,4 @@ dest: "{{ kube_cert_dir }}/secrets_encryption.yaml" owner: root group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml index 9de55c544..788d6b8f3 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml @@ -25,5 +25,5 @@ path: "{{ etcd_data_dir }}" owner: "{{ etcd_owner }}" group: "{{ etcd_owner }}" - mode: 0700 + mode: "0700" when: etcd_deployment_type == "kubeadm" diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml index e10ef7fab..128e93f36 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml @@ -34,7 +34,7 @@ template: src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" - mode: 0640 + mode: "0640" backup: yes when: - inventory_hostname != first_kube_control_plane @@ -77,7 +77,7 @@ dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml" content: "{{ kubeconfig_file_discovery.stdout }}" owner: "root" - mode: 0644 + mode: "0644" when: - inventory_hostname != first_kube_control_plane - kubeadm_use_file_discovery diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index ceaafa06c..dfbe604a4 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -51,35 +51,35 @@ file: path: "{{ audit_policy_file | dirname }}" state: directory - mode: 0640 + mode: "0640" when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false) - name: Write api audit policy yaml template: src: apiserver-audit-policy.yaml.j2 dest: "{{ audit_policy_file }}" - mode: 0640 + mode: "0640" when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false) - name: Write api audit webhook config yaml template: src: apiserver-audit-webhook-config.yaml.j2 dest: "{{ audit_webhook_config_file }}" - mode: 0640 + mode: "0640" when: kubernetes_audit_webhook | default(false) - name: Create apiserver tracing config directory file: path: "{{ kube_config_dir }}/tracing" state: directory - mode: 0640 + mode: "0640" when: kube_apiserver_tracing - name: Write apiserver tracing config yaml template: src: apiserver-tracing.yaml.j2 dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml" - mode: 0640 + mode: "0640" when: kube_apiserver_tracing # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint. @@ -96,27 +96,27 @@ template: src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-config.yaml" - mode: 0640 + mode: "0640" - name: Kubeadm | Create directory to store admission control configurations file: path: "{{ kube_config_dir }}/admission-controls" state: directory - mode: 0640 + mode: "0640" when: kube_apiserver_admission_control_config_file - name: Kubeadm | Push admission control config file template: src: "admission-controls.yaml.j2" dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml" - mode: 0640 + mode: "0640" when: kube_apiserver_admission_control_config_file - name: Kubeadm | Push admission control config files template: src: "{{ item | lower }}.yaml.j2" dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml" - mode: 0640 + mode: "0640" when: - kube_apiserver_admission_control_config_file - item in kube_apiserver_admission_plugins_needs_configuration @@ -126,7 +126,7 @@ template: src: "podnodeselector.yaml.j2" dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml" - mode: 0640 + mode: "0640" when: - kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined - kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0 @@ -178,7 +178,7 @@ file: path: "{{ kubeadm_patches.dest_dir }}" state: directory - mode: 0640 + mode: "0640" when: kubeadm_patches is defined and kubeadm_patches.enabled - name: Kubeadm | Copy kubeadm patches from inventory files @@ -186,7 +186,7 @@ src: "{{ kubeadm_patches.source_dir }}/" dest: "{{ kubeadm_patches.dest_dir }}" owner: "root" - mode: 0644 + mode: "0644" when: kubeadm_patches is defined and kubeadm_patches.enabled - name: Kubeadm | Initialize first master diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index 37f36ab14..b1e2ee2a9 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -8,21 +8,21 @@ template: src: webhook-token-auth-config.yaml.j2 dest: "{{ kube_config_dir }}/webhook-token-auth-config.yaml" - mode: 0640 + mode: "0640" when: kube_webhook_token_auth | default(false) - name: Create webhook authorization config template: src: webhook-authorization-config.yaml.j2 dest: "{{ kube_config_dir }}/webhook-authorization-config.yaml" - mode: 0640 + mode: "0640" when: kube_webhook_authorization | default(false) - name: Create kube-scheduler config template: src: kubescheduler-config.yaml.j2 dest: "{{ kube_config_dir }}/kubescheduler-config.yaml" - mode: 0644 + mode: "0644" - name: Apply Kubernetes encrypt at rest config import_tasks: encrypt-at-rest.yml @@ -35,7 +35,7 @@ copy: src: "{{ downloads.kubectl.dest }}" dest: "{{ bin_dir }}/kubectl" - mode: 0755 + mode: "0755" remote_src: true tags: - kubectl @@ -53,7 +53,7 @@ path: /etc/bash_completion.d/kubectl.sh owner: root group: root - mode: 0755 + mode: "0755" when: ansible_os_family in ["Debian","RedHat"] tags: - kubectl @@ -101,13 +101,13 @@ template: src: k8s-certs-renew.sh.j2 dest: "{{ bin_dir }}/k8s-certs-renew.sh" - mode: 0755 + mode: "0755" - name: Renew K8S control plane certificates monthly 1/2 template: src: "{{ item }}.j2" dest: "/etc/systemd/system/{{ item }}" - mode: 0644 + mode: "0644" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{item}}'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 diff --git a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml index d39ea2b9f..13420c0b9 100644 --- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml +++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml @@ -8,7 +8,7 @@ template: src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2" dest: "{{ kube_config_dir }}/kubeadm-cert-controlplane.conf" - mode: 0640 + mode: "0640" vars: kubeadm_cert_controlplane: true diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index e8b5dceb6..2cb271a9e 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -69,7 +69,7 @@ dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml" content: "{{ kubeconfig_file_discovery.stdout }}" owner: "root" - mode: 0644 + mode: "0644" when: - not is_kube_master - not kubelet_conf.stat.exists @@ -80,14 +80,14 @@ src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2" dest: "{{ kube_config_dir }}/kubeadm-client.conf" backup: yes - mode: 0640 + mode: "0640" when: not is_kube_master - name: Kubeadm | Create directory to store kubeadm patches file: path: "{{ kubeadm_patches.dest_dir }}" state: directory - mode: 0640 + mode: "0640" when: kubeadm_patches is defined and kubeadm_patches.enabled - name: Kubeadm | Copy kubeadm patches from inventory files @@ -95,7 +95,7 @@ src: "{{ kubeadm_patches.source_dir }}/" dest: "{{ kubeadm_patches.dest_dir }}" owner: "root" - mode: 0644 + mode: "0644" when: kubeadm_patches is defined and kubeadm_patches.enabled - name: Join to cluster if needed diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index fb1e8adc5..a89ba94ef 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -3,7 +3,7 @@ copy: src: "{{ downloads.kubeadm.dest }}" dest: "{{ bin_dir }}/kubeadm" - mode: 0755 + mode: "0755" remote_src: true tags: - kubeadm @@ -14,7 +14,7 @@ copy: src: "{{ downloads.kubelet.dest }}" dest: "{{ bin_dir }}/kubelet" - mode: 0755 + mode: "0755" remote_src: true tags: - kubelet diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml index d8ff9e230..b63aefe1f 100644 --- a/roles/kubernetes/node/tasks/kubelet.yml +++ b/roles/kubernetes/node/tasks/kubelet.yml @@ -12,7 +12,7 @@ dest: "{{ kube_config_dir }}/kubelet.env" setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}" backup: yes - mode: 0600 + mode: "0600" notify: Node | restart kubelet tags: - kubelet @@ -22,7 +22,7 @@ template: src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubelet-config.yaml" - mode: 0600 + mode: "0600" notify: Kubelet | restart kubelet tags: - kubelet @@ -33,7 +33,7 @@ src: "kubelet.service.j2" dest: "/etc/systemd/system/kubelet.service" backup: "yes" - mode: 0600 + mode: "0600" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:kubelet.service'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 diff --git a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml index 7e5cfcedd..2d3454e5a 100644 --- a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml +++ b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml @@ -8,7 +8,7 @@ file: path: "{{ haproxy_config_dir }}" state: directory - mode: 0755 + mode: "0755" owner: root - name: Haproxy | Write haproxy configuration @@ -16,7 +16,7 @@ src: "loadbalancer/haproxy.cfg.j2" dest: "{{ haproxy_config_dir }}/haproxy.cfg" owner: root - mode: 0755 + mode: "0755" backup: yes - name: Haproxy | Get checksum from config @@ -31,4 +31,4 @@ template: src: manifests/haproxy.manifest.j2 dest: "{{ kube_manifest_dir }}/haproxy.yml" - mode: 0640 + mode: "0640" diff --git a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml index f7b04a624..7e3471593 100644 --- a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml +++ b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml @@ -10,4 +10,4 @@ template: src: manifests/kube-vip.manifest.j2 dest: "{{ kube_manifest_dir }}/kube-vip.yml" - mode: 0640 + mode: "0640" diff --git a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml index 5b82ff620..aeeacc80d 100644 --- a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml +++ b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml @@ -8,7 +8,7 @@ file: path: "{{ nginx_config_dir }}" state: directory - mode: 0700 + mode: "0700" owner: root - name: Nginx-proxy | Write nginx-proxy configuration @@ -16,7 +16,7 @@ src: "loadbalancer/nginx.conf.j2" dest: "{{ nginx_config_dir }}/nginx.conf" owner: root - mode: 0755 + mode: "0755" backup: yes - name: Nginx-proxy | Get checksum from config @@ -31,4 +31,4 @@ template: src: manifests/nginx-proxy.manifest.j2 dest: "{{ kube_manifest_dir }}/nginx-proxy.yml" - mode: 0640 + mode: "0640" diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 9e15b16d9..7dc211405 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -14,7 +14,7 @@ file: path: /var/lib/cni state: directory - mode: 0755 + mode: "0755" - name: Install kubelet binary import_tasks: install.yml @@ -74,7 +74,7 @@ file: path: "{{ item }}" state: directory - mode: 0755 + mode: "0755" loop: - /etc/modules-load.d - /etc/modprobe.d @@ -89,7 +89,7 @@ copy: dest: /etc/modules-load.d/kubespray-br_netfilter.conf content: br_netfilter - mode: 0644 + mode: "0644" when: modinfo_br_netfilter.rc == 0 # kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module @@ -162,7 +162,7 @@ content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}" dest: "{{ kube_config_dir }}/openstack-cacert.pem" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" when: - cloud_provider is defined - cloud_provider == 'openstack' @@ -176,7 +176,7 @@ src: "cloud-configs/{{ cloud_provider }}-cloud-config.j2" dest: "{{ kube_config_dir }}/cloud_config" group: "{{ kube_cert_group }}" - mode: 0640 + mode: "0640" when: - cloud_provider is defined - cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ] diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml index f77398986..2fff8ef56 100644 --- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml +++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml @@ -4,7 +4,7 @@ path: "{{ item }}" state: directory owner: "{{ kube_owner }}" - mode: 0755 + mode: "0755" when: inventory_hostname in groups['k8s_cluster'] become: true tags: @@ -28,7 +28,7 @@ path: "{{ item }}" state: directory owner: root - mode: 0755 + mode: "0755" when: inventory_hostname in groups['k8s_cluster'] become: true tags: @@ -61,7 +61,7 @@ src: "{{ kube_cert_dir }}" dest: "{{ kube_cert_compat_dir }}" state: link - mode: 0755 + mode: "0755" when: - inventory_hostname in groups['k8s_cluster'] - kube_cert_dir != kube_cert_compat_dir @@ -72,7 +72,7 @@ path: "{{ item }}" state: directory owner: "{{ kube_owner }}" - mode: 0755 + mode: "0755" with_items: - "/etc/cni/net.d" - "/opt/cni/bin" @@ -93,7 +93,7 @@ path: "{{ item }}" state: directory owner: "{{ kube_owner }}" - mode: 0755 + mode: "0755" with_items: - "/var/lib/calico" when: diff --git a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml index da5fc8516..6219161fa 100644 --- a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml +++ b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml @@ -19,7 +19,7 @@ create: yes backup: "{{ not resolvconf_stat.stat.islnk }}" marker: "# Ansible entries {mark}" - mode: 0644 + mode: "0644" notify: Preinstall | propagate resolvconf to k8s components - name: Remove search/domain/nameserver options before block @@ -53,6 +53,6 @@ dest: "{{ resolveconf_cloud_init_conf }}" src: resolvconf.j2 owner: root - mode: 0644 + mode: "0644" notify: Preinstall | update resolvconf for Flatcar Container Linux by Kinvolk when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml index 9edec2e64..f1aa8f5c3 100644 --- a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml +++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml @@ -3,7 +3,7 @@ file: state: directory name: /etc/systemd/resolved.conf.d/ - mode: 0755 + mode: "0755" - name: Write Kubespray DNS settings to systemd-resolved template: @@ -11,5 +11,5 @@ dest: /etc/systemd/resolved.conf.d/kubespray.conf owner: root group: root - mode: 0644 + mode: "0644" notify: Preinstall | Restart systemd-resolved diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml index 44d619160..ca51e88b9 100644 --- a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml +++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml @@ -11,7 +11,7 @@ [keyfile] unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico dest: /etc/NetworkManager/conf.d/calico.conf - mode: 0644 + mode: "0644" when: - kube_network_plugin == "calico" notify: Preinstall | reload NetworkManager @@ -24,5 +24,5 @@ [keyfile] unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns dest: /etc/NetworkManager/conf.d/k8s.conf - mode: 0644 + mode: "0644" notify: Preinstall | reload NetworkManager diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml index 47affa10c..cddbe1ecf 100644 --- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml +++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml @@ -30,7 +30,7 @@ Pin-Priority: 1001 dest: "/etc/apt/preferences.d/libseccomp2" owner: "root" - mode: 0644 + mode: "0644" - name: Update package management cache (APT) apt: diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml index 768cd62c9..c08a86e45 100644 --- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -29,7 +29,7 @@ state: present create: yes backup: yes - mode: 0644 + mode: "0644" when: - disable_ipv6_dns - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] @@ -67,7 +67,7 @@ file: name: "{{ sysctl_file_path | dirname }}" state: directory - mode: 0755 + mode: "0755" - name: Enable ip forwarding ansible.posix.sysctl: diff --git a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml index da4b312eb..b1e2feead 100644 --- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml @@ -40,7 +40,7 @@ template: src: "{{ ntp_config_file | basename }}.j2" dest: "{{ ntp_config_file }}" - mode: 0644 + mode: "0644" notify: Preinstall | restart ntp when: - ntp_manage_config diff --git a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml index 6bec16998..4ec9a69e6 100644 --- a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml +++ b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml @@ -23,7 +23,7 @@ backup: yes unsafe_writes: yes marker: "# Ansible inventory hosts {mark}" - mode: 0644 + mode: "0644" - name: Hosts | populate kubernetes loadbalancer address into hosts file lineinfile: diff --git a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml index da3814715..480edc86b 100644 --- a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml +++ b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml @@ -11,7 +11,7 @@ insertbefore: BOF backup: yes marker: "# Ansible entries {mark}" - mode: 0644 + mode: "0644" notify: Preinstall | propagate resolvconf to k8s components - name: Configure dhclient hooks for resolv.conf (non-RH) @@ -19,7 +19,7 @@ src: dhclient_dnsupdate.sh.j2 dest: "{{ dhclienthookfile }}" owner: root - mode: 0755 + mode: "0755" notify: Preinstall | propagate resolvconf to k8s components when: ansible_os_family not in [ "RedHat", "Suse" ] @@ -28,6 +28,6 @@ src: dhclient_dnsupdate_rh.sh.j2 dest: "{{ dhclienthookfile }}" owner: root - mode: 0755 + mode: "0755" notify: Preinstall | propagate resolvconf to k8s components when: ansible_os_family == "RedHat" diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml index 6ac6b4907..1dabf9657 100644 --- a/roles/kubernetes/tokens/tasks/gen_tokens.yml +++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml @@ -3,7 +3,7 @@ copy: src: "kube-gen-token.sh" dest: "{{ kube_script_dir }}/kube-gen-token.sh" - mode: 0700 + mode: "0700" run_once: yes delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens | default(false) diff --git a/roles/kubernetes/tokens/tasks/main.yml b/roles/kubernetes/tokens/tasks/main.yml index c9dfd071d..cab5a06bd 100644 --- a/roles/kubernetes/tokens/tasks/main.yml +++ b/roles/kubernetes/tokens/tasks/main.yml @@ -11,7 +11,7 @@ file: path: "{{ kube_token_dir }}" state: directory - mode: 0644 + mode: "0644" group: "{{ kube_cert_group }}" - name: Generate tokens diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml index 05aee39f1..599874fb5 100644 --- a/roles/kubespray-defaults/defaults/main/main.yml +++ b/roles/kubespray-defaults/defaults/main/main.yml @@ -402,7 +402,7 @@ metrics_server_enabled: false enable_network_policy: true local_path_provisioner_enabled: false local_volume_provisioner_enabled: false -local_volume_provisioner_directory_mode: 0700 +local_volume_provisioner_directory_mode: "0700" cinder_csi_enabled: false aws_ebs_csi_enabled: false azure_csi_enabled: false diff --git a/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml b/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml index fc336e464..d42917c4e 100644 --- a/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml +++ b/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml @@ -9,7 +9,7 @@ template: src: "calico-apiserver-ns.yml.j2" dest: "{{ kube_config_dir }}/calico-apiserver-ns.yml" - mode: 0644 + mode: "0644" - name: Calico | Apply ns manifests kube: @@ -21,21 +21,21 @@ file: path: /etc/calico/certs state: directory - mode: 0755 + mode: "0755" when: calico_apiserver_secret.rc != 0 - name: Calico | Copy ssl script for apiserver certs template: src: make-ssl-calico.sh.j2 dest: "{{ bin_dir }}/make-ssl-apiserver.sh" - mode: 0755 + mode: "0755" when: calico_apiserver_secret.rc != 0 - name: Calico | Copy ssl config for apiserver certs copy: src: openssl.conf dest: /etc/calico/certs/openssl.conf - mode: 0644 + mode: "0644" when: calico_apiserver_secret.rc != 0 - name: Calico | Generate apiserver certs diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 6b293dcb0..7f895b555 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -13,14 +13,14 @@ copy: src: "{{ downloads.calicoctl.dest }}" dest: "{{ bin_dir }}/calicoctl" - mode: 0755 + mode: "0755" remote_src: yes - name: Calico | Create calico certs directory file: dest: "{{ calico_cert_dir }}" state: directory - mode: 0750 + mode: "0750" owner: root group: root when: calico_datastore == "etcd" @@ -30,7 +30,7 @@ src: "{{ etcd_cert_dir }}/{{ item.s }}" dest: "{{ calico_cert_dir }}/{{ item.d }}" state: hard - mode: 0640 + mode: "0640" force: yes with_items: - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"} @@ -54,7 +54,7 @@ template: src: "calicoctl.{{ calico_datastore }}.sh.j2" dest: "{{ bin_dir }}/calicoctl.sh" - mode: 0755 + mode: "0755" owner: root group: root @@ -142,7 +142,7 @@ assemble: src: "{{ calico_kdd_path }}" dest: "{{ kube_config_dir }}/kdd-crds.yml" - mode: 0644 + mode: "0644" delimiter: "---\n" regexp: ".*\\.yaml" remote_src: true @@ -372,7 +372,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: calico-config, file: calico-config.yml, type: cm} - {name: calico-node, file: calico-node.yml, type: ds} @@ -389,7 +389,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: calico, file: calico-typha.yml, type: typha} register: calico_node_typha_manifest @@ -416,7 +416,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: calico, file: calico-apiserver.yml, type: calico-apiserver} register: calico_apiserver_manifest @@ -469,7 +469,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: calico, file: calico-ipamconfig.yml, type: ipam} when: diff --git a/roles/network_plugin/calico/tasks/typha_certs.yml b/roles/network_plugin/calico/tasks/typha_certs.yml index 5d3f27921..ad87f5a02 100644 --- a/roles/network_plugin/calico/tasks/typha_certs.yml +++ b/roles/network_plugin/calico/tasks/typha_certs.yml @@ -9,21 +9,22 @@ file: path: /etc/calico/certs state: directory - mode: 0755 + mode: "0755" when: typha_server_secret.rc != 0 - name: Calico | Copy ssl script for typha certs template: src: make-ssl-calico.sh.j2 dest: "{{ bin_dir }}/make-ssl-typha.sh" - mode: 0755 + mode: "0755" + when: typha_server_secret.rc != 0 - name: Calico | Copy ssl config for typha certs copy: src: openssl.conf dest: /etc/calico/certs/openssl.conf - mode: 0644 + mode: "0644" when: typha_server_secret.rc != 0 - name: Calico | Generate typha certs diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml index d531d7241..1039953a0 100644 --- a/roles/network_plugin/cilium/tasks/install.yml +++ b/roles/network_plugin/cilium/tasks/install.yml @@ -10,7 +10,7 @@ file: dest: "{{ cilium_cert_dir }}" state: directory - mode: 0750 + mode: "0750" owner: root group: root when: @@ -20,7 +20,7 @@ file: src: "{{ etcd_cert_dir }}/{{ item.s }}" dest: "{{ cilium_cert_dir }}/{{ item.d }}" - mode: 0644 + mode: "0644" state: hard force: yes loop: @@ -36,7 +36,7 @@ state: directory owner: root group: root - mode: 0755 + mode: "0755" when: - inventory_hostname == groups['kube_control_plane'][0] - cilium_hubble_install @@ -45,7 +45,7 @@ template: src: "{{ item.name }}/{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.name }}-{{ item.file }}" - mode: 0644 + mode: "0644" loop: - {name: cilium, file: config.yml, type: cm} - {name: cilium-operator, file: crb.yml, type: clusterrolebinding} @@ -66,7 +66,7 @@ template: src: "{{ item.name }}/{{ item.file }}.j2" dest: "{{ kube_config_dir }}/addons/hubble/{{ item.name }}-{{ item.file }}" - mode: 0644 + mode: "0644" loop: - {name: hubble, file: config.yml, type: cm} - {name: hubble, file: crb.yml, type: clusterrolebinding} @@ -86,12 +86,12 @@ template: src: 000-cilium-portmap.conflist.j2 dest: /etc/cni/net.d/000-cilium-portmap.conflist - mode: 0644 + mode: "0644" when: cilium_enable_portmap - name: Cilium | Copy Ciliumcli binary from download dir copy: src: "{{ local_release_dir }}/cilium" dest: "{{ bin_dir }}/cilium" - mode: 0755 + mode: "0755" remote_src: yes diff --git a/roles/network_plugin/cni/tasks/main.yml b/roles/network_plugin/cni/tasks/main.yml index bcab4efb9..8ac0dc53a 100644 --- a/roles/network_plugin/cni/tasks/main.yml +++ b/roles/network_plugin/cni/tasks/main.yml @@ -3,7 +3,7 @@ file: path: /opt/cni/bin state: directory - mode: 0755 + mode: "0755" owner: "{{ cni_bin_owner }}" recurse: true @@ -11,6 +11,6 @@ unarchive: src: "{{ downloads.cni.dest }}" dest: "/opt/cni/bin" - mode: 0755 + mode: "0755" owner: "{{ cni_bin_owner }}" remote_src: yes diff --git a/roles/network_plugin/custom_cni/tasks/main.yml b/roles/network_plugin/custom_cni/tasks/main.yml index 8f5b4195f..a1397c828 100644 --- a/roles/network_plugin/custom_cni/tasks/main.yml +++ b/roles/network_plugin/custom_cni/tasks/main.yml @@ -12,7 +12,7 @@ template: src: "{{ item }}" dest: "{{ kube_config_dir }}/{{ item | basename | replace('.j2', '') }}" - mode: 0644 + mode: "0644" loop: "{{ custom_cni_manifests }}" delegate_to: "{{ groups['kube_control_plane'] | first }}" run_once: true diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml index 2fd82e938..94603fcf5 100644 --- a/roles/network_plugin/flannel/tasks/main.yml +++ b/roles/network_plugin/flannel/tasks/main.yml @@ -12,7 +12,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: flannel, file: cni-flannel-rbac.yml, type: sa} - {name: kube-flannel, file: cni-flannel.yml, type: ds} diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml index 44850e544..8b962072b 100644 --- a/roles/network_plugin/kube-ovn/defaults/main.yml +++ b/roles/network_plugin/kube-ovn/defaults/main.yml @@ -115,4 +115,4 @@ kube_ovn_ls_dnat_mod_dl_dst: true kube_ovn_keep_vm_ip: true ## cni config priority, default: 01 -kube_ovn_cni_config_priority: 01 +kube_ovn_cni_config_priority: '01' diff --git a/roles/network_plugin/kube-ovn/tasks/main.yml b/roles/network_plugin/kube-ovn/tasks/main.yml index ab45b6292..a8b942792 100644 --- a/roles/network_plugin/kube-ovn/tasks/main.yml +++ b/roles/network_plugin/kube-ovn/tasks/main.yml @@ -9,7 +9,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml} - {name: ovn, file: cni-ovn.yml} diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml index b6367f074..d47a0d1e2 100644 --- a/roles/network_plugin/kube-router/tasks/main.yml +++ b/roles/network_plugin/kube-router/tasks/main.yml @@ -9,13 +9,13 @@ state: directory owner: "{{ kube_owner }}" recurse: true - mode: 0755 + mode: "0755" - name: Kube-router | Create kubeconfig template: src: kubeconfig.yml.j2 dest: /var/lib/kube-router/kubeconfig - mode: 0644 + mode: "0644" owner: "{{ kube_owner }}" notify: - Reset_kube_router @@ -43,7 +43,7 @@ template: src: cni-conf.json.j2 dest: /etc/cni/net.d/10-kuberouter.conflist - mode: 0644 + mode: "0644" owner: "{{ kube_owner }}" notify: - Reset_kube_router @@ -57,6 +57,6 @@ template: src: kube-router.yml.j2 dest: "{{ kube_config_dir }}/kube-router.yml" - mode: 0644 + mode: "0644" delegate_to: "{{ groups['kube_control_plane'] | first }}" run_once: true diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml index f7c302771..165030d59 100644 --- a/roles/network_plugin/macvlan/tasks/main.yml +++ b/roles/network_plugin/macvlan/tasks/main.yml @@ -23,7 +23,7 @@ template: src: debian-network-macvlan.cfg.j2 dest: /etc/network/interfaces.d/60-mac0.cfg - mode: 0644 + mode: "0644" notify: Macvlan | restart network when: ansible_os_family in ["Debian"] @@ -53,7 +53,7 @@ template: src: "{{ item.src }}.j2" dest: "/etc/sysconfig/network-scripts/{{ item.dst }}" - mode: 0644 + mode: "0644" with_items: - {src: centos-network-macvlan.cfg, dst: ifcfg-mac0 } - {src: centos-routes-macvlan.cfg, dst: route-mac0 } @@ -67,7 +67,7 @@ template: src: coreos-service-nat_ouside.j2 dest: /etc/systemd/system/enable_nat_ouside.service - mode: 0644 + mode: "0644" when: enable_nat_default_gateway - name: Macvlan | Enable service nat via gateway on Flatcar Container Linux @@ -81,7 +81,7 @@ template: src: "{{ item.src }}.j2" dest: "/etc/systemd/network/{{ item.dst }}" - mode: 0644 + mode: "0644" with_items: - {src: coreos-device-macvlan.cfg, dst: macvlan.netdev } - {src: coreos-interface-macvlan.cfg, dst: output.network } @@ -92,13 +92,13 @@ template: src: 10-macvlan.conf.j2 dest: /etc/cni/net.d/10-macvlan.conf - mode: 0644 + mode: "0644" - name: Macvlan | Install loopback definition for Macvlan template: src: 99-loopback.conf.j2 dest: /etc/cni/net.d/99-loopback.conf - mode: 0644 + mode: "0644" - name: Enable net.ipv4.conf.all.arp_notify in sysctl ansible.posix.sysctl: diff --git a/roles/network_plugin/multus/tasks/main.yml b/roles/network_plugin/multus/tasks/main.yml index 1428929cc..0869da7b5 100644 --- a/roles/network_plugin/multus/tasks/main.yml +++ b/roles/network_plugin/multus/tasks/main.yml @@ -3,7 +3,7 @@ copy: src: "{{ item.file }}" dest: "{{ kube_config_dir }}" - mode: 0644 + mode: "0644" with_items: - {name: multus-crd, file: multus-crd.yml, type: customresourcedefinition} - {name: multus-serviceaccount, file: multus-serviceaccount.yml, type: serviceaccount} @@ -20,7 +20,7 @@ template: src: multus-daemonset.yml.j2 dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: multus-daemonset-containerd, file: multus-daemonset-containerd.yml, type: daemonset, engine: containerd } - {name: multus-daemonset-docker, file: multus-daemonset-docker.yml, type: daemonset, engine: docker } diff --git a/roles/network_plugin/ovn4nfv/tasks/main.yml b/roles/network_plugin/ovn4nfv/tasks/main.yml index 777fd9a2d..a16f3ec6f 100644 --- a/roles/network_plugin/ovn4nfv/tasks/main.yml +++ b/roles/network_plugin/ovn4nfv/tasks/main.yml @@ -9,7 +9,7 @@ template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" - mode: 0644 + mode: "0644" with_items: - {name: ovn-daemonset, file: ovn-daemonset.yml} - {name: ovn4nfv-k8s-plugin, file: ovn4nfv-k8s-plugin.yml} diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index ae4a5a467..ccb431352 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -3,10 +3,10 @@ template: src: weave-net.yml.j2 dest: "{{ kube_config_dir }}/weave-net.yml" - mode: 0644 + mode: "0644" - name: Weave | Fix nodePort for Weave template: src: 10-weave.conflist.j2 dest: /etc/cni/net.d/10-weave.conflist - mode: 0644 + mode: "0644" diff --git a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml index 388962875..32db5799e 100644 --- a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml +++ b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml @@ -13,7 +13,7 @@ copy: src: "{{ etcd_snapshot }}" dest: /tmp/snapshot.db - mode: 0640 + mode: "0640" when: etcd_snapshot is defined - name: Stop etcd diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 0f13f686b..9869cbc78 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -261,7 +261,7 @@ path: "{{ filedir_path }}" state: touch attributes: "-i" - mode: 0644 + mode: "0644" loop: "{{ var_lib_kubelet_files_dirs_w_attrs.stdout_lines | select('search', 'Immutable') | list }}" loop_control: loop_var: file_dir_line diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml index 923a6a85c..0234c0733 100644 --- a/scripts/collect-info.yaml +++ b/scripts/collect-info.yaml @@ -140,7 +140,7 @@ path: "/tmp/{{ archive_dirname }}" dest: "{{ dir | default('.') }}/logs.tar.gz" remove: true - mode: 0640 + mode: "0640" delegate_to: localhost connection: local become: false diff --git a/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml b/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml index 99c1c1c87..c54be15c6 100644 --- a/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml +++ b/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml @@ -4,14 +4,14 @@ file: state: directory path: "{{ images_dir }}" - mode: 0755 + mode: "0755" - name: Download images files get_url: url: "{{ item.value.url }}" dest: "{{ images_dir }}/{{ item.value.filename }}" checksum: "{{ item.value.checksum }}" - mode: 0644 + mode: "0644" loop: "{{ images | dict2items }}" - name: Unxz compressed images @@ -41,7 +41,7 @@ template: src: Dockerfile dest: "{{ images_dir }}/Dockerfile" - mode: 0644 + mode: "0644" - name: Create docker images for each OS command: docker build -t {{ registry }}/vm-{{ item.key }}:{{ item.value.tag }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }} diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml index 39b3d5c78..2a73b674d 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml @@ -10,7 +10,7 @@ file: path: "/tmp/{{ test_name }}" state: directory - mode: 0755 + mode: "0755" - name: Template vm files for CI job set_fact: @@ -45,6 +45,6 @@ template: src: "inventory.j2" dest: "{{ inventory_path }}" - mode: 0644 + mode: "0644" vars: vms: "{{ vm_ips }}" diff --git a/tests/testcases/100_check-k8s-conformance.yml b/tests/testcases/100_check-k8s-conformance.yml index 0247793db..3c07ffe46 100644 --- a/tests/testcases/100_check-k8s-conformance.yml +++ b/tests/testcases/100_check-k8s-conformance.yml @@ -18,7 +18,7 @@ get_url: url: "https://github.com/heptio/sonobuoy/releases/download/v{{ sonobuoy_version }}/sonobuoy_{{ sonobuoy_version }}_linux_{{ sonobuoy_arch }}.tar.gz" dest: /tmp/sonobuoy.tar.gz - mode: 0644 + mode: "0644" - name: Extract sonobuoy unarchive: diff --git a/tests/testcases/roles/cluster-dump/tasks/main.yml b/tests/testcases/roles/cluster-dump/tasks/main.yml index c8a7e2eca..348dea7dd 100644 --- a/tests/testcases/roles/cluster-dump/tasks/main.yml +++ b/tests/testcases/roles/cluster-dump/tasks/main.yml @@ -8,7 +8,7 @@ community.general.archive: path: /tmp/cluster-dump dest: /tmp/cluster-dump.tgz - mode: 0644 + mode: "0644" when: inventory_hostname in groups['kube_control_plane'] - name: Fetch dump file