diff --git a/.yamllint b/.yamllint index eb061917e..56786e0a9 100644 --- a/.yamllint +++ b/.yamllint @@ -26,4 +26,3 @@ rules: octal-values: forbid-implicit-octal: true # yamllint defaults to false forbid-explicit-octal: true # yamllint defaults to false - truthy: disable diff --git a/contrib/azurerm/generate-inventory.yml b/contrib/azurerm/generate-inventory.yml index 01ee38662..59e1e90b6 100644 --- a/contrib/azurerm/generate-inventory.yml +++ b/contrib/azurerm/generate-inventory.yml @@ -1,6 +1,6 @@ --- - name: Generate Azure inventory hosts: localhost - gather_facts: False + gather_facts: false roles: - generate-inventory diff --git a/contrib/azurerm/generate-inventory_2.yml b/contrib/azurerm/generate-inventory_2.yml index 9173e1d82..8c2cbff86 100644 --- a/contrib/azurerm/generate-inventory_2.yml +++ b/contrib/azurerm/generate-inventory_2.yml @@ -1,6 +1,6 @@ --- - name: Generate Azure inventory hosts: localhost - gather_facts: False + gather_facts: false roles: - generate-inventory_2 diff --git a/contrib/azurerm/generate-templates.yml b/contrib/azurerm/generate-templates.yml index f1fcb626f..f2cf231bc 100644 --- a/contrib/azurerm/generate-templates.yml +++ b/contrib/azurerm/generate-templates.yml @@ -1,6 +1,6 @@ --- - name: Generate Azure templates hosts: localhost - gather_facts: False + gather_facts: false roles: - generate-templates diff --git a/contrib/dind/dind-cluster.yaml b/contrib/dind/dind-cluster.yaml index 258837d08..0c61c3f2d 100644 --- a/contrib/dind/dind-cluster.yaml +++ b/contrib/dind/dind-cluster.yaml @@ -1,7 +1,7 @@ --- - name: Create nodes as docker containers hosts: localhost - gather_facts: False + gather_facts: false roles: - { role: dind-host } diff --git a/contrib/dind/kubespray-dind.yaml b/contrib/dind/kubespray-dind.yaml index ecfb5573a..6d57cf00d 100644 --- a/contrib/dind/kubespray-dind.yaml +++ b/contrib/dind/kubespray-dind.yaml @@ -15,7 +15,7 @@ docker_storage_options: -s overlay2 --storage-opt overlay2.override_kernel_check dns_mode: coredns -deploy_netchecker: True +deploy_netchecker: true netcheck_agent_image_repo: quay.io/l23network/k8s-netchecker-agent netcheck_server_image_repo: quay.io/l23network/k8s-netchecker-server netcheck_agent_image_tag: v1.0 diff --git a/contrib/dind/roles/dind-cluster/tasks/main.yaml b/contrib/dind/roles/dind-cluster/tasks/main.yaml index dcb086c64..1a3630f9f 100644 --- a/contrib/dind/roles/dind-cluster/tasks/main.yaml +++ b/contrib/dind/roles/dind-cluster/tasks/main.yaml @@ -14,7 +14,7 @@ src: "/bin/true" dest: "{{ item }}" state: link - force: yes + force: true with_items: # DIND box may have swap enable, don't bother - /sbin/swapoff @@ -58,7 +58,7 @@ name: "{{ distro_user }}" uid: 1000 # groups: sudo - append: yes + append: true - name: Allow password-less sudo to "{{ distro_user }}" copy: diff --git a/contrib/dind/roles/dind-host/tasks/main.yaml b/contrib/dind/roles/dind-host/tasks/main.yaml index 56c8ff4c5..e0dc71008 100644 --- a/contrib/dind/roles/dind-host/tasks/main.yaml +++ b/contrib/dind/roles/dind-host/tasks/main.yaml @@ -19,7 +19,7 @@ state: started hostname: "{{ item }}" command: "{{ distro_init }}" - # recreate: yes + # recreate: true privileged: true tmpfs: - /sys/module/nf_conntrack/parameters diff --git a/contrib/kvm-setup/kvm-setup.yml b/contrib/kvm-setup/kvm-setup.yml index b8d440587..73b819789 100644 --- a/contrib/kvm-setup/kvm-setup.yml +++ b/contrib/kvm-setup/kvm-setup.yml @@ -1,8 +1,8 @@ --- - name: Prepare Hypervisor to later install kubespray VMs hosts: localhost - gather_facts: False - become: yes + gather_facts: false + become: true vars: bootstrap_os: none roles: diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/main.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/main.yml index 3e8ade645..dfcd3be73 100644 --- a/contrib/kvm-setup/roles/kvm-setup/tasks/main.yml +++ b/contrib/kvm-setup/roles/kvm-setup/tasks/main.yml @@ -11,12 +11,12 @@ - name: Install required packages apt: - upgrade: yes - update_cache: yes + upgrade: true + update_cache: true cache_valid_time: 3600 name: "{{ item }}" state: present - install_recommends: no + install_recommends: false with_items: - dnsutils - ntp diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml index 6934eccf3..75b7ff8fd 100644 --- a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml +++ b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml @@ -30,7 +30,7 @@ value: 1 sysctl_file: "{{ sysctl_file_path }}" state: present - reload: yes + reload: true - name: Set bridge-nf-call-{arptables,iptables} to 0 ansible.posix.sysctl: @@ -38,7 +38,7 @@ state: present value: 0 sysctl_file: "{{ sysctl_file_path }}" - reload: yes + reload: true with_items: - net.bridge.bridge-nf-call-arptables - net.bridge.bridge-nf-call-ip6tables diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/README.md b/contrib/network-storage/glusterfs/roles/glusterfs/README.md index dda243df0..9e5bf5dcf 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/README.md +++ b/contrib/network-storage/glusterfs/roles/glusterfs/README.md @@ -21,7 +21,7 @@ glusterfs_default_release: "" You can specify a `default_release` for apt on Debian/Ubuntu by overriding this variable. This is helpful if you need a different package or version for the main GlusterFS packages (e.g. GlusterFS 3.5.x instead of 3.2.x with the `wheezy-backports` default release on Debian Wheezy). ```yaml -glusterfs_ppa_use: yes +glusterfs_ppa_use: true glusterfs_ppa_version: "3.5" ``` diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/defaults/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/defaults/main.yml index b9f0d2d1d..c3fff2e63 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/client/defaults/main.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/client/defaults/main.yml @@ -1,7 +1,7 @@ --- # For Ubuntu. glusterfs_default_release: "" -glusterfs_ppa_use: yes +glusterfs_ppa_use: true glusterfs_ppa_version: "4.1" # Gluster configuration. diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml index da7a4d8de..0d7cc1874 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml @@ -3,7 +3,7 @@ apt_repository: repo: 'ppa:gluster/glusterfs-{{ glusterfs_ppa_version }}' state: present - update_cache: yes + update_cache: true register: glusterfs_ppa_added when: glusterfs_ppa_use diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/defaults/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/defaults/main.yml index ef9a71eba..7d6e1025b 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/server/defaults/main.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/defaults/main.yml @@ -1,7 +1,7 @@ --- # For Ubuntu. glusterfs_default_release: "" -glusterfs_ppa_use: yes +glusterfs_ppa_use: true glusterfs_ppa_version: "3.12" # Gluster configuration. diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml index 6bdc41420..a9f7698a3 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml @@ -43,7 +43,7 @@ service: name: "{{ glusterfs_daemon }}" state: started - enabled: yes + enabled: true - name: Ensure Gluster brick and mount directories exist. file: @@ -62,7 +62,7 @@ replicas: "{{ groups['gfs-cluster'] | length }}" cluster: "{% for item in groups['gfs-cluster'] -%}{{ hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4['address']) }}{% if not loop.last %},{% endif %}{%- endfor %}" host: "{{ inventory_hostname }}" - force: yes + force: true run_once: true when: groups['gfs-cluster'] | length > 1 @@ -73,7 +73,7 @@ brick: "{{ gluster_brick_dir }}" cluster: "{% for item in groups['gfs-cluster'] -%}{{ hostvars[item]['ip'] | default(hostvars[item].ansible_default_ipv4['address']) }}{% if not loop.last %},{% endif %}{%- endfor %}" host: "{{ inventory_hostname }}" - force: yes + force: true run_once: true when: groups['gfs-cluster'] | length <= 1 diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml index 104735903..4d4b1b4b8 100644 --- a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml +++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml @@ -3,7 +3,7 @@ apt_repository: repo: 'ppa:gluster/glusterfs-{{ glusterfs_ppa_version }}' state: present - update_cache: yes + update_cache: true register: glusterfs_ppa_added when: glusterfs_ppa_use diff --git a/contrib/network-storage/heketi/heketi-tear-down.yml b/contrib/network-storage/heketi/heketi-tear-down.yml index e64f085cb..8c9d1c3a0 100644 --- a/contrib/network-storage/heketi/heketi-tear-down.yml +++ b/contrib/network-storage/heketi/heketi-tear-down.yml @@ -6,6 +6,6 @@ - name: Teardown disks in heketi hosts: heketi-node - become: yes + become: true roles: - { role: tear-down-disks } diff --git a/contrib/offline/generate_list.yml b/contrib/offline/generate_list.yml index 6b2bcf806..f103d031f 100644 --- a/contrib/offline/generate_list.yml +++ b/contrib/offline/generate_list.yml @@ -1,7 +1,7 @@ --- - name: Collect container images for offline deployment hosts: localhost - become: no + become: false roles: # Just load default variables from roles. diff --git a/contrib/os-services/roles/prepare/tasks/main.yml b/contrib/os-services/roles/prepare/tasks/main.yml index 177712e42..487b3b6f1 100644 --- a/contrib/os-services/roles/prepare/tasks/main.yml +++ b/contrib/os-services/roles/prepare/tasks/main.yml @@ -10,7 +10,7 @@ systemd_service: name: firewalld state: stopped - enabled: no + enabled: false when: "'firewalld.service' in services and services['firewalld.service'].status != 'not-found'" @@ -18,6 +18,6 @@ systemd_service: name: ufw state: stopped - enabled: no + enabled: false when: "'ufw.service' in services and services['ufw.service'].status != 'not-found'" diff --git a/extra_playbooks/upgrade-only-k8s.yml b/extra_playbooks/upgrade-only-k8s.yml index 4207f8d28..5f396fa28 100644 --- a/extra_playbooks/upgrade-only-k8s.yml +++ b/extra_playbooks/upgrade-only-k8s.yml @@ -12,7 +12,7 @@ - name: Setup ssh config to use the bastion hosts: localhost - gather_facts: False + gather_facts: false roles: - { role: kubespray-defaults} - { role: bastion-ssh-config, tags: ["localhost", "bastion"]} diff --git a/playbooks/ansible_version.yml b/playbooks/ansible_version.yml index aa2d6b476..2c8bac63c 100644 --- a/playbooks/ansible_version.yml +++ b/playbooks/ansible_version.yml @@ -2,7 +2,7 @@ - name: Check Ansible version hosts: all gather_facts: false - become: no + become: false run_once: true vars: minimal_ansible_version: 2.16.4 diff --git a/playbooks/boilerplate.yml b/playbooks/boilerplate.yml index 137a4c2c5..eafa9b42f 100644 --- a/playbooks/boilerplate.yml +++ b/playbooks/boilerplate.yml @@ -51,7 +51,7 @@ - name: Install bastion ssh config hosts: bastion[0] - gather_facts: False + gather_facts: false environment: "{{ proxy_disable_env }}" roles: - { role: kubespray-defaults } diff --git a/playbooks/cluster.yml b/playbooks/cluster.yml index c433a8c69..ca67a28d3 100644 --- a/playbooks/cluster.yml +++ b/playbooks/cluster.yml @@ -7,7 +7,7 @@ - name: Prepare for etcd install hosts: k8s_cluster:etcd - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -21,7 +21,7 @@ - name: Install Kubernetes nodes hosts: k8s_cluster - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -30,7 +30,7 @@ - name: Install the control plane hosts: kube_control_plane - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -41,7 +41,7 @@ - name: Invoke kubeadm and install a CNI hosts: k8s_cluster - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -54,7 +54,7 @@ - name: Install Calico Route Reflector hosts: calico_rr - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -63,7 +63,7 @@ - name: Patch Kubernetes for Windows hosts: kube_control_plane[0] - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -72,7 +72,7 @@ - name: Install Kubernetes apps hosts: kube_control_plane - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -86,7 +86,7 @@ - name: Apply resolv.conf changes now that cluster DNS is up hosts: k8s_cluster - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: diff --git a/playbooks/facts.yml b/playbooks/facts.yml index 77823aca4..d35eea80c 100644 --- a/playbooks/facts.yml +++ b/playbooks/facts.yml @@ -15,7 +15,7 @@ - name: Gather facts hosts: k8s_cluster:etcd:calico_rr - gather_facts: False + gather_facts: false tags: always tasks: - name: Gather minimal facts diff --git a/playbooks/install_etcd.yml b/playbooks/install_etcd.yml index b8e4d1d89..1f585119c 100644 --- a/playbooks/install_etcd.yml +++ b/playbooks/install_etcd.yml @@ -16,7 +16,7 @@ - name: Install etcd hosts: etcd:kube_control_plane:_kubespray_needs_etcd - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: diff --git a/playbooks/remove_node.yml b/playbooks/remove_node.yml index e01338965..f994dae43 100644 --- a/playbooks/remove_node.yml +++ b/playbooks/remove_node.yml @@ -4,13 +4,13 @@ - name: Confirm node removal hosts: "{{ node | default('etcd:k8s_cluster:calico_rr') }}" - gather_facts: no + gather_facts: false tasks: - name: Confirm Execution pause: prompt: "Are you sure you want to delete nodes state? Type 'yes' to delete nodes." register: pause_result - run_once: True + run_once: true when: - not (skip_confirmation | default(false) | bool) @@ -25,7 +25,7 @@ - name: Reset node hosts: "{{ node | default('kube_node') }}" - gather_facts: no + gather_facts: false environment: "{{ proxy_disable_env }}" roles: - { role: kubespray-defaults, when: reset_nodes | default(True) | bool } @@ -36,7 +36,7 @@ # Currently cannot remove first master or etcd - name: Post node removal hosts: "{{ node | default('kube_control_plane[1:]:etcd[1:]') }}" - gather_facts: no + gather_facts: false environment: "{{ proxy_disable_env }}" roles: - { role: kubespray-defaults, when: reset_nodes | default(True) | bool } diff --git a/playbooks/reset.yml b/playbooks/reset.yml index 5742bd844..6fa18c0ac 100644 --- a/playbooks/reset.yml +++ b/playbooks/reset.yml @@ -7,13 +7,13 @@ - name: Reset cluster hosts: etcd:k8s_cluster:calico_rr - gather_facts: False + gather_facts: false pre_tasks: - name: Reset Confirmation pause: prompt: "Are you sure you want to reset cluster state? Type 'yes' to reset your cluster." register: reset_confirmation_prompt - run_once: True + run_once: true when: - not (skip_confirmation | default(false) | bool) - reset_confirmation is not defined diff --git a/playbooks/scale.yml b/playbooks/scale.yml index 171e37832..ef0936607 100644 --- a/playbooks/scale.yml +++ b/playbooks/scale.yml @@ -7,7 +7,7 @@ - name: Generate the etcd certificates beforehand hosts: etcd:kube_control_plane - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -24,7 +24,7 @@ - name: Download images to ansible host cache via first kube_control_plane node hosts: kube_control_plane[0] - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -34,7 +34,7 @@ - name: Target only workers to get kubelet installed and checking in on any new nodes(engine) hosts: kube_node - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -53,7 +53,7 @@ - name: Target only workers to get kubelet installed and checking in on any new nodes(node) hosts: kube_node - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -63,7 +63,7 @@ - name: Upload control plane certs and retrieve encryption key hosts: kube_control_plane | first environment: "{{ proxy_disable_env }}" - gather_facts: False + gather_facts: false tags: kubeadm roles: - { role: kubespray-defaults } @@ -84,7 +84,7 @@ - name: Target only workers to get kubelet installed and checking in on any new nodes(network) hosts: kube_node - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -96,7 +96,7 @@ - name: Apply resolv.conf changes now that cluster DNS is up hosts: k8s_cluster - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: diff --git a/playbooks/upgrade_cluster.yml b/playbooks/upgrade_cluster.yml index 3180fec93..99511a820 100644 --- a/playbooks/upgrade_cluster.yml +++ b/playbooks/upgrade_cluster.yml @@ -7,7 +7,7 @@ - name: Download images to ansible host cache via first kube_control_plane node hosts: kube_control_plane[0] - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -17,7 +17,7 @@ - name: Prepare nodes for upgrade hosts: k8s_cluster:etcd:calico_rr - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -27,7 +27,7 @@ - name: Upgrade container engine on non-cluster nodes hosts: etcd:calico_rr:!k8s_cluster - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" serial: "{{ serial | default('20%') }}" @@ -39,7 +39,7 @@ import_playbook: install_etcd.yml - name: Handle upgrades to master components first to maintain backwards compat. - gather_facts: False + gather_facts: false hosts: kube_control_plane any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" @@ -62,7 +62,7 @@ - name: Upgrade calico and external cloud provider on all masters, calico-rrs, and nodes hosts: kube_control_plane:calico_rr:kube_node - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" serial: "{{ serial | default('20%') }}" environment: "{{ proxy_disable_env }}" @@ -75,7 +75,7 @@ - name: Finally handle worker upgrades, based on given batch size hosts: kube_node:calico_rr:!kube_control_plane - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" serial: "{{ serial | default('20%') }}" @@ -93,7 +93,7 @@ - name: Patch Kubernetes for Windows hosts: kube_control_plane[0] - gather_facts: False + gather_facts: false any_errors_fatal: true environment: "{{ proxy_disable_env }}" roles: @@ -102,7 +102,7 @@ - name: Install Calico Route Reflector hosts: calico_rr - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -111,7 +111,7 @@ - name: Install Kubernetes apps hosts: kube_control_plane - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: @@ -122,7 +122,7 @@ - name: Apply resolv.conf changes now that cluster DNS is up hosts: k8s_cluster - gather_facts: False + gather_facts: false any_errors_fatal: "{{ any_errors_fatal | default(true) }}" environment: "{{ proxy_disable_env }}" roles: diff --git a/roles/adduser/defaults/main.yml b/roles/adduser/defaults/main.yml index df3fc2d02..3307032e0 100644 --- a/roles/adduser/defaults/main.yml +++ b/roles/adduser/defaults/main.yml @@ -7,14 +7,14 @@ addusers: etcd: name: etcd comment: "Etcd user" - create_home: no - system: yes + create_home: false + system: true shell: /sbin/nologin kube: name: kube comment: "Kubernetes user" - create_home: no - system: yes + create_home: false + system: true shell: /sbin/nologin group: "{{ kube_cert_group }}" diff --git a/roles/adduser/vars/coreos.yml b/roles/adduser/vars/coreos.yml index 5c258df6e..60fb05cf0 100644 --- a/roles/adduser/vars/coreos.yml +++ b/roles/adduser/vars/coreos.yml @@ -3,6 +3,6 @@ addusers: - name: kube comment: "Kubernetes user" shell: /sbin/nologin - system: yes + system: true group: "{{ kube_cert_group }}" - create_home: no + create_home: false diff --git a/roles/adduser/vars/debian.yml b/roles/adduser/vars/debian.yml index 99e5b3821..b14b8612e 100644 --- a/roles/adduser/vars/debian.yml +++ b/roles/adduser/vars/debian.yml @@ -2,14 +2,14 @@ addusers: - name: etcd comment: "Etcd user" - create_home: yes + create_home: true home: "{{ etcd_data_dir }}" - system: yes + system: true shell: /sbin/nologin - name: kube comment: "Kubernetes user" - create_home: no - system: yes + create_home: false + system: true shell: /sbin/nologin group: "{{ kube_cert_group }}" diff --git a/roles/adduser/vars/redhat.yml b/roles/adduser/vars/redhat.yml index 99e5b3821..b14b8612e 100644 --- a/roles/adduser/vars/redhat.yml +++ b/roles/adduser/vars/redhat.yml @@ -2,14 +2,14 @@ addusers: - name: etcd comment: "Etcd user" - create_home: yes + create_home: true home: "{{ etcd_data_dir }}" - system: yes + system: true shell: /sbin/nologin - name: kube comment: "Kubernetes user" - create_home: no - system: yes + create_home: false + system: true shell: /sbin/nologin group: "{{ kube_cert_group }}" diff --git a/roles/bootstrap-os/molecule/default/converge.yml b/roles/bootstrap-os/molecule/default/converge.yml index 1f44ec9ca..89a832559 100644 --- a/roles/bootstrap-os/molecule/default/converge.yml +++ b/roles/bootstrap-os/molecule/default/converge.yml @@ -1,6 +1,6 @@ --- - name: Converge hosts: all - gather_facts: no + gather_facts: false roles: - role: bootstrap-os diff --git a/roles/bootstrap-os/tasks/amzn.yml b/roles/bootstrap-os/tasks/amzn.yml index 0da5591ca..8a473a07f 100644 --- a/roles/bootstrap-os/tasks/amzn.yml +++ b/roles/bootstrap-os/tasks/amzn.yml @@ -8,9 +8,9 @@ file: epel description: Extra Packages for Enterprise Linux 7 - $basearch baseurl: http://download.fedoraproject.org/pub/epel/7/$basearch - gpgcheck: yes + gpgcheck: true gpgkey: http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 - skip_if_unavailable: yes - enabled: yes - repo_gpgcheck: no + skip_if_unavailable: true + enabled: true + repo_gpgcheck: false when: epel_enabled diff --git a/roles/bootstrap-os/tasks/centos.yml b/roles/bootstrap-os/tasks/centos.yml index fc9a3cf0c..304a37b07 100644 --- a/roles/bootstrap-os/tasks/centos.yml +++ b/roles/bootstrap-os/tasks/centos.yml @@ -119,9 +119,9 @@ - name: Check presence of fastestmirror.conf stat: path: /etc/yum/pluginconf.d/fastestmirror.conf - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: fastestmirror # the fastestmirror plugin can actually slow down Ansible deployments diff --git a/roles/bootstrap-os/tasks/fedora-coreos.yml b/roles/bootstrap-os/tasks/fedora-coreos.yml index b8c0f3fe7..3062a5a88 100644 --- a/roles/bootstrap-os/tasks/fedora-coreos.yml +++ b/roles/bootstrap-os/tasks/fedora-coreos.yml @@ -28,7 +28,7 @@ raw: "nohup bash -c 'sleep 5s && shutdown -r now'" become: true ignore_errors: true # noqa ignore-errors - ignore_unreachable: yes + ignore_unreachable: true when: need_bootstrap.rc != 0 - name: Wait for the reboot to complete diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml index e62fbf496..c16fe1bec 100644 --- a/roles/bootstrap-os/tasks/main.yml +++ b/roles/bootstrap-os/tasks/main.yml @@ -22,7 +22,7 @@ - "{{ os_release_dict['ID'] }}.yml" paths: - vars/ - skip: True + skip: true - name: Include tasks include_tasks: "{{ included_tasks_file }}" with_first_found: diff --git a/roles/bootstrap-os/tasks/opensuse.yml b/roles/bootstrap-os/tasks/opensuse.yml index 9b69dcd89..5a4f9dead 100644 --- a/roles/bootstrap-os/tasks/opensuse.yml +++ b/roles/bootstrap-os/tasks/opensuse.yml @@ -8,9 +8,9 @@ - name: Check that /etc/sysconfig/proxy file exists stat: path: /etc/sysconfig/proxy - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: stat_result - name: Create the /etc/sysconfig/proxy empty file diff --git a/roles/bootstrap-os/tasks/redhat.yml b/roles/bootstrap-os/tasks/redhat.yml index 0aae5a0d6..76a39b2f5 100644 --- a/roles/bootstrap-os/tasks/redhat.yml +++ b/roles/bootstrap-os/tasks/redhat.yml @@ -87,9 +87,9 @@ - name: Check presence of fastestmirror.conf stat: path: /etc/yum/pluginconf.d/fastestmirror.conf - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: fastestmirror # the fastestmirror plugin can actually slow down Ansible deployments diff --git a/roles/bootstrap-os/vars/fedora-coreos.yml b/roles/bootstrap-os/vars/fedora-coreos.yml index e0bb069f9..37e4c46e8 100644 --- a/roles/bootstrap-os/vars/fedora-coreos.yml +++ b/roles/bootstrap-os/vars/fedora-coreos.yml @@ -1,2 +1,2 @@ --- -is_fedora_coreos: True +is_fedora_coreos: true diff --git a/roles/container-engine/containerd-common/tasks/main.yml b/roles/container-engine/containerd-common/tasks/main.yml index d0cf1f139..c5b896808 100644 --- a/roles/container-engine/containerd-common/tasks/main.yml +++ b/roles/container-engine/containerd-common/tasks/main.yml @@ -2,9 +2,9 @@ - name: Containerd-common | check if fedora coreos stat: path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: ostree - name: Containerd-common | set is_ostree diff --git a/roles/container-engine/containerd/handlers/main.yml b/roles/container-engine/containerd/handlers/main.yml index 4e7722f4f..6a024fd59 100644 --- a/roles/container-engine/containerd/handlers/main.yml +++ b/roles/container-engine/containerd/handlers/main.yml @@ -3,9 +3,9 @@ systemd_service: name: containerd state: restarted - enabled: yes - daemon-reload: yes - masked: no + enabled: true + daemon-reload: true + masked: false listen: Restart containerd - name: Containerd | wait for containerd diff --git a/roles/container-engine/containerd/molecule/default/prepare.yml b/roles/container-engine/containerd/molecule/default/prepare.yml index ddc9c0453..a3d09ad80 100644 --- a/roles/container-engine/containerd/molecule/default/prepare.yml +++ b/roles/container-engine/containerd/molecule/default/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: False + gather_facts: false become: true vars: ignore_assert_errors: true @@ -19,7 +19,7 @@ - name: Prepare CNI hosts: all - gather_facts: False + gather_facts: false become: true vars: ignore_assert_errors: true diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml index 073412cd0..8b8c12cbb 100644 --- a/roles/container-engine/containerd/tasks/main.yml +++ b/roles/container-engine/containerd/tasks/main.yml @@ -36,7 +36,7 @@ src: "{{ downloads.containerd.dest }}" dest: "{{ containerd_bin_dir }}" mode: "0755" - remote_src: yes + remote_src: true extra_opts: - --strip-components=1 notify: Restart containerd @@ -138,6 +138,6 @@ - name: Containerd | Ensure containerd is started and enabled systemd_service: name: containerd - daemon_reload: yes - enabled: yes + daemon_reload: true + enabled: true state: started diff --git a/roles/container-engine/cri-dockerd/handlers/main.yml b/roles/container-engine/cri-dockerd/handlers/main.yml index 00d00e7b2..f60f28fce 100644 --- a/roles/container-engine/cri-dockerd/handlers/main.yml +++ b/roles/container-engine/cri-dockerd/handlers/main.yml @@ -3,7 +3,7 @@ systemd_service: name: cri-dockerd daemon_reload: true - masked: no + masked: false listen: Restart and enable cri-dockerd - name: Cri-dockerd | restart docker.service @@ -27,5 +27,5 @@ - name: Cri-dockerd | enable cri-dockerd service service: name: cri-dockerd.service - enabled: yes + enabled: true listen: Restart and enable cri-dockerd diff --git a/roles/container-engine/cri-o/handlers/main.yml b/roles/container-engine/cri-o/handlers/main.yml index d173ce41b..0595e4f94 100644 --- a/roles/container-engine/cri-o/handlers/main.yml +++ b/roles/container-engine/cri-o/handlers/main.yml @@ -8,5 +8,5 @@ service: name: crio state: restarted - enabled: yes + enabled: true listen: Restart crio diff --git a/roles/container-engine/cri-o/molecule/default/prepare.yml b/roles/container-engine/cri-o/molecule/default/prepare.yml index c769d7cd2..55ad5174d 100644 --- a/roles/container-engine/cri-o/molecule/default/prepare.yml +++ b/roles/container-engine/cri-o/molecule/default/prepare.yml @@ -1,7 +1,7 @@ --- - name: Prepare hosts: all - gather_facts: False + gather_facts: false become: true vars: ignore_assert_errors: true @@ -19,7 +19,7 @@ - name: Prepare CNI hosts: all - gather_facts: False + gather_facts: false become: true vars: ignore_assert_errors: true diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml index a7b234563..bde2e0756 100644 --- a/roles/container-engine/cri-o/tasks/main.yaml +++ b/roles/container-engine/cri-o/tasks/main.yaml @@ -5,9 +5,9 @@ - name: Cri-o | check if fedora coreos stat: path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: ostree - name: Cri-o | set is_ostree diff --git a/roles/container-engine/cri-o/tasks/setup-amazon.yaml b/roles/container-engine/cri-o/tasks/setup-amazon.yaml index 2462c30fd..cef0112b2 100644 --- a/roles/container-engine/cri-o/tasks/setup-amazon.yaml +++ b/roles/container-engine/cri-o/tasks/setup-amazon.yaml @@ -8,7 +8,7 @@ lineinfile: dest: /etc/yum.repos.d/amzn2-extras.repo line: "[amzn2extra-docker]" - check_mode: yes + check_mode: true register: amzn2_extras_docker_repo when: - amzn2_extras_file_stat.stat.exists @@ -19,7 +19,7 @@ section: amzn2extra-docker option: enabled value: "0" - backup: yes + backup: true mode: "0644" when: - amzn2_extras_file_stat.stat.exists diff --git a/roles/container-engine/crictl/handlers/main.yml b/roles/container-engine/crictl/handlers/main.yml index 785823fc4..d6ffe169a 100644 --- a/roles/container-engine/crictl/handlers/main.yml +++ b/roles/container-engine/crictl/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Get crictl completion command: "{{ bin_dir }}/crictl completion" - changed_when: False + changed_when: false register: cri_completion check_mode: false diff --git a/roles/container-engine/docker-storage/tasks/main.yml b/roles/container-engine/docker-storage/tasks/main.yml index e3c713db2..d90dcb775 100644 --- a/roles/container-engine/docker-storage/tasks/main.yml +++ b/roles/container-engine/docker-storage/tasks/main.yml @@ -39,7 +39,7 @@ state: present - name: Docker-storage-setup | install and run container-storage-setup - become: yes + become: true script: | install_container_storage_setup.sh \ {{ docker_container_storage_setup_repository }} \ diff --git a/roles/container-engine/docker/handlers/main.yml b/roles/container-engine/docker/handlers/main.yml index 72e95e6bf..76d16f589 100644 --- a/roles/container-engine/docker/handlers/main.yml +++ b/roles/container-engine/docker/handlers/main.yml @@ -3,7 +3,7 @@ systemd_service: name: docker daemon_reload: true - masked: no + masked: false listen: Restart docker - name: Docker | reload docker.socket diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml index 55b3a0be6..e56fe4ca9 100644 --- a/roles/container-engine/docker/tasks/main.yml +++ b/roles/container-engine/docker/tasks/main.yml @@ -2,9 +2,9 @@ - name: Check if fedora coreos stat: path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: ostree - name: Set is_ostree @@ -66,7 +66,7 @@ path: /etc/apt/sources.list regexp: 'buster-backports' state: absent - backup: yes + backup: true when: - ansible_os_family == 'Debian' - ansible_distribution_release == "buster" @@ -183,7 +183,7 @@ - name: Ensure docker service is started and enabled service: name: "{{ item }}" - enabled: yes + enabled: true state: started with_items: - docker diff --git a/roles/container-engine/docker/tasks/set_facts_dns.yml b/roles/container-engine/docker/tasks/set_facts_dns.yml index d7c10392e..d0ccd745a 100644 --- a/roles/container-engine/docker/tasks/set_facts_dns.yml +++ b/roles/container-engine/docker/tasks/set_facts_dns.yml @@ -21,9 +21,9 @@ shell: set -o pipefail && grep "^nameserver" /etc/resolv.conf | sed -r 's/^nameserver\s*([^#\s]+)\s*(#.*)?/\1/' args: executable: /bin/bash - changed_when: False + changed_when: false register: system_nameservers - check_mode: no + check_mode: false - name: Check system search domains # noqa risky-shell-pipe - if resolf.conf has no search domain, grep will exit 1 which would force us to add failed_when: false @@ -31,9 +31,9 @@ shell: grep "^search" /etc/resolv.conf | sed -r 's/^search\s*([^#]+)\s*(#.*)?/\1/' args: executable: /bin/bash - changed_when: False + changed_when: false register: system_search_domains - check_mode: no + check_mode: false - name: Add system nameservers to docker options set_fact: diff --git a/roles/container-engine/gvisor/tasks/main.yml b/roles/container-engine/gvisor/tasks/main.yml index 13b19a2f6..4bab9a996 100644 --- a/roles/container-engine/gvisor/tasks/main.yml +++ b/roles/container-engine/gvisor/tasks/main.yml @@ -14,7 +14,7 @@ src: "{{ item.src }}" dest: "{{ bin_dir }}/{{ item.dest }}" mode: "0755" - remote_src: yes + remote_src: true with_items: - { src: "{{ downloads.gvisor_runsc.dest }}", dest: "runsc" } - { src: "{{ downloads.gvisor_containerd_shim.dest }}", dest: "containerd-shim-runsc-v1" } diff --git a/roles/container-engine/kata-containers/tasks/main.yml b/roles/container-engine/kata-containers/tasks/main.yml index 38778987d..5014c214a 100644 --- a/roles/container-engine/kata-containers/tasks/main.yml +++ b/roles/container-engine/kata-containers/tasks/main.yml @@ -11,7 +11,7 @@ mode: "0755" owner: root group: root - remote_src: yes + remote_src: true - name: Kata-containers | Create config directory file: diff --git a/roles/container-engine/nerdctl/handlers/main.yml b/roles/container-engine/nerdctl/handlers/main.yml index 98de60c1c..174470607 100644 --- a/roles/container-engine/nerdctl/handlers/main.yml +++ b/roles/container-engine/nerdctl/handlers/main.yml @@ -1,7 +1,7 @@ --- - name: Get nerdctl completion command: "{{ bin_dir }}/nerdctl completion bash" - changed_when: False + changed_when: false register: nerdctl_completion check_mode: false diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml index 3ee3fdae0..1d388768d 100644 --- a/roles/container-engine/runc/tasks/main.yml +++ b/roles/container-engine/runc/tasks/main.yml @@ -2,9 +2,9 @@ - name: Runc | check if fedora coreos stat: path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: ostree - name: Runc | set is_ostree diff --git a/roles/container-engine/skopeo/tasks/main.yml b/roles/container-engine/skopeo/tasks/main.yml index 95bb9697f..8f21e3f1c 100644 --- a/roles/container-engine/skopeo/tasks/main.yml +++ b/roles/container-engine/skopeo/tasks/main.yml @@ -2,9 +2,9 @@ - name: Skopeo | check if fedora coreos stat: path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: ostree - name: Skopeo | set is_ostree diff --git a/roles/container-engine/validate-container-engine/tasks/main.yml b/roles/container-engine/validate-container-engine/tasks/main.yml index 08ea1e5ca..ffb541c24 100644 --- a/roles/container-engine/validate-container-engine/tasks/main.yml +++ b/roles/container-engine/validate-container-engine/tasks/main.yml @@ -2,9 +2,9 @@ - name: Validate-container-engine | check if fedora coreos stat: path: /run/ostree-booted - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: ostree tags: - facts @@ -30,8 +30,8 @@ - name: Check if containerd is installed find: file_type: file - recurse: yes - use_regex: yes + recurse: true + use_regex: true patterns: - containerd.service$ paths: @@ -45,8 +45,8 @@ - name: Check if docker is installed find: file_type: file - recurse: yes - use_regex: yes + recurse: true + use_regex: true patterns: - docker.service$ paths: @@ -60,8 +60,8 @@ - name: Check if crio is installed find: file_type: file - recurse: yes - use_regex: yes + recurse: true + use_regex: true patterns: - crio.service$ paths: diff --git a/roles/download/tasks/check_pull_required.yml b/roles/download/tasks/check_pull_required.yml index e5ae1dcf3..585013125 100644 --- a/roles/download/tasks/check_pull_required.yml +++ b/roles/download/tasks/check_pull_required.yml @@ -5,7 +5,7 @@ shell: "{{ image_info_command }}" register: docker_images changed_when: false - check_mode: no + check_mode: false when: not download_always_pull - name: Check_pull_required | Set pull_required if the desired image is not yet loaded diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml index f98adfa3f..5e67fe8c5 100644 --- a/roles/download/tasks/download_container.yml +++ b/roles/download/tasks/download_container.yml @@ -26,12 +26,12 @@ - name: Download_container | Determine if image is in cache stat: path: "{{ image_path_cached }}" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false delegate_to: localhost connection: local - delegate_facts: no + delegate_facts: false register: cache_image changed_when: false become: false @@ -57,7 +57,7 @@ - name: Download_container | Download image if required command: "{{ image_pull_command_on_localhost if download_localhost else image_pull_command }} {{ image_reponame }}" delegate_to: "{{ download_delegate if download_run_once else inventory_hostname }}" - delegate_facts: yes + delegate_facts: true run_once: "{{ download_run_once }}" register: pull_task_result until: pull_task_result is succeeded @@ -72,7 +72,7 @@ - name: Download_container | Save and compress image shell: "{{ image_save_command_on_localhost if download_localhost else image_save_command }}" # noqa command-instead-of-shell - image_save_command_on_localhost contains a pipe, therefore requires shell delegate_to: "{{ download_delegate }}" - delegate_facts: no + delegate_facts: false register: container_save_status failed_when: container_save_status.stderr run_once: true @@ -99,7 +99,7 @@ dest: "{{ image_path_final }}" use_ssh_args: true mode: push - delegate_facts: no + delegate_facts: false register: upload_image failed_when: not upload_image until: upload_image is succeeded diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml index 00dd33a28..53a7a8197 100644 --- a/roles/download/tasks/download_file.yml +++ b/roles/download/tasks/download_file.yml @@ -24,13 +24,13 @@ owner: "{{ download.owner | default(omit) }}" mode: "0755" state: directory - recurse: yes + recurse: true - name: Download_file | Create local cache directory file: path: "{{ file_path_cached | dirname }}" state: directory - recurse: yes + recurse: true delegate_to: localhost connection: local delegate_facts: false @@ -45,7 +45,7 @@ file: path: "{{ file_path_cached | dirname }}" state: directory - recurse: yes + recurse: true delegate_to: "{{ download_delegate }}" delegate_facts: false run_once: true diff --git a/roles/download/tasks/extract_file.yml b/roles/download/tasks/extract_file.yml index 59d0531f6..ce7536f4f 100644 --- a/roles/download/tasks/extract_file.yml +++ b/roles/download/tasks/extract_file.yml @@ -5,7 +5,7 @@ dest: "{{ download.dest | dirname }}" owner: "{{ download.owner | default(omit) }}" mode: "{{ download.mode | default(omit) }}" - copy: no + copy: false extra_opts: "{{ download.unarchive_extra_opts | default(omit) }}" when: - download.unarchive | default(false) diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index a8a79d711..15f3a91da 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -62,7 +62,7 @@ register: docker_images failed_when: false changed_when: false - check_mode: no + check_mode: false when: download_container - name: Prep_download | Create staging directory on remote node @@ -81,7 +81,7 @@ mode: "0755" delegate_to: localhost connection: local - delegate_facts: no + delegate_facts: false run_once: true become: false when: diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml index 9c05a3ad0..84e03accd 100644 --- a/roles/etcd/handlers/backup.yml +++ b/roles/etcd/handlers/backup.yml @@ -23,9 +23,9 @@ - name: Stat etcd v2 data directory stat: path: "{{ etcd_data_dir }}/member" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: etcd_data_dir_member listen: Restart etcd when: etcd_cluster_is_healthy.rc == 0 diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml index 62a899945..9c8b8a82f 100644 --- a/roles/etcd/handlers/main.yml +++ b/roles/etcd/handlers/main.yml @@ -26,7 +26,7 @@ - name: Wait for etcd up uri: url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health" - validate_certs: no + validate_certs: false client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem" client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem" register: result @@ -41,7 +41,7 @@ - name: Wait for etcd-events up uri: url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2383/health" - validate_certs: no + validate_certs: false client_cert: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem" client_key: "{{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem" register: result diff --git a/roles/etcd/tasks/check_certs.yml b/roles/etcd/tasks/check_certs.yml index 1611f9ec1..440685aa7 100644 --- a/roles/etcd/tasks/check_certs.yml +++ b/roles/etcd/tasks/check_certs.yml @@ -17,9 +17,9 @@ - name: "Check certs | Register ca and etcd admin/member certs on etcd hosts" stat: path: "{{ etcd_cert_dir }}/{{ item }}" - get_attributes: no - get_checksum: yes - get_mime: no + get_attributes: false + get_checksum: true + get_mime: false register: etcd_member_certs when: inventory_hostname in groups['etcd'] with_items: diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 4cf5387a0..b7b943f0d 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -6,8 +6,8 @@ register: etcd_cluster_is_healthy failed_when: false changed_when: false - check_mode: no - run_once: yes + check_mode: false + run_once: true when: - is_etcd_master - etcd_cluster_setup @@ -27,8 +27,8 @@ register: etcd_events_cluster_is_healthy failed_when: false changed_when: false - check_mode: no - run_once: yes + check_mode: false + run_once: true when: - is_etcd_master - etcd_events_cluster_setup @@ -49,7 +49,7 @@ template: src: "etcd-{{ etcd_deployment_type }}.service.j2" dest: /etc/systemd/system/etcd.service - backup: yes + backup: true mode: "0644" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) # Remove once we drop support for systemd < 250 @@ -60,7 +60,7 @@ template: src: "etcd-events-{{ etcd_deployment_type }}.service.j2" dest: /etc/systemd/system/etcd-events.service - backup: yes + backup: true mode: "0644" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) @@ -77,7 +77,7 @@ service: name: etcd state: started - enabled: yes + enabled: true ignore_errors: "{{ etcd_cluster_is_healthy.rc == 0 }}" # noqa ignore-errors when: is_etcd_master and etcd_cluster_setup @@ -86,7 +86,7 @@ service: name: etcd-events state: started - enabled: yes + enabled: true ignore_errors: "{{ etcd_events_cluster_is_healthy.rc != 0 }}" # noqa ignore-errors when: is_etcd_master and etcd_events_cluster_setup @@ -99,8 +99,8 @@ retries: "{{ etcd_retries }}" delay: "{{ retry_stagger | random + 3 }}" changed_when: false - check_mode: no - run_once: yes + check_mode: false + run_once: true when: - is_etcd_master - etcd_cluster_setup @@ -122,8 +122,8 @@ retries: "{{ etcd_retries }}" delay: "{{ retry_stagger | random + 3 }}" changed_when: false - check_mode: no - run_once: yes + check_mode: false + run_once: true when: - is_etcd_master - etcd_events_cluster_setup @@ -141,7 +141,7 @@ register: etcd_member_in_cluster ignore_errors: true # noqa ignore-errors changed_when: false - check_mode: no + check_mode: false when: is_etcd_master and etcd_cluster_setup tags: - facts @@ -157,7 +157,7 @@ register: etcd_events_member_in_cluster ignore_errors: true # noqa ignore-errors changed_when: false - check_mode: no + check_mode: false when: is_etcd_master and etcd_events_cluster_setup tags: - facts diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml index 711c14d64..934b5eb37 100644 --- a/roles/etcd/tasks/gen_certs_script.yml +++ b/roles/etcd/tasks/gen_certs_script.yml @@ -6,7 +6,7 @@ state: directory owner: "{{ etcd_owner }}" mode: "{{ etcd_cert_dir_mode }}" - recurse: yes + recurse: true - name: "Gen_certs | create etcd script dir (on {{ groups['etcd'][0] }})" file: @@ -14,7 +14,7 @@ state: directory owner: root mode: "0700" - run_once: yes + run_once: true when: inventory_hostname == groups['etcd'][0] - name: Gen_certs | write openssl config @@ -22,7 +22,7 @@ src: "openssl.conf.j2" dest: "{{ etcd_config_dir }}/openssl.conf" mode: "0640" - run_once: yes + run_once: true delegate_to: "{{ groups['etcd'][0] }}" when: - gen_certs | default(false) @@ -33,7 +33,7 @@ src: "make-ssl-etcd.sh.j2" dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh" mode: "0700" - run_once: yes + run_once: true when: - gen_certs | default(false) - inventory_hostname == groups['etcd'][0] @@ -43,7 +43,7 @@ environment: MASTERS: "{{ groups['gen_master_certs_True'] | ansible.builtin.intersect(groups['etcd']) | join(' ') }}" HOSTS: "{{ groups['gen_node_certs_True'] | ansible.builtin.intersect(groups['kube_control_plane']) | join(' ') }}" - run_once: yes + run_once: true delegate_to: "{{ groups['etcd'][0] }}" when: gen_certs | default(false) notify: Set etcd_secret_changed @@ -52,7 +52,7 @@ command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}" environment: HOSTS: "{{ groups['gen_node_certs_True'] | ansible.builtin.intersect(groups['k8s_cluster']) | join(' ') }}" - run_once: yes + run_once: true delegate_to: "{{ groups['etcd'][0] }}" when: - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool @@ -153,4 +153,4 @@ state: directory owner: "{{ etcd_owner }}" mode: "{{ etcd_cert_dir_mode }}" - recurse: yes + recurse: true diff --git a/roles/etcd/tasks/gen_nodes_certs_script.yml b/roles/etcd/tasks/gen_nodes_certs_script.yml index 2093bf880..e074d0c01 100644 --- a/roles/etcd/tasks/gen_nodes_certs_script.yml +++ b/roles/etcd/tasks/gen_nodes_certs_script.yml @@ -21,7 +21,7 @@ executable: /bin/bash no_log: "{{ not (unsafe_show_logs | bool) }}" register: etcd_node_certs - check_mode: no + check_mode: false delegate_to: "{{ groups['etcd'][0] }}" changed_when: false diff --git a/roles/etcd/tasks/install_docker.yml b/roles/etcd/tasks/install_docker.yml index a7aba5094..f393bd4eb 100644 --- a/roles/etcd/tasks/install_docker.yml +++ b/roles/etcd/tasks/install_docker.yml @@ -29,7 +29,7 @@ dest: "{{ bin_dir }}/etcd" owner: 'root' mode: "0750" - backup: yes + backup: true when: etcd_cluster_setup - name: Install etcd-events launch script @@ -38,5 +38,5 @@ dest: "{{ bin_dir }}/etcd-events" owner: 'root' mode: "0750" - backup: yes + backup: true when: etcd_events_cluster_setup diff --git a/roles/etcd/tasks/install_host.yml b/roles/etcd/tasks/install_host.yml index 7bfc7e2ab..eb67952ea 100644 --- a/roles/etcd/tasks/install_host.yml +++ b/roles/etcd/tasks/install_host.yml @@ -25,7 +25,7 @@ src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" mode: "0755" - remote_src: yes + remote_src: true with_items: - etcd when: etcd_cluster_setup diff --git a/roles/etcd/tasks/join_etcd-events_member.yml b/roles/etcd/tasks/join_etcd-events_member.yml index 0fad331e3..106f06e03 100644 --- a/roles/etcd/tasks/join_etcd-events_member.yml +++ b/roles/etcd/tasks/join_etcd-events_member.yml @@ -32,7 +32,7 @@ executable: /bin/bash register: etcd_events_member_in_cluster changed_when: false - check_mode: no + check_mode: false tags: - facts environment: @@ -46,4 +46,4 @@ service: name: etcd-events state: started - enabled: yes + enabled: true diff --git a/roles/etcd/tasks/join_etcd_member.yml b/roles/etcd/tasks/join_etcd_member.yml index ee77d4b26..a2e37714d 100644 --- a/roles/etcd/tasks/join_etcd_member.yml +++ b/roles/etcd/tasks/join_etcd_member.yml @@ -33,7 +33,7 @@ executable: /bin/bash register: etcd_member_in_cluster changed_when: false - check_mode: no + check_mode: false retries: "{{ etcd_retries }}" delay: "{{ retry_stagger | random + 3 }}" until: etcd_member_in_cluster.rc == 0 @@ -50,4 +50,4 @@ service: name: etcd state: started - enabled: yes + enabled: true diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 40ca3de5f..74d5f16d3 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -33,7 +33,7 @@ command: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial" register: "etcd_client_cert_serial_result" changed_when: false - check_mode: no + check_mode: false when: - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool - kube_network_plugin != "calico" or calico_datastore == "etcd" diff --git a/roles/etcdctl_etcdutl/tasks/main.yml b/roles/etcdctl_etcdutl/tasks/main.yml index b9e6832f5..053e14295 100644 --- a/roles/etcdctl_etcdutl/tasks/main.yml +++ b/roles/etcdctl_etcdutl/tasks/main.yml @@ -24,7 +24,7 @@ unarchive: src: "{{ downloads.etcd.dest }}" dest: "{{ local_release_dir }}/" - remote_src: yes + remote_src: true when: container_manager in ['crio', 'containerd'] - name: Copy etcdctl and etcdutl binary from download dir @@ -32,7 +32,7 @@ src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}" dest: "{{ bin_dir }}/{{ item }}" mode: "0755" - remote_src: yes + remote_src: true with_items: - etcdctl - etcdutl diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index e3d82f106..18deee805 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -2,7 +2,7 @@ - name: Kubernetes Apps | Wait for kube-apiserver uri: url: "{{ kube_apiserver_endpoint }}/healthz" - validate_certs: no + validate_certs: false client_cert: "{{ kube_apiserver_client_cert }}" client_key: "{{ kube_apiserver_client_key }}" register: result diff --git a/roles/kubernetes-apps/argocd/tasks/main.yml b/roles/kubernetes-apps/argocd/tasks/main.yml index 3cfe06fc7..05c63337b 100644 --- a/roles/kubernetes-apps/argocd/tasks/main.yml +++ b/roles/kubernetes-apps/argocd/tasks/main.yml @@ -8,10 +8,10 @@ ansible.posix.synchronize: src: "{{ downloads.yq.dest }}" dest: "{{ bin_dir }}/yq" - compress: no - perms: yes - owner: no - group: no + compress: false + perms: true + owner: false + group: false delegate_to: "{{ inventory_hostname }}" - name: Kubernetes Apps | Set ArgoCD template list @@ -49,17 +49,17 @@ ansible.posix.synchronize: src: "{{ local_release_dir }}/{{ item.file }}" dest: "{{ kube_config_dir }}/{{ item.file }}" - compress: no - perms: yes - owner: no - group: no + compress: false + perms: true + owner: false + group: false delegate_to: "{{ inventory_hostname }}" with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" when: - "inventory_hostname == groups['kube_control_plane'][0]" - name: Kubernetes Apps | Set ArgoCD namespace for remote manifests - become: yes + become: true command: | {{ bin_dir }}/yq eval-all -i '.metadata.namespace="{{ argocd_namespace }}"' {{ kube_config_dir }}/{{ item.file }} with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}" @@ -69,7 +69,7 @@ - "inventory_hostname == groups['kube_control_plane'][0]" - name: Kubernetes Apps | Create ArgoCD manifests from templates - become: yes + become: true template: src: "{{ item.file }}.j2" dest: "{{ kube_config_dir }}/{{ item.file }}" @@ -81,7 +81,7 @@ - "inventory_hostname == groups['kube_control_plane'][0]" - name: Kubernetes Apps | Install ArgoCD - become: yes + become: true kube: name: ArgoCD kubectl: "{{ bin_dir }}/kubectl" @@ -93,7 +93,7 @@ # https://github.com/argoproj/argo-cd/blob/master/docs/faq.md#i-forgot-the-admin-password-how-do-i-reset-it - name: Kubernetes Apps | Set ArgoCD custom admin password - become: yes + become: true shell: | {{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf -n {{ argocd_namespace }} patch secret argocd-secret -p \ '{ diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml index 8d7230e0a..ef4737eac 100644 --- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml +++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml @@ -2,7 +2,7 @@ - name: Kubernetes Apps | Wait for kube-apiserver uri: url: "{{ kube_apiserver_endpoint }}/healthz" - validate_certs: no + validate_certs: false client_cert: "{{ kube_apiserver_client_cert }}" client_key: "{{ kube_apiserver_client_key }}" register: result diff --git a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml index 0d4144141..325e3cb7d 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml @@ -21,7 +21,7 @@ vsphere_csi_controller_replicas: 1 csi_endpoint: '{% if external_vsphere_version >= "7.0u1" %}/csi{% else %}/var/lib/csi/sockets/pluginproxy{% endif %}' -vsphere_csi_aggressive_node_drain: False +vsphere_csi_aggressive_node_drain: false vsphere_csi_aggressive_node_unreachable_timeout: 300 vsphere_csi_aggressive_node_not_ready_timeout: 300 diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml index 61596aefb..5951381a2 100644 --- a/roles/kubernetes-apps/helm/tasks/main.yml +++ b/roles/kubernetes-apps/helm/tasks/main.yml @@ -37,13 +37,13 @@ - name: Helm | Get helm completion command: "{{ bin_dir }}/helm completion bash" - changed_when: False + changed_when: false register: helm_completion - check_mode: False + check_mode: false - name: Helm | Install helm completion copy: dest: /etc/bash_completion.d/helm.sh content: "{{ helm_completion.stdout }}" mode: "0755" - become: True + become: true diff --git a/roles/kubernetes-apps/helm/tasks/pyyaml-flatcar.yml b/roles/kubernetes-apps/helm/tasks/pyyaml-flatcar.yml index ea0d63a08..72f0e2182 100644 --- a/roles/kubernetes-apps/helm/tasks/pyyaml-flatcar.yml +++ b/roles/kubernetes-apps/helm/tasks/pyyaml-flatcar.yml @@ -2,13 +2,13 @@ - name: Get installed pip version command: "{{ ansible_python_interpreter if ansible_python_interpreter is defined else 'python' }} -m pip --version" register: pip_version_output - ignore_errors: yes + ignore_errors: true changed_when: false - name: Get installed PyYAML version command: "{{ ansible_python_interpreter if ansible_python_interpreter is defined else 'python' }} -m pip show PyYAML" register: pyyaml_version_output - ignore_errors: yes + ignore_errors: true changed_when: false - name: Install pip diff --git a/roles/kubernetes-apps/krew/tasks/krew.yml b/roles/kubernetes-apps/krew/tasks/krew.yml index e46dbb48d..3308aef85 100644 --- a/roles/kubernetes-apps/krew/tasks/krew.yml +++ b/roles/kubernetes-apps/krew/tasks/krew.yml @@ -24,15 +24,15 @@ - name: Krew | Get krew completion command: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} completion bash" - changed_when: False + changed_when: false register: krew_completion - check_mode: False - ignore_errors: yes # noqa ignore-errors + check_mode: false + ignore_errors: true # noqa ignore-errors - name: Krew | Install krew completion copy: dest: /etc/bash_completion.d/krew.sh content: "{{ krew_completion.stdout }}" mode: "0755" - become: True + become: true when: krew_completion.rc == 0 diff --git a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml index bc0f932d8..587b652a5 100644 --- a/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/weave/tasks/main.yml @@ -13,7 +13,7 @@ - name: Weave | Wait for Weave to become available uri: url: http://127.0.0.1:6784/status - return_content: yes + return_content: true register: weave_status retries: 180 delay: 5 diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index cc7887750..920205198 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -30,9 +30,9 @@ copy: src: "{{ kube_config_dir }}/admin.conf" dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config" - remote_src: yes + remote_src: true mode: "0600" - backup: yes + backup: true - name: Create kube artifacts dir file: @@ -41,8 +41,8 @@ state: directory delegate_to: localhost connection: local - become: no - run_once: yes + become: false + run_once: true when: kubeconfig_localhost - name: Wait for k8s apiserver @@ -54,7 +54,7 @@ - name: Get admin kubeconfig from remote host slurp: src: "{{ kube_config_dir }}/admin.conf" - run_once: yes + run_once: true register: raw_admin_kubeconfig when: kubeconfig_localhost @@ -83,21 +83,21 @@ mode: "0600" delegate_to: localhost connection: local - become: no - run_once: yes + become: false + run_once: true when: kubeconfig_localhost - name: Copy kubectl binary to ansible host fetch: src: "{{ bin_dir }}/kubectl" dest: "{{ artifacts_dir }}/kubectl" - flat: yes - validate_checksum: no + flat: true + validate_checksum: false register: copy_binary_result until: copy_binary_result is not failed retries: 20 - become: no - run_once: yes + become: false + run_once: true when: kubectl_localhost - name: Create helper script kubectl.sh on ansible host @@ -107,8 +107,8 @@ ${BASH_SOURCE%/*}/kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf "$@" dest: "{{ artifacts_dir }}/kubectl.sh" mode: "0755" - become: no - run_once: yes + become: false + run_once: true delegate_to: localhost connection: local when: kubectl_localhost and kubeconfig_localhost diff --git a/roles/kubernetes/control-plane/handlers/main.yml b/roles/kubernetes/control-plane/handlers/main.yml index be5fdffb1..3d7f3e074 100644 --- a/roles/kubernetes/control-plane/handlers/main.yml +++ b/roles/kubernetes/control-plane/handlers/main.yml @@ -81,7 +81,7 @@ endpoint: "{{ kube_scheduler_bind_address if kube_scheduler_bind_address != '0.0.0.0' else 'localhost' }}" uri: url: https://{{ endpoint }}:10259/healthz - validate_certs: no + validate_certs: false register: scheduler_result until: scheduler_result.status == 200 retries: 60 @@ -95,7 +95,7 @@ endpoint: "{{ kube_controller_manager_bind_address if kube_controller_manager_bind_address != '0.0.0.0' else 'localhost' }}" uri: url: https://{{ endpoint }}:10257/healthz - validate_certs: no + validate_certs: false register: controller_manager_result until: controller_manager_result.status == 200 retries: 60 @@ -107,7 +107,7 @@ - name: Master | wait for the apiserver to be running uri: url: "{{ kube_apiserver_endpoint }}/healthz" - validate_certs: no + validate_certs: false register: result until: result.status == 200 retries: 60 diff --git a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml b/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml index ce5894d11..5faa18485 100644 --- a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml +++ b/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml @@ -3,7 +3,7 @@ - name: Check which kube-control nodes are already members of the cluster command: "{{ bin_dir }}/kubectl get nodes --selector=node-role.kubernetes.io/control-plane -o json" register: kube_control_planes_raw - ignore_errors: yes + ignore_errors: true changed_when: false - name: Set fact joined_control_planes @@ -12,7 +12,7 @@ delegate_to: "{{ item }}" loop: "{{ groups['kube_control_plane'] }}" when: kube_control_planes_raw is succeeded - run_once: yes + run_once: true - name: Set fact first_kube_control_plane set_fact: diff --git a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml index 9b998c52b..2950c76e2 100644 --- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml +++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml @@ -2,9 +2,9 @@ - name: Check if secret for encrypting data at rest already exist stat: path: "{{ kube_cert_dir }}/secrets_encryption.yaml" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: secrets_encryption_file - name: Slurp secrets_encryption file if it exists diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-backup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-backup.yml index 36bb62798..918f7cf47 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-backup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-backup.yml @@ -4,7 +4,7 @@ src: "{{ kube_cert_dir }}/{{ item }}" dest: "{{ kube_cert_dir }}/{{ item }}.old" mode: preserve - remote_src: yes + remote_src: true with_items: - apiserver.crt - apiserver.key @@ -19,7 +19,7 @@ src: "{{ kube_config_dir }}/{{ item }}" dest: "{{ kube_config_dir }}/{{ item }}.old" mode: preserve - remote_src: yes + remote_src: true with_items: - admin.conf - controller-manager.conf diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml index 5376aba81..e47f571d3 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml @@ -5,7 +5,7 @@ dest: "{{ kube_config_dir }}/{{ item }}" regexp: '^ server: https' line: ' server: {{ kube_apiserver_endpoint }}' - backup: yes + backup: true with_items: - admin.conf - controller-manager.conf diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml index 128e93f36..413d4946c 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml @@ -25,7 +25,7 @@ - name: Parse certificate key if not set set_fact: kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}" - run_once: yes + run_once: true when: - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is defined - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is not skipped @@ -35,7 +35,7 @@ src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" mode: "0640" - backup: yes + backup: true when: - inventory_hostname != first_kube_control_plane - not kubeadm_already_run.stat.exists diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml index dfbe604a4..52700af2e 100644 --- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml @@ -13,9 +13,9 @@ - name: Kubeadm | Check if kubeadm has already run stat: path: "/var/lib/kubelet/config.yaml" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kubeadm_already_run - name: Kubeadm | Backup kubeadm certs / kubeconfig diff --git a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml index 7d0c1a0d5..409ecb043 100644 --- a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml +++ b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml @@ -4,7 +4,7 @@ path: "{{ kube_config_dir }}/kubelet.conf" regexp: '^ client-certificate-data: ' line: ' client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem' - backup: yes + backup: true notify: - "Master | reload kubelet" @@ -13,6 +13,6 @@ path: "{{ kube_config_dir }}/kubelet.conf" regexp: '^ client-key-data: ' line: ' client-key: /var/lib/kubelet/pki/kubelet-client-current.pem' - backup: yes + backup: true notify: - "Master | reload kubelet" diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index 5d58014e8..518bac961 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -120,7 +120,7 @@ - name: Renew K8S control plane certificates monthly 2/2 systemd_service: name: k8s-certs-renew.timer - enabled: yes + enabled: true state: started daemon_reload: "{{ k8s_certs_units is changed }}" when: auto_renew_certificates diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 2b5778726..ad6ac36be 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -14,17 +14,17 @@ - name: Check if kubelet.conf exists stat: path: "{{ kube_config_dir }}/kubelet.conf" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kubelet_conf - name: Check if kubeadm CA cert is accessible stat: path: "{{ kube_cert_dir }}/ca.crt" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kubeadm_ca_stat delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true @@ -79,7 +79,7 @@ template: src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2" dest: "{{ kube_config_dir }}/kubeadm-client.conf" - backup: yes + backup: true mode: "0640" when: not is_kube_master @@ -140,7 +140,7 @@ dest: "{{ kube_config_dir }}/kubelet.conf" regexp: 'server:' line: ' server: {{ kube_apiserver_endpoint }}' - backup: yes + backup: true when: - kubeadm_config_api_fqdn is not defined - not is_kube_master @@ -152,7 +152,7 @@ dest: "{{ kube_config_dir }}/kubelet.conf" regexp: '^ server: https' line: ' server: {{ kube_apiserver_endpoint }}' - backup: yes + backup: true when: - not is_kube_master - loadbalancer_apiserver is defined diff --git a/roles/kubernetes/node-label/tasks/main.yml b/roles/kubernetes/node-label/tasks/main.yml index 00e87504c..3ebb64594 100644 --- a/roles/kubernetes/node-label/tasks/main.yml +++ b/roles/kubernetes/node-label/tasks/main.yml @@ -2,7 +2,7 @@ - name: Kubernetes Apps | Wait for kube-apiserver uri: url: "{{ kube_apiserver_endpoint }}/healthz" - validate_certs: no + validate_certs: false client_cert: "{{ kube_apiserver_client_cert }}" client_key: "{{ kube_apiserver_client_key }}" register: result diff --git a/roles/kubernetes/node/tasks/facts.yml b/roles/kubernetes/node/tasks/facts.yml index 0aaa11d60..6e8995274 100644 --- a/roles/kubernetes/node/tasks/facts.yml +++ b/roles/kubernetes/node/tasks/facts.yml @@ -8,7 +8,7 @@ executable: /bin/bash register: docker_cgroup_driver_result changed_when: false - check_mode: no + check_mode: false - name: Set kubelet_cgroup_driver_detected fact for docker set_fact: diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml index b63aefe1f..1f27bd072 100644 --- a/roles/kubernetes/node/tasks/kubelet.yml +++ b/roles/kubernetes/node/tasks/kubelet.yml @@ -11,7 +11,7 @@ src: "kubelet.env.{{ kubeletConfig_api_version }}.j2" dest: "{{ kube_config_dir }}/kubelet.env" setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}" - backup: yes + backup: true mode: "0600" notify: Node | restart kubelet tags: @@ -32,7 +32,7 @@ template: src: "kubelet.service.j2" dest: "/etc/systemd/system/kubelet.service" - backup: "yes" + backup: true mode: "0600" validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:kubelet.service'" # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release) @@ -48,7 +48,7 @@ - name: Enable kubelet service: name: kubelet - enabled: yes + enabled: true state: started tags: - kubelet diff --git a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml index 2d3454e5a..b4c58126e 100644 --- a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml +++ b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml @@ -17,14 +17,14 @@ dest: "{{ haproxy_config_dir }}/haproxy.cfg" owner: root mode: "0755" - backup: yes + backup: true - name: Haproxy | Get checksum from config stat: path: "{{ haproxy_config_dir }}/haproxy.cfg" - get_attributes: no - get_checksum: yes - get_mime: no + get_attributes: false + get_checksum: true + get_mime: false register: haproxy_stat - name: Haproxy | Write static pod diff --git a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml index b210cfe16..b52261a62 100644 --- a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml +++ b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml @@ -16,9 +16,9 @@ - name: Kube-vip | Check if kubeadm has already run stat: path: "/var/lib/kubelet/config.yaml" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kubeadm_already_run - name: Kube-vip | Set admin.conf diff --git a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml index aeeacc80d..66ebe55e0 100644 --- a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml +++ b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml @@ -17,14 +17,14 @@ dest: "{{ nginx_config_dir }}/nginx.conf" owner: root mode: "0755" - backup: yes + backup: true - name: Nginx-proxy | Get checksum from config stat: path: "{{ nginx_config_dir }}/nginx.conf" - get_attributes: no - get_checksum: yes - get_mime: no + get_attributes: false + get_checksum: true + get_mime: false register: nginx_stat - name: Nginx-proxy | Write static pod diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 7dc211405..56117bc3a 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -51,10 +51,10 @@ ansible.posix.sysctl: name: net.ipv4.ip_local_reserved_ports value: "{{ kube_apiserver_node_port_range }}" - sysctl_set: yes + sysctl_set: true sysctl_file: "{{ sysctl_file_path }}" state: present - reload: yes + reload: true when: kube_apiserver_node_port_range is defined tags: - kube-proxy @@ -66,7 +66,7 @@ register: modinfo_br_netfilter failed_when: modinfo_br_netfilter.rc not in [0, 1] changed_when: false - check_mode: no + check_mode: false # TODO: Remove once upstream issue is fixed # https://github.com/ansible-collections/community.general/issues/7717 @@ -97,7 +97,7 @@ command: "sysctl net.bridge.bridge-nf-call-iptables" failed_when: false changed_when: false - check_mode: no + check_mode: false register: sysctl_bridge_nf_call_iptables - name: Enable bridge-nf-call tables @@ -106,7 +106,7 @@ state: present sysctl_file: "{{ sysctl_file_path }}" value: "1" - reload: yes + reload: true when: sysctl_bridge_nf_call_iptables.rc == 0 with_items: - net.bridge.bridge-nf-call-iptables diff --git a/roles/kubernetes/node/tasks/pre_upgrade.yml b/roles/kubernetes/node/tasks/pre_upgrade.yml index d9c2d07ef..e4bbf6b74 100644 --- a/roles/kubernetes/node/tasks/pre_upgrade.yml +++ b/roles/kubernetes/node/tasks/pre_upgrade.yml @@ -11,7 +11,7 @@ executable: /bin/bash failed_when: false changed_when: false - check_mode: no + check_mode: false register: kubelet_container_check - name: "Pre-upgrade | copy /var/lib/cni from kubelet" diff --git a/roles/kubernetes/preinstall/handlers/main.yml b/roles/kubernetes/preinstall/handlers/main.yml index 35140ab42..cc69fe42c 100644 --- a/roles/kubernetes/preinstall/handlers/main.yml +++ b/roles/kubernetes/preinstall/handlers/main.yml @@ -31,9 +31,9 @@ - name: Preinstall | kube-apiserver configured stat: path: "{{ kube_manifest_dir }}/kube-apiserver.yaml" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kube_apiserver_set when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' listen: Preinstall | propagate resolvconf to k8s components @@ -42,9 +42,9 @@ - name: Preinstall | kube-controller configured stat: path: "{{ kube_manifest_dir }}/kube-controller-manager.yaml" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kube_controller_set when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf' listen: Preinstall | propagate resolvconf to k8s components @@ -109,7 +109,7 @@ - name: Preinstall | wait for the apiserver to be running uri: url: "{{ kube_apiserver_endpoint }}/healthz" - validate_certs: no + validate_certs: false register: result until: result.status == 200 retries: 60 diff --git a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml index 45474c844..76d95d11d 100644 --- a/roles/kubernetes/preinstall/tasks/0010-swapoff.yml +++ b/roles/kubernetes/preinstall/tasks/0010-swapoff.yml @@ -2,9 +2,9 @@ - name: Check if /etc/fstab exists stat: path: "/etc/fstab" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: fstab_file - name: Remove swapfile from /etc/fstab diff --git a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml index 18ad65694..263bca400 100644 --- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml @@ -12,24 +12,24 @@ register: resolvconf failed_when: false changed_when: false - check_mode: no + check_mode: false - name: Check existence of /etc/resolvconf/resolv.conf.d stat: path: /etc/resolvconf/resolv.conf.d - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false failed_when: false register: resolvconfd_path - name: Check status of /etc/resolv.conf stat: path: /etc/resolv.conf - follow: no - get_attributes: no - get_checksum: no - get_mime: no + follow: false + get_attributes: false + get_checksum: false + get_mime: false failed_when: false register: resolvconf_stat @@ -72,7 +72,7 @@ register: systemd_resolved_enabled failed_when: false changed_when: false - check_mode: no + check_mode: false - name: Set default dns if remove_default_searchdomains is false set_fact: @@ -94,9 +94,9 @@ - name: Check if kubelet is configured stat: path: "{{ kube_config_dir }}/kubelet.env" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kubelet_configured changed_when: false @@ -121,9 +121,9 @@ - name: Check if /etc/dhclient.conf exists stat: path: /etc/dhclient.conf - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: dhclient_stat - name: Target dhclient conf file for /etc/dhclient.conf @@ -134,9 +134,9 @@ - name: Check if /etc/dhcp/dhclient.conf exists stat: path: /etc/dhcp/dhclient.conf - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: dhcp_dhclient_stat - name: Target dhclient conf file for /etc/dhcp/dhclient.conf @@ -218,9 +218,9 @@ - name: Check /usr readonly stat: path: "/usr" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: usr - name: Set alternate flexvolume path diff --git a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml index 1bb0f4856..d609ab574 100644 --- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml @@ -44,7 +44,7 @@ assert: that: item.value | type_debug == 'bool' msg: "{{ item.value }} isn't a bool" - run_once: yes + run_once: true with_items: - { name: download_run_once, value: "{{ download_run_once }}" } - { name: deploy_netchecker, value: "{{ deploy_netchecker }}" } @@ -172,21 +172,21 @@ that: - kube_service_addresses | ansible.utils.ipaddr('net') msg: "kube_service_addresses = '{{ kube_service_addresses }}' is not a valid network range" - run_once: yes + run_once: true - name: "Check that kube_pods_subnet is a network range" assert: that: - kube_pods_subnet | ansible.utils.ipaddr('net') msg: "kube_pods_subnet = '{{ kube_pods_subnet }}' is not a valid network range" - run_once: yes + run_once: true - name: "Check that kube_pods_subnet does not collide with kube_service_addresses" assert: that: - kube_pods_subnet | ansible.utils.ipaddr(kube_service_addresses) | string == 'None' msg: "kube_pods_subnet cannot be the same network segment as kube_service_addresses" - run_once: yes + run_once: true - name: "Check that IP range is enough for the nodes" assert: @@ -194,7 +194,7 @@ - 2 ** (kube_network_node_prefix - kube_pods_subnet | ansible.utils.ipaddr('prefix')) >= groups['k8s_cluster'] | length msg: "Not enough IPs are available for the desired node count." when: kube_network_plugin != 'calico' - run_once: yes + run_once: true - name: Stop if unknown dns mode assert: @@ -246,7 +246,7 @@ # TODO: Clean this task up when we drop backward compatibility support for `etcd_kubeadm_enabled` - name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker and etcd_kubeadm_enabled is not defined - run_once: yes + run_once: true when: etcd_kubeadm_enabled is defined block: - name: Warn the user if they are still using `etcd_kubeadm_enabled` @@ -292,7 +292,7 @@ assert: that: containerd_version is version(containerd_min_version_required, '>=') msg: "containerd_version is too low. Minimum version {{ containerd_min_version_required }}" - run_once: yes + run_once: true when: - containerd_version not in ['latest', 'edge', 'stable'] - container_manager == 'containerd' diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml index 2fff8ef56..507a72d78 100644 --- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml +++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml @@ -48,9 +48,9 @@ - name: Check if kubernetes kubeadm compat cert dir exists stat: path: "{{ kube_cert_compat_dir }}" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kube_cert_compat_dir_check when: - inventory_hostname in groups['k8s_cluster'] diff --git a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml index 6219161fa..9aad0dba8 100644 --- a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml +++ b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml @@ -16,7 +16,7 @@ options ndots:{{ ndots }} timeout:{{ dns_timeout | default('2') }} attempts:{{ dns_attempts | default('2') }} state: present insertbefore: BOF - create: yes + create: true backup: "{{ not resolvconf_stat.stat.islnk }}" marker: "# Ansible entries {mark}" mode: "0644" diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml index ca51e88b9..6ebed2553 100644 --- a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml +++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml @@ -3,7 +3,7 @@ file: path: "/etc/NetworkManager/conf.d" state: directory - recurse: yes + recurse: true - name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico) copy: diff --git a/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml b/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml index e155f0a18..6dfa72426 100644 --- a/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml +++ b/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml @@ -6,7 +6,7 @@ option: servers value: "{{ nameserverentries }}" mode: '0600' - backup: yes + backup: true when: - nameserverentries != "127.0.0.53" or systemd_resolved_enabled.rc != 0 notify: Preinstall | update resolvconf for networkmanager @@ -23,7 +23,7 @@ option: searches value: "{{ (default_searchdomains | default([]) + searchdomains | default([])) | join(',') }}" mode: '0600' - backup: yes + backup: true notify: Preinstall | update resolvconf for networkmanager - name: NetworkManager | Add DNS options to NM configuration @@ -33,5 +33,5 @@ option: options value: "ndots:{{ ndots }},timeout:{{ dns_timeout | default('2') }},attempts:{{ dns_attempts | default('2') }}" mode: '0600' - backup: yes + backup: true notify: Preinstall | update resolvconf for networkmanager diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml index cddbe1ecf..c8b480c84 100644 --- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml +++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml @@ -34,7 +34,7 @@ - name: Update package management cache (APT) apt: - update_cache: yes + update_cache: true cache_valid_time: 3600 when: ansible_os_family == "Debian" tags: diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml index 5b2c7d10a..8941a649a 100644 --- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -3,9 +3,9 @@ - name: Confirm selinux deployed stat: path: /etc/selinux/config - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false when: - ansible_os_family == "RedHat" - "'Amazon' not in ansible_distribution" @@ -27,8 +27,8 @@ dest: /etc/gai.conf line: "precedence ::ffff:0:0/96 100" state: present - create: yes - backup: yes + create: true + backup: true mode: "0644" when: - disable_ipv6_dns @@ -47,9 +47,9 @@ - name: Stat sysctl file configuration stat: path: "{{ sysctl_file_path }}" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: sysctl_file_stat tags: - bootstrap-os @@ -75,7 +75,7 @@ name: net.ipv4.ip_forward value: "1" state: present - reload: yes + reload: true - name: Enable ipv6 forwarding ansible.posix.sysctl: @@ -83,15 +83,15 @@ name: net.ipv6.conf.all.forwarding value: "1" state: present - reload: yes + reload: true when: enable_dual_stack_networks | bool - name: Check if we need to set fs.may_detach_mounts stat: path: /proc/sys/fs/may_detach_mounts - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: fs_may_detach_mounts ignore_errors: true # noqa ignore-errors @@ -101,7 +101,7 @@ name: fs.may_detach_mounts value: 1 state: present - reload: yes + reload: true when: fs_may_detach_mounts.stat.exists | d(false) - name: Ensure kubelet expected parameters are set @@ -110,7 +110,7 @@ name: "{{ item.name }}" value: "{{ item.value }}" state: present - reload: yes + reload: true with_items: - { name: kernel.keys.root_maxbytes, value: 25000000 } - { name: kernel.keys.root_maxkeys, value: 1000000 } @@ -133,7 +133,7 @@ name: "{{ item.name }}" value: "{{ item.value }}" state: present - reload: yes + reload: true with_items: "{{ additional_sysctl }}" - name: Disable fapolicyd service diff --git a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml index 4ec9a69e6..0b44d26ad 100644 --- a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml +++ b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml @@ -11,17 +11,17 @@ {% endfor %} delegate_to: localhost connection: local - delegate_facts: yes - run_once: yes + delegate_facts: true + run_once: true - name: Hosts | populate inventory into hosts file blockinfile: path: /etc/hosts block: "{{ hostvars.localhost.etc_hosts_inventory_block }}" state: "{{ 'present' if populate_inventory_to_hosts_file else 'absent' }}" - create: yes - backup: yes - unsafe_writes: yes + create: true + backup: true + unsafe_writes: true marker: "# Ansible inventory hosts {mark}" mode: "0644" @@ -31,8 +31,8 @@ regexp: ".*{{ apiserver_loadbalancer_domain_name }}$" line: "{{ loadbalancer_apiserver.address }} {{ apiserver_loadbalancer_domain_name }}" state: present - backup: yes - unsafe_writes: yes + backup: true + unsafe_writes: true when: - populate_loadbalancer_apiserver_to_hosts_file - loadbalancer_apiserver is defined @@ -69,8 +69,8 @@ line: "{{ item.key }} {{ item.value | join(' ') }}" regexp: "^{{ item.key }}.*$" state: present - backup: yes - unsafe_writes: yes + backup: true + unsafe_writes: true loop: "{{ etc_hosts_localhosts_dict_target | default({}) | dict2items }}" # gather facts to update ansible_fqdn diff --git a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml index 6276034d3..9745ab261 100644 --- a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml +++ b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml @@ -6,10 +6,10 @@ {{ item }} {% endfor %} path: "{{ dhclientconffile }}" - create: yes + create: true state: present insertbefore: BOF - backup: yes + backup: true marker: "# Ansible entries {mark}" mode: "0644" notify: Preinstall | propagate resolvconf to k8s components diff --git a/roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml b/roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml index 024e39f9f..dd320d50a 100644 --- a/roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml +++ b/roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml @@ -7,7 +7,7 @@ blockinfile: path: "{{ dhclientconffile }}" state: absent - backup: yes + backup: true marker: "# Ansible entries {mark}" notify: Preinstall | propagate resolvconf to k8s components diff --git a/roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml b/roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml index 621629f6a..b9c35875e 100644 --- a/roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml +++ b/roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml @@ -22,7 +22,7 @@ - name: Check if growpart needs to be run command: growpart -N {{ device }} {{ partition }} - failed_when: False + failed_when: false changed_when: "'NOCHANGE:' not in growpart_needed.stdout" register: growpart_needed environment: @@ -30,7 +30,7 @@ - name: Check fs type command: file -Ls {{ root_device }} - changed_when: False + changed_when: false register: fs_type - name: Run growpart # noqa no-handler diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index ee846f8ba..722beecd3 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -121,9 +121,9 @@ - name: Check if we are running inside a Azure VM stat: path: /var/lib/waagent/ - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: azure_check when: - not dns_late diff --git a/roles/kubernetes/tokens/tasks/check-tokens.yml b/roles/kubernetes/tokens/tasks/check-tokens.yml index a157a0597..d8bb203e9 100644 --- a/roles/kubernetes/tokens/tasks/check-tokens.yml +++ b/roles/kubernetes/tokens/tasks/check-tokens.yml @@ -2,9 +2,9 @@ - name: "Check_tokens | check if the tokens have already been generated on first master" stat: path: "{{ kube_token_dir }}/known_tokens.csv" - get_attributes: no - get_checksum: yes - get_mime: no + get_attributes: false + get_checksum: true + get_mime: false delegate_to: "{{ groups['kube_control_plane'][0] }}" register: known_tokens_master run_once: true @@ -23,9 +23,9 @@ - name: "Check tokens | check if a cert already exists" stat: path: "{{ kube_token_dir }}/known_tokens.csv" - get_attributes: no - get_checksum: yes - get_mime: no + get_attributes: false + get_checksum: true + get_mime: false register: known_tokens - name: "Check_tokens | Set 'sync_tokens' to true" diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml index 1dabf9657..a64aea9e0 100644 --- a/roles/kubernetes/tokens/tasks/gen_tokens.yml +++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml @@ -4,7 +4,7 @@ src: "kube-gen-token.sh" dest: "{{ kube_script_dir }}/kube-gen-token.sh" mode: "0700" - run_once: yes + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens | default(false) @@ -17,7 +17,7 @@ - "{{ groups['kube_control_plane'] }}" register: gentoken_master changed_when: "'Added' in gentoken_master.stdout" - run_once: yes + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens | default(false) @@ -30,14 +30,14 @@ - "{{ groups['kube_node'] }}" register: gentoken_node changed_when: "'Added' in gentoken_node.stdout" - run_once: yes + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" when: gen_tokens | default(false) - name: Gen_tokens | Get list of tokens from first master command: "find {{ kube_token_dir }} -maxdepth 1 -type f" register: tokens_list - check_mode: no + check_mode: false delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: sync_tokens | default(false) @@ -47,7 +47,7 @@ args: executable: /bin/bash register: tokens_data - check_mode: no + check_mode: false delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: sync_tokens | default(false) diff --git a/roles/kubespray-defaults/tasks/fallback_ips.yml b/roles/kubespray-defaults/tasks/fallback_ips.yml index a1aff37ee..ae3b15150 100644 --- a/roles/kubespray-defaults/tasks/fallback_ips.yml +++ b/roles/kubespray-defaults/tasks/fallback_ips.yml @@ -8,10 +8,10 @@ gather_subset: '!all,network' filter: "ansible_default_ipv4" delegate_to: "{{ item }}" - delegate_facts: yes + delegate_facts: true when: hostvars[item].ansible_default_ipv4 is not defined loop: "{{ (ansible_play_hosts_all + [groups['kube_control_plane'][0]]) | unique if ansible_limit is defined else (groups['k8s_cluster'] | default([]) + groups['etcd'] | default([]) + groups['calico_rr'] | default([])) | unique }}" - run_once: yes + run_once: true ignore_unreachable: true tags: always @@ -26,9 +26,9 @@ {% endfor %} delegate_to: localhost connection: local - delegate_facts: yes - become: no - run_once: yes + delegate_facts: true + become: false + run_once: true - name: Set fallback_ips set_fact: diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml index d2d5cc6d1..adec886f4 100644 --- a/roles/kubespray-defaults/tasks/no_proxy.yml +++ b/roles/kubespray-defaults/tasks/no_proxy.yml @@ -26,9 +26,9 @@ 127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }},svc,svc.{{ dns_domain }} delegate_to: localhost connection: local - delegate_facts: yes - become: no - run_once: yes + delegate_facts: true + become: false + run_once: true - name: Populates no_proxy to all hosts set_fact: diff --git a/roles/network_plugin/calico/rr/tasks/pre.yml b/roles/network_plugin/calico/rr/tasks/pre.yml index d8dbd8072..f8a9de611 100644 --- a/roles/network_plugin/calico/rr/tasks/pre.yml +++ b/roles/network_plugin/calico/rr/tasks/pre.yml @@ -3,7 +3,7 @@ service: name: calico-rr state: stopped - enabled: no + enabled: false failed_when: false - name: Calico-rr | Delete obsolete files diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml index 95dcfa673..7f73a08c4 100644 --- a/roles/network_plugin/calico/tasks/check.yml +++ b/roles/network_plugin/calico/tasks/check.yml @@ -4,7 +4,7 @@ that: - ipip is not defined msg: "'ipip' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Stop if legacy encapsulation variables are detected (ipip_mode) @@ -12,7 +12,7 @@ that: - ipip_mode is not defined msg: "'ipip_mode' configuration variable is deprecated, please configure your inventory with 'calico_ipip_mode' set to 'Always' or 'CrossSubnet' according to your specific needs" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Stop if legacy encapsulation variables are detected (calcio_ipam_autoallocateblocks) @@ -20,7 +20,7 @@ that: - calcio_ipam_autoallocateblocks is not defined msg: "'calcio_ipam_autoallocateblocks' configuration variable is deprecated, it's a typo, please configure your inventory with 'calico_ipam_autoallocateblocks' set to 'true' or 'false' according to your specific needs" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" @@ -32,7 +32,7 @@ msg: "When using cloud_provider azure and network_plugin calico calico_ipip_mode must be 'Never' and calico_vxlan_mode 'Always' or 'CrossSubnet'" when: - cloud_provider is defined and cloud_provider == 'azure' - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Stop if supported Calico versions @@ -40,21 +40,21 @@ that: - "calico_version in calico_crds_archive_checksums.keys()" msg: "Calico version not supported {{ calico_version }} not in {{ calico_crds_archive_checksums.keys() }}" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Check if calicoctl.sh exists stat: path: "{{ bin_dir }}/calicoctl.sh" register: calicoctl_sh_exists - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: Check if calico ready command: "{{ bin_dir }}/calicoctl.sh get ClusterInformation default" register: calico_ready - run_once: True - ignore_errors: True + run_once: true + ignore_errors: true retries: 5 delay: 10 until: calico_ready.rc == 0 @@ -62,7 +62,7 @@ when: calicoctl_sh_exists.stat.exists - name: Check that current calico version is enough for upgrade - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" when: calicoctl_sh_exists.stat.exists and calico_ready.rc == 0 block: @@ -91,7 +91,7 @@ when: - peer_with_calico_rr - inventory_hostname == groups['kube_control_plane'][0] - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check that calico_rr nodes are in k8s_cluster group" @@ -101,7 +101,7 @@ msg: "calico_rr must be a child group of k8s_cluster group" when: - '"calico_rr" in group_names' - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check vars defined correctly" @@ -110,7 +110,7 @@ - "calico_pool_name is defined" - "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')" msg: "calico_pool_name contains invalid characters" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check calico network backend defined correctly" @@ -118,11 +118,11 @@ that: - "calico_network_backend in ['bird', 'vxlan', 'none']" msg: "calico network backend is not 'bird', 'vxlan' or 'none'" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check ipip and vxlan mode defined correctly" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" assert: that: @@ -137,7 +137,7 @@ msg: "IP in IP and VXLAN mode is mutualy exclusive modes" when: - "calico_ipip_mode in ['Always', 'CrossSubnet']" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check ipip and vxlan mode if simultaneously enabled" @@ -147,23 +147,23 @@ msg: "IP in IP and VXLAN mode is mutualy exclusive modes" when: - "calico_vxlan_mode in ['Always', 'CrossSubnet']" - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Get Calico {{ calico_pool_name }} configuration" command: "{{ bin_dir }}/calicoctl.sh get ipPool {{ calico_pool_name }} -o json" - failed_when: False - changed_when: False - check_mode: no + failed_when: false + changed_when: false + check_mode: false register: calico - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Set calico_pool_conf" set_fact: calico_pool_conf: '{{ calico.stdout | from_json }}' when: calico.rc == 0 and calico.stdout - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check if inventory match current cluster configuration" @@ -176,7 +176,7 @@ msg: "Your inventory doesn't match the current cluster configuration" when: - calico_pool_conf is defined - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check kdd calico_datastore if calico_apiserver_enabled" @@ -185,7 +185,7 @@ msg: "When using calico apiserver you need to use the kubernetes datastore" when: - calico_apiserver_enabled - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check kdd calico_datastore if typha_enabled" @@ -194,7 +194,7 @@ msg: "When using typha you need to use the kubernetes datastore" when: - typha_enabled - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" - name: "Check ipip mode is Never for calico ipv6" @@ -204,5 +204,5 @@ msg: "Calico doesn't support ipip tunneling for the IPv6" when: - enable_dual_stack_networks - run_once: True + run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index 7f895b555..1d3b02339 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -14,7 +14,7 @@ src: "{{ downloads.calicoctl.dest }}" dest: "{{ bin_dir }}/calicoctl" mode: "0755" - remote_src: yes + remote_src: true - name: Calico | Create calico certs directory file: @@ -31,7 +31,7 @@ dest: "{{ calico_cert_dir }}/{{ item.d }}" state: hard mode: "0640" - force: yes + force: true with_items: - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"} - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"} @@ -61,7 +61,7 @@ - name: Calico | wait for etcd uri: url: "{{ etcd_access_addresses.split(',') | first }}/health" - validate_certs: no + validate_certs: false client_cert: "{{ calico_cert_dir }}/cert.crt" client_key: "{{ calico_cert_dir }}/key.pem" register: result @@ -165,8 +165,8 @@ - name: Calico | Get existing FelixConfiguration command: "{{ bin_dir }}/calicoctl.sh get felixconfig default -o json" register: _felix_cmd - ignore_errors: True - changed_when: False + ignore_errors: true + changed_when: false - name: Calico | Set kubespray FelixConfiguration set_fact: @@ -201,7 +201,7 @@ command: cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" stdin: "{{ _felix_config is string | ternary(_felix_config, _felix_config | to_json) }}" - changed_when: False + changed_when: false - name: Calico | Configure Calico IP Pool when: @@ -210,8 +210,8 @@ - name: Calico | Get existing calico network pool command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }} -o json" register: _calico_pool_cmd - ignore_errors: True - changed_when: False + ignore_errors: true + changed_when: false - name: Calico | Set kubespray calico network pool set_fact: @@ -251,7 +251,7 @@ command: cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" stdin: "{{ _calico_pool is string | ternary(_calico_pool, _calico_pool | to_json) }}" - changed_when: False + changed_when: false - name: Calico | Configure Calico IPv6 Pool when: @@ -261,8 +261,8 @@ - name: Calico | Get existing calico ipv6 network pool command: "{{ bin_dir }}/calicoctl.sh get ippool {{ calico_pool_name }}-ipv6 -o json" register: _calico_pool_ipv6_cmd - ignore_errors: True - changed_when: False + ignore_errors: true + changed_when: false - name: Calico | Set kubespray calico network pool set_fact: @@ -302,19 +302,19 @@ command: cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" stdin: "{{ _calico_pool_ipv6 is string | ternary(_calico_pool_ipv6, _calico_pool_ipv6 | to_json) }}" - changed_when: False + changed_when: false - name: Populate Service External IPs set_fact: _service_external_ips: "{{ _service_external_ips | default([]) + [{'cidr': item}] }}" with_items: "{{ calico_advertise_service_external_ips }}" - run_once: yes + run_once: true - name: Populate Service LoadBalancer IPs set_fact: _service_loadbalancer_ips: "{{ _service_loadbalancer_ips | default([]) + [{'cidr': item}] }}" with_items: "{{ calico_advertise_service_loadbalancer_ips }}" - run_once: yes + run_once: true - name: "Determine nodeToNodeMesh needed state" set_fact: @@ -322,7 +322,7 @@ when: - peer_with_router | default(false) or peer_with_calico_rr | default(false) - inventory_hostname in groups['k8s_cluster'] - run_once: yes + run_once: true - name: Calico | Configure Calico BGP when: @@ -331,8 +331,8 @@ - name: Calico | Get existing BGP Configuration command: "{{ bin_dir }}/calicoctl.sh get bgpconfig default -o json" register: _bgp_config_cmd - ignore_errors: True - changed_when: False + ignore_errors: true + changed_when: false - name: Calico | Set kubespray BGP Configuration set_fact: @@ -366,7 +366,7 @@ command: cmd: "{{ bin_dir }}/calicoctl.sh apply -f -" stdin: "{{ _bgp_config is string | ternary(_bgp_config, _bgp_config | to_json) }}" - changed_when: False + changed_when: false - name: Calico | Create calico manifests template: diff --git a/roles/network_plugin/calico/tasks/repos.yml b/roles/network_plugin/calico/tasks/repos.yml index dd29f4520..7eba916bb 100644 --- a/roles/network_plugin/calico/tasks/repos.yml +++ b/roles/network_plugin/calico/tasks/repos.yml @@ -10,11 +10,11 @@ file: _copr:copr.fedorainfracloud.org:jdoss:wireguard description: Copr repo for wireguard owned by jdoss baseurl: "{{ calico_wireguard_repo }}" - gpgcheck: yes + gpgcheck: true gpgkey: https://download.copr.fedorainfracloud.org/results/jdoss/wireguard/pubkey.gpg - skip_if_unavailable: yes - enabled: yes - repo_gpgcheck: no + skip_if_unavailable: true + enabled: true + repo_gpgcheck: false when: - ansible_os_family in ['RedHat'] - ansible_distribution not in ['Fedora'] diff --git a/roles/network_plugin/calico/tasks/reset.yml b/roles/network_plugin/calico/tasks/reset.yml index 8dab21462..16c850977 100644 --- a/roles/network_plugin/calico/tasks/reset.yml +++ b/roles/network_plugin/calico/tasks/reset.yml @@ -2,9 +2,9 @@ - name: Reset | check vxlan.calico network device stat: path: /sys/class/net/vxlan.calico - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: vxlan - name: Reset | remove the network vxlan.calico device created by calico @@ -14,9 +14,9 @@ - name: Reset | check dummy0 network device stat: path: /sys/class/net/dummy0 - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: dummy0 - name: Reset | remove the network device created by calico diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml index 1039953a0..7da39644b 100644 --- a/roles/network_plugin/cilium/tasks/install.yml +++ b/roles/network_plugin/cilium/tasks/install.yml @@ -22,7 +22,7 @@ dest: "{{ cilium_cert_dir }}/{{ item.d }}" mode: "0644" state: hard - force: yes + force: true loop: - {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"} - {s: "{{ kube_etcd_cert_file }}", d: "cert.crt"} @@ -94,4 +94,4 @@ src: "{{ local_release_dir }}/cilium" dest: "{{ bin_dir }}/cilium" mode: "0755" - remote_src: yes + remote_src: true diff --git a/roles/network_plugin/cilium/tasks/reset_iface.yml b/roles/network_plugin/cilium/tasks/reset_iface.yml index e2f7c14af..57a2d5765 100644 --- a/roles/network_plugin/cilium/tasks/reset_iface.yml +++ b/roles/network_plugin/cilium/tasks/reset_iface.yml @@ -2,9 +2,9 @@ - name: "Reset | check if network device {{ iface }} is present" stat: path: "/sys/class/net/{{ iface }}" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: device_remains - name: "Reset | remove network device {{ iface }}" diff --git a/roles/network_plugin/cni/tasks/main.yml b/roles/network_plugin/cni/tasks/main.yml index 8ac0dc53a..28376bd76 100644 --- a/roles/network_plugin/cni/tasks/main.yml +++ b/roles/network_plugin/cni/tasks/main.yml @@ -13,4 +13,4 @@ dest: "/opt/cni/bin" mode: "0755" owner: "{{ cni_bin_owner }}" - remote_src: yes + remote_src: true diff --git a/roles/network_plugin/flannel/tasks/reset.yml b/roles/network_plugin/flannel/tasks/reset.yml index 03d40a0c1..c4b1b8815 100644 --- a/roles/network_plugin/flannel/tasks/reset.yml +++ b/roles/network_plugin/flannel/tasks/reset.yml @@ -2,9 +2,9 @@ - name: Reset | check cni network device stat: path: /sys/class/net/cni0 - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: cni - name: Reset | remove the network device created by the flannel @@ -14,9 +14,9 @@ - name: Reset | check flannel network device stat: path: /sys/class/net/flannel.1 - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: flannel - name: Reset | remove the network device created by the flannel diff --git a/roles/network_plugin/kube-router/tasks/reset.yml b/roles/network_plugin/kube-router/tasks/reset.yml index ae9ee55c7..32f707591 100644 --- a/roles/network_plugin/kube-router/tasks/reset.yml +++ b/roles/network_plugin/kube-router/tasks/reset.yml @@ -2,9 +2,9 @@ - name: Reset | check kube-dummy-if network device stat: path: /sys/class/net/kube-dummy-if - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kube_dummy_if - name: Reset | remove the network device created by kube-router @@ -14,9 +14,9 @@ - name: Check kube-bridge exists stat: path: /sys/class/net/kube-bridge - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kube_bridge_if - name: Reset | donw the network bridge create by kube-router diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml index 165030d59..6ffe3348c 100644 --- a/roles/network_plugin/macvlan/tasks/main.yml +++ b/roles/network_plugin/macvlan/tasks/main.yml @@ -104,7 +104,7 @@ ansible.posix.sysctl: name: net.ipv4.conf.all.arp_notify value: 1 - sysctl_set: yes + sysctl_set: true sysctl_file: "{{ sysctl_file_path }}" state: present - reload: yes + reload: true diff --git a/roles/recover_control_plane/etcd/tasks/main.yml b/roles/recover_control_plane/etcd/tasks/main.yml index 599f56b15..6291ea36f 100644 --- a/roles/recover_control_plane/etcd/tasks/main.yml +++ b/roles/recover_control_plane/etcd/tasks/main.yml @@ -4,7 +4,7 @@ register: etcd_endpoint_health ignore_errors: true # noqa ignore-errors changed_when: false - check_mode: no + check_mode: false environment: ETCDCTL_API: "3" ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" @@ -64,7 +64,7 @@ command: "{{ bin_dir }}/etcdctl member list" register: member_list changed_when: false - check_mode: no + check_mode: false environment: ETCDCTL_API: "3" ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}" diff --git a/roles/remove-node/remove-etcd-node/tasks/main.yml b/roles/remove-node/remove-etcd-node/tasks/main.yml index 0279018d4..70e33251a 100644 --- a/roles/remove-node/remove-etcd-node/tasks/main.yml +++ b/roles/remove-node/remove-etcd-node/tasks/main.yml @@ -32,7 +32,7 @@ register: etcd_member_id ignore_errors: true # noqa ignore-errors changed_when: false - check_mode: no + check_mode: false tags: - facts environment: diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 1d00913e1..acafb5a76 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -50,9 +50,9 @@ - name: Reset | check if crictl is present stat: path: "{{ bin_dir }}/crictl" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: crictl - name: Reset | stop all cri containers @@ -161,7 +161,7 @@ shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac args: executable: /bin/bash - check_mode: no + check_mode: false register: mounted_dirs failed_when: false changed_when: false @@ -182,7 +182,7 @@ - name: Flush iptables iptables: table: "{{ item }}" - flush: yes + flush: true with_items: - filter - nat @@ -195,7 +195,7 @@ - name: Flush ip6tables iptables: table: "{{ item }}" - flush: yes + flush: true ip_version: ipv6 with_items: - filter @@ -215,9 +215,9 @@ - name: Reset | check kube-ipvs0 network device stat: path: /sys/class/net/kube-ipvs0 - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: kube_ipvs0 - name: Reset | Remove kube-ipvs0 @@ -229,9 +229,9 @@ - name: Reset | check nodelocaldns network device stat: path: /sys/class/net/nodelocaldns - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: nodelocaldns_device - name: Reset | Remove nodelocaldns @@ -243,9 +243,9 @@ - name: Reset | Check whether /var/lib/kubelet directory exists stat: path: /var/lib/kubelet - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: var_lib_kubelet_directory - name: Reset | Find files/dirs with immutable flag in /var/lib/kubelet diff --git a/roles/upgrade/post-upgrade/tasks/main.yml b/roles/upgrade/post-upgrade/tasks/main.yml index d82fe8d33..467ff05e1 100644 --- a/roles/upgrade/post-upgrade/tasks/main.yml +++ b/roles/upgrade/post-upgrade/tasks/main.yml @@ -13,7 +13,7 @@ - name: Confirm node uncordon pause: - echo: yes + echo: true prompt: "Ready to uncordon node?" when: - upgrade_node_post_upgrade_confirm diff --git a/roles/upgrade/pre-upgrade/tasks/main.yml b/roles/upgrade/pre-upgrade/tasks/main.yml index 8d5d99c93..6e3cdd2b8 100644 --- a/roles/upgrade/pre-upgrade/tasks/main.yml +++ b/roles/upgrade/pre-upgrade/tasks/main.yml @@ -2,7 +2,7 @@ # Wait for upgrade - name: Confirm node upgrade pause: - echo: yes + echo: true prompt: "Ready to upgrade node? (Press Enter to continue or Ctrl+C for other options)" when: - upgrade_node_confirm diff --git a/roles/win_nodes/kubernetes_patch/tasks/main.yml b/roles/win_nodes/kubernetes_patch/tasks/main.yml index 880c58cf8..1dd504e16 100644 --- a/roles/win_nodes/kubernetes_patch/tasks/main.yml +++ b/roles/win_nodes/kubernetes_patch/tasks/main.yml @@ -4,7 +4,7 @@ file: path: "{{ kubernetes_user_manifests_path }}/kubernetes" state: directory - recurse: yes + recurse: true tags: [init, cni] - name: Apply kube-proxy nodeselector diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml index 0234c0733..272fb724b 100644 --- a/scripts/collect-info.yaml +++ b/scripts/collect-info.yaml @@ -2,7 +2,7 @@ - name: Collect debug info hosts: all become: true - gather_facts: no + gather_facts: false vars: docker_bin_dir: /usr/bin @@ -118,7 +118,7 @@ failed_when: false with_items: "{{ commands }}" when: item.when | default(True) - no_log: True + no_log: true - name: Fetch results fetch: diff --git a/tests/cloud_playbooks/cleanup-packet.yml b/tests/cloud_playbooks/cleanup-packet.yml index 009071ec2..2ba5e3021 100644 --- a/tests/cloud_playbooks/cleanup-packet.yml +++ b/tests/cloud_playbooks/cleanup-packet.yml @@ -2,7 +2,7 @@ - name: Cleanup packet vms hosts: localhost - gather_facts: no + gather_facts: false become: true roles: - { role: cleanup-packet-ci } diff --git a/tests/cloud_playbooks/create-packet.yml b/tests/cloud_playbooks/create-packet.yml index 8212fb6c8..2cd08b54d 100644 --- a/tests/cloud_playbooks/create-packet.yml +++ b/tests/cloud_playbooks/create-packet.yml @@ -2,7 +2,7 @@ - name: Provision Packet VMs hosts: localhost - gather_facts: no + gather_facts: false become: true vars: ci_job_name: "{{ lookup('env', 'CI_JOB_NAME') }}" diff --git a/tests/cloud_playbooks/delete-packet.yml b/tests/cloud_playbooks/delete-packet.yml index 7d0c9003c..7320da622 100644 --- a/tests/cloud_playbooks/delete-packet.yml +++ b/tests/cloud_playbooks/delete-packet.yml @@ -2,7 +2,7 @@ - name: Terminate Packet VMs hosts: localhost - gather_facts: no + gather_facts: false become: true vars: ci_job_name: "{{ lookup('env', 'CI_JOB_NAME') }}" diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/delete-vms.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/delete-vms.yml index 98bd05a61..75156584a 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/delete-vms.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/delete-vms.yml @@ -3,9 +3,9 @@ - name: Check if temp directory for {{ test_name }} exists stat: path: "/tmp/{{ test_name }}" - get_attributes: no - get_checksum: no - get_mime: no + get_attributes: false + get_checksum: false + get_mime: false register: temp_dir_details - name: "Cleanup temp directory for {{ test_name }}" diff --git a/tests/cloud_playbooks/wait-for-ssh.yml b/tests/cloud_playbooks/wait-for-ssh.yml index 0e09c9f04..54b268273 100644 --- a/tests/cloud_playbooks/wait-for-ssh.yml +++ b/tests/cloud_playbooks/wait-for-ssh.yml @@ -1,8 +1,8 @@ --- - name: Wait until SSH is available hosts: all - become: False - gather_facts: False + become: false + gather_facts: false tasks: - name: Wait until SSH is available diff --git a/tests/files/packet_ubuntu20-all-in-one-docker.yml b/tests/files/packet_ubuntu20-all-in-one-docker.yml index 2ed6307d8..0116eae42 100644 --- a/tests/files/packet_ubuntu20-all-in-one-docker.yml +++ b/tests/files/packet_ubuntu20-all-in-one-docker.yml @@ -8,7 +8,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false # Use docker container_manager: docker diff --git a/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml b/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml index c494810cf..5dafe23bf 100644 --- a/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml +++ b/tests/files/packet_ubuntu20-calico-all-in-one-hardening.yml @@ -8,7 +8,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false # The followings are for hardening ## kube-apiserver diff --git a/tests/files/packet_ubuntu20-calico-all-in-one.yml b/tests/files/packet_ubuntu20-calico-all-in-one.yml index 3cfc99c96..f59e72a3c 100644 --- a/tests/files/packet_ubuntu20-calico-all-in-one.yml +++ b/tests/files/packet_ubuntu20-calico-all-in-one.yml @@ -8,4 +8,4 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false diff --git a/tests/files/packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha.yml b/tests/files/packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha.yml index 57187a8dd..425ce75b8 100644 --- a/tests/files/packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha.yml +++ b/tests/files/packet_ubuntu20-calico-etcd-kubeadm-upgrade-ha.yml @@ -10,7 +10,7 @@ upgrade_cluster_setup: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false # Pin disabling ipip mode to ensure proper upgrade ipip: false diff --git a/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml b/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml index ba9d7b34b..ddc5cb556 100644 --- a/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml +++ b/tests/files/packet_ubuntu20-calico-etcd-kubeadm.yml @@ -8,7 +8,7 @@ etcd_deployment_type: kubeadm # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false # Remove anonymous access to cluster remove_anonymous_access: true diff --git a/tests/files/packet_ubuntu22-all-in-one-docker.yml b/tests/files/packet_ubuntu22-all-in-one-docker.yml index 16ae45986..fcdd8f3cc 100644 --- a/tests/files/packet_ubuntu22-all-in-one-docker.yml +++ b/tests/files/packet_ubuntu22-all-in-one-docker.yml @@ -9,7 +9,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false # Use docker container_manager: docker diff --git a/tests/files/packet_ubuntu22-calico-all-in-one.yml b/tests/files/packet_ubuntu22-calico-all-in-one.yml index 2c666f8e3..615530107 100644 --- a/tests/files/packet_ubuntu22-calico-all-in-one.yml +++ b/tests/files/packet_ubuntu22-calico-all-in-one.yml @@ -9,7 +9,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false containerd_registries_mirrors: - prefix: docker.io diff --git a/tests/files/packet_ubuntu24-all-in-one-docker.yml b/tests/files/packet_ubuntu24-all-in-one-docker.yml index d4a0adccb..8b1da4ac0 100644 --- a/tests/files/packet_ubuntu24-all-in-one-docker.yml +++ b/tests/files/packet_ubuntu24-all-in-one-docker.yml @@ -9,7 +9,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=noble&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false # Use docker container_manager: docker diff --git a/tests/files/packet_ubuntu24-calico-all-in-one.yml b/tests/files/packet_ubuntu24-calico-all-in-one.yml index 4b9e403ca..5d7f55878 100644 --- a/tests/files/packet_ubuntu24-calico-all-in-one.yml +++ b/tests/files/packet_ubuntu24-calico-all-in-one.yml @@ -9,7 +9,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=noble&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false containerd_registries_mirrors: - prefix: docker.io diff --git a/tests/files/packet_ubuntu24-calico-etcd-datastore.yml b/tests/files/packet_ubuntu24-calico-etcd-datastore.yml index 2805fa731..4f35d2f87 100644 --- a/tests/files/packet_ubuntu24-calico-etcd-datastore.yml +++ b/tests/files/packet_ubuntu24-calico-etcd-datastore.yml @@ -9,7 +9,7 @@ auto_renew_certificates: true # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=noble&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko kube_proxy_mode: iptables -enable_nodelocaldns: False +enable_nodelocaldns: false containerd_registries: "docker.io": "https://mirror.gcr.io" diff --git a/tests/testcases/010_check-apiserver.yml b/tests/testcases/010_check-apiserver.yml index 0d20bda02..081a2a31e 100644 --- a/tests/testcases/010_check-apiserver.yml +++ b/tests/testcases/010_check-apiserver.yml @@ -6,7 +6,7 @@ - name: Check the API servers are responding uri: url: "https://{{ access_ip | default(ansible_default_ipv4.address) }}:{{ kube_apiserver_port | default(6443) }}/version" - validate_certs: no + validate_certs: false status_code: 200 register: apiserver_response retries: 12 diff --git a/tests/testcases/030_check-network.yml b/tests/testcases/030_check-network.yml index 9b7eacfc1..e13128dd9 100644 --- a/tests/testcases/030_check-network.yml +++ b/tests/testcases/030_check-network.yml @@ -153,13 +153,13 @@ - name: Get running pods command: "{{ bin_dir }}/kubectl get pods -n test -o jsonpath='{range .items[?(.status.phase==\"Running\")]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'" - changed_when: False + changed_when: false register: running_pods no_log: true - name: Check kubectl output command: "{{ bin_dir }}/kubectl get pods --all-namespaces -owide" - changed_when: False + changed_when: false register: get_pods no_log: true diff --git a/tests/testcases/040_check-network-adv.yml b/tests/testcases/040_check-network-adv.yml index 4fc70eb07..45cf6db28 100644 --- a/tests/testcases/040_check-network-adv.yml +++ b/tests/testcases/040_check-network-adv.yml @@ -69,7 +69,7 @@ - name: Get netchecker agents uri: url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/agents/" - return_content: yes + return_content: true run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" register: agents @@ -85,7 +85,7 @@ uri: url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/connectivity_check" status_code: 200 - return_content: yes + return_content: true delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true register: connectivity_check diff --git a/tests/testcases/100_check-k8s-conformance.yml b/tests/testcases/100_check-k8s-conformance.yml index 3c07ffe46..3e0f17109 100644 --- a/tests/testcases/100_check-k8s-conformance.yml +++ b/tests/testcases/100_check-k8s-conformance.yml @@ -24,7 +24,7 @@ unarchive: src: /tmp/sonobuoy.tar.gz dest: /usr/local/bin/ - copy: no + copy: false - name: Run sonobuoy command: "{{ sonobuoy_path }} run --mode {{ sonobuoy_mode }} --e2e-parallel {{ sonobuoy_parallel }} --wait"