From dc6a17e0928fb9e23554c166a912c095c96f7845 Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Mon, 29 Jan 2018 14:37:48 +0300 Subject: [PATCH] Use include/import tasks (#2192) import_tasks will consume far less memory, so it should be used whenever it is compatible. --- roles/bootstrap-os/tasks/main.yml | 10 +++---- roles/docker/tasks/main.yml | 4 +-- roles/download/tasks/download_container.yml | 2 +- roles/download/tasks/main.yml | 6 ++--- roles/etcd/handlers/main.yml | 2 +- roles/etcd/tasks/configure.yml | 2 +- roles/etcd/tasks/gen_certs_vault.yml | 8 +++--- roles/etcd/tasks/join_member.yml | 2 +- roles/etcd/tasks/main.yml | 18 ++++++------- roles/etcd/tasks/sync_etcd_master_certs.yml | 4 +-- roles/etcd/tasks/sync_etcd_node_certs.yml | 4 +-- roles/kubernetes-apps/ansible/tasks/main.yml | 4 +-- roles/kubernetes-apps/helm/tasks/main.yml | 2 +- .../network_plugin/contiv/tasks/main.yml | 2 +- .../kubernetes/master/tasks/kubeadm-setup.yml | 2 +- roles/kubernetes/master/tasks/main.yml | 8 +++--- roles/kubernetes/node/tasks/install.yml | 2 +- roles/kubernetes/node/tasks/main.yml | 8 +++--- roles/kubernetes/preinstall/tasks/main.yml | 16 ++++++------ .../kubernetes/preinstall/tasks/set_facts.yml | 2 +- .../secrets/tasks/gen_certs_vault.yml | 12 ++++----- roles/kubernetes/secrets/tasks/main.yml | 10 +++---- .../secrets/tasks/sync_kube_master_certs.yml | 6 ++--- .../secrets/tasks/sync_kube_node_certs.yml | 6 ++--- roles/network_plugin/flannel/tasks/main.yml | 4 +-- roles/network_plugin/weave/tasks/main.yml | 2 +- roles/rkt/tasks/main.yml | 2 +- roles/vault/tasks/bootstrap/create_mounts.yml | 2 +- roles/vault/tasks/bootstrap/create_roles.yml | 2 +- .../vault/tasks/bootstrap/gen_vault_certs.yml | 2 +- roles/vault/tasks/bootstrap/main.yml | 26 +++++++++---------- .../vault/tasks/bootstrap/sync_etcd_certs.yml | 2 +- roles/vault/tasks/bootstrap/sync_secrets.yml | 2 +- .../tasks/bootstrap/sync_vault_certs.yml | 4 +-- roles/vault/tasks/cluster/create_mounts.yml | 2 +- roles/vault/tasks/cluster/create_roles.yml | 2 +- roles/vault/tasks/cluster/main.yml | 24 ++++++++--------- roles/vault/tasks/main.yml | 4 +-- roles/vault/tasks/shared/cert_auth_mount.yml | 2 +- roles/vault/tasks/shared/create_mount.yml | 4 +-- roles/vault/tasks/shared/create_role.yml | 2 +- roles/vault/tasks/shared/sync_auth_certs.yml | 2 +- roles/vault/tasks/shared/sync_file.yml | 2 +- 43 files changed, 117 insertions(+), 117 deletions(-) diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml index bb6937902..6f45fb073 100644 --- a/roles/bootstrap-os/tasks/main.yml +++ b/roles/bootstrap-os/tasks/main.yml @@ -1,17 +1,17 @@ --- -- include: bootstrap-ubuntu.yml +- import_tasks: bootstrap-ubuntu.yml when: bootstrap_os == "ubuntu" -- include: bootstrap-debian.yml +- import_tasks: bootstrap-debian.yml when: bootstrap_os == "debian" -- include: bootstrap-coreos.yml +- import_tasks: bootstrap-coreos.yml when: bootstrap_os == "coreos" -- include: bootstrap-centos.yml +- import_tasks: bootstrap-centos.yml when: bootstrap_os == "centos" -- include: setup-pipelining.yml +- import_tasks: setup-pipelining.yml - name: check if atomic host stat: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e5ca6d165..1c95f819f 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -15,7 +15,7 @@ tags: - facts -- include: set_facts_dns.yml +- include_tasks: set_facts_dns.yml when: dns_mode != 'none' and resolvconf_mode == 'docker_dns' tags: - facts @@ -88,7 +88,7 @@ installed_docker_version.stdout|version_compare('1.12', '<') - name: Set docker systemd config - include: systemd.yml + import_tasks: systemd.yml - name: ensure docker service is started and enabled service: diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml index 5766ab577..bbf7cec85 100644 --- a/roles/download/tasks/download_container.yml +++ b/roles/download/tasks/download_container.yml @@ -1,6 +1,6 @@ --- - name: container_download | Make download decision if pull is required by tag or sha256 - include: set_docker_image_facts.yml + include_tasks: set_docker_image_facts.yml delegate_to: "{{ download_delegate if download_run_once or omit }}" delegate_facts: no run_once: "{{ download_run_once }}" diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index cc891c0dd..c6e910e5d 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -1,10 +1,10 @@ --- -- include: download_prep.yml +- include_tasks: download_prep.yml when: - not skip_downloads|default(false) - name: "Download items" - include: "download_{% if download.container %}container{% else %}file{% endif %}.yml" + include_tasks: "download_{% if download.container %}container{% else %}file{% endif %}.yml" vars: download: "{{ download_defaults | combine(item.value) }}" with_dict: "{{ downloads }}" @@ -13,7 +13,7 @@ - item.value.enabled - name: "Sync container" - include: sync_container.yml + include_tasks: sync_container.yml vars: download: "{{ download_defaults | combine(item.value) }}" with_dict: "{{ downloads }}" diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml index aca8522f5..f6666ee94 100644 --- a/roles/etcd/handlers/main.yml +++ b/roles/etcd/handlers/main.yml @@ -7,7 +7,7 @@ - reload etcd - wait for etcd up -- include: backup.yml +- import_tasks: backup.yml - name: etcd | reload systemd command: systemctl daemon-reload diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml index 02bc23172..7b5c90718 100644 --- a/roles/etcd/tasks/configure.yml +++ b/roles/etcd/tasks/configure.yml @@ -30,7 +30,7 @@ notify: restart etcd - name: Configure | Join member(s) to cluster one at a time - include: join_member.yml + include_tasks: join_member.yml vars: target_node: "{{ item }}" loop_control: diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml index fae397356..aa3274bd7 100644 --- a/roles/etcd/tasks/gen_certs_vault.yml +++ b/roles/etcd/tasks/gen_certs_vault.yml @@ -1,16 +1,16 @@ --- -- include: sync_etcd_master_certs.yml +- include_tasks: sync_etcd_master_certs.yml when: inventory_hostname in groups.etcd tags: - etcd-secrets -- include: sync_etcd_node_certs.yml +- include_tasks: sync_etcd_node_certs.yml when: inventory_hostname in etcd_node_cert_hosts tags: - etcd-secrets # Issue master certs to Etcd nodes -- include: ../../vault/tasks/shared/issue_cert.yml +- include_tasks: ../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "etcd:master:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}" issue_cert_alt_names: "{{ groups['etcd'] + ['localhost'] + (etcd_cert_alt_names)|default() }}" @@ -37,7 +37,7 @@ notify: set etcd_secret_changed # Issue node certs to everyone else -- include: ../../vault/tasks/shared/issue_cert.yml +- include_tasks: ../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "etcd:node:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}" issue_cert_alt_names: "{{ etcd_node_cert_hosts }}" diff --git a/roles/etcd/tasks/join_member.yml b/roles/etcd/tasks/join_member.yml index 60315203b..b7801f0c9 100644 --- a/roles/etcd/tasks/join_member.yml +++ b/roles/etcd/tasks/join_member.yml @@ -10,7 +10,7 @@ ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem" ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem" -- include: refresh_config.yml +- include_tasks: refresh_config.yml vars: etcd_peer_addresses: >- {% for host in groups['etcd'] -%} diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 570947203..a8a9f23ad 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,15 +1,15 @@ --- -- include: check_certs.yml +- include_tasks: check_certs.yml when: cert_management == "script" tags: - etcd-secrets - facts -- include: "gen_certs_{{ cert_management }}.yml" +- include_tasks: "gen_certs_{{ cert_management }}.yml" tags: - etcd-secrets -- include: upd_ca_trust.yml +- include_tasks: upd_ca_trust.yml tags: - etcd-secrets @@ -24,18 +24,18 @@ etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout }}" when: inventory_hostname in groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort -- include: "install_{{ etcd_deployment_type }}.yml" +- include_tasks: "install_{{ etcd_deployment_type }}.yml" when: is_etcd_master tags: - upgrade -- include: set_cluster_health.yml +- import_tasks: set_cluster_health.yml when: is_etcd_master and etcd_cluster_setup -- include: configure.yml +- import_tasks: configure.yml when: is_etcd_master and etcd_cluster_setup -- include: refresh_config.yml +- import_tasks: refresh_config.yml when: is_etcd_master and etcd_cluster_setup - name: Restart etcd if certs changed @@ -56,8 +56,8 @@ # After etcd cluster is assembled, make sure that # initial state of the cluster is in `existing` # state insted of `new`. -- include: set_cluster_health.yml +- import_tasks: set_cluster_health.yml when: is_etcd_master and etcd_cluster_setup -- include: refresh_config.yml +- import_tasks: refresh_config.yml when: is_etcd_master and etcd_cluster_setup diff --git a/roles/etcd/tasks/sync_etcd_master_certs.yml b/roles/etcd/tasks/sync_etcd_master_certs.yml index 2eaf1686d..b810ff775 100644 --- a/roles/etcd/tasks/sync_etcd_master_certs.yml +++ b/roles/etcd/tasks/sync_etcd_master_certs.yml @@ -8,7 +8,7 @@ "member-" + inventory_hostname + ".pem" ] }} -- include: ../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ etcd_cert_dir }}" @@ -26,7 +26,7 @@ set_fact: sync_file_results: [] -- include: ../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../vault/tasks/shared/sync_file.yml vars: sync_file: ca.pem sync_file_dir: "{{ etcd_cert_dir }}" diff --git a/roles/etcd/tasks/sync_etcd_node_certs.yml b/roles/etcd/tasks/sync_etcd_node_certs.yml index 74fa9cd4a..3e075364f 100644 --- a/roles/etcd/tasks/sync_etcd_node_certs.yml +++ b/roles/etcd/tasks/sync_etcd_node_certs.yml @@ -4,7 +4,7 @@ set_fact: etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) + ['node-' + inventory_hostname + '.pem'] }}" -- include: ../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ etcd_cert_dir }}" @@ -22,7 +22,7 @@ set_fact: sync_file_results: [] -- include: ../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../vault/tasks/shared/sync_file.yml vars: sync_file: ca.pem sync_file_dir: "{{ etcd_cert_dir }}" diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml index 1b1853b17..a15d5d593 100644 --- a/roles/kubernetes-apps/ansible/tasks/main.yml +++ b/roles/kubernetes-apps/ansible/tasks/main.yml @@ -91,13 +91,13 @@ - dnsmasq - name: Kubernetes Apps | Netchecker - include: tasks/netchecker.yml + import_tasks: tasks/netchecker.yml when: deploy_netchecker tags: - netchecker - name: Kubernetes Apps | Dashboard - include: tasks/dashboard.yml + import_tasks: tasks/dashboard.yml when: dashboard_enabled tags: - dashboard diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml index ac8c9ebf0..06e97aff2 100644 --- a/roles/kubernetes-apps/helm/tasks/main.yml +++ b/roles/kubernetes-apps/helm/tasks/main.yml @@ -3,7 +3,7 @@ file: path={{ helm_home_dir }} state=directory - name: Helm | Set up helm launcher - include: "install_{{ helm_deployment_type }}.yml" + include_tasks: "install_{{ helm_deployment_type }}.yml" - name: Helm | Lay Down Helm Manifests (RBAC) template: diff --git a/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml b/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml index d9453e66f..330acc1cd 100644 --- a/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml +++ b/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml @@ -12,4 +12,4 @@ delegate_to: "{{ groups['kube-master'][0] }}" run_once: true -- include: configure.yml +- import_tasks: configure.yml diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml index 1405a9dd0..3fcd04715 100644 --- a/roles/kubernetes/master/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml @@ -168,5 +168,5 @@ when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum - name: kubeadm | cleanup old certs if necessary - include: kubeadm-cleanup-old-certs.yml + import_tasks: kubeadm-cleanup-old-certs.yml when: old_apiserver_cert.stat.exists diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index d81c2fce9..04ad307fd 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -1,5 +1,5 @@ --- -- include: pre-upgrade.yml +- import_tasks: pre-upgrade.yml tags: - k8s-pre-upgrade @@ -9,7 +9,7 @@ kube_basic_auth: false when: kubeadm_enabled|bool|default(false) -- include: users-file.yml +- import_tasks: users-file.yml when: kube_basic_auth|default(true) - name: Compare host kubectl with hyperkube container @@ -56,9 +56,9 @@ - upgrade - name: Include kubeadm setup if enabled - include: kubeadm-setup.yml + import_tasks: kubeadm-setup.yml when: kubeadm_enabled|bool|default(false) - name: Include static pod setup if not using kubeadm - include: static-pod-setup.yml + import_tasks: static-pod-setup.yml when: not kubeadm_enabled|bool|default(false) diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index 7f40e0d76..63a529ace 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -37,7 +37,7 @@ tags: - kubeadm -- include: "install_{{ kubelet_deployment_type }}.yml" +- include_tasks: "install_{{ kubelet_deployment_type }}.yml" - name: install | Write kubelet systemd init file template: diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml index 100c38c46..10271de74 100644 --- a/roles/kubernetes/node/tasks/main.yml +++ b/roles/kubernetes/node/tasks/main.yml @@ -1,9 +1,9 @@ --- -- include: facts.yml +- import_tasks: facts.yml tags: - facts -- include: pre_upgrade.yml +- import_tasks: pre_upgrade.yml tags: - kubelet @@ -13,11 +13,11 @@ state: directory mode: 0755 -- include: install.yml +- import_tasks: install.yml tags: - kubelet -- include: nginx-proxy.yml +- import_tasks: nginx-proxy.yml when: is_kube_master == false and loadbalancer_apiserver_localhost tags: - nginx diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml index 7b60851cc..0a01466ea 100644 --- a/roles/kubernetes/preinstall/tasks/main.yml +++ b/roles/kubernetes/preinstall/tasks/main.yml @@ -1,5 +1,5 @@ --- -- include: verify-settings.yml +- import_tasks: verify-settings.yml tags: - asserts @@ -19,7 +19,7 @@ tags: - bootstrap-os -- include: set_facts.yml +- import_tasks: set_facts.yml tags: - facts @@ -72,7 +72,7 @@ - cloud-provider - facts -- include: "{{ cloud_provider }}-credential-check.yml" +- include_tasks: "{{ cloud_provider }}-credential-check.yml" when: - cloud_provider is defined - cloud_provider in [ 'openstack', 'azure', 'vsphere' ] @@ -99,7 +99,7 @@ - contiv - bootstrap-os -- include: resolvconf.yml +- import_tasks: resolvconf.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' @@ -276,12 +276,12 @@ tags: - cloud-provider -- include: etchosts.yml +- import_tasks: etchosts.yml tags: - bootstrap-os - etchosts -- include: dhclient-hooks.yml +- import_tasks: dhclient-hooks.yml when: - dns_mode != 'none' - resolvconf_mode == 'host_resolvconf' @@ -290,7 +290,7 @@ - bootstrap-os - resolvconf -- include: dhclient-hooks-undo.yml +- import_tasks: dhclient-hooks-undo.yml when: - dns_mode != 'none' - resolvconf_mode != 'host_resolvconf' @@ -306,7 +306,7 @@ tags: - bootstrap-os -- include: growpart-azure-centos-7.yml +- import_tasks: growpart-azure-centos-7.yml when: - azure_check.stat.exists - ansible_distribution in ["CentOS","RedHat"] diff --git a/roles/kubernetes/preinstall/tasks/set_facts.yml b/roles/kubernetes/preinstall/tasks/set_facts.yml index b5311bac8..a945e715e 100644 --- a/roles/kubernetes/preinstall/tasks/set_facts.yml +++ b/roles/kubernetes/preinstall/tasks/set_facts.yml @@ -11,7 +11,7 @@ kube_cert_group: "kube" when: is_atomic -- include: set_resolv_facts.yml +- import_tasks: set_resolv_facts.yml tags: - bootstrap-os - resolvconf diff --git a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml index f1719c55c..ca28b537f 100644 --- a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml +++ b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml @@ -1,12 +1,12 @@ --- -- include: sync_kube_master_certs.yml +- import_tasks: sync_kube_master_certs.yml when: inventory_hostname in groups['kube-master'] -- include: sync_kube_node_certs.yml +- import_tasks: sync_kube_node_certs.yml when: inventory_hostname in groups['k8s-cluster'] # Issue admin certs to kube-master hosts -- include: ../../../vault/tasks/shared/issue_cert.yml +- include_tasks: ../../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "admin" issue_cert_copy_ca: "{{ item == kube_admin_certs_needed|first }}" @@ -37,7 +37,7 @@ run_once: true # Issue master components certs to kube-master hosts -- include: ../../../vault/tasks/shared/issue_cert.yml +- include_tasks: ../../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "kubernetes" issue_cert_alt_names: "{{ kube_cert_alt_names }}" @@ -63,7 +63,7 @@ notify: set secret_changed # Issue node certs to k8s-cluster nodes -- include: ../../../vault/tasks/shared/issue_cert.yml +- include_tasks: ../../../vault/tasks/shared/issue_cert.yml vars: # Need to strip out the 'node-' prefix from the cert name so it can be used # with the node authorization plugin ( CN matches kubelet node name ) @@ -80,7 +80,7 @@ when: inventory_hostname in groups['k8s-cluster'] # Issue proxy certs to k8s-cluster nodes -- include: ../../../vault/tasks/shared/issue_cert.yml +- include_tasks: ../../../vault/tasks/shared/issue_cert.yml vars: issue_cert_common_name: "system:kube-proxy" issue_cert_copy_ca: "{{ item == kube_proxy_certs_needed|first }}" diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml index 79bea81f2..5d20a755a 100644 --- a/roles/kubernetes/secrets/tasks/main.yml +++ b/roles/kubernetes/secrets/tasks/main.yml @@ -1,10 +1,10 @@ --- -- include: check-certs.yml +- import_tasks: check-certs.yml tags: - k8s-secrets - facts -- include: check-tokens.yml +- import_tasks: check-tokens.yml tags: - k8s-secrets - facts @@ -69,11 +69,11 @@ delegate_to: "{{groups['kube-master'][0]}}" when: gen_tokens|default(false) -- include: "gen_certs_{{ cert_management }}.yml" +- include_tasks: "gen_certs_{{ cert_management }}.yml" tags: - k8s-secrets -- include: upd_ca_trust.yml +- import_tasks: upd_ca_trust.yml tags: - k8s-secrets @@ -111,6 +111,6 @@ kube_proxy_cert_serial: "{{ node_certificate_serials.results[1].stdout|default() }}" when: inventory_hostname in groups['k8s-cluster'] -- include: gen_tokens.yml +- import_tasks: gen_tokens.yml tags: - k8s-secrets diff --git a/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml index 70edb0a80..d54bf2b67 100644 --- a/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml +++ b/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml @@ -4,7 +4,7 @@ set_fact: kube_admin_cert_list: "{{ kube_admin_cert_list|d([]) + ['admin-' + inventory_hostname + '.pem'] }}" -- include: ../../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" @@ -24,7 +24,7 @@ set_fact: sync_file_results: [] -- include: ../../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" @@ -44,7 +44,7 @@ set_fact: sync_file_results: [] -- include: ../../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: ca.pem sync_file_dir: "{{ kube_cert_dir }}" diff --git a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml index f89d1c612..eecb4cfdf 100644 --- a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml +++ b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml @@ -4,7 +4,7 @@ set_fact: kube_node_cert_list: "{{ kube_node_cert_list|default([]) + ['node-' + inventory_hostname + '.pem'] }}" -- include: ../../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" @@ -24,7 +24,7 @@ set_fact: sync_file_results: [] -- include: ../../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: ca.pem sync_file_dir: "{{ kube_cert_dir }}" @@ -40,7 +40,7 @@ set_fact: kube_proxy_cert_list: "{{ kube_proxy_cert_list|default([]) + ['kube-proxy-' + inventory_hostname + '.pem'] }}" -- include: ../../../vault/tasks/shared/sync_file.yml +- include_tasks: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml index 77f3b2226..29b79b11d 100644 --- a/roles/network_plugin/flannel/tasks/main.yml +++ b/roles/network_plugin/flannel/tasks/main.yml @@ -1,5 +1,5 @@ --- -- include: pre-upgrade.yml +- import_tasks: pre-upgrade.yml - name: Flannel | Create Flannel manifests template: @@ -11,4 +11,4 @@ register: flannel_node_manifests when: - inventory_hostname in groups['kube-master'] - - rbac_enabled or item.type not in rbac_resources \ No newline at end of file + - rbac_enabled or item.type not in rbac_resources diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml index 30c209f8b..738dddd15 100644 --- a/roles/network_plugin/weave/tasks/main.yml +++ b/roles/network_plugin/weave/tasks/main.yml @@ -1,5 +1,5 @@ --- -- include: seed.yml +- import_tasks: seed.yml when: weave_mode_seed - name: Weave | Copy cni plugins from hyperkube diff --git a/roles/rkt/tasks/main.yml b/roles/rkt/tasks/main.yml index 9d87123bb..ab9571b13 100644 --- a/roles/rkt/tasks/main.yml +++ b/roles/rkt/tasks/main.yml @@ -1,4 +1,4 @@ --- - name: Install rkt - include: install.yml + import_tasks: install.yml diff --git a/roles/vault/tasks/bootstrap/create_mounts.yml b/roles/vault/tasks/bootstrap/create_mounts.yml index 0010c35c5..0c82990e6 100644 --- a/roles/vault/tasks/bootstrap/create_mounts.yml +++ b/roles/vault/tasks/bootstrap/create_mounts.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/create_mount.yml +- include_tasks: ../shared/create_mount.yml vars: create_mount_path: "{{ item.name }}" create_mount_default_lease_ttl: "{{ item.default_lease_ttl }}" diff --git a/roles/vault/tasks/bootstrap/create_roles.yml b/roles/vault/tasks/bootstrap/create_roles.yml index 11411d236..8b252aaf5 100644 --- a/roles/vault/tasks/bootstrap/create_roles.yml +++ b/roles/vault/tasks/bootstrap/create_roles.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/create_role.yml +- include_tasks: ../shared/create_role.yml vars: create_role_name: "{{ item.name }}" create_role_group: "{{ item.group }}" diff --git a/roles/vault/tasks/bootstrap/gen_vault_certs.yml b/roles/vault/tasks/bootstrap/gen_vault_certs.yml index b13692855..f982986cb 100644 --- a/roles/vault/tasks/bootstrap/gen_vault_certs.yml +++ b/roles/vault/tasks/bootstrap/gen_vault_certs.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/issue_cert.yml +- import_tasks: ../shared/issue_cert.yml vars: issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}" issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + (vault_ca_options['vault']['alt_names'].split(','))|default() }}" diff --git a/roles/vault/tasks/bootstrap/main.yml b/roles/vault/tasks/bootstrap/main.yml index b87954ca7..fdecbdd2a 100644 --- a/roles/vault/tasks/bootstrap/main.yml +++ b/roles/vault/tasks/bootstrap/main.yml @@ -1,20 +1,20 @@ --- -- include: ../shared/check_vault.yml +- import_tasks: ../shared/check_vault.yml when: inventory_hostname in groups.vault -- include: sync_secrets.yml +- import_tasks: sync_secrets.yml when: inventory_hostname in groups.vault -- include: ../shared/find_leader.yml +- import_tasks: ../shared/find_leader.yml when: inventory_hostname in groups.vault and vault_cluster_is_initialized -- include: sync_vault_certs.yml +- import_tasks: sync_vault_certs.yml when: inventory_hostname in groups.vault -- include: sync_etcd_certs.yml +- import_tasks: sync_etcd_certs.yml when: inventory_hostname in groups.etcd -- include: start_vault_temp.yml +- import_tasks: start_vault_temp.yml when: inventory_hostname == groups.vault|first and not vault_cluster_is_initialized - name: vault | Set fact about vault leader url @@ -22,17 +22,17 @@ vault_leader_url: "{{ hostvars[groups.vault|first]['vault_leader_url'] }}" when: not vault_cluster_is_initialized -- include: create_mounts.yml +- import_tasks: create_mounts.yml when: inventory_hostname == groups.vault|first -- include: ../shared/auth_backend.yml +- include_tasks: ../shared/auth_backend.yml vars: auth_backend_description: A Username/Password Auth Backend primarily used for services needing to issue certificates auth_backend_path: userpass auth_backend_type: userpass when: inventory_hostname == groups.vault|first -- include: create_roles.yml +- include_tasks: create_roles.yml with_items: - "{{ vault_pki_mounts.vault }}" - "{{ vault_pki_mounts.etcd }}" @@ -40,7 +40,7 @@ loop_var: mount when: inventory_hostname in groups.vault -- include: ../shared/gen_ca.yml +- include_tasks: ../shared/gen_ca.yml vars: gen_ca_cert_dir: "{{ vault_pki_mounts.vault.cert_dir }}" gen_ca_mount_path: "{{ vault_pki_mounts.vault.name }}" @@ -51,7 +51,7 @@ and not vault_cluster_is_initialized and vault_ca_cert_needed -- include: ../shared/gen_ca.yml +- include_tasks: ../shared/gen_ca.yml vars: gen_ca_cert_dir: "{{ vault_pki_mounts.etcd.cert_dir }}" gen_ca_mount_path: "{{ vault_pki_mounts.etcd.name }}" @@ -59,7 +59,7 @@ gen_ca_vault_options: "{{ vault_ca_options.etcd }}" when: inventory_hostname in groups.etcd and vault_etcd_ca_cert_needed -- include: gen_vault_certs.yml +- import_tasks: gen_vault_certs.yml when: inventory_hostname in groups.vault and vault_api_cert_needed -- include: ca_trust.yml +- import_tasks: ca_trust.yml diff --git a/roles/vault/tasks/bootstrap/sync_etcd_certs.yml b/roles/vault/tasks/bootstrap/sync_etcd_certs.yml index 599b3cd47..f29b65022 100644 --- a/roles/vault/tasks/bootstrap/sync_etcd_certs.yml +++ b/roles/vault/tasks/bootstrap/sync_etcd_certs.yml @@ -1,6 +1,6 @@ --- -- include: ../shared/sync_file.yml +- include_tasks: ../shared/sync_file.yml vars: sync_file: "ca.pem" sync_file_dir: "{{ vault_etcd_cert_dir }}" diff --git a/roles/vault/tasks/bootstrap/sync_secrets.yml b/roles/vault/tasks/bootstrap/sync_secrets.yml index 3b5af775a..cbbb581a7 100644 --- a/roles/vault/tasks/bootstrap/sync_secrets.yml +++ b/roles/vault/tasks/bootstrap/sync_secrets.yml @@ -1,6 +1,6 @@ --- -- include: ../shared/sync_file.yml +- include_tasks: ../shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ vault_secrets_dir }}" diff --git a/roles/vault/tasks/bootstrap/sync_vault_certs.yml b/roles/vault/tasks/bootstrap/sync_vault_certs.yml index 9e6eff05c..cb35ff66c 100644 --- a/roles/vault/tasks/bootstrap/sync_vault_certs.yml +++ b/roles/vault/tasks/bootstrap/sync_vault_certs.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/sync_file.yml +- include_tasks: ../shared/sync_file.yml vars: sync_file: "ca.pem" sync_file_dir: "{{ vault_cert_dir }}" @@ -14,7 +14,7 @@ set_fact: sync_file_results: [] -- include: ../shared/sync_file.yml +- include_tasks: ../shared/sync_file.yml vars: sync_file: "api.pem" sync_file_dir: "{{ vault_cert_dir }}" diff --git a/roles/vault/tasks/cluster/create_mounts.yml b/roles/vault/tasks/cluster/create_mounts.yml index d64fa0bae..c6e075698 100644 --- a/roles/vault/tasks/cluster/create_mounts.yml +++ b/roles/vault/tasks/cluster/create_mounts.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/create_mount.yml +- include_tasks: ../shared/create_mount.yml vars: create_mount_path: "{{ item.name }}" create_mount_default_lease_ttl: "{{ item.default_lease_ttl }}" diff --git a/roles/vault/tasks/cluster/create_roles.yml b/roles/vault/tasks/cluster/create_roles.yml index 468229fd4..7b9d0b4f7 100644 --- a/roles/vault/tasks/cluster/create_roles.yml +++ b/roles/vault/tasks/cluster/create_roles.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/create_role.yml +- include_tasks: ../shared/create_role.yml vars: create_role_name: "{{ item.name }}" create_role_group: "{{ item.group }}" diff --git a/roles/vault/tasks/cluster/main.yml b/roles/vault/tasks/cluster/main.yml index 94af5e5dc..d904c2398 100644 --- a/roles/vault/tasks/cluster/main.yml +++ b/roles/vault/tasks/cluster/main.yml @@ -1,32 +1,32 @@ --- -- include: ../shared/check_vault.yml +- import_tasks: ../shared/check_vault.yml when: inventory_hostname in groups.vault -- include: ../shared/check_etcd.yml +- import_tasks: ../shared/check_etcd.yml when: inventory_hostname in groups.vault -- include: configure.yml +- import_tasks: configure.yml when: inventory_hostname in groups.vault -- include: binary.yml +- import_tasks: binary.yml when: inventory_hostname in groups.vault and vault_deployment_type == "host" -- include: systemd.yml +- import_tasks: systemd.yml when: inventory_hostname in groups.vault -- include: init.yml +- import_tasks: init.yml when: inventory_hostname in groups.vault -- include: unseal.yml +- import_tasks: unseal.yml when: inventory_hostname in groups.vault -- include: ../shared/find_leader.yml +- import_tasks: ../shared/find_leader.yml when: inventory_hostname in groups.vault -- include: create_mounts.yml +- import_tasks: create_mounts.yml when: inventory_hostname == groups.vault|first -- include: ../shared/gen_ca.yml +- include_tasks: ../shared/gen_ca.yml vars: gen_ca_cert_dir: "{{ vault_pki_mounts.kube.cert_dir }}" gen_ca_mount_path: "{{ vault_pki_mounts.kube.name }}" @@ -34,14 +34,14 @@ gen_ca_vault_options: "{{ vault_ca_options.kube }}" when: inventory_hostname in groups.vault -- include: ../shared/auth_backend.yml +- include_tasks: ../shared/auth_backend.yml vars: auth_backend_description: A Username/Password Auth Backend primarily used for services needing to issue certificates auth_backend_path: userpass auth_backend_type: userpass when: inventory_hostname == groups.vault|first -- include: create_roles.yml +- include_tasks: create_roles.yml with_items: - "{{ vault_pki_mounts.vault }}" - "{{ vault_pki_mounts.etcd }}" diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml index 4aef875ce..7a10def8a 100644 --- a/roles/vault/tasks/main.yml +++ b/roles/vault/tasks/main.yml @@ -11,9 +11,9 @@ # used during step 1, allowing all certs to have the same chain of trust. ## Bootstrap -- include: bootstrap/main.yml +- include_tasks: bootstrap/main.yml when: cert_management == 'vault' and vault_bootstrap | d() ## Cluster -- include: cluster/main.yml +- include_tasks: cluster/main.yml when: cert_management == 'vault' and not vault_bootstrap | d() diff --git a/roles/vault/tasks/shared/cert_auth_mount.yml b/roles/vault/tasks/shared/cert_auth_mount.yml index 6ba303d3b..d9af9c310 100644 --- a/roles/vault/tasks/shared/cert_auth_mount.yml +++ b/roles/vault/tasks/shared/cert_auth_mount.yml @@ -1,6 +1,6 @@ --- -- include: ../shared/pki_mount.yml +- include_tasks: ../shared/pki_mount.yml vars: pki_mount_path: auth-pki pki_mount_options: diff --git a/roles/vault/tasks/shared/create_mount.yml b/roles/vault/tasks/shared/create_mount.yml index 0b12dce24..43e772ac0 100644 --- a/roles/vault/tasks/shared/create_mount.yml +++ b/roles/vault/tasks/shared/create_mount.yml @@ -1,5 +1,5 @@ --- -- include: ../shared/pki_mount.yml +- include_tasks: ../shared/pki_mount.yml vars: pki_mount_path: "{{ create_mount_path }}" pki_mount_options: @@ -8,7 +8,7 @@ max_lease_ttl: "{{ create_mount_max_lease_ttl }}" description: "{{ create_mount_description }}" -- include: ../shared/config_ca.yml +- include_tasks: ../shared/config_ca.yml vars: config_ca_ca_pem: "{{ create_mount_cert_dir }}/ca.pem" config_ca_ca_key: "{{ create_mount_cert_dir }}/ca-key.pem" diff --git a/roles/vault/tasks/shared/create_role.yml b/roles/vault/tasks/shared/create_role.yml index d76e73f13..4d1915a54 100644 --- a/roles/vault/tasks/shared/create_role.yml +++ b/roles/vault/tasks/shared/create_role.yml @@ -40,7 +40,7 @@ ## Userpass based auth method -- include: gen_userpass.yml +- include_tasks: gen_userpass.yml vars: gen_userpass_password: "{{ create_role_password }}" gen_userpass_policies: "{{ create_role_name }}" diff --git a/roles/vault/tasks/shared/sync_auth_certs.yml b/roles/vault/tasks/shared/sync_auth_certs.yml index 7bd9c4b49..8cae81588 100644 --- a/roles/vault/tasks/shared/sync_auth_certs.yml +++ b/roles/vault/tasks/shared/sync_auth_certs.yml @@ -1,6 +1,6 @@ --- -- include: sync_file.yml +- include_tasks: sync_file.yml vars: sync_file: "auth-ca.pem" sync_file_dir: "{{ vault_cert_dir }}" diff --git a/roles/vault/tasks/shared/sync_file.yml b/roles/vault/tasks/shared/sync_file.yml index 8a112a84a..2abef1c5a 100644 --- a/roles/vault/tasks/shared/sync_file.yml +++ b/roles/vault/tasks/shared/sync_file.yml @@ -80,7 +80,7 @@ set_fact: sync_file_results: "{{ sync_file_results|default([]) + [sync_file_result] }}" -- include: sync.yml +- include_tasks: sync.yml when: not (sync_file_no_srcs or sync_file_unneeded) - name: "Unset local vars to avoid variable bleed into next iteration"