Upgrade ansible (#10190)

* project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2026-02-21 13:10:19 -03:30 · 2023-06-26 12:15:45 +02:00
parent 3311e0a296
commit 25cb90bc2d
81 changed files with 345 additions and 207 deletions
--- a/roles/kubernetes/node/tasks/facts.yml
+++ b/roles/kubernetes/node/tasks/facts.yml
@@ -1,7 +1,9 @@
 ---
 - block:
  - name: look up docker cgroup driver
-    shell: "docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
+    shell: "set -o pipefail && docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
+    args:
+      executable: /bin/bash
    register: docker_cgroup_driver_result
    changed_when: false
    check_mode: no
@@ -13,7 +15,9 @@

 - block:
  - name: look up crio cgroup driver
-    shell: "{{ bin_dir }}/crio-status info | grep 'cgroup driver' | awk -F': ' '{ print $2; }'"
+    shell: "set -o pipefail && {{ bin_dir }}/crio-status info | grep 'cgroup driver' | awk -F': ' '{ print $2; }'"
+    args:
+      executable: /bin/bash
    register: crio_cgroup_driver_result
    changed_when: false

@@ -40,7 +44,6 @@
  when: kubelet_cgroup_driver == 'cgroupfs'

 - name: set kubelet_config_extra_args options when cgroupfs is used
-  vars:
  set_fact:
    kubelet_config_extra_args: "{{ kubelet_config_extra_args | combine(kubelet_config_extra_args_cgroupfs) }}"
  when: kubelet_cgroup_driver == 'cgroupfs'
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -41,7 +41,7 @@
    - haproxy

 - name: Ensure nodePort range is reserved
-  sysctl:
+  ansible.posix.sysctl:
    name: net.ipv4.ip_local_reserved_ports
    value: "{{ kube_apiserver_node_port_range }}"
    sysctl_set: yes
@@ -68,7 +68,7 @@
    mode: 0755

 - name: Enable br_netfilter module
-  modprobe:
+  community.general.modprobe:
    name: br_netfilter
    state: present
  when: modinfo_br_netfilter.rc == 0
@@ -89,7 +89,7 @@
  register: sysctl_bridge_nf_call_iptables

 - name: Enable bridge-nf-call tables
-  sysctl:
+  ansible.posix.sysctl:
    name: "{{ item }}"
    state: present
    sysctl_file: "{{ sysctl_file_path }}"
@@ -102,7 +102,7 @@
    - net.bridge.bridge-nf-call-ip6tables

 - name: Modprobe Kernel Module for IPVS
-  modprobe:
+  community.general.modprobe:
    name: "{{ item }}"
    state: present
  with_items:
@@ -115,7 +115,7 @@
    - kube-proxy

 - name: Modprobe nf_conntrack_ipv4
-  modprobe:
+  community.general.modprobe:
    name: nf_conntrack_ipv4
    state: present
  register: modprobe_nf_conntrack_ipv4