Upgrade ansible (#10190)

* project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2026-02-15 18:20:02 -03:30 · 2023-06-26 12:15:45 +02:00
parent 3311e0a296
commit 25cb90bc2d
81 changed files with 345 additions and 207 deletions
--- a/roles/network_plugin/calico/handlers/main.yml
+++ b/roles/network_plugin/calico/handlers/main.yml
@@ -13,14 +13,18 @@
    state: absent

 - name: Calico | delete calico-node docker containers
-  shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  args:
+    executable: /bin/bash
  register: docker_calico_node_remove
  until: docker_calico_node_remove is succeeded
  retries: 5
  when: container_manager in ["docker"]

 - name: Calico | delete calico-node crio/containerd containers
-  shell: '{{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
+  shell: 'set -o pipefail && {{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
+  args:
+    executable: /bin/bash
  register: crictl_calico_node_remove
  until: crictl_calico_node_remove is succeeded
  retries: 5
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -1,6 +1,6 @@
 ---
 - name: Cilium | Ensure BPFFS mounted
-  mount:
+  ansible.posix.mount:
    fstype: bpf
    path: /sys/fs/bpf
    src: bpffs
--- a/roles/network_plugin/kube-router/handlers/main.yml
+++ b/roles/network_plugin/kube-router/handlers/main.yml
@@ -6,14 +6,18 @@
    - Kube-router | delete kube-router crio/containerd containers

 - name: Kube-router | delete kube-router docker containers
-  shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f"
+  args:
+    executable: /bin/bash
  register: docker_kube_router_remove
  until: docker_kube_router_remove is succeeded
  retries: 5
  when: container_manager in ["docker"]

 - name: Kube-router | delete kube-router crio/containerd containers
-  shell: '{{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
+  shell: 'set -o pipefail && {{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
+  args:
+    executable: /bin/bash
  register: crictl_kube_router_remove
  until: crictl_kube_router_remove is succeeded
  retries: 5
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: kube-router | Create annotations
-  include: annotate.yml
+  import_tasks: annotate.yml
  tags: annotate

 - name: kube-router | Create config directory
--- a/roles/network_plugin/macvlan/tasks/main.yml
+++ b/roles/network_plugin/macvlan/tasks/main.yml
@@ -7,7 +7,7 @@

 - name: Macvlan | set node_pod_cidr
  set_fact:
-    node_pod_cidr={{ node_pod_cidr_cmd.stdout }}
+    node_pod_cidr: "{{ node_pod_cidr_cmd.stdout }}"

 - name: Macvlan | Retrieve default gateway network interface
  become: false
@@ -17,7 +17,7 @@

 - name: Macvlan | set node_default_gateway_interface
  set_fact:
-    node_default_gateway_interface={{ node_default_gateway_interface_cmd.stdout | trim }}
+    node_default_gateway_interface: "{{ node_default_gateway_interface_cmd.stdout | trim }}"

 - name: Macvlan | Install network gateway interface on debian
  template:
@@ -101,7 +101,7 @@
    mode: 0644

 - name: Enable net.ipv4.conf.all.arp_notify in sysctl
-  sysctl:
+  ansible.posix.sysctl:
    name: net.ipv4.conf.all.arp_notify
    value: 1
    sysctl_set: yes
--- a/roles/network_plugin/multus/tasks/main.yml
+++ b/roles/network_plugin/multus/tasks/main.yml
@@ -20,6 +20,7 @@
  template:
    src: multus-daemonset.yml.j2
    dest: "{{ kube_config_dir }}/{{ item.file }}"
+    mode: 0644
  with_items:
    - {name: multus-daemonset-containerd, file: multus-daemonset-containerd.yml, type: daemonset, engine: containerd }
    - {name: multus-daemonset-docker, file: multus-daemonset-docker.yml, type: daemonset, engine: docker }