Replace injected Ansible fact variables with ansible_facts in preinstall role (#13232)

2026-05-14 21:07:42 -02:30 · 2026-05-14 16:08:30 +05:30
parent 22ce2f799f
commit 2ed677ce86
9 changed files with 41 additions and 38 deletions
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -104,7 +104,7 @@ redhat_os_family_extensions:
  - "UniontechOS"

 # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use"
-systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}"
+systemd_resolved_disable_stub_listener: "{{ ansible_facts['os_family'] in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}"

 # Used to disable File Access Policy Daemon service.
 # If service is enabled, the CNI plugin installation will fail
--- a/roles/kubernetes/preinstall/handlers/main.yml
+++ b/roles/kubernetes/preinstall/handlers/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Preinstall | apply resolvconf cloud-init
  command: /usr/bin/coreos-cloudinit --from-file {{ resolveconf_cloud_init_conf }}
-  when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+  when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
  listen: Preinstall | propagate resolvconf to k8s components

 - name: Preinstall | reload NetworkManager
--- a/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-set_facts.yml
@@ -1,9 +1,12 @@
 ---
- name: Set os_family fact for other redhat-based operating systems
+- name: Normalize ansible_facts for redhat-family extensions
  set_fact:
-    ansible_os_family: "RedHat"
-    ansible_distribution_major_version: "8"
-  when: ansible_distribution in redhat_os_family_extensions
+    ansible_facts: >-
+      {{ ansible_facts | combine({
+           'os_family': 'RedHat',
+           'distribution_major_version': '8'
+         }) }}
+  when: ansible_facts['distribution'] in redhat_os_family_extensions
  tags:
    - facts

@@ -86,12 +89,12 @@
      {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
    head: >-
      {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
-  when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
+  when: ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos

 - name: Target temporary resolvconf cloud init file (Flatcar Container Linux by Kinvolk / Fedora CoreOS)
  set_fact:
    resolvconffile: /tmp/resolveconf_cloud_init_conf
-  when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos
+  when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"] or is_fedora_coreos

 - name: Check if /etc/dhclient.conf exists
  stat:
@@ -122,12 +125,12 @@
 - name: Target dhclient hook file for Red Hat family
  set_fact:
    dhclienthookfile: /etc/dhcp/dhclient.d/zdnsupdate.sh
-  when: ansible_os_family == "RedHat"
+  when: ansible_facts['os_family'] == "RedHat"

 - name: Target dhclient hook file for Debian family
  set_fact:
    dhclienthookfile: /etc/dhcp/dhclient-exit-hooks.d/zdnsupdate
-  when: ansible_os_family == "Debian"
+  when: ansible_facts['os_family'] == "Debian"

 - name: Set etcd vars if using kubeadm mode
  set_fact:
--- a/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml
@@ -15,25 +15,25 @@
    - not ignore_assert_errors
 - name: Stop if non systemd OS type
  assert:
-    that: ansible_service_mgr == "systemd"
+    that: ansible_facts['service_mgr'] == "systemd"
  when: not ignore_assert_errors

 - name: Stop if the os does not support
  assert:
-    that: (allow_unsupported_distribution_setup | default(false)) or ansible_distribution in supported_os_distributions
-    msg: "{{ ansible_distribution }} is not a known OS"
+    that: (allow_unsupported_distribution_setup | default(false)) or ansible_facts['distribution'] in supported_os_distributions
+    msg: "{{ ansible_facts['distribution'] }} is not a known OS"
  when: not ignore_assert_errors

 - name: Stop if memory is too small for control plane nodes
  assert:
-    that: ansible_memtotal_mb >= minimal_master_memory_mb
+    that: ansible_facts['memtotal_mb'] >= minimal_master_memory_mb
  when:
    - not ignore_assert_errors
    - ('kube_control_plane' in group_names)

 - name: Stop if memory is too small for nodes
  assert:
-    that: ansible_memtotal_mb >= minimal_node_memory_mb
+    that: ansible_facts['memtotal_mb'] >= minimal_node_memory_mb
  when:
    - not ignore_assert_errors
    - ('kube_node' in group_names)
@@ -47,8 +47,8 @@

 - name: Stop if ip var does not match local ips
  assert:
-    that: (ip in ansible_all_ipv4_addresses) or (ip in ansible_all_ipv6_addresses)
-    msg: "IPv4: '{{ ansible_all_ipv4_addresses }}' and IPv6: '{{ ansible_all_ipv6_addresses }}' do not contain '{{ ip }}'"
+    that: (ip in ansible_facts['all_ipv4_addresses']) or (ip in ansible_facts['all_ipv6_addresses'])
+    msg: "IPv4: '{{ ansible_facts['all_ipv4_addresses'] }}' and IPv6: '{{ ansible_facts['all_ipv6_addresses'] }}' do not contain '{{ ip }}'"
  when:
    - not ignore_assert_errors
    - ip is defined
@@ -63,14 +63,14 @@

 - name: Stop if kernel version is too low for cilium
  assert:
-    that: ansible_kernel.split('-')[0] is version('4.9.17', '>=')
+    that: ansible_facts['kernel'].split('-')[0] is version('4.9.17', '>=')
  when:
    - kube_network_plugin == 'cilium' or cilium_deploy_additionally
    - not ignore_assert_errors

 - name: Stop if kernel version is too low for nftables
  assert:
-    that: ansible_kernel.split('-')[0] is version('5.13', '>=')
+    that: ansible_facts['kernel'].split('-')[0] is version('5.13', '>=')
  when:
    - kube_proxy_mode == 'nftables'
    - not kube_proxy_remove
@@ -93,6 +93,6 @@

 - name: Stop if download_localhost is enabled for Flatcar Container Linux
  assert:
-    that: ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+    that: ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
    msg: "download_run_once not supported for Flatcar Container Linux"
  when: download_run_once or download_force_cache
--- a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
+++ b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
@@ -1,7 +1,7 @@
 ---
 - name: Create temporary resolveconf cloud init file
  command: cp -f /etc/resolv.conf "{{ resolvconffile }}"
-  when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+  when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"]

 - name: Add domain/search/nameservers/options to resolv.conf
  blockinfile:
@@ -45,7 +45,7 @@
 - name: Get temporary resolveconf cloud init file content
  command: cat {{ resolvconffile }}
  register: cloud_config
-  when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+  when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"]

 - name: Persist resolvconf cloud init file
  template:
@@ -54,4 +54,4 @@
    owner: root
    mode: "0644"
  notify: Preinstall | propagate resolvconf to k8s components
-  when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+  when: ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -7,8 +7,8 @@
    get_checksum: false
    get_mime: false
  when:
-    - ansible_os_family == "RedHat"
-    - "'Amazon' not in ansible_distribution"
+    - ansible_facts['os_family'] == "RedHat"
+    - "'Amazon' not in ansible_facts['distribution']"
  register: slc

 - name: Set selinux policy
@@ -16,8 +16,8 @@
    policy: targeted
    state: "{{ preinstall_selinux_state }}"
  when:
-    - ansible_os_family == "RedHat"
-    - "'Amazon' not in ansible_distribution"
+    - ansible_facts['os_family'] == "RedHat"
+    - "'Amazon' not in ansible_facts['distribution']"
    - slc.stat.exists
  tags:
    - bootstrap_os
@@ -32,7 +32,7 @@
    mode: "0644"
  when:
    - disable_ipv6_dns
-    - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+    - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
  tags:
    - bootstrap_os

--- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
@@ -15,7 +15,7 @@
      /etc/ntp.conf
      {%- elif ntp_package == "ntpsec" -%}
      /etc/ntpsec/ntp.conf
-      {%- elif ansible_os_family in ['RedHat', 'Suse'] -%}
+      {%- elif ansible_facts['os_family'] in ['RedHat', 'Suse'] -%}
      /etc/chrony.conf
      {%- else -%}
      /etc/chrony/chrony.conf
@@ -24,7 +24,7 @@
    ntp_service_name: >-
      {% if ntp_package == "chrony" -%}
      chronyd
-      {%- elif ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse"] -%}
+      {%- elif ansible_facts['os_family'] in ["Flatcar", "Flatcar Container Linux by Kinvolk", "RedHat", "Suse"] -%}
      ntpd
      {%- else -%}
      ntp
@@ -72,14 +72,14 @@
  when:
    - ntp_timezone
    - not is_fedora_coreos
-    - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+    - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]

 - name: Gather selinux facts
  ansible.builtin.setup:
    gather_subset: selinux
  when:
    - ntp_timezone
-    - ansible_os_family == "RedHat"
+    - ansible_facts['os_family'] == "RedHat"

 - name: Put SELinux in permissive mode, logging actions that would be blocked.
  ansible.posix.selinux:
@@ -87,7 +87,7 @@
    state: permissive
  when:
    - ntp_timezone
-    - ansible_os_family == "RedHat"
+    - ansible_facts['os_family'] == "RedHat"
    - ansible_facts.selinux.status == 'enabled'
    - ansible_facts.selinux.mode == 'enforcing'

@@ -103,5 +103,5 @@
    state: "{{ preinstall_selinux_state }}"
  when:
    - ntp_timezone
-    - ansible_os_family == "RedHat"
+    - ansible_facts['os_family'] == "RedHat"
    - ansible_facts.selinux.status == 'enabled'
--- a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
+++ b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
@@ -26,7 +26,7 @@
    owner: root
    mode: "0755"
  notify: Preinstall | propagate resolvconf to k8s components
-  when: ansible_os_family not in [ "RedHat", "Suse" ]
+  when: ansible_facts['os_family'] not in [ "RedHat", "Suse" ]

 - name: Configure dhclient hooks for resolv.conf (RH-only)
  template:
@@ -35,4 +35,4 @@
    owner: root
    mode: "0755"
  notify: Preinstall | propagate resolvconf to k8s components
-  when: ansible_os_family == "RedHat"
+  when: ansible_facts['os_family'] == "RedHat"
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -83,7 +83,7 @@
    - dns_mode != 'none'
    - resolvconf_mode == 'host_resolvconf'
    - dhclientconffile is defined
-    - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+    - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
  tags:
    - bootstrap_os
    - resolvconf
@@ -94,7 +94,7 @@
    - dns_mode != 'none'
    - resolvconf_mode != 'host_resolvconf'
    - dhclientconffile is defined
-    - not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
+    - ansible_facts['os_family'] not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
  tags:
    - bootstrap_os
    - resolvconf