Move to Ansible 3.4.0 (#7672)

* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
2026-02-19 20:20:10 -03:30 · 2021-07-12 10:00:47 +03:00
parent b0e4c375a7
commit 7516fe142f
103 changed files with 298 additions and 129 deletions
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -18,6 +18,7 @@
    src: "kubelet.env.{{ kubeletConfig_api_version }}.j2"
    dest: "{{ kube_config_dir }}/kubelet.env"
    backup: yes
+    mode: 0640
  notify: Node | restart kubelet
  tags:
    - kubelet
@@ -27,6 +28,7 @@
  template:
    src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2"
    dest: "{{ kube_config_dir }}/kubelet-config.yaml"
+    mode: 0640
  notify: Kubelet | restart kubelet
  tags:
    - kubelet
@@ -37,6 +39,7 @@
    src: "kubelet.service.j2"
    dest: "/etc/systemd/system/kubelet.service"
    backup: "yes"
+    mode: 0644
  notify: Node | restart kubelet
  tags:
    - kubelet
--- a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
@@ -31,3 +31,4 @@
  template:
    src: manifests/haproxy.manifest.j2
    dest: "{{ kube_manifest_dir }}/haproxy.yml"
+    mode: 0640
--- a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
@@ -31,3 +31,4 @@
  template:
    src: manifests/nginx-proxy.manifest.j2
    dest: "{{ kube_manifest_dir }}/nginx-proxy.yml"
+    mode: 0640
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -57,6 +57,7 @@
  file:
    path: /etc/modules-load.d
    state: directory
+    mode: 0755

 - name: Enable br_netfilter module
  modprobe:
@@ -68,6 +69,7 @@
  copy:
    dest: /etc/modules-load.d/kubespray-br_netfilter.conf
    content: br_netfilter
+    mode: 0644
  when: modinfo_br_netfilter.rc == 0

 # kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module
@@ -108,7 +110,7 @@
    name: nf_conntrack_ipv4
    state: present
  register: modprobe_nf_conntrack_ipv4
-  ignore_errors: yes
+  ignore_errors: true  # noqa ignore-errors
  when:
    - kube_proxy_mode == 'ipvs'
  tags:
@@ -117,6 +119,7 @@
 - name: Persist ip_vs modules
  copy:
    dest: /etc/modules-load.d/kube_proxy-ipvs.conf
+    mode: 0644
    content: |
      ip_vs
      ip_vs_rr