Move to Ansible 3.4.0 (#7672)

* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10

* Docs: add a note about ansible upgrade post 2.9.x

* CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures

* Ansible: use newer ansible-lint

* Fix ansible-lint 5.0.11 found issues

* syntax issues
* risky-file-permissions
* var-naming
* role-name
* molecule tests

* Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+

* Pin ansible-base to 2.10.11 to get package fix on RHEL8

roles/kubernetes/preinstall/tasks/0010-swapoff.yml

@@ -16,4 +16,4 @@
 - name: Disable swap
   command: /sbin/swapoff -a
   when: swapon.stdout
-  ignore_errors: "{{ ansible_check_mode }}"
+  ignore_errors: "{{ ansible_check_mode }}"  # noqa ignore-errors

roles/kubernetes/preinstall/tasks/0050-create_directories.yml

@@ -4,6 +4,7 @@
     path: "{{ item }}"
     state: directory
     owner: kube
+    mode: 0755
   when: inventory_hostname in groups['k8s_cluster']
   become: true
   tags:
@@ -28,6 +29,7 @@
     path: "{{ item }}"
     state: directory
     owner: root
+    mode: 0755
   when: inventory_hostname in groups['k8s_cluster']
   become: true
   tags:
@@ -59,6 +61,7 @@
     src: "{{ kube_cert_dir }}"
     dest: "{{ kube_cert_compat_dir }}"
     state: link
+    mode: 0755
   when:
     - inventory_hostname in groups['k8s_cluster']
     - kube_cert_dir != kube_cert_compat_dir
@@ -69,6 +72,7 @@
     path: "{{ item }}"
     state: directory
     owner: kube
+    mode: 0755
   with_items:
     - "/etc/cni/net.d"
     - "/opt/cni/bin"

roles/kubernetes/preinstall/tasks/0060-resolvconf.yml

@@ -18,6 +18,7 @@
     create: yes
     backup: yes
     marker: "# Ansible entries {mark}"
+    mode: 0644
   notify: Preinstall | propagate resolvconf to k8s components
 
 - name: Remove search/domain/nameserver options before block

roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml

@@ -19,6 +19,7 @@
       [keyfile]
       unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico
     dest: /etc/NetworkManager/conf.d/calico.conf
+    mode: 0644
   when:
     - nm_check.rc == 0
     - kube_network_plugin == "calico"
@@ -32,5 +33,6 @@
       [keyfile]
       unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
     dest: /etc/NetworkManager/conf.d/k8s.conf
+    mode: 0644
   when: nm_check.rc == 0
   notify: Preinstall | reload NetworkManager

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -30,6 +30,7 @@
     state: present
     create: yes
     backup: yes
+    mode: 0644
   when:
     - disable_ipv6_dns
     - not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]
@@ -59,6 +60,7 @@
   file:
     name: "{{ sysctl_file_path | dirname }}"
     state: directory
+    mode: 0755
 
 - name: Enable ip forwarding
   sysctl:

roles/kubernetes/preinstall/tasks/0090-etchosts.yml

@@ -22,6 +22,7 @@
     backup: yes
     unsafe_writes: yes
     marker: "# Ansible inventory hosts {mark}"
+    mode: 0644
   when: populate_inventory_to_hosts_file
 
 - name: Hosts | populate kubernetes loadbalancer address into hosts file

roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml

@@ -11,6 +11,7 @@
     insertbefore: BOF
     backup: yes
     marker: "# Ansible entries {mark}"
+    mode: 0644
   notify: Preinstall | propagate resolvconf to k8s components
   when: dhclientconffile is defined
 

roles/kubernetes/preinstall/tasks/main.yml

@@ -91,7 +91,8 @@
 
 # We need to make sure the network is restarted early enough so that docker can later pick up the correct system
 # nameservers and search domains
-- meta: flush_handlers
+- name: Flush handlers
+  meta: flush_handlers
 
 - name: Check if we are running inside a Azure VM
   stat: