Cleanup legacy syntax, spacing, files all to yml

Migrate older inline= syntax to pure yml syntax for module args as to be consistant with most of the rest of the tasks Cleanup some spacing in various files Rename some files named yaml to yml for consistancy
2026-03-17 00:47:32 -02:30 · 2017-02-17 16:22:34 -05:00
parent e16ebcad6e
commit ca9ea097df
45 changed files with 291 additions and 109 deletions
--- a/roles/kubernetes/master/handlers/main.yml
+++ b/roles/kubernetes/master/handlers/main.yml
@@ -22,21 +22,24 @@
    state: restarted

 - name: Master | wait for kube-scheduler
-  uri: url=http://localhost:10251/healthz
+  uri:
+    url: http://localhost:10251/healthz
  register: scheduler_result
  until: scheduler_result.status == 200
  retries: 15
  delay: 5

 - name: Master | wait for kube-controller-manager
-  uri: url=http://localhost:10252/healthz
+  uri:
+    url: http://localhost:10252/healthz
  register: controller_manager_result
  until: controller_manager_result.status == 200
  retries: 15
  delay: 5

 - name: Master | wait for the apiserver to be running
-  uri: url=http://localhost:8080/healthz
+  uri:
+    url: http://localhost:8080/healthz
  register: result
  until: result.status == 200
  retries: 10
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -36,7 +36,9 @@
 - meta: flush_handlers

 - name: copy kube system namespace manifest
-  copy: src=namespace.yml dest={{kube_config_dir}}/{{system_namespace}}-ns.yml
+  copy:
+    src: namespace.yml
+    dest: "{{kube_config_dir}}/{{system_namespace}}-ns.yml"
  run_once: yes
  when: inventory_hostname == groups['kube-master'][0]
  tags: apps
--- a/roles/kubernetes/master/tasks/pre-upgrade.yml
+++ b/roles/kubernetes/master/tasks/pre-upgrade.yml
@@ -43,7 +43,8 @@
  when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists

 - name: "Pre-upgrade | Pause while waiting for kubelet to delete kube-apiserver pod"
-  pause: seconds=20
+  pause:
+    seconds: 20
  when: (secret_changed|default(false) or etcd_secret_changed|default(false)) and kube_apiserver_manifest.stat.exists
  tags: kube-apiserver

--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -12,12 +12,18 @@
  tags: nginx

 - name: Write kubelet config file
-  template: src=kubelet.j2 dest={{ kube_config_dir }}/kubelet.env backup=yes
+  template:
+    src: kubelet.j2
+    dest: "{{ kube_config_dir }}/kubelet.env"
+    backup: yes
  notify: restart kubelet
  tags: kubelet

 - name: write the kubecfg (auth) file for kubelet
-  template: src=node-kubeconfig.yaml.j2 dest={{ kube_config_dir }}/node-kubeconfig.yaml backup=yes
+  template:
+    src: node-kubeconfig.yaml.j2
+    dest: "{{ kube_config_dir }}/node-kubeconfig.yaml"
+    backup: yes
  notify: restart kubelet
  tags: kubelet

--- a/roles/kubernetes/node/tasks/nginx-proxy.yml
+++ b/roles/kubernetes/node/tasks/nginx-proxy.yml
@@ -1,9 +1,20 @@
 ---
 - name: nginx-proxy | Write static pod
-  template: src=manifests/nginx-proxy.manifest.j2 dest={{kube_manifest_dir}}/nginx-proxy.yml
+  template:
+    src: manifests/nginx-proxy.manifest.j2
+    dest: "{{kube_manifest_dir}}/nginx-proxy.yml"

 - name: nginx-proxy | Make nginx directory
-  file: path=/etc/nginx state=directory mode=0700 owner=root
+  file:
+    path: /etc/nginx
+    state: directory
+    mode: 0700
+    owner: root

 - name: nginx-proxy | Write nginx-proxy configuration
-  template: src=nginx.conf.j2 dest="/etc/nginx/nginx.conf" owner=root mode=0755 backup=yes
+  template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/nginx.conf"
+    owner: root
+    mode: 0755
+    backup: yes
--- a/roles/kubernetes/preinstall/tasks/dhclient-hooks-undo.yml
+++ b/roles/kubernetes/preinstall/tasks/dhclient-hooks-undo.yml
@@ -14,7 +14,9 @@
  notify: Preinstall | restart network

 - name: Remove kargo specific dhclient hook
-  file: path="{{ dhclienthookfile }}" state=absent
+  file:
+    path: "{{ dhclienthookfile }}"
+    state: absent
  when: dhclienthookfile is defined
  notify: Preinstall | restart network

--- a/roles/kubernetes/preinstall/tasks/growpart-azure-centos-7.yml
+++ b/roles/kubernetes/preinstall/tasks/growpart-azure-centos-7.yml
@@ -3,7 +3,9 @@
 # Running growpart seems to be only required on Azure, as other Cloud Providers do this at boot time

 - name: install growpart
-  package: name=cloud-utils-growpart state=latest
+  package:
+    name: cloud-utils-growpart
+    state: latest

 - name: check if growpart needs to be run
  command: growpart -N /dev/sda 1
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -88,12 +88,18 @@
  tags: [network, calico, weave, canal, bootstrap-os]

 - name: Update package management cache (YUM)
-  yum: update_cache=yes name='*'
+  yum:
+    update_cache: yes
+    name: '*'
  when: ansible_pkg_mgr == 'yum'
  tags: bootstrap-os

 - name: Install latest version of python-apt for Debian distribs
-  apt: name=python-apt state=latest update_cache=yes cache_valid_time=3600
+  apt:
+    name: python-apt
+    state: latest
+    update_cache: yes
+    cache_valid_time: 3600
  when: ansible_os_family == "Debian"
  tags: bootstrap-os

@@ -126,7 +132,9 @@

 # Todo : selinux configuration
 - name: Set selinux policy to permissive
-  selinux: policy=targeted state=permissive
+  selinux:
+    policy: targeted
+    state: permissive
  when: ansible_os_family == "RedHat"
  changed_when: False
  tags: bootstrap-os
@@ -146,7 +154,8 @@
  tags: bootstrap-os

 - name: Stat sysctl file configuration
-  stat: path={{sysctl_file_path}}
+  stat:
+    path: "{{sysctl_file_path}}"
  register: sysctl_file_stat
  tags: bootstrap-os

@@ -198,7 +207,8 @@
  tags: [bootstrap-os, resolvconf]

 - name: Check if we are running inside a Azure VM
-  stat: path=/var/lib/waagent/
+  stat:
+    path: /var/lib/waagent/
  register: azure_check
  tags: bootstrap-os

--- a/roles/kubernetes/preinstall/tasks/set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_facts.yml
@@ -1,12 +1,23 @@
 ---
- set_fact: kube_apiserver_count="{{ groups['kube-master'] | length }}"
- set_fact: kube_apiserver_address="{{ ip | default(ansible_default_ipv4['address']) }}"
- set_fact: kube_apiserver_access_address="{{ access_ip | default(kube_apiserver_address) }}"
- set_fact: is_kube_master="{{ inventory_hostname in groups['kube-master'] }}"
- set_fact: first_kube_master="{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
+- set_fact:
+    kube_apiserver_count: "{{ groups['kube-master'] | length }}"
+
+- set_fact:
+    kube_apiserver_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
+
+- set_fact:
+    kube_apiserver_access_address: "{{ access_ip | default(kube_apiserver_address) }}"
+
+- set_fact:
+    is_kube_master: "{{ inventory_hostname in groups['kube-master'] }}"
+
+- set_fact:
+    first_kube_master: "{{ hostvars[groups['kube-master'][0]]['access_ip'] | default(hostvars[groups['kube-master'][0]]['ip'] | default(hostvars[groups['kube-master'][0]]['ansible_default_ipv4']['address'])) }}"
+
 - set_fact:
    loadbalancer_apiserver_localhost: false
  when: loadbalancer_apiserver is defined
+
 - set_fact:
    kube_apiserver_endpoint: |-
      {% if not is_kube_master and loadbalancer_apiserver_localhost -%}
@@ -21,34 +32,54 @@
      {%-  endif -%}
      {%- endif %}

- set_fact: etcd_address="{{ ip | default(ansible_default_ipv4['address']) }}"
- set_fact: etcd_access_address="{{ access_ip | default(etcd_address) }}"
- set_fact: etcd_peer_url="https://{{ etcd_access_address }}:2380"
- set_fact: etcd_client_url="https://{{ etcd_access_address }}:2379"
- set_fact: etcd_authority="127.0.0.1:2379"
- set_fact: etcd_endpoint="https://{{ etcd_authority }}"
+- set_fact:
+    etcd_address: "{{ ip | default(ansible_default_ipv4['address']) }}"
+
+- set_fact:
+    etcd_access_address: "{{ access_ip | default(etcd_address) }}"
+
+- set_fact:
+    etcd_peer_url: "https://{{ etcd_access_address }}:2380"
+
+- set_fact:
+    etcd_client_url: "https://{{ etcd_access_address }}:2379"
+
+- set_fact:
+    etcd_authority: "127.0.0.1:2379"
+
+- set_fact:
+    etcd_endpoint: "https://{{ etcd_authority }}"
+
 - set_fact:
    etcd_access_addresses: |-
      {% for item in groups['etcd'] -%}
        https://{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}:2379{% if not loop.last %},{% endif %}
      {%- endfor %}
- set_fact: etcd_access_endpoint="{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
+
+- set_fact:
+    etcd_access_endpoint: "{% if etcd_multiaccess %}{{ etcd_access_addresses }}{% else %}{{ etcd_endpoint }}{% endif %}"
+
 - set_fact:
    etcd_member_name: |-
      {% for host in groups['etcd'] %}
      {%   if inventory_hostname == host %}{{"etcd"+loop.index|string }}{% endif %}
      {% endfor %}
+
 - set_fact:
    etcd_peer_addresses: |-
      {% for item in groups['etcd'] -%}
        {{ "etcd"+loop.index|string }}=https://{{ hostvars[item].access_ip | default(hostvars[item].ip | default(hostvars[item].ansible_default_ipv4['address'])) }}:2380{% if not loop.last %},{% endif %}
      {%- endfor %}
+
 - set_fact:
    is_etcd_master: "{{ inventory_hostname in groups['etcd'] }}"
+
 - set_fact:
    etcd_after_v3: etcd_version | version_compare("v3.0.0", ">=")
+
 - set_fact:
    etcd_container_bin_dir: "{% if etcd_after_v3 %}/usr/local/bin/{% else %}/{% endif %}"
+
 - set_fact:
    peer_with_calico_rr: "{{ 'calico-rr' in groups and groups['calico-rr']|length > 0 }}"

--- a/roles/kubernetes/preinstall/tasks/set_resolv_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_resolv_facts.yml
@@ -39,11 +39,13 @@
  when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]

 - name: target temporary resolvconf cloud init file (Container Linux by CoreOS)
-  set_fact: resolvconffile=/tmp/resolveconf_cloud_init_conf
+  set_fact:
+    resolvconffile: /tmp/resolveconf_cloud_init_conf
  when: ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]

 - name: check if /etc/dhclient.conf exists
-  stat: path=/etc/dhclient.conf
+  stat:
+    path: /etc/dhclient.conf
  register: dhclient_stat

 - name: target dhclient conf file for /etc/dhclient.conf
@@ -52,7 +54,8 @@
  when: dhclient_stat.stat.exists

 - name: check if /etc/dhcp/dhclient.conf exists
-  stat: path=/etc/dhcp/dhclient.conf
+  stat:
+    path: /etc/dhcp/dhclient.conf
  register: dhcp_dhclient_stat

 - name: target dhclient conf file for /etc/dhcp/dhclient.conf
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -142,10 +142,10 @@

 - name: Gen_certs | check certificate permissions
  file:
-    path={{ kube_cert_dir }}
-    group={{ kube_cert_group }}
-    owner=kube
-    recurse=yes
+    path: "{{ kube_cert_dir }}"
+    group: "{{ kube_cert_group }}"
+    owner: kube
+    recurse: yes

 - name: Gen_certs | set permissions on keys
  shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -1,29 +1,30 @@
 ---
 - include: check-certs.yml
  tags: [k8s-secrets, facts]
+
 - include: check-tokens.yml
  tags: [k8s-secrets, facts]

 - name: Make sure the certificate directory exits
  file:
-    path={{ kube_cert_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_cert_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"

 - name: Make sure the tokens directory exits
  file:
-    path={{ kube_token_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_token_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"

 - name: Make sure the users directory exits
  file:
-    path={{ kube_users_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_users_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"

 - name: Populate users for basic auth in API
  lineinfile:
@@ -62,10 +63,10 @@

 - name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
  file:
-    path={{ kube_token_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_token_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"
  run_once: yes
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_tokens|default(false)
@@ -77,9 +78,11 @@
 - include: sync_kube_master_certs.yml
  when: cert_management == "vault" and inventory_hostname in groups['kube-master']
  tags: k8s-secrets
+
 - include: sync_kube_node_certs.yml
  when: cert_management == "vault" and inventory_hostname in groups['k8s-cluster']
  tags: k8s-secrets
+
 - include: gen_certs_vault.yml
  when: cert_management == "vault"
  tags: k8s-secrets