Use include/import tasks (#2192)

import_tasks will consume far less memory, so it should be
used whenever it is compatible.

roles/kubernetes/master/tasks/kubeadm-setup.yml

@@ -168,5 +168,5 @@
   when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum
 
 - name: kubeadm | cleanup old certs if necessary
-  include: kubeadm-cleanup-old-certs.yml
+  import_tasks: kubeadm-cleanup-old-certs.yml
   when: old_apiserver_cert.stat.exists

roles/kubernetes/master/tasks/main.yml

@@ -1,5 +1,5 @@
 ---
-- include: pre-upgrade.yml
+- import_tasks: pre-upgrade.yml
   tags:
     - k8s-pre-upgrade
 
@@ -9,7 +9,7 @@
     kube_basic_auth: false
   when: kubeadm_enabled|bool|default(false)
 
-- include: users-file.yml
+- import_tasks: users-file.yml
   when: kube_basic_auth|default(true)
 
 - name: Compare host kubectl with hyperkube container
@@ -56,9 +56,9 @@
     - upgrade
 
 - name: Include kubeadm setup if enabled
-  include: kubeadm-setup.yml
+  import_tasks: kubeadm-setup.yml
   when: kubeadm_enabled|bool|default(false)
 
 - name: Include static pod setup if not using kubeadm
-  include: static-pod-setup.yml
+  import_tasks: static-pod-setup.yml
   when: not kubeadm_enabled|bool|default(false)

roles/kubernetes/node/tasks/install.yml

@@ -37,7 +37,7 @@
   tags:
     - kubeadm
 
-- include: "install_{{ kubelet_deployment_type }}.yml"
+- include_tasks: "install_{{ kubelet_deployment_type }}.yml"
 
 - name: install | Write kubelet systemd init file
   template:

roles/kubernetes/node/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
-- include: facts.yml
+- import_tasks: facts.yml
   tags:
     - facts
 
-- include: pre_upgrade.yml
+- import_tasks: pre_upgrade.yml
   tags:
     - kubelet
 
@@ -13,11 +13,11 @@
     state: directory
     mode: 0755
 
-- include: install.yml
+- import_tasks: install.yml
   tags:
     - kubelet
 
-- include: nginx-proxy.yml
+- import_tasks: nginx-proxy.yml
   when: is_kube_master == false and loadbalancer_apiserver_localhost
   tags:
     - nginx

roles/kubernetes/preinstall/tasks/main.yml

@@ -1,5 +1,5 @@
 ---
-- include: verify-settings.yml
+- import_tasks: verify-settings.yml
   tags:
     - asserts
 
@@ -19,7 +19,7 @@
   tags:
     - bootstrap-os
 
-- include: set_facts.yml
+- import_tasks: set_facts.yml
   tags:
     - facts
 
@@ -72,7 +72,7 @@
     - cloud-provider
     - facts
 
-- include: "{{ cloud_provider }}-credential-check.yml"
+- include_tasks: "{{ cloud_provider }}-credential-check.yml"
   when:
     - cloud_provider is defined
     - cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
@@ -99,7 +99,7 @@
     - contiv
     - bootstrap-os
 
-- include: resolvconf.yml
+- import_tasks: resolvconf.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
@@ -276,12 +276,12 @@
   tags:
     - cloud-provider
 
-- include: etchosts.yml
+- import_tasks: etchosts.yml
   tags:
     - bootstrap-os
     - etchosts
 
-- include: dhclient-hooks.yml
+- import_tasks: dhclient-hooks.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode == 'host_resolvconf'
@@ -290,7 +290,7 @@
     - bootstrap-os
     - resolvconf
 
-- include: dhclient-hooks-undo.yml
+- import_tasks: dhclient-hooks-undo.yml
   when:
     - dns_mode != 'none'
     - resolvconf_mode != 'host_resolvconf'
@@ -306,7 +306,7 @@
   tags:
     - bootstrap-os
 
-- include: growpart-azure-centos-7.yml
+- import_tasks: growpart-azure-centos-7.yml
   when:
     - azure_check.stat.exists
     - ansible_distribution in ["CentOS","RedHat"]

roles/kubernetes/preinstall/tasks/set_facts.yml

@@ -11,7 +11,7 @@
     kube_cert_group: "kube"
   when: is_atomic
 
-- include: set_resolv_facts.yml
+- import_tasks: set_resolv_facts.yml
   tags:
     - bootstrap-os
     - resolvconf

roles/kubernetes/secrets/tasks/gen_certs_vault.yml

@@ -1,12 +1,12 @@
 ---
-- include: sync_kube_master_certs.yml
+- import_tasks: sync_kube_master_certs.yml
   when: inventory_hostname in groups['kube-master']
 
-- include: sync_kube_node_certs.yml
+- import_tasks: sync_kube_node_certs.yml
   when: inventory_hostname in groups['k8s-cluster']
 
 # Issue admin certs to kube-master hosts
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
   vars:
     issue_cert_common_name: "admin"
     issue_cert_copy_ca: "{{ item == kube_admin_certs_needed|first }}"
@@ -37,7 +37,7 @@
   run_once: true
 
 # Issue master components certs to kube-master hosts
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
   vars:
     issue_cert_common_name: "kubernetes"
     issue_cert_alt_names: "{{ kube_cert_alt_names }}"
@@ -63,7 +63,7 @@
   notify: set secret_changed
 
 # Issue node certs to k8s-cluster nodes
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
   vars:
     # Need to strip out the 'node-' prefix from the cert name so it can be used
     # with the node authorization plugin ( CN matches kubelet node name )
@@ -80,7 +80,7 @@
   when: inventory_hostname in groups['k8s-cluster']
 
 # Issue proxy certs to k8s-cluster nodes
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
   vars:
     issue_cert_common_name: "system:kube-proxy"
     issue_cert_copy_ca: "{{ item == kube_proxy_certs_needed|first }}"

roles/kubernetes/secrets/tasks/main.yml

@@ -1,10 +1,10 @@
 ---
-- include: check-certs.yml
+- import_tasks: check-certs.yml
   tags:
     - k8s-secrets
     - facts
 
-- include: check-tokens.yml
+- import_tasks: check-tokens.yml
   tags:
     - k8s-secrets
     - facts
@@ -69,11 +69,11 @@
   delegate_to: "{{groups['kube-master'][0]}}"
   when: gen_tokens|default(false)
 
-- include: "gen_certs_{{ cert_management }}.yml"
+- include_tasks: "gen_certs_{{ cert_management }}.yml"
   tags:
     - k8s-secrets
 
-- include: upd_ca_trust.yml
+- import_tasks: upd_ca_trust.yml
   tags:
     - k8s-secrets
 
@@ -111,6 +111,6 @@
     kube_proxy_cert_serial: "{{ node_certificate_serials.results[1].stdout|default() }}"
   when: inventory_hostname in groups['k8s-cluster']
 
-- include: gen_tokens.yml
+- import_tasks: gen_tokens.yml
   tags:
     - k8s-secrets

roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml

@@ -4,7 +4,7 @@
   set_fact:
     kube_admin_cert_list: "{{ kube_admin_cert_list|d([]) + ['admin-' + inventory_hostname + '.pem'] }}"
 
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
   vars:
     sync_file: "{{ item }}"
     sync_file_dir: "{{ kube_cert_dir }}"
@@ -24,7 +24,7 @@
   set_fact:
     sync_file_results: []
 
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
   vars:
     sync_file: "{{ item }}"
     sync_file_dir: "{{ kube_cert_dir }}"
@@ -44,7 +44,7 @@
   set_fact:
     sync_file_results: []
 
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
   vars:
     sync_file: ca.pem
     sync_file_dir: "{{ kube_cert_dir }}"

roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml

@@ -4,7 +4,7 @@
   set_fact:
     kube_node_cert_list: "{{ kube_node_cert_list|default([]) + ['node-' + inventory_hostname + '.pem'] }}"
 
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
   vars:
     sync_file: "{{ item }}"
     sync_file_dir: "{{ kube_cert_dir }}"
@@ -24,7 +24,7 @@
   set_fact:
     sync_file_results: []
 
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
   vars:
     sync_file: ca.pem
     sync_file_dir: "{{ kube_cert_dir }}"
@@ -40,7 +40,7 @@
   set_fact:
     kube_proxy_cert_list: "{{ kube_proxy_cert_list|default([]) + ['kube-proxy-' + inventory_hostname + '.pem'] }}"
 
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
   vars:
     sync_file: "{{ item }}"
     sync_file_dir: "{{ kube_cert_dir }}"