ansible-lint: add spaces around variables [E206] (#4699)

roles/kubernetes/kubeadm/tasks/main.yml

@@ -77,7 +77,7 @@
     - name: Join to cluster
       command: >-
         {{ bin_dir }}/kubeadm join
-        --config {{ kube_config_dir}}/kubeadm-client.conf
+        --config {{ kube_config_dir }}/kubeadm-client.conf
         --ignore-preflight-errors=DirAvailable--etc-kubernetes-manifests
       register: kubeadm_join
       async: 120
@@ -88,7 +88,7 @@
     - name: Join to cluster with ignores
       command: >-
         {{ bin_dir }}/kubeadm join
-        --config {{ kube_config_dir}}/kubeadm-client.conf
+        --config {{ kube_config_dir }}/kubeadm-client.conf
         --ignore-preflight-errors=all
       register: kubeadm_join
       async: 60

roles/kubernetes/master/tasks/encrypt-at-rest.yml

@@ -12,12 +12,12 @@
 
 - name: Base 64 Decode slurped secrets_encryption.yaml file
   set_fact:
-    secret_file_decoded: "{{secret_file_encoded['content'] | b64decode | from_yaml}}"
+    secret_file_decoded: "{{ secret_file_encoded['content'] | b64decode | from_yaml }}"
   when: secrets_encryption_file.stat.exists
 
 - name: Extract secret value from secrets_encryption.yaml
   set_fact:
-    kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode}}"
+    kube_encrypt_token_extracted: "{{ secret_file_decoded | json_query(secrets_encryption_query) | first | b64decode }}"
   when: secrets_encryption_file.stat.exists
 
 - name: Set kube_encrypt_token across master nodes

roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml

@@ -5,7 +5,7 @@
       {%- if "127.0.0.1" in kube_apiserver_endpoint or "localhost" in kube_apiserver_endpoint -%}
       {{ first_kube_master }}:{{ kube_apiserver_port }}
       {%- else -%}
-      {{ kube_apiserver_endpoint | regex_replace('https://', '')}}
+      {{ kube_apiserver_endpoint | regex_replace('https://', '') }}
       {%- endif %}
   tags:
     - facts
@@ -21,15 +21,15 @@
 
 - name: Wait for k8s apiserver
   wait_for:
-    host: "{{kubeadm_discovery_address.split(':')[0]}}"
-    port: "{{kubeadm_discovery_address.split(':')[1]}}"
+    host: "{{ kubeadm_discovery_address.split(':')[0] }}"
+    port: "{{ kubeadm_discovery_address.split(':')[1] }}"
     timeout: 180
 
 
 - name: Upload certificates so they are fresh and not expired
   command: >-
     {{ bin_dir }}/kubeadm init phase
-    --config {{ kube_config_dir}}/kubeadm-config.yaml
+    --config {{ kube_config_dir }}/kubeadm-config.yaml
     upload-certs --experimental-upload-certs
     {% if kubeadm_certificate_key is defined %}
     --certificate-key={{ kubeadm_certificate_key }}
@@ -46,7 +46,7 @@
 - name: Joining control plane node to the cluster.
   command: >-
     {{ bin_dir }}/kubeadm join
-    --config {{ kube_config_dir}}/kubeadm-controlplane.yaml
+    --config {{ kube_config_dir }}/kubeadm-controlplane.yaml
     --ignore-preflight-errors=all
     {% if kubeadm_certificate_key is defined %}
     --certificate-key={{ kubeadm_certificate_key }}

roles/kubernetes/master/tasks/kubeadm-setup.yml

@@ -3,7 +3,7 @@
   stat:
     path: "{{ kube_cert_dir }}/apiserver.pem"
   register: old_apiserver_cert
-  delegate_to: "{{groups['kube-master']|first}}"
+  delegate_to: "{{ groups['kube-master'] | first }}"
   run_once: true
 
 - name: kubeadm | Migrate old certs if necessary
@@ -41,14 +41,14 @@
 
 - name: kubeadm | Delete old static pods
   file:
-    path: "{{ kube_config_dir }}/manifests/{{item}}.manifest"
+    path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
     state: absent
   with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
   when:
     - old_apiserver_cert.stat.exists
 
 - name: kubeadm | Forcefully delete old static pods
-  shell: "docker ps -f name=k8s_{{item}} -q | xargs --no-run-if-empty docker rm -f"
+  shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
   with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
   when:
     - old_apiserver_cert.stat.exists
@@ -147,7 +147,7 @@
   retries: 5
   delay: 5
   until: temp_token is succeeded
-  delegate_to: "{{groups['kube-master']|first}}"
+  delegate_to: "{{ groups['kube-master'] | first }}"
   when: kubeadm_token is not defined
   tags:
     - kubeadm_token
@@ -190,6 +190,6 @@
 # FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
 - name: kubeadm | Remove taint for master with node role
   command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} node-role.kubernetes.io/master:NoSchedule-"
-  delegate_to: "{{groups['kube-master']|first}}"
+  delegate_to: "{{ groups['kube-master'] | first }}"
   when: inventory_hostname in groups['kube-node']
   failed_when: false

roles/kubernetes/master/tasks/pre-upgrade.yml

@@ -1,7 +1,7 @@
 ---
 - name: "Pre-upgrade | Delete master manifests if etcd secrets changed"
   file:
-    path: "/etc/kubernetes/manifests/{{item}}.manifest"
+    path: "/etc/kubernetes/manifests/{{ item }}.manifest"
     state: absent
   with_items:
     - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
@@ -9,7 +9,7 @@
   when: etcd_secret_changed|default(false)
 
 - name: "Pre-upgrade | Delete master containers forcefully"
-  shell: "docker ps -af name=k8s_{{item}}* -q | xargs --no-run-if-empty docker rm -f"
+  shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f"
   with_items:
     - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
   when: kube_apiserver_manifest_replaced.changed

roles/kubernetes/node/tasks/azure-credential-check.yml

@@ -56,7 +56,7 @@
 
 - name: check azure_loadbalancer_sku value
   fail:
-    msg: "azure_loadbalancer_sku has an invalid value '{{azure_loadbalancer_sku}}'. Supported values are 'basic', 'standard'"
+    msg: "azure_loadbalancer_sku has an invalid value '{{ azure_loadbalancer_sku }}'. Supported values are 'basic', 'standard'"
   when: azure_loadbalancer_sku not in ["basic", "standard"]
 
 - name: "check azure_exclude_master_from_standard_lb is a bool"

roles/kubernetes/node/tasks/main.yml

@@ -65,7 +65,7 @@
 - name: Verify if br_netfilter module exists
   shell: "modinfo br_netfilter"
   environment:
-    PATH: "{{ ansible_env.PATH}}:/sbin"  # Make sure we can workaround RH's conservative path management
+    PATH: "{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH's conservative path management
   register: modinfo_br_netfilter
   failed_when: modinfo_br_netfilter.rc not in [0, 1]
   changed_when: false

roles/kubernetes/node/templates/kubelet.host.service.j2

@@ -6,7 +6,7 @@ Wants=docker.socket
 
 [Service]
 User=root
-EnvironmentFile=-{{kube_config_dir}}/kubelet.env
+EnvironmentFile=-{{ kube_config_dir }}/kubelet.env
 ExecStartPre=-/bin/mkdir -p {{ kubelet_flexvolumes_plugins_dir }}
 ExecStart={{ bin_dir }}/kubelet \
 		$KUBE_LOGTOSTDERR \

roles/kubernetes/preinstall/tasks/0020-verify-settings.yml

@@ -35,7 +35,7 @@
 - name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
   assert:
     that: item.value|type_debug == 'bool'
-    msg: "{{item.value}} isn't a bool"
+    msg: "{{ item.value }} isn't a bool"
   run_once: yes
   with_items:
     - { name: download_run_once, value: "{{ download_run_once }}" }

roles/kubernetes/preinstall/tasks/0040-set_facts.yml

@@ -8,9 +8,9 @@
   set_fact:
     host_architecture: >-
       {%- if ansible_architecture in architecture_groups -%}
-      {{architecture_groups[ansible_architecture]}}
+      {{ architecture_groups[ansible_architecture] }}
       {%- else -%}
-       {{ansible_architecture}}
+       {{ ansible_architecture }}
       {% endif %}
 
 - name: Force binaries directory for Container Linux by CoreOS
@@ -46,7 +46,7 @@
 - set_fact:
     bogus_domains: |-
       {% for d in [ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([]) -%}
-      {{dns_domain}}.{{d}}./{{d}}.{{d}}./com.{{d}}./
+      {{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
       {%- endfor %}
     cloud_resolver: >-
       {%- if cloud_provider is defined and cloud_provider == 'gce' -%}
@@ -139,9 +139,9 @@
 - name: generate nameservers to resolvconf
   set_fact:
     nameserverentries:
-      nameserver {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ')}}
+      nameserver {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(',nameserver ') }}
     supersede_nameserver:
-      supersede domain-name-servers {{( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
+      supersede domain-name-servers {{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | join(', ') }};
 
 - name: gather os specific variables
   include_vars: "{{ item }}"

roles/kubernetes/preinstall/tasks/0050-create_directories.yml

@@ -17,7 +17,7 @@
     - master
     - node
   with_items:
-    - "{{bin_dir}}"
+    - "{{ bin_dir }}"
     - "{{ kube_config_dir }}"
     - "{{ kube_cert_dir }}"
     - "{{ kube_manifest_dir }}"

roles/kubernetes/preinstall/tasks/0060-resolvconf.yml

@@ -5,7 +5,7 @@
 
 - name: Add domain/search/nameservers/options to resolv.conf
   blockinfile:
-    path: "{{resolvconffile}}"
+    path: "{{ resolvconffile }}"
     block: |-
       {% for item in [domainentry] + [searchentries] + nameserverentries.split(',') -%}
       {{ item }}
@@ -22,7 +22,7 @@
 
 - name: Remove search/domain/nameserver options before block
   replace:
-    dest: "{{item[0]}}"
+    dest: "{{ item[0] }}"
     regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
     backup: yes
     follow: yes
@@ -33,7 +33,7 @@
 
 - name: Remove search/domain/nameserver options after block
   replace:
-    dest: "{{item[0]}}"
+    dest: "{{ item[0] }}"
     regexp: '(# Ansible entries END\n(?:(?!^{{ item[1] }}).*\n)*)(?:^{{ item[1] }}.*\n?)+'
     replace: '\1'
     backup: yes
@@ -51,7 +51,7 @@
 
 - name: persist resolvconf cloud init file
   template:
-    dest: "{{resolveconf_cloud_init_conf}}"
+    dest: "{{ resolveconf_cloud_init_conf }}"
     src: resolvconf.j2
     owner: root
     mode: 0644

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -31,14 +31,14 @@
 
 - name: Stat sysctl file configuration
   stat:
-    path: "{{sysctl_file_path}}"
+    path: "{{ sysctl_file_path }}"
   register: sysctl_file_stat
   tags:
     - bootstrap-os
 
 - name: Change sysctl file path to link source if linked
   set_fact:
-    sysctl_file_path: "{{sysctl_file_stat.stat.lnk_source}}"
+    sysctl_file_path: "{{ sysctl_file_stat.stat.lnk_source }}"
   when:
     - sysctl_file_stat.stat.islnk is defined
     - sysctl_file_stat.stat.islnk
@@ -52,7 +52,7 @@
 
 - name: Enable ip forwarding
   sysctl:
-    sysctl_file: "{{sysctl_file_path}}"
+    sysctl_file: "{{ sysctl_file_path }}"
     name: net.ipv4.ip_forward
     value: 1
     state: present

roles/kubernetes/preinstall/tasks/0090-etchosts.yml

@@ -5,7 +5,7 @@
     block: |-
       {% for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
       {% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or fallback_ips[item] != "skip" -%}
-      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item]))}}
+      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}
       {%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }}{% endif %} {{ item }} {{ item }}.{{ dns_domain }}
       {% endif %}
       {% endfor %}

roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml

@@ -5,7 +5,7 @@
       {% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
       {{ item }}
       {% endfor %}
-    path: "{{dhclientconffile}}"
+    path: "{{ dhclientconffile }}"
     create: yes
     state: present
     insertbefore: BOF

roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml

@@ -5,7 +5,7 @@
 
 - name: Remove kubespray specific config from dhclient config
   blockinfile:
-    path: "{{dhclientconffile}}"
+    path: "{{ dhclientconffile }}"
     state: absent
     backup: yes
     marker: "# Ansible entries {mark}"

roles/kubernetes/tokens/tasks/check-tokens.yml

@@ -2,7 +2,7 @@
 - name: "Check_tokens | check if the tokens have already been generated on first master"
   stat:
     path: "{{ kube_token_dir }}/known_tokens.csv"
-  delegate_to: "{{groups['kube-master'][0]}}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   register: known_tokens_master
   run_once: true
 

roles/kubernetes/tokens/tasks/gen_tokens.yml

@@ -5,7 +5,7 @@
     dest: "{{ kube_script_dir }}/kube-gen-token.sh"
     mode: 0700
   run_once: yes
-  delegate_to: "{{groups['kube-master'][0]}}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when: gen_tokens|default(false)
 
 - name: Gen_tokens | generate tokens for master components
@@ -18,7 +18,7 @@
   register: gentoken_master
   changed_when: "'Added' in gentoken_master.stdout"
   run_once: yes
-  delegate_to: "{{groups['kube-master'][0]}}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when: gen_tokens|default(false)
 
 - name: Gen_tokens | generate tokens for node components
@@ -31,14 +31,14 @@
   register: gentoken_node
   changed_when: "'Added' in gentoken_node.stdout"
   run_once: yes
-  delegate_to: "{{groups['kube-master'][0]}}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   when: gen_tokens|default(false)
 
 - name: Gen_tokens | Get list of tokens from first master
   shell: "(find {{ kube_token_dir }} -maxdepth 1 -type f)"
   register: tokens_list
   check_mode: no
-  delegate_to: "{{groups['kube-master'][0]}}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
   when: sync_tokens|default(false)
 
@@ -48,7 +48,7 @@
     warn: false
   register: tokens_data
   check_mode: no
-  delegate_to: "{{groups['kube-master'][0]}}"
+  delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true
   when: sync_tokens|default(false)