From 0d55ed3600a0ac9cee38eb1bc67b152b459c70a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Grill?= <guenhter@users.noreply.github.com>
Date: Mon, 6 Nov 2017 14:51:07 +0100
Subject: [PATCH] Avoid that some read-only tasks cause an ansible-change
 (#1910)

---
 roles/bootstrap-os/tasks/bootstrap-coreos.yml      | 1 +
 roles/bootstrap-os/tasks/bootstrap-debian.yml      | 1 +
 roles/bootstrap-os/tasks/bootstrap-ubuntu.yml      | 1 +
 roles/kubernetes-apps/rotate_tokens/tasks/main.yml | 2 ++
 roles/kubernetes/secrets/tasks/main.yml            | 2 ++
 5 files changed, 7 insertions(+)

diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
index fc290cef0..428065eba 100644
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -3,6 +3,7 @@
   raw: stat /opt/bin/.bootstrapped
   register: need_bootstrap
   failed_when: false
+  changed_when: false
   tags:
     - facts
 
diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index 31b64265e..959ad0e03 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -5,6 +5,7 @@
   raw: which "{{ item }}"
   register: need_bootstrap
   failed_when: false
+  changed_when: false
   with_items:
     - python
     - pip
diff --git a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
index 07d66f682..37c327f6c 100644
--- a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml
@@ -5,6 +5,7 @@
   raw: which "{{ item }}"
   register: need_bootstrap
   failed_when: false
+  changed_when: false
   with_items:
     - python
     - pip
diff --git a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
index 842358177..23b63ee8a 100644
--- a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
+++ b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
@@ -2,10 +2,12 @@
 - name: Rotate Tokens | Get default token name
   shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
   register: default_token
+  changed_when: false
 
 - name: Rotate Tokens | Get default token data
   command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson"
   register: default_token_data
+  changed_when: false
   run_once: true
 
 - name: Rotate Tokens | Test if default certificate is expired
diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml
index 55403ed16..79bea81f2 100644
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -80,6 +80,7 @@
 - name: "Gen_certs | Get certificate serials on kube masters"
   shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
   register: "master_certificate_serials"
+  changed_when: false
   with_items:
     - "admin-{{ inventory_hostname }}.pem"
     - "apiserver.pem"
@@ -98,6 +99,7 @@
 - name: "Gen_certs | Get certificate serials on kube nodes"
   shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
   register: "node_certificate_serials"
+  changed_when: false
   with_items:
     - "node-{{ inventory_hostname }}.pem"
     - "kube-proxy-{{ inventory_hostname }}.pem"
-- 
GitLab