From 80eb1ad936ee743f4209fa767ece3e8530d08786 Mon Sep 17 00:00:00 2001
From: Hans Feldt <2808287+hafe@users.noreply.github.com>
Date: Tue, 1 Dec 2020 00:12:50 +0100
Subject: [PATCH] fix ansible password authentication (#6907)
* copying ssh key no longer required, works with password auth
* use copy module instead of synchronize (which requires sshpass)
* less tasks and always changed tasks
---
README.md | 1 -
.../containerd/tasks/crictl.yml | 9 ++---
roles/container-engine/cri-o/tasks/crictl.yml | 9 ++---
roles/download/tasks/prep_kubeadm_images.yml | 9 ++---
roles/kubernetes/master/tasks/main.yml | 19 ++--------
roles/kubernetes/node/tasks/install.yml | 37 +++----------------
6 files changed, 18 insertions(+), 66 deletions(-)
diff --git a/README.md b/README.md
index 22a01cf85..48396880c 100644
--- a/README.md
+++ b/README.md
@@ -148,7 +148,6 @@ Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/p
- **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
- The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
- The target servers are configured to allow **IPv4 forwarding**.
-- **Your ssh key must be copied** to all the servers part of your inventory.
- The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
in order to avoid any issue during deployment you should disable your firewall.
- If kubespray is ran from non-root user account, correct privilege escalation method
diff --git a/roles/container-engine/containerd/tasks/crictl.yml b/roles/container-engine/containerd/tasks/crictl.yml
index 848095166..3a9c074e6 100644
--- a/roles/container-engine/containerd/tasks/crictl.yml
+++ b/roles/container-engine/containerd/tasks/crictl.yml
@@ -12,14 +12,11 @@
mode: 0644
- name: Copy crictl binary from download dir
- synchronize:
+ copy:
src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl"
- compress: no
- perms: yes
- owner: no
- group: no
- delegate_to: "{{ inventory_hostname }}"
+ mode: 0755
+ remote_src: true
- name: Get crictl completion
command: "{{ bin_dir }}/crictl completion"
diff --git a/roles/container-engine/cri-o/tasks/crictl.yml b/roles/container-engine/cri-o/tasks/crictl.yml
index 574957457..d7cc1e665 100644
--- a/roles/container-engine/cri-o/tasks/crictl.yml
+++ b/roles/container-engine/cri-o/tasks/crictl.yml
@@ -12,14 +12,11 @@
mode: 0644
- name: Copy crictl binary from download dir
- synchronize:
+ copy:
src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl"
- compress: no
- perms: yes
- owner: no
- group: no
- delegate_to: "{{ inventory_hostname }}"
+ mode: 0755
+ remote_src: true
- name: Get crictl completion
command: "{{ bin_dir }}/crictl completion"
diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml
index 35b251466..fa829e8f0 100644
--- a/roles/download/tasks/prep_kubeadm_images.yml
+++ b/roles/download/tasks/prep_kubeadm_images.yml
@@ -22,14 +22,11 @@
- not skip_kubeadm_images|default(false)
- name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path
- synchronize:
+ copy:
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubeadm"
- compress: no
- perms: yes
- owner: no
- group: no
- delegate_to: "{{ inventory_hostname }}"
+ mode: 0755
+ remote_src: true
- name: prep_kubeadm_images | Set kubeadm binary permissions
file:
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index 9eb0a56dd..a85dddfb9 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -20,24 +20,11 @@
- kube_encrypt_secret_data
- name: Install | Copy kubectl binary from download dir
- synchronize:
+ copy:
src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubectl"
- compress: no
- perms: yes
- owner: no
- group: no
- changed_when: false
- delegate_to: "{{ inventory_hostname }}"
- tags:
- - kubectl
- - upgrade
-
-- name: install | Set kubectl binary permissions
- file:
- path: "{{ bin_dir }}/kubectl"
- mode: "0755"
- state: file
+ mode: 0755
+ remote_src: true
tags:
- kubectl
- upgrade
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index 339c43df3..dd2099672 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -1,51 +1,26 @@
---
- name: install | Copy kubeadm binary from download dir
- synchronize:
+ copy:
src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubeadm"
- compress: no
- perms: yes
- owner: no
- group: no
- delegate_to: "{{ inventory_hostname }}"
- tags:
- - kubeadm
- when:
- - not inventory_hostname in groups['kube-master']
-
-- name: install | Set kubeadm binary permissions
- file:
- path: "{{ bin_dir }}/kubeadm"
- mode: "0755"
- state: file
+ mode: 0755
+ remote_src: true
tags:
- kubeadm
when:
- not inventory_hostname in groups['kube-master']
- name: install | Copy kubelet binary from download dir
- synchronize:
+ copy:
src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
dest: "{{ bin_dir }}/kubelet"
- compress: no
- perms: yes
- owner: no
- group: no
- delegate_to: "{{ inventory_hostname }}"
+ mode: 0755
+ remote_src: true
tags:
- kubelet
- upgrade
notify: Node | restart kubelet
-- name: install | Set kubelet binary permissions
- file:
- path: "{{ bin_dir }}/kubelet"
- mode: "0755"
- state: file
- tags:
- - kubelet
- - upgrade
-
- name: install | Copy socat wrapper for Container Linux
command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
args:
--
GitLab