diff --git a/.yamllint b/.yamllint
index aa14324a9f8efb5f7670ef8aa2f3ecfd46bcc49b..eb061917ee407ef18bfd0f0bddb36f99d9d3efd9 100644
--- a/.yamllint
+++ b/.yamllint
@@ -6,7 +6,7 @@ ignore: |
.github/
# Generated file
tests/files/custom_cni/cilium.yaml
-
+# https://ansible.readthedocs.io/projects/lint/rules/yaml/
rules:
braces:
min-spaces-inside: 0
@@ -14,9 +14,16 @@ rules:
brackets:
min-spaces-inside: 0
max-spaces-inside: 1
+ comments:
+ min-spaces-from-content: 1
+ # https://github.com/adrienverge/yamllint/issues/384
+ comments-indentation: false
indentation:
spaces: 2
indent-sequences: consistent
line-length: disable
new-line-at-end-of-file: disable
+ octal-values:
+ forbid-implicit-octal: true # yamllint defaults to false
+ forbid-explicit-octal: true # yamllint defaults to false
truthy: disable
diff --git a/contrib/azurerm/roles/generate-inventory/tasks/main.yml b/contrib/azurerm/roles/generate-inventory/tasks/main.yml
index 3eb121aa0a77d9295cdbf21a469345b626862eb1..f93f1b6b281f609c94e6b9b38b679814a2dbf44a 100644
--- a/contrib/azurerm/roles/generate-inventory/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-inventory/tasks/main.yml
@@ -12,4 +12,4 @@
template:
src: inventory.j2
dest: "{{ playbook_dir }}/inventory"
- mode: 0644
+ mode: "0644"
diff --git a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
index c628154a038b32ff7b27d2dcce4043fc3dd72f30..267755b1285ebc8ecd318f0772a8ed5198e614ef 100644
--- a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
@@ -22,10 +22,10 @@
template:
src: inventory.j2
dest: "{{ playbook_dir }}/inventory"
- mode: 0644
+ mode: "0644"
- name: Generate Load Balancer variables
template:
src: loadbalancer_vars.j2
dest: "{{ playbook_dir }}/loadbalancer_vars.yml"
- mode: 0644
+ mode: "0644"
diff --git a/contrib/azurerm/roles/generate-templates/tasks/main.yml b/contrib/azurerm/roles/generate-templates/tasks/main.yml
index 294ee96fc86d2fa8c2dd8a7b7676b0907993933e..057d4d005473a6e18b4eaf12cc7544506533cce3 100644
--- a/contrib/azurerm/roles/generate-templates/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-templates/tasks/main.yml
@@ -8,13 +8,13 @@
path: "{{ base_dir }}"
state: directory
recurse: true
- mode: 0755
+ mode: "0755"
- name: Store json files in base_dir
template:
src: "{{ item }}"
dest: "{{ base_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- network.json
- storage.json
diff --git a/contrib/dind/roles/dind-cluster/tasks/main.yaml b/contrib/dind/roles/dind-cluster/tasks/main.yaml
index 1cf819f68c543c4bf7aec163765152349606ee49..dcb086c644782b3cd53cc92ad37432bb1c995c1a 100644
--- a/contrib/dind/roles/dind-cluster/tasks/main.yaml
+++ b/contrib/dind/roles/dind-cluster/tasks/main.yaml
@@ -35,7 +35,7 @@
path-exclude=/usr/share/doc/*
path-include=/usr/share/doc/*/copyright
dest: /etc/dpkg/dpkg.cfg.d/01_nodoc
- mode: 0644
+ mode: "0644"
when:
- ansible_os_family == 'Debian'
@@ -64,7 +64,7 @@
copy:
content: "{{ distro_user }} ALL=(ALL) NOPASSWD:ALL"
dest: "/etc/sudoers.d/{{ distro_user }}"
- mode: 0640
+ mode: "0640"
- name: "Add my pubkey to {{ distro_user }} user authorized keys"
ansible.posix.authorized_key:
diff --git a/contrib/dind/roles/dind-host/tasks/main.yaml b/contrib/dind/roles/dind-host/tasks/main.yaml
index e44047f4ded83077312093a2a1d8a8ff4aaa2586..56c8ff4c513c1482e99bbd59857b68d05c4ca74b 100644
--- a/contrib/dind/roles/dind-host/tasks/main.yaml
+++ b/contrib/dind/roles/dind-host/tasks/main.yaml
@@ -42,7 +42,7 @@
template:
src: inventory_builder.sh.j2
dest: /tmp/kubespray.dind.inventory_builder.sh
- mode: 0755
+ mode: "0755"
tags:
- addresses
diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
index 52bc83f09980ced4fa6c3d25077fd01ad92264a2..6934eccf3b9616a0af24ab6ee2bba7b04b123e62 100644
--- a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
+++ b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
@@ -20,7 +20,7 @@
br-netfilter
owner: root
group: root
- mode: 0644
+ mode: "0644"
when: br_netfilter is defined
diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
index c2d312302638befa9613216da0e76bc5cf6fe2e3..e8ab34afde21350d072ca6d536782fd265fa13db 100644
--- a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
+++ b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
@@ -11,7 +11,7 @@
state: directory
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
- mode: 0700
+ mode: "0700"
- name: Configure sudo for deployment user
copy:
@@ -20,13 +20,13 @@
dest: "/etc/sudoers.d/55-k8s-deployment"
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Write private SSH key
copy:
src: "{{ k8s_deployment_user_pkey_path }}"
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
- mode: 0400
+ mode: "0400"
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined
@@ -41,7 +41,7 @@
- name: Fix ssh-pub-key permissions
file:
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
- mode: 0600
+ mode: "0600"
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined
diff --git a/contrib/mitogen/mitogen.yml b/contrib/mitogen/mitogen.yml
index 1ccc9a99c4ca9f9df08163e1da7ff81d368a1d0b..77018d693100bae7d88920fe9922427acfbc870a 100644
--- a/contrib/mitogen/mitogen.yml
+++ b/contrib/mitogen/mitogen.yml
@@ -14,7 +14,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
become: false
loop:
- "{{ playbook_dir }}/plugins/mitogen"
@@ -25,7 +25,7 @@
url: "{{ mitogen_url }}"
dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz"
validate_certs: true
- mode: 0644
+ mode: "0644"
- name: Extract archive
unarchive:
@@ -40,7 +40,7 @@
- name: Add strategy to ansible.cfg
community.general.ini_file:
path: ansible.cfg
- mode: 0644
+ mode: "0644"
section: "{{ item.section | d('defaults') }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
index 248f21efa5b462a9a13aa7a3e025035eb81ac4fd..947cf8aa2317064a784c8b60c0d89f965a5a8269 100644
--- a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
+++ b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
@@ -15,7 +15,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0775
+ mode: "0775"
with_items:
- "{{ gluster_mount_dir }}"
when: ansible_os_family in ["Debian","RedHat"] and groups['gfs-cluster'] is defined
diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
index 50f849c01d300328191298249cdd08e9c1e8121e..6bdc41420ed1598785e478c8a16469f43df1781a 100644
--- a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
+++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
@@ -49,7 +49,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0775
+ mode: "0775"
with_items:
- "{{ gluster_brick_dir }}"
- "{{ gluster_mount_dir }}"
@@ -101,7 +101,7 @@
template:
dest: "{{ gluster_mount_dir }}/.test-file.txt"
src: test-file.txt
- mode: 0644
+ mode: "0644"
when: groups['gfs-cluster'] is defined and inventory_hostname == groups['gfs-cluster'][0]
- name: Unmount glusterfs
diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
index ed62e282e38c3fb150f0aca7a35e2c5df40f4b61..cf2bd0ee5cba28efc526875eca8bc30bb7598449 100644
--- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
+++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}/{{ item.dest }}"
- mode: 0644
+ mode: "0644"
with_items:
- { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
- { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
index 866fe30bf6ada53c838ed3ee675610e5adb40bcf..94d440150717dc97e2634181159397d8197dcf36 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
@@ -4,7 +4,7 @@
template:
src: "heketi-bootstrap.json.j2"
dest: "{{ kube_config_dir }}/heketi-bootstrap.json"
- mode: 0640
+ mode: "0640"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Bootstrap"
kube:
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
index 2f3efd4dd1fe365ae4ea7e1b0df27e8b0b6356e9..b011c024b684d07bb5be5da6e9169a05adf59f68 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
@@ -10,7 +10,7 @@
template:
src: "topology.json.j2"
dest: "{{ kube_config_dir }}/topology.json"
- mode: 0644
+ mode: "0644"
- name: "Copy topology configuration into container."
changed_when: false
command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
index 973c6685141c33adb7bb9f96ad33e4ba6f7cc05b..239e780d88a08974c5bf0e312f11cf18d65e7c29 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
@@ -3,7 +3,7 @@
template:
src: "glusterfs-daemonset.json.j2"
dest: "{{ kube_config_dir }}/glusterfs-daemonset.json"
- mode: 0644
+ mode: "0644"
become: true
register: "rendering"
- name: "Kubernetes Apps | Install and configure GlusterFS daemonset"
@@ -33,7 +33,7 @@
template:
src: "heketi-service-account.json.j2"
dest: "{{ kube_config_dir }}/heketi-service-account.json"
- mode: 0644
+ mode: "0644"
become: true
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Service Account"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
index a8549df458169db729d2a4b2cd6982471546dfd2..30c68c2bc53525226af3a35f2371cdc23481b25a 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
@@ -4,7 +4,7 @@
template:
src: "heketi-deployment.json.j2"
dest: "{{ kube_config_dir }}/heketi-deployment.json"
- mode: 0644
+ mode: "0644"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
index c455b6f6ddcc79729e963de8ebbc04b37760f090..816bb156c27b4f90ecf6a31c34f85516ef63fc53 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
@@ -28,7 +28,7 @@
template:
src: "heketi.json.j2"
dest: "{{ kube_config_dir }}/heketi.json"
- mode: 0644
+ mode: "0644"
- name: "Deploy Heketi config secret"
when: "secret_state.stdout | length == 0"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
index 055e179a34b6b1f2b568ff75cc0763a92c0e507a..c3f8ebf2e585dbbc7754049d0b20a750511a9dc6 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
@@ -5,7 +5,7 @@
template:
src: "heketi-storage.json.j2"
dest: "{{ kube_config_dir }}/heketi-storage.json"
- mode: 0644
+ mode: "0644"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Storage"
kube:
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
index bd4f6666be6c8c5884236941324bd37fff8a047d..fc57302bcbdbaaee0ccf68fe809c44a180520961 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
@@ -16,7 +16,7 @@
template:
src: "storageclass.yml.j2"
dest: "{{ kube_config_dir }}/storageclass.yml"
- mode: 0644
+ mode: "0644"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Storace Class"
kube:
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
index aa662083ea5c90af676f6b49b72f3ae34b6c1da5..edd5bd9e88f1ac706e9d922e048d4348f5918af5 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
@@ -10,7 +10,7 @@
template:
src: "topology.json.j2"
dest: "{{ kube_config_dir }}/topology.json"
- mode: 0644
+ mode: "0644"
- name: "Copy topology configuration into container." # noqa no-handler
when: "rendering.changed"
command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json"
diff --git a/contrib/offline/generate_list.yml b/contrib/offline/generate_list.yml
index bebf3496899aee25fb951e73ec6b27f22ae27e17..6b2bcf8067f48cabdd56e8722a2d8a09606a0a50 100644
--- a/contrib/offline/generate_list.yml
+++ b/contrib/offline/generate_list.yml
@@ -16,7 +16,7 @@
template:
src: ./contrib/offline/temp/{{ item }}.list.template
dest: ./contrib/offline/temp/{{ item }}.list
- mode: 0644
+ mode: "0644"
with_items:
- files
- images
diff --git a/roles/bastion-ssh-config/molecule/default/converge.yml b/roles/bastion-ssh-config/molecule/default/converge.yml
index 54a624705b89ee2e9a4e1203d4f171ac19f12d19..a89615573a9c7815f77af15618c994d32b9bbe59 100644
--- a/roles/bastion-ssh-config/molecule/default/converge.yml
+++ b/roles/bastion-ssh-config/molecule/default/converge.yml
@@ -12,4 +12,4 @@
dest: "{{ ssh_bastion_confing__name }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- mode: 0644
+ mode: "0644"
diff --git a/roles/bastion-ssh-config/tasks/main.yml b/roles/bastion-ssh-config/tasks/main.yml
index 920763eb5831cee15bf6e0b0faf79787c7fdd165..99847ef8e3f243b6dc7cdad7db8a5cd6e6b92335 100644
--- a/roles/bastion-ssh-config/tasks/main.yml
+++ b/roles/bastion-ssh-config/tasks/main.yml
@@ -19,4 +19,4 @@
template:
src: "{{ ssh_bastion_confing__name }}.j2"
dest: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}"
- mode: 0640
+ mode: "0640"
diff --git a/roles/bootstrap-os/tasks/centos.yml b/roles/bootstrap-os/tasks/centos.yml
index fcd20d562ea860e22769ef74c1c0198b7954ddaa..11559a87244f17918f2f3adeb0edf338f8e78f8c 100644
--- a/roles/bootstrap-os/tasks/centos.yml
+++ b/roles/bootstrap-os/tasks/centos.yml
@@ -12,7 +12,7 @@
value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
- mode: 0644
+ mode: "0644"
become: true
when: not skip_http_proxy_on_os_packages
@@ -21,7 +21,7 @@
get_url:
url: https://yum.oracle.com/public-yum-ol7.repo
dest: /etc/yum.repos.d/public-yum-ol7.repo
- mode: 0644
+ mode: "0644"
when:
- use_oracle_public_repo | default(true)
- '''ID="ol"'' in os_release.stdout_lines'
@@ -34,7 +34,7 @@
section: "{{ item }}"
option: enabled
value: "1"
- mode: 0644
+ mode: "0644"
with_items:
- ol7_latest
- ol7_addons
@@ -59,7 +59,7 @@
section: "ol{{ ansible_distribution_major_version }}_addons"
option: "{{ item.option }}"
value: "{{ item.value }}"
- mode: 0644
+ mode: "0644"
with_items:
- { option: "name", value: "ol{{ ansible_distribution_major_version }}_addons" }
- { option: "enabled", value: "1" }
@@ -75,7 +75,7 @@
section: "extras"
option: "{{ item.option }}"
value: "{{ item.value }}"
- mode: 0644
+ mode: "0644"
with_items:
- { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" }
- { option: "enabled", value: "1" }
diff --git a/roles/bootstrap-os/tasks/fedora.yml b/roles/bootstrap-os/tasks/fedora.yml
index 85f8ff563e99005801fd71a260eee215963952de..d4a43c31448eb999a335b5681c032cf201bb927e 100644
--- a/roles/bootstrap-os/tasks/fedora.yml
+++ b/roles/bootstrap-os/tasks/fedora.yml
@@ -17,7 +17,7 @@
value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
- mode: 0644
+ mode: "0644"
become: true
when: not skip_http_proxy_on_os_packages
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index b8f676fae31468ca0800e426b84d1126e89096bd..e62fbf49654e30bb2bfa525dd46d63826f293b01 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -36,7 +36,7 @@
file:
path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}"
state: directory
- mode: 0700
+ mode: "0700"
- name: Gather facts
setup:
@@ -61,4 +61,4 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
diff --git a/roles/bootstrap-os/tasks/redhat.yml b/roles/bootstrap-os/tasks/redhat.yml
index c3621466ee665ab5dfa8578564e6d66782417c8f..0aae5a0d6ccb68fd866dee3b5fe6816b78eb1d64 100644
--- a/roles/bootstrap-os/tasks/redhat.yml
+++ b/roles/bootstrap-os/tasks/redhat.yml
@@ -12,7 +12,7 @@
value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
- mode: 0644
+ mode: "0644"
become: true
when: not skip_http_proxy_on_os_packages
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index f1b97771762660f75d05a21f5d542957e72ab677..657d1ad75158651d7dc09624c165579b4acbfd95 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -35,7 +35,7 @@
unarchive:
src: "{{ downloads.containerd.dest }}"
dest: "{{ containerd_bin_dir }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
extra_opts:
- --strip-components=1
@@ -60,7 +60,7 @@
template:
src: containerd.service.j2
dest: /etc/systemd/system/containerd.service
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
@@ -70,7 +70,7 @@
file:
dest: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
owner: root
group: root
with_items:
@@ -83,7 +83,7 @@
template:
src: http-proxy.conf.j2
dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
- mode: 0644
+ mode: "0644"
notify: Restart containerd
when: http_proxy is defined or https_proxy is defined
@@ -102,7 +102,7 @@
content: "{{ item.value }}"
dest: "{{ containerd_cfg_dir }}/{{ item.key }}"
owner: "root"
- mode: 0644
+ mode: "0644"
with_dict: "{{ containerd_base_runtime_specs | default({}) }}"
notify: Restart containerd
@@ -111,7 +111,7 @@
src: config.toml.j2
dest: "{{ containerd_cfg_dir }}/config.toml"
owner: "root"
- mode: 0640
+ mode: "0640"
notify: Restart containerd
- name: Containerd | Configure containerd registries
@@ -121,13 +121,13 @@
file:
path: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}"
state: directory
- mode: 0755
+ mode: "0755"
loop: "{{ containerd_registries_mirrors }}"
- name: Containerd | Write hosts.toml file
template:
src: hosts.toml.j2
dest: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}/hosts.toml"
- mode: 0640
+ mode: "0640"
loop: "{{ containerd_registries_mirrors }}"
# you can sometimes end up in a state where everything is installed
diff --git a/roles/container-engine/cri-dockerd/molecule/default/prepare.yml b/roles/container-engine/cri-dockerd/molecule/default/prepare.yml
index 83449f842f636c0b39fff9c9cc2d954c4d668efe..b5328422a8d9a9facac30d0ae8ea272bbdb49f61 100644
--- a/roles/container-engine/cri-dockerd/molecule/default/prepare.yml
+++ b/roles/container-engine/cri-dockerd/molecule/default/prepare.yml
@@ -28,7 +28,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -37,12 +37,12 @@
path: /etc/cni/net.d
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/cri-dockerd/tasks/main.yml b/roles/container-engine/cri-dockerd/tasks/main.yml
index 730e379eb639cfdbd26a13ea6ec2173a985f6e41..f7d1b1831b7863ffabafe839a0fbccf11464e83e 100644
--- a/roles/container-engine/cri-dockerd/tasks/main.yml
+++ b/roles/container-engine/cri-dockerd/tasks/main.yml
@@ -8,7 +8,7 @@
copy:
src: "{{ local_release_dir }}/cri-dockerd"
dest: "{{ bin_dir }}/cri-dockerd"
- mode: 0755
+ mode: "0755"
remote_src: true
notify:
- Restart and enable cri-dockerd
@@ -17,7 +17,7 @@
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{ item }}'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/container-engine/cri-o/molecule/default/prepare.yml b/roles/container-engine/cri-o/molecule/default/prepare.yml
index 103b0d33e57598a552cd4680cfa687267f46b731..c769d7cd2d34924998a9d235a790ba9a069a2024 100644
--- a/roles/container-engine/cri-o/molecule/default/prepare.yml
+++ b/roles/container-engine/cri-o/molecule/default/prepare.yml
@@ -33,7 +33,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -42,12 +42,12 @@
path: /etc/cni/net.d
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 2d73e74e232467e83508feddbe2e2617b3a331aa..a7b234563dcd75eef8d2f332e1dc259ca15255db 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -56,27 +56,27 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Cri-o | install cri-o config
template:
src: crio.conf.j2
dest: /etc/crio/crio.conf
- mode: 0644
+ mode: "0644"
register: config_install
- name: Cri-o | install config.json
template:
src: config.json.j2
dest: /etc/crio/config.json
- mode: 0644
+ mode: "0644"
register: reg_auth_install
- name: Cri-o | copy binaries
copy:
src: "{{ local_release_dir }}/cri-o/bin/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
- mode: 0755
+ mode: "0755"
remote_src: true
with_items:
- "{{ crio_bin_files }}"
@@ -86,7 +86,7 @@
copy:
src: "{{ local_release_dir }}/cri-o/contrib/crio.service"
dest: /etc/systemd/system/crio.service
- mode: 0755
+ mode: "0755"
remote_src: true
notify: Restart crio
@@ -115,7 +115,7 @@
copy:
src: "{{ local_release_dir }}/cri-o/contrib/policy.json"
dest: /etc/containers/policy.json
- mode: 0755
+ mode: "0755"
remote_src: true
notify: Restart crio
@@ -123,7 +123,7 @@
copy:
src: mounts.conf
dest: /etc/containers/mounts.conf
- mode: 0644
+ mode: "0644"
when:
- ansible_os_family == 'RedHat'
notify: Restart crio
@@ -133,7 +133,7 @@
path: /etc/containers/oci/hooks.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Cri-o | set overlay driver
community.general.ini_file:
@@ -141,7 +141,7 @@
section: storage
option: "{{ item.option }}"
value: "{{ item.value }}"
- mode: 0644
+ mode: "0644"
with_items:
- option: driver
value: '"overlay"'
@@ -157,20 +157,20 @@
section: storage.options.overlay
option: mountopt
value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}'
- mode: 0644
+ mode: "0644"
- name: Cri-o | create directory registries configs
file:
path: /etc/containers/registries.conf.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Cri-o | write registries configs
template:
src: registry.conf.j2
dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':|/', '_') }}.conf"
- mode: 0644
+ mode: "0644"
loop: "{{ crio_registries }}"
notify: Restart crio
@@ -178,14 +178,14 @@
template:
src: unqualified.conf.j2
dest: "/etc/containers/registries.conf.d/01-unqualified.conf"
- mode: 0644
+ mode: "0644"
notify: Restart crio
- name: Cri-o | write cri-o proxy drop-in
template:
src: http-proxy.conf.j2
dest: /etc/systemd/system/crio.service.d/http-proxy.conf
- mode: 0644
+ mode: "0644"
notify: Restart crio
when: http_proxy is defined or https_proxy is defined
diff --git a/roles/container-engine/cri-o/tasks/setup-amazon.yaml b/roles/container-engine/cri-o/tasks/setup-amazon.yaml
index e6e099d65fbdccc2a435f2fd0ea1fb0fea1242fc..2462c30fdfd17a76170e7e076a8e517cae080d2a 100644
--- a/roles/container-engine/cri-o/tasks/setup-amazon.yaml
+++ b/roles/container-engine/cri-o/tasks/setup-amazon.yaml
@@ -20,7 +20,7 @@
option: enabled
value: "0"
backup: yes
- mode: 0644
+ mode: "0644"
when:
- amzn2_extras_file_stat.stat.exists
- not amzn2_extras_docker_repo.changed
diff --git a/roles/container-engine/crictl/handlers/main.yml b/roles/container-engine/crictl/handlers/main.yml
index 53195869fed77facd06bc190205efd1115dc0801..785823fc4b86aaf7a37bfcba05b4d9a9dcf70da6 100644
--- a/roles/container-engine/crictl/handlers/main.yml
+++ b/roles/container-engine/crictl/handlers/main.yml
@@ -9,4 +9,4 @@
copy:
dest: /etc/bash_completion.d/crictl
content: "{{ cri_completion.stdout }}"
- mode: 0644
+ mode: "0644"
diff --git a/roles/container-engine/crictl/tasks/crictl.yml b/roles/container-engine/crictl/tasks/crictl.yml
index cffa050560089e8473cd4aca7f0bacb86ac6893e..72bde5d3525a585b326d1ec9b97b688e7a1129be 100644
--- a/roles/container-engine/crictl/tasks/crictl.yml
+++ b/roles/container-engine/crictl/tasks/crictl.yml
@@ -9,13 +9,13 @@
src: crictl.yaml.j2
dest: /etc/crictl.yaml
owner: root
- mode: 0644
+ mode: "0644"
- name: Copy crictl binary from download dir
copy:
src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl"
- mode: 0755
+ mode: "0755"
remote_src: true
notify:
- Get crictl completion
diff --git a/roles/container-engine/crun/tasks/main.yml b/roles/container-engine/crun/tasks/main.yml
index c21bb3ffee34400bbe4a7e754249500112883b91..f4ec7645954738a403b9afb14870a0658b39f65b 100644
--- a/roles/container-engine/crun/tasks/main.yml
+++ b/roles/container-engine/crun/tasks/main.yml
@@ -8,5 +8,5 @@
copy:
src: "{{ downloads.crun.dest }}"
dest: "{{ bin_dir }}/crun"
- mode: 0755
+ mode: "0755"
remote_src: true
diff --git a/roles/container-engine/docker-storage/tasks/main.yml b/roles/container-engine/docker-storage/tasks/main.yml
index ec129753ddc3f3de38bf6292f7f5353ba9fc6493..e3c713db22cc021eb64fda0915519896e38f4344 100644
--- a/roles/container-engine/docker-storage/tasks/main.yml
+++ b/roles/container-engine/docker-storage/tasks/main.yml
@@ -10,12 +10,12 @@
template:
src: docker-storage-setup.j2
dest: /etc/sysconfig/docker-storage-setup
- mode: 0644
+ mode: "0644"
- name: Docker-storage-override-directory | docker service storage-setup override dir
file:
dest: /etc/systemd/system/docker.service.d
- mode: 0755
+ mode: "0755"
owner: root
group: root
state: directory
@@ -30,7 +30,7 @@
owner: root
group: root
- mode: 0644
+ mode: "0644"
# https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository
- name: Docker-storage-setup | install lvm2
diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml
index 1ccee8c4c1b2a910c3bd982468cf4f65384b00a5..55b3a0be6c5a821dfd0fbc7c9e871e5498534620 100644
--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@@ -82,14 +82,14 @@
template:
src: "fedora_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker.repo"
- mode: 0644
+ mode: "0644"
when: ansible_distribution == "Fedora" and not is_ostree
- name: Configure docker repository on RedHat/CentOS/OracleLinux/AlmaLinux/KylinLinux
template:
src: "rh_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker-ce.repo"
- mode: 0644
+ mode: "0644"
when:
- ansible_os_family == "RedHat"
- ansible_distribution != "Fedora"
diff --git a/roles/container-engine/docker/tasks/systemd.yml b/roles/container-engine/docker/tasks/systemd.yml
index 57d9b9c5a64826b846fdd87f3bbf8c8a53709aab..22fe3a02d4d8006acdc6b76d151bde263df4041e 100644
--- a/roles/container-engine/docker/tasks/systemd.yml
+++ b/roles/container-engine/docker/tasks/systemd.yml
@@ -3,13 +3,13 @@
file:
path: /etc/systemd/system/docker.service.d
state: directory
- mode: 0755
+ mode: "0755"
- name: Write docker proxy drop-in
template:
src: http-proxy.conf.j2
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
- mode: 0644
+ mode: "0644"
notify: Restart docker
when: http_proxy is defined or https_proxy is defined
@@ -27,7 +27,7 @@
template:
src: docker.service.j2
dest: /etc/systemd/system/docker.service
- mode: 0644
+ mode: "0644"
register: docker_service_file
notify: Restart docker
when:
@@ -38,14 +38,14 @@
template:
src: docker-options.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-options.conf"
- mode: 0644
+ mode: "0644"
notify: Restart docker
- name: Write docker dns systemd drop-in
template:
src: docker-dns.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-dns.conf"
- mode: 0644
+ mode: "0644"
notify: Restart docker
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
@@ -53,14 +53,14 @@
copy:
src: cleanup-docker-orphans.sh
dest: "{{ bin_dir }}/cleanup-docker-orphans.sh"
- mode: 0755
+ mode: "0755"
when: docker_orphan_clean_up | bool
- name: Write docker orphan clean up systemd drop-in
template:
src: docker-orphan-cleanup.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf"
- mode: 0644
+ mode: "0644"
notify: Restart docker
when: docker_orphan_clean_up | bool
diff --git a/roles/container-engine/gvisor/molecule/default/prepare.yml b/roles/container-engine/gvisor/molecule/default/prepare.yml
index 3ec3602258b9c8e3f088e4e97e147000d8d8991c..57c21f2dda2beaccf8b1ad76c05c596f4cfc97d3 100644
--- a/roles/container-engine/gvisor/molecule/default/prepare.yml
+++ b/roles/container-engine/gvisor/molecule/default/prepare.yml
@@ -29,7 +29,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -38,12 +38,12 @@
path: /etc/cni/net.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/gvisor/tasks/main.yml b/roles/container-engine/gvisor/tasks/main.yml
index 1a8277b7297b210d6167b832ffe28b60ddb953bb..13b19a2f6fadc0a31813485ada4f48ab86a1085c 100644
--- a/roles/container-engine/gvisor/tasks/main.yml
+++ b/roles/container-engine/gvisor/tasks/main.yml
@@ -13,7 +13,7 @@
copy:
src: "{{ item.src }}"
dest: "{{ bin_dir }}/{{ item.dest }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
with_items:
- { src: "{{ downloads.gvisor_runsc.dest }}", dest: "runsc" }
diff --git a/roles/container-engine/kata-containers/molecule/default/prepare.yml b/roles/container-engine/kata-containers/molecule/default/prepare.yml
index 9d7019a6de1376777e8c59a60711bbebe7f6a025..a5abd27bb45cff0a08ce9aa846345d1985c272aa 100644
--- a/roles/container-engine/kata-containers/molecule/default/prepare.yml
+++ b/roles/container-engine/kata-containers/molecule/default/prepare.yml
@@ -29,7 +29,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -38,12 +38,12 @@
path: /etc/cni/net.d
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/kata-containers/tasks/main.yml b/roles/container-engine/kata-containers/tasks/main.yml
index e795b1f8da20f68769bd588ffcfba486f943855c..38778987d4421eecec5889e7b900c3da629242d7 100644
--- a/roles/container-engine/kata-containers/tasks/main.yml
+++ b/roles/container-engine/kata-containers/tasks/main.yml
@@ -8,7 +8,7 @@
unarchive:
src: "{{ downloads.kata_containers.dest }}"
dest: "/"
- mode: 0755
+ mode: "0755"
owner: root
group: root
remote_src: yes
@@ -17,13 +17,13 @@
file:
path: "{{ kata_containers_config_dir }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Kata-containers | Set configuration
template:
src: "{{ item }}.j2"
dest: "{{ kata_containers_config_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- configuration-qemu.toml
@@ -33,7 +33,7 @@
template:
dest: "{{ kata_containers_containerd_bin_dir }}/containerd-shim-kata-{{ item }}-v2"
src: containerd-shim-kata-v2.j2
- mode: 0755
+ mode: "0755"
with_items:
- qemu
@@ -48,7 +48,7 @@
- name: Kata-containers | Persist vhost kernel modules
copy:
dest: /etc/modules-load.d/kubespray-kata-containers.conf
- mode: 0644
+ mode: "0644"
content: |
vhost_vsock
vhost_net
diff --git a/roles/container-engine/nerdctl/handlers/main.yml b/roles/container-engine/nerdctl/handlers/main.yml
index 27895ff742f574d02f7682c315c0b68bfa3228fc..98de60c1c3ebcf52d5fa95132f71d0c25ffaffc2 100644
--- a/roles/container-engine/nerdctl/handlers/main.yml
+++ b/roles/container-engine/nerdctl/handlers/main.yml
@@ -9,4 +9,4 @@
copy:
dest: /etc/bash_completion.d/nerdctl
content: "{{ nerdctl_completion.stdout }}"
- mode: 0644
+ mode: "0644"
diff --git a/roles/container-engine/nerdctl/tasks/main.yml b/roles/container-engine/nerdctl/tasks/main.yml
index e4e4ebd15841b39f97a84b4a654ee48a3a166dac..d3cd0070cac2d23fff828bfabcf3ae7c04a6ce2f 100644
--- a/roles/container-engine/nerdctl/tasks/main.yml
+++ b/roles/container-engine/nerdctl/tasks/main.yml
@@ -8,7 +8,7 @@
copy:
src: "{{ local_release_dir }}/nerdctl"
dest: "{{ bin_dir }}/nerdctl"
- mode: 0755
+ mode: "0755"
remote_src: true
owner: root
group: root
@@ -21,7 +21,7 @@
file:
path: /etc/nerdctl
state: directory
- mode: 0755
+ mode: "0755"
owner: root
group: root
become: true
@@ -30,7 +30,7 @@
template:
src: nerdctl.toml.j2
dest: /etc/nerdctl/nerdctl.toml
- mode: 0644
+ mode: "0644"
owner: root
group: root
become: true
diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml
index 542a447d5a505c2c5405f037a5e0c6dd4413852e..3ee3fdae05f106403527cc85921a7700e9b65b5f 100644
--- a/roles/container-engine/runc/tasks/main.yml
+++ b/roles/container-engine/runc/tasks/main.yml
@@ -27,7 +27,7 @@
copy:
src: "{{ downloads.runc.dest }}"
dest: "{{ runc_bin_dir }}/runc"
- mode: 0755
+ mode: "0755"
remote_src: true
- name: Runc | Remove orphaned binary
diff --git a/roles/container-engine/skopeo/tasks/main.yml b/roles/container-engine/skopeo/tasks/main.yml
index cef0424cd12ced5fece2b7dd7121d7a8562839e6..95bb9697fb16d50a26af3e674df4dad08d70ca5b 100644
--- a/roles/container-engine/skopeo/tasks/main.yml
+++ b/roles/container-engine/skopeo/tasks/main.yml
@@ -28,5 +28,5 @@
copy:
src: "{{ downloads.skopeo.dest }}"
dest: "{{ bin_dir }}/skopeo"
- mode: 0755
+ mode: "0755"
remote_src: true
diff --git a/roles/container-engine/youki/molecule/default/prepare.yml b/roles/container-engine/youki/molecule/default/prepare.yml
index 119f58addb82012ec0d6439b601b0055ff21bcd9..a72bdad7f5d5f09405c5c59501e764d83f14ea4c 100644
--- a/roles/container-engine/youki/molecule/default/prepare.yml
+++ b/roles/container-engine/youki/molecule/default/prepare.yml
@@ -29,7 +29,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -38,12 +38,12 @@
path: /etc/cni/net.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/youki/tasks/main.yml b/roles/container-engine/youki/tasks/main.yml
index e88f663e3a5cfbe5bd1cebd1cf5a5052a25d224a..86182a3663e975f70aada4b9bbc78414964d2a9b 100644
--- a/roles/container-engine/youki/tasks/main.yml
+++ b/roles/container-engine/youki/tasks/main.yml
@@ -8,5 +8,5 @@
copy:
src: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki"
- mode: 0755
+ mode: "0755"
remote_src: true
diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml
index 9773366f0185a5c84a6c868a92e59cf6993a16e6..00dd33a28ebefab2e69601a03e1005f8860a7320 100644
--- a/roles/download/tasks/download_file.yml
+++ b/roles/download/tasks/download_file.yml
@@ -22,7 +22,7 @@
file:
path: "{{ download.dest | dirname }}"
owner: "{{ download.owner | default(omit) }}"
- mode: 0755
+ mode: "0755"
state: directory
recurse: yes
diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml
index 58e50849161e5c68ffd81383c74bccf854d79c2b..a8a79d711152505955f8e6fa6e050b45c032c0bd 100644
--- a/roles/download/tasks/prep_download.yml
+++ b/roles/download/tasks/prep_download.yml
@@ -69,7 +69,7 @@
file:
path: "{{ local_release_dir }}/images"
state: directory
- mode: 0755
+ mode: "0755"
owner: "{{ ansible_ssh_user | default(ansible_user_id) }}"
when:
- ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
@@ -78,7 +78,7 @@
file:
path: "{{ download_cache_dir }}/images"
state: directory
- mode: 0755
+ mode: "0755"
delegate_to: localhost
connection: local
delegate_facts: no
diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml
index fdfed1d0886f877664f5639961d1c781b1d8073b..ca7055c49672bdba41a9bd853a9aa21c988a1796 100644
--- a/roles/download/tasks/prep_kubeadm_images.yml
+++ b/roles/download/tasks/prep_kubeadm_images.yml
@@ -18,7 +18,7 @@
template:
src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
- mode: 0644
+ mode: "0644"
when:
- not skip_kubeadm_images | default(false)
@@ -26,7 +26,7 @@
copy:
src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm"
- mode: 0755
+ mode: "0755"
remote_src: true
- name: Prep_kubeadm_images | Set kubeadm binary permissions
diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml
index b79dd014865dde311802c9c8213f303e4c169f11..9c05a3ad00f1e6bf80a81ce531383102a3d20fbb 100644
--- a/roles/etcd/handlers/backup.yml
+++ b/roles/etcd/handlers/backup.yml
@@ -16,7 +16,7 @@
state: directory
owner: root
group: root
- mode: 0600
+ mode: "0600"
listen: Restart etcd
when: etcd_cluster_is_healthy.rc == 0
diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml
index 438dbc7df783427f04363a00a4ea1a4c9f70b9ba..6afc5eba010769db53ef214ccaedfa7a4ad5a270 100644
--- a/roles/etcd/tasks/configure.yml
+++ b/roles/etcd/tasks/configure.yml
@@ -50,7 +50,7 @@
src: "etcd-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd.service
backup: yes
- mode: 0644
+ mode: "0644"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service'"
@@ -61,7 +61,7 @@
src: "etcd-events-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd-events.service
backup: yes
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml
index 33e9d94c68004de2aa887e940fe60cffc3e6e18f..711c14d64795cb83bb1cf22b8db2cd316eaf9f50 100644
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@@ -13,7 +13,7 @@
path: "{{ etcd_script_dir }}"
state: directory
owner: root
- mode: 0700
+ mode: "0700"
run_once: yes
when: inventory_hostname == groups['etcd'][0]
@@ -21,7 +21,7 @@
template:
src: "openssl.conf.j2"
dest: "{{ etcd_config_dir }}/openssl.conf"
- mode: 0640
+ mode: "0640"
run_once: yes
delegate_to: "{{ groups['etcd'][0] }}"
when:
@@ -32,7 +32,7 @@
template:
src: "make-ssl-etcd.sh.j2"
dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh"
- mode: 0700
+ mode: "0700"
run_once: yes
when:
- gen_certs | default(false)
@@ -90,7 +90,7 @@
content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}"
owner: "{{ etcd_owner }}"
- mode: 0640
+ mode: "0640"
with_items: "{{ etcd_master_certs.results }}"
when:
- inventory_hostname in groups['etcd']
@@ -122,7 +122,7 @@
content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}"
owner: "{{ etcd_owner }}"
- mode: 0640
+ mode: "0640"
with_items: "{{ etcd_master_node_certs.results }}"
when:
- inventory_hostname in groups['etcd']
diff --git a/roles/etcd/tasks/install_docker.yml b/roles/etcd/tasks/install_docker.yml
index cc2fdecf51e29b9feb64671365fc4d3c45f6b469..a7aba5094c589ca22c62a281699eb7fc188a5122 100644
--- a/roles/etcd/tasks/install_docker.yml
+++ b/roles/etcd/tasks/install_docker.yml
@@ -28,7 +28,7 @@
src: etcd.j2
dest: "{{ bin_dir }}/etcd"
owner: 'root'
- mode: 0750
+ mode: "0750"
backup: yes
when: etcd_cluster_setup
@@ -37,6 +37,6 @@
src: etcd-events.j2
dest: "{{ bin_dir }}/etcd-events"
owner: 'root'
- mode: 0750
+ mode: "0750"
backup: yes
when: etcd_events_cluster_setup
diff --git a/roles/etcd/tasks/install_host.yml b/roles/etcd/tasks/install_host.yml
index d4baa2aac88eb19013d1e8bf6c88ac8bfdf95002..7bfc7e2ab021fda58c325340a9a480d57d58b2a0 100644
--- a/roles/etcd/tasks/install_host.yml
+++ b/roles/etcd/tasks/install_host.yml
@@ -24,7 +24,7 @@
copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
with_items:
- etcd
diff --git a/roles/etcd/tasks/refresh_config.yml b/roles/etcd/tasks/refresh_config.yml
index d5e0045325c24bde9919bef1690e0d5e32fc0ced..effebbddbef4dcf04348af4a690f3f76621f50e4 100644
--- a/roles/etcd/tasks/refresh_config.yml
+++ b/roles/etcd/tasks/refresh_config.yml
@@ -3,7 +3,7 @@
template:
src: etcd.env.j2
dest: /etc/etcd.env
- mode: 0640
+ mode: "0640"
notify: Restart etcd
when: is_etcd_master and etcd_cluster_setup
@@ -11,6 +11,6 @@
template:
src: etcd-events.env.j2
dest: /etc/etcd-events.env
- mode: 0640
+ mode: "0640"
notify: Restart etcd-events
when: is_etcd_master and etcd_events_cluster_setup
diff --git a/roles/etcd/tasks/upd_ca_trust.yml b/roles/etcd/tasks/upd_ca_trust.yml
index 22c5901e54b8cd28b1f4676fc901b0c627004338..ec81e17f16dd60b65fde2f8a13aa439c9acaa054 100644
--- a/roles/etcd/tasks/upd_ca_trust.yml
+++ b/roles/etcd/tasks/upd_ca_trust.yml
@@ -21,7 +21,7 @@
src: "{{ etcd_cert_dir }}/ca.pem"
dest: "{{ ca_cert_path }}"
remote_src: true
- mode: 0640
+ mode: "0640"
register: etcd_ca_cert
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Flatcar) # noqa no-handler
diff --git a/roles/etcdctl_etcdutl/tasks/main.yml b/roles/etcdctl_etcdutl/tasks/main.yml
index be0eea4e76aeafb927914d965feab982b634b4a1..b9e6832f549841c2205107a01098f9dfbc65991c 100644
--- a/roles/etcdctl_etcdutl/tasks/main.yml
+++ b/roles/etcdctl_etcdutl/tasks/main.yml
@@ -31,7 +31,7 @@
copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
with_items:
- etcdctl
@@ -42,4 +42,4 @@
template:
src: etcdctl.sh.j2
dest: "{{ bin_dir }}/etcdctl.sh"
- mode: 0755
+ mode: "0755"
diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml
index 897c6189ff57cf7440d834e1f90ed132497f8807..46e2006b9997a34f30d3a1fb367c277ab0b3554c 100644
--- a/roles/kubernetes-apps/ansible/tasks/coredns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
loop:
- { name: coredns, file: coredns-clusterrole.yml, type: clusterrole }
- { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding }
@@ -31,7 +31,7 @@
template:
src: "{{ item.src }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
- { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
diff --git a/roles/kubernetes-apps/ansible/tasks/dashboard.yml b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
index 480b3dbf1dc39bad943d5fcc45a171fc0f0c544c..5872674775a929d05bef6be5789d8ce8c6dc86c5 100644
--- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml
+++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { file: dashboard.yml, type: deploy, name: kubernetes-dashboard }
register: manifests
diff --git a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
index 548de89fd81aa33882b395c830c65ea74be53867..580ab66db367b41521a6f9ee8aaae75141fbd566 100644
--- a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
+++ b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics }
- { file: etcd_metrics-service.yml, type: service, name: etcd-metrics }
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 0011e7fc88d4c31b764be04a466ad4a17dc61436..2cf4b5dc9c0d155374e804bc87d4cb9e5d2523e6 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -29,7 +29,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ netchecker_templates }}"
register: manifests
when:
diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
index b438afb88c4f968c99c2116ed6499791a2ced40b..7e522e29ec09f71d476ab0553c3d4b3dce62a601 100644
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -20,7 +20,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
- { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
@@ -51,7 +51,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
register: nodelocaldns_second_manifests
diff --git a/roles/kubernetes-apps/argocd/tasks/main.yml b/roles/kubernetes-apps/argocd/tasks/main.yml
index e11f0976bf3093dd90a8e2cc02ca43c457a16c28..3cfe06fc7ba8c483c054f9e56e1b04ee9ffecb75 100644
--- a/roles/kubernetes-apps/argocd/tasks/main.yml
+++ b/roles/kubernetes-apps/argocd/tasks/main.yml
@@ -36,7 +36,7 @@
url: "{{ item.url }}"
unarchive: false
owner: "root"
- mode: 0644
+ mode: "0644"
sha256: ""
download: "{{ download_defaults | combine(download_argocd) }}"
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
@@ -73,7 +73,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}"
loop_control:
label: "{{ item.file }}"
diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
index 6bfcc25e42ad7f13df47a0827b11ea9a93f6be2f..a5913ecc78b99357fcb99eefff9f1b28c3ec7e61 100644
--- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
+++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
@@ -7,7 +7,7 @@
template:
src: controller-manager-config.yml.j2
dest: "{{ kube_config_dir }}/controller-manager-config.yml"
- mode: 0644
+ mode: "0644"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: "OCI Cloud Controller | Slurp Configuration"
@@ -24,7 +24,7 @@
template:
src: oci-cloud-provider.yml.j2
dest: "{{ kube_config_dir }}/oci-cloud-provider.yml"
- mode: 0644
+ mode: "0644"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: "OCI Cloud Controller | Apply Manifests"
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index fdb3205d6cb848ad02b2ef501a00ea604881ce53..8d7230e0af028517bfb717d99c56c5568a9d662c 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -15,7 +15,7 @@
template:
src: "node-crb.yml.j2"
dest: "{{ kube_config_dir }}/node-crb.yml"
- mode: 0640
+ mode: "0640"
register: node_crb_manifest
when:
- rbac_enabled
@@ -70,7 +70,7 @@
copy:
src: k8s-cluster-critical-pc.yml
dest: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'] | last
- name: PriorityClass | Create k8s-cluster-critical
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
index eb074634e7c5b6fd2eb867057c54b72300bca54d..e5bef6701db5383b4e157a2c294e1310035ca46d 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
@@ -3,7 +3,7 @@
copy:
src: "oci-rbac.yml"
dest: "{{ kube_config_dir }}/oci-rbac.yml"
- mode: 0640
+ mode: "0640"
when:
- cloud_provider is defined
- cloud_provider == 'oci'
diff --git a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
index 8cba9bf3774500cb7117bd3aef94d226107974a7..325fb5f21b101aaaefd35bc7d3771206805a20fe 100644
--- a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
+++ b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
@@ -26,14 +26,14 @@
path: "{{ kube_config_dir }}/addons/container_engine_accelerator"
owner: root
group: root
- mode: 0755
+ mode: "0755"
recurse: true
- name: Container Engine Acceleration Nvidia GPU | Create manifests for nvidia accelerators
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: nvidia-driver-install-daemonset, file: nvidia-driver-install-daemonset.yml, type: daemonset }
- { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset }
diff --git a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
index 90562f229a14891269ab77bb0b87cc7ff96c2012..143c8d843181c6b5ffed2fa9b854177e7dd2a2b6 100644
--- a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
@@ -4,7 +4,7 @@
path: "{{ kube_config_dir }}/addons/gvisor"
owner: root
group: root
- mode: 0755
+ mode: "0755"
recurse: true
- name: GVisor | Templates List
@@ -16,7 +16,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ gvisor_templates }}"
register: gvisor_manifests
when:
diff --git a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
index a07c7c2883163bf7e0231167da021d6908e58997..cd85a6d6921c870c54e296811d3aa55402fa8606 100644
--- a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
@@ -5,7 +5,7 @@
path: "{{ kube_config_dir }}/addons/kata_containers"
owner: root
group: root
- mode: 0755
+ mode: "0755"
recurse: true
- name: Kata Containers | Templates list
@@ -17,7 +17,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/kata_containers/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ kata_containers_templates }}"
register: kata_containers_manifests
when:
diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
index 5570dccfdb83415e0ecb5b40fc63214109197694..fc905e445d7ad318a81abcb05a1c97bc6ad76517 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: aws-ebs-csi-driver, file: aws-ebs-csi-driver.yml}
- {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice-rbac.yml}
diff --git a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
index a94656f488ad531807f60f347187877799341475..82d222e505288301d6fdb6a674cc341640185904 100644
--- a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
@@ -7,7 +7,7 @@
src: "azure-csi-cloud-config.j2"
dest: "{{ kube_config_dir }}/azure_csi_cloud_config"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: Azure CSI Driver | Get base64 cloud-config
@@ -20,7 +20,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml}
- {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml}
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
index c6d14a2aa4e2e5ea344b6c090ba95f3541422397..dd614fe6c4cfee5f925c15f197f90683326a75d5 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
@@ -7,5 +7,5 @@
src: "{{ cinder_cacert }}"
dest: "{{ kube_config_dir }}/cinder-cacert.pem"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
delegate_to: "{{ delegate_host_to_write_cacert }}"
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
index 47ce6cd89eceb804bd5a9a28ed314f14759b53f5..f2d1026e8815980e4ac08b88db7c017e1029059f 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
@@ -18,7 +18,7 @@
src: "cinder-csi-cloud-config.j2"
dest: "{{ kube_config_dir }}/cinder_cloud_config"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: Cinder CSI Driver | Get base64 cloud-config
@@ -31,7 +31,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: cinder-csi-driver, file: cinder-csi-driver.yml}
- {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml}
diff --git a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
index 47909312007f76a34690774a30b69038ae625a64..75111db580acf6f1580d6f75ea9036abd41916c8 100644
--- a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: volumesnapshotclasses, file: volumesnapshotclasses.yml}
- {name: volumesnapshotcontents, file: volumesnapshotcontents.yml}
diff --git a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
index be511caa45729669cb182c3b6ebf0379d5ac11ce..6ae54d46645857fe5c691875f5c725937c9ccc2b 100644
--- a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
@@ -9,7 +9,7 @@
src: "{{ gcp_pd_csi_sa_cred_file }}"
dest: "{{ kube_config_dir }}/cloud-sa.json"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: GCP PD CSI Driver | Get base64 cloud-sa.json
@@ -22,7 +22,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: gcp-pd-csi-cred-secret, file: gcp-pd-csi-cred-secret.yml}
- {name: gcp-pd-csi-setup, file: gcp-pd-csi-setup.yml}
diff --git a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
index 8f0b69f8c8615570c0fc1886036a3bfb6b8ad2d7..aafb0fdb4b1edc5f639b39fabaded3df79050326 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
@@ -16,7 +16,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: upcloud-csi-cred-secret, file: upcloud-csi-cred-secret.yml}
- {name: upcloud-csi-setup, file: upcloud-csi-setup.yml}
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
index 102dd8be0bf1f27a59c4ed0d35f00a2f0a9d0e94..6bbb4ffa4ad8188c56cc647921e9734d84fcc3cd 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
@@ -6,7 +6,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0640
+ mode: "0640"
with_items:
- vsphere-csi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -15,7 +15,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- vsphere-csi-namespace.yml
- vsphere-csi-driver.yml
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
index c626e78e9a9673f6bc855b1a484654275be967a6..6b482ccd3bcbbb1e0e47439907698c27844769d6 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
@@ -4,7 +4,7 @@
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
with_items:
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
index 880be0dfc5811e31ed2128c6c96dd88f8f21bdf6..3d82ded7721dc24ae78374f06582f2f68d6604e4 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
@@ -24,7 +24,7 @@
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
with_items:
- {name: external-huawei-cloud-config-secret, file: external-huawei-cloud-config-secret.yml}
- {name: external-huawei-cloud-controller-manager-roles, file: external-huawei-cloud-controller-manager-roles.yml}
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
index 787dbb444119a1d5a9f37d43de43415366036186..8c930f3aa907870bdac92336721561bf970c2fb3 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
@@ -24,7 +24,7 @@
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
with_items:
- {name: external-openstack-cloud-config-secret, file: external-openstack-cloud-config-secret.yml}
- {name: external-openstack-cloud-controller-manager-roles, file: external-openstack-cloud-controller-manager-roles.yml}
diff --git a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
index 60b8ec83b2c7a3de3f6f86e952b08bc82766ab53..585eb981781ebfa23fde42abdafbebbb05219726 100644
--- a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
@@ -6,7 +6,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0640
+ mode: "0640"
with_items:
- external-vsphere-cpi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -15,7 +15,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- external-vsphere-cpi-cloud-config-secret.yml
- external-vsphere-cloud-controller-manager-roles.yml
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
index 86cba2d574e5e1e6d810e271eafd3fd0d3581b12..4993eebaba86ddd6f78ab23e7fb4357832d7f87f 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
@@ -33,7 +33,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -54,7 +54,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ cephfs_provisioner_templates }}"
register: cephfs_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
index 71036ca9de4ef02c2973c441cd3478cee7e2356c..f3ae87a375e6538b1a1a2f5e3c952c692645b858 100644
--- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -13,7 +13,7 @@
file:
path: "{{ local_path_provisioner_claim_root }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Local Path Provisioner | Render Template
set_fact:
@@ -30,7 +30,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ local_path_provisioner_templates }}"
register: local_path_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
index 2308b5ca676d0f9f0c05a36e3a2830b082ffc7eb..bc35b4782d59adb68944db9ede6b06d96c1ed2b8 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
@@ -12,7 +12,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Local Volume Provisioner | Templates list
set_fact:
@@ -29,7 +29,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ local_volume_provisioner_templates }}"
register: local_volume_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
index 76445dae08412c75671051db62ca6ee8321b3135..0a1f5b2e2c2ac199f76530a23574af8155b3c72f 100644
--- a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
@@ -33,7 +33,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -54,7 +54,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ rbd_provisioner_templates }}"
register: rbd_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index eae0e217156764e8c2f4e3d47cb9e18b2d9b1dd9..61596aefb02858d969e019529c4a227b0d45d27c 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -32,7 +32,7 @@
copy:
src: "{{ local_release_dir }}/helm-{{ helm_version }}/linux-{{ image_arch }}/helm"
dest: "{{ bin_dir }}/helm"
- mode: 0755
+ mode: "0755"
remote_src: true
- name: Helm | Get helm completion
@@ -45,5 +45,5 @@
copy:
dest: /etc/bash_completion.d/helm.sh
content: "{{ helm_completion.stdout }}"
- mode: 0755
+ mode: "0755"
become: True
diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
index 8a188a4cb35fc8c585697d5d3622cc6b65094d82..451487738e48957b466b7c8cf180648c4297fd7e 100644
--- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
@@ -6,13 +6,13 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: ALB Ingress Controller | Create manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole }
- { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding }
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
index 4af64adc5b79df4bde7a6978be7b1e3be625244e..8012e77d5552d1d6d84f2fc259c0fc44001ce23c 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
@@ -24,7 +24,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -38,7 +38,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ cert_manager_templates }}"
register: cert_manager_manifests
when:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
index 518094af7534aa0a1cc9c5a2c8e7548708d838f7..be26060b86bc3d0d58c28a92b277c282d801625e 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
@@ -6,7 +6,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -50,7 +50,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ ingress_nginx_templates }}"
register: ingress_nginx_manifests
when:
diff --git a/roles/kubernetes-apps/krew/tasks/krew.yml b/roles/kubernetes-apps/krew/tasks/krew.yml
index a8b52010b59fb90d0a37f855cd0ff41a2abedb00..e46dbb48dcc8f94af3f2727c2bda386d7c6b2ae9 100644
--- a/roles/kubernetes-apps/krew/tasks/krew.yml
+++ b/roles/kubernetes-apps/krew/tasks/krew.yml
@@ -8,13 +8,13 @@
template:
src: krew.j2
dest: /etc/bash_completion.d/krew
- mode: 0644
+ mode: "0644"
- name: Krew | Copy krew manifest
template:
src: krew.yml.j2
dest: "{{ local_release_dir }}/krew.yml"
- mode: 0644
+ mode: "0644"
- name: Krew | Install krew # noqa command-instead-of-shell
shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml"
@@ -33,6 +33,6 @@
copy:
dest: /etc/bash_completion.d/krew.sh
content: "{{ krew_completion.stdout }}"
- mode: 0755
+ mode: "0755"
become: True
when: krew_completion.rc == 0
diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml
index 6a804cbef21ad22c987c7700b30943ff92cde290..5e6757b3d22d6b4e482af368318bde6388474320 100644
--- a/roles/kubernetes-apps/metallb/tasks/main.yml
+++ b/roles/kubernetes-apps/metallb/tasks/main.yml
@@ -16,7 +16,7 @@
template:
src: "metallb.yaml.j2"
dest: "{{ kube_config_dir }}/metallb.yaml"
- mode: 0644
+ mode: "0644"
register: metallb_rendering
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -47,7 +47,7 @@
ansible.builtin.template:
src: pools.yaml.j2
dest: "{{ kube_config_dir }}/pools.yaml"
- mode: 0644
+ mode: "0644"
register: pools_rendering
- name: MetalLB | Create address pools configuration
@@ -67,7 +67,7 @@
ansible.builtin.template:
src: layer2.yaml.j2
dest: "{{ kube_config_dir }}/layer2.yaml"
- mode: 0644
+ mode: "0644"
register: layer2_rendering
- name: MetalLB | Create layer2 configuration
@@ -87,7 +87,7 @@
ansible.builtin.template:
src: layer3.yaml.j2
dest: "{{ kube_config_dir }}/layer3.yaml"
- mode: 0644
+ mode: "0644"
register: layer3_rendering
- name: MetalLB | Create layer3 configuration
diff --git a/roles/kubernetes-apps/metrics_server/tasks/main.yml b/roles/kubernetes-apps/metrics_server/tasks/main.yml
index 1fe617de80aace192d7ba1af8b89b9e08882b1bd..3517686cb7e319aa987b2140831a36480d666f68 100644
--- a/roles/kubernetes-apps/metrics_server/tasks/main.yml
+++ b/roles/kubernetes-apps/metrics_server/tasks/main.yml
@@ -19,7 +19,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -39,7 +39,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ metrics_server_templates }}"
register: metrics_server_manifests
when:
diff --git a/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml b/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
index b7e930afe66745ab1126dd539143f8bd7a4c72eb..eb2237a8ccb6a6154b783bd948196e044ab958e6 100644
--- a/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
+++ b/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -31,7 +31,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/node_feature_discovery/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ node_feature_discovery_templates }}"
register: node_feature_discovery_manifests
when:
diff --git a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
index b49acdfbd8ad1118b2db8ff05c3b02d6a2247625..d31f9c6d9f3168db63aff25b624cf55551c6f2c1 100644
--- a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "aws-ebs-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
index 9abffbe1fba01a4910a9d9bde5ce02e1e86533e3..4a2bff006b0131494e0f6b0506662d4894aaa195 100644
--- a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "azure-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
index 52de1c5a29ca925c71856b083e98cfa91c35abda..78ebe78de0f65e570a7d2240032ec00ded17ccfd 100644
--- a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "cinder-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
index 29997e7c6a23e6d7ec9643c042aef33486ae0c62..f58e4cbdeb1b645e8609a30e694d125f1ee3164b 100644
--- a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "gcp-pd-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
index 3387e7ff4763806cca61e9f59fc21f7e5e096727..90b3ad7f4b799609006b325261aee788c35c85a3 100644
--- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "openstack-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
index 26104a092adfe7f624ba9433b708a495ef81ab6c..aed56793783ccb65bd192e6b471a7a628577c788 100644
--- a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "upcloud-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/upcloud-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index ba2eebbce082c8677dc094193662e0ca888239c1..fa0c994a1ee39612ad9edd3c5f7c5e9672c64623 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml
index a915e0773815959c2cf29c72691404e925caa595..4e4979d1ec270a40402c0dd5450dd46c26e4be1a 100644
--- a/roles/kubernetes-apps/registry/tasks/main.yml
+++ b/roles/kubernetes-apps/registry/tasks/main.yml
@@ -31,7 +31,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Registry | Templates list
set_fact:
@@ -54,7 +54,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ registry_templates }}"
register: registry_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -74,7 +74,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: registry-pvc, file: registry-pvc.yml, type: pvc }
register: registry_manifests
diff --git a/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml b/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml
index d17b19128ca82a8d4100bb75a83ac9789439b9be..404a2cb93541f8b837579866d745828285ec1649 100644
--- a/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml
+++ b/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: inventory_hostname == groups['kube_control_plane'][0]
tags:
- scheduler_plugins
@@ -14,7 +14,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/scheduler-plugins/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: appgroup, file: appgroup.diktyo.x-k8s.io_appgroups.yaml, type: crd }
- { name: networktopology, file: networktopology.diktyo.x-k8s.io_networktopologies.yaml, type: crd }
diff --git a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
index 7e9116f155759e061189e9ce6c547279c587781c..35ec4cd85cb3e3045b4465c3ab0139f9fcd8f063 100644
--- a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "cinder-csi-snapshot-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-snapshot-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
index e6da2920a5074c694dcabcc2fae7e6ce93d97992..0c5d3aeba28facbc208d5313f9734e96b3d3c4f4 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
@@ -13,7 +13,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: snapshot-ns, file: snapshot-ns.yml, apply: not snapshot_namespace_exists}
- {name: rbac-snapshot-controller, file: rbac-snapshot-controller.yml}
diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
index e6197611e76ab98b484ce5654894c8feb0e2867e..cc788775048794e4ffe443c984c273c1df64caee 100644
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@@ -80,7 +80,7 @@
copy:
content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}"
dest: "{{ artifacts_dir }}/admin.conf"
- mode: 0600
+ mode: "0600"
delegate_to: localhost
connection: local
become: no
@@ -106,7 +106,7 @@
#!/bin/bash
${BASH_SOURCE%/*}/kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf "$@"
dest: "{{ artifacts_dir }}/kubectl.sh"
- mode: 0755
+ mode: "0755"
become: no
run_once: yes
delegate_to: localhost
diff --git a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
index 209e4c73088506aec5e62be7c9dd75daa4ede990..9b998c52bc7293657273973433fd0af11515e679 100644
--- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
+++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
@@ -37,4 +37,4 @@
dest: "{{ kube_cert_dir }}/secrets_encryption.yaml"
owner: root
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
index 9de55c544593ad6fb8afaa02436e26bdc20f3c49..788d6b8f38c01db3ff4d165da7b4a95e7e52b95b 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
@@ -25,5 +25,5 @@
path: "{{ etcd_data_dir }}"
owner: "{{ etcd_owner }}"
group: "{{ etcd_owner }}"
- mode: 0700
+ mode: "0700"
when: etcd_deployment_type == "kubeadm"
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
index e10ef7fabae0f745a822c3686bc78e7d02fbbde7..128e93f3662293c985060884b18a3e7ac6631af9 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
@@ -34,7 +34,7 @@
template:
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
- mode: 0640
+ mode: "0640"
backup: yes
when:
- inventory_hostname != first_kube_control_plane
@@ -77,7 +77,7 @@
dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml"
content: "{{ kubeconfig_file_discovery.stdout }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when:
- inventory_hostname != first_kube_control_plane
- kubeadm_use_file_discovery
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index ceaafa06c55d81ee1fe7dcccb86a9b41c2e71d19..dfbe604a4c87651335f99a168f82bc6be4a1f2e8 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -51,35 +51,35 @@
file:
path: "{{ audit_policy_file | dirname }}"
state: directory
- mode: 0640
+ mode: "0640"
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
- name: Write api audit policy yaml
template:
src: apiserver-audit-policy.yaml.j2
dest: "{{ audit_policy_file }}"
- mode: 0640
+ mode: "0640"
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
- name: Write api audit webhook config yaml
template:
src: apiserver-audit-webhook-config.yaml.j2
dest: "{{ audit_webhook_config_file }}"
- mode: 0640
+ mode: "0640"
when: kubernetes_audit_webhook | default(false)
- name: Create apiserver tracing config directory
file:
path: "{{ kube_config_dir }}/tracing"
state: directory
- mode: 0640
+ mode: "0640"
when: kube_apiserver_tracing
- name: Write apiserver tracing config yaml
template:
src: apiserver-tracing.yaml.j2
dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml"
- mode: 0640
+ mode: "0640"
when: kube_apiserver_tracing
# Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
@@ -96,27 +96,27 @@
template:
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
- mode: 0640
+ mode: "0640"
- name: Kubeadm | Create directory to store admission control configurations
file:
path: "{{ kube_config_dir }}/admission-controls"
state: directory
- mode: 0640
+ mode: "0640"
when: kube_apiserver_admission_control_config_file
- name: Kubeadm | Push admission control config file
template:
src: "admission-controls.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml"
- mode: 0640
+ mode: "0640"
when: kube_apiserver_admission_control_config_file
- name: Kubeadm | Push admission control config files
template:
src: "{{ item | lower }}.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml"
- mode: 0640
+ mode: "0640"
when:
- kube_apiserver_admission_control_config_file
- item in kube_apiserver_admission_plugins_needs_configuration
@@ -126,7 +126,7 @@
template:
src: "podnodeselector.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml"
- mode: 0640
+ mode: "0640"
when:
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0
@@ -178,7 +178,7 @@
file:
path: "{{ kubeadm_patches.dest_dir }}"
state: directory
- mode: 0640
+ mode: "0640"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Copy kubeadm patches from inventory files
@@ -186,7 +186,7 @@
src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Initialize first master
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index 37f36ab145ebafa847ce43d76a334a43cf423e33..b1e2ee2a926add19d71c3555c420ffcd785be857 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -8,21 +8,21 @@
template:
src: webhook-token-auth-config.yaml.j2
dest: "{{ kube_config_dir }}/webhook-token-auth-config.yaml"
- mode: 0640
+ mode: "0640"
when: kube_webhook_token_auth | default(false)
- name: Create webhook authorization config
template:
src: webhook-authorization-config.yaml.j2
dest: "{{ kube_config_dir }}/webhook-authorization-config.yaml"
- mode: 0640
+ mode: "0640"
when: kube_webhook_authorization | default(false)
- name: Create kube-scheduler config
template:
src: kubescheduler-config.yaml.j2
dest: "{{ kube_config_dir }}/kubescheduler-config.yaml"
- mode: 0644
+ mode: "0644"
- name: Apply Kubernetes encrypt at rest config
import_tasks: encrypt-at-rest.yml
@@ -35,7 +35,7 @@
copy:
src: "{{ downloads.kubectl.dest }}"
dest: "{{ bin_dir }}/kubectl"
- mode: 0755
+ mode: "0755"
remote_src: true
tags:
- kubectl
@@ -53,7 +53,7 @@
path: /etc/bash_completion.d/kubectl.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: ansible_os_family in ["Debian","RedHat"]
tags:
- kubectl
@@ -101,13 +101,13 @@
template:
src: k8s-certs-renew.sh.j2
dest: "{{ bin_dir }}/k8s-certs-renew.sh"
- mode: 0755
+ mode: "0755"
- name: Renew K8S control plane certificates monthly 1/2
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{item}}'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
index d39ea2b9f95693c55f64d5e473a46241661c8ade..13420c0b9fb16c04e12abe700ecf52a6660a5f28 100644
--- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
+++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
@@ -8,7 +8,7 @@
template:
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
dest: "{{ kube_config_dir }}/kubeadm-cert-controlplane.conf"
- mode: 0640
+ mode: "0640"
vars:
kubeadm_cert_controlplane: true
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index e8b5dceb61b1a6563d78d9b4af8e5eb52aeabe12..2cb271a9eeba0f93994cc473e024e3f1a7e788f9 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -69,7 +69,7 @@
dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml"
content: "{{ kubeconfig_file_discovery.stdout }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when:
- not is_kube_master
- not kubelet_conf.stat.exists
@@ -80,14 +80,14 @@
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
backup: yes
- mode: 0640
+ mode: "0640"
when: not is_kube_master
- name: Kubeadm | Create directory to store kubeadm patches
file:
path: "{{ kubeadm_patches.dest_dir }}"
state: directory
- mode: 0640
+ mode: "0640"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Copy kubeadm patches from inventory files
@@ -95,7 +95,7 @@
src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Join to cluster if needed
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index fb1e8adc5a7018aee9866d4c09655f86d54be150..a89ba94ef20b7e834ba8d2b01365790b92db48b1 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -3,7 +3,7 @@
copy:
src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm"
- mode: 0755
+ mode: "0755"
remote_src: true
tags:
- kubeadm
@@ -14,7 +14,7 @@
copy:
src: "{{ downloads.kubelet.dest }}"
dest: "{{ bin_dir }}/kubelet"
- mode: 0755
+ mode: "0755"
remote_src: true
tags:
- kubelet
diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index d8ff9e23070cd924ad7690bf28af3499f9d7ed80..b63aefe1f18f643417df5b5e1f2ec508f87cc327 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -12,7 +12,7 @@
dest: "{{ kube_config_dir }}/kubelet.env"
setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
backup: yes
- mode: 0600
+ mode: "0600"
notify: Node | restart kubelet
tags:
- kubelet
@@ -22,7 +22,7 @@
template:
src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubelet-config.yaml"
- mode: 0600
+ mode: "0600"
notify: Kubelet | restart kubelet
tags:
- kubelet
@@ -33,7 +33,7 @@
src: "kubelet.service.j2"
dest: "/etc/systemd/system/kubelet.service"
backup: "yes"
- mode: 0600
+ mode: "0600"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:kubelet.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
index 7e5cfceddca15398a89b52b4deb97a1abc1b764e..2d3454e5a2f4df28efccd13e4c73061a4e398f7a 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
@@ -8,7 +8,7 @@
file:
path: "{{ haproxy_config_dir }}"
state: directory
- mode: 0755
+ mode: "0755"
owner: root
- name: Haproxy | Write haproxy configuration
@@ -16,7 +16,7 @@
src: "loadbalancer/haproxy.cfg.j2"
dest: "{{ haproxy_config_dir }}/haproxy.cfg"
owner: root
- mode: 0755
+ mode: "0755"
backup: yes
- name: Haproxy | Get checksum from config
@@ -31,4 +31,4 @@
template:
src: manifests/haproxy.manifest.j2
dest: "{{ kube_manifest_dir }}/haproxy.yml"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
index f7b04a624bdb43d9e821f614860c5ed99e91d965..7e34715932a6a9cb6234aa33b4ef09a6dde837f0 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
@@ -10,4 +10,4 @@
template:
src: manifests/kube-vip.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-vip.yml"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
index 5b82ff6206d1d4163c4c7e75309cd6ce870dd71d..aeeacc80d15faa27d4e9d62ff620ce6b445ee6dc 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
@@ -8,7 +8,7 @@
file:
path: "{{ nginx_config_dir }}"
state: directory
- mode: 0700
+ mode: "0700"
owner: root
- name: Nginx-proxy | Write nginx-proxy configuration
@@ -16,7 +16,7 @@
src: "loadbalancer/nginx.conf.j2"
dest: "{{ nginx_config_dir }}/nginx.conf"
owner: root
- mode: 0755
+ mode: "0755"
backup: yes
- name: Nginx-proxy | Get checksum from config
@@ -31,4 +31,4 @@
template:
src: manifests/nginx-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/nginx-proxy.yml"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 9e15b16d9bafafbb3a80dedafa50be12bddebf96..7dc2114057e2dce400f64f1fe5e700fe49de41c3 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -14,7 +14,7 @@
file:
path: /var/lib/cni
state: directory
- mode: 0755
+ mode: "0755"
- name: Install kubelet binary
import_tasks: install.yml
@@ -74,7 +74,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
loop:
- /etc/modules-load.d
- /etc/modprobe.d
@@ -89,7 +89,7 @@
copy:
dest: /etc/modules-load.d/kubespray-br_netfilter.conf
content: br_netfilter
- mode: 0644
+ mode: "0644"
when: modinfo_br_netfilter.rc == 0
# kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module
@@ -162,7 +162,7 @@
content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when:
- cloud_provider is defined
- cloud_provider == 'openstack'
@@ -176,7 +176,7 @@
src: "cloud-configs/{{ cloud_provider }}-cloud-config.j2"
dest: "{{ kube_config_dir }}/cloud_config"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when:
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ]
diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
index f77398986b6262aec9eefd7c924962c935b9066b..2fff8ef560892c7694bd1008450d6b9ef4e0b0c4 100644
--- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
+++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
@@ -4,7 +4,7 @@
path: "{{ item }}"
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
when: inventory_hostname in groups['k8s_cluster']
become: true
tags:
@@ -28,7 +28,7 @@
path: "{{ item }}"
state: directory
owner: root
- mode: 0755
+ mode: "0755"
when: inventory_hostname in groups['k8s_cluster']
become: true
tags:
@@ -61,7 +61,7 @@
src: "{{ kube_cert_dir }}"
dest: "{{ kube_cert_compat_dir }}"
state: link
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname in groups['k8s_cluster']
- kube_cert_dir != kube_cert_compat_dir
@@ -72,7 +72,7 @@
path: "{{ item }}"
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
with_items:
- "/etc/cni/net.d"
- "/opt/cni/bin"
@@ -93,7 +93,7 @@
path: "{{ item }}"
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
with_items:
- "/var/lib/calico"
when:
diff --git a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
index da5fc851634aaa54de1bd36f002f7fe493150a59..6219161fa4f2a8c68d2e28d9e3843d6f5761acf7 100644
--- a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
+++ b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
@@ -19,7 +19,7 @@
create: yes
backup: "{{ not resolvconf_stat.stat.islnk }}"
marker: "# Ansible entries {mark}"
- mode: 0644
+ mode: "0644"
notify: Preinstall | propagate resolvconf to k8s components
- name: Remove search/domain/nameserver options before block
@@ -53,6 +53,6 @@
dest: "{{ resolveconf_cloud_init_conf }}"
src: resolvconf.j2
owner: root
- mode: 0644
+ mode: "0644"
notify: Preinstall | update resolvconf for Flatcar Container Linux by Kinvolk
when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
index 9edec2e6488c7aaa5bb77c5d180eb1ccb3270b56..f1aa8f5c34d1fc87f2c657ec44d39476266952a0 100644
--- a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
+++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
@@ -3,7 +3,7 @@
file:
state: directory
name: /etc/systemd/resolved.conf.d/
- mode: 0755
+ mode: "0755"
- name: Write Kubespray DNS settings to systemd-resolved
template:
@@ -11,5 +11,5 @@
dest: /etc/systemd/resolved.conf.d/kubespray.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Preinstall | Restart systemd-resolved
diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
index 44d619160d054ceeb4dbf0693381cebd3929c347..ca51e88b910808607941b15d5a3af75922546ba7 100644
--- a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
+++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
@@ -11,7 +11,7 @@
[keyfile]
unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico
dest: /etc/NetworkManager/conf.d/calico.conf
- mode: 0644
+ mode: "0644"
when:
- kube_network_plugin == "calico"
notify: Preinstall | reload NetworkManager
@@ -24,5 +24,5 @@
[keyfile]
unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
dest: /etc/NetworkManager/conf.d/k8s.conf
- mode: 0644
+ mode: "0644"
notify: Preinstall | reload NetworkManager
diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
index 47affa10ccab7f7f97129827ddcde7f64a641a96..cddbe1ecfec725626839500c44beee266bb16aec 100644
--- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
+++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -30,7 +30,7 @@
Pin-Priority: 1001
dest: "/etc/apt/preferences.d/libseccomp2"
owner: "root"
- mode: 0644
+ mode: "0644"
- name: Update package management cache (APT)
apt:
diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
index 768cd62c9abcf4a9f548923e8fe5fc00e32b9a29..c08a86e451569180b10be529d766be3889861e02 100644
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -29,7 +29,7 @@
state: present
create: yes
backup: yes
- mode: 0644
+ mode: "0644"
when:
- disable_ipv6_dns
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
@@ -67,7 +67,7 @@
file:
name: "{{ sysctl_file_path | dirname }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Enable ip forwarding
ansible.posix.sysctl:
diff --git a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
index da4b312ebf62105ae7cfc68239ff9e98c0bbc93a..b1e2feead0509a4da0d9e85666a0457c1720df16 100644
--- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
@@ -40,7 +40,7 @@
template:
src: "{{ ntp_config_file | basename }}.j2"
dest: "{{ ntp_config_file }}"
- mode: 0644
+ mode: "0644"
notify: Preinstall | restart ntp
when:
- ntp_manage_config
diff --git a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml
index 6bec169980088c8f9ad6e80347d3320202386507..4ec9a69e6e2c45d657d9931bb3d7b1b884f36085 100644
--- a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml
+++ b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml
@@ -23,7 +23,7 @@
backup: yes
unsafe_writes: yes
marker: "# Ansible inventory hosts {mark}"
- mode: 0644
+ mode: "0644"
- name: Hosts | populate kubernetes loadbalancer address into hosts file
lineinfile:
diff --git a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
index da3814715c5b01a092209c61339029864d93f205..480edc86b751b979b6dbed6ba464413a8cc382bd 100644
--- a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
+++ b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
@@ -11,7 +11,7 @@
insertbefore: BOF
backup: yes
marker: "# Ansible entries {mark}"
- mode: 0644
+ mode: "0644"
notify: Preinstall | propagate resolvconf to k8s components
- name: Configure dhclient hooks for resolv.conf (non-RH)
@@ -19,7 +19,7 @@
src: dhclient_dnsupdate.sh.j2
dest: "{{ dhclienthookfile }}"
owner: root
- mode: 0755
+ mode: "0755"
notify: Preinstall | propagate resolvconf to k8s components
when: ansible_os_family not in [ "RedHat", "Suse" ]
@@ -28,6 +28,6 @@
src: dhclient_dnsupdate_rh.sh.j2
dest: "{{ dhclienthookfile }}"
owner: root
- mode: 0755
+ mode: "0755"
notify: Preinstall | propagate resolvconf to k8s components
when: ansible_os_family == "RedHat"
diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml
index 6ac6b4907fc308c7f8813c3f83c74916634776fb..1dabf9657554189ab0838952f724d1266e05b68e 100644
--- a/roles/kubernetes/tokens/tasks/gen_tokens.yml
+++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml
@@ -3,7 +3,7 @@
copy:
src: "kube-gen-token.sh"
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
- mode: 0700
+ mode: "0700"
run_once: yes
delegate_to: "{{ groups['kube_control_plane'][0] }}"
when: gen_tokens | default(false)
diff --git a/roles/kubernetes/tokens/tasks/main.yml b/roles/kubernetes/tokens/tasks/main.yml
index c9dfd071d55abae7f8ef5cfba6ef9da724875701..cab5a06bd9fd0c5fa3337252f0e7b882f40b2e2b 100644
--- a/roles/kubernetes/tokens/tasks/main.yml
+++ b/roles/kubernetes/tokens/tasks/main.yml
@@ -11,7 +11,7 @@
file:
path: "{{ kube_token_dir }}"
state: directory
- mode: 0644
+ mode: "0644"
group: "{{ kube_cert_group }}"
- name: Generate tokens
diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml
index 05aee39f16ed7ca56b694f4199ac2c8fa1cedb06..599874fb514a24271d730948a1124889c5b2b6fe 100644
--- a/roles/kubespray-defaults/defaults/main/main.yml
+++ b/roles/kubespray-defaults/defaults/main/main.yml
@@ -402,7 +402,7 @@ metrics_server_enabled: false
enable_network_policy: true
local_path_provisioner_enabled: false
local_volume_provisioner_enabled: false
-local_volume_provisioner_directory_mode: 0700
+local_volume_provisioner_directory_mode: "0700"
cinder_csi_enabled: false
aws_ebs_csi_enabled: false
azure_csi_enabled: false
diff --git a/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml b/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml
index fc336e46499c56051fc0f9851efae41d0ad75486..d42917c4eca6b321e9d8e3a2000356613dc732ad 100644
--- a/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml
+++ b/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml
@@ -9,7 +9,7 @@
template:
src: "calico-apiserver-ns.yml.j2"
dest: "{{ kube_config_dir }}/calico-apiserver-ns.yml"
- mode: 0644
+ mode: "0644"
- name: Calico | Apply ns manifests
kube:
@@ -21,21 +21,21 @@
file:
path: /etc/calico/certs
state: directory
- mode: 0755
+ mode: "0755"
when: calico_apiserver_secret.rc != 0
- name: Calico | Copy ssl script for apiserver certs
template:
src: make-ssl-calico.sh.j2
dest: "{{ bin_dir }}/make-ssl-apiserver.sh"
- mode: 0755
+ mode: "0755"
when: calico_apiserver_secret.rc != 0
- name: Calico | Copy ssl config for apiserver certs
copy:
src: openssl.conf
dest: /etc/calico/certs/openssl.conf
- mode: 0644
+ mode: "0644"
when: calico_apiserver_secret.rc != 0
- name: Calico | Generate apiserver certs
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 6b293dcb08352f266d5a80f6dde9cd781c0b874b..7f895b55502bce67ac3b18c18ab73da2fd6ff91f 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -13,14 +13,14 @@
copy:
src: "{{ downloads.calicoctl.dest }}"
dest: "{{ bin_dir }}/calicoctl"
- mode: 0755
+ mode: "0755"
remote_src: yes
- name: Calico | Create calico certs directory
file:
dest: "{{ calico_cert_dir }}"
state: directory
- mode: 0750
+ mode: "0750"
owner: root
group: root
when: calico_datastore == "etcd"
@@ -30,7 +30,7 @@
src: "{{ etcd_cert_dir }}/{{ item.s }}"
dest: "{{ calico_cert_dir }}/{{ item.d }}"
state: hard
- mode: 0640
+ mode: "0640"
force: yes
with_items:
- {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
@@ -54,7 +54,7 @@
template:
src: "calicoctl.{{ calico_datastore }}.sh.j2"
dest: "{{ bin_dir }}/calicoctl.sh"
- mode: 0755
+ mode: "0755"
owner: root
group: root
@@ -142,7 +142,7 @@
assemble:
src: "{{ calico_kdd_path }}"
dest: "{{ kube_config_dir }}/kdd-crds.yml"
- mode: 0644
+ mode: "0644"
delimiter: "---\n"
regexp: ".*\\.yaml"
remote_src: true
@@ -372,7 +372,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico-config, file: calico-config.yml, type: cm}
- {name: calico-node, file: calico-node.yml, type: ds}
@@ -389,7 +389,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico, file: calico-typha.yml, type: typha}
register: calico_node_typha_manifest
@@ -416,7 +416,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico, file: calico-apiserver.yml, type: calico-apiserver}
register: calico_apiserver_manifest
@@ -469,7 +469,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico, file: calico-ipamconfig.yml, type: ipam}
when:
diff --git a/roles/network_plugin/calico/tasks/typha_certs.yml b/roles/network_plugin/calico/tasks/typha_certs.yml
index 5d3f27921284ac839f3e55a96f6a85c351d147a8..ad87f5a024cadab7bb07de00ef260e1aaebe9662 100644
--- a/roles/network_plugin/calico/tasks/typha_certs.yml
+++ b/roles/network_plugin/calico/tasks/typha_certs.yml
@@ -9,21 +9,22 @@
file:
path: /etc/calico/certs
state: directory
- mode: 0755
+ mode: "0755"
when: typha_server_secret.rc != 0
- name: Calico | Copy ssl script for typha certs
template:
src: make-ssl-calico.sh.j2
dest: "{{ bin_dir }}/make-ssl-typha.sh"
- mode: 0755
+ mode: "0755"
+
when: typha_server_secret.rc != 0
- name: Calico | Copy ssl config for typha certs
copy:
src: openssl.conf
dest: /etc/calico/certs/openssl.conf
- mode: 0644
+ mode: "0644"
when: typha_server_secret.rc != 0
- name: Calico | Generate typha certs
diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml
index d531d72417a3cfc0d651b1472ce74c925b9ba1cd..1039953a00759432e45246540b83ae23d9757bad 100644
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -10,7 +10,7 @@
file:
dest: "{{ cilium_cert_dir }}"
state: directory
- mode: 0750
+ mode: "0750"
owner: root
group: root
when:
@@ -20,7 +20,7 @@
file:
src: "{{ etcd_cert_dir }}/{{ item.s }}"
dest: "{{ cilium_cert_dir }}/{{ item.d }}"
- mode: 0644
+ mode: "0644"
state: hard
force: yes
loop:
@@ -36,7 +36,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- cilium_hubble_install
@@ -45,7 +45,7 @@
template:
src: "{{ item.name }}/{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.name }}-{{ item.file }}"
- mode: 0644
+ mode: "0644"
loop:
- {name: cilium, file: config.yml, type: cm}
- {name: cilium-operator, file: crb.yml, type: clusterrolebinding}
@@ -66,7 +66,7 @@
template:
src: "{{ item.name }}/{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/hubble/{{ item.name }}-{{ item.file }}"
- mode: 0644
+ mode: "0644"
loop:
- {name: hubble, file: config.yml, type: cm}
- {name: hubble, file: crb.yml, type: clusterrolebinding}
@@ -86,12 +86,12 @@
template:
src: 000-cilium-portmap.conflist.j2
dest: /etc/cni/net.d/000-cilium-portmap.conflist
- mode: 0644
+ mode: "0644"
when: cilium_enable_portmap
- name: Cilium | Copy Ciliumcli binary from download dir
copy:
src: "{{ local_release_dir }}/cilium"
dest: "{{ bin_dir }}/cilium"
- mode: 0755
+ mode: "0755"
remote_src: yes
diff --git a/roles/network_plugin/cni/tasks/main.yml b/roles/network_plugin/cni/tasks/main.yml
index bcab4efb909313a9b5378c750c2f7cc903b844fd..8ac0dc53a3e9d3b28c73a7e0fdce76bf63cffc06 100644
--- a/roles/network_plugin/cni/tasks/main.yml
+++ b/roles/network_plugin/cni/tasks/main.yml
@@ -3,7 +3,7 @@
file:
path: /opt/cni/bin
state: directory
- mode: 0755
+ mode: "0755"
owner: "{{ cni_bin_owner }}"
recurse: true
@@ -11,6 +11,6 @@
unarchive:
src: "{{ downloads.cni.dest }}"
dest: "/opt/cni/bin"
- mode: 0755
+ mode: "0755"
owner: "{{ cni_bin_owner }}"
remote_src: yes
diff --git a/roles/network_plugin/custom_cni/tasks/main.yml b/roles/network_plugin/custom_cni/tasks/main.yml
index 8f5b4195f99162877b3e57dcc0c12ed17d1fd55f..a1397c8281fbb3783831f21ea2fc09f390dd1c50 100644
--- a/roles/network_plugin/custom_cni/tasks/main.yml
+++ b/roles/network_plugin/custom_cni/tasks/main.yml
@@ -12,7 +12,7 @@
template:
src: "{{ item }}"
dest: "{{ kube_config_dir }}/{{ item | basename | replace('.j2', '') }}"
- mode: 0644
+ mode: "0644"
loop: "{{ custom_cni_manifests }}"
delegate_to: "{{ groups['kube_control_plane'] | first }}"
run_once: true
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index 2fd82e938b4e4d4fcbcc878b8196a4beb21501da..94603fcf52c7dbb08e5115da35280190ad6ac96e 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -12,7 +12,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml
index 44850e54445ba5d561c90fe8c99a13624847c8e9..8b962072b1b0442bcf08009728e99a922146da09 100644
--- a/roles/network_plugin/kube-ovn/defaults/main.yml
+++ b/roles/network_plugin/kube-ovn/defaults/main.yml
@@ -115,4 +115,4 @@ kube_ovn_ls_dnat_mod_dl_dst: true
kube_ovn_keep_vm_ip: true
## cni config priority, default: 01
-kube_ovn_cni_config_priority: 01
+kube_ovn_cni_config_priority: '01'
diff --git a/roles/network_plugin/kube-ovn/tasks/main.yml b/roles/network_plugin/kube-ovn/tasks/main.yml
index ab45b6292c096f0353b886d6945507a2c6bbf7d9..a8b9427920233a8efc2e697d7a995a9b244badb7 100644
--- a/roles/network_plugin/kube-ovn/tasks/main.yml
+++ b/roles/network_plugin/kube-ovn/tasks/main.yml
@@ -9,7 +9,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml}
- {name: ovn, file: cni-ovn.yml}
diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml
index b6367f074ac2613cfc7cb686bfbac804fe8234f1..d47a0d1e2a6dd53269bc8ff96148f5a636a4c372 100644
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -9,13 +9,13 @@
state: directory
owner: "{{ kube_owner }}"
recurse: true
- mode: 0755
+ mode: "0755"
- name: Kube-router | Create kubeconfig
template:
src: kubeconfig.yml.j2
dest: /var/lib/kube-router/kubeconfig
- mode: 0644
+ mode: "0644"
owner: "{{ kube_owner }}"
notify:
- Reset_kube_router
@@ -43,7 +43,7 @@
template:
src: cni-conf.json.j2
dest: /etc/cni/net.d/10-kuberouter.conflist
- mode: 0644
+ mode: "0644"
owner: "{{ kube_owner }}"
notify:
- Reset_kube_router
@@ -57,6 +57,6 @@
template:
src: kube-router.yml.j2
dest: "{{ kube_config_dir }}/kube-router.yml"
- mode: 0644
+ mode: "0644"
delegate_to: "{{ groups['kube_control_plane'] | first }}"
run_once: true
diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml
index f7c3027714c6a15e9cf7c1ae3d4c0ddb223e8a35..165030d592cf342516ec242fb6da0ce241d66d6f 100644
--- a/roles/network_plugin/macvlan/tasks/main.yml
+++ b/roles/network_plugin/macvlan/tasks/main.yml
@@ -23,7 +23,7 @@
template:
src: debian-network-macvlan.cfg.j2
dest: /etc/network/interfaces.d/60-mac0.cfg
- mode: 0644
+ mode: "0644"
notify: Macvlan | restart network
when: ansible_os_family in ["Debian"]
@@ -53,7 +53,7 @@
template:
src: "{{ item.src }}.j2"
dest: "/etc/sysconfig/network-scripts/{{ item.dst }}"
- mode: 0644
+ mode: "0644"
with_items:
- {src: centos-network-macvlan.cfg, dst: ifcfg-mac0 }
- {src: centos-routes-macvlan.cfg, dst: route-mac0 }
@@ -67,7 +67,7 @@
template:
src: coreos-service-nat_ouside.j2
dest: /etc/systemd/system/enable_nat_ouside.service
- mode: 0644
+ mode: "0644"
when: enable_nat_default_gateway
- name: Macvlan | Enable service nat via gateway on Flatcar Container Linux
@@ -81,7 +81,7 @@
template:
src: "{{ item.src }}.j2"
dest: "/etc/systemd/network/{{ item.dst }}"
- mode: 0644
+ mode: "0644"
with_items:
- {src: coreos-device-macvlan.cfg, dst: macvlan.netdev }
- {src: coreos-interface-macvlan.cfg, dst: output.network }
@@ -92,13 +92,13 @@
template:
src: 10-macvlan.conf.j2
dest: /etc/cni/net.d/10-macvlan.conf
- mode: 0644
+ mode: "0644"
- name: Macvlan | Install loopback definition for Macvlan
template:
src: 99-loopback.conf.j2
dest: /etc/cni/net.d/99-loopback.conf
- mode: 0644
+ mode: "0644"
- name: Enable net.ipv4.conf.all.arp_notify in sysctl
ansible.posix.sysctl:
diff --git a/roles/network_plugin/multus/tasks/main.yml b/roles/network_plugin/multus/tasks/main.yml
index 1428929cc94d4ae6fc2507800ff996d9a6338271..0869da7b54ec73d908bcf36dd8e5797329ec2124 100644
--- a/roles/network_plugin/multus/tasks/main.yml
+++ b/roles/network_plugin/multus/tasks/main.yml
@@ -3,7 +3,7 @@
copy:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: multus-crd, file: multus-crd.yml, type: customresourcedefinition}
- {name: multus-serviceaccount, file: multus-serviceaccount.yml, type: serviceaccount}
@@ -20,7 +20,7 @@
template:
src: multus-daemonset.yml.j2
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: multus-daemonset-containerd, file: multus-daemonset-containerd.yml, type: daemonset, engine: containerd }
- {name: multus-daemonset-docker, file: multus-daemonset-docker.yml, type: daemonset, engine: docker }
diff --git a/roles/network_plugin/ovn4nfv/tasks/main.yml b/roles/network_plugin/ovn4nfv/tasks/main.yml
index 777fd9a2d344a86edd19b9f55d80c40445f98976..a16f3ec6f001b8b8dd700caee6284792e4dc73d9 100644
--- a/roles/network_plugin/ovn4nfv/tasks/main.yml
+++ b/roles/network_plugin/ovn4nfv/tasks/main.yml
@@ -9,7 +9,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: ovn-daemonset, file: ovn-daemonset.yml}
- {name: ovn4nfv-k8s-plugin, file: ovn4nfv-k8s-plugin.yml}
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index ae4a5a467323db4bc13a51ce60d1fb1d9aaf9453..ccb43135219c513c64b8c545cbff2a4344a322d0 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -3,10 +3,10 @@
template:
src: weave-net.yml.j2
dest: "{{ kube_config_dir }}/weave-net.yml"
- mode: 0644
+ mode: "0644"
- name: Weave | Fix nodePort for Weave
template:
src: 10-weave.conflist.j2
dest: /etc/cni/net.d/10-weave.conflist
- mode: 0644
+ mode: "0644"
diff --git a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
index 388962875f15ef1745b498bfea5899a174e1b55d..32db5799ebd2797b083c9d8b26e91eebced9d4e5 100644
--- a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
+++ b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
@@ -13,7 +13,7 @@
copy:
src: "{{ etcd_snapshot }}"
dest: /tmp/snapshot.db
- mode: 0640
+ mode: "0640"
when: etcd_snapshot is defined
- name: Stop etcd
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 0f13f686b8851d91907a50a2d574a0d536914ec2..9869cbc782f23d8d3a0f283e5fa512fd91dd0088 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -261,7 +261,7 @@
path: "{{ filedir_path }}"
state: touch
attributes: "-i"
- mode: 0644
+ mode: "0644"
loop: "{{ var_lib_kubelet_files_dirs_w_attrs.stdout_lines | select('search', 'Immutable') | list }}"
loop_control:
loop_var: file_dir_line
diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml
index 923a6a85c1791408967b8376951cbc910fbf734a..0234c073361e5f329d3a82ec014d619fbda379ac 100644
--- a/scripts/collect-info.yaml
+++ b/scripts/collect-info.yaml
@@ -140,7 +140,7 @@
path: "/tmp/{{ archive_dirname }}"
dest: "{{ dir | default('.') }}/logs.tar.gz"
remove: true
- mode: 0640
+ mode: "0640"
delegate_to: localhost
connection: local
become: false
diff --git a/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml b/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml
index 99c1c1c87ea3639207b9e90a0812e5a7197794be..c54be15c6b821481fccbebde33cc9ca74eb9393d 100644
--- a/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml
+++ b/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml
@@ -4,14 +4,14 @@
file:
state: directory
path: "{{ images_dir }}"
- mode: 0755
+ mode: "0755"
- name: Download images files
get_url:
url: "{{ item.value.url }}"
dest: "{{ images_dir }}/{{ item.value.filename }}"
checksum: "{{ item.value.checksum }}"
- mode: 0644
+ mode: "0644"
loop: "{{ images | dict2items }}"
- name: Unxz compressed images
@@ -41,7 +41,7 @@
template:
src: Dockerfile
dest: "{{ images_dir }}/Dockerfile"
- mode: 0644
+ mode: "0644"
- name: Create docker images for each OS
command: docker build -t {{ registry }}/vm-{{ item.key }}:{{ item.value.tag }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
index 39b3d5c78c7b741f85754156f1ac2853bdf5bcd9..2a73b674d3f47114f0ab05a3dc00a278595aac99 100644
--- a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
+++ b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
@@ -10,7 +10,7 @@
file:
path: "/tmp/{{ test_name }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Template vm files for CI job
set_fact:
@@ -45,6 +45,6 @@
template:
src: "inventory.j2"
dest: "{{ inventory_path }}"
- mode: 0644
+ mode: "0644"
vars:
vms: "{{ vm_ips }}"
diff --git a/tests/testcases/100_check-k8s-conformance.yml b/tests/testcases/100_check-k8s-conformance.yml
index 0247793db9e3e43e4a56c3249529881c53d38c57..3c07ffe46da5cca0c34f0001aa3a3e5ce0b40c65 100644
--- a/tests/testcases/100_check-k8s-conformance.yml
+++ b/tests/testcases/100_check-k8s-conformance.yml
@@ -18,7 +18,7 @@
get_url:
url: "https://github.com/heptio/sonobuoy/releases/download/v{{ sonobuoy_version }}/sonobuoy_{{ sonobuoy_version }}_linux_{{ sonobuoy_arch }}.tar.gz"
dest: /tmp/sonobuoy.tar.gz
- mode: 0644
+ mode: "0644"
- name: Extract sonobuoy
unarchive:
diff --git a/tests/testcases/roles/cluster-dump/tasks/main.yml b/tests/testcases/roles/cluster-dump/tasks/main.yml
index c8a7e2eca26b3aecf3fd22226e0f398eeb510ff6..348dea7dd74f92b263317a626587307cf4bcdc9a 100644
--- a/tests/testcases/roles/cluster-dump/tasks/main.yml
+++ b/tests/testcases/roles/cluster-dump/tasks/main.yml
@@ -8,7 +8,7 @@
community.general.archive:
path: /tmp/cluster-dump
dest: /tmp/cluster-dump.tgz
- mode: 0644
+ mode: "0644"
when: inventory_hostname in groups['kube_control_plane']
- name: Fetch dump file