From 8f5f75211fa7ef10546eea1888ccb1dd4ea371d9 Mon Sep 17 00:00:00 2001
From: Bas <bas.meijer@me.com>
Date: Fri, 26 Jul 2024 03:42:20 +0200
Subject: [PATCH] Improving yamllint configuration (#11389)
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
---
.yamllint | 9 +++++-
.../roles/generate-inventory/tasks/main.yml | 2 +-
.../roles/generate-inventory_2/tasks/main.yml | 4 +--
.../roles/generate-templates/tasks/main.yml | 4 +--
.../dind/roles/dind-cluster/tasks/main.yaml | 4 +--
contrib/dind/roles/dind-host/tasks/main.yaml | 2 +-
.../roles/kvm-setup/tasks/sysctl.yml | 2 +-
.../kvm-setup/roles/kvm-setup/tasks/user.yml | 8 +++---
contrib/mitogen/mitogen.yml | 6 ++--
.../roles/glusterfs/client/tasks/main.yml | 2 +-
.../roles/glusterfs/server/tasks/main.yml | 4 +--
.../kubernetes-pv/ansible/tasks/main.yaml | 2 +-
.../provision/tasks/bootstrap/deploy.yml | 2 +-
.../provision/tasks/bootstrap/topology.yml | 2 +-
.../roles/provision/tasks/glusterfs.yml | 4 +--
.../heketi/roles/provision/tasks/heketi.yml | 2 +-
.../heketi/roles/provision/tasks/secret.yml | 2 +-
.../heketi/roles/provision/tasks/storage.yml | 2 +-
.../roles/provision/tasks/storageclass.yml | 2 +-
.../heketi/roles/provision/tasks/topology.yml | 2 +-
contrib/offline/generate_list.yml | 2 +-
.../molecule/default/converge.yml | 2 +-
roles/bastion-ssh-config/tasks/main.yml | 2 +-
roles/bootstrap-os/tasks/centos.yml | 10 +++----
roles/bootstrap-os/tasks/fedora.yml | 2 +-
roles/bootstrap-os/tasks/main.yml | 4 +--
roles/bootstrap-os/tasks/redhat.yml | 2 +-
.../containerd/tasks/main.yml | 16 +++++------
.../cri-dockerd/molecule/default/prepare.yml | 6 ++--
.../cri-dockerd/tasks/main.yml | 4 +--
.../cri-o/molecule/default/prepare.yml | 6 ++--
roles/container-engine/cri-o/tasks/main.yaml | 28 +++++++++----------
.../cri-o/tasks/setup-amazon.yaml | 2 +-
.../container-engine/crictl/handlers/main.yml | 2 +-
.../container-engine/crictl/tasks/crictl.yml | 4 +--
roles/container-engine/crun/tasks/main.yml | 2 +-
.../docker-storage/tasks/main.yml | 6 ++--
roles/container-engine/docker/tasks/main.yml | 4 +--
.../container-engine/docker/tasks/systemd.yml | 14 +++++-----
.../gvisor/molecule/default/prepare.yml | 6 ++--
roles/container-engine/gvisor/tasks/main.yml | 2 +-
.../molecule/default/prepare.yml | 6 ++--
.../kata-containers/tasks/main.yml | 10 +++----
.../nerdctl/handlers/main.yml | 2 +-
roles/container-engine/nerdctl/tasks/main.yml | 6 ++--
roles/container-engine/runc/tasks/main.yml | 2 +-
roles/container-engine/skopeo/tasks/main.yml | 2 +-
.../youki/molecule/default/prepare.yml | 6 ++--
roles/container-engine/youki/tasks/main.yml | 2 +-
roles/download/tasks/download_file.yml | 2 +-
roles/download/tasks/prep_download.yml | 4 +--
roles/download/tasks/prep_kubeadm_images.yml | 4 +--
roles/etcd/handlers/backup.yml | 2 +-
roles/etcd/tasks/configure.yml | 4 +--
roles/etcd/tasks/gen_certs_script.yml | 10 +++----
roles/etcd/tasks/install_docker.yml | 4 +--
roles/etcd/tasks/install_host.yml | 2 +-
roles/etcd/tasks/refresh_config.yml | 4 +--
roles/etcd/tasks/upd_ca_trust.yml | 2 +-
roles/etcdctl_etcdutl/tasks/main.yml | 4 +--
.../kubernetes-apps/ansible/tasks/coredns.yml | 4 +--
.../ansible/tasks/dashboard.yml | 2 +-
.../ansible/tasks/etcd_metrics.yml | 2 +-
.../ansible/tasks/netchecker.yml | 2 +-
.../ansible/tasks/nodelocaldns.yml | 4 +--
roles/kubernetes-apps/argocd/tasks/main.yml | 4 +--
.../cloud_controller/oci/tasks/main.yml | 4 +--
.../cluster_roles/tasks/main.yml | 4 +--
.../cluster_roles/tasks/oci.yml | 2 +-
.../nvidia_gpu/tasks/main.yml | 4 +--
.../container_runtimes/gvisor/tasks/main.yaml | 4 +--
.../kata_containers/tasks/main.yaml | 4 +--
.../csi_driver/aws_ebs/tasks/main.yml | 2 +-
.../csi_driver/azuredisk/tasks/main.yml | 4 +--
.../cinder/tasks/cinder-write-cacert.yml | 2 +-
.../csi_driver/cinder/tasks/main.yml | 4 +--
.../csi_driver/csi_crd/tasks/main.yml | 2 +-
.../csi_driver/gcp_pd/tasks/main.yml | 4 +--
.../csi_driver/upcloud/tasks/main.yml | 2 +-
.../csi_driver/vsphere/tasks/main.yml | 4 +--
.../hcloud/tasks/main.yml | 2 +-
.../huaweicloud/tasks/main.yml | 2 +-
.../openstack/tasks/main.yml | 2 +-
.../vsphere/tasks/main.yml | 4 +--
.../cephfs_provisioner/tasks/main.yml | 4 +--
.../local_path_provisioner/tasks/main.yml | 6 ++--
.../local_volume_provisioner/tasks/main.yml | 4 +--
.../rbd_provisioner/tasks/main.yml | 4 +--
roles/kubernetes-apps/helm/tasks/main.yml | 4 +--
.../alb_ingress_controller/tasks/main.yml | 4 +--
.../cert_manager/tasks/main.yml | 4 +--
.../ingress_nginx/tasks/main.yml | 4 +--
roles/kubernetes-apps/krew/tasks/krew.yml | 6 ++--
roles/kubernetes-apps/metallb/tasks/main.yml | 8 +++---
.../metrics_server/tasks/main.yml | 4 +--
.../node_feature_discovery/tasks/main.yml | 4 +--
.../aws-ebs-csi/tasks/main.yml | 2 +-
.../azuredisk-csi/tasks/main.yml | 2 +-
.../cinder-csi/tasks/main.yml | 2 +-
.../gcp-pd-csi/tasks/main.yml | 2 +-
.../openstack/tasks/main.yml | 2 +-
.../upcloud-csi/tasks/main.yml | 2 +-
.../policy_controller/calico/tasks/main.yml | 2 +-
roles/kubernetes-apps/registry/tasks/main.yml | 6 ++--
.../scheduler_plugins/tasks/main.yml | 4 +--
.../snapshots/cinder-csi/tasks/main.yml | 2 +-
.../snapshot-controller/tasks/main.yml | 2 +-
roles/kubernetes/client/tasks/main.yml | 4 +--
.../control-plane/tasks/encrypt-at-rest.yml | 2 +-
.../control-plane/tasks/kubeadm-etcd.yml | 2 +-
.../control-plane/tasks/kubeadm-secondary.yml | 4 +--
.../control-plane/tasks/kubeadm-setup.yml | 24 ++++++++--------
roles/kubernetes/control-plane/tasks/main.yml | 14 +++++-----
.../kubeadm/tasks/kubeadm_etcd_node.yml | 2 +-
roles/kubernetes/kubeadm/tasks/main.yml | 8 +++---
roles/kubernetes/node/tasks/install.yml | 4 +--
roles/kubernetes/node/tasks/kubelet.yml | 6 ++--
.../node/tasks/loadbalancer/haproxy.yml | 6 ++--
.../node/tasks/loadbalancer/kube-vip.yml | 2 +-
.../node/tasks/loadbalancer/nginx-proxy.yml | 6 ++--
roles/kubernetes/node/tasks/main.yml | 10 +++----
.../tasks/0050-create_directories.yml | 10 +++----
.../preinstall/tasks/0060-resolvconf.yml | 4 +--
.../tasks/0061-systemd-resolved.yml | 4 +--
.../0062-networkmanager-unmanaged-devices.yml | 4 +--
.../preinstall/tasks/0070-system-packages.yml | 2 +-
.../tasks/0080-system-configurations.yml | 4 +--
.../tasks/0081-ntp-configurations.yml | 2 +-
.../preinstall/tasks/0090-etchosts.yml | 2 +-
.../preinstall/tasks/0100-dhclient-hooks.yml | 6 ++--
roles/kubernetes/tokens/tasks/gen_tokens.yml | 2 +-
roles/kubernetes/tokens/tasks/main.yml | 2 +-
.../kubespray-defaults/defaults/main/main.yml | 2 +-
.../calico/tasks/calico_apiserver_certs.yml | 8 +++---
roles/network_plugin/calico/tasks/install.yml | 18 ++++++------
.../calico/tasks/typha_certs.yml | 7 +++--
roles/network_plugin/cilium/tasks/install.yml | 14 +++++-----
roles/network_plugin/cni/tasks/main.yml | 4 +--
.../network_plugin/custom_cni/tasks/main.yml | 2 +-
roles/network_plugin/flannel/tasks/main.yml | 2 +-
.../network_plugin/kube-ovn/defaults/main.yml | 2 +-
roles/network_plugin/kube-ovn/tasks/main.yml | 2 +-
.../network_plugin/kube-router/tasks/main.yml | 8 +++---
roles/network_plugin/macvlan/tasks/main.yml | 12 ++++----
roles/network_plugin/multus/tasks/main.yml | 4 +--
roles/network_plugin/ovn4nfv/tasks/main.yml | 2 +-
roles/network_plugin/weave/tasks/main.yml | 4 +--
.../etcd/tasks/recover_lost_quorum.yml | 2 +-
roles/reset/tasks/main.yml | 2 +-
scripts/collect-info.yaml | 2 +-
.../roles/kubevirt-images/tasks/main.yml | 6 ++--
.../roles/packet-ci/tasks/create-vms.yml | 4 +--
tests/testcases/100_check-k8s-conformance.yml | 2 +-
.../roles/cluster-dump/tasks/main.yml | 2 +-
154 files changed, 342 insertions(+), 334 deletions(-)
diff --git a/.yamllint b/.yamllint
index aa14324a9..eb061917e 100644
--- a/.yamllint
+++ b/.yamllint
@@ -6,7 +6,7 @@ ignore: |
.github/
# Generated file
tests/files/custom_cni/cilium.yaml
-
+# https://ansible.readthedocs.io/projects/lint/rules/yaml/
rules:
braces:
min-spaces-inside: 0
@@ -14,9 +14,16 @@ rules:
brackets:
min-spaces-inside: 0
max-spaces-inside: 1
+ comments:
+ min-spaces-from-content: 1
+ # https://github.com/adrienverge/yamllint/issues/384
+ comments-indentation: false
indentation:
spaces: 2
indent-sequences: consistent
line-length: disable
new-line-at-end-of-file: disable
+ octal-values:
+ forbid-implicit-octal: true # yamllint defaults to false
+ forbid-explicit-octal: true # yamllint defaults to false
truthy: disable
diff --git a/contrib/azurerm/roles/generate-inventory/tasks/main.yml b/contrib/azurerm/roles/generate-inventory/tasks/main.yml
index 3eb121aa0..f93f1b6b2 100644
--- a/contrib/azurerm/roles/generate-inventory/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-inventory/tasks/main.yml
@@ -12,4 +12,4 @@
template:
src: inventory.j2
dest: "{{ playbook_dir }}/inventory"
- mode: 0644
+ mode: "0644"
diff --git a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
index c628154a0..267755b12 100644
--- a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
@@ -22,10 +22,10 @@
template:
src: inventory.j2
dest: "{{ playbook_dir }}/inventory"
- mode: 0644
+ mode: "0644"
- name: Generate Load Balancer variables
template:
src: loadbalancer_vars.j2
dest: "{{ playbook_dir }}/loadbalancer_vars.yml"
- mode: 0644
+ mode: "0644"
diff --git a/contrib/azurerm/roles/generate-templates/tasks/main.yml b/contrib/azurerm/roles/generate-templates/tasks/main.yml
index 294ee96fc..057d4d005 100644
--- a/contrib/azurerm/roles/generate-templates/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-templates/tasks/main.yml
@@ -8,13 +8,13 @@
path: "{{ base_dir }}"
state: directory
recurse: true
- mode: 0755
+ mode: "0755"
- name: Store json files in base_dir
template:
src: "{{ item }}"
dest: "{{ base_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- network.json
- storage.json
diff --git a/contrib/dind/roles/dind-cluster/tasks/main.yaml b/contrib/dind/roles/dind-cluster/tasks/main.yaml
index 1cf819f68..dcb086c64 100644
--- a/contrib/dind/roles/dind-cluster/tasks/main.yaml
+++ b/contrib/dind/roles/dind-cluster/tasks/main.yaml
@@ -35,7 +35,7 @@
path-exclude=/usr/share/doc/*
path-include=/usr/share/doc/*/copyright
dest: /etc/dpkg/dpkg.cfg.d/01_nodoc
- mode: 0644
+ mode: "0644"
when:
- ansible_os_family == 'Debian'
@@ -64,7 +64,7 @@
copy:
content: "{{ distro_user }} ALL=(ALL) NOPASSWD:ALL"
dest: "/etc/sudoers.d/{{ distro_user }}"
- mode: 0640
+ mode: "0640"
- name: "Add my pubkey to {{ distro_user }} user authorized keys"
ansible.posix.authorized_key:
diff --git a/contrib/dind/roles/dind-host/tasks/main.yaml b/contrib/dind/roles/dind-host/tasks/main.yaml
index e44047f4d..56c8ff4c5 100644
--- a/contrib/dind/roles/dind-host/tasks/main.yaml
+++ b/contrib/dind/roles/dind-host/tasks/main.yaml
@@ -42,7 +42,7 @@
template:
src: inventory_builder.sh.j2
dest: /tmp/kubespray.dind.inventory_builder.sh
- mode: 0755
+ mode: "0755"
tags:
- addresses
diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
index 52bc83f09..6934eccf3 100644
--- a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
+++ b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
@@ -20,7 +20,7 @@
br-netfilter
owner: root
group: root
- mode: 0644
+ mode: "0644"
when: br_netfilter is defined
diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
index c2d312302..e8ab34afd 100644
--- a/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
+++ b/contrib/kvm-setup/roles/kvm-setup/tasks/user.yml
@@ -11,7 +11,7 @@
state: directory
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
- mode: 0700
+ mode: "0700"
- name: Configure sudo for deployment user
copy:
@@ -20,13 +20,13 @@
dest: "/etc/sudoers.d/55-k8s-deployment"
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Write private SSH key
copy:
src: "{{ k8s_deployment_user_pkey_path }}"
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
- mode: 0400
+ mode: "0400"
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined
@@ -41,7 +41,7 @@
- name: Fix ssh-pub-key permissions
file:
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
- mode: 0600
+ mode: "0600"
owner: "{{ k8s_deployment_user }}"
group: "{{ k8s_deployment_user }}"
when: k8s_deployment_user_pkey_path is defined
diff --git a/contrib/mitogen/mitogen.yml b/contrib/mitogen/mitogen.yml
index 1ccc9a99c..77018d693 100644
--- a/contrib/mitogen/mitogen.yml
+++ b/contrib/mitogen/mitogen.yml
@@ -14,7 +14,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
become: false
loop:
- "{{ playbook_dir }}/plugins/mitogen"
@@ -25,7 +25,7 @@
url: "{{ mitogen_url }}"
dest: "{{ playbook_dir }}/dist/mitogen_{{ mitogen_version }}.tar.gz"
validate_certs: true
- mode: 0644
+ mode: "0644"
- name: Extract archive
unarchive:
@@ -40,7 +40,7 @@
- name: Add strategy to ansible.cfg
community.general.ini_file:
path: ansible.cfg
- mode: 0644
+ mode: "0644"
section: "{{ item.section | d('defaults') }}"
option: "{{ item.option }}"
value: "{{ item.value }}"
diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
index 248f21efa..947cf8aa2 100644
--- a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
+++ b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/main.yml
@@ -15,7 +15,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0775
+ mode: "0775"
with_items:
- "{{ gluster_mount_dir }}"
when: ansible_os_family in ["Debian","RedHat"] and groups['gfs-cluster'] is defined
diff --git a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
index 50f849c01..6bdc41420 100644
--- a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
+++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/main.yml
@@ -49,7 +49,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0775
+ mode: "0775"
with_items:
- "{{ gluster_brick_dir }}"
- "{{ gluster_mount_dir }}"
@@ -101,7 +101,7 @@
template:
dest: "{{ gluster_mount_dir }}/.test-file.txt"
src: test-file.txt
- mode: 0644
+ mode: "0644"
when: groups['gfs-cluster'] is defined and inventory_hostname == groups['gfs-cluster'][0]
- name: Unmount glusterfs
diff --git a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
index ed62e282e..cf2bd0ee5 100644
--- a/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
+++ b/contrib/network-storage/glusterfs/roles/kubernetes-pv/ansible/tasks/main.yaml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}/{{ item.dest }}"
- mode: 0644
+ mode: "0644"
with_items:
- { file: glusterfs-kubernetes-endpoint.json.j2, type: ep, dest: glusterfs-kubernetes-endpoint.json}
- { file: glusterfs-kubernetes-pv.yml.j2, type: pv, dest: glusterfs-kubernetes-pv.yml}
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
index 866fe30bf..94d440150 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/deploy.yml
@@ -4,7 +4,7 @@
template:
src: "heketi-bootstrap.json.j2"
dest: "{{ kube_config_dir }}/heketi-bootstrap.json"
- mode: 0640
+ mode: "0640"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Bootstrap"
kube:
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
index 2f3efd4dd..b011c024b 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
@@ -10,7 +10,7 @@
template:
src: "topology.json.j2"
dest: "{{ kube_config_dir }}/topology.json"
- mode: 0644
+ mode: "0644"
- name: "Copy topology configuration into container."
changed_when: false
command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
index 973c66851..239e780d8 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/glusterfs.yml
@@ -3,7 +3,7 @@
template:
src: "glusterfs-daemonset.json.j2"
dest: "{{ kube_config_dir }}/glusterfs-daemonset.json"
- mode: 0644
+ mode: "0644"
become: true
register: "rendering"
- name: "Kubernetes Apps | Install and configure GlusterFS daemonset"
@@ -33,7 +33,7 @@
template:
src: "heketi-service-account.json.j2"
dest: "{{ kube_config_dir }}/heketi-service-account.json"
- mode: 0644
+ mode: "0644"
become: true
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Service Account"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
index a8549df45..30c68c2bc 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/heketi.yml
@@ -4,7 +4,7 @@
template:
src: "heketi-deployment.json.j2"
dest: "{{ kube_config_dir }}/heketi-deployment.json"
- mode: 0644
+ mode: "0644"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
index c455b6f6d..816bb156c 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/secret.yml
@@ -28,7 +28,7 @@
template:
src: "heketi.json.j2"
dest: "{{ kube_config_dir }}/heketi.json"
- mode: 0644
+ mode: "0644"
- name: "Deploy Heketi config secret"
when: "secret_state.stdout | length == 0"
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
index 055e179a3..c3f8ebf2e 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/storage.yml
@@ -5,7 +5,7 @@
template:
src: "heketi-storage.json.j2"
dest: "{{ kube_config_dir }}/heketi-storage.json"
- mode: 0644
+ mode: "0644"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Heketi Storage"
kube:
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
index bd4f6666b..fc57302bc 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/storageclass.yml
@@ -16,7 +16,7 @@
template:
src: "storageclass.yml.j2"
dest: "{{ kube_config_dir }}/storageclass.yml"
- mode: 0644
+ mode: "0644"
register: "rendering"
- name: "Kubernetes Apps | Install and configure Storace Class"
kube:
diff --git a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
index aa662083e..edd5bd9e8 100644
--- a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
@@ -10,7 +10,7 @@
template:
src: "topology.json.j2"
dest: "{{ kube_config_dir }}/topology.json"
- mode: 0644
+ mode: "0644"
- name: "Copy topology configuration into container." # noqa no-handler
when: "rendering.changed"
command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json"
diff --git a/contrib/offline/generate_list.yml b/contrib/offline/generate_list.yml
index bebf34968..6b2bcf806 100644
--- a/contrib/offline/generate_list.yml
+++ b/contrib/offline/generate_list.yml
@@ -16,7 +16,7 @@
template:
src: ./contrib/offline/temp/{{ item }}.list.template
dest: ./contrib/offline/temp/{{ item }}.list
- mode: 0644
+ mode: "0644"
with_items:
- files
- images
diff --git a/roles/bastion-ssh-config/molecule/default/converge.yml b/roles/bastion-ssh-config/molecule/default/converge.yml
index 54a624705..a89615573 100644
--- a/roles/bastion-ssh-config/molecule/default/converge.yml
+++ b/roles/bastion-ssh-config/molecule/default/converge.yml
@@ -12,4 +12,4 @@
dest: "{{ ssh_bastion_confing__name }}"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- mode: 0644
+ mode: "0644"
diff --git a/roles/bastion-ssh-config/tasks/main.yml b/roles/bastion-ssh-config/tasks/main.yml
index 920763eb5..99847ef8e 100644
--- a/roles/bastion-ssh-config/tasks/main.yml
+++ b/roles/bastion-ssh-config/tasks/main.yml
@@ -19,4 +19,4 @@
template:
src: "{{ ssh_bastion_confing__name }}.j2"
dest: "{{ playbook_dir }}/{{ ssh_bastion_confing__name }}"
- mode: 0640
+ mode: "0640"
diff --git a/roles/bootstrap-os/tasks/centos.yml b/roles/bootstrap-os/tasks/centos.yml
index fcd20d562..11559a872 100644
--- a/roles/bootstrap-os/tasks/centos.yml
+++ b/roles/bootstrap-os/tasks/centos.yml
@@ -12,7 +12,7 @@
value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
- mode: 0644
+ mode: "0644"
become: true
when: not skip_http_proxy_on_os_packages
@@ -21,7 +21,7 @@
get_url:
url: https://yum.oracle.com/public-yum-ol7.repo
dest: /etc/yum.repos.d/public-yum-ol7.repo
- mode: 0644
+ mode: "0644"
when:
- use_oracle_public_repo | default(true)
- '''ID="ol"'' in os_release.stdout_lines'
@@ -34,7 +34,7 @@
section: "{{ item }}"
option: enabled
value: "1"
- mode: 0644
+ mode: "0644"
with_items:
- ol7_latest
- ol7_addons
@@ -59,7 +59,7 @@
section: "ol{{ ansible_distribution_major_version }}_addons"
option: "{{ item.option }}"
value: "{{ item.value }}"
- mode: 0644
+ mode: "0644"
with_items:
- { option: "name", value: "ol{{ ansible_distribution_major_version }}_addons" }
- { option: "enabled", value: "1" }
@@ -75,7 +75,7 @@
section: "extras"
option: "{{ item.option }}"
value: "{{ item.value }}"
- mode: 0644
+ mode: "0644"
with_items:
- { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" }
- { option: "enabled", value: "1" }
diff --git a/roles/bootstrap-os/tasks/fedora.yml b/roles/bootstrap-os/tasks/fedora.yml
index 85f8ff563..d4a43c314 100644
--- a/roles/bootstrap-os/tasks/fedora.yml
+++ b/roles/bootstrap-os/tasks/fedora.yml
@@ -17,7 +17,7 @@
value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
- mode: 0644
+ mode: "0644"
become: true
when: not skip_http_proxy_on_os_packages
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index b8f676fae..e62fbf496 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -36,7 +36,7 @@
file:
path: "{{ ansible_remote_tmp | default('~/.ansible/tmp') }}"
state: directory
- mode: 0700
+ mode: "0700"
- name: Gather facts
setup:
@@ -61,4 +61,4 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
diff --git a/roles/bootstrap-os/tasks/redhat.yml b/roles/bootstrap-os/tasks/redhat.yml
index c3621466e..0aae5a0d6 100644
--- a/roles/bootstrap-os/tasks/redhat.yml
+++ b/roles/bootstrap-os/tasks/redhat.yml
@@ -12,7 +12,7 @@
value: "{{ http_proxy | default(omit) }}"
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
- mode: 0644
+ mode: "0644"
become: true
when: not skip_http_proxy_on_os_packages
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index f1b977717..657d1ad75 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -35,7 +35,7 @@
unarchive:
src: "{{ downloads.containerd.dest }}"
dest: "{{ containerd_bin_dir }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
extra_opts:
- --strip-components=1
@@ -60,7 +60,7 @@
template:
src: containerd.service.j2
dest: /etc/systemd/system/containerd.service
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:containerd.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
@@ -70,7 +70,7 @@
file:
dest: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
owner: root
group: root
with_items:
@@ -83,7 +83,7 @@
template:
src: http-proxy.conf.j2
dest: "{{ containerd_systemd_dir }}/http-proxy.conf"
- mode: 0644
+ mode: "0644"
notify: Restart containerd
when: http_proxy is defined or https_proxy is defined
@@ -102,7 +102,7 @@
content: "{{ item.value }}"
dest: "{{ containerd_cfg_dir }}/{{ item.key }}"
owner: "root"
- mode: 0644
+ mode: "0644"
with_dict: "{{ containerd_base_runtime_specs | default({}) }}"
notify: Restart containerd
@@ -111,7 +111,7 @@
src: config.toml.j2
dest: "{{ containerd_cfg_dir }}/config.toml"
owner: "root"
- mode: 0640
+ mode: "0640"
notify: Restart containerd
- name: Containerd | Configure containerd registries
@@ -121,13 +121,13 @@
file:
path: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}"
state: directory
- mode: 0755
+ mode: "0755"
loop: "{{ containerd_registries_mirrors }}"
- name: Containerd | Write hosts.toml file
template:
src: hosts.toml.j2
dest: "{{ containerd_cfg_dir }}/certs.d/{{ item.prefix }}/hosts.toml"
- mode: 0640
+ mode: "0640"
loop: "{{ containerd_registries_mirrors }}"
# you can sometimes end up in a state where everything is installed
diff --git a/roles/container-engine/cri-dockerd/molecule/default/prepare.yml b/roles/container-engine/cri-dockerd/molecule/default/prepare.yml
index 83449f842..b5328422a 100644
--- a/roles/container-engine/cri-dockerd/molecule/default/prepare.yml
+++ b/roles/container-engine/cri-dockerd/molecule/default/prepare.yml
@@ -28,7 +28,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -37,12 +37,12 @@
path: /etc/cni/net.d
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/cri-dockerd/tasks/main.yml b/roles/container-engine/cri-dockerd/tasks/main.yml
index 730e379eb..f7d1b1831 100644
--- a/roles/container-engine/cri-dockerd/tasks/main.yml
+++ b/roles/container-engine/cri-dockerd/tasks/main.yml
@@ -8,7 +8,7 @@
copy:
src: "{{ local_release_dir }}/cri-dockerd"
dest: "{{ bin_dir }}/cri-dockerd"
- mode: 0755
+ mode: "0755"
remote_src: true
notify:
- Restart and enable cri-dockerd
@@ -17,7 +17,7 @@
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{ item }}'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/container-engine/cri-o/molecule/default/prepare.yml b/roles/container-engine/cri-o/molecule/default/prepare.yml
index 103b0d33e..c769d7cd2 100644
--- a/roles/container-engine/cri-o/molecule/default/prepare.yml
+++ b/roles/container-engine/cri-o/molecule/default/prepare.yml
@@ -33,7 +33,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -42,12 +42,12 @@
path: /etc/cni/net.d
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 2d73e74e2..a7b234563 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -56,27 +56,27 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Cri-o | install cri-o config
template:
src: crio.conf.j2
dest: /etc/crio/crio.conf
- mode: 0644
+ mode: "0644"
register: config_install
- name: Cri-o | install config.json
template:
src: config.json.j2
dest: /etc/crio/config.json
- mode: 0644
+ mode: "0644"
register: reg_auth_install
- name: Cri-o | copy binaries
copy:
src: "{{ local_release_dir }}/cri-o/bin/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
- mode: 0755
+ mode: "0755"
remote_src: true
with_items:
- "{{ crio_bin_files }}"
@@ -86,7 +86,7 @@
copy:
src: "{{ local_release_dir }}/cri-o/contrib/crio.service"
dest: /etc/systemd/system/crio.service
- mode: 0755
+ mode: "0755"
remote_src: true
notify: Restart crio
@@ -115,7 +115,7 @@
copy:
src: "{{ local_release_dir }}/cri-o/contrib/policy.json"
dest: /etc/containers/policy.json
- mode: 0755
+ mode: "0755"
remote_src: true
notify: Restart crio
@@ -123,7 +123,7 @@
copy:
src: mounts.conf
dest: /etc/containers/mounts.conf
- mode: 0644
+ mode: "0644"
when:
- ansible_os_family == 'RedHat'
notify: Restart crio
@@ -133,7 +133,7 @@
path: /etc/containers/oci/hooks.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Cri-o | set overlay driver
community.general.ini_file:
@@ -141,7 +141,7 @@
section: storage
option: "{{ item.option }}"
value: "{{ item.value }}"
- mode: 0644
+ mode: "0644"
with_items:
- option: driver
value: '"overlay"'
@@ -157,20 +157,20 @@
section: storage.options.overlay
option: mountopt
value: '{{ ''"nodev"'' if ansible_kernel is version_compare(("4.18" if ansible_os_family == "RedHat" else "4.19"), "<") else ''"nodev,metacopy=on"'' }}'
- mode: 0644
+ mode: "0644"
- name: Cri-o | create directory registries configs
file:
path: /etc/containers/registries.conf.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Cri-o | write registries configs
template:
src: registry.conf.j2
dest: "/etc/containers/registries.conf.d/10-{{ item.prefix | default(item.location) | regex_replace(':|/', '_') }}.conf"
- mode: 0644
+ mode: "0644"
loop: "{{ crio_registries }}"
notify: Restart crio
@@ -178,14 +178,14 @@
template:
src: unqualified.conf.j2
dest: "/etc/containers/registries.conf.d/01-unqualified.conf"
- mode: 0644
+ mode: "0644"
notify: Restart crio
- name: Cri-o | write cri-o proxy drop-in
template:
src: http-proxy.conf.j2
dest: /etc/systemd/system/crio.service.d/http-proxy.conf
- mode: 0644
+ mode: "0644"
notify: Restart crio
when: http_proxy is defined or https_proxy is defined
diff --git a/roles/container-engine/cri-o/tasks/setup-amazon.yaml b/roles/container-engine/cri-o/tasks/setup-amazon.yaml
index e6e099d65..2462c30fd 100644
--- a/roles/container-engine/cri-o/tasks/setup-amazon.yaml
+++ b/roles/container-engine/cri-o/tasks/setup-amazon.yaml
@@ -20,7 +20,7 @@
option: enabled
value: "0"
backup: yes
- mode: 0644
+ mode: "0644"
when:
- amzn2_extras_file_stat.stat.exists
- not amzn2_extras_docker_repo.changed
diff --git a/roles/container-engine/crictl/handlers/main.yml b/roles/container-engine/crictl/handlers/main.yml
index 53195869f..785823fc4 100644
--- a/roles/container-engine/crictl/handlers/main.yml
+++ b/roles/container-engine/crictl/handlers/main.yml
@@ -9,4 +9,4 @@
copy:
dest: /etc/bash_completion.d/crictl
content: "{{ cri_completion.stdout }}"
- mode: 0644
+ mode: "0644"
diff --git a/roles/container-engine/crictl/tasks/crictl.yml b/roles/container-engine/crictl/tasks/crictl.yml
index cffa05056..72bde5d35 100644
--- a/roles/container-engine/crictl/tasks/crictl.yml
+++ b/roles/container-engine/crictl/tasks/crictl.yml
@@ -9,13 +9,13 @@
src: crictl.yaml.j2
dest: /etc/crictl.yaml
owner: root
- mode: 0644
+ mode: "0644"
- name: Copy crictl binary from download dir
copy:
src: "{{ local_release_dir }}/crictl"
dest: "{{ bin_dir }}/crictl"
- mode: 0755
+ mode: "0755"
remote_src: true
notify:
- Get crictl completion
diff --git a/roles/container-engine/crun/tasks/main.yml b/roles/container-engine/crun/tasks/main.yml
index c21bb3ffe..f4ec76459 100644
--- a/roles/container-engine/crun/tasks/main.yml
+++ b/roles/container-engine/crun/tasks/main.yml
@@ -8,5 +8,5 @@
copy:
src: "{{ downloads.crun.dest }}"
dest: "{{ bin_dir }}/crun"
- mode: 0755
+ mode: "0755"
remote_src: true
diff --git a/roles/container-engine/docker-storage/tasks/main.yml b/roles/container-engine/docker-storage/tasks/main.yml
index ec129753d..e3c713db2 100644
--- a/roles/container-engine/docker-storage/tasks/main.yml
+++ b/roles/container-engine/docker-storage/tasks/main.yml
@@ -10,12 +10,12 @@
template:
src: docker-storage-setup.j2
dest: /etc/sysconfig/docker-storage-setup
- mode: 0644
+ mode: "0644"
- name: Docker-storage-override-directory | docker service storage-setup override dir
file:
dest: /etc/systemd/system/docker.service.d
- mode: 0755
+ mode: "0755"
owner: root
group: root
state: directory
@@ -30,7 +30,7 @@
owner: root
group: root
- mode: 0644
+ mode: "0644"
# https://docs.docker.com/engine/installation/linux/docker-ce/centos/#install-using-the-repository
- name: Docker-storage-setup | install lvm2
diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml
index 1ccee8c4c..55b3a0be6 100644
--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@@ -82,14 +82,14 @@
template:
src: "fedora_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker.repo"
- mode: 0644
+ mode: "0644"
when: ansible_distribution == "Fedora" and not is_ostree
- name: Configure docker repository on RedHat/CentOS/OracleLinux/AlmaLinux/KylinLinux
template:
src: "rh_docker.repo.j2"
dest: "{{ yum_repo_dir }}/docker-ce.repo"
- mode: 0644
+ mode: "0644"
when:
- ansible_os_family == "RedHat"
- ansible_distribution != "Fedora"
diff --git a/roles/container-engine/docker/tasks/systemd.yml b/roles/container-engine/docker/tasks/systemd.yml
index 57d9b9c5a..22fe3a02d 100644
--- a/roles/container-engine/docker/tasks/systemd.yml
+++ b/roles/container-engine/docker/tasks/systemd.yml
@@ -3,13 +3,13 @@
file:
path: /etc/systemd/system/docker.service.d
state: directory
- mode: 0755
+ mode: "0755"
- name: Write docker proxy drop-in
template:
src: http-proxy.conf.j2
dest: /etc/systemd/system/docker.service.d/http-proxy.conf
- mode: 0644
+ mode: "0644"
notify: Restart docker
when: http_proxy is defined or https_proxy is defined
@@ -27,7 +27,7 @@
template:
src: docker.service.j2
dest: /etc/systemd/system/docker.service
- mode: 0644
+ mode: "0644"
register: docker_service_file
notify: Restart docker
when:
@@ -38,14 +38,14 @@
template:
src: docker-options.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-options.conf"
- mode: 0644
+ mode: "0644"
notify: Restart docker
- name: Write docker dns systemd drop-in
template:
src: docker-dns.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-dns.conf"
- mode: 0644
+ mode: "0644"
notify: Restart docker
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
@@ -53,14 +53,14 @@
copy:
src: cleanup-docker-orphans.sh
dest: "{{ bin_dir }}/cleanup-docker-orphans.sh"
- mode: 0755
+ mode: "0755"
when: docker_orphan_clean_up | bool
- name: Write docker orphan clean up systemd drop-in
template:
src: docker-orphan-cleanup.conf.j2
dest: "/etc/systemd/system/docker.service.d/docker-orphan-cleanup.conf"
- mode: 0644
+ mode: "0644"
notify: Restart docker
when: docker_orphan_clean_up | bool
diff --git a/roles/container-engine/gvisor/molecule/default/prepare.yml b/roles/container-engine/gvisor/molecule/default/prepare.yml
index 3ec360225..57c21f2dd 100644
--- a/roles/container-engine/gvisor/molecule/default/prepare.yml
+++ b/roles/container-engine/gvisor/molecule/default/prepare.yml
@@ -29,7 +29,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -38,12 +38,12 @@
path: /etc/cni/net.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/gvisor/tasks/main.yml b/roles/container-engine/gvisor/tasks/main.yml
index 1a8277b72..13b19a2f6 100644
--- a/roles/container-engine/gvisor/tasks/main.yml
+++ b/roles/container-engine/gvisor/tasks/main.yml
@@ -13,7 +13,7 @@
copy:
src: "{{ item.src }}"
dest: "{{ bin_dir }}/{{ item.dest }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
with_items:
- { src: "{{ downloads.gvisor_runsc.dest }}", dest: "runsc" }
diff --git a/roles/container-engine/kata-containers/molecule/default/prepare.yml b/roles/container-engine/kata-containers/molecule/default/prepare.yml
index 9d7019a6d..a5abd27bb 100644
--- a/roles/container-engine/kata-containers/molecule/default/prepare.yml
+++ b/roles/container-engine/kata-containers/molecule/default/prepare.yml
@@ -29,7 +29,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -38,12 +38,12 @@
path: /etc/cni/net.d
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/kata-containers/tasks/main.yml b/roles/container-engine/kata-containers/tasks/main.yml
index e795b1f8d..38778987d 100644
--- a/roles/container-engine/kata-containers/tasks/main.yml
+++ b/roles/container-engine/kata-containers/tasks/main.yml
@@ -8,7 +8,7 @@
unarchive:
src: "{{ downloads.kata_containers.dest }}"
dest: "/"
- mode: 0755
+ mode: "0755"
owner: root
group: root
remote_src: yes
@@ -17,13 +17,13 @@
file:
path: "{{ kata_containers_config_dir }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Kata-containers | Set configuration
template:
src: "{{ item }}.j2"
dest: "{{ kata_containers_config_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- configuration-qemu.toml
@@ -33,7 +33,7 @@
template:
dest: "{{ kata_containers_containerd_bin_dir }}/containerd-shim-kata-{{ item }}-v2"
src: containerd-shim-kata-v2.j2
- mode: 0755
+ mode: "0755"
with_items:
- qemu
@@ -48,7 +48,7 @@
- name: Kata-containers | Persist vhost kernel modules
copy:
dest: /etc/modules-load.d/kubespray-kata-containers.conf
- mode: 0644
+ mode: "0644"
content: |
vhost_vsock
vhost_net
diff --git a/roles/container-engine/nerdctl/handlers/main.yml b/roles/container-engine/nerdctl/handlers/main.yml
index 27895ff74..98de60c1c 100644
--- a/roles/container-engine/nerdctl/handlers/main.yml
+++ b/roles/container-engine/nerdctl/handlers/main.yml
@@ -9,4 +9,4 @@
copy:
dest: /etc/bash_completion.d/nerdctl
content: "{{ nerdctl_completion.stdout }}"
- mode: 0644
+ mode: "0644"
diff --git a/roles/container-engine/nerdctl/tasks/main.yml b/roles/container-engine/nerdctl/tasks/main.yml
index e4e4ebd15..d3cd0070c 100644
--- a/roles/container-engine/nerdctl/tasks/main.yml
+++ b/roles/container-engine/nerdctl/tasks/main.yml
@@ -8,7 +8,7 @@
copy:
src: "{{ local_release_dir }}/nerdctl"
dest: "{{ bin_dir }}/nerdctl"
- mode: 0755
+ mode: "0755"
remote_src: true
owner: root
group: root
@@ -21,7 +21,7 @@
file:
path: /etc/nerdctl
state: directory
- mode: 0755
+ mode: "0755"
owner: root
group: root
become: true
@@ -30,7 +30,7 @@
template:
src: nerdctl.toml.j2
dest: /etc/nerdctl/nerdctl.toml
- mode: 0644
+ mode: "0644"
owner: root
group: root
become: true
diff --git a/roles/container-engine/runc/tasks/main.yml b/roles/container-engine/runc/tasks/main.yml
index 542a447d5..3ee3fdae0 100644
--- a/roles/container-engine/runc/tasks/main.yml
+++ b/roles/container-engine/runc/tasks/main.yml
@@ -27,7 +27,7 @@
copy:
src: "{{ downloads.runc.dest }}"
dest: "{{ runc_bin_dir }}/runc"
- mode: 0755
+ mode: "0755"
remote_src: true
- name: Runc | Remove orphaned binary
diff --git a/roles/container-engine/skopeo/tasks/main.yml b/roles/container-engine/skopeo/tasks/main.yml
index cef0424cd..95bb9697f 100644
--- a/roles/container-engine/skopeo/tasks/main.yml
+++ b/roles/container-engine/skopeo/tasks/main.yml
@@ -28,5 +28,5 @@
copy:
src: "{{ downloads.skopeo.dest }}"
dest: "{{ bin_dir }}/skopeo"
- mode: 0755
+ mode: "0755"
remote_src: true
diff --git a/roles/container-engine/youki/molecule/default/prepare.yml b/roles/container-engine/youki/molecule/default/prepare.yml
index 119f58add..a72bdad7f 100644
--- a/roles/container-engine/youki/molecule/default/prepare.yml
+++ b/roles/container-engine/youki/molecule/default/prepare.yml
@@ -29,7 +29,7 @@
src: "{{ item }}"
dest: "/tmp/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- container.json
- sandbox.json
@@ -38,12 +38,12 @@
path: /etc/cni/net.d
state: directory
owner: root
- mode: 0755
+ mode: "0755"
- name: Setup CNI
copy:
src: "{{ item }}"
dest: "/etc/cni/net.d/{{ item }}"
owner: root
- mode: 0644
+ mode: "0644"
with_items:
- 10-mynet.conf
diff --git a/roles/container-engine/youki/tasks/main.yml b/roles/container-engine/youki/tasks/main.yml
index e88f663e3..86182a366 100644
--- a/roles/container-engine/youki/tasks/main.yml
+++ b/roles/container-engine/youki/tasks/main.yml
@@ -8,5 +8,5 @@
copy:
src: "{{ local_release_dir }}/youki_{{ youki_version | regex_replace('\\.', '_') }}_linux/youki-{{ youki_version }}/youki"
dest: "{{ youki_bin_dir }}/youki"
- mode: 0755
+ mode: "0755"
remote_src: true
diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml
index 9773366f0..00dd33a28 100644
--- a/roles/download/tasks/download_file.yml
+++ b/roles/download/tasks/download_file.yml
@@ -22,7 +22,7 @@
file:
path: "{{ download.dest | dirname }}"
owner: "{{ download.owner | default(omit) }}"
- mode: 0755
+ mode: "0755"
state: directory
recurse: yes
diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml
index 58e508491..a8a79d711 100644
--- a/roles/download/tasks/prep_download.yml
+++ b/roles/download/tasks/prep_download.yml
@@ -69,7 +69,7 @@
file:
path: "{{ local_release_dir }}/images"
state: directory
- mode: 0755
+ mode: "0755"
owner: "{{ ansible_ssh_user | default(ansible_user_id) }}"
when:
- ansible_os_family not in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
@@ -78,7 +78,7 @@
file:
path: "{{ download_cache_dir }}/images"
state: directory
- mode: 0755
+ mode: "0755"
delegate_to: localhost
connection: local
delegate_facts: no
diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml
index fdfed1d08..ca7055c49 100644
--- a/roles/download/tasks/prep_kubeadm_images.yml
+++ b/roles/download/tasks/prep_kubeadm_images.yml
@@ -18,7 +18,7 @@
template:
src: "kubeadm-images.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-images.yaml"
- mode: 0644
+ mode: "0644"
when:
- not skip_kubeadm_images | default(false)
@@ -26,7 +26,7 @@
copy:
src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm"
- mode: 0755
+ mode: "0755"
remote_src: true
- name: Prep_kubeadm_images | Set kubeadm binary permissions
diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml
index b79dd0148..9c05a3ad0 100644
--- a/roles/etcd/handlers/backup.yml
+++ b/roles/etcd/handlers/backup.yml
@@ -16,7 +16,7 @@
state: directory
owner: root
group: root
- mode: 0600
+ mode: "0600"
listen: Restart etcd
when: etcd_cluster_is_healthy.rc == 0
diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml
index 438dbc7df..6afc5eba0 100644
--- a/roles/etcd/tasks/configure.yml
+++ b/roles/etcd/tasks/configure.yml
@@ -50,7 +50,7 @@
src: "etcd-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd.service
backup: yes
- mode: 0644
+ mode: "0644"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-{{ etcd_deployment_type }}.service'"
@@ -61,7 +61,7 @@
src: "etcd-events-{{ etcd_deployment_type }}.service.j2"
dest: /etc/systemd/system/etcd-events.service
backup: yes
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:etcd-events-{{ etcd_deployment_type }}.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml
index 33e9d94c6..711c14d64 100644
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@@ -13,7 +13,7 @@
path: "{{ etcd_script_dir }}"
state: directory
owner: root
- mode: 0700
+ mode: "0700"
run_once: yes
when: inventory_hostname == groups['etcd'][0]
@@ -21,7 +21,7 @@
template:
src: "openssl.conf.j2"
dest: "{{ etcd_config_dir }}/openssl.conf"
- mode: 0640
+ mode: "0640"
run_once: yes
delegate_to: "{{ groups['etcd'][0] }}"
when:
@@ -32,7 +32,7 @@
template:
src: "make-ssl-etcd.sh.j2"
dest: "{{ etcd_script_dir }}/make-ssl-etcd.sh"
- mode: 0700
+ mode: "0700"
run_once: yes
when:
- gen_certs | default(false)
@@ -90,7 +90,7 @@
content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}"
owner: "{{ etcd_owner }}"
- mode: 0640
+ mode: "0640"
with_items: "{{ etcd_master_certs.results }}"
when:
- inventory_hostname in groups['etcd']
@@ -122,7 +122,7 @@
content: "{{ item.content | b64decode }}"
group: "{{ etcd_cert_group }}"
owner: "{{ etcd_owner }}"
- mode: 0640
+ mode: "0640"
with_items: "{{ etcd_master_node_certs.results }}"
when:
- inventory_hostname in groups['etcd']
diff --git a/roles/etcd/tasks/install_docker.yml b/roles/etcd/tasks/install_docker.yml
index cc2fdecf5..a7aba5094 100644
--- a/roles/etcd/tasks/install_docker.yml
+++ b/roles/etcd/tasks/install_docker.yml
@@ -28,7 +28,7 @@
src: etcd.j2
dest: "{{ bin_dir }}/etcd"
owner: 'root'
- mode: 0750
+ mode: "0750"
backup: yes
when: etcd_cluster_setup
@@ -37,6 +37,6 @@
src: etcd-events.j2
dest: "{{ bin_dir }}/etcd-events"
owner: 'root'
- mode: 0750
+ mode: "0750"
backup: yes
when: etcd_events_cluster_setup
diff --git a/roles/etcd/tasks/install_host.yml b/roles/etcd/tasks/install_host.yml
index d4baa2aac..7bfc7e2ab 100644
--- a/roles/etcd/tasks/install_host.yml
+++ b/roles/etcd/tasks/install_host.yml
@@ -24,7 +24,7 @@
copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
with_items:
- etcd
diff --git a/roles/etcd/tasks/refresh_config.yml b/roles/etcd/tasks/refresh_config.yml
index d5e004532..effebbddb 100644
--- a/roles/etcd/tasks/refresh_config.yml
+++ b/roles/etcd/tasks/refresh_config.yml
@@ -3,7 +3,7 @@
template:
src: etcd.env.j2
dest: /etc/etcd.env
- mode: 0640
+ mode: "0640"
notify: Restart etcd
when: is_etcd_master and etcd_cluster_setup
@@ -11,6 +11,6 @@
template:
src: etcd-events.env.j2
dest: /etc/etcd-events.env
- mode: 0640
+ mode: "0640"
notify: Restart etcd-events
when: is_etcd_master and etcd_events_cluster_setup
diff --git a/roles/etcd/tasks/upd_ca_trust.yml b/roles/etcd/tasks/upd_ca_trust.yml
index 22c5901e5..ec81e17f1 100644
--- a/roles/etcd/tasks/upd_ca_trust.yml
+++ b/roles/etcd/tasks/upd_ca_trust.yml
@@ -21,7 +21,7 @@
src: "{{ etcd_cert_dir }}/ca.pem"
dest: "{{ ca_cert_path }}"
remote_src: true
- mode: 0640
+ mode: "0640"
register: etcd_ca_cert
- name: Gen_certs | update ca-certificates (Debian/Ubuntu/SUSE/Flatcar) # noqa no-handler
diff --git a/roles/etcdctl_etcdutl/tasks/main.yml b/roles/etcdctl_etcdutl/tasks/main.yml
index be0eea4e7..b9e6832f5 100644
--- a/roles/etcdctl_etcdutl/tasks/main.yml
+++ b/roles/etcdctl_etcdutl/tasks/main.yml
@@ -31,7 +31,7 @@
copy:
src: "{{ local_release_dir }}/etcd-{{ etcd_version }}-linux-{{ host_architecture }}/{{ item }}"
dest: "{{ bin_dir }}/{{ item }}"
- mode: 0755
+ mode: "0755"
remote_src: yes
with_items:
- etcdctl
@@ -42,4 +42,4 @@
template:
src: etcdctl.sh.j2
dest: "{{ bin_dir }}/etcdctl.sh"
- mode: 0755
+ mode: "0755"
diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml
index 897c6189f..46e2006b9 100644
--- a/roles/kubernetes-apps/ansible/tasks/coredns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
loop:
- { name: coredns, file: coredns-clusterrole.yml, type: clusterrole }
- { name: coredns, file: coredns-clusterrolebinding.yml, type: clusterrolebinding }
@@ -31,7 +31,7 @@
template:
src: "{{ item.src }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: coredns, src: coredns-deployment.yml, file: coredns-deployment-secondary.yml, type: deployment }
- { name: coredns, src: coredns-svc.yml, file: coredns-svc-secondary.yml, type: svc }
diff --git a/roles/kubernetes-apps/ansible/tasks/dashboard.yml b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
index 480b3dbf1..587267477 100644
--- a/roles/kubernetes-apps/ansible/tasks/dashboard.yml
+++ b/roles/kubernetes-apps/ansible/tasks/dashboard.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { file: dashboard.yml, type: deploy, name: kubernetes-dashboard }
register: manifests
diff --git a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
index 548de89fd..580ab66db 100644
--- a/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
+++ b/roles/kubernetes-apps/ansible/tasks/etcd_metrics.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { file: etcd_metrics-endpoints.yml, type: endpoints, name: etcd-metrics }
- { file: etcd_metrics-service.yml, type: service, name: etcd-metrics }
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 0011e7fc8..2cf4b5dc9 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -29,7 +29,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ netchecker_templates }}"
register: manifests
when:
diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
index b438afb88..7e522e29e 100644
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -20,7 +20,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
- { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
@@ -51,7 +51,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: nodelocaldns, file: nodelocaldns-second-daemonset.yml, type: daemonset }
register: nodelocaldns_second_manifests
diff --git a/roles/kubernetes-apps/argocd/tasks/main.yml b/roles/kubernetes-apps/argocd/tasks/main.yml
index e11f0976b..3cfe06fc7 100644
--- a/roles/kubernetes-apps/argocd/tasks/main.yml
+++ b/roles/kubernetes-apps/argocd/tasks/main.yml
@@ -36,7 +36,7 @@
url: "{{ item.url }}"
unarchive: false
owner: "root"
- mode: 0644
+ mode: "0644"
sha256: ""
download: "{{ download_defaults | combine(download_argocd) }}"
with_items: "{{ argocd_templates | selectattr('url', 'defined') | list }}"
@@ -73,7 +73,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ argocd_templates | selectattr('url', 'undefined') | list }}"
loop_control:
label: "{{ item.file }}"
diff --git a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
index 6bfcc25e4..a5913ecc7 100644
--- a/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
+++ b/roles/kubernetes-apps/cloud_controller/oci/tasks/main.yml
@@ -7,7 +7,7 @@
template:
src: controller-manager-config.yml.j2
dest: "{{ kube_config_dir }}/controller-manager-config.yml"
- mode: 0644
+ mode: "0644"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: "OCI Cloud Controller | Slurp Configuration"
@@ -24,7 +24,7 @@
template:
src: oci-cloud-provider.yml.j2
dest: "{{ kube_config_dir }}/oci-cloud-provider.yml"
- mode: 0644
+ mode: "0644"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: "OCI Cloud Controller | Apply Manifests"
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/main.yml b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
index fdb3205d6..8d7230e0a 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/main.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/main.yml
@@ -15,7 +15,7 @@
template:
src: "node-crb.yml.j2"
dest: "{{ kube_config_dir }}/node-crb.yml"
- mode: 0640
+ mode: "0640"
register: node_crb_manifest
when:
- rbac_enabled
@@ -70,7 +70,7 @@
copy:
src: k8s-cluster-critical-pc.yml
dest: "{{ kube_config_dir }}/k8s-cluster-critical-pc.yml"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'] | last
- name: PriorityClass | Create k8s-cluster-critical
diff --git a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
index eb074634e..e5bef6701 100644
--- a/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
+++ b/roles/kubernetes-apps/cluster_roles/tasks/oci.yml
@@ -3,7 +3,7 @@
copy:
src: "oci-rbac.yml"
dest: "{{ kube_config_dir }}/oci-rbac.yml"
- mode: 0640
+ mode: "0640"
when:
- cloud_provider is defined
- cloud_provider == 'oci'
diff --git a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
index 8cba9bf37..325fb5f21 100644
--- a/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
+++ b/roles/kubernetes-apps/container_engine_accelerator/nvidia_gpu/tasks/main.yml
@@ -26,14 +26,14 @@
path: "{{ kube_config_dir }}/addons/container_engine_accelerator"
owner: root
group: root
- mode: 0755
+ mode: "0755"
recurse: true
- name: Container Engine Acceleration Nvidia GPU | Create manifests for nvidia accelerators
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/container_engine_accelerator/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: nvidia-driver-install-daemonset, file: nvidia-driver-install-daemonset.yml, type: daemonset }
- { name: k8s-device-plugin-nvidia-daemonset, file: k8s-device-plugin-nvidia-daemonset.yml, type: daemonset }
diff --git a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
index 90562f229..143c8d843 100644
--- a/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/gvisor/tasks/main.yaml
@@ -4,7 +4,7 @@
path: "{{ kube_config_dir }}/addons/gvisor"
owner: root
group: root
- mode: 0755
+ mode: "0755"
recurse: true
- name: GVisor | Templates List
@@ -16,7 +16,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/gvisor/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ gvisor_templates }}"
register: gvisor_manifests
when:
diff --git a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
index a07c7c288..cd85a6d69 100644
--- a/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
+++ b/roles/kubernetes-apps/container_runtimes/kata_containers/tasks/main.yaml
@@ -5,7 +5,7 @@
path: "{{ kube_config_dir }}/addons/kata_containers"
owner: root
group: root
- mode: 0755
+ mode: "0755"
recurse: true
- name: Kata Containers | Templates list
@@ -17,7 +17,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/kata_containers/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ kata_containers_templates }}"
register: kata_containers_manifests
when:
diff --git a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
index 5570dccfd..fc905e445 100644
--- a/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/aws_ebs/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: aws-ebs-csi-driver, file: aws-ebs-csi-driver.yml}
- {name: aws-ebs-csi-controllerservice, file: aws-ebs-csi-controllerservice-rbac.yml}
diff --git a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
index a94656f48..82d222e50 100644
--- a/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
@@ -7,7 +7,7 @@
src: "azure-csi-cloud-config.j2"
dest: "{{ kube_config_dir }}/azure_csi_cloud_config"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: Azure CSI Driver | Get base64 cloud-config
@@ -20,7 +20,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml}
- {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml}
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
index c6d14a2aa..dd614fe6c 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
@@ -7,5 +7,5 @@
src: "{{ cinder_cacert }}"
dest: "{{ kube_config_dir }}/cinder-cacert.pem"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
delegate_to: "{{ delegate_host_to_write_cacert }}"
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
index 47ce6cd89..f2d1026e8 100644
--- a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
@@ -18,7 +18,7 @@
src: "cinder-csi-cloud-config.j2"
dest: "{{ kube_config_dir }}/cinder_cloud_config"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: Cinder CSI Driver | Get base64 cloud-config
@@ -31,7 +31,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: cinder-csi-driver, file: cinder-csi-driver.yml}
- {name: cinder-csi-cloud-config-secret, file: cinder-csi-cloud-config-secret.yml}
diff --git a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
index 479093120..75111db58 100644
--- a/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/csi_crd/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: volumesnapshotclasses, file: volumesnapshotclasses.yml}
- {name: volumesnapshotcontents, file: volumesnapshotcontents.yml}
diff --git a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
index be511caa4..6ae54d466 100644
--- a/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/gcp_pd/tasks/main.yml
@@ -9,7 +9,7 @@
src: "{{ gcp_pd_csi_sa_cred_file }}"
dest: "{{ kube_config_dir }}/cloud-sa.json"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when: inventory_hostname == groups['kube_control_plane'][0]
- name: GCP PD CSI Driver | Get base64 cloud-sa.json
@@ -22,7 +22,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: gcp-pd-csi-cred-secret, file: gcp-pd-csi-cred-secret.yml}
- {name: gcp-pd-csi-setup, file: gcp-pd-csi-setup.yml}
diff --git a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
index 8f0b69f8c..aafb0fdb4 100644
--- a/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/upcloud/tasks/main.yml
@@ -16,7 +16,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: upcloud-csi-cred-secret, file: upcloud-csi-cred-secret.yml}
- {name: upcloud-csi-setup, file: upcloud-csi-setup.yml}
diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
index 102dd8be0..6bbb4ffa4 100644
--- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml
@@ -6,7 +6,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0640
+ mode: "0640"
with_items:
- vsphere-csi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -15,7 +15,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- vsphere-csi-namespace.yml
- vsphere-csi-driver.yml
diff --git a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
index c626e78e9..6b482ccd3 100644
--- a/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/hcloud/tasks/main.yml
@@ -4,7 +4,7 @@
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
with_items:
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
diff --git a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
index 880be0dfc..3d82ded77 100644
--- a/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/huaweicloud/tasks/main.yml
@@ -24,7 +24,7 @@
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
with_items:
- {name: external-huawei-cloud-config-secret, file: external-huawei-cloud-config-secret.yml}
- {name: external-huawei-cloud-controller-manager-roles, file: external-huawei-cloud-controller-manager-roles.yml}
diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
index 787dbb444..8c930f3aa 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
@@ -24,7 +24,7 @@
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
with_items:
- {name: external-openstack-cloud-config-secret, file: external-openstack-cloud-config-secret.yml}
- {name: external-openstack-cloud-controller-manager-roles, file: external-openstack-cloud-controller-manager-roles.yml}
diff --git a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
index 60b8ec83b..585eb9817 100644
--- a/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
+++ b/roles/kubernetes-apps/external_cloud_controller/vsphere/tasks/main.yml
@@ -6,7 +6,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0640
+ mode: "0640"
with_items:
- external-vsphere-cpi-cloud-config
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -15,7 +15,7 @@
template:
src: "{{ item }}.j2"
dest: "{{ kube_config_dir }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- external-vsphere-cpi-cloud-config-secret.yml
- external-vsphere-cloud-controller-manager-roles.yml
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
index 86cba2d57..4993eebab 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/tasks/main.yml
@@ -33,7 +33,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -54,7 +54,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cephfs_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ cephfs_provisioner_templates }}"
register: cephfs_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
index 71036ca9d..f3ae87a37 100644
--- a/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_path_provisioner/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -13,7 +13,7 @@
file:
path: "{{ local_path_provisioner_claim_root }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Local Path Provisioner | Render Template
set_fact:
@@ -30,7 +30,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_path_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ local_path_provisioner_templates }}"
register: local_path_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
index 2308b5ca6..bc35b4782 100644
--- a/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/local_volume_provisioner/tasks/main.yml
@@ -12,7 +12,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Local Volume Provisioner | Templates list
set_fact:
@@ -29,7 +29,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ local_volume_provisioner_templates }}"
register: local_volume_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
index 76445dae0..0a1f5b2e2 100644
--- a/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
+++ b/roles/kubernetes-apps/external_provisioner/rbd_provisioner/tasks/main.yml
@@ -33,7 +33,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -54,7 +54,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/rbd_provisioner/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ rbd_provisioner_templates }}"
register: rbd_provisioner_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index eae0e2171..61596aefb 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -32,7 +32,7 @@
copy:
src: "{{ local_release_dir }}/helm-{{ helm_version }}/linux-{{ image_arch }}/helm"
dest: "{{ bin_dir }}/helm"
- mode: 0755
+ mode: "0755"
remote_src: true
- name: Helm | Get helm completion
@@ -45,5 +45,5 @@
copy:
dest: /etc/bash_completion.d/helm.sh
content: "{{ helm_completion.stdout }}"
- mode: 0755
+ mode: "0755"
become: True
diff --git a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
index 8a188a4cb..451487738 100644
--- a/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/alb_ingress_controller/tasks/main.yml
@@ -6,13 +6,13 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: ALB Ingress Controller | Create manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/alb_ingress/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: alb-ingress-clusterrole, file: alb-ingress-clusterrole.yml, type: clusterrole }
- { name: alb-ingress-clusterrolebinding, file: alb-ingress-clusterrolebinding.yml, type: clusterrolebinding }
diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
index 4af64adc5..8012e77d5 100644
--- a/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/cert_manager/tasks/main.yml
@@ -24,7 +24,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -38,7 +38,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/cert_manager/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ cert_manager_templates }}"
register: cert_manager_manifests
when:
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
index 518094af7..be26060b8 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/tasks/main.yml
@@ -6,7 +6,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -50,7 +50,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/ingress_nginx/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ ingress_nginx_templates }}"
register: ingress_nginx_manifests
when:
diff --git a/roles/kubernetes-apps/krew/tasks/krew.yml b/roles/kubernetes-apps/krew/tasks/krew.yml
index a8b52010b..e46dbb48d 100644
--- a/roles/kubernetes-apps/krew/tasks/krew.yml
+++ b/roles/kubernetes-apps/krew/tasks/krew.yml
@@ -8,13 +8,13 @@
template:
src: krew.j2
dest: /etc/bash_completion.d/krew
- mode: 0644
+ mode: "0644"
- name: Krew | Copy krew manifest
template:
src: krew.yml.j2
dest: "{{ local_release_dir }}/krew.yml"
- mode: 0644
+ mode: "0644"
- name: Krew | Install krew # noqa command-instead-of-shell
shell: "{{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }} install --archive={{ local_release_dir }}/krew-{{ host_os }}_{{ image_arch }}.tar.gz --manifest={{ local_release_dir }}/krew.yml"
@@ -33,6 +33,6 @@
copy:
dest: /etc/bash_completion.d/krew.sh
content: "{{ krew_completion.stdout }}"
- mode: 0755
+ mode: "0755"
become: True
when: krew_completion.rc == 0
diff --git a/roles/kubernetes-apps/metallb/tasks/main.yml b/roles/kubernetes-apps/metallb/tasks/main.yml
index 6a804cbef..5e6757b3d 100644
--- a/roles/kubernetes-apps/metallb/tasks/main.yml
+++ b/roles/kubernetes-apps/metallb/tasks/main.yml
@@ -16,7 +16,7 @@
template:
src: "metallb.yaml.j2"
dest: "{{ kube_config_dir }}/metallb.yaml"
- mode: 0644
+ mode: "0644"
register: metallb_rendering
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -47,7 +47,7 @@
ansible.builtin.template:
src: pools.yaml.j2
dest: "{{ kube_config_dir }}/pools.yaml"
- mode: 0644
+ mode: "0644"
register: pools_rendering
- name: MetalLB | Create address pools configuration
@@ -67,7 +67,7 @@
ansible.builtin.template:
src: layer2.yaml.j2
dest: "{{ kube_config_dir }}/layer2.yaml"
- mode: 0644
+ mode: "0644"
register: layer2_rendering
- name: MetalLB | Create layer2 configuration
@@ -87,7 +87,7 @@
ansible.builtin.template:
src: layer3.yaml.j2
dest: "{{ kube_config_dir }}/layer3.yaml"
- mode: 0644
+ mode: "0644"
register: layer3_rendering
- name: MetalLB | Create layer3 configuration
diff --git a/roles/kubernetes-apps/metrics_server/tasks/main.yml b/roles/kubernetes-apps/metrics_server/tasks/main.yml
index 1fe617de8..3517686cb 100644
--- a/roles/kubernetes-apps/metrics_server/tasks/main.yml
+++ b/roles/kubernetes-apps/metrics_server/tasks/main.yml
@@ -19,7 +19,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -39,7 +39,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/metrics_server/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ metrics_server_templates }}"
register: metrics_server_manifests
when:
diff --git a/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml b/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
index b7e930afe..eb2237a8c 100644
--- a/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
+++ b/roles/kubernetes-apps/node_feature_discovery/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
@@ -31,7 +31,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/node_feature_discovery/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ node_feature_discovery_templates }}"
register: node_feature_discovery_manifests
when:
diff --git a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
index b49acdfbd..d31f9c6d9 100644
--- a/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/aws-ebs-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "aws-ebs-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/aws-ebs-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
index 9abffbe1f..4a2bff006 100644
--- a/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "azure-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
index 52de1c5a2..78ebe78de 100644
--- a/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/cinder-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "cinder-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
index 29997e7c6..f58e4cbde 100644
--- a/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/gcp-pd-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "gcp-pd-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/gcp-pd-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
index 3387e7ff4..90b3ad7f4 100644
--- a/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/openstack/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "openstack-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/openstack-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
index 26104a092..aed567937 100644
--- a/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/persistent_volumes/upcloud-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "upcloud-csi-storage-class.yml.j2"
dest: "{{ kube_config_dir }}/upcloud-csi-storage-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index ba2eebbce..fa0c994a1 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico-kube-controllers, file: calico-kube-controllers.yml, type: deployment}
- {name: calico-kube-controllers, file: calico-kube-sa.yml, type: sa}
diff --git a/roles/kubernetes-apps/registry/tasks/main.yml b/roles/kubernetes-apps/registry/tasks/main.yml
index a915e0773..4e4979d1e 100644
--- a/roles/kubernetes-apps/registry/tasks/main.yml
+++ b/roles/kubernetes-apps/registry/tasks/main.yml
@@ -31,7 +31,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Registry | Templates list
set_fact:
@@ -54,7 +54,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items: "{{ registry_templates }}"
register: registry_manifests
when: inventory_hostname == groups['kube_control_plane'][0]
@@ -74,7 +74,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/registry/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: registry-pvc, file: registry-pvc.yml, type: pvc }
register: registry_manifests
diff --git a/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml b/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml
index d17b19128..404a2cb93 100644
--- a/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml
+++ b/roles/kubernetes-apps/scheduler_plugins/tasks/main.yml
@@ -5,7 +5,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: inventory_hostname == groups['kube_control_plane'][0]
tags:
- scheduler_plugins
@@ -14,7 +14,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/scheduler-plugins/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- { name: appgroup, file: appgroup.diktyo.x-k8s.io_appgroups.yaml, type: crd }
- { name: networktopology, file: networktopology.diktyo.x-k8s.io_networktopologies.yaml, type: crd }
diff --git a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
index 7e9116f15..35ec4cd85 100644
--- a/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/cinder-csi/tasks/main.yml
@@ -3,7 +3,7 @@
template:
src: "cinder-csi-snapshot-class.yml.j2"
dest: "{{ kube_config_dir }}/cinder-csi-snapshot-class.yml"
- mode: 0644
+ mode: "0644"
register: manifests
when:
- inventory_hostname == groups['kube_control_plane'][0]
diff --git a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
index e6da2920a..0c5d3aeba 100644
--- a/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
+++ b/roles/kubernetes-apps/snapshots/snapshot-controller/tasks/main.yml
@@ -13,7 +13,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: snapshot-ns, file: snapshot-ns.yml, apply: not snapshot_namespace_exists}
- {name: rbac-snapshot-controller, file: rbac-snapshot-controller.yml}
diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
index e6197611e..cc7887750 100644
--- a/roles/kubernetes/client/tasks/main.yml
+++ b/roles/kubernetes/client/tasks/main.yml
@@ -80,7 +80,7 @@
copy:
content: "{{ final_admin_kubeconfig | to_nice_yaml(indent=2) }}"
dest: "{{ artifacts_dir }}/admin.conf"
- mode: 0600
+ mode: "0600"
delegate_to: localhost
connection: local
become: no
@@ -106,7 +106,7 @@
#!/bin/bash
${BASH_SOURCE%/*}/kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf "$@"
dest: "{{ artifacts_dir }}/kubectl.sh"
- mode: 0755
+ mode: "0755"
become: no
run_once: yes
delegate_to: localhost
diff --git a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
index 209e4c730..9b998c52b 100644
--- a/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
+++ b/roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
@@ -37,4 +37,4 @@
dest: "{{ kube_cert_dir }}/secrets_encryption.yaml"
owner: root
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
index 9de55c544..788d6b8f3 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-etcd.yml
@@ -25,5 +25,5 @@
path: "{{ etcd_data_dir }}"
owner: "{{ etcd_owner }}"
group: "{{ etcd_owner }}"
- mode: 0700
+ mode: "0700"
when: etcd_deployment_type == "kubeadm"
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
index e10ef7fab..128e93f36 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
@@ -34,7 +34,7 @@
template:
src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
- mode: 0640
+ mode: "0640"
backup: yes
when:
- inventory_hostname != first_kube_control_plane
@@ -77,7 +77,7 @@
dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml"
content: "{{ kubeconfig_file_discovery.stdout }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when:
- inventory_hostname != first_kube_control_plane
- kubeadm_use_file_discovery
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index ceaafa06c..dfbe604a4 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -51,35 +51,35 @@
file:
path: "{{ audit_policy_file | dirname }}"
state: directory
- mode: 0640
+ mode: "0640"
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
- name: Write api audit policy yaml
template:
src: apiserver-audit-policy.yaml.j2
dest: "{{ audit_policy_file }}"
- mode: 0640
+ mode: "0640"
when: kubernetes_audit | default(false) or kubernetes_audit_webhook | default(false)
- name: Write api audit webhook config yaml
template:
src: apiserver-audit-webhook-config.yaml.j2
dest: "{{ audit_webhook_config_file }}"
- mode: 0640
+ mode: "0640"
when: kubernetes_audit_webhook | default(false)
- name: Create apiserver tracing config directory
file:
path: "{{ kube_config_dir }}/tracing"
state: directory
- mode: 0640
+ mode: "0640"
when: kube_apiserver_tracing
- name: Write apiserver tracing config yaml
template:
src: apiserver-tracing.yaml.j2
dest: "{{ kube_config_dir }}/tracing/apiserver-tracing.yaml"
- mode: 0640
+ mode: "0640"
when: kube_apiserver_tracing
# Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
@@ -96,27 +96,27 @@
template:
src: "kubeadm-config.{{ kubeadmConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubeadm-config.yaml"
- mode: 0640
+ mode: "0640"
- name: Kubeadm | Create directory to store admission control configurations
file:
path: "{{ kube_config_dir }}/admission-controls"
state: directory
- mode: 0640
+ mode: "0640"
when: kube_apiserver_admission_control_config_file
- name: Kubeadm | Push admission control config file
template:
src: "admission-controls.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/admission-controls.yaml"
- mode: 0640
+ mode: "0640"
when: kube_apiserver_admission_control_config_file
- name: Kubeadm | Push admission control config files
template:
src: "{{ item | lower }}.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/{{ item | lower }}.yaml"
- mode: 0640
+ mode: "0640"
when:
- kube_apiserver_admission_control_config_file
- item in kube_apiserver_admission_plugins_needs_configuration
@@ -126,7 +126,7 @@
template:
src: "podnodeselector.yaml.j2"
dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml"
- mode: 0640
+ mode: "0640"
when:
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined
- kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0
@@ -178,7 +178,7 @@
file:
path: "{{ kubeadm_patches.dest_dir }}"
state: directory
- mode: 0640
+ mode: "0640"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Copy kubeadm patches from inventory files
@@ -186,7 +186,7 @@
src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Initialize first master
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index 37f36ab14..b1e2ee2a9 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -8,21 +8,21 @@
template:
src: webhook-token-auth-config.yaml.j2
dest: "{{ kube_config_dir }}/webhook-token-auth-config.yaml"
- mode: 0640
+ mode: "0640"
when: kube_webhook_token_auth | default(false)
- name: Create webhook authorization config
template:
src: webhook-authorization-config.yaml.j2
dest: "{{ kube_config_dir }}/webhook-authorization-config.yaml"
- mode: 0640
+ mode: "0640"
when: kube_webhook_authorization | default(false)
- name: Create kube-scheduler config
template:
src: kubescheduler-config.yaml.j2
dest: "{{ kube_config_dir }}/kubescheduler-config.yaml"
- mode: 0644
+ mode: "0644"
- name: Apply Kubernetes encrypt at rest config
import_tasks: encrypt-at-rest.yml
@@ -35,7 +35,7 @@
copy:
src: "{{ downloads.kubectl.dest }}"
dest: "{{ bin_dir }}/kubectl"
- mode: 0755
+ mode: "0755"
remote_src: true
tags:
- kubectl
@@ -53,7 +53,7 @@
path: /etc/bash_completion.d/kubectl.sh
owner: root
group: root
- mode: 0755
+ mode: "0755"
when: ansible_os_family in ["Debian","RedHat"]
tags:
- kubectl
@@ -101,13 +101,13 @@
template:
src: k8s-certs-renew.sh.j2
dest: "{{ bin_dir }}/k8s-certs-renew.sh"
- mode: 0755
+ mode: "0755"
- name: Renew K8S control plane certificates monthly 1/2
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
- mode: 0644
+ mode: "0644"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:{{item}}'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
index d39ea2b9f..13420c0b9 100644
--- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
+++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
@@ -8,7 +8,7 @@
template:
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
dest: "{{ kube_config_dir }}/kubeadm-cert-controlplane.conf"
- mode: 0640
+ mode: "0640"
vars:
kubeadm_cert_controlplane: true
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index e8b5dceb6..2cb271a9e 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -69,7 +69,7 @@
dest: "{{ kube_config_dir }}/cluster-info-discovery-kubeconfig.yaml"
content: "{{ kubeconfig_file_discovery.stdout }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when:
- not is_kube_master
- not kubelet_conf.stat.exists
@@ -80,14 +80,14 @@
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
dest: "{{ kube_config_dir }}/kubeadm-client.conf"
backup: yes
- mode: 0640
+ mode: "0640"
when: not is_kube_master
- name: Kubeadm | Create directory to store kubeadm patches
file:
path: "{{ kubeadm_patches.dest_dir }}"
state: directory
- mode: 0640
+ mode: "0640"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Kubeadm | Copy kubeadm patches from inventory files
@@ -95,7 +95,7 @@
src: "{{ kubeadm_patches.source_dir }}/"
dest: "{{ kubeadm_patches.dest_dir }}"
owner: "root"
- mode: 0644
+ mode: "0644"
when: kubeadm_patches is defined and kubeadm_patches.enabled
- name: Join to cluster if needed
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index fb1e8adc5..a89ba94ef 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -3,7 +3,7 @@
copy:
src: "{{ downloads.kubeadm.dest }}"
dest: "{{ bin_dir }}/kubeadm"
- mode: 0755
+ mode: "0755"
remote_src: true
tags:
- kubeadm
@@ -14,7 +14,7 @@
copy:
src: "{{ downloads.kubelet.dest }}"
dest: "{{ bin_dir }}/kubelet"
- mode: 0755
+ mode: "0755"
remote_src: true
tags:
- kubelet
diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index d8ff9e230..b63aefe1f 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -12,7 +12,7 @@
dest: "{{ kube_config_dir }}/kubelet.env"
setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
backup: yes
- mode: 0600
+ mode: "0600"
notify: Node | restart kubelet
tags:
- kubelet
@@ -22,7 +22,7 @@
template:
src: "kubelet-config.{{ kubeletConfig_api_version }}.yaml.j2"
dest: "{{ kube_config_dir }}/kubelet-config.yaml"
- mode: 0600
+ mode: "0600"
notify: Kubelet | restart kubelet
tags:
- kubelet
@@ -33,7 +33,7 @@
src: "kubelet.service.j2"
dest: "/etc/systemd/system/kubelet.service"
backup: "yes"
- mode: 0600
+ mode: "0600"
validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:kubelet.service'"
# FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
# Remove once we drop support for systemd < 250
diff --git a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
index 7e5cfcedd..2d3454e5a 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
@@ -8,7 +8,7 @@
file:
path: "{{ haproxy_config_dir }}"
state: directory
- mode: 0755
+ mode: "0755"
owner: root
- name: Haproxy | Write haproxy configuration
@@ -16,7 +16,7 @@
src: "loadbalancer/haproxy.cfg.j2"
dest: "{{ haproxy_config_dir }}/haproxy.cfg"
owner: root
- mode: 0755
+ mode: "0755"
backup: yes
- name: Haproxy | Get checksum from config
@@ -31,4 +31,4 @@
template:
src: manifests/haproxy.manifest.j2
dest: "{{ kube_manifest_dir }}/haproxy.yml"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
index f7b04a624..7e3471593 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml
@@ -10,4 +10,4 @@
template:
src: manifests/kube-vip.manifest.j2
dest: "{{ kube_manifest_dir }}/kube-vip.yml"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
index 5b82ff620..aeeacc80d 100644
--- a/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
+++ b/roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
@@ -8,7 +8,7 @@
file:
path: "{{ nginx_config_dir }}"
state: directory
- mode: 0700
+ mode: "0700"
owner: root
- name: Nginx-proxy | Write nginx-proxy configuration
@@ -16,7 +16,7 @@
src: "loadbalancer/nginx.conf.j2"
dest: "{{ nginx_config_dir }}/nginx.conf"
owner: root
- mode: 0755
+ mode: "0755"
backup: yes
- name: Nginx-proxy | Get checksum from config
@@ -31,4 +31,4 @@
template:
src: manifests/nginx-proxy.manifest.j2
dest: "{{ kube_manifest_dir }}/nginx-proxy.yml"
- mode: 0640
+ mode: "0640"
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 9e15b16d9..7dc211405 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -14,7 +14,7 @@
file:
path: /var/lib/cni
state: directory
- mode: 0755
+ mode: "0755"
- name: Install kubelet binary
import_tasks: install.yml
@@ -74,7 +74,7 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ mode: "0755"
loop:
- /etc/modules-load.d
- /etc/modprobe.d
@@ -89,7 +89,7 @@
copy:
dest: /etc/modules-load.d/kubespray-br_netfilter.conf
content: br_netfilter
- mode: 0644
+ mode: "0644"
when: modinfo_br_netfilter.rc == 0
# kube-proxy needs net.bridge.bridge-nf-call-iptables enabled when found if br_netfilter is not a module
@@ -162,7 +162,7 @@
content: "{{ openstack_cacert | b64decode if openstack_cacert_is_base64 else omit }}"
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when:
- cloud_provider is defined
- cloud_provider == 'openstack'
@@ -176,7 +176,7 @@
src: "cloud-configs/{{ cloud_provider }}-cloud-config.j2"
dest: "{{ kube_config_dir }}/cloud_config"
group: "{{ kube_cert_group }}"
- mode: 0640
+ mode: "0640"
when:
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere', 'aws', 'gce' ]
diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
index f77398986..2fff8ef56 100644
--- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
+++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml
@@ -4,7 +4,7 @@
path: "{{ item }}"
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
when: inventory_hostname in groups['k8s_cluster']
become: true
tags:
@@ -28,7 +28,7 @@
path: "{{ item }}"
state: directory
owner: root
- mode: 0755
+ mode: "0755"
when: inventory_hostname in groups['k8s_cluster']
become: true
tags:
@@ -61,7 +61,7 @@
src: "{{ kube_cert_dir }}"
dest: "{{ kube_cert_compat_dir }}"
state: link
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname in groups['k8s_cluster']
- kube_cert_dir != kube_cert_compat_dir
@@ -72,7 +72,7 @@
path: "{{ item }}"
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
with_items:
- "/etc/cni/net.d"
- "/opt/cni/bin"
@@ -93,7 +93,7 @@
path: "{{ item }}"
state: directory
owner: "{{ kube_owner }}"
- mode: 0755
+ mode: "0755"
with_items:
- "/var/lib/calico"
when:
diff --git a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
index da5fc8516..6219161fa 100644
--- a/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
+++ b/roles/kubernetes/preinstall/tasks/0060-resolvconf.yml
@@ -19,7 +19,7 @@
create: yes
backup: "{{ not resolvconf_stat.stat.islnk }}"
marker: "# Ansible entries {mark}"
- mode: 0644
+ mode: "0644"
notify: Preinstall | propagate resolvconf to k8s components
- name: Remove search/domain/nameserver options before block
@@ -53,6 +53,6 @@
dest: "{{ resolveconf_cloud_init_conf }}"
src: resolvconf.j2
owner: root
- mode: 0644
+ mode: "0644"
notify: Preinstall | update resolvconf for Flatcar Container Linux by Kinvolk
when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
diff --git a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
index 9edec2e64..f1aa8f5c3 100644
--- a/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
+++ b/roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml
@@ -3,7 +3,7 @@
file:
state: directory
name: /etc/systemd/resolved.conf.d/
- mode: 0755
+ mode: "0755"
- name: Write Kubespray DNS settings to systemd-resolved
template:
@@ -11,5 +11,5 @@
dest: /etc/systemd/resolved.conf.d/kubespray.conf
owner: root
group: root
- mode: 0644
+ mode: "0644"
notify: Preinstall | Restart systemd-resolved
diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
index 44d619160..ca51e88b9 100644
--- a/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
+++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml
@@ -11,7 +11,7 @@
[keyfile]
unmanaged-devices+=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:vxlan-v6.calico
dest: /etc/NetworkManager/conf.d/calico.conf
- mode: 0644
+ mode: "0644"
when:
- kube_network_plugin == "calico"
notify: Preinstall | reload NetworkManager
@@ -24,5 +24,5 @@
[keyfile]
unmanaged-devices+=interface-name:kube-ipvs0;interface-name:nodelocaldns
dest: /etc/NetworkManager/conf.d/k8s.conf
- mode: 0644
+ mode: "0644"
notify: Preinstall | reload NetworkManager
diff --git a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
index 47affa10c..cddbe1ecf 100644
--- a/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
+++ b/roles/kubernetes/preinstall/tasks/0070-system-packages.yml
@@ -30,7 +30,7 @@
Pin-Priority: 1001
dest: "/etc/apt/preferences.d/libseccomp2"
owner: "root"
- mode: 0644
+ mode: "0644"
- name: Update package management cache (APT)
apt:
diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
index 768cd62c9..c08a86e45 100644
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -29,7 +29,7 @@
state: present
create: yes
backup: yes
- mode: 0644
+ mode: "0644"
when:
- disable_ipv6_dns
- not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"]
@@ -67,7 +67,7 @@
file:
name: "{{ sysctl_file_path | dirname }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Enable ip forwarding
ansible.posix.sysctl:
diff --git a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
index da4b312eb..b1e2feead 100644
--- a/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml
@@ -40,7 +40,7 @@
template:
src: "{{ ntp_config_file | basename }}.j2"
dest: "{{ ntp_config_file }}"
- mode: 0644
+ mode: "0644"
notify: Preinstall | restart ntp
when:
- ntp_manage_config
diff --git a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml
index 6bec16998..4ec9a69e6 100644
--- a/roles/kubernetes/preinstall/tasks/0090-etchosts.yml
+++ b/roles/kubernetes/preinstall/tasks/0090-etchosts.yml
@@ -23,7 +23,7 @@
backup: yes
unsafe_writes: yes
marker: "# Ansible inventory hosts {mark}"
- mode: 0644
+ mode: "0644"
- name: Hosts | populate kubernetes loadbalancer address into hosts file
lineinfile:
diff --git a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
index da3814715..480edc86b 100644
--- a/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
+++ b/roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml
@@ -11,7 +11,7 @@
insertbefore: BOF
backup: yes
marker: "# Ansible entries {mark}"
- mode: 0644
+ mode: "0644"
notify: Preinstall | propagate resolvconf to k8s components
- name: Configure dhclient hooks for resolv.conf (non-RH)
@@ -19,7 +19,7 @@
src: dhclient_dnsupdate.sh.j2
dest: "{{ dhclienthookfile }}"
owner: root
- mode: 0755
+ mode: "0755"
notify: Preinstall | propagate resolvconf to k8s components
when: ansible_os_family not in [ "RedHat", "Suse" ]
@@ -28,6 +28,6 @@
src: dhclient_dnsupdate_rh.sh.j2
dest: "{{ dhclienthookfile }}"
owner: root
- mode: 0755
+ mode: "0755"
notify: Preinstall | propagate resolvconf to k8s components
when: ansible_os_family == "RedHat"
diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml
index 6ac6b4907..1dabf9657 100644
--- a/roles/kubernetes/tokens/tasks/gen_tokens.yml
+++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml
@@ -3,7 +3,7 @@
copy:
src: "kube-gen-token.sh"
dest: "{{ kube_script_dir }}/kube-gen-token.sh"
- mode: 0700
+ mode: "0700"
run_once: yes
delegate_to: "{{ groups['kube_control_plane'][0] }}"
when: gen_tokens | default(false)
diff --git a/roles/kubernetes/tokens/tasks/main.yml b/roles/kubernetes/tokens/tasks/main.yml
index c9dfd071d..cab5a06bd 100644
--- a/roles/kubernetes/tokens/tasks/main.yml
+++ b/roles/kubernetes/tokens/tasks/main.yml
@@ -11,7 +11,7 @@
file:
path: "{{ kube_token_dir }}"
state: directory
- mode: 0644
+ mode: "0644"
group: "{{ kube_cert_group }}"
- name: Generate tokens
diff --git a/roles/kubespray-defaults/defaults/main/main.yml b/roles/kubespray-defaults/defaults/main/main.yml
index 05aee39f1..599874fb5 100644
--- a/roles/kubespray-defaults/defaults/main/main.yml
+++ b/roles/kubespray-defaults/defaults/main/main.yml
@@ -402,7 +402,7 @@ metrics_server_enabled: false
enable_network_policy: true
local_path_provisioner_enabled: false
local_volume_provisioner_enabled: false
-local_volume_provisioner_directory_mode: 0700
+local_volume_provisioner_directory_mode: "0700"
cinder_csi_enabled: false
aws_ebs_csi_enabled: false
azure_csi_enabled: false
diff --git a/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml b/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml
index fc336e464..d42917c4e 100644
--- a/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml
+++ b/roles/network_plugin/calico/tasks/calico_apiserver_certs.yml
@@ -9,7 +9,7 @@
template:
src: "calico-apiserver-ns.yml.j2"
dest: "{{ kube_config_dir }}/calico-apiserver-ns.yml"
- mode: 0644
+ mode: "0644"
- name: Calico | Apply ns manifests
kube:
@@ -21,21 +21,21 @@
file:
path: /etc/calico/certs
state: directory
- mode: 0755
+ mode: "0755"
when: calico_apiserver_secret.rc != 0
- name: Calico | Copy ssl script for apiserver certs
template:
src: make-ssl-calico.sh.j2
dest: "{{ bin_dir }}/make-ssl-apiserver.sh"
- mode: 0755
+ mode: "0755"
when: calico_apiserver_secret.rc != 0
- name: Calico | Copy ssl config for apiserver certs
copy:
src: openssl.conf
dest: /etc/calico/certs/openssl.conf
- mode: 0644
+ mode: "0644"
when: calico_apiserver_secret.rc != 0
- name: Calico | Generate apiserver certs
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index 6b293dcb0..7f895b555 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -13,14 +13,14 @@
copy:
src: "{{ downloads.calicoctl.dest }}"
dest: "{{ bin_dir }}/calicoctl"
- mode: 0755
+ mode: "0755"
remote_src: yes
- name: Calico | Create calico certs directory
file:
dest: "{{ calico_cert_dir }}"
state: directory
- mode: 0750
+ mode: "0750"
owner: root
group: root
when: calico_datastore == "etcd"
@@ -30,7 +30,7 @@
src: "{{ etcd_cert_dir }}/{{ item.s }}"
dest: "{{ calico_cert_dir }}/{{ item.d }}"
state: hard
- mode: 0640
+ mode: "0640"
force: yes
with_items:
- {s: "{{ kube_etcd_cacert_file }}", d: "ca_cert.crt"}
@@ -54,7 +54,7 @@
template:
src: "calicoctl.{{ calico_datastore }}.sh.j2"
dest: "{{ bin_dir }}/calicoctl.sh"
- mode: 0755
+ mode: "0755"
owner: root
group: root
@@ -142,7 +142,7 @@
assemble:
src: "{{ calico_kdd_path }}"
dest: "{{ kube_config_dir }}/kdd-crds.yml"
- mode: 0644
+ mode: "0644"
delimiter: "---\n"
regexp: ".*\\.yaml"
remote_src: true
@@ -372,7 +372,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico-config, file: calico-config.yml, type: cm}
- {name: calico-node, file: calico-node.yml, type: ds}
@@ -389,7 +389,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico, file: calico-typha.yml, type: typha}
register: calico_node_typha_manifest
@@ -416,7 +416,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico, file: calico-apiserver.yml, type: calico-apiserver}
register: calico_apiserver_manifest
@@ -469,7 +469,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: calico, file: calico-ipamconfig.yml, type: ipam}
when:
diff --git a/roles/network_plugin/calico/tasks/typha_certs.yml b/roles/network_plugin/calico/tasks/typha_certs.yml
index 5d3f27921..ad87f5a02 100644
--- a/roles/network_plugin/calico/tasks/typha_certs.yml
+++ b/roles/network_plugin/calico/tasks/typha_certs.yml
@@ -9,21 +9,22 @@
file:
path: /etc/calico/certs
state: directory
- mode: 0755
+ mode: "0755"
when: typha_server_secret.rc != 0
- name: Calico | Copy ssl script for typha certs
template:
src: make-ssl-calico.sh.j2
dest: "{{ bin_dir }}/make-ssl-typha.sh"
- mode: 0755
+ mode: "0755"
+
when: typha_server_secret.rc != 0
- name: Calico | Copy ssl config for typha certs
copy:
src: openssl.conf
dest: /etc/calico/certs/openssl.conf
- mode: 0644
+ mode: "0644"
when: typha_server_secret.rc != 0
- name: Calico | Generate typha certs
diff --git a/roles/network_plugin/cilium/tasks/install.yml b/roles/network_plugin/cilium/tasks/install.yml
index d531d7241..1039953a0 100644
--- a/roles/network_plugin/cilium/tasks/install.yml
+++ b/roles/network_plugin/cilium/tasks/install.yml
@@ -10,7 +10,7 @@
file:
dest: "{{ cilium_cert_dir }}"
state: directory
- mode: 0750
+ mode: "0750"
owner: root
group: root
when:
@@ -20,7 +20,7 @@
file:
src: "{{ etcd_cert_dir }}/{{ item.s }}"
dest: "{{ cilium_cert_dir }}/{{ item.d }}"
- mode: 0644
+ mode: "0644"
state: hard
force: yes
loop:
@@ -36,7 +36,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
when:
- inventory_hostname == groups['kube_control_plane'][0]
- cilium_hubble_install
@@ -45,7 +45,7 @@
template:
src: "{{ item.name }}/{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.name }}-{{ item.file }}"
- mode: 0644
+ mode: "0644"
loop:
- {name: cilium, file: config.yml, type: cm}
- {name: cilium-operator, file: crb.yml, type: clusterrolebinding}
@@ -66,7 +66,7 @@
template:
src: "{{ item.name }}/{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/addons/hubble/{{ item.name }}-{{ item.file }}"
- mode: 0644
+ mode: "0644"
loop:
- {name: hubble, file: config.yml, type: cm}
- {name: hubble, file: crb.yml, type: clusterrolebinding}
@@ -86,12 +86,12 @@
template:
src: 000-cilium-portmap.conflist.j2
dest: /etc/cni/net.d/000-cilium-portmap.conflist
- mode: 0644
+ mode: "0644"
when: cilium_enable_portmap
- name: Cilium | Copy Ciliumcli binary from download dir
copy:
src: "{{ local_release_dir }}/cilium"
dest: "{{ bin_dir }}/cilium"
- mode: 0755
+ mode: "0755"
remote_src: yes
diff --git a/roles/network_plugin/cni/tasks/main.yml b/roles/network_plugin/cni/tasks/main.yml
index bcab4efb9..8ac0dc53a 100644
--- a/roles/network_plugin/cni/tasks/main.yml
+++ b/roles/network_plugin/cni/tasks/main.yml
@@ -3,7 +3,7 @@
file:
path: /opt/cni/bin
state: directory
- mode: 0755
+ mode: "0755"
owner: "{{ cni_bin_owner }}"
recurse: true
@@ -11,6 +11,6 @@
unarchive:
src: "{{ downloads.cni.dest }}"
dest: "/opt/cni/bin"
- mode: 0755
+ mode: "0755"
owner: "{{ cni_bin_owner }}"
remote_src: yes
diff --git a/roles/network_plugin/custom_cni/tasks/main.yml b/roles/network_plugin/custom_cni/tasks/main.yml
index 8f5b4195f..a1397c828 100644
--- a/roles/network_plugin/custom_cni/tasks/main.yml
+++ b/roles/network_plugin/custom_cni/tasks/main.yml
@@ -12,7 +12,7 @@
template:
src: "{{ item }}"
dest: "{{ kube_config_dir }}/{{ item | basename | replace('.j2', '') }}"
- mode: 0644
+ mode: "0644"
loop: "{{ custom_cni_manifests }}"
delegate_to: "{{ groups['kube_control_plane'] | first }}"
run_once: true
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index 2fd82e938..94603fcf5 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -12,7 +12,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: flannel, file: cni-flannel-rbac.yml, type: sa}
- {name: kube-flannel, file: cni-flannel.yml, type: ds}
diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml
index 44850e544..8b962072b 100644
--- a/roles/network_plugin/kube-ovn/defaults/main.yml
+++ b/roles/network_plugin/kube-ovn/defaults/main.yml
@@ -115,4 +115,4 @@ kube_ovn_ls_dnat_mod_dl_dst: true
kube_ovn_keep_vm_ip: true
## cni config priority, default: 01
-kube_ovn_cni_config_priority: 01
+kube_ovn_cni_config_priority: '01'
diff --git a/roles/network_plugin/kube-ovn/tasks/main.yml b/roles/network_plugin/kube-ovn/tasks/main.yml
index ab45b6292..a8b942792 100644
--- a/roles/network_plugin/kube-ovn/tasks/main.yml
+++ b/roles/network_plugin/kube-ovn/tasks/main.yml
@@ -9,7 +9,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml}
- {name: ovn, file: cni-ovn.yml}
diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml
index b6367f074..d47a0d1e2 100644
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -9,13 +9,13 @@
state: directory
owner: "{{ kube_owner }}"
recurse: true
- mode: 0755
+ mode: "0755"
- name: Kube-router | Create kubeconfig
template:
src: kubeconfig.yml.j2
dest: /var/lib/kube-router/kubeconfig
- mode: 0644
+ mode: "0644"
owner: "{{ kube_owner }}"
notify:
- Reset_kube_router
@@ -43,7 +43,7 @@
template:
src: cni-conf.json.j2
dest: /etc/cni/net.d/10-kuberouter.conflist
- mode: 0644
+ mode: "0644"
owner: "{{ kube_owner }}"
notify:
- Reset_kube_router
@@ -57,6 +57,6 @@
template:
src: kube-router.yml.j2
dest: "{{ kube_config_dir }}/kube-router.yml"
- mode: 0644
+ mode: "0644"
delegate_to: "{{ groups['kube_control_plane'] | first }}"
run_once: true
diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml
index f7c302771..165030d59 100644
--- a/roles/network_plugin/macvlan/tasks/main.yml
+++ b/roles/network_plugin/macvlan/tasks/main.yml
@@ -23,7 +23,7 @@
template:
src: debian-network-macvlan.cfg.j2
dest: /etc/network/interfaces.d/60-mac0.cfg
- mode: 0644
+ mode: "0644"
notify: Macvlan | restart network
when: ansible_os_family in ["Debian"]
@@ -53,7 +53,7 @@
template:
src: "{{ item.src }}.j2"
dest: "/etc/sysconfig/network-scripts/{{ item.dst }}"
- mode: 0644
+ mode: "0644"
with_items:
- {src: centos-network-macvlan.cfg, dst: ifcfg-mac0 }
- {src: centos-routes-macvlan.cfg, dst: route-mac0 }
@@ -67,7 +67,7 @@
template:
src: coreos-service-nat_ouside.j2
dest: /etc/systemd/system/enable_nat_ouside.service
- mode: 0644
+ mode: "0644"
when: enable_nat_default_gateway
- name: Macvlan | Enable service nat via gateway on Flatcar Container Linux
@@ -81,7 +81,7 @@
template:
src: "{{ item.src }}.j2"
dest: "/etc/systemd/network/{{ item.dst }}"
- mode: 0644
+ mode: "0644"
with_items:
- {src: coreos-device-macvlan.cfg, dst: macvlan.netdev }
- {src: coreos-interface-macvlan.cfg, dst: output.network }
@@ -92,13 +92,13 @@
template:
src: 10-macvlan.conf.j2
dest: /etc/cni/net.d/10-macvlan.conf
- mode: 0644
+ mode: "0644"
- name: Macvlan | Install loopback definition for Macvlan
template:
src: 99-loopback.conf.j2
dest: /etc/cni/net.d/99-loopback.conf
- mode: 0644
+ mode: "0644"
- name: Enable net.ipv4.conf.all.arp_notify in sysctl
ansible.posix.sysctl:
diff --git a/roles/network_plugin/multus/tasks/main.yml b/roles/network_plugin/multus/tasks/main.yml
index 1428929cc..0869da7b5 100644
--- a/roles/network_plugin/multus/tasks/main.yml
+++ b/roles/network_plugin/multus/tasks/main.yml
@@ -3,7 +3,7 @@
copy:
src: "{{ item.file }}"
dest: "{{ kube_config_dir }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: multus-crd, file: multus-crd.yml, type: customresourcedefinition}
- {name: multus-serviceaccount, file: multus-serviceaccount.yml, type: serviceaccount}
@@ -20,7 +20,7 @@
template:
src: multus-daemonset.yml.j2
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: multus-daemonset-containerd, file: multus-daemonset-containerd.yml, type: daemonset, engine: containerd }
- {name: multus-daemonset-docker, file: multus-daemonset-docker.yml, type: daemonset, engine: docker }
diff --git a/roles/network_plugin/ovn4nfv/tasks/main.yml b/roles/network_plugin/ovn4nfv/tasks/main.yml
index 777fd9a2d..a16f3ec6f 100644
--- a/roles/network_plugin/ovn4nfv/tasks/main.yml
+++ b/roles/network_plugin/ovn4nfv/tasks/main.yml
@@ -9,7 +9,7 @@
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
- mode: 0644
+ mode: "0644"
with_items:
- {name: ovn-daemonset, file: ovn-daemonset.yml}
- {name: ovn4nfv-k8s-plugin, file: ovn4nfv-k8s-plugin.yml}
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index ae4a5a467..ccb431352 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -3,10 +3,10 @@
template:
src: weave-net.yml.j2
dest: "{{ kube_config_dir }}/weave-net.yml"
- mode: 0644
+ mode: "0644"
- name: Weave | Fix nodePort for Weave
template:
src: 10-weave.conflist.j2
dest: /etc/cni/net.d/10-weave.conflist
- mode: 0644
+ mode: "0644"
diff --git a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
index 388962875..32db5799e 100644
--- a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
+++ b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
@@ -13,7 +13,7 @@
copy:
src: "{{ etcd_snapshot }}"
dest: /tmp/snapshot.db
- mode: 0640
+ mode: "0640"
when: etcd_snapshot is defined
- name: Stop etcd
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 0f13f686b..9869cbc78 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -261,7 +261,7 @@
path: "{{ filedir_path }}"
state: touch
attributes: "-i"
- mode: 0644
+ mode: "0644"
loop: "{{ var_lib_kubelet_files_dirs_w_attrs.stdout_lines | select('search', 'Immutable') | list }}"
loop_control:
loop_var: file_dir_line
diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml
index 923a6a85c..0234c0733 100644
--- a/scripts/collect-info.yaml
+++ b/scripts/collect-info.yaml
@@ -140,7 +140,7 @@
path: "/tmp/{{ archive_dirname }}"
dest: "{{ dir | default('.') }}/logs.tar.gz"
remove: true
- mode: 0640
+ mode: "0640"
delegate_to: localhost
connection: local
become: false
diff --git a/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml b/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml
index 99c1c1c87..c54be15c6 100644
--- a/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml
+++ b/test-infra/image-builder/roles/kubevirt-images/tasks/main.yml
@@ -4,14 +4,14 @@
file:
state: directory
path: "{{ images_dir }}"
- mode: 0755
+ mode: "0755"
- name: Download images files
get_url:
url: "{{ item.value.url }}"
dest: "{{ images_dir }}/{{ item.value.filename }}"
checksum: "{{ item.value.checksum }}"
- mode: 0644
+ mode: "0644"
loop: "{{ images | dict2items }}"
- name: Unxz compressed images
@@ -41,7 +41,7 @@
template:
src: Dockerfile
dest: "{{ images_dir }}/Dockerfile"
- mode: 0644
+ mode: "0644"
- name: Create docker images for each OS
command: docker build -t {{ registry }}/vm-{{ item.key }}:{{ item.value.tag }} --build-arg cloud_image="{{ item.key }}.qcow2" {{ images_dir }}
diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
index 39b3d5c78..2a73b674d 100644
--- a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
+++ b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
@@ -10,7 +10,7 @@
file:
path: "/tmp/{{ test_name }}"
state: directory
- mode: 0755
+ mode: "0755"
- name: Template vm files for CI job
set_fact:
@@ -45,6 +45,6 @@
template:
src: "inventory.j2"
dest: "{{ inventory_path }}"
- mode: 0644
+ mode: "0644"
vars:
vms: "{{ vm_ips }}"
diff --git a/tests/testcases/100_check-k8s-conformance.yml b/tests/testcases/100_check-k8s-conformance.yml
index 0247793db..3c07ffe46 100644
--- a/tests/testcases/100_check-k8s-conformance.yml
+++ b/tests/testcases/100_check-k8s-conformance.yml
@@ -18,7 +18,7 @@
get_url:
url: "https://github.com/heptio/sonobuoy/releases/download/v{{ sonobuoy_version }}/sonobuoy_{{ sonobuoy_version }}_linux_{{ sonobuoy_arch }}.tar.gz"
dest: /tmp/sonobuoy.tar.gz
- mode: 0644
+ mode: "0644"
- name: Extract sonobuoy
unarchive:
diff --git a/tests/testcases/roles/cluster-dump/tasks/main.yml b/tests/testcases/roles/cluster-dump/tasks/main.yml
index c8a7e2eca..348dea7dd 100644
--- a/tests/testcases/roles/cluster-dump/tasks/main.yml
+++ b/tests/testcases/roles/cluster-dump/tasks/main.yml
@@ -8,7 +8,7 @@
community.general.archive:
path: /tmp/cluster-dump
dest: /tmp/cluster-dump.tgz
- mode: 0644
+ mode: "0644"
when: inventory_hostname in groups['kube_control_plane']
- name: Fetch dump file
--
GitLab