From dc6a17e0928fb9e23554c166a912c095c96f7845 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Mon, 29 Jan 2018 14:37:48 +0300
Subject: [PATCH] Use include/import tasks (#2192)
import_tasks will consume far less memory, so it should be
used whenever it is compatible.
---
roles/bootstrap-os/tasks/main.yml | 10 +++----
roles/docker/tasks/main.yml | 4 +--
roles/download/tasks/download_container.yml | 2 +-
roles/download/tasks/main.yml | 6 ++---
roles/etcd/handlers/main.yml | 2 +-
roles/etcd/tasks/configure.yml | 2 +-
roles/etcd/tasks/gen_certs_vault.yml | 8 +++---
roles/etcd/tasks/join_member.yml | 2 +-
roles/etcd/tasks/main.yml | 18 ++++++-------
roles/etcd/tasks/sync_etcd_master_certs.yml | 4 +--
roles/etcd/tasks/sync_etcd_node_certs.yml | 4 +--
roles/kubernetes-apps/ansible/tasks/main.yml | 4 +--
roles/kubernetes-apps/helm/tasks/main.yml | 2 +-
.../network_plugin/contiv/tasks/main.yml | 2 +-
.../kubernetes/master/tasks/kubeadm-setup.yml | 2 +-
roles/kubernetes/master/tasks/main.yml | 8 +++---
roles/kubernetes/node/tasks/install.yml | 2 +-
roles/kubernetes/node/tasks/main.yml | 8 +++---
roles/kubernetes/preinstall/tasks/main.yml | 16 ++++++------
.../kubernetes/preinstall/tasks/set_facts.yml | 2 +-
.../secrets/tasks/gen_certs_vault.yml | 12 ++++-----
roles/kubernetes/secrets/tasks/main.yml | 10 +++----
.../secrets/tasks/sync_kube_master_certs.yml | 6 ++---
.../secrets/tasks/sync_kube_node_certs.yml | 6 ++---
roles/network_plugin/flannel/tasks/main.yml | 4 +--
roles/network_plugin/weave/tasks/main.yml | 2 +-
roles/rkt/tasks/main.yml | 2 +-
roles/vault/tasks/bootstrap/create_mounts.yml | 2 +-
roles/vault/tasks/bootstrap/create_roles.yml | 2 +-
.../vault/tasks/bootstrap/gen_vault_certs.yml | 2 +-
roles/vault/tasks/bootstrap/main.yml | 26 +++++++++----------
.../vault/tasks/bootstrap/sync_etcd_certs.yml | 2 +-
roles/vault/tasks/bootstrap/sync_secrets.yml | 2 +-
.../tasks/bootstrap/sync_vault_certs.yml | 4 +--
roles/vault/tasks/cluster/create_mounts.yml | 2 +-
roles/vault/tasks/cluster/create_roles.yml | 2 +-
roles/vault/tasks/cluster/main.yml | 24 ++++++++---------
roles/vault/tasks/main.yml | 4 +--
roles/vault/tasks/shared/cert_auth_mount.yml | 2 +-
roles/vault/tasks/shared/create_mount.yml | 4 +--
roles/vault/tasks/shared/create_role.yml | 2 +-
roles/vault/tasks/shared/sync_auth_certs.yml | 2 +-
roles/vault/tasks/shared/sync_file.yml | 2 +-
43 files changed, 117 insertions(+), 117 deletions(-)
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index bb6937902..6f45fb073 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -1,17 +1,17 @@
---
-- include: bootstrap-ubuntu.yml
+- import_tasks: bootstrap-ubuntu.yml
when: bootstrap_os == "ubuntu"
-- include: bootstrap-debian.yml
+- import_tasks: bootstrap-debian.yml
when: bootstrap_os == "debian"
-- include: bootstrap-coreos.yml
+- import_tasks: bootstrap-coreos.yml
when: bootstrap_os == "coreos"
-- include: bootstrap-centos.yml
+- import_tasks: bootstrap-centos.yml
when: bootstrap_os == "centos"
-- include: setup-pipelining.yml
+- import_tasks: setup-pipelining.yml
- name: check if atomic host
stat:
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index e5ca6d165..1c95f819f 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -15,7 +15,7 @@
tags:
- facts
-- include: set_facts_dns.yml
+- include_tasks: set_facts_dns.yml
when: dns_mode != 'none' and resolvconf_mode == 'docker_dns'
tags:
- facts
@@ -88,7 +88,7 @@
installed_docker_version.stdout|version_compare('1.12', '<')
- name: Set docker systemd config
- include: systemd.yml
+ import_tasks: systemd.yml
- name: ensure docker service is started and enabled
service:
diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml
index 5766ab577..bbf7cec85 100644
--- a/roles/download/tasks/download_container.yml
+++ b/roles/download/tasks/download_container.yml
@@ -1,6 +1,6 @@
---
- name: container_download | Make download decision if pull is required by tag or sha256
- include: set_docker_image_facts.yml
+ include_tasks: set_docker_image_facts.yml
delegate_to: "{{ download_delegate if download_run_once or omit }}"
delegate_facts: no
run_once: "{{ download_run_once }}"
diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index cc891c0dd..c6e910e5d 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -1,10 +1,10 @@
---
-- include: download_prep.yml
+- include_tasks: download_prep.yml
when:
- not skip_downloads|default(false)
- name: "Download items"
- include: "download_{% if download.container %}container{% else %}file{% endif %}.yml"
+ include_tasks: "download_{% if download.container %}container{% else %}file{% endif %}.yml"
vars:
download: "{{ download_defaults | combine(item.value) }}"
with_dict: "{{ downloads }}"
@@ -13,7 +13,7 @@
- item.value.enabled
- name: "Sync container"
- include: sync_container.yml
+ include_tasks: sync_container.yml
vars:
download: "{{ download_defaults | combine(item.value) }}"
with_dict: "{{ downloads }}"
diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index aca8522f5..f6666ee94 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -7,7 +7,7 @@
- reload etcd
- wait for etcd up
-- include: backup.yml
+- import_tasks: backup.yml
- name: etcd | reload systemd
command: systemctl daemon-reload
diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml
index 02bc23172..7b5c90718 100644
--- a/roles/etcd/tasks/configure.yml
+++ b/roles/etcd/tasks/configure.yml
@@ -30,7 +30,7 @@
notify: restart etcd
- name: Configure | Join member(s) to cluster one at a time
- include: join_member.yml
+ include_tasks: join_member.yml
vars:
target_node: "{{ item }}"
loop_control:
diff --git a/roles/etcd/tasks/gen_certs_vault.yml b/roles/etcd/tasks/gen_certs_vault.yml
index fae397356..aa3274bd7 100644
--- a/roles/etcd/tasks/gen_certs_vault.yml
+++ b/roles/etcd/tasks/gen_certs_vault.yml
@@ -1,16 +1,16 @@
---
-- include: sync_etcd_master_certs.yml
+- include_tasks: sync_etcd_master_certs.yml
when: inventory_hostname in groups.etcd
tags:
- etcd-secrets
-- include: sync_etcd_node_certs.yml
+- include_tasks: sync_etcd_node_certs.yml
when: inventory_hostname in etcd_node_cert_hosts
tags:
- etcd-secrets
# Issue master certs to Etcd nodes
-- include: ../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "etcd:master:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}"
issue_cert_alt_names: "{{ groups['etcd'] + ['localhost'] + (etcd_cert_alt_names)|default() }}"
@@ -37,7 +37,7 @@
notify: set etcd_secret_changed
# Issue node certs to everyone else
-- include: ../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "etcd:node:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}"
issue_cert_alt_names: "{{ etcd_node_cert_hosts }}"
diff --git a/roles/etcd/tasks/join_member.yml b/roles/etcd/tasks/join_member.yml
index 60315203b..b7801f0c9 100644
--- a/roles/etcd/tasks/join_member.yml
+++ b/roles/etcd/tasks/join_member.yml
@@ -10,7 +10,7 @@
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
-- include: refresh_config.yml
+- include_tasks: refresh_config.yml
vars:
etcd_peer_addresses: >-
{% for host in groups['etcd'] -%}
diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 570947203..a8a9f23ad 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -1,15 +1,15 @@
---
-- include: check_certs.yml
+- include_tasks: check_certs.yml
when: cert_management == "script"
tags:
- etcd-secrets
- facts
-- include: "gen_certs_{{ cert_management }}.yml"
+- include_tasks: "gen_certs_{{ cert_management }}.yml"
tags:
- etcd-secrets
-- include: upd_ca_trust.yml
+- include_tasks: upd_ca_trust.yml
tags:
- etcd-secrets
@@ -24,18 +24,18 @@
etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout }}"
when: inventory_hostname in groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort
-- include: "install_{{ etcd_deployment_type }}.yml"
+- include_tasks: "install_{{ etcd_deployment_type }}.yml"
when: is_etcd_master
tags:
- upgrade
-- include: set_cluster_health.yml
+- import_tasks: set_cluster_health.yml
when: is_etcd_master and etcd_cluster_setup
-- include: configure.yml
+- import_tasks: configure.yml
when: is_etcd_master and etcd_cluster_setup
-- include: refresh_config.yml
+- import_tasks: refresh_config.yml
when: is_etcd_master and etcd_cluster_setup
- name: Restart etcd if certs changed
@@ -56,8 +56,8 @@
# After etcd cluster is assembled, make sure that
# initial state of the cluster is in `existing`
# state insted of `new`.
-- include: set_cluster_health.yml
+- import_tasks: set_cluster_health.yml
when: is_etcd_master and etcd_cluster_setup
-- include: refresh_config.yml
+- import_tasks: refresh_config.yml
when: is_etcd_master and etcd_cluster_setup
diff --git a/roles/etcd/tasks/sync_etcd_master_certs.yml b/roles/etcd/tasks/sync_etcd_master_certs.yml
index 2eaf1686d..b810ff775 100644
--- a/roles/etcd/tasks/sync_etcd_master_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_master_certs.yml
@@ -8,7 +8,7 @@
"member-" + inventory_hostname + ".pem"
] }}
-- include: ../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../vault/tasks/shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ etcd_cert_dir }}"
@@ -26,7 +26,7 @@
set_fact:
sync_file_results: []
-- include: ../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../vault/tasks/shared/sync_file.yml
vars:
sync_file: ca.pem
sync_file_dir: "{{ etcd_cert_dir }}"
diff --git a/roles/etcd/tasks/sync_etcd_node_certs.yml b/roles/etcd/tasks/sync_etcd_node_certs.yml
index 74fa9cd4a..3e075364f 100644
--- a/roles/etcd/tasks/sync_etcd_node_certs.yml
+++ b/roles/etcd/tasks/sync_etcd_node_certs.yml
@@ -4,7 +4,7 @@
set_fact:
etcd_node_cert_list: "{{ etcd_node_cert_list|default([]) + ['node-' + inventory_hostname + '.pem'] }}"
-- include: ../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../vault/tasks/shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ etcd_cert_dir }}"
@@ -22,7 +22,7 @@
set_fact:
sync_file_results: []
-- include: ../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../vault/tasks/shared/sync_file.yml
vars:
sync_file: ca.pem
sync_file_dir: "{{ etcd_cert_dir }}"
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 1b1853b17..a15d5d593 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -91,13 +91,13 @@
- dnsmasq
- name: Kubernetes Apps | Netchecker
- include: tasks/netchecker.yml
+ import_tasks: tasks/netchecker.yml
when: deploy_netchecker
tags:
- netchecker
- name: Kubernetes Apps | Dashboard
- include: tasks/dashboard.yml
+ import_tasks: tasks/dashboard.yml
when: dashboard_enabled
tags:
- dashboard
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index ac8c9ebf0..06e97aff2 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -3,7 +3,7 @@
file: path={{ helm_home_dir }} state=directory
- name: Helm | Set up helm launcher
- include: "install_{{ helm_deployment_type }}.yml"
+ include_tasks: "install_{{ helm_deployment_type }}.yml"
- name: Helm | Lay Down Helm Manifests (RBAC)
template:
diff --git a/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml b/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
index d9453e66f..330acc1cd 100644
--- a/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/contiv/tasks/main.yml
@@ -12,4 +12,4 @@
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
-- include: configure.yml
+- import_tasks: configure.yml
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 1405a9dd0..3fcd04715 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -168,5 +168,5 @@
when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum
- name: kubeadm | cleanup old certs if necessary
- include: kubeadm-cleanup-old-certs.yml
+ import_tasks: kubeadm-cleanup-old-certs.yml
when: old_apiserver_cert.stat.exists
diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml
index d81c2fce9..04ad307fd 100644
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- include: pre-upgrade.yml
+- import_tasks: pre-upgrade.yml
tags:
- k8s-pre-upgrade
@@ -9,7 +9,7 @@
kube_basic_auth: false
when: kubeadm_enabled|bool|default(false)
-- include: users-file.yml
+- import_tasks: users-file.yml
when: kube_basic_auth|default(true)
- name: Compare host kubectl with hyperkube container
@@ -56,9 +56,9 @@
- upgrade
- name: Include kubeadm setup if enabled
- include: kubeadm-setup.yml
+ import_tasks: kubeadm-setup.yml
when: kubeadm_enabled|bool|default(false)
- name: Include static pod setup if not using kubeadm
- include: static-pod-setup.yml
+ import_tasks: static-pod-setup.yml
when: not kubeadm_enabled|bool|default(false)
diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index 7f40e0d76..63a529ace 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -37,7 +37,7 @@
tags:
- kubeadm
-- include: "install_{{ kubelet_deployment_type }}.yml"
+- include_tasks: "install_{{ kubelet_deployment_type }}.yml"
- name: install | Write kubelet systemd init file
template:
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 100c38c46..10271de74 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -1,9 +1,9 @@
---
-- include: facts.yml
+- import_tasks: facts.yml
tags:
- facts
-- include: pre_upgrade.yml
+- import_tasks: pre_upgrade.yml
tags:
- kubelet
@@ -13,11 +13,11 @@
state: directory
mode: 0755
-- include: install.yml
+- import_tasks: install.yml
tags:
- kubelet
-- include: nginx-proxy.yml
+- import_tasks: nginx-proxy.yml
when: is_kube_master == false and loadbalancer_apiserver_localhost
tags:
- nginx
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 7b60851cc..0a01466ea 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- include: verify-settings.yml
+- import_tasks: verify-settings.yml
tags:
- asserts
@@ -19,7 +19,7 @@
tags:
- bootstrap-os
-- include: set_facts.yml
+- import_tasks: set_facts.yml
tags:
- facts
@@ -72,7 +72,7 @@
- cloud-provider
- facts
-- include: "{{ cloud_provider }}-credential-check.yml"
+- include_tasks: "{{ cloud_provider }}-credential-check.yml"
when:
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
@@ -99,7 +99,7 @@
- contiv
- bootstrap-os
-- include: resolvconf.yml
+- import_tasks: resolvconf.yml
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
@@ -276,12 +276,12 @@
tags:
- cloud-provider
-- include: etchosts.yml
+- import_tasks: etchosts.yml
tags:
- bootstrap-os
- etchosts
-- include: dhclient-hooks.yml
+- import_tasks: dhclient-hooks.yml
when:
- dns_mode != 'none'
- resolvconf_mode == 'host_resolvconf'
@@ -290,7 +290,7 @@
- bootstrap-os
- resolvconf
-- include: dhclient-hooks-undo.yml
+- import_tasks: dhclient-hooks-undo.yml
when:
- dns_mode != 'none'
- resolvconf_mode != 'host_resolvconf'
@@ -306,7 +306,7 @@
tags:
- bootstrap-os
-- include: growpart-azure-centos-7.yml
+- import_tasks: growpart-azure-centos-7.yml
when:
- azure_check.stat.exists
- ansible_distribution in ["CentOS","RedHat"]
diff --git a/roles/kubernetes/preinstall/tasks/set_facts.yml b/roles/kubernetes/preinstall/tasks/set_facts.yml
index b5311bac8..a945e715e 100644
--- a/roles/kubernetes/preinstall/tasks/set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/set_facts.yml
@@ -11,7 +11,7 @@
kube_cert_group: "kube"
when: is_atomic
-- include: set_resolv_facts.yml
+- import_tasks: set_resolv_facts.yml
tags:
- bootstrap-os
- resolvconf
diff --git a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
index f1719c55c..ca28b537f 100644
--- a/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_vault.yml
@@ -1,12 +1,12 @@
---
-- include: sync_kube_master_certs.yml
+- import_tasks: sync_kube_master_certs.yml
when: inventory_hostname in groups['kube-master']
-- include: sync_kube_node_certs.yml
+- import_tasks: sync_kube_node_certs.yml
when: inventory_hostname in groups['k8s-cluster']
# Issue admin certs to kube-master hosts
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "admin"
issue_cert_copy_ca: "{{ item == kube_admin_certs_needed|first }}"
@@ -37,7 +37,7 @@
run_once: true
# Issue master components certs to kube-master hosts
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "kubernetes"
issue_cert_alt_names: "{{ kube_cert_alt_names }}"
@@ -63,7 +63,7 @@
notify: set secret_changed
# Issue node certs to k8s-cluster nodes
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
vars:
# Need to strip out the 'node-' prefix from the cert name so it can be used
# with the node authorization plugin ( CN matches kubelet node name )
@@ -80,7 +80,7 @@
when: inventory_hostname in groups['k8s-cluster']
# Issue proxy certs to k8s-cluster nodes
-- include: ../../../vault/tasks/shared/issue_cert.yml
+- include_tasks: ../../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "system:kube-proxy"
issue_cert_copy_ca: "{{ item == kube_proxy_certs_needed|first }}"
diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml
index 79bea81f2..5d20a755a 100644
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -1,10 +1,10 @@
---
-- include: check-certs.yml
+- import_tasks: check-certs.yml
tags:
- k8s-secrets
- facts
-- include: check-tokens.yml
+- import_tasks: check-tokens.yml
tags:
- k8s-secrets
- facts
@@ -69,11 +69,11 @@
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
-- include: "gen_certs_{{ cert_management }}.yml"
+- include_tasks: "gen_certs_{{ cert_management }}.yml"
tags:
- k8s-secrets
-- include: upd_ca_trust.yml
+- import_tasks: upd_ca_trust.yml
tags:
- k8s-secrets
@@ -111,6 +111,6 @@
kube_proxy_cert_serial: "{{ node_certificate_serials.results[1].stdout|default() }}"
when: inventory_hostname in groups['k8s-cluster']
-- include: gen_tokens.yml
+- import_tasks: gen_tokens.yml
tags:
- k8s-secrets
diff --git a/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml
index 70edb0a80..d54bf2b67 100644
--- a/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml
+++ b/roles/kubernetes/secrets/tasks/sync_kube_master_certs.yml
@@ -4,7 +4,7 @@
set_fact:
kube_admin_cert_list: "{{ kube_admin_cert_list|d([]) + ['admin-' + inventory_hostname + '.pem'] }}"
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}"
@@ -24,7 +24,7 @@
set_fact:
sync_file_results: []
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}"
@@ -44,7 +44,7 @@
set_fact:
sync_file_results: []
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
vars:
sync_file: ca.pem
sync_file_dir: "{{ kube_cert_dir }}"
diff --git a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
index f89d1c612..eecb4cfdf 100644
--- a/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
+++ b/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml
@@ -4,7 +4,7 @@
set_fact:
kube_node_cert_list: "{{ kube_node_cert_list|default([]) + ['node-' + inventory_hostname + '.pem'] }}"
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}"
@@ -24,7 +24,7 @@
set_fact:
sync_file_results: []
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
vars:
sync_file: ca.pem
sync_file_dir: "{{ kube_cert_dir }}"
@@ -40,7 +40,7 @@
set_fact:
kube_proxy_cert_list: "{{ kube_proxy_cert_list|default([]) + ['kube-proxy-' + inventory_hostname + '.pem'] }}"
-- include: ../../../vault/tasks/shared/sync_file.yml
+- include_tasks: ../../../vault/tasks/shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ kube_cert_dir }}"
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index 77f3b2226..29b79b11d 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- include: pre-upgrade.yml
+- import_tasks: pre-upgrade.yml
- name: Flannel | Create Flannel manifests
template:
@@ -11,4 +11,4 @@
register: flannel_node_manifests
when:
- inventory_hostname in groups['kube-master']
- - rbac_enabled or item.type not in rbac_resources
\ No newline at end of file
+ - rbac_enabled or item.type not in rbac_resources
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index 30c209f8b..738dddd15 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -1,5 +1,5 @@
---
-- include: seed.yml
+- import_tasks: seed.yml
when: weave_mode_seed
- name: Weave | Copy cni plugins from hyperkube
diff --git a/roles/rkt/tasks/main.yml b/roles/rkt/tasks/main.yml
index 9d87123bb..ab9571b13 100644
--- a/roles/rkt/tasks/main.yml
+++ b/roles/rkt/tasks/main.yml
@@ -1,4 +1,4 @@
---
- name: Install rkt
- include: install.yml
+ import_tasks: install.yml
diff --git a/roles/vault/tasks/bootstrap/create_mounts.yml b/roles/vault/tasks/bootstrap/create_mounts.yml
index 0010c35c5..0c82990e6 100644
--- a/roles/vault/tasks/bootstrap/create_mounts.yml
+++ b/roles/vault/tasks/bootstrap/create_mounts.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/create_mount.yml
+- include_tasks: ../shared/create_mount.yml
vars:
create_mount_path: "{{ item.name }}"
create_mount_default_lease_ttl: "{{ item.default_lease_ttl }}"
diff --git a/roles/vault/tasks/bootstrap/create_roles.yml b/roles/vault/tasks/bootstrap/create_roles.yml
index 11411d236..8b252aaf5 100644
--- a/roles/vault/tasks/bootstrap/create_roles.yml
+++ b/roles/vault/tasks/bootstrap/create_roles.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/create_role.yml
+- include_tasks: ../shared/create_role.yml
vars:
create_role_name: "{{ item.name }}"
create_role_group: "{{ item.group }}"
diff --git a/roles/vault/tasks/bootstrap/gen_vault_certs.yml b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
index b13692855..f982986cb 100644
--- a/roles/vault/tasks/bootstrap/gen_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/gen_vault_certs.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/issue_cert.yml
+- import_tasks: ../shared/issue_cert.yml
vars:
issue_cert_common_name: "{{ vault_pki_mounts.vault.roles[0].name }}"
issue_cert_alt_names: "{{ groups['vault'] + ['localhost'] + (vault_ca_options['vault']['alt_names'].split(','))|default() }}"
diff --git a/roles/vault/tasks/bootstrap/main.yml b/roles/vault/tasks/bootstrap/main.yml
index b87954ca7..fdecbdd2a 100644
--- a/roles/vault/tasks/bootstrap/main.yml
+++ b/roles/vault/tasks/bootstrap/main.yml
@@ -1,20 +1,20 @@
---
-- include: ../shared/check_vault.yml
+- import_tasks: ../shared/check_vault.yml
when: inventory_hostname in groups.vault
-- include: sync_secrets.yml
+- import_tasks: sync_secrets.yml
when: inventory_hostname in groups.vault
-- include: ../shared/find_leader.yml
+- import_tasks: ../shared/find_leader.yml
when: inventory_hostname in groups.vault and vault_cluster_is_initialized
-- include: sync_vault_certs.yml
+- import_tasks: sync_vault_certs.yml
when: inventory_hostname in groups.vault
-- include: sync_etcd_certs.yml
+- import_tasks: sync_etcd_certs.yml
when: inventory_hostname in groups.etcd
-- include: start_vault_temp.yml
+- import_tasks: start_vault_temp.yml
when: inventory_hostname == groups.vault|first and not vault_cluster_is_initialized
- name: vault | Set fact about vault leader url
@@ -22,17 +22,17 @@
vault_leader_url: "{{ hostvars[groups.vault|first]['vault_leader_url'] }}"
when: not vault_cluster_is_initialized
-- include: create_mounts.yml
+- import_tasks: create_mounts.yml
when: inventory_hostname == groups.vault|first
-- include: ../shared/auth_backend.yml
+- include_tasks: ../shared/auth_backend.yml
vars:
auth_backend_description: A Username/Password Auth Backend primarily used for services needing to issue certificates
auth_backend_path: userpass
auth_backend_type: userpass
when: inventory_hostname == groups.vault|first
-- include: create_roles.yml
+- include_tasks: create_roles.yml
with_items:
- "{{ vault_pki_mounts.vault }}"
- "{{ vault_pki_mounts.etcd }}"
@@ -40,7 +40,7 @@
loop_var: mount
when: inventory_hostname in groups.vault
-- include: ../shared/gen_ca.yml
+- include_tasks: ../shared/gen_ca.yml
vars:
gen_ca_cert_dir: "{{ vault_pki_mounts.vault.cert_dir }}"
gen_ca_mount_path: "{{ vault_pki_mounts.vault.name }}"
@@ -51,7 +51,7 @@
and not vault_cluster_is_initialized
and vault_ca_cert_needed
-- include: ../shared/gen_ca.yml
+- include_tasks: ../shared/gen_ca.yml
vars:
gen_ca_cert_dir: "{{ vault_pki_mounts.etcd.cert_dir }}"
gen_ca_mount_path: "{{ vault_pki_mounts.etcd.name }}"
@@ -59,7 +59,7 @@
gen_ca_vault_options: "{{ vault_ca_options.etcd }}"
when: inventory_hostname in groups.etcd and vault_etcd_ca_cert_needed
-- include: gen_vault_certs.yml
+- import_tasks: gen_vault_certs.yml
when: inventory_hostname in groups.vault and vault_api_cert_needed
-- include: ca_trust.yml
+- import_tasks: ca_trust.yml
diff --git a/roles/vault/tasks/bootstrap/sync_etcd_certs.yml b/roles/vault/tasks/bootstrap/sync_etcd_certs.yml
index 599b3cd47..f29b65022 100644
--- a/roles/vault/tasks/bootstrap/sync_etcd_certs.yml
+++ b/roles/vault/tasks/bootstrap/sync_etcd_certs.yml
@@ -1,6 +1,6 @@
---
-- include: ../shared/sync_file.yml
+- include_tasks: ../shared/sync_file.yml
vars:
sync_file: "ca.pem"
sync_file_dir: "{{ vault_etcd_cert_dir }}"
diff --git a/roles/vault/tasks/bootstrap/sync_secrets.yml b/roles/vault/tasks/bootstrap/sync_secrets.yml
index 3b5af775a..cbbb581a7 100644
--- a/roles/vault/tasks/bootstrap/sync_secrets.yml
+++ b/roles/vault/tasks/bootstrap/sync_secrets.yml
@@ -1,6 +1,6 @@
---
-- include: ../shared/sync_file.yml
+- include_tasks: ../shared/sync_file.yml
vars:
sync_file: "{{ item }}"
sync_file_dir: "{{ vault_secrets_dir }}"
diff --git a/roles/vault/tasks/bootstrap/sync_vault_certs.yml b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
index 9e6eff05c..cb35ff66c 100644
--- a/roles/vault/tasks/bootstrap/sync_vault_certs.yml
+++ b/roles/vault/tasks/bootstrap/sync_vault_certs.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/sync_file.yml
+- include_tasks: ../shared/sync_file.yml
vars:
sync_file: "ca.pem"
sync_file_dir: "{{ vault_cert_dir }}"
@@ -14,7 +14,7 @@
set_fact:
sync_file_results: []
-- include: ../shared/sync_file.yml
+- include_tasks: ../shared/sync_file.yml
vars:
sync_file: "api.pem"
sync_file_dir: "{{ vault_cert_dir }}"
diff --git a/roles/vault/tasks/cluster/create_mounts.yml b/roles/vault/tasks/cluster/create_mounts.yml
index d64fa0bae..c6e075698 100644
--- a/roles/vault/tasks/cluster/create_mounts.yml
+++ b/roles/vault/tasks/cluster/create_mounts.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/create_mount.yml
+- include_tasks: ../shared/create_mount.yml
vars:
create_mount_path: "{{ item.name }}"
create_mount_default_lease_ttl: "{{ item.default_lease_ttl }}"
diff --git a/roles/vault/tasks/cluster/create_roles.yml b/roles/vault/tasks/cluster/create_roles.yml
index 468229fd4..7b9d0b4f7 100644
--- a/roles/vault/tasks/cluster/create_roles.yml
+++ b/roles/vault/tasks/cluster/create_roles.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/create_role.yml
+- include_tasks: ../shared/create_role.yml
vars:
create_role_name: "{{ item.name }}"
create_role_group: "{{ item.group }}"
diff --git a/roles/vault/tasks/cluster/main.yml b/roles/vault/tasks/cluster/main.yml
index 94af5e5dc..d904c2398 100644
--- a/roles/vault/tasks/cluster/main.yml
+++ b/roles/vault/tasks/cluster/main.yml
@@ -1,32 +1,32 @@
---
-- include: ../shared/check_vault.yml
+- import_tasks: ../shared/check_vault.yml
when: inventory_hostname in groups.vault
-- include: ../shared/check_etcd.yml
+- import_tasks: ../shared/check_etcd.yml
when: inventory_hostname in groups.vault
-- include: configure.yml
+- import_tasks: configure.yml
when: inventory_hostname in groups.vault
-- include: binary.yml
+- import_tasks: binary.yml
when: inventory_hostname in groups.vault and vault_deployment_type == "host"
-- include: systemd.yml
+- import_tasks: systemd.yml
when: inventory_hostname in groups.vault
-- include: init.yml
+- import_tasks: init.yml
when: inventory_hostname in groups.vault
-- include: unseal.yml
+- import_tasks: unseal.yml
when: inventory_hostname in groups.vault
-- include: ../shared/find_leader.yml
+- import_tasks: ../shared/find_leader.yml
when: inventory_hostname in groups.vault
-- include: create_mounts.yml
+- import_tasks: create_mounts.yml
when: inventory_hostname == groups.vault|first
-- include: ../shared/gen_ca.yml
+- include_tasks: ../shared/gen_ca.yml
vars:
gen_ca_cert_dir: "{{ vault_pki_mounts.kube.cert_dir }}"
gen_ca_mount_path: "{{ vault_pki_mounts.kube.name }}"
@@ -34,14 +34,14 @@
gen_ca_vault_options: "{{ vault_ca_options.kube }}"
when: inventory_hostname in groups.vault
-- include: ../shared/auth_backend.yml
+- include_tasks: ../shared/auth_backend.yml
vars:
auth_backend_description: A Username/Password Auth Backend primarily used for services needing to issue certificates
auth_backend_path: userpass
auth_backend_type: userpass
when: inventory_hostname == groups.vault|first
-- include: create_roles.yml
+- include_tasks: create_roles.yml
with_items:
- "{{ vault_pki_mounts.vault }}"
- "{{ vault_pki_mounts.etcd }}"
diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml
index 4aef875ce..7a10def8a 100644
--- a/roles/vault/tasks/main.yml
+++ b/roles/vault/tasks/main.yml
@@ -11,9 +11,9 @@
# used during step 1, allowing all certs to have the same chain of trust.
## Bootstrap
-- include: bootstrap/main.yml
+- include_tasks: bootstrap/main.yml
when: cert_management == 'vault' and vault_bootstrap | d()
## Cluster
-- include: cluster/main.yml
+- include_tasks: cluster/main.yml
when: cert_management == 'vault' and not vault_bootstrap | d()
diff --git a/roles/vault/tasks/shared/cert_auth_mount.yml b/roles/vault/tasks/shared/cert_auth_mount.yml
index 6ba303d3b..d9af9c310 100644
--- a/roles/vault/tasks/shared/cert_auth_mount.yml
+++ b/roles/vault/tasks/shared/cert_auth_mount.yml
@@ -1,6 +1,6 @@
---
-- include: ../shared/pki_mount.yml
+- include_tasks: ../shared/pki_mount.yml
vars:
pki_mount_path: auth-pki
pki_mount_options:
diff --git a/roles/vault/tasks/shared/create_mount.yml b/roles/vault/tasks/shared/create_mount.yml
index 0b12dce24..43e772ac0 100644
--- a/roles/vault/tasks/shared/create_mount.yml
+++ b/roles/vault/tasks/shared/create_mount.yml
@@ -1,5 +1,5 @@
---
-- include: ../shared/pki_mount.yml
+- include_tasks: ../shared/pki_mount.yml
vars:
pki_mount_path: "{{ create_mount_path }}"
pki_mount_options:
@@ -8,7 +8,7 @@
max_lease_ttl: "{{ create_mount_max_lease_ttl }}"
description: "{{ create_mount_description }}"
-- include: ../shared/config_ca.yml
+- include_tasks: ../shared/config_ca.yml
vars:
config_ca_ca_pem: "{{ create_mount_cert_dir }}/ca.pem"
config_ca_ca_key: "{{ create_mount_cert_dir }}/ca-key.pem"
diff --git a/roles/vault/tasks/shared/create_role.yml b/roles/vault/tasks/shared/create_role.yml
index d76e73f13..4d1915a54 100644
--- a/roles/vault/tasks/shared/create_role.yml
+++ b/roles/vault/tasks/shared/create_role.yml
@@ -40,7 +40,7 @@
## Userpass based auth method
-- include: gen_userpass.yml
+- include_tasks: gen_userpass.yml
vars:
gen_userpass_password: "{{ create_role_password }}"
gen_userpass_policies: "{{ create_role_name }}"
diff --git a/roles/vault/tasks/shared/sync_auth_certs.yml b/roles/vault/tasks/shared/sync_auth_certs.yml
index 7bd9c4b49..8cae81588 100644
--- a/roles/vault/tasks/shared/sync_auth_certs.yml
+++ b/roles/vault/tasks/shared/sync_auth_certs.yml
@@ -1,6 +1,6 @@
---
-- include: sync_file.yml
+- include_tasks: sync_file.yml
vars:
sync_file: "auth-ca.pem"
sync_file_dir: "{{ vault_cert_dir }}"
diff --git a/roles/vault/tasks/shared/sync_file.yml b/roles/vault/tasks/shared/sync_file.yml
index 8a112a84a..2abef1c5a 100644
--- a/roles/vault/tasks/shared/sync_file.yml
+++ b/roles/vault/tasks/shared/sync_file.yml
@@ -80,7 +80,7 @@
set_fact:
sync_file_results: "{{ sync_file_results|default([]) + [sync_file_result] }}"
-- include: sync.yml
+- include_tasks: sync.yml
when: not (sync_file_no_srcs or sync_file_unneeded)
- name: "Unset local vars to avoid variable bleed into next iteration"
--
GitLab