From ddef7e1139a5560c597e1b9f176a09d9f95f77ff Mon Sep 17 00:00:00 2001
From: Tom Janson <priv.tom.janson@gmail.com>
Date: Wed, 2 Mar 2022 18:29:14 +0100
Subject: [PATCH] missing "check_mode: no"s for several read-only tasks (#8584)

this is not complete -- there are almost certainly more instances of
this issue
---
 roles/etcd/tasks/main.yml                   | 1 +
 roles/kubernetes/node/tasks/facts.yml       | 1 +
 roles/kubernetes/node/tasks/main.yml        | 2 ++
 roles/kubernetes/node/tasks/pre_upgrade.yml | 1 +
 roles/network_plugin/calico/tasks/check.yml | 1 +
 5 files changed, 6 insertions(+)

diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml
index 98890e238..7256927e1 100644
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -19,6 +19,7 @@
   command: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial"
   register: "etcd_client_cert_serial_result"
   changed_when: false
+  check_mode: no
   when:
     - inventory_hostname in groups['k8s_cluster']|union(groups['calico_rr']|default([]))|unique|sort
   tags:
diff --git a/roles/kubernetes/node/tasks/facts.yml b/roles/kubernetes/node/tasks/facts.yml
index d4bd428f5..32c01805c 100644
--- a/roles/kubernetes/node/tasks/facts.yml
+++ b/roles/kubernetes/node/tasks/facts.yml
@@ -4,6 +4,7 @@
     shell: "docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
     register: docker_cgroup_driver_result
     changed_when: false
+    check_mode: no
 
   - name: set kubelet_cgroup_driver_detected fact for docker
     set_fact:
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index a342d9400..29042b680 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -52,6 +52,7 @@
   register: modinfo_br_netfilter
   failed_when: modinfo_br_netfilter.rc not in [0, 1]
   changed_when: false
+  check_mode: no
 
 - name: Verify br_netfilter module path exists
   file:
@@ -77,6 +78,7 @@
   command: "sysctl net.bridge.bridge-nf-call-iptables"
   failed_when: false
   changed_when: false
+  check_mode: no
   register: sysctl_bridge_nf_call_iptables
 
 - name: Enable bridge-nf-call tables
diff --git a/roles/kubernetes/node/tasks/pre_upgrade.yml b/roles/kubernetes/node/tasks/pre_upgrade.yml
index 72100373e..d9c2d07ef 100644
--- a/roles/kubernetes/node/tasks/pre_upgrade.yml
+++ b/roles/kubernetes/node/tasks/pre_upgrade.yml
@@ -11,6 +11,7 @@
     executable: /bin/bash
   failed_when: false
   changed_when: false
+  check_mode: no
   register: kubelet_container_check
 
 - name: "Pre-upgrade | copy /var/lib/cni from kubelet"
diff --git a/roles/network_plugin/calico/tasks/check.yml b/roles/network_plugin/calico/tasks/check.yml
index 4134944be..974910a41 100644
--- a/roles/network_plugin/calico/tasks/check.yml
+++ b/roles/network_plugin/calico/tasks/check.yml
@@ -41,6 +41,7 @@
   command: calicoctl.sh get ipPool {{ calico_pool_name }} -o json
   failed_when: False
   changed_when: False
+  check_mode: no
   register: calico
   run_once: True
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
-- 
GitLab