Only use stat get_checksum: yes when needed (#7270)

By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>

roles/bootstrap-os/tasks/bootstrap-centos.yml

@@ -69,6 +69,9 @@
 - name: Check presence of fastestmirror.conf
   stat:
     path: /etc/yum/pluginconf.d/fastestmirror.conf
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: fastestmirror
 
 # the fastestmirror plugin can actually slow down Ansible deployments

roles/bootstrap-os/tasks/bootstrap-opensuse.yml

@@ -4,6 +4,9 @@
 - name: Check that /etc/sysconfig/proxy file exists
   stat:
     path: /etc/sysconfig/proxy
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: stat_result
 
 - name: Create the /etc/sysconfig/proxy empty file

roles/bootstrap-os/tasks/bootstrap-redhat.yml

@@ -85,6 +85,9 @@
 - name: Check presence of fastestmirror.conf
   stat:
     path: /etc/yum/pluginconf.d/fastestmirror.conf
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: fastestmirror
 
 # the fastestmirror plugin can actually slow down Ansible deployments

roles/container-engine/containerd/tasks/main.yml

@@ -2,6 +2,9 @@
 - name: check if fedora coreos
   stat:
     path: /run/ostree-booted
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: ostree
 
 - name: set is_ostree

roles/container-engine/cri-o/tasks/main.yaml

@@ -2,6 +2,9 @@
 - name: check if fedora coreos
   stat:
     path: /run/ostree-booted
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: ostree
 
 - name: set is_ostree
@@ -94,6 +97,9 @@
 - name: Check if already installed
   stat:
     path: "/bin/crio"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: need_bootstrap_crio
   when: is_ostree
 

roles/container-engine/crun/tasks/main.yml

@@ -9,6 +9,9 @@
 - name: Check if binary exists
   stat:
     path: "{{ crun_bin_dir }}/crun"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: crun_stat
 
 # TODO: use download_file.yml

roles/container-engine/docker/tasks/main.yml

@@ -2,6 +2,9 @@
 - name: check if fedora coreos
   stat:
     path: /run/ostree-booted
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: ostree
 
 - name: set is_ostree

roles/download/tasks/download_container.yml

@@ -24,6 +24,9 @@
     - name: download_container | Determine if image is in cache
       stat:
         path: "{{ image_path_cached }}"
+        get_attributes: no
+        get_checksum: no
+        get_mime: no
       delegate_to: localhost
       connection: local
       delegate_facts: no

roles/etcd/handlers/backup.yml

@@ -29,6 +29,9 @@
 - name: Stat etcd v2 data directory
   stat:
     path: "{{ etcd_data_dir }}/member"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: etcd_data_dir_member
 
 - name: Backup etcd v2 data

roles/etcd/tasks/check_certs.yml

@@ -17,6 +17,9 @@
 - name: "Check certs | Register ca and etcd admin/member certs on etcd hosts"
   stat:
     path: "{{ etcd_cert_dir }}/{{ item }}"
+    get_attributes: no
+    get_checksum: yes
+    get_mime: no
   register: etcd_member_certs
   when: inventory_hostname in groups['etcd']
   with_items:

roles/etcdctl/tasks/main.yml

@@ -9,6 +9,9 @@
 - name: Check if etcdctl exist
   stat:
     path: "{{ bin_dir }}/etcdctl"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: stat_etcdctl
 
 - block:
@@ -28,6 +31,9 @@
 - name: Check if etcdctl still exist after version check
   stat:
     path: "{{ bin_dir }}/etcdctl"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: stat_etcdctl
 
 - block:

roles/kubernetes-apps/helm/tasks/main.yml

@@ -17,6 +17,9 @@
 - name: Check if bash_completion.d folder exists  # noqa 503
   stat:
     path: "/etc/bash_completion.d/"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: stat_result
 
 - name: Get helm completion

roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml

@@ -2,6 +2,9 @@
 - name: Check if secret for encrypting data at rest already exist
   stat:
     path: "{{ kube_cert_dir }}/secrets_encryption.yaml"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: secrets_encryption_file
 
 - name: Slurp secrets_encryption file if it exists

roles/kubernetes/control-plane/tasks/kubeadm-setup.yml

@@ -2,6 +2,9 @@
 - name: kubeadm | Check if old apiserver cert exists on host
   stat:
     path: "{{ kube_cert_dir }}/apiserver.pem"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: old_apiserver_cert
   delegate_to: "{{ groups['kube-master'] | first }}"
   run_once: true
@@ -24,12 +27,18 @@
 - name: kubeadm | Check serviceaccount key
   stat:
     path: "{{ kube_cert_dir }}/sa.key"
+    get_attributes: no
+    get_checksum: yes
+    get_mime: no
   register: sa_key_before
   run_once: true
 
 - name: kubeadm | Check if kubeadm has already run
   stat:
     path: "/var/lib/kubelet/config.yaml"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kubeadm_already_run
 
 - name: kubeadm | Delete old admin.conf
@@ -211,6 +220,9 @@
 - name: kubeadm | Check serviceaccount key again
   stat:
     path: "{{ kube_cert_dir }}/sa.key"
+    get_attributes: no
+    get_checksum: yes
+    get_mime: no
   register: sa_key_after
   run_once: true
 

roles/kubernetes/kubeadm/tasks/main.yml

@@ -13,11 +13,17 @@
 - name: Check if kubelet.conf exists
   stat:
     path: "{{ kube_config_dir }}/kubelet.conf"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kubelet_conf
 
 - name: Check if kubeadm CA cert is accessible
   stat:
     path: "{{ kube_cert_dir }}/ca.crt"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kubeadm_ca_stat
   delegate_to: "{{ groups['kube-master'][0] }}"
   run_once: true

roles/kubernetes/node/tasks/loadbalancer/haproxy.yml

@@ -22,6 +22,9 @@
 - name: haproxy | Get checksum from config
   stat:
     path: "{{ haproxy_config_dir }}/haproxy.cfg"
+    get_attributes: no
+    get_checksum: yes
+    get_mime: no
   register: haproxy_stat
 
 - name: haproxy | Write static pod

roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml

@@ -22,6 +22,9 @@
 - name: nginx-proxy | Get checksum from config
   stat:
     path: "{{ nginx_config_dir }}/nginx.conf"
+    get_attributes: no
+    get_checksum: yes
+    get_mime: no
   register: nginx_stat
 
 - name: nginx-proxy | Write static pod

roles/kubernetes/preinstall/handlers/main.yml

@@ -50,13 +50,21 @@
 
 # FIXME(mattymo): Also restart for kubeadm mode
 - name: Preinstall | kube-apiserver configured
-  stat: path="{{ kube_manifest_dir }}/kube-apiserver.manifest"
+  stat:
+    path: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kube_apiserver_set
   when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
 
 # FIXME(mattymo): Also restart for kubeadm mode
 - name: Preinstall | kube-controller configured
-  stat: path="{{ kube_manifest_dir }}/kube-controller-manager.manifest"
+  stat:
+    path: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kube_controller_set
   when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
 

roles/kubernetes/preinstall/tasks/0040-set_facts.yml

@@ -9,6 +9,9 @@
 - name: check if booted with ostree
   stat:
     path: /run/ostree-booted
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: ostree
 
 - name: set is_fedora_coreos
@@ -59,6 +62,9 @@
 - name: check if kubelet is configured
   stat:
     path: "{{ kube_config_dir }}/kubelet.env"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kubelet_configured
   changed_when: false
 
@@ -84,6 +90,9 @@
 - name: check if /etc/dhclient.conf exists
   stat:
     path: /etc/dhclient.conf
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: dhclient_stat
 
 - name: target dhclient conf file for /etc/dhclient.conf
@@ -94,6 +103,9 @@
 - name: check if /etc/dhcp/dhclient.conf exists
   stat:
     path: /etc/dhcp/dhclient.conf
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: dhcp_dhclient_stat
 
 - name: target dhclient conf file for /etc/dhcp/dhclient.conf
@@ -170,6 +182,9 @@
 - name: check /usr readonly
   stat:
     path: "/usr"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: usr
 
 - name: set alternate flexvolume path

roles/kubernetes/preinstall/tasks/0050-create_directories.yml

@@ -46,6 +46,9 @@
 - name: Check if kubernetes kubeadm compat cert dir exists
   stat:
     path: "{{ kube_cert_compat_dir }}"
+    get_attributes: no
+    get_checksum: no
+    get_mime: no
   register: kube_cert_compat_dir_check
   when:
     - inventory_hostname in groups['k8s-cluster']