From 0d55ed3600a0ac9cee38eb1bc67b152b459c70a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Grill?= Date: Mon, 6 Nov 2017 14:51:07 +0100 Subject: [PATCH] Avoid that some read-only tasks cause an ansible-change (#1910) --- roles/bootstrap-os/tasks/bootstrap-coreos.yml | 1 + roles/bootstrap-os/tasks/bootstrap-debian.yml | 1 + roles/bootstrap-os/tasks/bootstrap-ubuntu.yml | 1 + roles/kubernetes-apps/rotate_tokens/tasks/main.yml | 2 ++ roles/kubernetes/secrets/tasks/main.yml | 2 ++ 5 files changed, 7 insertions(+) diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml index fc290cef0..428065eba 100644 --- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml @@ -3,6 +3,7 @@ raw: stat /opt/bin/.bootstrapped register: need_bootstrap failed_when: false + changed_when: false tags: - facts diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml index 31b64265e..959ad0e03 100644 --- a/roles/bootstrap-os/tasks/bootstrap-debian.yml +++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml @@ -5,6 +5,7 @@ raw: which "{{ item }}" register: need_bootstrap failed_when: false + changed_when: false with_items: - python - pip diff --git a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml index 07d66f682..37c327f6c 100644 --- a/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml +++ b/roles/bootstrap-os/tasks/bootstrap-ubuntu.yml @@ -5,6 +5,7 @@ raw: which "{{ item }}" register: need_bootstrap failed_when: false + changed_when: false with_items: - python - pip diff --git a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml index 842358177..23b63ee8a 100644 --- a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml +++ b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml @@ -2,10 +2,12 @@ - name: Rotate Tokens | Get default token name shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token" register: default_token + changed_when: false - name: Rotate Tokens | Get default token data command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson" register: default_token_data + changed_when: false run_once: true - name: Rotate Tokens | Test if default certificate is expired diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml index 55403ed16..79bea81f2 100644 --- a/roles/kubernetes/secrets/tasks/main.yml +++ b/roles/kubernetes/secrets/tasks/main.yml @@ -80,6 +80,7 @@ - name: "Gen_certs | Get certificate serials on kube masters" shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2" register: "master_certificate_serials" + changed_when: false with_items: - "admin-{{ inventory_hostname }}.pem" - "apiserver.pem" @@ -98,6 +99,7 @@ - name: "Gen_certs | Get certificate serials on kube nodes" shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2" register: "node_certificate_serials" + changed_when: false with_items: - "node-{{ inventory_hostname }}.pem" - "kube-proxy-{{ inventory_hostname }}.pem"