Avoid that some read-only tasks cause an ansible-change (#1910)
This commit is contained in:
parent
ad0cd6939a
commit
0d55ed3600
5 changed files with 7 additions and 0 deletions
|
@ -3,6 +3,7 @@
|
||||||
raw: stat /opt/bin/.bootstrapped
|
raw: stat /opt/bin/.bootstrapped
|
||||||
register: need_bootstrap
|
register: need_bootstrap
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
tags:
|
tags:
|
||||||
- facts
|
- facts
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
raw: which "{{ item }}"
|
raw: which "{{ item }}"
|
||||||
register: need_bootstrap
|
register: need_bootstrap
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
with_items:
|
with_items:
|
||||||
- python
|
- python
|
||||||
- pip
|
- pip
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
raw: which "{{ item }}"
|
raw: which "{{ item }}"
|
||||||
register: need_bootstrap
|
register: need_bootstrap
|
||||||
failed_when: false
|
failed_when: false
|
||||||
|
changed_when: false
|
||||||
with_items:
|
with_items:
|
||||||
- python
|
- python
|
||||||
- pip
|
- pip
|
||||||
|
|
|
@ -2,10 +2,12 @@
|
||||||
- name: Rotate Tokens | Get default token name
|
- name: Rotate Tokens | Get default token name
|
||||||
shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
|
shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
|
||||||
register: default_token
|
register: default_token
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
- name: Rotate Tokens | Get default token data
|
- name: Rotate Tokens | Get default token data
|
||||||
command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson"
|
command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson"
|
||||||
register: default_token_data
|
register: default_token_data
|
||||||
|
changed_when: false
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Rotate Tokens | Test if default certificate is expired
|
- name: Rotate Tokens | Test if default certificate is expired
|
||||||
|
|
|
@ -80,6 +80,7 @@
|
||||||
- name: "Gen_certs | Get certificate serials on kube masters"
|
- name: "Gen_certs | Get certificate serials on kube masters"
|
||||||
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
|
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
|
||||||
register: "master_certificate_serials"
|
register: "master_certificate_serials"
|
||||||
|
changed_when: false
|
||||||
with_items:
|
with_items:
|
||||||
- "admin-{{ inventory_hostname }}.pem"
|
- "admin-{{ inventory_hostname }}.pem"
|
||||||
- "apiserver.pem"
|
- "apiserver.pem"
|
||||||
|
@ -98,6 +99,7 @@
|
||||||
- name: "Gen_certs | Get certificate serials on kube nodes"
|
- name: "Gen_certs | Get certificate serials on kube nodes"
|
||||||
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
|
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
|
||||||
register: "node_certificate_serials"
|
register: "node_certificate_serials"
|
||||||
|
changed_when: false
|
||||||
with_items:
|
with_items:
|
||||||
- "node-{{ inventory_hostname }}.pem"
|
- "node-{{ inventory_hostname }}.pem"
|
||||||
- "kube-proxy-{{ inventory_hostname }}.pem"
|
- "kube-proxy-{{ inventory_hostname }}.pem"
|
||||||
|
|
Loading…
Reference in a new issue