Avoid that some read-only tasks cause an ansible-change (#1910)

This commit is contained in:
Günther Grill 2017-11-06 14:51:07 +01:00 committed by Matthew Mosesohn
parent ad0cd6939a
commit 0d55ed3600
5 changed files with 7 additions and 0 deletions

View file

@ -3,6 +3,7 @@
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
failed_when: false
changed_when: false
tags:
- facts

View file

@ -5,6 +5,7 @@
raw: which "{{ item }}"
register: need_bootstrap
failed_when: false
changed_when: false
with_items:
- python
- pip

View file

@ -5,6 +5,7 @@
raw: which "{{ item }}"
register: need_bootstrap
failed_when: false
changed_when: false
with_items:
- python
- pip

View file

@ -2,10 +2,12 @@
- name: Rotate Tokens | Get default token name
shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
register: default_token
changed_when: false
- name: Rotate Tokens | Get default token data
command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson"
register: default_token_data
changed_when: false
run_once: true
- name: Rotate Tokens | Test if default certificate is expired

View file

@ -80,6 +80,7 @@
- name: "Gen_certs | Get certificate serials on kube masters"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
register: "master_certificate_serials"
changed_when: false
with_items:
- "admin-{{ inventory_hostname }}.pem"
- "apiserver.pem"
@ -98,6 +99,7 @@
- name: "Gen_certs | Get certificate serials on kube nodes"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
register: "node_certificate_serials"
changed_when: false
with_items:
- "node-{{ inventory_hostname }}.pem"
- "kube-proxy-{{ inventory_hostname }}.pem"