Use connection: local when delegate_to: localhost (#6322)

This will avoid SSH connection on the local host
This commit is contained in:
bozzo 2020-06-25 17:14:38 +02:00 committed by GitHub
parent a6a6e843af
commit 276c450759
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 19 additions and 0 deletions

View file

@ -3,6 +3,7 @@
set_fact: set_fact:
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}" bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
delegate_to: localhost delegate_to: localhost
connection: local
# As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly # As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
# To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user # To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user
@ -13,6 +14,7 @@
- name: create ssh bastion conf - name: create ssh bastion conf
become: false become: false
delegate_to: localhost delegate_to: localhost
connection: local
template: template:
src: ssh-bastion.conf src: ssh-bastion.conf
dest: "{{ playbook_dir }}/ssh-bastion.conf" dest: "{{ playbook_dir }}/ssh-bastion.conf"

View file

@ -25,6 +25,7 @@
stat: stat:
path: "{{ image_path_cached }}" path: "{{ image_path_cached }}"
delegate_to: localhost delegate_to: localhost
connection: local
delegate_facts: no delegate_facts: no
register: cache_image register: cache_image
changed_when: false changed_when: false

View file

@ -25,6 +25,7 @@
state: directory state: directory
recurse: yes recurse: yes
delegate_to: localhost delegate_to: localhost
connection: local
delegate_facts: false delegate_facts: false
run_once: true run_once: true
become: false become: false

View file

@ -20,6 +20,7 @@
- name: prep_download | On localhost, check if passwordless root is possible - name: prep_download | On localhost, check if passwordless root is possible
command: "true" command: "true"
delegate_to: localhost delegate_to: localhost
connection: local
run_once: true run_once: true
register: test_become register: test_become
changed_when: false changed_when: false
@ -34,6 +35,7 @@
- name: prep_download | On localhost, check if user has access to docker without using sudo - name: prep_download | On localhost, check if user has access to docker without using sudo
shell: "{{ image_info_command_on_localhost }}" shell: "{{ image_info_command_on_localhost }}"
delegate_to: localhost delegate_to: localhost
connection: local
run_once: true run_once: true
register: test_docker register: test_docker
changed_when: false changed_when: false
@ -92,6 +94,7 @@
recurse: yes recurse: yes
mode: 0755 mode: 0755
delegate_to: localhost delegate_to: localhost
connection: local
delegate_facts: no delegate_facts: no
run_once: true run_once: true
become: false become: false

View file

@ -36,6 +36,7 @@
mode: "0750" mode: "0750"
state: directory state: directory
delegate_to: localhost delegate_to: localhost
connection: local
become: no become: no
run_once: yes run_once: yes
when: kubeconfig_localhost when: kubeconfig_localhost
@ -88,6 +89,7 @@
dest: "{{ artifacts_dir }}/admin.conf" dest: "{{ artifacts_dir }}/admin.conf"
mode: 0640 mode: 0640
delegate_to: localhost delegate_to: localhost
connection: local
become: no become: no
run_once: yes run_once: yes
when: kubeconfig_localhost when: kubeconfig_localhost
@ -112,4 +114,5 @@
become: no become: no
run_once: yes run_once: yes
delegate_to: localhost delegate_to: localhost
connection: local
when: kubectl_localhost and kubeconfig_localhost when: kubectl_localhost and kubeconfig_localhost

View file

@ -3,6 +3,7 @@
stat: stat:
path: "{{ inventory_dir }}/../credentials" path: "{{ inventory_dir }}/../credentials"
delegate_to: localhost delegate_to: localhost
connection: local
register: old_credential_dir register: old_credential_dir
become: no become: no
@ -10,6 +11,7 @@
stat: stat:
path: "{{ inventory_dir }}/credentials" path: "{{ inventory_dir }}/credentials"
delegate_to: localhost delegate_to: localhost
connection: local
register: new_credential_dir register: new_credential_dir
become: no become: no
when: old_credential_dir.stat.exists when: old_credential_dir.stat.exists
@ -19,6 +21,7 @@
args: args:
creates: "{{ inventory_dir }}/credentials" creates: "{{ inventory_dir }}/credentials"
delegate_to: localhost delegate_to: localhost
connection: local
become: no become: no
when: when:
- old_credential_dir.stat.exists - old_credential_dir.stat.exists

View file

@ -9,6 +9,7 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
delegate_to: localhost delegate_to: localhost
connection: local
delegate_facts: yes delegate_facts: yes
run_once: yes run_once: yes

View file

@ -21,6 +21,7 @@
{{ item }}: "{{ found.get('address', '127.0.0.1') }}" {{ item }}: "{{ found.get('address', '127.0.0.1') }}"
{% endfor %} {% endfor %}
delegate_to: localhost delegate_to: localhost
connection: local
delegate_facts: yes delegate_facts: yes
become: no become: no
run_once: yes run_once: yes

View file

@ -7,4 +7,5 @@
gather_subset: '!all,network' gather_subset: '!all,network'
filter: "ansible_default_ipv4" filter: "ansible_default_ipv4"
delegate_to: "{{ delegate_host_to_gather_facts }}" delegate_to: "{{ delegate_host_to_gather_facts }}"
connection: "{{ (delegate_host_to_gather_facts == 'localhost') | ternary('local', omit) }}"
delegate_facts: yes delegate_facts: yes

View file

@ -19,6 +19,7 @@
{%- endif -%} {%- endif -%}
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }} 127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
delegate_to: localhost delegate_to: localhost
connection: local
delegate_facts: yes delegate_facts: yes
become: no become: no
run_once: yes run_once: yes

View file

@ -133,6 +133,7 @@
dest: "{{ dir|default('.') }}/logs.tar.gz" dest: "{{ dir|default('.') }}/logs.tar.gz"
remove: true remove: true
delegate_to: localhost delegate_to: localhost
connection: local
become: false become: false
run_once: true run_once: true

View file

@ -15,3 +15,4 @@
region: "{{ ansible_ec2_placement_region }}" region: "{{ ansible_ec2_placement_region }}"
wait: True wait: True
delegate_to: localhost delegate_to: localhost
connection: local