Use connection: local when delegate_to: localhost (#6322)
This will avoid SSH connection on the local host
This commit is contained in:
bozzo
GitHub
parent
a6a6e843af
commit
276c450759
12 changed files with 19 additions and 0 deletions
|
|
@ -3,6 +3,7 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
|
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
|
|
||||||
# As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
|
# As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
|
||||||
# To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user
|
# To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user
|
||||||
|
|
@ -13,6 +14,7 @@
|
||||||
- name: create ssh bastion conf
|
- name: create ssh bastion conf
|
||||||
become: false
|
become: false
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
template:
|
template:
|
||||||
src: ssh-bastion.conf
|
src: ssh-bastion.conf
|
||||||
dest: "{{ playbook_dir }}/ssh-bastion.conf"
|
dest: "{{ playbook_dir }}/ssh-bastion.conf"
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@
|
||||||
stat:
|
stat:
|
||||||
path: "{{ image_path_cached }}"
|
path: "{{ image_path_cached }}"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
delegate_facts: no
|
delegate_facts: no
|
||||||
register: cache_image
|
register: cache_image
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@
|
||||||
state: directory
|
state: directory
|
||||||
recurse: yes
|
recurse: yes
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
delegate_facts: false
|
delegate_facts: false
|
||||||
run_once: true
|
run_once: true
|
||||||
become: false
|
become: false
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@
|
||||||
- name: prep_download | On localhost, check if passwordless root is possible
|
- name: prep_download | On localhost, check if passwordless root is possible
|
||||||
command: "true"
|
command: "true"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
run_once: true
|
run_once: true
|
||||||
register: test_become
|
register: test_become
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
@ -34,6 +35,7 @@
|
||||||
- name: prep_download | On localhost, check if user has access to docker without using sudo
|
- name: prep_download | On localhost, check if user has access to docker without using sudo
|
||||||
shell: "{{ image_info_command_on_localhost }}"
|
shell: "{{ image_info_command_on_localhost }}"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
run_once: true
|
run_once: true
|
||||||
register: test_docker
|
register: test_docker
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
@ -92,6 +94,7 @@
|
||||||
recurse: yes
|
recurse: yes
|
||||||
mode: 0755
|
mode: 0755
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
delegate_facts: no
|
delegate_facts: no
|
||||||
run_once: true
|
run_once: true
|
||||||
become: false
|
become: false
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,7 @@
|
||||||
mode: "0750"
|
mode: "0750"
|
||||||
state: directory
|
state: directory
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
become: no
|
become: no
|
||||||
run_once: yes
|
run_once: yes
|
||||||
when: kubeconfig_localhost
|
when: kubeconfig_localhost
|
||||||
|
|
@ -88,6 +89,7 @@
|
||||||
dest: "{{ artifacts_dir }}/admin.conf"
|
dest: "{{ artifacts_dir }}/admin.conf"
|
||||||
mode: 0640
|
mode: 0640
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
become: no
|
become: no
|
||||||
run_once: yes
|
run_once: yes
|
||||||
when: kubeconfig_localhost
|
when: kubeconfig_localhost
|
||||||
|
|
@ -112,4 +114,5 @@
|
||||||
become: no
|
become: no
|
||||||
run_once: yes
|
run_once: yes
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
when: kubectl_localhost and kubeconfig_localhost
|
when: kubectl_localhost and kubeconfig_localhost
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
stat:
|
stat:
|
||||||
path: "{{ inventory_dir }}/../credentials"
|
path: "{{ inventory_dir }}/../credentials"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
register: old_credential_dir
|
register: old_credential_dir
|
||||||
become: no
|
become: no
|
||||||
|
|
||||||
|
|
@ -10,6 +11,7 @@
|
||||||
stat:
|
stat:
|
||||||
path: "{{ inventory_dir }}/credentials"
|
path: "{{ inventory_dir }}/credentials"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
register: new_credential_dir
|
register: new_credential_dir
|
||||||
become: no
|
become: no
|
||||||
when: old_credential_dir.stat.exists
|
when: old_credential_dir.stat.exists
|
||||||
|
|
@ -19,6 +21,7 @@
|
||||||
args:
|
args:
|
||||||
creates: "{{ inventory_dir }}/credentials"
|
creates: "{{ inventory_dir }}/credentials"
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
become: no
|
become: no
|
||||||
when:
|
when:
|
||||||
- old_credential_dir.stat.exists
|
- old_credential_dir.stat.exists
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
delegate_facts: yes
|
delegate_facts: yes
|
||||||
run_once: yes
|
run_once: yes
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@
|
||||||
{{ item }}: "{{ found.get('address', '127.0.0.1') }}"
|
{{ item }}: "{{ found.get('address', '127.0.0.1') }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
delegate_facts: yes
|
delegate_facts: yes
|
||||||
become: no
|
become: no
|
||||||
run_once: yes
|
run_once: yes
|
||||||
|
|
|
||||||
|
|
@ -7,4 +7,5 @@
|
||||||
gather_subset: '!all,network'
|
gather_subset: '!all,network'
|
||||||
filter: "ansible_default_ipv4"
|
filter: "ansible_default_ipv4"
|
||||||
delegate_to: "{{ delegate_host_to_gather_facts }}"
|
delegate_to: "{{ delegate_host_to_gather_facts }}"
|
||||||
|
connection: "{{ (delegate_host_to_gather_facts == 'localhost') | ternary('local', omit) }}"
|
||||||
delegate_facts: yes
|
delegate_facts: yes
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
|
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
delegate_facts: yes
|
delegate_facts: yes
|
||||||
become: no
|
become: no
|
||||||
run_once: yes
|
run_once: yes
|
||||||
|
|
|
||||||
|
|
@ -133,6 +133,7 @@
|
||||||
dest: "{{ dir|default('.') }}/logs.tar.gz"
|
dest: "{{ dir|default('.') }}/logs.tar.gz"
|
||||||
remove: true
|
remove: true
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
become: false
|
become: false
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,3 +15,4 @@
|
||||||
region: "{{ ansible_ec2_placement_region }}"
|
region: "{{ ansible_ec2_placement_region }}"
|
||||||
wait: True
|
wait: True
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
connection: local
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue