diff --git a/roles/container-engine/docker/tasks/set_facts_dns.yml b/roles/container-engine/docker/tasks/set_facts_dns.yml index 5af3d64d5..136e9f5fa 100644 --- a/roles/container-engine/docker/tasks/set_facts_dns.yml +++ b/roles/container-engine/docker/tasks/set_facts_dns.yml @@ -17,14 +17,20 @@ set_fact: docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains|default([]) }}" -- name: check system nameservers # noqa 306 - shell: grep "^nameserver" /etc/resolv.conf | sed -r 's/^nameserver\s*([^#\s]+)\s*(#.*)?/\1/' +- name: check system nameservers + shell: set -o pipefail && grep "^nameserver" /etc/resolv.conf | sed -r 's/^nameserver\s*([^#\s]+)\s*(#.*)?/\1/' + args: + executable: /bin/bash changed_when: False register: system_nameservers check_mode: no -- name: check system search domains # noqa 306 +- name: check system search domains + # noqa 306 - if resolf.conf has no search domain, grep will exit 1 which would force us to add failed_when: false + # Therefore -o pipefail is not applicable in this specific instance shell: grep "^search" /etc/resolv.conf | sed -r 's/^search\s*([^#]+)\s*(#.*)?/\1/' + args: + executable: /bin/bash changed_when: False register: system_search_domains check_mode: no diff --git a/roles/container-engine/docker/tasks/systemd.yml b/roles/container-engine/docker/tasks/systemd.yml index 3304ee3f5..24d039c29 100644 --- a/roles/container-engine/docker/tasks/systemd.yml +++ b/roles/container-engine/docker/tasks/systemd.yml @@ -11,9 +11,11 @@ notify: restart docker when: http_proxy is defined or https_proxy is defined -- name: get systemd version # noqa 306 +- name: get systemd version # noqa 303 - systemctl is called intentionally here - shell: systemctl --version | head -n 1 | cut -d " " -f 2 + shell: set -o pipefail && systemctl --version | head -n 1 | cut -d " " -f 2 + args: + executable: /bin/bash register: systemd_version when: not is_ostree changed_when: false diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml index c97c19e0b..1aa228d40 100644 --- a/roles/download/tasks/prep_kubeadm_images.yml +++ b/roles/download/tasks/prep_kubeadm_images.yml @@ -30,8 +30,10 @@ mode: "0755" state: file -- name: prep_kubeadm_images | Generate list of required images # noqa 306 - shell: "{{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -v coredns" +- name: prep_kubeadm_images | Generate list of required images + shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -v coredns" + args: + executable: /bin/bash register: kubeadm_images_raw run_once: true changed_when: false diff --git a/roles/kubernetes-apps/helm/tasks/gen_helm_tiller_certs.yml b/roles/kubernetes-apps/helm/tasks/gen_helm_tiller_certs.yml index 4a3ebff4d..f7b18f152 100644 --- a/roles/kubernetes-apps/helm/tasks/gen_helm_tiller_certs.yml +++ b/roles/kubernetes-apps/helm/tasks/gen_helm_tiller_certs.yml @@ -57,9 +57,9 @@ with_items: - "{{ helm_client_certs }}" -- name: Gen_helm_tiller_certs | Gather helm client certs # noqa 306 +- name: Gen_helm_tiller_certs | Gather helm client certs # noqa 303 - tar is called intentionally here, but maybe this should be done with the slurp module - shell: "tar cfz - -C {{ helm_home_dir }} {{ helm_client_certs|join(' ') }} | base64 --wrap=0" + shell: "set -o pipefail && tar cfz - -C {{ helm_home_dir }} {{ helm_client_certs|join(' ') }} | base64 --wrap=0" args: executable: /bin/bash no_log: true @@ -85,8 +85,10 @@ mode: "0600" when: sync_helm_certs|default(false) and inventory_hostname != groups['kube-master'][0] -- name: Gen_helm_tiller_certs | Unpack helm certs on masters # noqa 306 - shell: "base64 -d < {{ helm_cert_tempfile.path }} | tar xz -C {{ helm_home_dir }}" +- name: Gen_helm_tiller_certs | Unpack helm certs on + shell: "set -o pipefail && base64 -d < {{ helm_cert_tempfile.path }} | tar xz -C {{ helm_home_dir }}" + args: + executable: /bin/bash no_log: true changed_when: false check_mode: no diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml index 5887ce3c8..d838fb60f 100644 --- a/roles/kubernetes-apps/helm/tasks/main.yml +++ b/roles/kubernetes-apps/helm/tasks/main.yml @@ -52,8 +52,9 @@ - helm_version is version('v3.0.0', '<') # FIXME: https://github.com/helm/helm/issues/6374 -- name: Helm | Install/upgrade helm # noqa 306 +- name: Helm | Install/upgrade helm shell: > + set -o pipefail && {{ bin_dir }}/helm init --tiller-namespace={{ tiller_namespace }} {% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} @@ -70,6 +71,8 @@ --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | {{ bin_dir }}/kubectl apply -f - + args: + executable: /bin/bash register: install_helm when: - inventory_hostname == groups['kube-master'][0] @@ -78,8 +81,9 @@ environment: "{{ proxy_env }}" # FIXME: https://github.com/helm/helm/issues/4063 -- name: Helm | Force apply tiller overrides if necessary # noqa 306 +- name: Helm | Force apply tiller overrides if necessary shell: > + set -o pipefail && {{ bin_dir }}/helm init --upgrade --tiller-image={{ tiller_image_repo }}:{{ tiller_image_tag }} --tiller-namespace={{ tiller_namespace }} {% if helm_skip_refresh %} --skip-refresh{% endif %} {% if helm_stable_repo_url is defined %} --stable-repo-url {{ helm_stable_repo_url }}{% endif %} @@ -95,6 +99,8 @@ --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | {{ bin_dir }}/kubectl apply -f - + args: + executable: /bin/bash changed_when: false when: - inventory_hostname == groups['kube-master'][0] diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index bbc76eebe..6d1d815ff 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -46,8 +46,10 @@ daemon_reload: true when: services_removed.changed or docker_dropins_removed.changed -- name: reset | remove all containers # noqa 306 - shell: "{{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv" +- name: reset | remove all containers + shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -aq | xargs -r docker rm -fv" + args: + executable: /bin/bash register: remove_all_containers retries: 4 until: remove_all_containers.rc == 0 @@ -64,8 +66,10 @@ tags: - docker -- name: reset | stop all cri containers # noqa 306 - shell: "crictl ps -aq | xargs -r crictl -t 60s stop" +- name: reset | stop all cri containers + shell: "set -o pipefail && crictl ps -aq | xargs -r crictl -t 60s stop" + args: + executable: /bin/bash register: remove_all_cri_containers retries: 5 until: remove_all_cri_containers.rc == 0 @@ -75,8 +79,10 @@ - containerd when: container_manager in ["crio", "containerd"] -- name: reset | remove all cri containers # noqa 306 - shell: "crictl ps -aq | xargs -r crictl -t 60s rm" +- name: reset | remove all cri containers + shell: "set -o pipefail && crictl ps -aq | xargs -r crictl -t 60s rm" + args: + executable: /bin/bash register: remove_all_cri_containers retries: 5 until: remove_all_cri_containers.rc == 0 @@ -86,8 +92,10 @@ - containerd when: container_manager in ["crio", "containerd"] and deploy_container_engine|default(true) -- name: reset | stop all cri pods # noqa 306 - shell: "crictl pods -q | xargs -r crictl -t 60s stopp" +- name: reset | stop all cri pods + shell: "set -o pipefail && crictl pods -q | xargs -r crictl -t 60s stopp" + args: + executable: /bin/bash register: remove_all_cri_containers retries: 5 until: remove_all_cri_containers.rc == 0 @@ -97,8 +105,10 @@ - containerd when: container_manager in ["crio", "containerd"] -- name: reset | remove all cri pods # noqa 306 - shell: "crictl pods -q | xargs -r crictl -t 60s rmp" +- name: reset | remove all cri pods + shell: "set -o pipefail && crictl pods -q | xargs -r crictl -t 60s rmp" + args: + executable: /bin/bash register: remove_all_cri_containers retries: 5 until: remove_all_cri_containers.rc == 0 @@ -130,9 +140,10 @@ tags: - services -- name: reset | gather mounted kubelet dirs # noqa 306 301 - shell: mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac +- name: reset | gather mounted kubelet dirs # noqa 301 + shell: set -o pipefail && mount | grep /var/lib/kubelet/ | awk '{print $3}' | tac args: + executable: /bin/bash warn: false check_mode: no register: mounted_dirs