fix ansible password authentication (#6907)

* copying ssh key no longer required, works with password auth * use copy module instead of synchronize (which requires sshpass) * less tasks and always changed tasks
2020-12-01 00:12:50 +01:00 · 2020-12-01 00:12:50 +01:00 · 80eb1ad936
parent cc5303e1c8
commit 80eb1ad936
6 changed files with 18 additions and 66 deletions
--- a/README.md
+++ b/README.md
@ -148,7 +148,6 @@ Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/p
 - **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands**
 - The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md))
 - The target servers are configured to allow **IPv4 forwarding**.
- **Your ssh key must be copied** to all the servers part of your inventory.
 - The **firewalls are not managed**, you'll need to implement your own rules the way you used to.
    in order to avoid any issue during deployment you should disable your firewall.
 - If kubespray is ran from non-root user account, correct privilege escalation method
--- a/roles/container-engine/containerd/tasks/crictl.yml
+++ b/roles/container-engine/containerd/tasks/crictl.yml
@ -12,14 +12,11 @@
    mode: 0644

 - name: Copy crictl binary from download dir
-  synchronize:
+  copy:
    src: "{{ local_release_dir }}/crictl"
    dest: "{{ bin_dir }}/crictl"
-    compress: no
-    perms: yes
-    owner: no
-    group: no
-  delegate_to: "{{ inventory_hostname }}"
+    mode: 0755
+    remote_src: true

 - name: Get crictl completion
  command: "{{ bin_dir }}/crictl completion"
--- a/roles/container-engine/cri-o/tasks/crictl.yml
+++ b/roles/container-engine/cri-o/tasks/crictl.yml
@ -12,14 +12,11 @@
    mode: 0644

 - name: Copy crictl binary from download dir
-  synchronize:
+  copy:
    src: "{{ local_release_dir }}/crictl"
    dest: "{{ bin_dir }}/crictl"
-    compress: no
-    perms: yes
-    owner: no
-    group: no
-  delegate_to: "{{ inventory_hostname }}"
+    mode: 0755
+    remote_src: true

 - name: Get crictl completion
  command: "{{ bin_dir }}/crictl completion"
--- a/roles/download/tasks/prep_kubeadm_images.yml
+++ b/roles/download/tasks/prep_kubeadm_images.yml
@ -22,14 +22,11 @@
    - not skip_kubeadm_images|default(false)

 - name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path
-  synchronize:
+  copy:
    src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
    dest: "{{ bin_dir }}/kubeadm"
-    compress: no
-    perms: yes
-    owner: no
-    group: no
-  delegate_to: "{{ inventory_hostname }}"
+    mode: 0755
+    remote_src: true

 - name: prep_kubeadm_images | Set kubeadm binary permissions
  file:
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@ -20,24 +20,11 @@
    - kube_encrypt_secret_data

 - name: Install | Copy kubectl binary from download dir
-  synchronize:
+  copy:
    src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}"
    dest: "{{ bin_dir }}/kubectl"
-    compress: no
-    perms: yes
-    owner: no
-    group: no
-  changed_when: false
-  delegate_to: "{{ inventory_hostname }}"
-  tags:
-    - kubectl
-    - upgrade
-
- name: install | Set kubectl binary permissions
-  file:
-    path: "{{ bin_dir }}/kubectl"
-    mode: "0755"
-    state: file
+    mode: 0755
+    remote_src: true
  tags:
    - kubectl
    - upgrade
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@ -1,51 +1,26 @@
 ---
 - name: install | Copy kubeadm binary from download dir
-  synchronize:
+  copy:
    src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}"
    dest: "{{ bin_dir }}/kubeadm"
-    compress: no
-    perms: yes
-    owner: no
-    group: no
-  delegate_to: "{{ inventory_hostname }}"
-  tags:
-    - kubeadm
-  when:
-    - not inventory_hostname in groups['kube-master']
-
- name: install | Set kubeadm binary permissions
-  file:
-    path: "{{ bin_dir }}/kubeadm"
-    mode: "0755"
-    state: file
+    mode: 0755
+    remote_src: true
  tags:
    - kubeadm
  when:
    - not inventory_hostname in groups['kube-master']

 - name: install | Copy kubelet binary from download dir
-  synchronize:
+  copy:
    src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}"
    dest: "{{ bin_dir }}/kubelet"
-    compress: no
-    perms: yes
-    owner: no
-    group: no
-  delegate_to: "{{ inventory_hostname }}"
+    mode: 0755
+    remote_src: true
  tags:
    - kubelet
    - upgrade
  notify: Node | restart kubelet

- name: install | Set kubelet binary permissions
-  file:
-    path: "{{ bin_dir }}/kubelet"
-    mode: "0755"
-    state: file
-  tags:
-    - kubelet
-    - upgrade
-
 - name: install | Copy socat wrapper for Container Linux
  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}"
  args: