From 80eb1ad936ee743f4209fa767ece3e8530d08786 Mon Sep 17 00:00:00 2001 From: Hans Feldt <2808287+hafe@users.noreply.github.com> Date: Tue, 1 Dec 2020 00:12:50 +0100 Subject: [PATCH] fix ansible password authentication (#6907) * copying ssh key no longer required, works with password auth * use copy module instead of synchronize (which requires sshpass) * less tasks and always changed tasks --- README.md | 1 - .../containerd/tasks/crictl.yml | 9 ++--- roles/container-engine/cri-o/tasks/crictl.yml | 9 ++--- roles/download/tasks/prep_kubeadm_images.yml | 9 ++--- roles/kubernetes/master/tasks/main.yml | 19 ++-------- roles/kubernetes/node/tasks/install.yml | 37 +++---------------- 6 files changed, 18 insertions(+), 66 deletions(-) diff --git a/README.md b/README.md index 22a01cf85..48396880c 100644 --- a/README.md +++ b/README.md @@ -148,7 +148,6 @@ Note: The list of validated [docker versions](https://kubernetes.io/docs/setup/p - **Ansible v2.9+, Jinja 2.11+ and python-netaddr is installed on the machine that will run Ansible commands** - The target servers must have **access to the Internet** in order to pull docker images. Otherwise, additional configuration is required (See [Offline Environment](docs/offline-environment.md)) - The target servers are configured to allow **IPv4 forwarding**. -- **Your ssh key must be copied** to all the servers part of your inventory. - The **firewalls are not managed**, you'll need to implement your own rules the way you used to. in order to avoid any issue during deployment you should disable your firewall. - If kubespray is ran from non-root user account, correct privilege escalation method diff --git a/roles/container-engine/containerd/tasks/crictl.yml b/roles/container-engine/containerd/tasks/crictl.yml index 848095166..3a9c074e6 100644 --- a/roles/container-engine/containerd/tasks/crictl.yml +++ b/roles/container-engine/containerd/tasks/crictl.yml @@ -12,14 +12,11 @@ mode: 0644 - name: Copy crictl binary from download dir - synchronize: + copy: src: "{{ local_release_dir }}/crictl" dest: "{{ bin_dir }}/crictl" - compress: no - perms: yes - owner: no - group: no - delegate_to: "{{ inventory_hostname }}" + mode: 0755 + remote_src: true - name: Get crictl completion command: "{{ bin_dir }}/crictl completion" diff --git a/roles/container-engine/cri-o/tasks/crictl.yml b/roles/container-engine/cri-o/tasks/crictl.yml index 574957457..d7cc1e665 100644 --- a/roles/container-engine/cri-o/tasks/crictl.yml +++ b/roles/container-engine/cri-o/tasks/crictl.yml @@ -12,14 +12,11 @@ mode: 0644 - name: Copy crictl binary from download dir - synchronize: + copy: src: "{{ local_release_dir }}/crictl" dest: "{{ bin_dir }}/crictl" - compress: no - perms: yes - owner: no - group: no - delegate_to: "{{ inventory_hostname }}" + mode: 0755 + remote_src: true - name: Get crictl completion command: "{{ bin_dir }}/crictl completion" diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml index 35b251466..fa829e8f0 100644 --- a/roles/download/tasks/prep_kubeadm_images.yml +++ b/roles/download/tasks/prep_kubeadm_images.yml @@ -22,14 +22,11 @@ - not skip_kubeadm_images|default(false) - name: prep_kubeadm_images | Copy kubeadm binary from download dir to system path - synchronize: + copy: src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}" dest: "{{ bin_dir }}/kubeadm" - compress: no - perms: yes - owner: no - group: no - delegate_to: "{{ inventory_hostname }}" + mode: 0755 + remote_src: true - name: prep_kubeadm_images | Set kubeadm binary permissions file: diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index 9eb0a56dd..a85dddfb9 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -20,24 +20,11 @@ - kube_encrypt_secret_data - name: Install | Copy kubectl binary from download dir - synchronize: + copy: src: "{{ local_release_dir }}/kubectl-{{ kube_version }}-{{ image_arch }}" dest: "{{ bin_dir }}/kubectl" - compress: no - perms: yes - owner: no - group: no - changed_when: false - delegate_to: "{{ inventory_hostname }}" - tags: - - kubectl - - upgrade - -- name: install | Set kubectl binary permissions - file: - path: "{{ bin_dir }}/kubectl" - mode: "0755" - state: file + mode: 0755 + remote_src: true tags: - kubectl - upgrade diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml index 339c43df3..dd2099672 100644 --- a/roles/kubernetes/node/tasks/install.yml +++ b/roles/kubernetes/node/tasks/install.yml @@ -1,51 +1,26 @@ --- - name: install | Copy kubeadm binary from download dir - synchronize: + copy: src: "{{ local_release_dir }}/kubeadm-{{ kubeadm_version }}-{{ image_arch }}" dest: "{{ bin_dir }}/kubeadm" - compress: no - perms: yes - owner: no - group: no - delegate_to: "{{ inventory_hostname }}" - tags: - - kubeadm - when: - - not inventory_hostname in groups['kube-master'] - -- name: install | Set kubeadm binary permissions - file: - path: "{{ bin_dir }}/kubeadm" - mode: "0755" - state: file + mode: 0755 + remote_src: true tags: - kubeadm when: - not inventory_hostname in groups['kube-master'] - name: install | Copy kubelet binary from download dir - synchronize: + copy: src: "{{ local_release_dir }}/kubelet-{{ kube_version }}-{{ image_arch }}" dest: "{{ bin_dir }}/kubelet" - compress: no - perms: yes - owner: no - group: no - delegate_to: "{{ inventory_hostname }}" + mode: 0755 + remote_src: true tags: - kubelet - upgrade notify: Node | restart kubelet -- name: install | Set kubelet binary permissions - file: - path: "{{ bin_dir }}/kubelet" - mode: "0755" - state: file - tags: - - kubelet - - upgrade - - name: install | Copy socat wrapper for Container Linux command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/opt/bin {{ install_socat_image_repo }}:{{ install_socat_image_tag }}" args: