Idempotency fixes (#1838)

2017-10-25 21:19:40 +01:00 · 2017-10-25 21:19:40 +01:00 · 86fb669fd3
parent 7123956ecd
commit 86fb669fd3
9 changed files with 25 additions and 8 deletions
--- a/library/kube.py
+++ b/library/kube.py
@ -288,8 +288,6 @@ def main():
    else:
        module.fail_json(msg='Unrecognized state %s.' % state)

-    if result:
-        changed = True
    module.exit_json(changed=changed,
                     msg='success: %s' % (' '.join(result))
                     )
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@ -16,6 +16,7 @@
 - name: "Gen_certs | Get etcd certificate serials"
  shell: "openssl x509 -in {{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem -noout -serial | cut -d= -f2"
  register: "etcd_client_cert_serial_result"
+  changed_when: false
  when: inventory_hostname in groups['k8s-cluster']|union(groups['etcd'])|union(groups['calico-rr']|default([]))|unique|sort

 - name: Set etcd_client_cert_serial
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@ -11,6 +11,7 @@
  shell: "{{ bin_dir }}/kubectl -n {{ system_namespace }} get rs calico-policy-controller -o=jsonpath='{$.spec.template.spec.containers[:1].image}' | cut -d':' -f2"
  register: existing_calico_policy_version
  run_once: true
+  changed_when: false
  failed_when: false

 # FIXME(mattymo): This should not be necessary
--- a/roles/kubernetes/master/tasks/main.yml
+++ b/roles/kubernetes/master/tasks/main.yml
@ -12,10 +12,24 @@
 - include: users-file.yml
  when: kube_basic_auth|default(true)

+- name: Compare host kubectl with hyperkube container
+  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/cmp /hyperkube /systembindir/kubectl"
+  register: kubectl_task_compare_result
+  until: kubectl_task_compare_result.rc in [0,1,2]
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+  failed_when: "kubectl_task_compare_result.rc not in [0,1,2]"
+  tags:
+    - hyperkube
+    - kubectl
+    - upgrade
+
 - name: Copy kubectl from hyperkube container
  command: "{{ docker_bin_dir }}/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
-  register: kube_task_result
-  until: kube_task_result.rc == 0
+  when: kubectl_task_compare_result.rc != 0
+  register: kubectl_task_result
+  until: kubectl_task_result.rc == 0
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  changed_when: false
@ -26,7 +40,7 @@

 - name: Install kubectl bash completion
  shell: "{{ bin_dir }}/kubectl completion bash >/etc/bash_completion.d/kubectl.sh"
-  when: ansible_os_family in ["Debian","RedHat"]
+  when: kubectl_task_compare_result.rc != 0 and ansible_os_family in ["Debian","RedHat"]
  tags:
    - kubectl

--- a/roles/kubernetes/master/tasks/pre-upgrade.yml
+++ b/roles/kubernetes/master/tasks/pre-upgrade.yml
@ -5,6 +5,7 @@
    ETCDCTL_API: 2
  register: old_data_exists
  delegate_to: "{{groups['etcd'][0]}}"
+  changed_when: false
  when: kube_apiserver_storage_backend == "etcd3"
  failed_when: false

--- a/roles/kubernetes/node/tasks/facts.yml
+++ b/roles/kubernetes/node/tasks/facts.yml
@ -2,6 +2,7 @@
 - name: look up docker cgroup driver
  shell: "docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
  register: docker_cgroup_driver_result
+  changed_when: false

 - set_fact:
    standalone_kubelet: >-
--- a/roles/kubernetes/node/tasks/pre_upgrade.yml
+++ b/roles/kubernetes/node/tasks/pre_upgrade.yml
@ -8,4 +8,5 @@
 - name: "Pre-upgrade | ensure kubelet container is stopped if using host deployment"
  command: docker stop kubelet
  failed_when: false
+  changed_when: false
  when: kubelet_deployment_type == 'host'
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@ -60,7 +60,7 @@
    - upgrade

 - name: Calico | Copy cni plugins from calico/cni container
-  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
+  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
  register: cni_task_result
  until: cni_task_result.rc == 0
  retries: 4
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@ -30,6 +30,7 @@
    set /{{ cluster_name }}/network/config \
    '{ "Network": "{{ kube_pods_subnet }}", "SubnetLen": {{ kube_network_node_prefix }}, "Backend": { "Type": "{{ flannel_backend_type }}" } }'
  delegate_to: "{{groups['etcd'][0]}}"
+  changed_when: false
  run_once: true

 - name: Canal | Create canal node manifests
@ -61,7 +62,7 @@
    - upgrade

 - name: Canal | Copy cni plugins from calico/cni
-  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp -a /opt/cni/bin/* /cnibindir/'"
+  command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ calico_cni_image_repo }}:{{ calico_cni_image_tag }} sh -c 'cp /opt/cni/bin/* /cnibindir/'"
  register: cni_task_result
  until: cni_task_result.rc == 0
  retries: 4
@ -86,7 +87,6 @@
    mode: 0755
    owner: root
    group: root
-  changed_when: false

 - name: Canal | Create network policy directory
  file: