Browse Source
Use `connection: local` when `delegate_to: localhost` (#6322)
This will avoid SSH connection on the local host
pull/5781/head
bozzo
5 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with
19 additions and
0 deletions
-
roles/bastion-ssh-config/tasks/main.yml
-
roles/download/tasks/download_container.yml
-
roles/download/tasks/download_file.yml
-
roles/download/tasks/prep_download.yml
-
roles/kubernetes/client/tasks/main.yml
-
roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml
-
roles/kubernetes/preinstall/tasks/0090-etchosts.yml
-
roles/kubespray-defaults/tasks/fallback_ips.yml
-
roles/kubespray-defaults/tasks/fallback_ips_gather.yml
-
roles/kubespray-defaults/tasks/no_proxy.yml
-
scripts/collect-info.yaml
-
tests/cloud_playbooks/delete-aws.yml
|
|
|
@ -3,6 +3,7 @@ |
|
|
|
set_fact: |
|
|
|
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
|
|
|
|
# As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly |
|
|
|
# To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user |
|
|
|
@ -13,6 +14,7 @@ |
|
|
|
- name: create ssh bastion conf |
|
|
|
become: false |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
template: |
|
|
|
src: ssh-bastion.conf |
|
|
|
dest: "{{ playbook_dir }}/ssh-bastion.conf" |
|
|
|
@ -25,6 +25,7 @@ |
|
|
|
stat: |
|
|
|
path: "{{ image_path_cached }}" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
delegate_facts: no |
|
|
|
register: cache_image |
|
|
|
changed_when: false |
|
|
|
|
|
|
|
@ -25,6 +25,7 @@ |
|
|
|
state: directory |
|
|
|
recurse: yes |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
delegate_facts: false |
|
|
|
run_once: true |
|
|
|
become: false |
|
|
|
|
|
|
|
@ -20,6 +20,7 @@ |
|
|
|
- name: prep_download | On localhost, check if passwordless root is possible |
|
|
|
command: "true" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
run_once: true |
|
|
|
register: test_become |
|
|
|
changed_when: false |
|
|
|
@ -34,6 +35,7 @@ |
|
|
|
- name: prep_download | On localhost, check if user has access to docker without using sudo |
|
|
|
shell: "{{ image_info_command_on_localhost }}" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
run_once: true |
|
|
|
register: test_docker |
|
|
|
changed_when: false |
|
|
|
@ -92,6 +94,7 @@ |
|
|
|
recurse: yes |
|
|
|
mode: 0755 |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
delegate_facts: no |
|
|
|
run_once: true |
|
|
|
become: false |
|
|
|
|
|
|
|
@ -36,6 +36,7 @@ |
|
|
|
mode: "0750" |
|
|
|
state: directory |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
become: no |
|
|
|
run_once: yes |
|
|
|
when: kubeconfig_localhost |
|
|
|
@ -88,6 +89,7 @@ |
|
|
|
dest: "{{ artifacts_dir }}/admin.conf" |
|
|
|
mode: 0640 |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
become: no |
|
|
|
run_once: yes |
|
|
|
when: kubeconfig_localhost |
|
|
|
@ -112,4 +114,5 @@ |
|
|
|
become: no |
|
|
|
run_once: yes |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
when: kubectl_localhost and kubeconfig_localhost |
|
|
|
@ -3,6 +3,7 @@ |
|
|
|
stat: |
|
|
|
path: "{{ inventory_dir }}/../credentials" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
register: old_credential_dir |
|
|
|
become: no |
|
|
|
|
|
|
|
@ -10,6 +11,7 @@ |
|
|
|
stat: |
|
|
|
path: "{{ inventory_dir }}/credentials" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
register: new_credential_dir |
|
|
|
become: no |
|
|
|
when: old_credential_dir.stat.exists |
|
|
|
@ -19,6 +21,7 @@ |
|
|
|
args: |
|
|
|
creates: "{{ inventory_dir }}/credentials" |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
become: no |
|
|
|
when: |
|
|
|
- old_credential_dir.stat.exists |
|
|
|
|
|
|
|
@ -9,6 +9,7 @@ |
|
|
|
{% endif %} |
|
|
|
{% endfor %} |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
delegate_facts: yes |
|
|
|
run_once: yes |
|
|
|
|
|
|
|
|
|
|
|
@ -21,6 +21,7 @@ |
|
|
|
{{ item }}: "{{ found.get('address', '127.0.0.1') }}" |
|
|
|
{% endfor %} |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
delegate_facts: yes |
|
|
|
become: no |
|
|
|
run_once: yes |
|
|
|
|
|
|
|
@ -7,4 +7,5 @@ |
|
|
|
gather_subset: '!all,network' |
|
|
|
filter: "ansible_default_ipv4" |
|
|
|
delegate_to: "{{ delegate_host_to_gather_facts }}" |
|
|
|
connection: "{{ (delegate_host_to_gather_facts == 'localhost') | ternary('local', omit) }}" |
|
|
|
delegate_facts: yes |
|
|
|
@ -19,6 +19,7 @@ |
|
|
|
{%- endif -%} |
|
|
|
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }} |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
delegate_facts: yes |
|
|
|
become: no |
|
|
|
run_once: yes |
|
|
|
|
|
|
|
@ -133,6 +133,7 @@ |
|
|
|
dest: "{{ dir|default('.') }}/logs.tar.gz" |
|
|
|
remove: true |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
|
|
|
become: false |
|
|
|
run_once: true |
|
|
|
|
|
|
|
|
|
|
|
@ -15,3 +15,4 @@ |
|
|
|
region: "{{ ansible_ec2_placement_region }}" |
|
|
|
wait: True |
|
|
|
delegate_to: localhost |
|
|
|
connection: local |
