diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml index 75435095a..2a13d18d9 100644 --- a/roles/kubernetes/kubeadm/tasks/main.yml +++ b/roles/kubernetes/kubeadm/tasks/main.yml @@ -22,8 +22,10 @@ delegate_to: "{{ groups['kube-master'][0] }}" run_once: true -- name: Calculate kubeadm CA cert hash # noqa 306 - shell: openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' +- name: Calculate kubeadm CA cert hash + shell: set -o pipefail && openssl x509 -pubkey -in {{ kube_cert_dir }}/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' + args: + executable: /bin/bash register: kubeadm_ca_hash when: - kubeadm_ca_stat.stat is defined @@ -107,11 +109,13 @@ # FIXME(mattymo): Need to point to localhost, otherwise masters will all point # incorrectly to first master, creating SPoF. -- name: Update server field in kube-proxy kubeconfig # noqa 306 +- name: Update server field in kube-proxy kubeconfig shell: >- - {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml + set -o pipefail && {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf get configmap kube-proxy -n kube-system -o yaml | sed 's#server:.*#server: https://127.0.0.1:{{ kube_apiserver_port }}#g' | {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf replace -f - + args: + executable: /bin/bash run_once: true delegate_to: "{{ groups['kube-master']|first }}" delegate_facts: false diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml index 1363206f6..bf43a080c 100644 --- a/roles/kubernetes/master/tasks/kubeadm-setup.yml +++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml @@ -47,8 +47,10 @@ when: - old_apiserver_cert.stat.exists -- name: kubeadm | Forcefully delete old static pods # noqa 306 - shell: "docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f" +- name: kubeadm | Forcefully delete old static pods + shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f" + args: + executable: /bin/bash with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] when: - old_apiserver_cert.stat.exists diff --git a/roles/kubernetes/master/tasks/pre-upgrade.yml b/roles/kubernetes/master/tasks/pre-upgrade.yml index 06c3eb525..27c04ea95 100644 --- a/roles/kubernetes/master/tasks/pre-upgrade.yml +++ b/roles/kubernetes/master/tasks/pre-upgrade.yml @@ -8,8 +8,10 @@ register: kube_apiserver_manifest_replaced when: etcd_secret_changed|default(false) -- name: "Pre-upgrade | Delete master containers forcefully" # noqa 306 503 - shell: "docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f" +- name: "Pre-upgrade | Delete master containers forcefully" # noqa 503 + shell: "set -o pipefail && docker ps -af name=k8s_{{ item }}* -q | xargs --no-run-if-empty docker rm -f" + args: + executable: /bin/bash with_items: - ["kube-apiserver", "kube-controller-manager", "kube-scheduler"] when: kube_apiserver_manifest_replaced.changed diff --git a/roles/kubernetes/node/tasks/pre_upgrade.yml b/roles/kubernetes/node/tasks/pre_upgrade.yml index 918edfac5..38ecbf43d 100644 --- a/roles/kubernetes/node/tasks/pre_upgrade.yml +++ b/roles/kubernetes/node/tasks/pre_upgrade.yml @@ -1,11 +1,14 @@ --- -- name: "Pre-upgrade | check if kubelet container exists" # noqa 306 +- name: "Pre-upgrade | check if kubelet container exists" shell: >- + set -o pipefail && {% if container_manager in ['crio', 'docker'] %} docker ps -af name=kubelet | grep kubelet {% elif container_manager == 'containerd' %} crictl ps --all --name kubelet | grep kubelet {% endif %} + args: + executable: /bin/bash failed_when: false changed_when: false register: kubelet_container_check diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 1722a299d..148d69258 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -158,8 +158,10 @@ when: - kube_network_plugin == 'calico' -- name: "Get current version of calico cluster version" # noqa 306 - shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" +- name: "Get current version of calico cluster version" + shell: "set -o pipefail && {{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'" + args: + executable: /bin/bash register: calico_version_on_server run_once: yes changed_when: false diff --git a/roles/kubernetes/tokens/tasks/gen_tokens.yml b/roles/kubernetes/tokens/tasks/gen_tokens.yml index ff0983bb3..2b94ce4f3 100644 --- a/roles/kubernetes/tokens/tasks/gen_tokens.yml +++ b/roles/kubernetes/tokens/tasks/gen_tokens.yml @@ -42,18 +42,21 @@ run_once: true when: sync_tokens|default(false) -- name: Gen_tokens | Gather tokens # noqa 306 - shell: "tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0" +- name: Gen_tokens | Gather tokens + shell: "set -o pipefail && tar cfz - {{ tokens_list.stdout_lines | join(' ') }} | base64 --wrap=0" args: warn: false + executable: /bin/bash register: tokens_data check_mode: no delegate_to: "{{ groups['kube-master'][0] }}" run_once: true when: sync_tokens|default(false) -- name: Gen_tokens | Copy tokens on masters # noqa 306 - shell: "echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /" +- name: Gen_tokens | Copy tokens on masters + shell: "set -o pipefail && echo '{{ tokens_data.stdout|quote }}' | base64 -d | tar xz -C /" + args: + executable: /bin/bash when: - inventory_hostname in groups['kube-master'] - sync_tokens|default(false)