From 826c53975d4b0af6bc8ddcd5e9dcdb4777779be0 Mon Sep 17 00:00:00 2001 From: Aleksei Sviridkin Date: Mon, 22 Dec 2025 21:11:29 +0300 Subject: [PATCH] fix(ansible): replace deprecated entities and sync version requirements (#478) * refactor(ansible): replace deprecated with_items and ansible facts Replace deprecated `with_items` with `loop` keyword across all roles. Migrate from legacy `ansible_*` top-level facts to `ansible_facts['*']` syntax to prepare for ansible-core 2.24 where INJECT_FACTS_AS_VARS will default to False. Co-Authored-By: Claude Signed-off-by: Aleksei Sviridkin * chore(ansible): sync minimum version requirements to 2.15 Align version checks in prereq and airgap roles with README requirement of ansible-core 2.15+. Co-Authored-By: Claude Signed-off-by: Aleksei Sviridkin --------- Signed-off-by: Aleksei Sviridkin Co-authored-by: Claude --- roles/airgap/tasks/main.yml | 8 +++--- roles/k3s_agent/tasks/main.yml | 4 +-- roles/k3s_server/tasks/main.yml | 6 ++--- roles/prereq/tasks/main.yml | 28 ++++++++++---------- roles/raspberrypi/tasks/main.yml | 4 +-- roles/raspberrypi/tasks/prereq/Archlinux.yml | 2 +- roles/raspberrypi/tasks/prereq/CentOS.yml | 2 +- roles/raspberrypi/tasks/prereq/Debian.yml | 2 +- roles/raspberrypi/tasks/prereq/Raspbian.yml | 2 +- roles/raspberrypi/tasks/prereq/Ubuntu.yml | 4 +-- 10 files changed, 31 insertions(+), 31 deletions(-) diff --git a/roles/airgap/tasks/main.yml b/roles/airgap/tasks/main.yml index b879f3f..27d173e 100644 --- a/roles/airgap/tasks/main.yml +++ b/roles/airgap/tasks/main.yml @@ -9,8 +9,8 @@ block: - name: Verify Ansible meets airgap version requirements. ansible.builtin.assert: - that: "ansible_version.full is version_compare('2.12', '>=')" - msg: "The Airgap role requires at least ansible-core 2.12" + that: "ansible_version.full is version_compare('2.15', '>=')" + msg: "The Airgap role requires at least ansible-core 2.15" - name: Check for existing install script become: false @@ -40,7 +40,7 @@ - name: Determine architecture and set airgap_k3s_arch ansible.builtin.set_fact: - airgap_k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}" + airgap_k3s_arch: "{{ 'arm64' if ansible_facts['architecture'] == 'aarch64' else 'arm' if ansible_facts['architecture'] == 'armv7l' else 'amd64' }}" - name: Distribute K3s binary ansible.builtin.copy: @@ -71,7 +71,7 @@ - name: Install K3s SELinux RPM when: - - ansible_os_family == 'RedHat' + - ansible_facts['os_family'] == 'RedHat' - airgap_selinux_copy.skipped is false ansible.builtin.dnf: name: "{{ airgap_selinux_copy.results[0].dest }}" diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index 25f95bc..e225996 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -67,7 +67,7 @@ ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s-agent.service.env" line: "{{ item }}" - with_items: "{{ extra_service_envs }}" + loop: "{{ extra_service_envs }}" - name: Delete any existing token from the environment if different from the new one ansible.builtin.lineinfile: @@ -80,7 +80,7 @@ ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s-agent.service.env" line: "{{ item }}" - with_items: + loop: - "K3S_TOKEN={{ token }}" - name: Modify ExecStart in k3s-agent.service to include API endpoint and extra args diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index bae9438..7c0f41f 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -127,7 +127,7 @@ ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s.service.env" line: "{{ item }}" - with_items: "{{ extra_service_envs }}" + loop: "{{ extra_service_envs }}" - name: Delete any existing token from the environment if different from the new one ansible.builtin.lineinfile: @@ -261,7 +261,7 @@ ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s.service.env" line: "{{ item }}" - with_items: "{{ extra_service_envs }}" + loop: "{{ extra_service_envs }}" - name: Delete any existing token from the environment if different from the new one ansible.builtin.lineinfile: @@ -274,7 +274,7 @@ ansible.builtin.lineinfile: path: "{{ systemd_dir }}/k3s.service.env" line: "{{ item }}" - with_items: + loop: - "K3S_TOKEN={{ token }}" # When using an external database, no join is needed, instead, users should be diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index 741e072..3ec64b6 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -2,17 +2,17 @@ - name: Enforce minimum Ansible version ansible.builtin.assert: that: - - ansible_version.full is version('2.14', '>=') - msg: "Minimum ansible-core version required is 2.14" + - ansible_version.full is version('2.15', '>=') + msg: "Minimum ansible-core version required is 2.15" - name: Install Dependent Ubuntu Packages - when: ansible_distribution in ['Ubuntu'] + when: ansible_facts['distribution'] in ['Ubuntu'] ansible.builtin.apt: name: policycoreutils # Used by install script to restore SELinux context update_cache: "{{ airgap_dir is not defined }}" - name: Install Dependent RHEL 10 Package - when: ansible_os_family == 'RedHat' and ansible_distribution_major_version == "10" + when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == "10" ansible.builtin.dnf: name: kernel-modules-extra # Load br_netfilter module update_cache: "{{ airgap_dir is not defined }}" @@ -30,7 +30,7 @@ value: "1" state: present reload: true - when: ansible_all_ipv6_addresses | length > 0 + when: ansible_facts['all_ipv6_addresses'] | length > 0 - name: Populate service facts ansible.builtin.service_facts: @@ -114,7 +114,7 @@ state: enabled permanent: true immediate: true - with_items: + loop: - 5001/tcp # Spegel (Embedded distributed registry) - 8472/udp # Flannel VXLAN - 10250/tcp # Kubelet metrics @@ -135,8 +135,8 @@ + groups[agent_group] | default([]) ) | map('extract', hostvars) - | selectattr('ansible_default_ipv4', 'defined') - | map(attribute='ansible_default_ipv4.address') + | selectattr('ansible_facts.default_ipv4', 'defined') + | map(attribute='ansible_facts.default_ipv4.address') | flatten | unique | list }} @@ -154,13 +154,13 @@ content: "br_netfilter" dest: /etc/modules-load.d/br_netfilter.conf mode: "u=rw,g=,o=" - when: (ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux') + when: (ansible_facts['os_family'] == 'RedHat' or ansible_facts['distribution'] == 'Archlinux') - name: Load br_netfilter community.general.modprobe: name: br_netfilter state: present - when: (ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux') + when: (ansible_facts['os_family'] == 'RedHat' or ansible_facts['distribution'] == 'Archlinux') - name: Set bridge-nf-call-iptables (just to be sure) ansible.posix.sysctl: @@ -168,7 +168,7 @@ value: "1" state: present reload: true - when: (ansible_os_family == 'RedHat' or ansible_distribution == 'Archlinux') + when: (ansible_facts['os_family'] == 'RedHat' or ansible_facts['distribution'] == 'Archlinux') loop: - net.bridge.bridge-nf-call-iptables - net.bridge.bridge-nf-call-ip6tables @@ -186,7 +186,7 @@ - name: Install Apparmor Parser [Suse] when: - - ansible_os_family == 'Suse' + - ansible_facts['os_family'] == 'Suse' - prereq_apparmor_status is defined - prereq_apparmor_status.stdout == "Y" ansible.builtin.package: @@ -195,7 +195,7 @@ - name: Install Apparmor Parser [Debian] when: - - ansible_distribution == 'Debian' + - ansible_facts['distribution'] == 'Debian' - ansible_facts['distribution_major_version'] == "11" - prereq_apparmor_status is defined - prereq_apparmor_status.stdout == "Y" @@ -227,7 +227,7 @@ insertafter: EOF path: /etc/sudoers validate: 'visudo -cf %s' - when: ansible_os_family == 'RedHat' + when: ansible_facts['os_family'] == 'RedHat' - name: Setup alternative K3s directory when: diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index 12e5304..0fabe90 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -43,6 +43,6 @@ ansible.builtin.include_tasks: "{{ item }}" with_first_found: - "prereq/{{ detected_distribution }}.yml" - - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "prereq/{{ ansible_distribution }}.yml" + - "prereq/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" + - "prereq/{{ ansible_facts['distribution'] }}.yml" - "prereq/default.yml" diff --git a/roles/raspberrypi/tasks/prereq/Archlinux.yml b/roles/raspberrypi/tasks/prereq/Archlinux.yml index fe6dc6d..a8a762a 100644 --- a/roles/raspberrypi/tasks/prereq/Archlinux.yml +++ b/roles/raspberrypi/tasks/prereq/Archlinux.yml @@ -4,7 +4,7 @@ path: /boot/boot.txt regexp: '^(setenv bootargs console=ttyS1,115200 console=tty0 root=PARTUUID=\${uuid} rw rootwait smsc95xx.macaddr="\${usbethaddr}"(?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' - with_items: + loop: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" diff --git a/roles/raspberrypi/tasks/prereq/CentOS.yml b/roles/raspberrypi/tasks/prereq/CentOS.yml index cce433e..dcdab6b 100644 --- a/roles/raspberrypi/tasks/prereq/CentOS.yml +++ b/roles/raspberrypi/tasks/prereq/CentOS.yml @@ -4,7 +4,7 @@ path: /boot/cmdline.txt regexp: '^([\w](?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' - with_items: + loop: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" diff --git a/roles/raspberrypi/tasks/prereq/Debian.yml b/roles/raspberrypi/tasks/prereq/Debian.yml index 8dc260d..e965a32 100644 --- a/roles/raspberrypi/tasks/prereq/Debian.yml +++ b/roles/raspberrypi/tasks/prereq/Debian.yml @@ -9,7 +9,7 @@ path: "{{ (boot_firmware_cmdline_txt.stat.exists) | ternary('/boot/firmware/cmdline.txt', '/boot/cmdline.txt') }}" regexp: '^([\w](?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' - with_items: + loop: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" diff --git a/roles/raspberrypi/tasks/prereq/Raspbian.yml b/roles/raspberrypi/tasks/prereq/Raspbian.yml index 8dc260d..e965a32 100644 --- a/roles/raspberrypi/tasks/prereq/Raspbian.yml +++ b/roles/raspberrypi/tasks/prereq/Raspbian.yml @@ -9,7 +9,7 @@ path: "{{ (boot_firmware_cmdline_txt.stat.exists) | ternary('/boot/firmware/cmdline.txt', '/boot/cmdline.txt') }}" regexp: '^([\w](?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' - with_items: + loop: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" diff --git a/roles/raspberrypi/tasks/prereq/Ubuntu.yml b/roles/raspberrypi/tasks/prereq/Ubuntu.yml index ccd056f..a02ed89 100644 --- a/roles/raspberrypi/tasks/prereq/Ubuntu.yml +++ b/roles/raspberrypi/tasks/prereq/Ubuntu.yml @@ -9,7 +9,7 @@ path: "{{ (boot_firmware_cmdline_txt.stat.exists) | ternary('/boot/firmware/cmdline.txt', '/boot/firmware/current/cmdline.txt') }}" regexp: '^([\w](?!.*\b{{ cgroup_item }}\b).*)$' replace: '\1 {{ cgroup_item }}' - with_items: + loop: - "cgroup_enable=cpuset" - "cgroup_memory=1" - "cgroup_enable=memory" @@ -24,4 +24,4 @@ name: linux-modules-extra-raspi update_cache: "{{ airgap_dir is not defined }}" state: present - when: "ansible_distribution_version is version('20.10', '>=') and ansible_distribution_version is version('24.04', '<')" + when: "ansible_facts['distribution_version'] is version('20.10', '>=') and ansible_facts['distribution_version'] is version('24.04', '<')"