From b77e0049c8760e4f77677bfb73941d85665f06eb Mon Sep 17 00:00:00 2001 From: Derek Nola Date: Mon, 15 Sep 2025 12:09:45 -0700 Subject: [PATCH] Fix linting to bring back 'production' status for all non-server k3s roles Signed-off-by: Derek Nola --- roles/airgap/tasks/main.yml | 18 ++++---- roles/k3s_agent/tasks/main.yml | 10 +++-- roles/k3s_upgrade/tasks/main.yml | 7 ++-- roles/prereq/tasks/main.yml | 22 +++++----- roles/raspberrypi/tasks/main.yml | 70 +++++++++++++++----------------- 5 files changed, 63 insertions(+), 64 deletions(-) diff --git a/roles/airgap/tasks/main.yml b/roles/airgap/tasks/main.yml index 083467c..772396b 100644 --- a/roles/airgap/tasks/main.yml +++ b/roles/airgap/tasks/main.yml @@ -13,13 +13,13 @@ delegate_to: localhost ansible.builtin.stat: path: "{{ airgap_dir + '/k3s-install.sh' }}" - register: host_install_script + register: airgap_host_install_script - name: Download k3s install script become: false delegate_to: localhost # Workaround for https://github.com/ansible/ansible/issues/64016 - when: not host_install_script.stat.exists + when: not airgap_host_install_script.stat.exists ansible.builtin.get_url: url: https://get.k3s.io/ timeout: 120 @@ -34,11 +34,11 @@ group: root mode: "0755" - - name: Determine architecture and set k3s_arch + - name: Determine architecture and set airgap_k3s_arch ansible.builtin.set_fact: - k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}" + airgap_k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}" - - name: Distribute K3s binary {{ k3s_arch }} + - name: Distribute K3s binary {{ airgap_k3s_arch }} ansible.builtin.copy: src: "{{ item }}" dest: /usr/local/bin/k3s @@ -47,7 +47,7 @@ mode: "0755" with_first_found: - files: - - "{{ airgap_dir }}/k3s-{{ k3s_arch }}" + - "{{ airgap_dir }}/k3s-{{ airgap_k3s_arch }}" - "{{ airgap_dir }}/k3s" # with_first_found always runs, even inside the when block # so we need to skip it if the file is not found @@ -62,15 +62,15 @@ mode: "0755" with_fileglob: - "{{ airgap_dir }}/k3s-selinux*.rpm" - register: selinux_copy + register: airgap_selinux_copy ignore_errors: true - name: Install K3s SELinux RPM when: - ansible_os_family == 'RedHat' - - selinux_copy.skipped is false + - airgap_selinux_copy.skipped is false ansible.builtin.dnf: - name: "{{ selinux_copy.results[0].dest }}" + name: "{{ airgap_selinux_copy.results[0].dest }}" state: present disable_gpg_check: true disablerepo: "*" diff --git a/roles/k3s_agent/tasks/main.yml b/roles/k3s_agent/tasks/main.yml index baa4e85..0c589db 100644 --- a/roles/k3s_agent/tasks/main.yml +++ b/roles/k3s_agent/tasks/main.yml @@ -1,21 +1,21 @@ --- - name: Get k3s installed version ansible.builtin.command: k3s --version - register: k3s_version_output + register: k3s_agent_version_output changed_when: false ignore_errors: true - name: Set k3s installed version - when: not ansible_check_mode and k3s_version_output.rc == 0 + when: not ansible_check_mode and k3s_agent_version_output.rc == 0 ansible.builtin.set_fact: - installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" + k3s_agent_installed_version: "{{ k3s_agent_version_output.stdout_lines[0].split(' ')[2] }}" # If airgapped, all K3s artifacts are already on the node. # We should be downloading and installing the newer version only if we are in one of the following cases : # - we couldn't get k3s installed version in the first task of this role # - the installed version of K3s on the nodes is older than the requested version in ansible vars - name: Download artifact only if needed - when: not ansible_check_mode and airgap_dir is undefined and ( k3s_version_output.rc != 0 or installed_k3s_version is version(k3s_version, '<') ) + when: not ansible_check_mode and airgap_dir is undefined and ( k3s_agent_version_output.rc != 0 or k3s_agent_installed_version is version(k3s_version, '<') ) block: - name: Download K3s install script ansible.builtin.get_url: @@ -50,6 +50,7 @@ mode: "0755" state: directory - name: Copy config values + # noqa var-naming[no-role-prefix] ansible.builtin.copy: content: "{{ agent_config_yaml }}" dest: "/etc/rancher/k3s/config.yaml" @@ -57,6 +58,7 @@ register: _agent_config_result - name: Get the token from the first server + # noqa var-naming[no-role-prefix] ansible.builtin.set_fact: token: "{{ hostvars[groups[server_group][0]].token }}" diff --git a/roles/k3s_upgrade/tasks/main.yml b/roles/k3s_upgrade/tasks/main.yml index 90b043d..33648bb 100644 --- a/roles/k3s_upgrade/tasks/main.yml +++ b/roles/k3s_upgrade/tasks/main.yml @@ -3,21 +3,22 @@ # local control-plane instead of the remote host. Shell supports wildcards. - name: Get k3s installed version ansible.builtin.command: k3s --version - register: k3s_version_output + register: k3s_upgrade_version_output changed_when: false check_mode: false - name: Set k3s installed version ansible.builtin.set_fact: - installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}" + k3s_upgrade_current_version: "{{ k3s_upgrade_version_output.stdout_lines[0].split(' ')[2] }}" check_mode: false # We should be downloading and installing the newer version only if we are in the following case : # - the installed version of K3s on the nodes is older than the requested version in ansible vars - name: Update node only if needed - when: installed_k3s_version is version(k3s_version, '<') + when: k3s_upgrade_current_version is version(k3s_version, '<') block: - name: Find K3s service files + # noqa var-naming[no-role-prefix] ansible.builtin.find: paths: "{{ systemd_dir }}" patterns: "k3s*.service" diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index 3707ead..aba24a1 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -44,11 +44,11 @@ ansible.builtin.command: cmd: ufw status changed_when: false - register: ufw_status + register: prereq_ufw_status - name: If ufw enabled, open api port when: - - "'Status: active' in ufw_status['stdout']" + - "'Status: active' in prereq_ufw_status['stdout']" community.general.ufw: rule: allow port: "{{ api_port }}" @@ -56,7 +56,7 @@ - name: If ufw enabled, open etcd ports when: - - "'Status: active' in ufw_status['stdout']" + - "'Status: active' in prereq_ufw_status['stdout']" - groups[server_group] | length > 1 community.general.ufw: rule: allow @@ -65,7 +65,7 @@ - name: If ufw enabled, allow default CIDRs when: - - "'Status: active' in ufw_status['stdout']" + - "'Status: active' in prereq_ufw_status['stdout']" community.general.ufw: rule: allow src: '{{ item }}' @@ -162,19 +162,19 @@ - name: Check for Apparmor existence ansible.builtin.stat: path: /sys/module/apparmor/parameters/enabled - register: apparmor_enabled + register: prereq_apparmor_enabled - name: Check if Apparmor is enabled - when: apparmor_enabled.stat.exists + when: prereq_apparmor_enabled.stat.exists ansible.builtin.command: cat /sys/module/apparmor/parameters/enabled - register: apparmor_status + register: prereq_apparmor_status changed_when: false - name: Install Apparmor Parser [Suse] when: - ansible_os_family == 'Suse' - - apparmor_status is defined - - apparmor_status.stdout == "Y" + - prereq_apparmor_status is defined + - prereq_apparmor_status.stdout == "Y" ansible.builtin.package: name: apparmor-parser state: present @@ -183,8 +183,8 @@ when: - ansible_distribution == 'Debian' - ansible_facts['distribution_major_version'] == "11" - - apparmor_status is defined - - apparmor_status.stdout == "Y" + - prereq_apparmor_status is defined + - prereq_apparmor_status.stdout == "Y" ansible.builtin.package: name: apparmor state: present diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index c47ab7c..12e5304 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -1,52 +1,48 @@ --- - name: Test for raspberry pi /proc/cpuinfo ansible.builtin.command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo - register: grep_cpuinfo_raspberrypi + register: raspberrypi_grep_cpuinfo failed_when: false changed_when: false - name: Test for raspberry pi /proc/device-tree/model ansible.builtin.command: grep -E "Raspberry Pi" /proc/device-tree/model - register: grep_device_tree_model_raspberrypi + register: raspberrypi_grep_device_tree_model failed_when: false changed_when: false -- name: Set raspberry_pi fact to true - ansible.builtin.set_fact: - raspberry_pi: true +- name: Run Raspberry Pi-specific tasks when: - grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0 + - raspberrypi_grep_cpuinfo.rc == 0 or raspberrypi_grep_device_tree_model.rc == 0 + block: + - name: Set detected_distribution to Raspbian + # noqa var-naming[no-role-prefix] + ansible.builtin.set_fact: + detected_distribution: Raspbian + when: > + ansible_facts.lsb.id|default("") == "Raspbian" or + ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") -- name: Set detected_distribution to Raspbian - ansible.builtin.set_fact: - detected_distribution: Raspbian - when: > - raspberry_pi|default(false) and - ( ansible_facts.lsb.id|default("") == "Raspbian" or - ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") ) + - name: Set detected_distribution to Debian + # noqa var-naming[no-role-prefix] + ansible.builtin.set_fact: + detected_distribution: Debian + when: > + ansible_facts.lsb.id|default("") == "Debian" or + ansible_facts.lsb.description|default("") is match("Debian") -- name: Set detected_distribution to Debian - ansible.builtin.set_fact: - detected_distribution: Debian - when: > - raspberry_pi|default(false) and - ( ansible_facts.lsb.id|default("") == "Debian" or - ansible_facts.lsb.description|default("") is match("Debian") ) + - name: Set detected_distribution to ArchLinux (ARM64) + # noqa var-naming[no-role-prefix] + ansible.builtin.set_fact: + detected_distribution: Archlinux + when: + - ansible_facts.architecture is search("aarch64") + - ansible_facts.os_family is match("Archlinux") -- name: Set detected_distribution to ArchLinux (ARM64) - ansible.builtin.set_fact: - detected_distribution: Archlinux - when: - - ansible_facts.architecture is search("aarch64") - - raspberry_pi|default(false) - - ansible_facts.os_family is match("Archlinux") - -- name: Execute OS related tasks on the Raspberry Pi - ansible.builtin.include_tasks: "{{ item }}" - with_first_found: - - "prereq/{{ detected_distribution }}.yml" - - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "prereq/{{ ansible_distribution }}.yml" - - "prereq/default.yml" - when: - - raspberry_pi|default(false) + - name: Execute OS related tasks on the Raspberry Pi + ansible.builtin.include_tasks: "{{ item }}" + with_first_found: + - "prereq/{{ detected_distribution }}.yml" + - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "prereq/{{ ansible_distribution }}.yml" + - "prereq/default.yml"