From 6873913124a3b1b14a25f27edaeb2d79f2b43c9a Mon Sep 17 00:00:00 2001
From: Lennart Jern <lennart.jern@gmail.com>
Date: Sun, 20 Sep 2020 21:19:44 +0300
Subject: [PATCH 1/2] Use checksum with get_url

When the checksum is used there is no need to delete the binary first,
as it will be compared to the checksum and downloaded and replaced only
as needed.
---
 roles/download/tasks/main.yml | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml
index e0f2c90..49e8de1 100644
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@@ -1,13 +1,9 @@
 ---
 
-- name: Delete k3s if already present
-  file:
-    path: /usr/local/bin/k3s
-    state: absent
-
 - name: Download k3s binary x64
   get_url:
     url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s
+    checksum: sha256:https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
     dest: /usr/local/bin/k3s
     owner: root
     group: root
@@ -17,6 +13,7 @@
 - name: Download k3s binary arm64
   get_url:
     url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s-arm64
+    checksum: sha256:https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/sha256sum-arm64.txt
     dest: /usr/local/bin/k3s
     owner: root
     group: root
@@ -29,6 +26,7 @@
 - name: Download k3s binary armhf
   get_url:
     url: https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/k3s-armhf
+    checksum: sha256:https://github.com/rancher/k3s/releases/download/{{ k3s_version }}/sha256sum-arm.txt
     dest: /usr/local/bin/k3s
     owner: root
     group: root

From ca7c25b81c8ebf53922efd1274deee09859aeab1 Mon Sep 17 00:00:00 2001
From: Lennart Jern <lennart.jern@gmail.com>
Date: Tue, 22 Sep 2020 21:08:35 +0300
Subject: [PATCH 2/2] Fix linting errors

---
 roles/k3s/master/tasks/main.yml | 2 ++
 roles/prereq/tasks/main.yml     | 1 +
 2 files changed, 3 insertions(+)

diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s/master/tasks/main.yml
index 389e928..006aa9b 100644
--- a/roles/k3s/master/tasks/main.yml
+++ b/roles/k3s/master/tasks/main.yml
@@ -49,6 +49,7 @@
     path: ~{{ ansible_user }}/.kube
     state: directory
     owner: "{{ ansible_user }}"
+    mode: "u=rwx,g=rx,o="
 
 - name: Copy config file to user home directory
   copy:
@@ -56,6 +57,7 @@
     dest: ~{{ ansible_user }}/.kube/config
     remote_src: yes
     owner: "{{ ansible_user }}"
+    mode: "u=rw,g=,o="
 
 - name: Replace https://localhost:6443 by https://master-ip:6443
   command: >-
diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml
index c79d503..97617cf 100644
--- a/roles/prereq/tasks/main.yml
+++ b/roles/prereq/tasks/main.yml
@@ -22,6 +22,7 @@
   copy:
     content: "br_netfilter"
     dest: /etc/modules-load.d/br_netfilter.conf
+    mode: "u=rw,g=,o="
   when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux']
 
 - name: Load br_netfilter