Using Ansible to Deploy Kubernetes — Detailed Explanation of Kubespray Source Code (Part One)
Some content is generated by AIAnsible by calling Ansible tasks in debug mode.
The repository for AIAnsible is available at: https://github.com/sunnycloudy/aiansible
Kubespray is an open-source project that uses Ansible as an automation tool for installing, upgrading, and configuring Kubernetes clusters. As an infrastructure engineer or DevOps engineer, here are three reasons why you should read the Kubespray source code:
In-depth Understanding of Kubernetes Deployment Process:
Reading the Kubespray source code can help you gain a deep understanding of how Kubernetes clusters are automatedly deployed and managed. This includes understanding the details of cluster initialization, node joining, network policy configuration, storage setup, and the deployment of key components such as authentication and authorization. This knowledge is invaluable for developers and operations engineers who want to master the lifecycle management of Kubernetes clusters.
Learning Ansible Automation Best Practices:
Kubespray uses Ansible as its automation tool, and its source code contains numerous best practices and patterns for Ansible. By reading the source code, you can learn how to write Ansible playbooks, roles, and handle complex configuration tasks. This is extremely beneficial for anyone looking to improve their skills in configuration management and automation.
Customization and Optimization of Kubernetes Cluster Deployment:
If you need to customize or optimize your Kubernetes cluster, reading the Kubespray source code can help you understand how to modify existing Ansible playbooks and roles to meet your needs. This could include adding new features, modifying network configurations, integrating additional services, or optimizing performance. Understanding the source code allows you to make effective customizations, ensuring that the cluster deployment meets your specific requirements.
Additionally, being familiar with the Kubespray source code can help you contribute to open-source projects like Kubespray, improve the project, and expand your technical horizons while building connections within the open-source community.
Kubespray Version Used in This Article:
v2.22.2
ansible version:
ansible [core 2.12.10]
config file = /root/.nujnus/test_suite/K8s_v2_22_2/install_k8s_v2_22_2/install/kubespray/ansible.cfg
configured module search path = [‘/root/.nujnus/test_suite/K8s_v2_22_2/install_k8s_v2_22_2/install/kubespray/library’]
ansible python module location = /opt/conda/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/conda/bin/ansible
python version = 3.9.18 (main, Sep 11 2023, 13:41:44) [GCC 11.2.0]
jinja version = 3.1.2
libyaml = True
config file = /root/.nujnus/test_suite/K8s_v2_22_2/install_k8s_v2_22_2/install/kubespray/ansible.cfg
configured module search path = [‘/root/.nujnus/test_suite/K8s_v2_22_2/install_k8s_v2_22_2/install/kubespray/library’]
ansible python module location = /opt/conda/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /opt/conda/bin/ansible
python version = 3.9.18 (main, Sep 11 2023, 13:41:44) [GCC 11.2.0]
jinja version = 3.1.2
libyaml = True
host info:
hostname
ansible_host
ansible_user
os
cpu
ram
test1
192.168.121.91
root
CentOS8
6c
8g
test2
192.168.121.92
root
CentOS8
6c
8g
test3
192.168.121.95
root
CentOS8
6c
8g
inventory
test1 ansible_host=192.168.121.91 ansible_user=root ip=192.168.121.91 etcd_member_name=etcd1
test2 ansible_host=192.168.121.92 ansible_user=root ip=192.168.121.92 etcd_member_name=etcd2
test3 ansible_host=192.168.121.95 ansible_user=root ip=192.168.121.95 etcd_member_name=etcd3
test2 ansible_host=192.168.121.92 ansible_user=root ip=192.168.121.92 etcd_member_name=etcd2
test3 ansible_host=192.168.121.95 ansible_user=root ip=192.168.121.95 etcd_member_name=etcd3
[kube_control_plane]
test1
test2
test3
[etcd]
test1
test2
test3
[kube_node]
test1
test2
test3
[calico_rr]
[k8s_cluster:children]
kube_control_plane
kube_node
calico_rr
<STEP: 1>
kubespray/playbooks/ansible_version.yml #11
[ code and comment: ]
11| – name: “Check {{ minimal_ansible_version }} <= Ansible version < {{ maximal_ansible_version }}” # This line defines a task with a descriptive name to check the Ansible version against specified minimum and maximum versions.
12| assert: # The assert keyword is used to perform a test and raise an error if the test fails.
13| msg: “Ansible must be between {{ minimal_ansible_version }} and {{ maximal_ansible_version }} exclusive” # This message is displayed if the assert condition fails, indicating the required version range for Ansible.
14| that: # This keyword is followed by a list of conditions that must be met for the assert to pass.
15| – ansible_version.string is version(minimal_ansible_version, “>=”) # Asserts that the Ansible version is greater than or equal to the minimal version specified.
16| – ansible_version.string is version(maximal_ansible_version, “<“) # Asserts that the Ansible version is less than the maximal version specified.
17| tags: # The tags keyword is used to assign tags to the task, which can be used for selective execution or organization.
18| – check # This tag is applied to the task, allowing it to be executed selectively when the ‘check’ tag is specified.
11| – name: “Check {{ minimal_ansible_version }} <= Ansible version < {{ maximal_ansible_version }}” # This line defines a task with a descriptive name to check the Ansible version against specified minimum and maximum versions.
12| assert: # The assert keyword is used to perform a test and raise an error if the test fails.
13| msg: “Ansible must be between {{ minimal_ansible_version }} and {{ maximal_ansible_version }} exclusive” # This message is displayed if the assert condition fails, indicating the required version range for Ansible.
14| that: # This keyword is followed by a list of conditions that must be met for the assert to pass.
15| – ansible_version.string is version(minimal_ansible_version, “>=”) # Asserts that the Ansible version is greater than or equal to the minimal version specified.
16| – ansible_version.string is version(maximal_ansible_version, “<“) # Asserts that the Ansible version is less than the maximal version specified.
17| tags: # The tags keyword is used to assign tags to the task, which can be used for selective execution or organization.
18| – check # This tag is applied to the task, allowing it to be executed selectively when the ‘check’ tag is specified.
[params:]
msg: Ansible must be between 2.11.0 and 2.13.0 exclusive
that: [‘ansible_version.string is version(minimal_ansible_version, “>=”)’, ‘ansible_version.string is version(maximal_ansible_version, “<“)’]
that: [‘ansible_version.string is version(minimal_ansible_version, “>=”)’, ‘ansible_version.string is version(maximal_ansible_version, “<“)’]
<STEP: 2>
kubespray/playbooks/ansible_version.yml #20
[ code and comment: ]
20| – name: “Check that python netaddr is installed” # This task is named to check if the python netaddr module is installed.
21| assert: # The assert module is used here to perform a check and provide a message if the condition is not met.
22| msg: “Python netaddr is not present” # The message that will be displayed if the python netaddr module is not found.
23| that: “‘127.0.0.1’ | ipaddr” # The condition to check if the string ‘127.0.0.1’ can be used with the ipaddr filter, indicating that the netaddr module is available.
24| tags: # Tags are used to label the task for selective execution or categorization.
25| – check # The task is tagged with ‘check’, which can be used to execute this task or a group of tasks with this tag.
20| – name: “Check that python netaddr is installed” # This task is named to check if the python netaddr module is installed.
21| assert: # The assert module is used here to perform a check and provide a message if the condition is not met.
22| msg: “Python netaddr is not present” # The message that will be displayed if the python netaddr module is not found.
23| that: “‘127.0.0.1’ | ipaddr” # The condition to check if the string ‘127.0.0.1’ can be used with the ipaddr filter, indicating that the netaddr module is available.
24| tags: # Tags are used to label the task for selective execution or categorization.
25| – check # The task is tagged with ‘check’, which can be used to execute this task or a group of tasks with this tag.
[params:]
msg: Python netaddr is not present
that: ‘127.0.0.1’ | ipaddr
that: ‘127.0.0.1’ | ipaddr
<STEP: 3>
kubespray/playbooks/ansible_version.yml #28
[ code and comment: ]
28| – name: “Check that jinja is not too old (install via pip)” # This task is named to check the Jinja version and ensure it is not too old, recommending installation via pip if necessary.
29| assert: # The assert module is used to check if certain conditions are met.
30| msg: “Your Jinja version is too old, install via pip” # The error message that will be displayed if the Jinja version is too old.
31| that: “{% set test %}It works{% endset %}{{ test == ‘It works’ }}” # A Jinja2 template test to ensure the Jinja version is functioning correctly.
32| tags: # Tags are used to categorize tasks for selective execution.
33| – check # The task is tagged with ‘check’, indicating it is a check task that can be executed selectively.
28| – name: “Check that jinja is not too old (install via pip)” # This task is named to check the Jinja version and ensure it is not too old, recommending installation via pip if necessary.
29| assert: # The assert module is used to check if certain conditions are met.
30| msg: “Your Jinja version is too old, install via pip” # The error message that will be displayed if the Jinja version is too old.
31| that: “{% set test %}It works{% endset %}{{ test == ‘It works’ }}” # A Jinja2 template test to ensure the Jinja version is functioning correctly.
32| tags: # Tags are used to categorize tasks for selective execution.
33| – check # The task is tagged with ‘check’, indicating it is a check task that can be executed selectively.
[params:]
msg: Your Jinja version is too old, install via pip
that: True
that: True
<STEP: 4>
kubespray/roles/bootstrap-os/tasks/bootstrap-centos.yml #7
[ code and comment: ]
7|- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined # Task to add a proxy configuration to yum.conf or dnf.conf based on the http_proxy variable.
8| ini_file: # The ini_file module is used to manipulate INI-style files.
9| path: “{{ ( (ansible_distribution_major_version | int) < 8) | ternary(‘/etc/yum.conf’,’/etc/dnf/dnf.conf’) }}” # Determines the path to the configuration file based on the major version of the distribution.
10| section: main # The section in the configuration file where the proxy setting will be added.
11| option: proxy # The option in the configuration file to set the proxy.
12| value: “{{ http_proxy | default(omit) }}” # The value for the proxy option, using the http_proxy variable or omitting if not defined.
13| state: “{{ http_proxy | default(False) | ternary(‘present’, ‘absent’) }}” # The state of the proxy setting, present if http_proxy is defined, otherwise absent.
14| no_extra_spaces: true # Ensures that no extra spaces are included in the configuration file.
15| mode: 0644 # Sets the file permissions to 0644.
16| become: true # The task requires root privileges.
17| when: not skip_http_proxy_on_os_packages # The task is only executed if the skip_http_proxy_on_os_packages is not set to true.
7|- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined # Task to add a proxy configuration to yum.conf or dnf.conf based on the http_proxy variable.
8| ini_file: # The ini_file module is used to manipulate INI-style files.
9| path: “{{ ( (ansible_distribution_major_version | int) < 8) | ternary(‘/etc/yum.conf’,’/etc/dnf/dnf.conf’) }}” # Determines the path to the configuration file based on the major version of the distribution.
10| section: main # The section in the configuration file where the proxy setting will be added.
11| option: proxy # The option in the configuration file to set the proxy.
12| value: “{{ http_proxy | default(omit) }}” # The value for the proxy option, using the http_proxy variable or omitting if not defined.
13| state: “{{ http_proxy | default(False) | ternary(‘present’, ‘absent’) }}” # The state of the proxy setting, present if http_proxy is defined, otherwise absent.
14| no_extra_spaces: true # Ensures that no extra spaces are included in the configuration file.
15| mode: 0644 # Sets the file permissions to 0644.
16| become: true # The task requires root privileges.
17| when: not skip_http_proxy_on_os_packages # The task is only executed if the skip_http_proxy_on_os_packages is not set to true.
[params:]
path: /etc/dnf/dnf.conf
section: main
option: proxy
state: absent
no_extra_spaces: True
mode: 420
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ini_file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642256.6176965-22586-124692463853214/
_ansible_remote_tmp: ~/.ansible/tmp
section: main
option: proxy
state: absent
no_extra_spaces: True
mode: 420
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ini_file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642256.6176965-22586-124692463853214/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 5>
kubespray/roles/bootstrap-os/tasks/bootstrap-centos.yml #91
[ code and comment: ]
91|- name: Check presence of fastestmirror.conf # This task is named to check if the file fastestmirror.conf exists.
92| stat: # The ‘stat’ module is used to get information about the file.
93| path: /etc/yum/pluginconf.d/fastestmirror.conf # Specifies the path to the file to check.
94| get_attributes: no # Indicates not to retrieve the file attributes.
95| get_checksum: no # Indicates not to retrieve the file checksum.
96| get_mime: no # Indicates not to retrieve the file’s MIME type.
97| register: fastestmirror # The result of the stat operation will be stored in the ‘fastestmirror’ variable.
91|- name: Check presence of fastestmirror.conf # This task is named to check if the file fastestmirror.conf exists.
92| stat: # The ‘stat’ module is used to get information about the file.
93| path: /etc/yum/pluginconf.d/fastestmirror.conf # Specifies the path to the file to check.
94| get_attributes: no # Indicates not to retrieve the file attributes.
95| get_checksum: no # Indicates not to retrieve the file checksum.
96| get_mime: no # Indicates not to retrieve the file’s MIME type.
97| register: fastestmirror # The result of the stat operation will be stored in the ‘fastestmirror’ variable.
[params:]
path: /etc/yum/pluginconf.d/fastestmirror.conf
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642286.3840618-24185-135926824661667/
_ansible_remote_tmp: ~/.ansible/tmp
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642286.3840618-24185-135926824661667/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 6>
kubespray/roles/bootstrap-os/tasks/bootstrap-centos.yml #113
[ code and comment: ]
113|- name: Install libselinux python package # This task is named to install the libselinux python package.
114| package: # The package module is used to manage packages on the system.
115| name: “{{ ( (ansible_distribution_major_version | int) < 8) | ternary(‘libselinux-python’,’python3-libselinux’) }}” # The name of the package to install is determined based on the major version of the distribution. If the major version is less than 8, ‘libselinux-python’ is installed, otherwise ‘python3-libselinux’.
116| state: present # The state is set to ‘present’ to ensure the package is installed.
117| become: true # The task requires elevated privileges, hence ‘become’ is set to true to execute with root permissions.
113|- name: Install libselinux python package # This task is named to install the libselinux python package.
114| package: # The package module is used to manage packages on the system.
115| name: “{{ ( (ansible_distribution_major_version | int) < 8) | ternary(‘libselinux-python’,’python3-libselinux’) }}” # The name of the package to install is determined based on the major version of the distribution. If the major version is less than 8, ‘libselinux-python’ is installed, otherwise ‘python3-libselinux’.
116| state: present # The state is set to ‘present’ to ensure the package is installed.
117| become: true # The task requires elevated privileges, hence ‘become’ is set to true to execute with root permissions.
[params:]
name: python3-libselinux
state: present
state: present
<STEP: 7>
kubespray/roles/bootstrap-os/tasks/main.yml #42
[ code and comment: ]
42|- name: Create remote_tmp for it is used by another module # This task is named to create a remote temporary directory which is required by another module.
43| file: # The ‘file’ module is used to manage files and directories.
44| path: “{{ ansible_remote_tmp | default(‘~/.ansible/tmp’) }}” # The path for the directory is defined, with a default fallback to ‘~/.ansible/tmp’ if ‘ansible_remote_tmp’ is not set.
45| state: directory # Ensures that the specified path is a directory.
46| mode: 0700 # Sets the directory’s permissions to 0700, which is read, write, and execute permissions for the owner only.
42|- name: Create remote_tmp for it is used by another module # This task is named to create a remote temporary directory which is required by another module.
43| file: # The ‘file’ module is used to manage files and directories.
44| path: “{{ ansible_remote_tmp | default(‘~/.ansible/tmp’) }}” # The path for the directory is defined, with a default fallback to ‘~/.ansible/tmp’ if ‘ansible_remote_tmp’ is not set.
45| state: directory # Ensures that the specified path is a directory.
46| mode: 0700 # Sets the directory’s permissions to 0700, which is read, write, and execute permissions for the owner only.
[params:]
path: ~/.ansible/tmp
state: directory
mode: 448
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642415.2451587-30859-39757558046314/
_ansible_remote_tmp: ~/.ansible/tmp
state: directory
mode: 448
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642415.2451587-30859-39757558046314/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 8>
kubespray/roles/bootstrap-os/tasks/main.yml #50
[ code and comment: ]
50|- name: Gather host facts to get ansible_os_family # This task is named to gather host facts, specifically to retrieve the ‘ansible_os_family’ variable.
51| setup: # The ‘setup’ module is used to gather information about the system on which the task is run.
52| gather_subset: ‘!all’ # The ‘gather_subset’ option is set to ‘!all’ to negate the default behavior and gather only a subset of facts.
53| filter: ansible_* # The ‘filter’ option is used to specify that only facts that start with ‘ansible_’ should be gathered.
50|- name: Gather host facts to get ansible_os_family # This task is named to gather host facts, specifically to retrieve the ‘ansible_os_family’ variable.
51| setup: # The ‘setup’ module is used to gather information about the system on which the task is run.
52| gather_subset: ‘!all’ # The ‘gather_subset’ option is set to ‘!all’ to negate the default behavior and gather only a subset of facts.
53| filter: ansible_* # The ‘filter’ option is used to specify that only facts that start with ‘ansible_’ should be gathered.
[params:]
gather_subset: !all
filter: ansible_*
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: setup
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642434.3098886-31866-265638705868642/
_ansible_remote_tmp: ~/.ansible/tmp
filter: ansible_*
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: setup
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642434.3098886-31866-265638705868642/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 9>
kubespray/roles/bootstrap-os/tasks/main.yml #55
[ code and comment: ]
55|- name: Assign inventory name to unconfigured hostnames (non-CoreOS, non-Flatcar, Suse and ClearLinux, non-Fedora) # Assigns a hostname from inventory to systems that are not CoreOS, Flatcar, Suse, ClearLinux, or Fedora.
56| hostname: # The hostname module is used to set or change the system’s hostname.
57| name: “{{ inventory_hostname }}” # Sets the hostname to the value of the inventory_hostname variable.
58| when: # The task is only executed if the following conditions are met.
59| – override_system_hostname # A variable that, when true, allows overriding the system’s hostname.
60| – ansible_os_family not in [‘Suse’, ‘Flatcar’, ‘Flatcar Container Linux by Kinvolk’, ‘ClearLinux’] # Ensures the task is not run on Suse, Flatcar, or ClearLinux systems.
61| – not ansible_distribution == “Fedora” # Excludes Fedora from having its hostname overridden.
62| – not is_fedora_coreos # Ensures the task is not run on systems that are Fedora CoreOS.
55|- name: Assign inventory name to unconfigured hostnames (non-CoreOS, non-Flatcar, Suse and ClearLinux, non-Fedora) # Assigns a hostname from inventory to systems that are not CoreOS, Flatcar, Suse, ClearLinux, or Fedora.
56| hostname: # The hostname module is used to set or change the system’s hostname.
57| name: “{{ inventory_hostname }}” # Sets the hostname to the value of the inventory_hostname variable.
58| when: # The task is only executed if the following conditions are met.
59| – override_system_hostname # A variable that, when true, allows overriding the system’s hostname.
60| – ansible_os_family not in [‘Suse’, ‘Flatcar’, ‘Flatcar Container Linux by Kinvolk’, ‘ClearLinux’] # Ensures the task is not run on Suse, Flatcar, or ClearLinux systems.
61| – not ansible_distribution == “Fedora” # Excludes Fedora from having its hostname overridden.
62| – not is_fedora_coreos # Ensures the task is not run on systems that are Fedora CoreOS.
[params:]
name: test3
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: hostname
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642452.111304-344-21241785401700/
_ansible_remote_tmp: ~/.ansible/tmp
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: hostname
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642452.111304-344-21241785401700/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 10>
kubespray/roles/bootstrap-os/tasks/main.yml #94
[ code and comment: ]
94|- name: Ensure bash_completion.d folder exists # This task ensures that the bash_completion.d directory exists.
95| file: # The file module is used for managing files, directories, and links.
96| name: /etc/bash_completion.d/ # The path to the directory that needs to be managed.
97| state: directory # Ensures that the specified path is a directory.
98| owner: root # Sets the owner of the directory to root.
99| group: root # Sets the group ownership of the directory to root.
100| mode: 0755 # Sets the permissions of the directory to 0755, which allows the owner full permissions, group and others read and execute permissions.
94|- name: Ensure bash_completion.d folder exists # This task ensures that the bash_completion.d directory exists.
95| file: # The file module is used for managing files, directories, and links.
96| name: /etc/bash_completion.d/ # The path to the directory that needs to be managed.
97| state: directory # Ensures that the specified path is a directory.
98| owner: root # Sets the owner of the directory to root.
99| group: root # Sets the group ownership of the directory to root.
100| mode: 0755 # Sets the permissions of the directory to 0755, which allows the owner full permissions, group and others read and execute permissions.
[params:]
name: /etc/bash_completion.d/
state: directory
owner: root
group: root
mode: 493
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642476.0681832-1651-47771645735141/
_ansible_remote_tmp: ~/.ansible/tmp
state: directory
owner: root
group: root
mode: 493
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642476.0681832-1651-47771645735141/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 11>
kubespray/playbooks/facts.yml #29
[ code and comment: ]
29| – name: Gather necessary facts (network) # This task is named to gather only the network-related facts.
30| setup: # The ‘setup’ module is used to gather facts about the system.
31| gather_subset: ‘!all,!min,network’ # This option specifies to gather only the ‘network’ facts, excluding ‘all’ and ‘min’ subsets.
32| filter: “ansible_*_ipv[46]*” # This filter is applied to select only facts that match the pattern, which in this case is related to IPv4 and IPv6 addresses.
29| – name: Gather necessary facts (network) # This task is named to gather only the network-related facts.
30| setup: # The ‘setup’ module is used to gather facts about the system.
31| gather_subset: ‘!all,!min,network’ # This option specifies to gather only the ‘network’ facts, excluding ‘all’ and ‘min’ subsets.
32| filter: “ansible_*_ipv[46]*” # This filter is applied to select only facts that match the pattern, which in this case is related to IPv4 and IPv6 addresses.
[params:]
gather_subset: !all,!min,network
filter: ansible_*_ipv[46]*
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: setup
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642499.5156522-3137-205620002257081/
_ansible_remote_tmp: ~/.ansible/tmp
filter: ansible_*_ipv[46]*
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: setup
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642499.5156522-3137-205620002257081/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 12>
kubespray/playbooks/facts.yml #37
[ code and comment: ]
37| – name: Gather necessary facts (hardware) # This task is named to gather specific hardware-related facts from the system.
38| setup: # The setup module is used to gather facts about the system.
39| gather_subset: ‘!all,!min,hardware’ # This option specifies that only the ‘hardware’ subset of facts should be gathered, excluding ‘all’ and ‘min’.
40| filter: “ansible_*total_mb” # This filter specifies that only facts with keys that match the pattern ‘ansible_*total_mb’ should be included in the gathered facts.
37| – name: Gather necessary facts (hardware) # This task is named to gather specific hardware-related facts from the system.
38| setup: # The setup module is used to gather facts about the system.
39| gather_subset: ‘!all,!min,hardware’ # This option specifies that only the ‘hardware’ subset of facts should be gathered, excluding ‘all’ and ‘min’.
40| filter: “ansible_*total_mb” # This filter specifies that only facts with keys that match the pattern ‘ansible_*total_mb’ should be included in the gathered facts.
[params:]
gather_subset: !all,!min,hardware
filter: ansible_*total_mb
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: setup
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642516.1441417-4049-127803497571242/
_ansible_remote_tmp: ~/.ansible/tmp
filter: ansible_*total_mb
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: setup
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642516.1441417-4049-127803497571242/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 13>
kubespray/roles/kubernetes/preinstall/tasks/0010-swapoff.yml #12
[ code and comment: ]
12|- name: check swap # This task is named to check the status of swap on the system.
13| command: /sbin/swapon -s # The command module is used here to execute the ‘swapon -s’ command, which reports the current swap space usage.
14| register: swapon # The output of the command is registered to a variable named ‘swapon’ for later use.
15| changed_when: no # This flag ensures that the task is always considered unchanged, regardless of the command’s output.
12|- name: check swap # This task is named to check the status of swap on the system.
13| command: /sbin/swapon -s # The command module is used here to execute the ‘swapon -s’ command, which reports the current swap space usage.
14| register: swapon # The output of the command is registered to a variable named ‘swapon’ for later use.
15| changed_when: no # This flag ensures that the task is always considered unchanged, regardless of the command’s output.
[params:]
_raw_params: /sbin/swapon -s
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ansible.legacy.command
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642557.4197576-6489-162053332755449/
_ansible_remote_tmp: ~/.ansible/tmp
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ansible.legacy.command
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642557.4197576-6489-162053332755449/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 14>
kubespray/roles/kubernetes/preinstall/tasks/0020-set_facts.yml #24
[ code and comment: ]
24|- name: check if booted with ostree # This task is named to check if the system has booted using ostree.
25| stat: # The ‘stat’ module is used to gather information about a file or directory.
26| path: /run/ostree-booted # The path to the file that is being checked.
27| get_attributes: no # This option is set to ‘no’ to indicate that file attributes should not be retrieved.
28| get_checksum: no # This option is set to ‘no’ to indicate that the checksum of the file should not be retrieved.
29| get_mime: no # This option is set to ‘no’ to indicate that the MIME type of the file should not be retrieved.
30| register: ostree # The result of the ‘stat’ module will be stored in the variable ‘ostree’.
24|- name: check if booted with ostree # This task is named to check if the system has booted using ostree.
25| stat: # The ‘stat’ module is used to gather information about a file or directory.
26| path: /run/ostree-booted # The path to the file that is being checked.
27| get_attributes: no # This option is set to ‘no’ to indicate that file attributes should not be retrieved.
28| get_checksum: no # This option is set to ‘no’ to indicate that the checksum of the file should not be retrieved.
29| get_mime: no # This option is set to ‘no’ to indicate that the MIME type of the file should not be retrieved.
30| register: ostree # The result of the ‘stat’ module will be stored in the variable ‘ostree’.
[params:]
path: /run/ostree-booted
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642576.5248625-7488-133739276387859/
_ansible_remote_tmp: ~/.ansible/tmp
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642576.5248625-7488-133739276387859/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 15>
kubespray/roles/kubernetes/preinstall/tasks/0020-set_facts.yml #95
[ code and comment: ]
95|- name: NetworkManager # This task is named to check if NetworkManager is installed and active on the host.
96| # noqa 303 Should we use service_facts for this? # This comment suggests that there is a discussion or consideration about whether to use the ‘service_facts’ module instead of the ‘systemctl’ command.
97| command: systemctl is-active –quiet NetworkManager.service # The command module is used here to run the ‘systemctl’ command to check if the NetworkManager service is active.
98| register: networkmanager_enabled # The output of the command is stored in the ‘networkmanager_enabled’ variable for later use.
99| failed_when: false # This ensures that the task will never report a failure, regardless of the command’s exit status.
100| changed_when: false # This ensures that the task will never report a change, indicating that it does not make any modifications to the system.
101| check_mode: false # This tells Ansible that this task should not be run in check mode, which means it will execute the command instead of just simulating it.
95|- name: NetworkManager # This task is named to check if NetworkManager is installed and active on the host.
96| # noqa 303 Should we use service_facts for this? # This comment suggests that there is a discussion or consideration about whether to use the ‘service_facts’ module instead of the ‘systemctl’ command.
97| command: systemctl is-active –quiet NetworkManager.service # The command module is used here to run the ‘systemctl’ command to check if the NetworkManager service is active.
98| register: networkmanager_enabled # The output of the command is stored in the ‘networkmanager_enabled’ variable for later use.
99| failed_when: false # This ensures that the task will never report a failure, regardless of the command’s exit status.
100| changed_when: false # This ensures that the task will never report a change, indicating that it does not make any modifications to the system.
101| check_mode: false # This tells Ansible that this task should not be run in check mode, which means it will execute the command instead of just simulating it.
[params:]
_raw_params: systemctl is-active –quiet NetworkManager.service
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ansible.legacy.command
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642619.7917168-9988-112438307632560/
_ansible_remote_tmp: ~/.ansible/tmp
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ansible.legacy.command
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642619.7917168-9988-112438307632560/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 16>
kubespray/roles/kubernetes/preinstall/tasks/0020-set_facts.yml #103
[ code and comment: ]
103|- name: check systemd-resolved # This task is named to check the status of the systemd-resolved service.
104| # noqa 303 Should we use service_facts for this? # This comment suggests that there is a consideration about whether to use the service_facts module instead.
105| command: systemctl is-active systemd-resolved # The command module is used to run a command that checks if systemd-resolved is active.
106| register: systemd_resolved_enabled # The command’s output is stored in the variable systemd_resolved_enabled.
107| failed_when: false # This ensures that the task will not be marked as failed regardless of the command’s outcome.
108| changed_when: false # This ensures that the task will not be marked as changed regardless of the command’s outcome.
109| check_mode: no # This specifies that the task should not be run in check mode, which means it will perform the actual action instead of a dry run.
103|- name: check systemd-resolved # This task is named to check the status of the systemd-resolved service.
104| # noqa 303 Should we use service_facts for this? # This comment suggests that there is a consideration about whether to use the service_facts module instead.
105| command: systemctl is-active systemd-resolved # The command module is used to run a command that checks if systemd-resolved is active.
106| register: systemd_resolved_enabled # The command’s output is stored in the variable systemd_resolved_enabled.
107| failed_when: false # This ensures that the task will not be marked as failed regardless of the command’s outcome.
108| changed_when: false # This ensures that the task will not be marked as changed regardless of the command’s outcome.
109| check_mode: no # This specifies that the task should not be run in check mode, which means it will perform the actual action instead of a dry run.
[params:]
_raw_params: systemctl is-active systemd-resolved
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ansible.legacy.command
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642639.462811-11036-248730951510072/
_ansible_remote_tmp: ~/.ansible/tmp
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ansible.legacy.command
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642639.462811-11036-248730951510072/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 17>
kubespray/roles/kubernetes/preinstall/tasks/0020-set_facts.yml #168
[ code and comment: ]
168|- name: check if /etc/dhcp/dhclient.conf exists # This task is named to check for the existence of the file /etc/dhcp/dhclient.conf.
169| stat: # The ‘stat’ module is used to gather information about the file.
170| path: /etc/dhcp/dhclient.conf # Specifies the path to the file that will be checked.
171| get_attributes: no # Indicates that file attributes should not be retrieved.
172| get_checksum: no # Indicates that the file checksum should not be retrieved.
173| get_mime: no # Indicates that the file’s MIME type should not be retrieved.
174| register: dhcp_dhclient_stat # The variable ‘dhcp_dhclient_stat’ will hold the result of the ‘stat’ module.
168|- name: check if /etc/dhcp/dhclient.conf exists # This task is named to check for the existence of the file /etc/dhcp/dhclient.conf.
169| stat: # The ‘stat’ module is used to gather information about the file.
170| path: /etc/dhcp/dhclient.conf # Specifies the path to the file that will be checked.
171| get_attributes: no # Indicates that file attributes should not be retrieved.
172| get_checksum: no # Indicates that the file checksum should not be retrieved.
173| get_mime: no # Indicates that the file’s MIME type should not be retrieved.
174| register: dhcp_dhclient_stat # The variable ‘dhcp_dhclient_stat’ will hold the result of the ‘stat’ module.
[params:]
path: /etc/dhcp/dhclient.conf
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642676.8299215-13136-68095510686394/
_ansible_remote_tmp: ~/.ansible/tmp
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642676.8299215-13136-68095510686394/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 18>
kubespray/roles/kubernetes/preinstall/tasks/0020-set_facts.yml #181
[ code and comment: ]
181|- name: target dhclient hook file for Red Hat family # This task is named to specify the file path for the dhclient hook for systems in the Red Hat family.
182| set_fact: # This module is used to set a variable for later use in the playbook.
183| dhclienthookfile: /etc/dhcp/dhclient.d/zdnsupdate.sh # The variable ‘dhclienthookfile’ is set to the path of the dhclient hook script for DNS updates.
184| when: ansible_os_family == “RedHat” # The task is only executed if the target system belongs to the ‘RedHat’ family, as determined by the ‘ansible_os_family’ fact.
181|- name: target dhclient hook file for Red Hat family # This task is named to specify the file path for the dhclient hook for systems in the Red Hat family.
182| set_fact: # This module is used to set a variable for later use in the playbook.
183| dhclienthookfile: /etc/dhcp/dhclient.d/zdnsupdate.sh # The variable ‘dhclienthookfile’ is set to the path of the dhclient hook script for DNS updates.
184| when: ansible_os_family == “RedHat” # The task is only executed if the target system belongs to the ‘RedHat’ family, as determined by the ‘ansible_os_family’ fact.
[params:]
dhclienthookfile: /etc/dhcp/dhclient.d/zdnsupdate.sh
<STEP: 19>
kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml #25
[ code and comment: ]
25|- name: Stop if the os does not support # This task is named to stop the execution if the operating system does not support the required setup.
26| assert: # The assert module is used to make sure that certain conditions are met before proceeding.
27| that: (allow_unsupported_distribution_setup | default(false)) or ansible_distribution in supported_os_distributions # The condition checks if either the setup is allowed for unsupported distributions or if the current distribution is in the list of supported ones.
28| msg: “{{ ansible_distribution }} is not a known OS” # The message that will be displayed if the assertions fail, indicating that the current OS is not recognized.
29| when: not ignore_assert_errors # The task will only run if the variable ‘ignore_assert_errors’ is not set to true, ensuring that assertion errors are not ignored.
25|- name: Stop if the os does not support # This task is named to stop the execution if the operating system does not support the required setup.
26| assert: # The assert module is used to make sure that certain conditions are met before proceeding.
27| that: (allow_unsupported_distribution_setup | default(false)) or ansible_distribution in supported_os_distributions # The condition checks if either the setup is allowed for unsupported distributions or if the current distribution is in the list of supported ones.
28| msg: “{{ ansible_distribution }} is not a known OS” # The message that will be displayed if the assertions fail, indicating that the current OS is not recognized.
29| when: not ignore_assert_errors # The task will only run if the variable ‘ignore_assert_errors’ is not set to true, ensuring that assertion errors are not ignored.
[params:]
that: (allow_unsupported_distribution_setup | default(false)) or ansible_distribution in supported_os_distributions
msg: CentOS is not a known OS
msg: CentOS is not a known OS
<STEP: 20>
kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml #31
[ code and comment: ]
31|- name: Stop if unknown network plugin # This task is named to stop the process if an unknown network plugin is specified.
32| assert: # The assert module is used to make sure that the condition is met.
33| that: kube_network_plugin in [‘calico’, ‘flannel’, ‘weave’, ‘cloud’, ‘cilium’, ‘cni’, ‘kube-ovn’, ‘kube-router’, ‘macvlan’, ‘custom_cni’] # Ensures that the kube_network_plugin is one of the listed supported plugins.
34| msg: “{{ kube_network_plugin }} is not supported” # The message to be displayed if the assertion fails, indicating the plugin is not supported.
35| when: # Defines the conditions under which the assertion should be performed.
36| – kube_network_plugin is defined # The first condition checks if the kube_network_plugin variable is defined.
37| – not ignore_assert_errors # The second condition ensures that the assertion will not be ignored even if errors are present.
31|- name: Stop if unknown network plugin # This task is named to stop the process if an unknown network plugin is specified.
32| assert: # The assert module is used to make sure that the condition is met.
33| that: kube_network_plugin in [‘calico’, ‘flannel’, ‘weave’, ‘cloud’, ‘cilium’, ‘cni’, ‘kube-ovn’, ‘kube-router’, ‘macvlan’, ‘custom_cni’] # Ensures that the kube_network_plugin is one of the listed supported plugins.
34| msg: “{{ kube_network_plugin }} is not supported” # The message to be displayed if the assertion fails, indicating the plugin is not supported.
35| when: # Defines the conditions under which the assertion should be performed.
36| – kube_network_plugin is defined # The first condition checks if the kube_network_plugin variable is defined.
37| – not ignore_assert_errors # The second condition ensures that the assertion will not be ignored even if errors are present.
[params:]
that: kube_network_plugin in [‘calico’, ‘flannel’, ‘weave’, ‘cloud’, ‘cilium’, ‘cni’, ‘kube-ovn’, ‘kube-router’, ‘macvlan’, ‘custom_cni’]
msg: calico is not supported
msg: calico is not supported
<STEP: 21>
kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml #164
[ code and comment: ]
164|- name: “Check that kube_service_addresses is a network range” # This task is named to verify that the variable ‘kube_service_addresses’ is a valid network range.
165| assert: # The assert module is used to check if a condition is true.
166| that: # The condition(s) that must be true for the assertion to pass.
167| – kube_service_addresses | ipaddr(‘net’) # Checks if ‘kube_service_addresses’ is a valid network using the ipaddr filter.
168| msg: “kube_service_addresses = ‘{{ kube_service_addresses }}’ is not a valid network range” # The error message that will be displayed if the condition is not met.
169| run_once: yes # This task will run only once, regardless of how many hosts are targeted.
164|- name: “Check that kube_service_addresses is a network range” # This task is named to verify that the variable ‘kube_service_addresses’ is a valid network range.
165| assert: # The assert module is used to check if a condition is true.
166| that: # The condition(s) that must be true for the assertion to pass.
167| – kube_service_addresses | ipaddr(‘net’) # Checks if ‘kube_service_addresses’ is a valid network using the ipaddr filter.
168| msg: “kube_service_addresses = ‘{{ kube_service_addresses }}’ is not a valid network range” # The error message that will be displayed if the condition is not met.
169| run_once: yes # This task will run only once, regardless of how many hosts are targeted.
[params:]
that: [“kube_service_addresses | ipaddr(‘net’)”]
msg: kube_service_addresses = ‘10.233.0.0/18’ is not a valid network range
msg: kube_service_addresses = ‘10.233.0.0/18’ is not a valid network range
<STEP: 22>
kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml #171
[ code and comment: ]
171|- name: “Check that kube_pods_subnet is a network range” # This task is named to verify that the ‘kube_pods_subnet’ variable is a valid network range.
172| assert: # The assert module is used to check if certain conditions are met.
173| that: # The conditions that must be true for the assertion to pass.
174| – kube_pods_subnet | ipaddr(‘net’) # This condition checks if ‘kube_pods_subnet’ is a valid network range using the ipaddr filter.
175| msg: “kube_pods_subnet = ‘{{ kube_pods_subnet }}’ is not a valid network range” # The message that will be displayed if the assertion fails, indicating that the ‘kube_pods_subnet’ is not a valid network range.
176| run_once: yes # This task will only be executed once, regardless of how many hosts it is run against.
171|- name: “Check that kube_pods_subnet is a network range” # This task is named to verify that the ‘kube_pods_subnet’ variable is a valid network range.
172| assert: # The assert module is used to check if certain conditions are met.
173| that: # The conditions that must be true for the assertion to pass.
174| – kube_pods_subnet | ipaddr(‘net’) # This condition checks if ‘kube_pods_subnet’ is a valid network range using the ipaddr filter.
175| msg: “kube_pods_subnet = ‘{{ kube_pods_subnet }}’ is not a valid network range” # The message that will be displayed if the assertion fails, indicating that the ‘kube_pods_subnet’ is not a valid network range.
176| run_once: yes # This task will only be executed once, regardless of how many hosts it is run against.
[params:]
that: [“kube_pods_subnet | ipaddr(‘net’)”]
msg: kube_pods_subnet = ‘10.233.64.0/18’ is not a valid network range
msg: kube_pods_subnet = ‘10.233.64.0/18’ is not a valid network range
<STEP: 23>
kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml #227
[ code and comment: ]
227|- name: Stop if container manager is not docker, crio or containerd # This task is named to stop the play if the container manager is not one of the specified types.
228| assert: # The assert module is used to validate that a condition is true.
229| that: container_manager in [‘docker’, ‘crio’, ‘containerd’] # The condition checks if the variable ‘container_manager’ is within the specified list of valid container managers.
230| msg: “The container manager, ‘container_manager’, must be docker, crio or containerd” # The error message to display if the condition fails, indicating the required container manager types.
231| run_once: true # This flag ensures that the task is only executed once, regardless of how many hosts are targeted.
227|- name: Stop if container manager is not docker, crio or containerd # This task is named to stop the play if the container manager is not one of the specified types.
228| assert: # The assert module is used to validate that a condition is true.
229| that: container_manager in [‘docker’, ‘crio’, ‘containerd’] # The condition checks if the variable ‘container_manager’ is within the specified list of valid container managers.
230| msg: “The container manager, ‘container_manager’, must be docker, crio or containerd” # The error message to display if the condition fails, indicating the required container manager types.
231| run_once: true # This flag ensures that the task is only executed once, regardless of how many hosts are targeted.
[params:]
that: container_manager in [‘docker’, ‘crio’, ‘containerd’]
msg: The container manager, ‘container_manager’, must be docker, crio or containerd
msg: The container manager, ‘container_manager’, must be docker, crio or containerd
<STEP: 24>
kubespray/roles/kubernetes/preinstall/tasks/0040-verify-settings.yml #233
yaml
233|- name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker # Asserts that the etcd deployment type must be either ‘host’ or ‘kubeadm’ when the container manager is not Docker.
234| assert: # The assert module is used to evaluate conditions and handle failures.
235| that: etcd_deployment_type in [‘host’, ‘kubeadm’] # Checks if the etcd deployment type is one of the specified valid types.
236| msg: “The etcd deployment type, ‘etcd_deployment_type’, must be host or kubeadm when container_manager is not docker” # Error message to display if the condition fails.
237| when: # The following conditions must be met for the assertion to be evaluated.
238| – inventory_hostname in groups.get(‘etcd’,[]) # Ensures the assertion is only evaluated for hosts in the ‘etcd’ group.
239| – container_manager != ‘docker’ # The assertion is only relevant when the container manager is not Docker.
[params:]
that: etcd_deployment_type in [‘host’, ‘kubeadm’]
msg: The etcd deployment type, ‘etcd_deployment_type’, must be host or kubeadm when container_manager is not docker
msg: The etcd deployment type, ‘etcd_deployment_type’, must be host or kubeadm when container_manager is not docker
<STEP: 25>
kubespray/roles/kubernetes/preinstall/tasks/0050-create_directories.yml #70
[ code and comment: ]
70|- name: Create cni directories # This task is named to create the necessary directories for CNI plugins.
71| file: # The file module is used for managing files, directories, and links.
72| path: “{{ item }}” # The path is dynamically set to each item in the with_items list.
73| state: directory # Ensures that the path is a directory.
74| owner: “{{ kube_owner }}” # Sets the owner of the directory to the specified kube_owner variable.
75| mode: 0755 # Sets the permissions of the directory to 0755 (readable and writable by owner, readable by others).
76| with_items: # Loops over the list of directory paths.
77| – “/etc/cni/net.d” # The first directory to be created for CNI configuration files.
78| – “/opt/cni/bin” # The second directory for CNI binary files.
79| – “/var/lib/calico” # The third directory for Calico-specific files.
80| when: # Conditions under which this task will be executed.
81| – kube_network_plugin in [“calico”, “weave”, “flannel”, “cilium”, “kube-ovn”, “kube-router”, “macvlan”] # The task will only run if the kube_network_plugin is one of the listed network plugins.
82| – inventory_hostname in groups[‘k8s_cluster’] # The task will also only run if the inventory_hostname is part of the ‘k8s_cluster’ group.
83| tags: # Tags are used to categorize tasks.
84| – network # The task is tagged with ‘network’, indicating it’s related to network configuration.
85| – cilium # The task is also tagged with ‘cilium’, indicating it’s related to the Cilium network plugin.
86| – calico # The task is tagged with ‘calico’, indicating it’s related to the Calico network plugin.
87| – weave # The task is tagged with ‘weave’, indicating it’s related to the Weave network plugin.
88| – kube-ovn # The task is tagged with ‘kube-ovn’, indicating it’s related to the kube-ovn network plugin.
89| – kube-router # The task is tagged with ‘kube-router’, indicating it’s related to the kube-router network plugin.
90| – bootstrap-os # The task is tagged with ‘bootstrap-os’, possibly indicating it’s part of the OS bootstrapping process.
70|- name: Create cni directories # This task is named to create the necessary directories for CNI plugins.
71| file: # The file module is used for managing files, directories, and links.
72| path: “{{ item }}” # The path is dynamically set to each item in the with_items list.
73| state: directory # Ensures that the path is a directory.
74| owner: “{{ kube_owner }}” # Sets the owner of the directory to the specified kube_owner variable.
75| mode: 0755 # Sets the permissions of the directory to 0755 (readable and writable by owner, readable by others).
76| with_items: # Loops over the list of directory paths.
77| – “/etc/cni/net.d” # The first directory to be created for CNI configuration files.
78| – “/opt/cni/bin” # The second directory for CNI binary files.
79| – “/var/lib/calico” # The third directory for Calico-specific files.
80| when: # Conditions under which this task will be executed.
81| – kube_network_plugin in [“calico”, “weave”, “flannel”, “cilium”, “kube-ovn”, “kube-router”, “macvlan”] # The task will only run if the kube_network_plugin is one of the listed network plugins.
82| – inventory_hostname in groups[‘k8s_cluster’] # The task will also only run if the inventory_hostname is part of the ‘k8s_cluster’ group.
83| tags: # Tags are used to categorize tasks.
84| – network # The task is tagged with ‘network’, indicating it’s related to network configuration.
85| – cilium # The task is also tagged with ‘cilium’, indicating it’s related to the Cilium network plugin.
86| – calico # The task is tagged with ‘calico’, indicating it’s related to the Calico network plugin.
87| – weave # The task is tagged with ‘weave’, indicating it’s related to the Weave network plugin.
88| – kube-ovn # The task is tagged with ‘kube-ovn’, indicating it’s related to the kube-ovn network plugin.
89| – kube-router # The task is tagged with ‘kube-router’, indicating it’s related to the kube-router network plugin.
90| – bootstrap-os # The task is tagged with ‘bootstrap-os’, possibly indicating it’s part of the OS bootstrapping process.
[params:]
path: {{ item }}
state: directory
owner: {{ kube_owner }}
mode: 493
state: directory
owner: {{ kube_owner }}
mode: 493
<STEP: 26>
kubespray/roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml #2
[ code and comment: ]
2|- name: NetworkManager # Ensure NetworkManager conf.d directory is present
3| file: # The file module is used for managing files, directories, and links.
4| path: “/etc/NetworkManager/conf.d” # Specifies the path to the directory to manage.
5| state: directory # Ensures the specified path is a directory.
6| recurse: yes # Recursively applies the state to all directories and files within the specified path.
2|- name: NetworkManager # Ensure NetworkManager conf.d directory is present
3| file: # The file module is used for managing files, directories, and links.
4| path: “/etc/NetworkManager/conf.d” # Specifies the path to the directory to manage.
5| state: directory # Ensures the specified path is a directory.
6| recurse: yes # Recursively applies the state to all directories and files within the specified path.
[params:]
path: /etc/NetworkManager/conf.d
state: directory
recurse: True
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642952.949568-28094-50677966811571/
_ansible_remote_tmp: ~/.ansible/tmp
state: directory
recurse: True
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642952.949568-28094-50677966811571/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 27>
kubespray/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml #14
[ code and comment: ]
14|- name: set default dns if remove_default_searchdomains is false # This task sets the default search domains if the variable remove_default_searchdomains is not set to true.
15| set_fact: # The set_fact module is used to set new variables or modify existing ones.
16| default_searchdomains: [“default.svc.{{ dns_domain }}”, “svc.{{ dns_domain }}”] # Defines a list of default search domains using the dns_domain variable.
17| when: not remove_default_searchdomains|default()|bool or (remove_default_searchdomains|default()|bool and searchdomains|default([])|length==0) # The condition checks if remove_default_searchdomains is not true or if it is true and the searchdomains list is empty, then it sets the default search domains.
14|- name: set default dns if remove_default_searchdomains is false # This task sets the default search domains if the variable remove_default_searchdomains is not set to true.
15| set_fact: # The set_fact module is used to set new variables or modify existing ones.
16| default_searchdomains: [“default.svc.{{ dns_domain }}”, “svc.{{ dns_domain }}”] # Defines a list of default search domains using the dns_domain variable.
17| when: not remove_default_searchdomains|default()|bool or (remove_default_searchdomains|default()|bool and searchdomains|default([])|length==0) # The condition checks if remove_default_searchdomains is not true or if it is true and the searchdomains list is empty, then it sets the default search domains.
[params:]
default_searchdomains: [‘default.svc.cluster.local’, ‘svc.cluster.local’]
<STEP: 28>
kubespray/roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml #19
[ code and comment: ]
19|- name: NetworkManager | Add DNS search to NM configuration # This task is named to add DNS search entries to the NetworkManager configuration.
20| ini_file: # The ini_file module is used for managing INI-style configuration files.
21| path: /etc/NetworkManager/conf.d/dns.conf # Specifies the path to the configuration file where the DNS search entries will be added.
22| section: global-dns # Identifies the section in the configuration file where the DNS search entries will be added.
23| option: searches # Specifies the option within the section where the DNS search entries will be set.
24| value: “{{ (default_searchdomains|default([]) + searchdomains|default([])) | join(‘,’) }}” # Defines the value for the DNS search entries, combining default and provided search domains into a comma-separated list.
25| mode: ‘0600’ # Sets the file permissions to be read and writable only by the owner.
26| backup: yes # Ensures a backup of the original configuration file is made before modifications.
27| notify: Preinstall | update resolvconf for networkmanager # Specifies a handler to be notified to run after the task, which will update the resolvconf for NetworkManager.
19|- name: NetworkManager | Add DNS search to NM configuration # This task is named to add DNS search entries to the NetworkManager configuration.
20| ini_file: # The ini_file module is used for managing INI-style configuration files.
21| path: /etc/NetworkManager/conf.d/dns.conf # Specifies the path to the configuration file where the DNS search entries will be added.
22| section: global-dns # Identifies the section in the configuration file where the DNS search entries will be added.
23| option: searches # Specifies the option within the section where the DNS search entries will be set.
24| value: “{{ (default_searchdomains|default([]) + searchdomains|default([])) | join(‘,’) }}” # Defines the value for the DNS search entries, combining default and provided search domains into a comma-separated list.
25| mode: ‘0600’ # Sets the file permissions to be read and writable only by the owner.
26| backup: yes # Ensures a backup of the original configuration file is made before modifications.
27| notify: Preinstall | update resolvconf for networkmanager # Specifies a handler to be notified to run after the task, which will update the resolvconf for NetworkManager.
[params:]
path: /etc/NetworkManager/conf.d/dns.conf
section: global-dns
option: searches
value: default.svc.cluster.local,svc.cluster.local
mode: 0600
backup: True
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ini_file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642998.8344269-30639-100383611787964/
_ansible_remote_tmp: ~/.ansible/tmp
section: global-dns
option: searches
value: default.svc.cluster.local,svc.cluster.local
mode: 0600
backup: True
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: ini_file
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717642998.8344269-30639-100383611787964/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 29>
kubespray/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml #3
[ code and comment: ]
3|- name: Confirm selinux deployed # This task is named to confirm that SELinux is deployed.
4| stat: # The ‘stat’ module is used to retrieve information about the specified file or directory.
5| path: /etc/selinux/config # The path to the SELinux configuration file.
6| get_attributes: no # This option specifies that the file attributes should not be retrieved.
7| get_checksum: no # This option specifies that the file checksum should not be retrieved.
8| get_mime: no # This option specifies that the file MIME type should not be retrieved.
9| when: # The ‘when’ clause is used to conditionally execute the task.
10| – ansible_os_family == “RedHat” # The task will only run if the operating system family is RedHat.
11| – “‘Amazon’ not in ansible_distribution” # The task will only run if ‘Amazon’ is not part of the distribution name.
12| register: slc # The output of the ‘stat’ module will be stored in the ‘slc’ variable for use in subsequent tasks.
3|- name: Confirm selinux deployed # This task is named to confirm that SELinux is deployed.
4| stat: # The ‘stat’ module is used to retrieve information about the specified file or directory.
5| path: /etc/selinux/config # The path to the SELinux configuration file.
6| get_attributes: no # This option specifies that the file attributes should not be retrieved.
7| get_checksum: no # This option specifies that the file checksum should not be retrieved.
8| get_mime: no # This option specifies that the file MIME type should not be retrieved.
9| when: # The ‘when’ clause is used to conditionally execute the task.
10| – ansible_os_family == “RedHat” # The task will only run if the operating system family is RedHat.
11| – “‘Amazon’ not in ansible_distribution” # The task will only run if ‘Amazon’ is not part of the distribution name.
12| register: slc # The output of the ‘stat’ module will be stored in the ‘slc’ variable for use in subsequent tasks.
[params:]
path: /etc/selinux/config
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717643037.2119532-377-150187025559707/
_ansible_remote_tmp: ~/.ansible/tmp
get_attributes: False
get_checksum: False
get_mime: False
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: stat
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717643037.2119532-377-150187025559707/
_ansible_remote_tmp: ~/.ansible/tmp
<STEP: 30>
kubespray/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml #14
[ code and comment: ]
14|- name: Set selinux policy # This task is named to set the SELinux policy to a specific state.
15| selinux: # The selinux module is used to manage SELinux policies and settings.
16| policy: targeted # The ‘targeted’ policy specifies the targeted SELinux policy type.
17| state: “{{ preinstall_selinux_state }}” # The state of SELinux is set based on the variable ‘preinstall_selinux_state’.
18| when: # Conditions under which the task will be executed.
19| – ansible_os_family == “RedHat” # The task will only run if the operating system family is RedHat.
20| – “‘Amazon’ not in ansible_distribution” # The task will not run if the distribution is Amazon Linux.
21| – slc.stat.exists # The task will run if the file referenced by ‘slc’ exists.
22| changed_when: False # This flag indicates that the task will not change the state of the system.
23| tags: # Tags are used to categorize tasks for selective execution.
24| – bootstrap-os # The task is tagged with ‘bootstrap-os’, which can be used to run only this task or a group of tasks with this tag.
14|- name: Set selinux policy # This task is named to set the SELinux policy to a specific state.
15| selinux: # The selinux module is used to manage SELinux policies and settings.
16| policy: targeted # The ‘targeted’ policy specifies the targeted SELinux policy type.
17| state: “{{ preinstall_selinux_state }}” # The state of SELinux is set based on the variable ‘preinstall_selinux_state’.
18| when: # Conditions under which the task will be executed.
19| – ansible_os_family == “RedHat” # The task will only run if the operating system family is RedHat.
20| – “‘Amazon’ not in ansible_distribution” # The task will not run if the distribution is Amazon Linux.
21| – slc.stat.exists # The task will run if the file referenced by ‘slc’ exists.
22| changed_when: False # This flag indicates that the task will not change the state of the system.
23| tags: # Tags are used to categorize tasks for selective execution.
24| – bootstrap-os # The task is tagged with ‘bootstrap-os’, which can be used to run only this task or a group of tasks with this tag.
[params:]
policy: targeted
state: permissive
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: selinux
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717643061.7674525-1641-527885090576/
_ansible_remote_tmp: ~/.ansible/tmp
state: permissive
_ansible_check_mode: False
_ansible_no_log: False
_ansible_debug: False
_ansible_diff: False
_ansible_verbosity: 0
_ansible_version: 2.12.10
_ansible_module_name: selinux
_ansible_syslog_facility: LOG_USER
_ansible_selinux_special_fs: [‘fuse’, ‘nfs’, ‘vboxsf’, ‘ramfs’, ‘9p’, ‘vfat’]
_ansible_string_conversion_action: warn
_ansible_socket: None
_ansible_shell_executable: /bin/sh
_ansible_keep_remote_files: False
_ansible_tmpdir: /root/.ansible/tmp/ansible-tmp-1717643061.7674525-1641-527885090576/
_ansible_remote_tmp: ~/.ansible/tmp
