Upgrade ansible (#10190)

* project: update all dependencies including ansible Upgrade to ansible 7.x and ansible-core 2.14.x. There seems to be issue with ansible 8/ansible-core 2.15 so we remain on those versions for now. It's quite a big bump already anyway. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * tests: install aws galaxy collection Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * ansible-lint: disable various rules after ansible upgrade Temporarily disable a bunch of linting action following ansible upgrade. Those should be taken care of separately. Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve deprecated-module ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve no-free-form ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[meta] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[playbook] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve schema[tasks] ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-file-permissions ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve risky-shell-pipe ansible-lint error Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: remove deprecated warn args Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use fqcn for non builtin tasks Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: resolve syntax-check[missing-file] for contrib playbook Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * project: use arithmetic inside jinja to fix ansible 6 upgrade Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2026-02-28 09:39:12 +03:00 · 2023-06-26 12:15:45 +02:00
parent 3311e0a296
commit 25cb90bc2d
81 changed files with 345 additions and 207 deletions
--- a/roles/recover_control_plane/etcd/tasks/main.yml
+++ b/roles/recover_control_plane/etcd/tasks/main.yml
@@ -6,25 +6,25 @@
  changed_when: false
  check_mode: no
  environment:
-    ETCDCTL_API: 3
+    ETCDCTL_API: "3"
    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']

 - name: Set healthy fact
  set_fact:
    healthy: "{{ etcd_endpoint_health.stderr is match('Error: unhealthy cluster') }}"
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']

 - name: Set has_quorum fact
  set_fact:
    has_quorum: "{{ etcd_endpoint_health.stdout_lines | select('match', '.*is healthy.*') | list | length >= etcd_endpoint_health.stderr_lines | select('match', '.*is unhealthy.*') | list | length }}"
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']

 - include_tasks: recover_lost_quorum.yml
  when:
@@ -39,7 +39,7 @@
  with_items: "{{ groups['broken_etcd'] }}"
  ignore_errors: true  # noqa ignore-errors
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']
    - has_quorum

 - name: Delete old certificates
@@ -56,7 +56,7 @@
  loop: "{{ delete_old_cerificates.results }}"
  changed_when: false
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']
    - "item.rc != 0 and not 'No such file or directory' in item.stderr"

 - name: Get etcd cluster members
@@ -65,20 +65,20 @@
  changed_when: false
  check_mode: no
  environment:
-    ETCDCTL_API: 3
+    ETCDCTL_API: "3"
    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']
    - not healthy
    - has_quorum

 - name: Remove broken cluster members
  command: "{{ bin_dir }}/etcdctl member remove {{ item[1].replace(' ','').split(',')[0] }}"
  environment:
-    ETCDCTL_API: 3
+    ETCDCTL_API: "3"
    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
@@ -87,7 +87,7 @@
    - "{{ groups['broken_etcd'] }}"
    - "{{ member_list.stdout_lines }}"
  when:
-    - groups['broken_etcd']
+    - inventory_hostname in groups['broken_etcd']
    - not healthy
    - has_quorum
    - hostvars[item[0]]['etcd_member_name'] == item[1].replace(' ','').split(',')[2]
--- a/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
+++ b/roles/recover_control_plane/etcd/tasks/recover_lost_quorum.yml
@@ -2,11 +2,11 @@
 - name: Save etcd snapshot
  command: "{{ bin_dir }}/etcdctl snapshot save /tmp/snapshot.db"
  environment:
-    - ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
-    - ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
-    - ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
-    - ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses.split(',') | first }}"
-    - ETCDCTL_API: 3
+    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
+    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
+    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses.split(',') | first }}"
+    ETCDCTL_API: "3"
  when: etcd_snapshot is not defined

 - name: Transfer etcd snapshot to host
@@ -29,11 +29,11 @@
 - name: Restore etcd snapshot  # noqa 301 305
  shell: "{{ bin_dir }}/etcdctl snapshot restore /tmp/snapshot.db --name {{ etcd_member_name }} --initial-cluster {{ etcd_member_name }}={{ etcd_peer_url }} --initial-cluster-token k8s_etcd --initial-advertise-peer-urls {{ etcd_peer_url }} --data-dir {{ etcd_data_dir }}"
  environment:
-    - ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
-    - ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
-    - ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
-    - ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
-    - ETCDCTL_API: 3
+    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ inventory_hostname }}-key.pem"
+    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
+    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"
+    ETCDCTL_API: "3"

 - name: Remove etcd snapshot
  file: