Test group membership with group_names

Testing for group membership with group names makes Kubespray more tolerant towards the structure of the inventory. Where 'inventory_hostname in groups["some_group"] would fail if "some_group" is not defined, '"some_group" in group_names' would not.
2026-02-28 01:29:42 +03:00 · 2024-09-21 14:09:09 +02:00
parent 89ff0710e9
commit 2ec1c93897
22 changed files with 60 additions and 60 deletions
--- a/roles/etcd/tasks/check_certs.yml
+++ b/roles/etcd/tasks/check_certs.yml
@@ -21,7 +21,7 @@
    get_checksum: true
    get_mime: false
  register: etcd_member_certs
-  when: inventory_hostname in groups['etcd']
+  when: ('etcd' in group_names)
  with_items:
    - ca.pem
    - member-{{ inventory_hostname }}.pem
@@ -33,7 +33,7 @@
  stat:
    path: "{{ etcd_cert_dir }}/{{ item }}"
  register: etcd_node_certs
-  when: inventory_hostname in groups['k8s_cluster']
+  when: ('k8s_cluster' in group_names)
  with_items:
    - ca.pem
    - node-{{ inventory_hostname }}.pem
@@ -99,7 +99,7 @@
  set_fact:
    etcd_member_requires_sync: true
  when:
-    - inventory_hostname in groups['etcd']
+    - ('etcd' in group_names)
    - (not etcd_member_certs.results[0].stat.exists | default(false)) or
      (not etcd_member_certs.results[1].stat.exists | default(false)) or
      (not etcd_member_certs.results[2].stat.exists | default(false)) or
@@ -115,7 +115,7 @@
  set_fact:
    kubernetes_host_requires_sync: true
  when:
-    - inventory_hostname in groups['k8s_cluster'] and
+    - ('k8s_cluster' in group_names) and
      inventory_hostname not in groups['etcd']
    - (not etcd_node_certs.results[0].stat.exists | default(false)) or
      (not etcd_node_certs.results[1].stat.exists | default(false)) or
--- a/roles/etcd/tasks/gen_certs_script.yml
+++ b/roles/etcd/tasks/gen_certs_script.yml
@@ -79,7 +79,7 @@
        {% endfor %}]"
  delegate_to: "{{ groups['etcd'][0] }}"
  when:
-    - inventory_hostname in groups['etcd']
+    - ('etcd' in group_names)
    - sync_certs | default(false)
    - inventory_hostname != groups['etcd'][0]
  notify: Set etcd_secret_changed
@@ -93,7 +93,7 @@
    mode: "0640"
  with_items: "{{ etcd_master_certs.results }}"
  when:
-    - inventory_hostname in groups['etcd']
+    - ('etcd' in group_names)
    - sync_certs | default(false)
    - inventory_hostname != groups['etcd'][0]
  loop_control:
@@ -110,7 +110,7 @@
        {% endfor %}]"
  delegate_to: "{{ groups['etcd'][0] }}"
  when:
-    - inventory_hostname in groups['etcd']
+    - ('etcd' in group_names)
    - inventory_hostname != groups['etcd'][0]
    - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
@@ -125,7 +125,7 @@
    mode: "0640"
  with_items: "{{ etcd_master_node_certs.results }}"
  when:
-    - inventory_hostname in groups['etcd']
+    - ('etcd' in group_names)
    - inventory_hostname != groups['etcd'][0]
    - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
@@ -135,7 +135,7 @@
 - name: Gen_certs | Generate etcd certs
  include_tasks: gen_nodes_certs_script.yml
  when:
-    - inventory_hostname in groups['kube_control_plane'] and
+    - ('kube_control_plane' in group_names) and
        sync_certs | default(false) and inventory_hostname not in groups['etcd']

 - name: Gen_certs | Generate etcd certs on nodes if needed
@@ -143,7 +143,7 @@
  when:
    - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
-    - inventory_hostname in groups['k8s_cluster'] and
+    - ('k8s_cluster' in group_names) and
        sync_certs | default(false) and inventory_hostname not in groups['etcd']

 - name: Gen_certs | check certificate permissions
--- a/roles/etcd/tasks/main.yml
+++ b/roles/etcd/tasks/main.yml
@@ -25,7 +25,7 @@
  when:
    - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
  tags:
    - etcd-secrets

@@ -37,7 +37,7 @@
  when:
    - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
  tags:
    - master    # master tag is deprecated and replaced by control-plane
    - control-plane
@@ -49,7 +49,7 @@
  when:
    - kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally | default(false) | bool
    - kube_network_plugin != "calico" or calico_datastore == "etcd"
-    - inventory_hostname in groups['k8s_cluster']
+    - ('k8s_cluster' in group_names)
  tags:
    - master    # master tag is deprecated and replaced by control-plane
    - control-plane