Do not use ‘yes/no’ for boolean values (#11472)

Consistent boolean values in ansible playbooks

roles/kubernetes/client/tasks/main.yml

@@ -30,9 +30,9 @@
   copy:
     src: "{{ kube_config_dir }}/admin.conf"
     dest: "{{ ansible_env.HOME | default('/root') }}/.kube/config"
-    remote_src: yes
+    remote_src: true
     mode: "0600"
-    backup: yes
+    backup: true
 
 - name: Create kube artifacts dir
   file:
@@ -41,8 +41,8 @@
     state: directory
   delegate_to: localhost
   connection: local
-  become: no
-  run_once: yes
+  become: false
+  run_once: true
   when: kubeconfig_localhost
 
 - name: Wait for k8s apiserver
@@ -54,7 +54,7 @@
 - name: Get admin kubeconfig from remote host
   slurp:
     src: "{{ kube_config_dir }}/admin.conf"
-  run_once: yes
+  run_once: true
   register: raw_admin_kubeconfig
   when: kubeconfig_localhost
 
@@ -83,21 +83,21 @@
     mode: "0600"
   delegate_to: localhost
   connection: local
-  become: no
-  run_once: yes
+  become: false
+  run_once: true
   when: kubeconfig_localhost
 
 - name: Copy kubectl binary to ansible host
   fetch:
     src: "{{ bin_dir }}/kubectl"
     dest: "{{ artifacts_dir }}/kubectl"
-    flat: yes
-    validate_checksum: no
+    flat: true
+    validate_checksum: false
   register: copy_binary_result
   until: copy_binary_result is not failed
   retries: 20
-  become: no
-  run_once: yes
+  become: false
+  run_once: true
   when: kubectl_localhost
 
 - name: Create helper script kubectl.sh on ansible host
@@ -107,8 +107,8 @@
       ${BASH_SOURCE%/*}/kubectl --kubeconfig=${BASH_SOURCE%/*}/admin.conf "$@"
     dest: "{{ artifacts_dir }}/kubectl.sh"
     mode: "0755"
-  become: no
-  run_once: yes
+  become: false
+  run_once: true
   delegate_to: localhost
   connection: local
   when: kubectl_localhost and kubeconfig_localhost

roles/kubernetes/control-plane/handlers/main.yml

@@ -81,7 +81,7 @@
     endpoint: "{{ kube_scheduler_bind_address if kube_scheduler_bind_address != '0.0.0.0' else 'localhost' }}"
   uri:
     url: https://{{ endpoint }}:10259/healthz
-    validate_certs: no
+    validate_certs: false
   register: scheduler_result
   until: scheduler_result.status == 200
   retries: 60
@@ -95,7 +95,7 @@
     endpoint: "{{ kube_controller_manager_bind_address if kube_controller_manager_bind_address != '0.0.0.0' else 'localhost' }}"
   uri:
     url: https://{{ endpoint }}:10257/healthz
-    validate_certs: no
+    validate_certs: false
   register: controller_manager_result
   until: controller_manager_result.status == 200
   retries: 60
@@ -107,7 +107,7 @@
 - name: Master | wait for the apiserver to be running
   uri:
     url: "{{ kube_apiserver_endpoint }}/healthz"
-    validate_certs: no
+    validate_certs: false
   register: result
   until: result.status == 200
   retries: 60

roles/kubernetes/control-plane/tasks/define-first-kube-control.yml

@@ -3,7 +3,7 @@
 - name: Check which kube-control nodes are already members of the cluster
   command: "{{ bin_dir }}/kubectl get nodes --selector=node-role.kubernetes.io/control-plane -o json"
   register: kube_control_planes_raw
-  ignore_errors: yes
+  ignore_errors: true
   changed_when: false
 
 - name: Set fact joined_control_planes
@@ -12,7 +12,7 @@
   delegate_to: "{{ item }}"
   loop: "{{ groups['kube_control_plane'] }}"
   when: kube_control_planes_raw is succeeded
-  run_once: yes
+  run_once: true
 
 - name: Set fact first_kube_control_plane
   set_fact:

roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml

@@ -2,9 +2,9 @@
 - name: Check if secret for encrypting data at rest already exist
   stat:
     path: "{{ kube_cert_dir }}/secrets_encryption.yaml"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: secrets_encryption_file
 
 - name: Slurp secrets_encryption file if it exists

roles/kubernetes/control-plane/tasks/kubeadm-backup.yml

@@ -4,7 +4,7 @@
     src: "{{ kube_cert_dir }}/{{ item }}"
     dest: "{{ kube_cert_dir }}/{{ item }}.old"
     mode: preserve
-    remote_src: yes
+    remote_src: true
   with_items:
     - apiserver.crt
     - apiserver.key
@@ -19,7 +19,7 @@
     src: "{{ kube_config_dir }}/{{ item }}"
     dest: "{{ kube_config_dir }}/{{ item }}.old"
     mode: preserve
-    remote_src: yes
+    remote_src: true
   with_items:
     - admin.conf
     - controller-manager.conf

roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml

@@ -5,7 +5,7 @@
     dest: "{{ kube_config_dir }}/{{ item }}"
     regexp: '^    server: https'
     line: '    server: {{ kube_apiserver_endpoint }}'
-    backup: yes
+    backup: true
   with_items:
     - admin.conf
     - controller-manager.conf

roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml

@@ -25,7 +25,7 @@
 - name: Parse certificate key if not set
   set_fact:
     kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}"
-  run_once: yes
+  run_once: true
   when:
     - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is defined
     - hostvars[groups['kube_control_plane'][0]]['kubeadm_upload_cert'] is not skipped
@@ -35,7 +35,7 @@
     src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2"
     dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml"
     mode: "0640"
-    backup: yes
+    backup: true
   when:
     - inventory_hostname != first_kube_control_plane
     - not kubeadm_already_run.stat.exists

roles/kubernetes/control-plane/tasks/kubeadm-setup.yml

@@ -13,9 +13,9 @@
 - name: Kubeadm | Check if kubeadm has already run
   stat:
     path: "/var/lib/kubelet/config.yaml"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kubeadm_already_run
 
 - name: Kubeadm | Backup kubeadm certs / kubeconfig

roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml

@@ -4,7 +4,7 @@
     path: "{{ kube_config_dir }}/kubelet.conf"
     regexp: '^    client-certificate-data: '
     line: '    client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
-    backup: yes
+    backup: true
   notify:
     - "Master | reload kubelet"
 
@@ -13,6 +13,6 @@
     path: "{{ kube_config_dir }}/kubelet.conf"
     regexp: '^    client-key-data: '
     line: '    client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
-    backup: yes
+    backup: true
   notify:
     - "Master | reload kubelet"

roles/kubernetes/control-plane/tasks/main.yml

@@ -120,7 +120,7 @@
 - name: Renew K8S control plane certificates monthly 2/2
   systemd_service:
     name: k8s-certs-renew.timer
-    enabled: yes
+    enabled: true
     state: started
     daemon_reload: "{{ k8s_certs_units is changed }}"
   when: auto_renew_certificates

roles/kubernetes/kubeadm/tasks/main.yml

@@ -14,17 +14,17 @@
 - name: Check if kubelet.conf exists
   stat:
     path: "{{ kube_config_dir }}/kubelet.conf"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kubelet_conf
 
 - name: Check if kubeadm CA cert is accessible
   stat:
     path: "{{ kube_cert_dir }}/ca.crt"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kubeadm_ca_stat
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
@@ -79,7 +79,7 @@
   template:
     src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
     dest: "{{ kube_config_dir }}/kubeadm-client.conf"
-    backup: yes
+    backup: true
     mode: "0640"
   when: not is_kube_master
 
@@ -140,7 +140,7 @@
     dest: "{{ kube_config_dir }}/kubelet.conf"
     regexp: 'server:'
     line: '    server: {{ kube_apiserver_endpoint }}'
-    backup: yes
+    backup: true
   when:
     - kubeadm_config_api_fqdn is not defined
     - not is_kube_master
@@ -152,7 +152,7 @@
     dest: "{{ kube_config_dir }}/kubelet.conf"
     regexp: '^    server: https'
     line: '    server: {{ kube_apiserver_endpoint }}'
-    backup: yes
+    backup: true
   when:
     - not is_kube_master
     - loadbalancer_apiserver is defined

roles/kubernetes/node-label/tasks/main.yml

@@ -2,7 +2,7 @@
 - name: Kubernetes Apps | Wait for kube-apiserver
   uri:
     url: "{{ kube_apiserver_endpoint }}/healthz"
-    validate_certs: no
+    validate_certs: false
     client_cert: "{{ kube_apiserver_client_cert }}"
     client_key: "{{ kube_apiserver_client_key }}"
   register: result

roles/kubernetes/node/tasks/facts.yml

@@ -8,7 +8,7 @@
       executable: /bin/bash
     register: docker_cgroup_driver_result
     changed_when: false
-    check_mode: no
+    check_mode: false
 
   - name: Set kubelet_cgroup_driver_detected fact for docker
     set_fact:

roles/kubernetes/node/tasks/kubelet.yml

@@ -11,7 +11,7 @@
     src: "kubelet.env.{{ kubeletConfig_api_version }}.j2"
     dest: "{{ kube_config_dir }}/kubelet.env"
     setype: "{{ (preinstall_selinux_state != 'disabled') | ternary('etc_t', omit) }}"
-    backup: yes
+    backup: true
     mode: "0600"
   notify: Node | restart kubelet
   tags:
@@ -32,7 +32,7 @@
   template:
     src: "kubelet.service.j2"
     dest: "/etc/systemd/system/kubelet.service"
-    backup: "yes"
+    backup: true
     mode: "0600"
     validate: "sh -c '[ -f /usr/bin/systemd/system/factory-reset.target ] || exit 0 && systemd-analyze verify %s:kubelet.service'"
     # FIXME: check that systemd version >= 250 (factory-reset.target was introduced in that release)
@@ -48,7 +48,7 @@
 - name: Enable kubelet
   service:
     name: kubelet
-    enabled: yes
+    enabled: true
     state: started
   tags:
     - kubelet

roles/kubernetes/node/tasks/loadbalancer/haproxy.yml

@@ -17,14 +17,14 @@
     dest: "{{ haproxy_config_dir }}/haproxy.cfg"
     owner: root
     mode: "0755"
-    backup: yes
+    backup: true
 
 - name: Haproxy | Get checksum from config
   stat:
     path: "{{ haproxy_config_dir }}/haproxy.cfg"
-    get_attributes: no
-    get_checksum: yes
-    get_mime: no
+    get_attributes: false
+    get_checksum: true
+    get_mime: false
   register: haproxy_stat
 
 - name: Haproxy | Write static pod

roles/kubernetes/node/tasks/loadbalancer/kube-vip.yml

@@ -16,9 +16,9 @@
 - name: Kube-vip | Check if kubeadm has already run
   stat:
     path: "/var/lib/kubelet/config.yaml"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kubeadm_already_run
 
 - name: Kube-vip | Set admin.conf

roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml

@@ -17,14 +17,14 @@
     dest: "{{ nginx_config_dir }}/nginx.conf"
     owner: root
     mode: "0755"
-    backup: yes
+    backup: true
 
 - name: Nginx-proxy | Get checksum from config
   stat:
     path: "{{ nginx_config_dir }}/nginx.conf"
-    get_attributes: no
-    get_checksum: yes
-    get_mime: no
+    get_attributes: false
+    get_checksum: true
+    get_mime: false
   register: nginx_stat
 
 - name: Nginx-proxy | Write static pod

roles/kubernetes/node/tasks/main.yml

@@ -51,10 +51,10 @@
   ansible.posix.sysctl:
     name: net.ipv4.ip_local_reserved_ports
     value: "{{ kube_apiserver_node_port_range }}"
-    sysctl_set: yes
+    sysctl_set: true
     sysctl_file: "{{ sysctl_file_path }}"
     state: present
-    reload: yes
+    reload: true
   when: kube_apiserver_node_port_range is defined
   tags:
     - kube-proxy
@@ -66,7 +66,7 @@
   register: modinfo_br_netfilter
   failed_when: modinfo_br_netfilter.rc not in [0, 1]
   changed_when: false
-  check_mode: no
+  check_mode: false
 
 # TODO: Remove once upstream issue is fixed
 # https://github.com/ansible-collections/community.general/issues/7717
@@ -97,7 +97,7 @@
   command: "sysctl net.bridge.bridge-nf-call-iptables"
   failed_when: false
   changed_when: false
-  check_mode: no
+  check_mode: false
   register: sysctl_bridge_nf_call_iptables
 
 - name: Enable bridge-nf-call tables
@@ -106,7 +106,7 @@
     state: present
     sysctl_file: "{{ sysctl_file_path }}"
     value: "1"
-    reload: yes
+    reload: true
   when: sysctl_bridge_nf_call_iptables.rc == 0
   with_items:
     - net.bridge.bridge-nf-call-iptables

roles/kubernetes/node/tasks/pre_upgrade.yml

@@ -11,7 +11,7 @@
     executable: /bin/bash
   failed_when: false
   changed_when: false
-  check_mode: no
+  check_mode: false
   register: kubelet_container_check
 
 - name: "Pre-upgrade | copy /var/lib/cni from kubelet"

roles/kubernetes/preinstall/handlers/main.yml

@@ -31,9 +31,9 @@
 - name: Preinstall | kube-apiserver configured
   stat:
     path: "{{ kube_manifest_dir }}/kube-apiserver.yaml"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kube_apiserver_set
   when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
   listen: Preinstall | propagate resolvconf to k8s components
@@ -42,9 +42,9 @@
 - name: Preinstall | kube-controller configured
   stat:
     path: "{{ kube_manifest_dir }}/kube-controller-manager.yaml"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kube_controller_set
   when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
   listen: Preinstall | propagate resolvconf to k8s components
@@ -109,7 +109,7 @@
 - name: Preinstall | wait for the apiserver to be running
   uri:
     url: "{{ kube_apiserver_endpoint }}/healthz"
-    validate_certs: no
+    validate_certs: false
   register: result
   until: result.status == 200
   retries: 60

roles/kubernetes/preinstall/tasks/0010-swapoff.yml

@@ -2,9 +2,9 @@
 - name: Check if /etc/fstab exists
   stat:
     path: "/etc/fstab"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: fstab_file
 
 - name: Remove swapfile from /etc/fstab

roles/kubernetes/preinstall/tasks/0020-set_facts.yml

@@ -12,24 +12,24 @@
   register: resolvconf
   failed_when: false
   changed_when: false
-  check_mode: no
+  check_mode: false
 
 - name: Check existence of /etc/resolvconf/resolv.conf.d
   stat:
     path: /etc/resolvconf/resolv.conf.d
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   failed_when: false
   register: resolvconfd_path
 
 - name: Check status of /etc/resolv.conf
   stat:
     path: /etc/resolv.conf
-    follow: no
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    follow: false
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   failed_when: false
   register: resolvconf_stat
 
@@ -72,7 +72,7 @@
   register: systemd_resolved_enabled
   failed_when: false
   changed_when: false
-  check_mode: no
+  check_mode: false
 
 - name: Set default dns if remove_default_searchdomains is false
   set_fact:
@@ -94,9 +94,9 @@
 - name: Check if kubelet is configured
   stat:
     path: "{{ kube_config_dir }}/kubelet.env"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kubelet_configured
   changed_when: false
 
@@ -121,9 +121,9 @@
 - name: Check if /etc/dhclient.conf exists
   stat:
     path: /etc/dhclient.conf
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: dhclient_stat
 
 - name: Target dhclient conf file for /etc/dhclient.conf
@@ -134,9 +134,9 @@
 - name: Check if /etc/dhcp/dhclient.conf exists
   stat:
     path: /etc/dhcp/dhclient.conf
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: dhcp_dhclient_stat
 
 - name: Target dhclient conf file for /etc/dhcp/dhclient.conf
@@ -218,9 +218,9 @@
 - name: Check /usr readonly
   stat:
     path: "/usr"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: usr
 
 - name: Set alternate flexvolume path

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -44,7 +44,7 @@
   assert:
     that: item.value | type_debug == 'bool'
     msg: "{{ item.value }} isn't a bool"
-  run_once: yes
+  run_once: true
   with_items:
     - { name: download_run_once, value: "{{ download_run_once }}" }
     - { name: deploy_netchecker, value: "{{ deploy_netchecker }}" }
@@ -172,21 +172,21 @@
     that:
       - kube_service_addresses | ansible.utils.ipaddr('net')
     msg: "kube_service_addresses = '{{ kube_service_addresses }}' is not a valid network range"
-  run_once: yes
+  run_once: true
 
 - name: "Check that kube_pods_subnet is a network range"
   assert:
     that:
       - kube_pods_subnet | ansible.utils.ipaddr('net')
     msg: "kube_pods_subnet = '{{ kube_pods_subnet }}' is not a valid network range"
-  run_once: yes
+  run_once: true
 
 - name: "Check that kube_pods_subnet does not collide with kube_service_addresses"
   assert:
     that:
       - kube_pods_subnet | ansible.utils.ipaddr(kube_service_addresses) | string == 'None'
     msg: "kube_pods_subnet cannot be the same network segment as kube_service_addresses"
-  run_once: yes
+  run_once: true
 
 - name: "Check that IP range is enough for the nodes"
   assert:
@@ -194,7 +194,7 @@
       - 2 ** (kube_network_node_prefix - kube_pods_subnet | ansible.utils.ipaddr('prefix')) >= groups['k8s_cluster'] | length
     msg: "Not enough IPs are available for the desired node count."
   when: kube_network_plugin != 'calico'
-  run_once: yes
+  run_once: true
 
 - name: Stop if unknown dns mode
   assert:
@@ -246,7 +246,7 @@
 
 # TODO: Clean this task up when we drop backward compatibility support for `etcd_kubeadm_enabled`
 - name: Stop if etcd deployment type is not host or kubeadm when container_manager != docker and etcd_kubeadm_enabled is not defined
-  run_once: yes
+  run_once: true
   when: etcd_kubeadm_enabled is defined
   block:
     - name: Warn the user if they are still using `etcd_kubeadm_enabled`
@@ -292,7 +292,7 @@
   assert:
     that: containerd_version is version(containerd_min_version_required, '>=')
     msg: "containerd_version is too low. Minimum version {{ containerd_min_version_required }}"
-  run_once: yes
+  run_once: true
   when:
     - containerd_version not in ['latest', 'edge', 'stable']
     - container_manager == 'containerd'

roles/kubernetes/preinstall/tasks/0050-create_directories.yml

@@ -48,9 +48,9 @@
 - name: Check if kubernetes kubeadm compat cert dir exists
   stat:
     path: "{{ kube_cert_compat_dir }}"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: kube_cert_compat_dir_check
   when:
     - inventory_hostname in groups['k8s_cluster']

roles/kubernetes/preinstall/tasks/0060-resolvconf.yml

@@ -16,7 +16,7 @@
       options ndots:{{ ndots }} timeout:{{ dns_timeout | default('2') }} attempts:{{ dns_attempts | default('2') }}
     state: present
     insertbefore: BOF
-    create: yes
+    create: true
     backup: "{{ not resolvconf_stat.stat.islnk }}"
     marker: "# Ansible entries {mark}"
     mode: "0644"

roles/kubernetes/preinstall/tasks/0062-networkmanager-unmanaged-devices.yml

@@ -3,7 +3,7 @@
   file:
     path: "/etc/NetworkManager/conf.d"
     state: directory
-    recurse: yes
+    recurse: true
 
 - name: NetworkManager | Prevent NetworkManager from managing Calico interfaces (cali*/tunl*/vxlan.calico)
   copy:

roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml

@@ -6,7 +6,7 @@
     option: servers
     value: "{{ nameserverentries }}"
     mode: '0600'
-    backup: yes
+    backup: true
   when:
     - nameserverentries != "127.0.0.53" or systemd_resolved_enabled.rc != 0
   notify: Preinstall | update resolvconf for networkmanager
@@ -23,7 +23,7 @@
     option: searches
     value: "{{ (default_searchdomains | default([]) + searchdomains | default([])) | join(',') }}"
     mode: '0600'
-    backup: yes
+    backup: true
   notify: Preinstall | update resolvconf for networkmanager
 
 - name: NetworkManager | Add DNS options to NM configuration
@@ -33,5 +33,5 @@
     option: options
     value: "ndots:{{ ndots }},timeout:{{ dns_timeout | default('2') }},attempts:{{ dns_attempts | default('2') }}"
     mode: '0600'
-    backup: yes
+    backup: true
   notify: Preinstall | update resolvconf for networkmanager

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -34,7 +34,7 @@
 
 - name: Update package management cache (APT)
   apt:
-    update_cache: yes
+    update_cache: true
     cache_valid_time: 3600
   when: ansible_os_family == "Debian"
   tags:

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -3,9 +3,9 @@
 - name: Confirm selinux deployed
   stat:
     path: /etc/selinux/config
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   when:
     - ansible_os_family == "RedHat"
     - "'Amazon' not in ansible_distribution"
@@ -27,8 +27,8 @@
     dest: /etc/gai.conf
     line: "precedence ::ffff:0:0/96  100"
     state: present
-    create: yes
-    backup: yes
+    create: true
+    backup: true
     mode: "0644"
   when:
     - disable_ipv6_dns
@@ -47,9 +47,9 @@
 - name: Stat sysctl file configuration
   stat:
     path: "{{ sysctl_file_path }}"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: sysctl_file_stat
   tags:
     - bootstrap-os
@@ -75,7 +75,7 @@
     name: net.ipv4.ip_forward
     value: "1"
     state: present
-    reload: yes
+    reload: true
 
 - name: Enable ipv6 forwarding
   ansible.posix.sysctl:
@@ -83,15 +83,15 @@
     name: net.ipv6.conf.all.forwarding
     value: "1"
     state: present
-    reload: yes
+    reload: true
   when: enable_dual_stack_networks | bool
 
 - name: Check if we need to set fs.may_detach_mounts
   stat:
     path: /proc/sys/fs/may_detach_mounts
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: fs_may_detach_mounts
   ignore_errors: true  # noqa ignore-errors
 
@@ -101,7 +101,7 @@
     name: fs.may_detach_mounts
     value: 1
     state: present
-    reload: yes
+    reload: true
   when: fs_may_detach_mounts.stat.exists | d(false)
 
 - name: Ensure kubelet expected parameters are set
@@ -110,7 +110,7 @@
     name: "{{ item.name }}"
     value: "{{ item.value }}"
     state: present
-    reload: yes
+    reload: true
   with_items:
     - { name: kernel.keys.root_maxbytes, value: 25000000 }
     - { name: kernel.keys.root_maxkeys, value: 1000000 }
@@ -133,7 +133,7 @@
     name: "{{ item.name }}"
     value: "{{ item.value }}"
     state: present
-    reload: yes
+    reload: true
   with_items: "{{ additional_sysctl }}"
 
 - name: Disable fapolicyd service

roles/kubernetes/preinstall/tasks/0090-etchosts.yml

@@ -11,17 +11,17 @@
       {% endfor %}
   delegate_to: localhost
   connection: local
-  delegate_facts: yes
-  run_once: yes
+  delegate_facts: true
+  run_once: true
 
 - name: Hosts | populate inventory into hosts file
   blockinfile:
     path: /etc/hosts
     block: "{{ hostvars.localhost.etc_hosts_inventory_block }}"
     state: "{{ 'present' if populate_inventory_to_hosts_file else 'absent' }}"
-    create: yes
-    backup: yes
-    unsafe_writes: yes
+    create: true
+    backup: true
+    unsafe_writes: true
     marker: "# Ansible inventory hosts {mark}"
     mode: "0644"
 
@@ -31,8 +31,8 @@
     regexp: ".*{{ apiserver_loadbalancer_domain_name }}$"
     line: "{{ loadbalancer_apiserver.address }} {{ apiserver_loadbalancer_domain_name }}"
     state: present
-    backup: yes
-    unsafe_writes: yes
+    backup: true
+    unsafe_writes: true
   when:
     - populate_loadbalancer_apiserver_to_hosts_file
     - loadbalancer_apiserver is defined
@@ -69,8 +69,8 @@
         line: "{{ item.key }} {{ item.value | join(' ') }}"
         regexp: "^{{ item.key }}.*$"
         state: present
-        backup: yes
-        unsafe_writes: yes
+        backup: true
+        unsafe_writes: true
       loop: "{{ etc_hosts_localhosts_dict_target | default({}) | dict2items }}"
 
 # gather facts to update ansible_fqdn

roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml

@@ -6,10 +6,10 @@
       {{ item }}
       {% endfor %}
     path: "{{ dhclientconffile }}"
-    create: yes
+    create: true
     state: present
     insertbefore: BOF
-    backup: yes
+    backup: true
     marker: "# Ansible entries {mark}"
     mode: "0644"
   notify: Preinstall | propagate resolvconf to k8s components

roles/kubernetes/preinstall/tasks/0110-dhclient-hooks-undo.yml

@@ -7,7 +7,7 @@
   blockinfile:
     path: "{{ dhclientconffile }}"
     state: absent
-    backup: yes
+    backup: true
     marker: "# Ansible entries {mark}"
   notify: Preinstall | propagate resolvconf to k8s components
 

roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml

@@ -22,7 +22,7 @@
 
 - name: Check if growpart needs to be run
   command: growpart -N {{ device }} {{ partition }}
-  failed_when: False
+  failed_when: false
   changed_when: "'NOCHANGE:' not in growpart_needed.stdout"
   register: growpart_needed
   environment:
@@ -30,7 +30,7 @@
 
 - name: Check fs type
   command: file -Ls {{ root_device }}
-  changed_when: False
+  changed_when: false
   register: fs_type
 
 - name: Run growpart  # noqa no-handler

roles/kubernetes/preinstall/tasks/main.yml

@@ -121,9 +121,9 @@
 - name: Check if we are running inside a Azure VM
   stat:
     path: /var/lib/waagent/
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
+    get_attributes: false
+    get_checksum: false
+    get_mime: false
   register: azure_check
   when:
     - not dns_late

roles/kubernetes/tokens/tasks/check-tokens.yml

@@ -2,9 +2,9 @@
 - name: "Check_tokens | check if the tokens have already been generated on first master"
   stat:
     path: "{{ kube_token_dir }}/known_tokens.csv"
-    get_attributes: no
-    get_checksum: yes
-    get_mime: no
+    get_attributes: false
+    get_checksum: true
+    get_mime: false
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   register: known_tokens_master
   run_once: true
@@ -23,9 +23,9 @@
 - name: "Check tokens | check if a cert already exists"
   stat:
     path: "{{ kube_token_dir }}/known_tokens.csv"
-    get_attributes: no
-    get_checksum: yes
-    get_mime: no
+    get_attributes: false
+    get_checksum: true
+    get_mime: false
   register: known_tokens
 
 - name: "Check_tokens | Set 'sync_tokens' to true"

roles/kubernetes/tokens/tasks/gen_tokens.yml

@@ -4,7 +4,7 @@
     src: "kube-gen-token.sh"
     dest: "{{ kube_script_dir }}/kube-gen-token.sh"
     mode: "0700"
-  run_once: yes
+  run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   when: gen_tokens | default(false)
 
@@ -17,7 +17,7 @@
     - "{{ groups['kube_control_plane'] }}"
   register: gentoken_master
   changed_when: "'Added' in gentoken_master.stdout"
-  run_once: yes
+  run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   when: gen_tokens | default(false)
 
@@ -30,14 +30,14 @@
     - "{{ groups['kube_node'] }}"
   register: gentoken_node
   changed_when: "'Added' in gentoken_node.stdout"
-  run_once: yes
+  run_once: true
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   when: gen_tokens | default(false)
 
 - name: Gen_tokens | Get list of tokens from first master
   command: "find {{ kube_token_dir }} -maxdepth 1 -type f"
   register: tokens_list
-  check_mode: no
+  check_mode: false
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
   when: sync_tokens | default(false)
@@ -47,7 +47,7 @@
   args:
     executable: /bin/bash
   register: tokens_data
-  check_mode: no
+  check_mode: false
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
   when: sync_tokens | default(false)