Use connection: local when delegate_to: localhost (kubernetes-sig…

…s#6322) This will avoid SSH connection on the local host
dmrub · Dec 31, 2020 · d280904 · d280904
1 parent 7c4239d
commit d280904
Show file tree

Hide file tree

Showing 8 changed files with 14 additions and 0 deletions.
diff --git a/roles/bastion-ssh-config/tasks/main.yml b/roles/bastion-ssh-config/tasks/main.yml
@@ -3,6 +3,7 @@
   set_fact:
     bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
   delegate_to: localhost
+  connection: local
 
 # As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly
 # To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user
@@ -13,6 +14,7 @@
 - name: create ssh bastion conf
   become: false
   delegate_to: localhost
+  connection: local
   template:
     src: ssh-bastion.conf
     dest: "{{ playbook_dir }}/ssh-bastion.conf"
diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml
@@ -18,6 +18,7 @@
       stat:
         path: "{{ image_path_cached }}"
       delegate_to: localhost
+      connection: local
       delegate_facts: no
       register: cache_image
       changed_when: false

diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml
@@ -25,6 +25,7 @@
       state: directory
       recurse: yes
     delegate_to: localhost
+    connection: local
     delegate_facts: false
     run_once: true
     become: false

diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml
@@ -45,6 +45,7 @@
 - name: prep_download | On localhost, check if passwordless root is possible
   command: "true"
   delegate_to: localhost
+  connection: local
   run_once: true
   register: test_become
   changed_when: false
@@ -59,6 +60,7 @@
 - name: prep_download | On localhost, check if user has access to docker without using sudo
   shell: "{{ docker_bin_dir }}/docker images"
   delegate_to: localhost
+  connection: local
   run_once: true
   register: test_docker
   changed_when: false

diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml
@@ -36,6 +36,7 @@
     mode: "0750"
     state: directory
   delegate_to: localhost
+  connection: local
   become: no
   run_once: yes
   when: kubeconfig_localhost
@@ -98,6 +99,7 @@
     dest: "{{ artifacts_dir }}/admin.conf"
     mode: 0640
   delegate_to: localhost
+  connection: local
   become: no
   run_once: yes
   when: kubeconfig_localhost
@@ -122,4 +124,5 @@
   become: no
   run_once: yes
   delegate_to: localhost
+  connection: local
   when: kubectl_localhost and kubeconfig_localhost
diff --git a/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml b/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml
@@ -3,13 +3,15 @@
   stat:
     path: "{{ inventory_dir }}/../credentials"
   delegate_to: localhost
+  connection: local
   register: old_credential_dir
   become: no
 
 - name: "Pre-upgrade | check if new credential dir exists"
   stat:
     path: "{{ inventory_dir }}/credentials"
   delegate_to: localhost
+  connection: local
   register: new_credential_dir
   become: no
   when: old_credential_dir.stat.exists
@@ -19,6 +21,7 @@
   args:
     creates: "{{ inventory_dir }}/credentials"
   delegate_to: localhost
+  connection: local
   become: no
   when:
     - old_credential_dir.stat.exists

diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml
@@ -133,6 +133,7 @@
         dest: "{{ dir|default('.') }}/logs.tar.gz"
         remove: true
       delegate_to: localhost
+      connection: local
       become: false
       run_once: true
 

diff --git a/tests/cloud_playbooks/delete-aws.yml b/tests/cloud_playbooks/delete-aws.yml
@@ -15,3 +15,4 @@
       region: "{{ ansible_ec2_placement_region }}"
       wait: True
     delegate_to: localhost
+    connection: local