From d280904a591f36d4508ba59c0df7569c5f17fa4f Mon Sep 17 00:00:00 2001 From: bozzo Date: Thu, 25 Jun 2020 17:14:38 +0200 Subject: [PATCH] Use `connection: local` when `delegate_to: localhost` (#6322) This will avoid SSH connection on the local host --- roles/bastion-ssh-config/tasks/main.yml | 2 ++ roles/download/tasks/download_container.yml | 1 + roles/download/tasks/download_file.yml | 1 + roles/download/tasks/prep_download.yml | 2 ++ roles/kubernetes/client/tasks/main.yml | 3 +++ roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml | 3 +++ scripts/collect-info.yaml | 1 + tests/cloud_playbooks/delete-aws.yml | 1 + 8 files changed, 14 insertions(+) diff --git a/roles/bastion-ssh-config/tasks/main.yml b/roles/bastion-ssh-config/tasks/main.yml index 7ea39bbd8cd..cf558087cd6 100644 --- a/roles/bastion-ssh-config/tasks/main.yml +++ b/roles/bastion-ssh-config/tasks/main.yml @@ -3,6 +3,7 @@ set_fact: bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}" delegate_to: localhost + connection: local # As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly # To figure out the real ssh user, we delegate this task to the bastion and store the ansible_user in real_user @@ -13,6 +14,7 @@ - name: create ssh bastion conf become: false delegate_to: localhost + connection: local template: src: ssh-bastion.conf dest: "{{ playbook_dir }}/ssh-bastion.conf" diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml index d19a8fe62c7..4c2851c1f47 100644 --- a/roles/download/tasks/download_container.yml +++ b/roles/download/tasks/download_container.yml @@ -18,6 +18,7 @@ stat: path: "{{ image_path_cached }}" delegate_to: localhost + connection: local delegate_facts: no register: cache_image changed_when: false diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml index 1c02f8084f1..450c1b0a8ce 100644 --- a/roles/download/tasks/download_file.yml +++ b/roles/download/tasks/download_file.yml @@ -25,6 +25,7 @@ state: directory recurse: yes delegate_to: localhost + connection: local delegate_facts: false run_once: true become: false diff --git a/roles/download/tasks/prep_download.yml b/roles/download/tasks/prep_download.yml index 388ae7029c5..dfeeaae31cf 100644 --- a/roles/download/tasks/prep_download.yml +++ b/roles/download/tasks/prep_download.yml @@ -45,6 +45,7 @@ - name: prep_download | On localhost, check if passwordless root is possible command: "true" delegate_to: localhost + connection: local run_once: true register: test_become changed_when: false @@ -59,6 +60,7 @@ - name: prep_download | On localhost, check if user has access to docker without using sudo shell: "{{ docker_bin_dir }}/docker images" delegate_to: localhost + connection: local run_once: true register: test_docker changed_when: false diff --git a/roles/kubernetes/client/tasks/main.yml b/roles/kubernetes/client/tasks/main.yml index 8e571a3ba76..5fd826a7861 100644 --- a/roles/kubernetes/client/tasks/main.yml +++ b/roles/kubernetes/client/tasks/main.yml @@ -36,6 +36,7 @@ mode: "0750" state: directory delegate_to: localhost + connection: local become: no run_once: yes when: kubeconfig_localhost @@ -98,6 +99,7 @@ dest: "{{ artifacts_dir }}/admin.conf" mode: 0640 delegate_to: localhost + connection: local become: no run_once: yes when: kubeconfig_localhost @@ -122,4 +124,5 @@ become: no run_once: yes delegate_to: localhost + connection: local when: kubectl_localhost and kubeconfig_localhost diff --git a/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml b/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml index 9bace42dc6c..62a863808b3 100644 --- a/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml +++ b/roles/kubernetes/preinstall/tasks/0030-pre_upgrade.yml @@ -3,6 +3,7 @@ stat: path: "{{ inventory_dir }}/../credentials" delegate_to: localhost + connection: local register: old_credential_dir become: no @@ -10,6 +11,7 @@ stat: path: "{{ inventory_dir }}/credentials" delegate_to: localhost + connection: local register: new_credential_dir become: no when: old_credential_dir.stat.exists @@ -19,6 +21,7 @@ args: creates: "{{ inventory_dir }}/credentials" delegate_to: localhost + connection: local become: no when: - old_credential_dir.stat.exists diff --git a/scripts/collect-info.yaml b/scripts/collect-info.yaml index 15f1c627fef..4c203648e39 100644 --- a/scripts/collect-info.yaml +++ b/scripts/collect-info.yaml @@ -133,6 +133,7 @@ dest: "{{ dir|default('.') }}/logs.tar.gz" remove: true delegate_to: localhost + connection: local become: false run_once: true diff --git a/tests/cloud_playbooks/delete-aws.yml b/tests/cloud_playbooks/delete-aws.yml index bffb8c60fa5..b72caf0ee75 100644 --- a/tests/cloud_playbooks/delete-aws.yml +++ b/tests/cloud_playbooks/delete-aws.yml @@ -15,3 +15,4 @@ region: "{{ ansible_ec2_placement_region }}" wait: True delegate_to: localhost + connection: local