fixing linting

.ansible-lint-ignore

@@ -1,4 +1,8 @@
 # This file contains ignores rule violations for ansible-lint
 
 roles/testing/tasks/troubleshooting.yml ignore-errors
-inventory/sample/hosts.yml yaml[line-length]
+inventory/sample/hosts.yml yaml[line-length]
+inventory/sample/hosts.yml yaml[comments-indentation]
+roles/rke2/tasks/add-audit-policy-config.yml no-handler
+roles/rke2/tasks/add-pod-security-admission-config.yml no-handler
+roles/rke2/tasks/add-registry-config.yml no-handler

.github/workflows/rocky8.yml

@@ -119,7 +119,7 @@ jobs:
           echo "        $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml
           echo "all:" >> hosts.yml
           echo "  vars:" >> hosts.yml
-          echo "    kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
+          echo "    rke2_kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
           echo "" >> ansible.cfg
           echo "" >> ansible.cfg
           echo "remote_user=centos" >> ansible.cfg
@@ -172,7 +172,7 @@ jobs:
           echo "        $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml
           echo "all:" >> hosts.yml
           echo "  vars:" >> hosts.yml
-          echo "    kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
+          echo "    rke2_kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
           cp hosts.yml inventory/rocky8/hosts.yml
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

.github/workflows/ubuntu20.yml

@@ -117,7 +117,7 @@ jobs:
           echo "        $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Agent" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml
           echo "all:" >> hosts.yml
           echo "  vars:" >> hosts.yml
-          echo "    kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
+          echo "    rke2_kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
           echo "" >> ansible.cfg
           echo "" >> ansible.cfg
           echo "remote_user=ubuntu" >> ansible.cfg
@@ -170,7 +170,7 @@ jobs:
           echo "        $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=ExtraNode" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PublicIpAddress" --output text | head -1):" >> hosts.yml
           echo "all:" >> hosts.yml
           echo "  vars:" >> hosts.yml
-          echo "    kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
+          echo "    rke2_kubernetes_api_server_host: $(aws ec2 describe-instances --filters "Name=instance-state-name,Values=running" "Name=tag:Owner,Values=rke2-ansible-github-actions" "Name=tag:NodeType,Values=Server" "Name=tag:github_run,Values=$GITHUB_RUN_ID" --query "Reservations[*].Instances[*].PrivateIpAddress" --output text | head -1)" >> hosts.yml
           cp hosts.yml inventory/ubuntu20/hosts.yml
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}

README.md

@@ -109,7 +109,7 @@ Kubeconfig
 To get access to your **Kubernetes** cluster just
 
 ```bash
-ssh ec2-user@kubernetes_api_server_host "sudo /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes"
+ssh ec2-user@rke2_kubernetes_api_server_host "sudo /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes"
 ```
 
 Available configurations

inventory/sample/group_vars/rke2_agents.yml

@@ -7,4 +7,4 @@ rke2_config: {}
 
 # See https://docs.rke2.io/install/containerd_registry_configuration/
 # Add a registry configuration file by specifying the file path on the control host
-# registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"
+# rke2_registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"

inventory/sample/group_vars/rke2_servers.yml

@@ -36,11 +36,11 @@ rke2_config: {}
 
 # See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
 # Add a policy configuration file by specifying the file path on the control host
-# audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml"
+# rke2_audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml"
 
 # See https://docs.rke2.io/install/containerd_registry_configuration/
 # Add a registry configuration file by specifying the file path on the control host
-# registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"
+# rke2_registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"
 
 # See https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts
 # Add manifest files by specifying the directory path on the control host
@@ -50,4 +50,4 @@ rke2_config: {}
 # Available in RKE2 1.25+
 # Add a pod security admission config file by specifying the file path on the control host
 # Requires config.yaml to include `- admission-control-config-file=/etc/rancher/rke2/pod-security-admission-config.yaml` in order for this to be honored
-# pod_security_admission_config_file_path: "{{ playbook_dir }}/sample_files/pod-security-admission-config.yaml"
+# rke2_pod_security_admission_config_file_path: "{{ playbook_dir }}/sample_files/pod-security-admission-config.yaml"

inventory/sample/hosts.yml

@@ -49,10 +49,10 @@ rke2_cluster:
           # write-kubeconfig-mode: "0640"
           # # See https://kubernetes.io/docs/tasks/debug-application-cluster/audit/
           # # Add a policy configuration file by specifying the file path on the control host
-          # audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml"
+          # rke2_audit_policy_config_file_path: "{{ playbook_dir }}/sample_files/audit-policy.yaml"
           # # See https://docs.rke2.io/install/containerd_registry_configuration/
           # # Add a registry configuration file by specifying the file path on the control host
-          # registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"
+          # rke2_registry_config_file_path: "{{ playbook_dir }}/sample_files/registries.yaml"
           # # See https://docs.rke2.io/helm/#automatically-deploying-manifests-and-helm-charts
           # # Add manifest files by specifying the directory path on the control host
           # manifest_config_file_path: "{{ playbook_dir }}/sample_files/manifest/"

roles/rke2/defaults/main.yml

@@ -1,16 +1,17 @@
 ---
-kubernetes_api_server_host: "{{ hostvars[groups['rke2_servers'][0]].inventory_hostname }}"
+rke2_kubernetes_api_server_host: "{{ hostvars[groups['rke2_servers'][0]].inventory_hostname }}"
 tarball_dir: "/usr/local"
 rke2_local_tarball_path: ""
 rke2_tarball_url: ""
 rke2_images_urls: []
 rke2_images_local_tarball_path: []
 rke2_channel: stable
-audit_policy_config_file_path: ""
-registry_config_file_path: ""
-pod_security_admission_config_file_path: ""
-add_iptables_rules: false
-cluster_manifest_config_file_path: ""
+rke2_audit_policy_config_file_path: ""
+rke2_registry_config_file_path: ""
+rke2_pod_security_admission_config_file_path: ""
+rke2_add_iptables_rules: false
+rke2_initial_manifest_config_file_path: ""
+rke2_cluster_manifest_config_file_path: ""
 rke2_common_yum_repo:
   name: rancher-rke2-common
   description: "Rancher RKE2 Common Latest"

roles/rke2/tasks/add-audit-policy-config.yml

@@ -1,20 +1,20 @@
 ---
 - name: Add audit policy configuration file
   vars:
-    file_contents: "{{ lookup('file', audit_policy_config_file_path) }}"
+    file_contents: "{{ lookup('file', rke2_audit_policy_config_file_path) }}"
   ansible.builtin.template:
     src: ansible_header.j2
     dest: "/etc/rancher/rke2/audit-policy.yaml"
     mode: '0640'
     owner: root
     group: root
   when:
-    - audit_policy_config_file_path|length != 0
+    - rke2_audit_policy_config_file_path|length != 0
   notify: "Restart {{ service_name }}"
 
 - name: Remove audit policy configuration file
   when:
-    - audit_policy_config_file_path|length == 0
+    - rke2_audit_policy_config_file_path|length == 0
   block:
     - name: Check that the audit policy config file exists
       ansible.builtin.stat:

roles/rke2/tasks/add-manifest-addons.yml

@@ -2,7 +2,7 @@
 
 - name: Add manifest addons files
   ansible.builtin.copy:
-    src: "{{ manifest_config_file_path }}"
+    src: "{{ src }}"
     dest: "/var/lib/rancher/rke2/server/manifests/"
     mode: '0640'
     owner: root

roles/rke2/tasks/add-pod-security-admission-config.yml

@@ -1,20 +1,20 @@
 ---
 - name: Add pod security admission config file
   vars:
-    file_contents: "{{ lookup('file', pod_security_admission_config_file_path) }}"
+    file_contents: "{{ lookup('file', rke2_pod_security_admission_config_file_path) }}"
   ansible.builtin.template:
     src: ansible_header.j2
     dest: "/etc/rancher/rke2/pod-security-admission-config.yaml"
     mode: '0640'
     owner: root
     group: root
   when:
-    - pod_security_admission_config_file_path|length != 0
+    - rke2_pod_security_admission_config_file_path|length != 0
   notify: "Restart {{ service_name }}"
 
 - name: Remove pod security admission config file
   when:
-    - pod_security_admission_config_file_path is not defined or pod_security_admission_config_file_path|length == 0
+    - rke2_pod_security_admission_config_file_path|length == 0
   block:
     - name: Check that the PSA config file exists
       ansible.builtin.stat:

roles/rke2/tasks/add-registry-config.yml

@@ -1,20 +1,20 @@
 ---
 - name: Add registry configuration file
   vars:
-    file_contents: "{{ lookup('file', registry_config_file_path) }}"
+    file_contents: "{{ lookup('file', rke2_registry_config_file_path) }}"
   ansible.builtin.template:
     src: ansible_header.j2
     dest: "/etc/rancher/rke2/registries.yaml"
     mode: '0640'
     owner: root
     group: root
   when:
-    - registry_config_file_path|length != 0
+    - rke2_registry_config_file_path|length != 0
   notify: "Restart {{ service_name }}"
 
 - name: Remove registry configuration file
   when:
-    - registry_config_file_path|length == 0
+    - rke2_registry_config_file_path|length == 0
   block:
     - name: Check that the registry config file exists
       ansible.builtin.stat:

roles/rke2/tasks/cis-hardening.yml

@@ -50,7 +50,7 @@
     # always rebooting, even if the node was brand new and RKE2 not running yet.
     - name: Reboot the machine (Wait for 5 min)
       ansible.builtin.set_fact:
-        reboot: true
+        rke2_reboot: true
       when:
         - (sysctl_operation_yum.changed or sysctl_operation_tarball.changed)
         - rke2_running is defined

roles/rke2/tasks/configure_rke2.yml

@@ -24,7 +24,8 @@
 
 - name: Configure first server manifests
   ansible.builtin.include_tasks: add-manifest-addons.yml
+  vars:
+    src: "{{ rke2_initial_manifest_config_file_path }}"
   when:
     - inventory_hostname in groups['rke2_servers'][0]
-    - manifest_config_file_path is defined
-    - manifest_config_file_path | length > 0
+    - rke2_initial_manifest_config_file_path | length > 0

roles/rke2/tasks/main.yml

@@ -76,13 +76,9 @@
   when:
     - inventory_hostname in groups['rke2_servers']
 
-- name: Add cluster manifest addons files
-  ansible.builtin.copy:
-    src: "{{ cluster_manifest_config_file_path }}"
-    dest: "/var/lib/rancher/rke2/server/manifests/"
-    mode: '0640'
-    owner: root
-    group: root
+- name: Configure cluster manifests
+  ansible.builtin.include_tasks: add-manifest-addons.yml
+  vars:
+    src: "{{ rke2_cluster_manifest_config_file_path }}"
   when:
     - inventory_hostname in groups['rke2_servers'][0]
-    - cluster_manifest_config_file_path | length > 0

roles/rke2/tasks/network_manager_fix.yaml

@@ -34,7 +34,7 @@
     enabled: no
     state: stopped
   when: ansible_facts.services["nm-cloud-setup.service"] is defined
-  notify: 
+  notify:
     - Reload NetworkManager
     - "Restart {{ service_name }}"
 
@@ -44,8 +44,6 @@
     state: stopped
     enabled: no
   when: ansible_facts.services["nm-cloud-setup.service"] is defined
-  notify: 
+  notify:
     - Reload NetworkManager
     - "Restart {{ service_name }}"
-
-

roles/rke2/tasks/other_nodes.yml

@@ -28,7 +28,7 @@
 - name: Add server url to config file
   ansible.builtin.lineinfile:
     dest: /etc/rancher/rke2/config.yaml
-    line: "server: https://{{ kubernetes_api_server_host }}:9345"
+    line: "server: https://{{ rke2_kubernetes_api_server_host }}:9345"
     state: present
     insertbefore: BOF
   when:

roles/rke2/tasks/pre_reqs.yml

@@ -19,4 +19,4 @@
   ansible.builtin.include_tasks: iptables_rules.yml
   when:
     - ansible_facts.services["iptables.service"] is defined
-    - add_iptables_rules | bool
+    - rek2_add_iptables_rules | bool

roles/rke2/tasks/previous_install.yml

@@ -2,7 +2,7 @@
 
 - name: Set fact if rke2-server was previously installed
   ansible.builtin.set_fact:
-    installed: true
+    rke2_installed: true
   when:
     - ansible_facts.services["rke2-server.service"] is defined
     - not ansible_facts.services["rke2-server.service"].status == 'disabled'
@@ -18,7 +18,7 @@
 
 - name: Set fact if rke2-agent was previously installed
   ansible.builtin.set_fact:
-    installed: true
+    rke2_installed: true
   when:
     - ansible_facts.services["rke2-agent.service"] is defined
     - not ansible_facts.services["rke2-agent.service"].status == 'disabled'

roles/rke2/tasks/rpm_install.yml

@@ -34,7 +34,7 @@
       ansible_facts['distribution_major_version'] == "9"
 
 - name: YUM-Based Install
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ service_name }}-{{ rke2_version_rpm }}"
     state: latest  # noqa package-latest
   notify: "Restart {{ service_name }}"

roles/rke2/tasks/tarball_install.yml

@@ -36,7 +36,6 @@
     - not rke2_binary_tarball_check.stat.exists
     - rke2_tarball_url != ""
 
-
 - name: Determine if current version differs what what is being installed
   ansible.builtin.set_fact:
     rke2_version_changed: true

roles/rke2/tasks/wait_for_rke2.yml

@@ -11,7 +11,7 @@
 
 - name: Wait for k8s apiserver
   ansible.builtin.wait_for:
-    host: "{{ kubernetes_api_server_host }}"
+    host: "{{ rke2_kubernetes_api_server_host }}"
     port: "6443"
     state: present
     timeout: 300
@@ -27,16 +27,14 @@
 
 - name: Extract the hostname-override parameter from the kubelet process
   ansible.builtin.set_fact:
-    kubelet_hostname_override_parameter: "{{ kubelet_check.stdout | \
-      regex_search('\\s--hostname-override=((([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]))\\s',\
-      '\\1') }}"
+    kubelet_hostname: "{{ kubelet_check.stdout | regex_search('\\s--hostname-override=([^\\s]+)', '\\1') }}"
   when:
     - inventory_hostname in groups['rke2_servers']
 
 - name: Wait for node to show Ready status
   ansible.builtin.command: >-
     /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml
-    --server https://127.0.0.1:6443 get no {{ kubelet_hostname_override_parameter[0] }}
+    --server https://127.0.0.1:6443 get no {{ kubelet_hostname }}
     -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}'
   register: status_result
   until: status_result.stdout.find("True") != -1

roles/rke2/vars/main.yml

@@ -1,6 +1,5 @@
 ---
 
-tmp_sha1: 55ca6286e3e4f4fba5d0448333fa99fc5a404a73
-installed: false
+rke2_installed: false
 rke2_version_changed: false
-reboot: false
+rke2_reboot: false

site.yml

@@ -6,4 +6,3 @@
   become: true
   roles:
     - role: rke2
-  # serial: 5