Skip to content

Commit

Permalink
Only use stat get_checksum: yes when needed (kubernetes-sigs#7270)
Browse files Browse the repository at this point in the history
By default Ansible stat module compute checksum, list extended attributes and find mime type
To find all stat invocations that really use one of those:
git grep -F stat. | grep -vE 'stat.(islnk|exists|lnk_source|writeable)'

Signed-off-by: Etienne Champetier <[email protected]>
  • Loading branch information
champtar authored Feb 10, 2021
1 parent 6450207 commit de1d9df
Show file tree
Hide file tree
Showing 29 changed files with 142 additions and 2 deletions.
3 changes: 3 additions & 0 deletions roles/bootstrap-os/tasks/bootstrap-centos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@
- name: Check presence of fastestmirror.conf
stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
get_attributes: no
get_checksum: no
get_mime: no
register: fastestmirror

# the fastestmirror plugin can actually slow down Ansible deployments
Expand Down
3 changes: 3 additions & 0 deletions roles/bootstrap-os/tasks/bootstrap-opensuse.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,9 @@
- name: Check that /etc/sysconfig/proxy file exists
stat:
path: /etc/sysconfig/proxy
get_attributes: no
get_checksum: no
get_mime: no
register: stat_result

- name: Create the /etc/sysconfig/proxy empty file
Expand Down
3 changes: 3 additions & 0 deletions roles/bootstrap-os/tasks/bootstrap-redhat.yml
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@
- name: Check presence of fastestmirror.conf
stat:
path: /etc/yum/pluginconf.d/fastestmirror.conf
get_attributes: no
get_checksum: no
get_mime: no
register: fastestmirror

# the fastestmirror plugin can actually slow down Ansible deployments
Expand Down
3 changes: 3 additions & 0 deletions roles/container-engine/containerd/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_ostree
Expand Down
6 changes: 6 additions & 0 deletions roles/container-engine/cri-o/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_ostree
Expand Down Expand Up @@ -94,6 +97,9 @@
- name: Check if already installed
stat:
path: "/bin/crio"
get_attributes: no
get_checksum: no
get_mime: no
register: need_bootstrap_crio
when: is_ostree

Expand Down
3 changes: 3 additions & 0 deletions roles/container-engine/crun/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
- name: Check if binary exists
stat:
path: "{{ crun_bin_dir }}/crun"
get_attributes: no
get_checksum: no
get_mime: no
register: crun_stat

# TODO: use download_file.yml
Expand Down
3 changes: 3 additions & 0 deletions roles/container-engine/docker/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: check if fedora coreos
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_ostree
Expand Down
3 changes: 3 additions & 0 deletions roles/download/tasks/download_container.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@
- name: download_container | Determine if image is in cache
stat:
path: "{{ image_path_cached }}"
get_attributes: no
get_checksum: no
get_mime: no
delegate_to: localhost
connection: local
delegate_facts: no
Expand Down
3 changes: 3 additions & 0 deletions roles/etcd/handlers/backup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@
- name: Stat etcd v2 data directory
stat:
path: "{{ etcd_data_dir }}/member"
get_attributes: no
get_checksum: no
get_mime: no
register: etcd_data_dir_member

- name: Backup etcd v2 data
Expand Down
3 changes: 3 additions & 0 deletions roles/etcd/tasks/check_certs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@
- name: "Check certs | Register ca and etcd admin/member certs on etcd hosts"
stat:
path: "{{ etcd_cert_dir }}/{{ item }}"
get_attributes: no
get_checksum: yes
get_mime: no
register: etcd_member_certs
when: inventory_hostname in groups['etcd']
with_items:
Expand Down
6 changes: 6 additions & 0 deletions roles/etcdctl/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
- name: Check if etcdctl exist
stat:
path: "{{ bin_dir }}/etcdctl"
get_attributes: no
get_checksum: no
get_mime: no
register: stat_etcdctl

- block:
Expand All @@ -28,6 +31,9 @@
- name: Check if etcdctl still exist after version check
stat:
path: "{{ bin_dir }}/etcdctl"
get_attributes: no
get_checksum: no
get_mime: no
register: stat_etcdctl

- block:
Expand Down
3 changes: 3 additions & 0 deletions roles/kubernetes-apps/helm/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@
- name: Check if bash_completion.d folder exists # noqa 503
stat:
path: "/etc/bash_completion.d/"
get_attributes: no
get_checksum: no
get_mime: no
register: stat_result

- name: Get helm completion
Expand Down
3 changes: 3 additions & 0 deletions roles/kubernetes/control-plane/tasks/encrypt-at-rest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: Check if secret for encrypting data at rest already exist
stat:
path: "{{ kube_cert_dir }}/secrets_encryption.yaml"
get_attributes: no
get_checksum: no
get_mime: no
register: secrets_encryption_file

- name: Slurp secrets_encryption file if it exists
Expand Down
12 changes: 12 additions & 0 deletions roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: kubeadm | Check if old apiserver cert exists on host
stat:
path: "{{ kube_cert_dir }}/apiserver.pem"
get_attributes: no
get_checksum: no
get_mime: no
register: old_apiserver_cert
delegate_to: "{{ groups['kube-master'] | first }}"
run_once: true
Expand All @@ -24,12 +27,18 @@
- name: kubeadm | Check serviceaccount key
stat:
path: "{{ kube_cert_dir }}/sa.key"
get_attributes: no
get_checksum: yes
get_mime: no
register: sa_key_before
run_once: true

- name: kubeadm | Check if kubeadm has already run
stat:
path: "/var/lib/kubelet/config.yaml"
get_attributes: no
get_checksum: no
get_mime: no
register: kubeadm_already_run

- name: kubeadm | Delete old admin.conf
Expand Down Expand Up @@ -211,6 +220,9 @@
- name: kubeadm | Check serviceaccount key again
stat:
path: "{{ kube_cert_dir }}/sa.key"
get_attributes: no
get_checksum: yes
get_mime: no
register: sa_key_after
run_once: true

Expand Down
6 changes: 6 additions & 0 deletions roles/kubernetes/kubeadm/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,17 @@
- name: Check if kubelet.conf exists
stat:
path: "{{ kube_config_dir }}/kubelet.conf"
get_attributes: no
get_checksum: no
get_mime: no
register: kubelet_conf

- name: Check if kubeadm CA cert is accessible
stat:
path: "{{ kube_cert_dir }}/ca.crt"
get_attributes: no
get_checksum: no
get_mime: no
register: kubeadm_ca_stat
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
Expand Down
3 changes: 3 additions & 0 deletions roles/kubernetes/node/tasks/loadbalancer/haproxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@
- name: haproxy | Get checksum from config
stat:
path: "{{ haproxy_config_dir }}/haproxy.cfg"
get_attributes: no
get_checksum: yes
get_mime: no
register: haproxy_stat

- name: haproxy | Write static pod
Expand Down
3 changes: 3 additions & 0 deletions roles/kubernetes/node/tasks/loadbalancer/nginx-proxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@
- name: nginx-proxy | Get checksum from config
stat:
path: "{{ nginx_config_dir }}/nginx.conf"
get_attributes: no
get_checksum: yes
get_mime: no
register: nginx_stat

- name: nginx-proxy | Write static pod
Expand Down
12 changes: 10 additions & 2 deletions roles/kubernetes/preinstall/handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,21 @@

# FIXME(mattymo): Also restart for kubeadm mode
- name: Preinstall | kube-apiserver configured
stat: path="{{ kube_manifest_dir }}/kube-apiserver.manifest"
stat:
path: "{{ kube_manifest_dir }}/kube-apiserver.manifest"
get_attributes: no
get_checksum: no
get_mime: no
register: kube_apiserver_set
when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'

# FIXME(mattymo): Also restart for kubeadm mode
- name: Preinstall | kube-controller configured
stat: path="{{ kube_manifest_dir }}/kube-controller-manager.manifest"
stat:
path: "{{ kube_manifest_dir }}/kube-controller-manager.manifest"
get_attributes: no
get_checksum: no
get_mime: no
register: kube_controller_set
when: inventory_hostname in groups['kube-master'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'

Expand Down
15 changes: 15 additions & 0 deletions roles/kubernetes/preinstall/tasks/0040-set_facts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@
- name: check if booted with ostree
stat:
path: /run/ostree-booted
get_attributes: no
get_checksum: no
get_mime: no
register: ostree

- name: set is_fedora_coreos
Expand Down Expand Up @@ -59,6 +62,9 @@
- name: check if kubelet is configured
stat:
path: "{{ kube_config_dir }}/kubelet.env"
get_attributes: no
get_checksum: no
get_mime: no
register: kubelet_configured
changed_when: false

Expand All @@ -84,6 +90,9 @@
- name: check if /etc/dhclient.conf exists
stat:
path: /etc/dhclient.conf
get_attributes: no
get_checksum: no
get_mime: no
register: dhclient_stat

- name: target dhclient conf file for /etc/dhclient.conf
Expand All @@ -94,6 +103,9 @@
- name: check if /etc/dhcp/dhclient.conf exists
stat:
path: /etc/dhcp/dhclient.conf
get_attributes: no
get_checksum: no
get_mime: no
register: dhcp_dhclient_stat

- name: target dhclient conf file for /etc/dhcp/dhclient.conf
Expand Down Expand Up @@ -170,6 +182,9 @@
- name: check /usr readonly
stat:
path: "/usr"
get_attributes: no
get_checksum: no
get_mime: no
register: usr

- name: set alternate flexvolume path
Expand Down
3 changes: 3 additions & 0 deletions roles/kubernetes/preinstall/tasks/0050-create_directories.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@
- name: Check if kubernetes kubeadm compat cert dir exists
stat:
path: "{{ kube_cert_compat_dir }}"
get_attributes: no
get_checksum: no
get_mime: no
register: kube_cert_compat_dir_check
when:
- inventory_hostname in groups['k8s-cluster']
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@
- name: Confirm selinux deployed
stat:
path: /etc/selinux/config
get_attributes: no
get_checksum: no
get_mime: no
when:
- ansible_os_family == "RedHat"
- "'Amazon' not in ansible_distribution"
Expand Down Expand Up @@ -36,6 +39,9 @@
- name: Stat sysctl file configuration
stat:
path: "{{ sysctl_file_path }}"
get_attributes: no
get_checksum: no
get_mime: no
register: sysctl_file_stat
tags:
- bootstrap-os
Expand Down
3 changes: 3 additions & 0 deletions roles/kubernetes/preinstall/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,9 @@
- name: Check if we are running inside a Azure VM
stat:
path: /var/lib/waagent/
get_attributes: no
get_checksum: no
get_mime: no
register: azure_check
when:
- not dns_late
Expand Down
6 changes: 6 additions & 0 deletions roles/kubernetes/tokens/tasks/check-tokens.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: "Check_tokens | check if the tokens have already been generated on first master"
stat:
path: "{{ kube_token_dir }}/known_tokens.csv"
get_attributes: no
get_checksum: yes
get_mime: no
delegate_to: "{{ groups['kube-master'][0] }}"
register: known_tokens_master
run_once: true
Expand All @@ -20,6 +23,9 @@
- name: "Check tokens | check if a cert already exists"
stat:
path: "{{ kube_token_dir }}/known_tokens.csv"
get_attributes: no
get_checksum: yes
get_mime: no
register: known_tokens

- name: "Check_tokens | Set 'sync_tokens' to true"
Expand Down
3 changes: 3 additions & 0 deletions roles/network_plugin/calico/tasks/reset.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: reset | check dummy0 network device
stat:
path: /sys/class/net/dummy0
get_attributes: no
get_checksum: no
get_mime: no
register: dummy0

- name: reset | remove the network device created by calico
Expand Down
3 changes: 3 additions & 0 deletions roles/network_plugin/cilium/tasks/reset_iface.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@
- name: "reset | check if network device {{ iface }} is present"
stat:
path: "/sys/class/net/{{ iface }}"
get_attributes: no
get_checksum: no
get_mime: no
register: device_remains

- name: "reset | remove network device {{ iface }}"
Expand Down
Loading

0 comments on commit de1d9df

Please sign in to comment.