Merge pull request #161 from rancherfederal/update-fqcn

Update fqcn
rancherfederal · Oct 3, 2023 · 7ae082d · 7ae082d
2 parents 3b9f8e8 + c29b213
commit 7ae082d
Show file tree

Hide file tree

Showing 25 changed files with 178 additions and 175 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -7,5 +7,4 @@ warn_list:
   - var-spacing
   - var-naming
 skip_list:
-  - experimental
-  - fqcn-builtins
+  - experimental
diff --git a/ansible.cfg b/ansible.cfg
@@ -11,4 +11,4 @@ pipelining = True
 host_key_checking = False
 deprecation_warnings = False
 callback_whitelist = profile_roles, timer
-display_skipped_hosts = no
+display_skipped_hosts = no
diff --git a/roles/rke2_agent/tasks/main.yml b/roles/rke2_agent/tasks/main.yml
@@ -3,18 +3,18 @@
 - name: RKE2 agent and server tasks
   vars:
     caller_role_name: agent
-  include_role:
+  ansible.builtin.include_role:
     name: rke2_common
     tasks_from: main
 
 - name: Does config file already have server token?  # noqa command-instead-of-shell
-  command: 'grep -i "^token:" /etc/rancher/rke2/config.yaml'
+  ansible.builtin.command: 'grep -i "^token:" /etc/rancher/rke2/config.yaml'
   register: server_token_check
   failed_when: server_token_check.rc >= 2
   changed_when: false
 
 - name: Add token to config.yaml
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/rancher/rke2/config.yaml
     line: "token: {{ hostvars[groups['rke2_servers'][0]].rke2_config_token }}"
     state: present
@@ -23,13 +23,13 @@
     - '"token:" not in server_token_check.stdout'
 
 - name: Does config file already have server url?  # noqa command-instead-of-shell
-  command: 'grep -i "^server:" /etc/rancher/rke2/config.yaml'
+  ansible.builtin.command: 'grep -i "^server:" /etc/rancher/rke2/config.yaml'
   register: server_url_check
   failed_when: server_url_check.rc >= 2
   changed_when: false
 
 - name: Add server url to config file
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/rancher/rke2/config.yaml
     line: "server: https://{{ kubernetes_api_server_host }}:9345"
     state: present
@@ -38,7 +38,7 @@
     - '"server:" not in server_url_check.stdout'
 
 - name: Start rke2-agent
-  systemd:
+  ansible.builtin.systemd:
     name: rke2-agent.service
     state: started
     enabled: yes

diff --git a/roles/rke2_common/handlers/main.yml b/roles/rke2_common/handlers/main.yml
@@ -1,16 +1,16 @@
 ---
 
 - name: Restart systemd-sysctl
-  service:
+  ansible.builtin.service:
     state: restarted
     name: systemd-sysctl
 
 - name: Restart rke2-server
-  service:
+  ansible.builtin.service:
     state: restarted
     name: rke2-server
 
 - name: Restart rke2-agent
-  service:
+  ansible.builtin.service:
     state: restarted
     name: rke2-agent
diff --git a/roles/rke2_common/tasks/add-audit-policy-config.yml b/roles/rke2_common/tasks/add-audit-policy-config.yml
@@ -1,12 +1,12 @@
 ---
 - name: Create the /etc/rancher/rke2 config dir
-  file:
+  ansible.builtin.file:
     path: /etc/rancher/rke2
     state: directory
     recurse: yes
 
 - name: Add audit policy configuration file
-  copy:
+  ansible.builtin.copy:
     src: "{{ audit_policy_config_file_path }}"
     dest: "/etc/rancher/rke2/audit-policy.yaml"
     mode: '0640'

diff --git a/roles/rke2_common/tasks/add-manifest-addons.yml b/roles/rke2_common/tasks/add-manifest-addons.yml
@@ -1,7 +1,7 @@
 ---
 
 - name: Add manifest addons files
-  copy:
+  ansible.builtin.copy:
     src: "{{ manifest_config_file_path }}"
     dest: "/var/lib/rancher/rke2/server/manifests/"
     mode: '0640'

diff --git a/roles/rke2_common/tasks/add-registry-config.yml b/roles/rke2_common/tasks/add-registry-config.yml
@@ -1,12 +1,12 @@
 ---
 - name: Create the /etc/rancher/rke2 config dir
-  file:
+  ansible.builtin.file:
     path: /etc/rancher/rke2
     state: directory
     recurse: yes
 
 - name: Add registry configuration file
-  copy:
+  ansible.builtin.copy:
     src: "{{ registry_config_file_path }}"
     dest: "/etc/rancher/rke2/registries.yaml"
     mode: '0640'
@@ -16,7 +16,7 @@
   notify: Restart rke2-server
 
 - name: Add registry configuration file
-  copy:
+  ansible.builtin.copy:
     src: "{{ registry_config_file_path }}"
     dest: "/etc/rancher/rke2/registries.yaml"
     mode: '0640'

diff --git a/roles/rke2_common/tasks/calculate_rke2_version.yml b/roles/rke2_common/tasks/calculate_rke2_version.yml
@@ -4,63 +4,66 @@
   when: ( install_rke2_version is not defined ) or ( install_rke2_version | length == 0 )
   block:
     - name: Stop if the provided is not valid
-      fail:
+      ansible.builtin.fail:
         msg: "Provided channel is not valid"
       when: rke2_channel not in channels
 
     - name: Get full version name url
-      uri:
+      ansible.builtin.uri:
         url: https://update.rke2.io/v1-release/channels/{{ rke2_channel }}
         follow_redirects: safe
         remote_src: true
       register: rke2_version_url
 
     - name: Set full version name
-      shell: set -o pipefail && echo {{ rke2_version_url.url }} | sed -e 's|.*/||'
+      ansible.builtin.shell: set -o pipefail && echo {{ rke2_version_url.url }} | sed -e 's|.*/||'
       register: rke2_full_version
       changed_when: false
       args:
         executable: /usr/bin/bash
 
 - name: Set rke2_full_version fact
-  set_fact:
+  ansible.builtin.set_fact:
     rke2_full_version: "{{ rke2_full_version.stdout if ((install_rke2_version is not defined) or (install_rke2_version|length == 0)) else install_rke2_version }}"  # yamllint disable-line rule:line-length
 
 - name: Set dot version
-  shell: set -o pipefail && echo {{ rke2_full_version }} | /usr/bin/cut -d'+' -f1
+  ansible.builtin.shell:
+    cmd: set -o pipefail && echo {{ rke2_full_version }} | /usr/bin/cut -d'+' -f1
   register: rke2_version_dot_tmp
   changed_when: false
   args:
     executable: /usr/bin/bash
 
 - name: Set rke2_version_dot fact
-  set_fact:
+  ansible.builtin.set_fact:
     rke2_version_dot: "{{ rke2_version_dot_tmp.stdout }}"
 
 - name: Set Maj.Min version
-  shell: set -o pipefail && echo {{ rke2_full_version }} | /bin/awk -F'.' '{ print $1"."$2 }' | sed "s|^v||g"
+  ansible.builtin.shell:
+    cmd: set -o pipefail && echo {{ rke2_full_version }} | /bin/awk -F'.' '{ print $1"."$2 }' | sed "s|^v||g"
   register: rke2_version_majmin_tmp
   changed_when: false
   args:
     executable: /usr/bin/bash
 
 - name: Set rke2_version_majmin fact
-  set_fact:
+  ansible.builtin.set_fact:
     rke2_version_majmin: "{{ rke2_version_majmin_tmp.stdout }}"
 
 - name: Set RPM version
-  shell: set -o pipefail && echo {{ rke2_full_version }} | sed -E -e "s/[\+-]/~/g" | sed -E -e "s/v(.*)/\1/"
+  ansible.builtin.shell:
+    cmd: set -o pipefail && echo {{ rke2_full_version }} | sed -E -e "s/[\+-]/~/g" | sed -E -e "s/v(.*)/\1/"
   register: rke2_version_rpm_tmp
   changed_when: false
   args:
     executable: /usr/bin/bash
 
 - name: Set rke2_version_rpm fact
-  set_fact:
+  ansible.builtin.set_fact:
     rke2_version_rpm: "{{ rke2_version_rpm_tmp.stdout }}"
 
 - name: Describe versions
-  debug:
+  ansible.builtin.debug:
     msg:
       - "Full version, with revision indication: {{ rke2_full_version }}"
       - "Version without revision indication: {{ rke2_version_dot }}"

diff --git a/roles/rke2_common/tasks/cis-hardening.yml b/roles/rke2_common/tasks/cis-hardening.yml
@@ -5,30 +5,31 @@
   block:
 
     - name: Create etcd group
-      group:
+      ansible.builtin.group:
         name: etcd
         state: present
 
     - name: Create etcd user
-      user:
+      ansible.builtin.user:
         name: etcd
         comment: etcd user
         shell: /bin/nologin
         group: etcd
+        create_home: false
 
     - name: Copy systemctl file for kernel hardening for yum installs
-      copy:
+      ansible.builtin.copy:
         src: /usr/share/rke2/rke2-cis-sysctl.conf
         dest: /etc/sysctl.d/60-rke2-cis.conf
-        remote_src: yes
+        remote_src: true
         mode: 0600
       register: sysctl_operation_yum
       when:
         - ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky'
         - not rke2_binary_tarball_check.stat.exists
 
     - name: Copy systemctl file for kernel hardening for non-yum installs
-      copy:
+      ansible.builtin.copy:
         src: /usr/local/share/rke2/rke2-cis-sysctl.conf
         dest: /etc/sysctl.d/60-rke2-cis.conf
         remote_src: yes
@@ -40,12 +41,12 @@
         rke2_binary_tarball_check.stat.exists
 
     - name: Restart systemd-sysctl
-      service:
+      ansible.builtin.service:
         state: restarted
         name: systemd-sysctl
       when: sysctl_operation_yum.changed or sysctl_operation_tarball.changed
 
     - name: Reboot the machine (Wait for 5 min)
-      reboot:
+      ansible.builtin.reboot:
         reboot_timeout: 300
       when: sysctl_operation_yum.changed or sysctl_operation_tarball.changed