General Repo Cleanup

.github/workflows/lint.yml

@@ -14,10 +14,10 @@ jobs:
 
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Set up Python 3.7.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: '3.x'
 

.gitignore

@@ -0,0 +1,2 @@
+.vscode
+.vagrant

reset.yml

@@ -1,6 +1,7 @@
 ---
 
-- hosts: k3s_cluster
+- name: Reset K3s cluster
+  hosts: k3s_cluster
   gather_facts: yes
   become: yes
   roles:

roles/download/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Download k3s binary x64
-  get_url:
+  ansible.builtin.get_url:
     url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s
     checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-amd64.txt
     timeout: 120
@@ -12,7 +12,7 @@
   when: ansible_facts.architecture == "x86_64"
 
 - name: Download k3s binary arm64
-  get_url:
+  ansible.builtin.get_url:
     url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-arm64
     checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm64.txt
     timeout: 120
@@ -26,7 +26,7 @@
       ansible_facts.architecture is search("aarch64")
 
 - name: Download k3s binary armhf
-  get_url:
+  ansible.builtin.get_url:
     url: https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/k3s-armhf
     checksum: sha256:https://github.com/k3s-io/k3s/releases/download/{{ k3s_version }}/sha256sum-arm.txt
     timeout: 120

roles/k3s/master/tasks/main.yml

@@ -2,78 +2,78 @@
 
 - name: Copy K3s service file
   register: k3s_service
-  template:
+  ansible.builtin.template:
     src: "k3s.service.j2"
     dest: "{{ systemd_dir }}/k3s.service"
     owner: root
     group: root
     mode: 0644
 
 - name: Enable and check K3s service
-  systemd:
+  ansible.builtin.systemd:
     name: k3s
     daemon_reload: yes
     state: restarted
     enabled: yes
 
 - name: Wait for node-token
-  wait_for:
+  ansible.builtin.wait_for:
     path: "{{ k3s_server_location }}/server/node-token"
 
 - name: Register node-token file access mode
-  stat:
+  ansible.builtin.stat:
     path: "{{ k3s_server_location }}/server/node-token"
   register: p
 
 - name: Change file access node-token
-  file:
+  ansible.builtin.file:
     path: "{{ k3s_server_location }}/server/node-token"
     mode: "g+rx,o+rx"
 
 - name: Read node-token from master
-  slurp:
+  ansible.builtin.slurp:
     path: "{{ k3s_server_location }}/server/node-token"
   register: node_token
 
 - name: Store Master node-token
-  set_fact:
+  ansible.builtin.set_fact:
     token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"
 
 - name: Restore node-token file access
-  file:
+  ansible.builtin.file:
     path: "{{ k3s_server_location }}/server/node-token"
     mode: "{{ p.stat.mode }}"
 
 - name: Create directory .kube
-  file:
+  ansible.builtin.file:
     path: ~{{ ansible_user }}/.kube
     state: directory
     owner: "{{ ansible_user }}"
     mode: "u=rwx,g=rx,o="
 
 - name: Copy config file to user home directory
-  copy:
+  ansible.builtin.copy:
     src: /etc/rancher/k3s/k3s.yaml
     dest: ~{{ ansible_user }}/.kube/config
     remote_src: yes
     owner: "{{ ansible_user }}"
     mode: "u=rw,g=,o="
 
 - name: Replace https://localhost:6443 by https://master-ip:6443
-  command: >-
+  ansible.builtin.command: >-
     /usr/local/bin/k3s kubectl config set-cluster default
       --server=https://{{ master_ip }}:6443
       --kubeconfig ~{{ ansible_user }}/.kube/config
   changed_when: true
 
 - name: Create kubectl symlink
-  file:
+  ansible.builtin.file:
     src: /usr/local/bin/k3s
     dest: /usr/local/bin/kubectl
     state: link
 
 - name: Create crictl symlink
-  file:
+  ansible.builtin.file:
     src: /usr/local/bin/k3s
     dest: /usr/local/bin/crictl
     state: link

roles/k3s/node/tasks/main.yml

@@ -1,15 +1,15 @@
 ---
 
 - name: Copy K3s service file
-  template:
+  ansible.builtin.template:
     src: "k3s.service.j2"
     dest: "{{ systemd_dir }}/k3s-node.service"
     owner: root
     group: root
     mode: 0755
 
 - name: Enable and check K3s service
-  systemd:
+  ansible.builtin.systemd:
     name: k3s-node
     daemon_reload: yes
     state: restarted

roles/prereq/tasks/main.yml

@@ -1,39 +1,39 @@
 ---
 - name: Set SELinux to disabled state
-  selinux:
+  ansible.posix.selinux:
     state: disabled
   when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat']
 
 - name: Enable IPv4 forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv4.ip_forward
     value: "1"
     state: present
     reload: yes
 
 - name: Enable IPv6 forwarding
-  sysctl:
+  ansible.posix.sysctl:
     name: net.ipv6.conf.all.forwarding
     value: "1"
     state: present
     reload: yes
   when: ansible_all_ipv6_addresses
 
 - name: Add br_netfilter to /etc/modules-load.d/
-  copy:
+  ansible.builtin.copy:
     content: "br_netfilter"
     dest: /etc/modules-load.d/br_netfilter.conf
     mode: "u=rw,g=,o="
   when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat']
 
 - name: Load br_netfilter
-  modprobe:
+  community.general.modprobe:
     name: br_netfilter
     state: present
   when: ansible_distribution in ['CentOS', 'Red Hat Enterprise Linux','RedHat']
 
 - name: Set bridge-nf-call-iptables (just to be sure)
-  sysctl:
+  ansible.posix.sysctl:
     name: "{{ item }}"
     value: "1"
     state: present
@@ -44,7 +44,7 @@
     - net.bridge.bridge-nf-call-ip6tables
 
 - name: Add /usr/local/bin to sudo secure_path
-  lineinfile:
+  ansible.builtin.lineinfile:
     line: 'Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
     regexp: "Defaults(\\s)*secure_path(\\s)*="
     state: present

roles/raspberrypi/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
-- name: reboot
-  reboot:
+- name: Reboot
+  ansible.builtin.reboot:

roles/raspberrypi/tasks/main.yml

@@ -1,47 +1,47 @@
 ---
 - name: Test for raspberry pi /proc/cpuinfo
-  command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo
+  ansible.builtin.command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo
   register: grep_cpuinfo_raspberrypi
   failed_when: false
   changed_when: false
 
 - name: Test for raspberry pi /proc/device-tree/model
-  command: grep -E "Raspberry Pi" /proc/device-tree/model
+  ansible.builtin.command: grep -E "Raspberry Pi" /proc/device-tree/model
   register: grep_device_tree_model_raspberrypi
   failed_when: false
   changed_when: false
 
 - name: Set raspberry_pi fact to true
-  set_fact:
+  ansible.builtin.set_fact:
     raspberry_pi: true
   when:
     grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0
 
 - name: Set detected_distribution to Raspbian
-  set_fact:
+  ansible.builtin.set_fact:
     detected_distribution: Raspbian
   when: >
     raspberry_pi|default(false) and
     ( ansible_facts.lsb.id|default("") == "Raspbian" or
       ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") )
 
 - name: Set detected_distribution to Debian
-  set_fact:
+  ansible.builtin.set_fact:
     detected_distribution: Debian
   when: >
     raspberry_pi|default(false) and
     ( ansible_facts.lsb.id|default("") == "Debian" or
       ansible_facts.lsb.description|default("") is match("Debian") )
 
 - name: Set detected_distribution_major_version
-  set_fact:
+  ansible.builtin.set_fact:
     detected_distribution_major_version: "{{ ansible_facts.lsb.major_release }}"
-  when: > 
+  when: >
     ( detected_distribution | default("") == "Raspbian" or
       detected_distribution | default("") == "Debian" )
 
-- name: execute OS related tasks on the Raspberry Pi
-  include_tasks: "{{ item }}"
+- name: Execute OS related tasks on the Raspberry Pi
+  ansible.builtin.include_tasks: "{{ item }}"
   with_first_found:
     - "prereq/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml"
     - "prereq/{{ detected_distribution }}.yml"

roles/raspberrypi/tasks/prereq/CentOS.yml

@@ -1,6 +1,6 @@
 ---
 - name: Enable cgroup via boot commandline if not already enabled for Centos
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /boot/cmdline.txt
     backrefs: yes
     regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'

roles/raspberrypi/tasks/prereq/Debian.yml

@@ -1,34 +1,34 @@
 ---
 - name: Check if /boot/firmware/cmdline.txt exists
-  stat:
+  ansible.builtin.stat:
     path: /boot/firmware/cmdline.txt
   register: boot_firmware_cmdline_txt
 
 - name: Activating cgroup support
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ (boot_firmware_cmdline_txt.stat.exists) | ternary('/boot/firmware/cmdline.txt', '/boot/cmdline.txt') }}"
     regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
     line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
     backrefs: true
   notify: reboot
 
 - name: Install iptables
-  apt:
+  ansible.builtin.apt:
     name: iptables
 
 - name: Flush iptables before changing to iptables-legacy
-  iptables:
+  ansible.builtin.iptables:
     flush: true
   changed_when: false   # iptables flush always returns changed
 
 - name: Changing to iptables-legacy
-  alternatives:
+  community.general.alternatives:
     path: /usr/sbin/iptables-legacy
     name: iptables
   register: ip4_legacy
 
 - name: Changing to ip6tables-legacy
-  alternatives:
+  community.general.alternatives:
     path: /usr/sbin/ip6tables-legacy
     name: ip6tables
   register: ip6_legacy

roles/raspberrypi/tasks/prereq/Raspbian.yml

@@ -1,25 +1,25 @@
 ---
 - name: Activating cgroup support
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /boot/cmdline.txt
     regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
     line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
     backrefs: true
   notify: reboot
 
 - name: Flush iptables before changing to iptables-legacy
-  iptables:
+  ansible.builtin.iptables:
     flush: true
   changed_when: false   # iptables flush always returns changed
 
 - name: Changing to iptables-legacy
-  alternatives:
+  community.general.alternatives:
     path: /usr/sbin/iptables-legacy
     name: iptables
   register: ip4_legacy
 
 - name: Changing to ip6tables-legacy
-  alternatives:
+  community.general.alternatives:
     path: /usr/sbin/ip6tables-legacy
     name: ip6tables
   register: ip6_legacy

roles/raspberrypi/tasks/prereq/Ubuntu.yml

@@ -1,15 +1,16 @@
 ---
 - name: Enable cgroup via boot commandline if not already enabled for Ubuntu on a Raspberry Pi
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /boot/firmware/cmdline.txt
     backrefs: yes
     regexp: '^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$'
     line: '\1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory'
   notify: reboot
 - name: Install Ubuntu Raspi Extra Packages
-  apt:
-    name: 
-    - linux-modules-extra-raspi #Fixes issues in newer Ubuntu where VXLan isn't setup right. See: https://github.com/k3s-io/k3s/issues/4234
+  ansible.builtin.apt:
+    # Fixes issues in newer Ubuntu where VXLan isn't setup right.
+    # See: https://github.com/k3s-io/k3s/issues/4234
+    name: linux-modules-extra-raspi
     update_cache: yes
     state: present
-  when: "ansible_distribution_version is version('20.10', '>=')"
+  when: "ansible_distribution_version is version('20.10', '>=')"