Cleanup various deprecation warnings.

playbooks/common/openshift-etcd/config.yml

@@ -53,7 +53,7 @@
         -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
     args:
       creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
-    with_items: etcd_needing_server_certs
+    with_items: "{{ etcd_needing_server_certs | default([]) }}"
   - name: Retrieve the etcd cert tarballs
     fetch:
       src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
@@ -61,7 +61,7 @@
       flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: etcd_needing_server_certs
+    with_items: "{{ etcd_needing_server_certs | default([]) }}"
 
 # Configure a first etcd host to avoid conflicts in choosing a leader
 # if other members come online too quickly.

playbooks/common/openshift-master/config.yml

@@ -120,7 +120,7 @@
         -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
     args:
       creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
-    with_items: etcd_needing_client_certs
+    with_items: "{{ etcd_needing_client_certs | default([]) }}"
   - name: Retrieve the etcd cert tarballs
     fetch:
       src: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
@@ -128,7 +128,7 @@
       flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: etcd_needing_client_certs
+    with_items: "{{ etcd_needing_client_certs | default([]) }}"
 
 - name: Copy the external etcd certs to the masters
   hosts: oo_masters_to_config
@@ -178,7 +178,7 @@
   - name: Check status of master certificates
     stat:
       path: "{{ openshift.common.config_base }}/master/{{ item }}"
-    with_items: openshift_master_certs
+    with_items: "{{ openshift_master_certs }}"
     register: g_master_cert_stat_result
   - set_fact:
       master_certs_missing: "{{ False in (g_master_cert_stat_result.results
@@ -213,7 +213,7 @@
       state: absent
     when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config
     with_nested:
-    - masters_needing_certs
+    - "{{ masters_needing_certs | default([]) }}"
     - - master.etcd-client.crt
       - master.etcd-client.key
 
@@ -223,7 +223,7 @@
         -C {{ master_generated_certs_dir }}/{{ item.master_cert_subdir }} .
     args:
       creates: "{{ master_generated_certs_dir }}/{{ item.master_cert_subdir }}.tgz"
-    with_items: masters_needing_certs
+    with_items: "{{ masters_needing_certs | default([]) }}"
 
   - name: Retrieve the master cert tarball from the master
     fetch:
@@ -232,7 +232,7 @@
       flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: masters_needing_certs
+    with_items: "{{ masters_needing_certs | default([]) }}"
 
 - name: Configure load balancers
   hosts: oo_lb_to_config

playbooks/common/openshift-node/config.yml

@@ -66,7 +66,7 @@
         -C {{ item.config_dir }} .
     args:
       creates: "{{ item.config_dir }}.tgz"
-    with_items: nodes_needing_certs
+    with_items: "{{ nodes_needing_certs | default([]) }}"
 
   - name: Retrieve the node config tarballs from the master
     fetch:
@@ -75,7 +75,7 @@
       flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: nodes_needing_certs
+    with_items: "{{ nodes_needing_certs | default([]) }}"
 
 - name: Deploy node certificates
   hosts: oo_nodes_to_config
@@ -179,7 +179,7 @@
         -C {{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }} .
     args:
       creates: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}.tgz"
-    with_items: etcd_needing_client_certs
+    with_items: "{{ etcd_needing_client_certs | default([]) }}"
     when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
   - name: Retrieve the etcd cert tarballs
     fetch:
@@ -188,7 +188,7 @@
       flat: yes
       fail_on_missing: yes
       validate_checksum: yes
-    with_items: etcd_needing_client_certs
+    with_items: "{{ etcd_needing_client_certs | default([]) }}"
     when: etcd_client_flannel_certs_missing is defined and etcd_client_flannel_certs_missing
 
 - name: Copy the external etcd flannel certs to the nodes

roles/etcd_certificates/tasks/client.yml

@@ -4,7 +4,7 @@
     path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
     state: directory
     mode: 0700
-  with_items: etcd_needing_client_certs
+  with_items: "{{ etcd_needing_client_certs | default([]) }}"
 
 - name: Create the client csr
   command: >
@@ -19,7 +19,7 @@
                  ~ item.etcd_cert_prefix ~ 'client.csr' }}"
   environment:
     SAN: "IP:{{ item.etcd_ip }}"
-  with_items: etcd_needing_client_certs
+  with_items: "{{ etcd_needing_client_certs | default([]) }}"
 
 - name: Sign and create the client crt
   command: >
@@ -33,10 +33,10 @@
                  ~ item.etcd_cert_prefix ~ 'client.crt' }}"
   environment:
     SAN: "IP:{{ item.etcd_ip }}"
-  with_items: etcd_needing_client_certs
+  with_items: "{{ etcd_needing_client_certs | default([]) }}"
 
 - file:
     src: "{{ etcd_ca_cert }}"
     dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
     state: hard
-  with_items: etcd_needing_client_certs
+  with_items: "{{ etcd_needing_client_certs | default([]) }}"

roles/etcd_certificates/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - include: client.yml
-  when: etcd_needing_client_certs is defined and etcd_needing_client_certs
+  when: etcd_needing_client_certs | default([]) | length > 0
 
 - include: server.yml
-  when: etcd_needing_server_certs is defined and etcd_needing_server_certs
+  when: etcd_needing_server_certs | default([]) | length > 0

roles/etcd_certificates/tasks/server.yml

@@ -4,7 +4,7 @@
     path: "{{ etcd_generated_certs_dir }}/{{ item.etcd_cert_subdir }}"
     state: directory
     mode: 0700
-  with_items: etcd_needing_server_certs
+  with_items: "{{ etcd_needing_server_certs | default([]) }}"
 
 - name: Create the server csr
   command: >
@@ -19,7 +19,7 @@
                  ~ item.etcd_cert_prefix ~ 'server.csr' }}"
   environment:
     SAN: "IP:{{ item.etcd_ip }}"
-  with_items: etcd_needing_server_certs
+  with_items: "{{ etcd_needing_server_certs  | default([]) }}"
 
 - name: Sign and create the server crt
   command: >
@@ -33,7 +33,7 @@
                  ~ item.etcd_cert_prefix ~ 'server.crt' }}"
   environment:
     SAN: "IP:{{ item.etcd_ip }}"
-  with_items: etcd_needing_server_certs
+  with_items: "{{ etcd_needing_server_certs  | default([]) }}"
 
 - name: Create the peer csr
   command: >
@@ -48,7 +48,7 @@
                  ~ item.etcd_cert_prefix ~ 'peer.csr' }}"
   environment:
     SAN: "IP:{{ item.etcd_ip }}"
-  with_items: etcd_needing_server_certs
+  with_items: "{{ etcd_needing_server_certs | default([]) }}"
 
 - name: Sign and create the peer crt
   command: >
@@ -62,10 +62,10 @@
                  ~ item.etcd_cert_prefix ~ 'peer.crt' }}"
   environment:
     SAN: "IP:{{ item.etcd_ip }}"
-  with_items: etcd_needing_server_certs
+  with_items: "{{ etcd_needing_server_certs | default([]) }}"
 
 - file:
     src: "{{ etcd_ca_cert }}"
     dest: "{{ etcd_generated_certs_dir}}/{{ item.etcd_cert_subdir }}/{{ item.etcd_cert_prefix }}ca.crt"
     state: hard
-  with_items: etcd_needing_server_certs
+  with_items: "{{ etcd_needing_server_certs | default([]) }}"

roles/openshift_docker/tasks/main.yml

@@ -24,6 +24,6 @@
   with_items:
   - role: docker
     local_facts:
-      openshift_image_tag: "{{ l_image_tag }}"
+      openshift_image_tag: "{{ l_image_tag | default(None) }}"
       openshift_version: "{{ l_image_tag.split('-')[0] if l_image_tag is defined else '' | oo_image_tag_to_rpm_version }}"
   when: openshift.common.is_containerized is defined and openshift.common.is_containerized | bool

roles/openshift_manage_node/tasks/main.yml

@@ -6,7 +6,7 @@
   retries: 50
   delay: 5
   changed_when: false
-  with_items: openshift_nodes
+  with_items: "{{ openshift_nodes }}"
 
 - name: Set node schedulability
   command: >

roles/openshift_master/tasks/main.yml

@@ -78,14 +78,14 @@
   action: "{{ ansible_pkg_mgr }} name=httpd-tools state=present"
   when: (item.kind == 'HTPasswdPasswordIdentityProvider') and
         not openshift.common.is_atomic | bool
-  with_items: openshift.master.identity_providers
+  with_items: "{{ openshift.master.identity_providers }}"
 
 - name: Ensure htpasswd directory exists
   file:
     path: "{{ item.filename | dirname }}"
     state: directory
   when: item.kind == 'HTPasswdPasswordIdentityProvider'
-  with_items: openshift.master.identity_providers
+  with_items: "{{ openshift.master.identity_providers }}"
 
 - name: Create the htpasswd file if needed
   template:
@@ -94,7 +94,7 @@
     mode: 0600
     backup: yes
   when: item.kind == 'HTPasswdPasswordIdentityProvider'
-  with_items: openshift.master.identity_providers
+  with_items: "{{ openshift.master.identity_providers }}"
 
 - name: Create the ldap ca file if needed
   copy:
@@ -103,7 +103,7 @@
     mode: 0600
     backup: yes
   when: openshift.master.ldap_ca is defined and item.kind == 'LDAPPasswordIdentityProvider'
-  with_items: openshift.master.identity_providers
+  with_items: "{{ openshift.master.identity_providers }}"
 
 - name: Create the openid ca file if needed
   copy:
@@ -112,7 +112,7 @@
     mode: 0600
     backup: yes
   when: openshift.master.openid_ca is defined and item.kind == 'OpenIDIdentityProvider' and item.ca | default('') != ''
-  with_items: openshift.master.identity_providers
+  with_items: "{{ openshift.master.identity_providers }}"
 
 - name: Create the request header ca file if needed
   copy:
@@ -121,7 +121,7 @@
     mode: 0600
     backup: yes
   when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != ''
-  with_items: openshift.master.identity_providers
+  with_items: "{{ openshift.master.identity_providers }}"
 
 - name: Install the systemd units
   include: systemd_units.yml
@@ -239,7 +239,7 @@
     mode: 0700
     owner: "{{ item }}"
     group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout  }}"
-  with_items: client_users
+  with_items: "{{ client_users }}"
 
 # TODO: Update this file if the contents of the source file are not present in
 # the dest file, will need to make sure to ignore things that could be added
@@ -247,7 +247,7 @@
   command: cp {{ openshift_master_config_dir }}/admin.kubeconfig ~{{ item }}/.kube/config
   args:
     creates: ~{{ item }}/.kube/config
-  with_items: client_users
+  with_items: "{{ client_users }}"
 
 - name: Update the permissions on the admin client config(s)
   file:
@@ -256,4 +256,4 @@
     mode: 0700
     owner: "{{ item }}"
     group: "{{ 'root' if item == 'root' else _ansible_ssh_user_gid.stdout  }}"
-  with_items: client_users
+  with_items: "{{ client_users }}"

roles/openshift_master_certificates/tasks/main.yml

@@ -4,14 +4,14 @@
     path: "{{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}"
     state: directory
     mode: 0700
-  with_items: masters_needing_certs
+  with_items: "{{ masters_needing_certs | default([]) }}"
 
 - file:
     src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
     dest: "{{ openshift_generated_configs_dir }}/{{ item.0.master_cert_subdir }}/{{ item.1 }}"
     state: hard
   with_nested:
-  - masters_needing_certs
+  - "{{ masters_needing_certs | default([]) }}"
   -
     - ca.crt
     - ca.key
@@ -26,7 +26,7 @@
       --cert-dir={{ openshift_generated_configs_dir }}/{{ item.master_cert_subdir }}
       --overwrite=false
   when: item.master_certs_missing | bool
-  with_items: masters_needing_certs
+  with_items: "{{ masters_needing_certs | default([]) }}"
 
 - file:
     src: "{{ openshift_master_config_dir }}/{{ item.1 }}"
@@ -34,5 +34,5 @@
     state: hard
     force: true
   with_nested:
-  - masters_needing_certs
+  - "{{ masters_needing_certs | default([]) }}"
   - "{{ hostvars[inventory_hostname] | certificates_to_synchronize }}"

roles/openshift_node_certificates/tasks/main.yml

@@ -1,5 +1,5 @@
 ---
-- name: Create openshift_generated_configs_dir if it doesn't exist
+- name: Create openshift_generated_configs_dir if it doesn\'t exist
   file:
     path: "{{ openshift_generated_configs_dir }}"
     state: directory
@@ -19,7 +19,7 @@
       --user=system:node:{{ item.openshift.common.hostname }}
   args:
     creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}"
-  with_items: nodes_needing_certs
+  with_items: "{{ nodes_needing_certs | default([]) }}"
 
 - name: Generate the node server certificate
   command: >
@@ -33,4 +33,4 @@
       --signer-serial={{ openshift_master_ca_serial }}
   args:
     creates: "{{ openshift_generated_configs_dir }}/node-{{ item.openshift.common.hostname }}/server.crt"
-  with_items: nodes_needing_certs
+  with_items: "{{ nodes_needing_certs | default([]) }}"

roles/openshift_serviceaccounts/tasks/main.yml

@@ -1,7 +1,7 @@
 - name: test if service accounts exists
   command: >
       {{ openshift.common.client_binary }} get sa {{ item }} -n {{ openshift_serviceaccounts_namespace }}
-  with_items: openshift_serviceaccounts_names
+  with_items: "{{ openshift_serviceaccounts_names }}"
   failed_when: false
   changed_when: false
   register: account_test
@@ -13,8 +13,8 @@
        -n {{ openshift_serviceaccounts_namespace }} create -f -
   when: item.1.rc != 0
   with_together:
-  - openshift_serviceaccounts_names
-  - account_test.results
+  - "{{ openshift_serviceaccounts_names }}"
+  - "{{ account_test.results }}"
 
 - name: test if scc needs to be updated
   command: >
@@ -22,7 +22,7 @@
   changed_when: false
   failed_when: false
   register: scc_test
-  with_items: openshift_serviceaccounts_sccs
+  with_items: "{{ openshift_serviceaccounts_sccs }}"
 
 - name: Grant the user access to the privileged scc
   command: >
@@ -30,8 +30,8 @@
       privileged system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}
   when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}"
   with_nested:
-  - openshift_serviceaccounts_names
-  - scc_test.results
+  - "{{ openshift_serviceaccounts_names }}"
+  - "{{ scc_test.results }}"
 
 - include: legacy_add_scc_to_user.yml
   when: not openshift.common.version_gte_3_1_or_1_1

roles/os_firewall/defaults/main.yml

@@ -1,3 +1,5 @@
 ---
 os_firewall_enabled: True
 os_firewall_use_firewalld: True
+os_firewall_allow: []
+os_firewall_deny: []

roles/os_firewall/tasks/firewall/firewalld.yml

@@ -52,29 +52,25 @@
     port: "{{ item.port }}"
     permanent: false
     state: enabled
-  with_items: os_firewall_allow
-  when: os_firewall_allow is defined
+  with_items: "{{ os_firewall_allow }}"
 
 - name: Persist firewalld allow rules
   firewalld:
     port: "{{ item.port }}"
     permanent: true
     state: enabled
-  with_items: os_firewall_allow
-  when: os_firewall_allow is defined
+  with_items: "{{ os_firewall_allow }}"
 
 - name: Remove firewalld allow rules
   firewalld:
     port: "{{ item.port }}"
     permanent: false
     state: disabled
-  with_items: os_firewall_deny
-  when: os_firewall_deny is defined
+  with_items: "{{ os_firewall_deny }}"
 
 - name: Persist removal of firewalld allow rules
   firewalld:
     port: "{{ item.port }}"
     permanent: true
     state: disabled
-  with_items: os_firewall_deny
-  when: os_firewall_deny is defined
+  with_items: "{{ os_firewall_deny }}"

roles/os_firewall/tasks/firewall/iptables.yml

@@ -49,8 +49,7 @@
     action: add
     protocol: "{{ item.port.split('/')[1] }}"
     port: "{{ item.port.split('/')[0] }}"
-  with_items: os_firewall_allow
-  when: os_firewall_allow is defined
+  with_items: "{{ os_firewall_allow }}"
 
 - name: Remove iptables rules
   os_firewall_manage_iptables:
@@ -58,5 +57,4 @@
     action: remove
     protocol: "{{ item.port.split('/')[1] }}"
     port: "{{ item.port.split('/')[0] }}"
-  with_items: os_firewall_deny
-  when: os_firewall_deny is defined
+  with_items: "{{ os_firewall_deny }}"