reversing unneeded delegate_to privilege elevation (fix)

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/copy-kubeconfig.yml

@@ -1,6 +1,7 @@
 ---
 - name: Check if the secrets file exists
   delegate_to: localhost
+  become: false
   stat:
     path: "{{ vault_location }}/kubernetes-secrets.yml"
     get_attributes: false
@@ -13,6 +14,7 @@
   block:
     - name: Include vars of Kubernetes secrets
       delegate_to: localhost
+      become: false
       include_vars:
         file: "{{ vault_location }}/kubernetes-secrets.yml"
 

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/copy-kubernetes-pki.yml

@@ -1,5 +1,6 @@
 ---
-- set_fact:
+- name: Prepare PKI relative paths
+  set_fact:
     kubernetes_pki_folders:
       - pki/
       - pki/etcd/
@@ -16,6 +17,7 @@
 
 - name: Check if the PKI file exists
   delegate_to: localhost
+  become: false
   stat:
     path: "{{ vault_location }}/kubernetes-pki.yml"
     get_attributes: false
@@ -26,15 +28,18 @@
 - name: Copy PKI from master node to Ephiphany's vault
   when: not stat_kubernetes_pki.stat.exists
   block:
-    - delegate_to: "{{ kubernetes_common.automation_designated_master }}"
+    - name: Slurp PKI files
+      delegate_to: "{{ kubernetes_common.automation_designated_master }}"
       slurp:
         src: "/etc/kubernetes/{{ item }}"
       loop: >-
         {{ kubernetes_pki_file_map.values() | list }}
       register: slurp_kubernetes_pki_files
       no_log: true
 
-    - delegate_to: localhost
+    - name: Copy PKI files
+      delegate_to: localhost
+      become: false
       vars:
         # Decoding slurp's contents
         kubernetes_pki_files_slurped_content: >-
@@ -75,6 +80,7 @@
 
 - name: Load PKI variables
   delegate_to: localhost
+  become: false
   environment:
     ANSIBLE_VAULT_PASSWORD_FILE: "{{ vault_tmp_file_location }}"
   include_vars:

core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/generate-cluster-credentials.yml

@@ -21,6 +21,7 @@
 
 - name: Encrypt tokens
   delegate_to: localhost
+  become: false
   environment:
     ANSIBLE_VAULT_PASSWORD_FILE: "{{ vault_tmp_file_location }}"
   shell: |
@@ -58,6 +59,7 @@
 
 - name: Encrypt CA data
   delegate_to: localhost
+  become: false
   environment:
     ANSIBLE_VAULT_PASSWORD_FILE: "{{ vault_tmp_file_location }}"
   shell: |
@@ -75,6 +77,7 @@
 
 - name: Create credentials file
   delegate_to: localhost
+  become: false
   template:
     src: kubernetes-secrets.yml.j2
     dest: "{{ vault_location }}/kubernetes-secrets.yml"

core/src/epicli/data/common/ansible/playbooks/roles/preflight_facts/tasks/assert.yml

@@ -1,5 +1,7 @@
 ---
-- delegate_to: localhost
+- name: Applying HA-related assertions for Kubernetes
+  delegate_to: localhost
+  become: false
   run_once: true
   block:
     - assert:

core/src/epicli/data/common/ansible/playbooks/roles/preflight_facts/tasks/store.yml

@@ -3,6 +3,7 @@
 
 - name: Store preflight facts
   delegate_to: localhost
+  become: false
   run_once: true
   copy:
     dest: "{{ vault_location }}/../preflight_facts.yml"