project: resolve risky-shell-pipe ansible-lint error

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

roles/etcd/handlers/backup_cleanup.yml

@@ -7,5 +7,5 @@
 - name: Remove old etcd backups
   shell:
     chdir: "{{ etcd_backup_prefix }}"
-    cmd: "find . -name 'etcd-*' -type d | sort -n | head -n -{{ etcd_backup_retention_count }} | xargs rm -rf"
+    cmd: "set -o pipefail && find . -name 'etcd-*' -type d | sort -n | head -n -{{ etcd_backup_retention_count }} | xargs rm -rf"
   when: etcd_backup_retention_count >= 0

roles/kubernetes/control-plane/handlers/main.yml

@@ -44,47 +44,47 @@
     state: restarted
 
 - name: Master | Remove apiserver container docker
-  shell: docker ps -af name=k8s_kube-apiserver* -q | xargs --no-run-if-empty docker rm -f
+  shell: "set -o pipefail && docker ps -af name=k8s_kube-apiserver* -q | xargs --no-run-if-empty docker rm -f"
   register: remove_apiserver_container
   retries: 10
   until: remove_apiserver_container.rc == 0
   delay: 1
   when: container_manager == "docker"
 
 - name: Master | Remove apiserver container containerd/crio
-  shell: "{{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
+  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
   register: remove_apiserver_container
   retries: 10
   until: remove_apiserver_container.rc == 0
   delay: 1
   when: container_manager in ['containerd', 'crio']
 
 - name: Master | Remove scheduler container docker
-  shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_kube-scheduler* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_kube-scheduler* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
   register: remove_scheduler_container
   retries: 10
   until: remove_scheduler_container.rc == 0
   delay: 1
   when: container_manager == "docker"
 
 - name: Master | Remove scheduler container containerd/crio
-  shell: "{{ bin_dir }}/crictl pods --name kube-scheduler* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
+  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-scheduler* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
   register: remove_scheduler_container
   retries: 10
   until: remove_scheduler_container.rc == 0
   delay: 1
   when: container_manager in ['containerd', 'crio']
 
 - name: Master | Remove controller manager container docker
-  shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
   register: remove_cm_container
   retries: 10
   until: remove_cm_container.rc == 0
   delay: 1
   when: container_manager == "docker"
 
 - name: Master | Remove controller manager container containerd/crio
-  shell: "{{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
+  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
   register: remove_cm_container
   retries: 10
   until: remove_cm_container.rc == 0

roles/kubernetes/node/tasks/facts.yml

@@ -1,7 +1,7 @@
 ---
 - block:
   - name: look up docker cgroup driver
-    shell: "docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
+    shell: "set -o pipefail && docker info | grep 'Cgroup Driver' | awk -F': ' '{ print $2; }'"
     register: docker_cgroup_driver_result
     changed_when: false
     check_mode: no
@@ -13,7 +13,7 @@
 
 - block:
   - name: look up crio cgroup driver
-    shell: "{{ bin_dir }}/crio-status info | grep 'cgroup driver' | awk -F': ' '{ print $2; }'"
+    shell: "set -o pipefail && {{ bin_dir }}/crio-status info | grep 'cgroup driver' | awk -F': ' '{ print $2; }'"
     register: crio_cgroup_driver_result
     changed_when: false
 

roles/kubernetes/preinstall/handlers/main.yml

@@ -68,7 +68,7 @@
   when: inventory_hostname in groups['kube_control_plane'] and dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'
 
 - name: Preinstall | restart kube-controller-manager docker
-  shell: "{{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-controller-manager* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
   when:
     - container_manager == "docker"
     - inventory_hostname in groups['kube_control_plane']
@@ -77,7 +77,7 @@
     - kube_controller_set.stat.exists
 
 - name: Preinstall | restart kube-controller-manager crio/containerd
-  shell: "{{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
+  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-controller-manager* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
   when:
     - container_manager in ['crio', 'containerd']
     - inventory_hostname in groups['kube_control_plane']
@@ -86,7 +86,7 @@
     - kube_controller_set.stat.exists
 
 - name: Preinstall | restart kube-apiserver docker
-  shell: "{{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-apiserver* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -f name=k8s_POD_kube-apiserver* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
   when:
     - container_manager == "docker"
     - inventory_hostname in groups['kube_control_plane']
@@ -95,7 +95,7 @@
     - kube_apiserver_set.stat.exists
 
 - name: Preinstall | restart kube-apiserver crio/containerd
-  shell: "{{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
+  shell: "set -o pipefail && {{ bin_dir }}/crictl pods --name kube-apiserver* -q | xargs -I% --no-run-if-empty bash -c '{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %'"
   register: preinstall_restart_apiserver
   retries: 10
   until: preinstall_restart_apiserver.rc == 0

roles/network_plugin/calico/handlers/main.yml

@@ -13,14 +13,14 @@
     state: absent
 
 - name: Calico | delete calico-node docker containers
-  shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_POD_calico-node* -q | xargs --no-run-if-empty {{ docker_bin_dir }}/docker rm -f"
   register: docker_calico_node_remove
   until: docker_calico_node_remove is succeeded
   retries: 5
   when: container_manager in ["docker"]
 
 - name: Calico | delete calico-node crio/containerd containers
-  shell: '{{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
+  shell: 'set -o pipefail && {{ bin_dir }}/crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
   register: crictl_calico_node_remove
   until: crictl_calico_node_remove is succeeded
   retries: 5

roles/network_plugin/canal/handlers/main.yml

@@ -11,4 +11,4 @@
     state: absent
 
 - name: delete canal-node containers
-  shell: "docker ps -af name=k8s_POD_canal-node* -q | xargs --no-run-if-empty docker rm -f"
+  shell: "set -o pipefail && docker ps -af name=k8s_POD_canal-node* -q | xargs --no-run-if-empty docker rm -f"

roles/network_plugin/kube-router/handlers/main.yml

@@ -6,14 +6,14 @@
     - Kube-router | delete kube-router crio/containerd containers
 
 - name: Kube-router | delete kube-router docker containers
-  shell: "{{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f"
+  shell: "set -o pipefail && {{ docker_bin_dir }}/docker ps -af name=k8s_POD_kube-router* -q | xargs --no-run-if-empty docker rm -f"
   register: docker_kube_router_remove
   until: docker_kube_router_remove is succeeded
   retries: 5
   when: container_manager in ["docker"]
 
 - name: Kube-router | delete kube-router crio/containerd containers
-  shell: '{{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
+  shell: 'set -o pipefail && {{ bin_dir }}/crictl pods --name kube-router* -q | xargs -I% --no-run-if-empty bash -c "{{ bin_dir }}/crictl stopp % && {{ bin_dir }}/crictl rmp %"'
   register: crictl_kube_router_remove
   until: crictl_kube_router_remove is succeeded
   retries: 5

tests/testcases/030_check-network.yml

@@ -56,6 +56,7 @@
   - name: Run 2 agnhost pods in test ns
     shell:
       cmd: |
+        set -o pipefail
         cat <<EOF | {{ bin_dir }}/kubectl apply -f -
         apiVersion: v1
         kind: Pod

tests/testcases/040_check-network-adv.yml

@@ -173,6 +173,7 @@
       # heuristics by using the cmd parameter like this:
       shell:
         cmd: |
+          set -o pipefail
           cat <<EOF | {{ bin_dir }}/kubectl create -f -
           apiVersion: "k8s.cni.cncf.io/v1"
           kind: NetworkAttachmentDefinition
@@ -207,6 +208,7 @@
       # heuristics by using the cmd parameter like this:
       shell:
         cmd: |
+          set -o pipefail
           cat <<EOF | {{ bin_dir }}/kubectl create -f -
           apiVersion: v1
           kind: Pod