diff --git a/.ansible-lint b/.ansible-lint index 5e585f5686..f9ae078ac5 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -25,3 +25,14 @@ skip_list: - fqcn[action] # role name check matching ^*$ - role-name + # TODO(frickler): Discuss these in detail, skipping for now to unblock things + - key-order[task] + - no-free-form + - name[play] + - var-naming[no-role-prefix] + - risky-file-permissions + - risky-shell-pipe + - command-instead-of-shell + - command-instead-of-module + - ignore-errors + - jinja[spacing] diff --git a/lint-requirements.txt b/lint-requirements.txt index 89cb54276f..af8d8a49b5 100644 --- a/lint-requirements.txt +++ b/lint-requirements.txt @@ -1,5 +1,5 @@ ansible>=6,<8 # GPLv3 -ansible-lint>=6.0.0,<6.13.0 # MIT +ansible-lint>=6.0.0,<7.0.0 # MIT bandit>=1.1.0 # Apache-2.0 bashate>=0.5.1 # Apache-2.0 doc8>=0.6.0 # Apache-2.0 diff --git a/roles/cephadm/tasks/main.yml b/roles/cephadm/tasks/main.yml index 9aaa52965d..7dcacd77bc 100644 --- a/roles/cephadm/tasks/main.yml +++ b/roles/cephadm/tasks/main.yml @@ -33,7 +33,7 @@ - name: Bootstrap cephadm vars: - mon_ip: "{{ hostvars[inventory_hostname]['ansible_'+api_interface_name].ipv4.address }}" + mon_ip: "{{ hostvars[inventory_hostname]['ansible_' + api_interface_name].ipv4.address }}" command: cmd: > cephadm @@ -53,7 +53,7 @@ vars: regexp: 'Cluster fsid: (.*)' set_fact: - ceph_fsid: "{{ cephadm_bootstrap_output.stdout | regex_search(regexp,'\\1') | first }}" + ceph_fsid: "{{ cephadm_bootstrap_output.stdout | regex_search(regexp, '\\1') | first }}" - name: Template out cluster spec template: @@ -80,7 +80,7 @@ ceph_conf_fixed: | [global] fsid = {{ ceph_fsid }} - mon_host = {% for host in groups['all'] %} {{ hostvars[host]['ansible_'+api_interface_name].ipv4.address }} {% if not loop.last %},{% endif %} {% endfor %} + mon_host = {% for host in groups['all'] %} {{ hostvars[host]['ansible_' + api_interface_name].ipv4.address }} {% if not loop.last %},{% endif %} {% endfor %} copy: content: "{{ ceph_conf_fixed }}" dest: "/etc/ceph/ceph.conf.fixed" diff --git a/tests/post.yml b/tests/post.yml index 750413d9ee..abcfc3e745 100644 --- a/tests/post.yml +++ b/tests/post.yml @@ -36,7 +36,7 @@ mode: pull ignore_errors: yes - - name: dump all iptables rules + - name: Dump all iptables rules shell: "iptables-save > /tmp/logs/iptables" args: creates: /tmp/logs/iptables @@ -59,29 +59,29 @@ ara_report_local_dir: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}/ara-report" kolla_ansible_local_src_dir: "{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible" tasks: - - name: check for existence of ara sqlite + - name: Check for existence of ara sqlite stat: path: "{{ ansible_env.HOME }}/.ara/server/ansible.sqlite" register: ara_stat_result - block: - - name: ensure ara-report folder existence + - name: Ensure ara-report folder existence file: path: "{{ ara_report_local_dir }}" state: directory delegate_to: localhost - - name: download ara sqlite + - name: Download ara sqlite synchronize: src: "{{ ansible_env.HOME }}/.ara/server/ansible.sqlite" dest: "{{ ara_report_local_dir }}/" mode: pull - - name: get ara version + - name: Get ara version command: "ara --version" register: ara_version - - name: template ara readme + - name: Template ara readme template: src: "{{ kolla_ansible_local_src_dir }}/tests/ara-readme.md.j2" dest: "{{ ara_report_local_dir }}/README.md" diff --git a/tests/pre.yml b/tests/pre.yml index 984440b3dc..f7614ab968 100644 --- a/tests/pre.yml +++ b/tests/pre.yml @@ -105,7 +105,7 @@ - "ansible" # NOTE(yoctozepto): let's observe forwarding behavior - - name: iptables - LOG FORWARD + - name: Iptables - LOG FORWARD become: true iptables: state: present @@ -114,7 +114,7 @@ jump: LOG log_prefix: 'iptables FORWARD: ' - - name: set new hostname based on ansible inventory file + - name: Set new hostname based on ansible inventory file hostname: name: "{{ inventory_hostname }}" use: systemd diff --git a/tests/run-hashi-vault.yml b/tests/run-hashi-vault.yml index cbeb4aa157..84b8f226b7 100644 --- a/tests/run-hashi-vault.yml +++ b/tests/run-hashi-vault.yml @@ -3,7 +3,7 @@ any_errors_fatal: true tasks: # NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays - - name: set facts for commonly used variables + - name: Set facts for commonly used variables set_fact: kolla_ansible_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible" upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt" @@ -14,27 +14,27 @@ any_errors_fatal: true environment: "{{ pip_user_path_env }}" tasks: - - name: ensure /etc/kolla exists + - name: Ensure /etc/kolla exists file: path: "/etc/kolla" state: "directory" mode: 0777 become: true - - name: ensure python3-pip exists + - name: Ensure python3-pip exists package: name: python3-pip become: true # NOTE(mgoddard): We need a recent pip to install the latest cryptography # library. See https://github.com/pyca/cryptography/issues/5753 - - name: install pip 19.1.1+ + - name: Install pip 19.1.1+ pip: name: "pip>=19.1.1" executable: "pip3" extra_args: "--user" - - name: install kolla-ansible and dependencies + - name: Install kolla-ansible and dependencies pip: executable: "pip3" extra_args: "-c {{ upper_constraints_file }} --user" @@ -43,14 +43,14 @@ - "ansible-core{{ ansible_core_version_constraint }}" - "ansible{{ ansible_version_constraint }}" - - name: copy passwords.yml file + - name: Copy passwords.yml file copy: src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml" dest: /etc/kolla/passwords.yml mode: "0640" remote_src: true - - name: generate passwords + - name: Generate passwords command: kolla-genpwd # At this point we have generated all necessary configuration, and are diff --git a/tests/run.yml b/tests/run.yml index 03e90e2320..c038d7b968 100644 --- a/tests/run.yml +++ b/tests/run.yml @@ -7,7 +7,7 @@ setup: # NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays - - name: set facts for commonly used variables + - name: Set facts for commonly used variables vars: # NOTE(yoctozepto): needed here to use in other facts too openstack_core_enabled: "{{ scenario not in ['bifrost', 'mariadb', 'prometheus-opensearch', 'venus'] }}" @@ -22,7 +22,7 @@ build_image_tag: "change_{{ zuul.change | default('none') }}" openstack_core_enabled: "{{ openstack_core_enabled }}" openstack_core_tested: "{{ scenario in ['core', 'cephadm', 'zun', 'cells', 'swift', 'ovn', 'lets-encrypt'] }}" - dashboard_enabled: "{{ openstack_core_enabled }}" + dashboard_enabled: "false" upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt" docker_image_tag_suffix: "{{ '-aarch64' if ansible_architecture == 'aarch64' else '' }}" kolla_ansible_venv_path: "{{ ansible_env.HOME }}/kolla-ansible-venv" @@ -79,7 +79,7 @@ # and since we don't need isolated networks here, use host networking network_mode: host tasks: - - name: detect whether need build images + - name: Detect whether need build images set_fact: need_build_image: true when: @@ -97,7 +97,7 @@ - block: # NOTE(mgoddard): This only affects the remote copy of the repo, not the # one on the executor. - - name: checkout the previous ansible-collection-kolla branch + - name: Checkout the previous ansible-collection-kolla branch shell: cmd: | git checkout stable/{{ previous_release | lower }} @@ -105,7 +105,7 @@ git log --pretty=oneline -1 chdir: "{{ ansible_collection_kolla_src_dir }}" - - name: checkout the previous kolla-ansible branch + - name: Checkout the previous kolla-ansible branch shell: cmd: | git checkout stable/{{ previous_release | lower }} @@ -113,7 +113,7 @@ git log --pretty=oneline -1 chdir: "{{ kolla_ansible_src_dir }}" - - name: checkout the previous requirements branch + - name: Checkout the previous requirements branch shell: cmd: | git checkout stable/{{ previous_release | lower }} @@ -122,7 +122,7 @@ chdir: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/" when: is_upgrade - - name: ensure /etc/kolla exists + - name: Ensure /etc/kolla exists file: path: "/etc/kolla" state: "directory" @@ -157,7 +157,7 @@ - bifrost - swift - - name: generate configuration files + - name: Generate configuration files template: src: "{{ kolla_ansible_local_src_dir }}/{{ item.src }}" dest: "{{ item.dest }}" @@ -197,13 +197,13 @@ when: item.when | default(true) - block: - - name: ensure ironic config directory exists + - name: Ensure ironic config directory exists file: path: /etc/kolla/config/ironic state: directory mode: 0777 - - name: download Ironic Python Agent (IPA) images + - name: Download Ironic Python Agent (IPA) images get_url: url: "https://tarballs.opendev.org/openstack/ironic-python-agent/tinyipa/files/{{ item.src }}" dest: "/etc/kolla/config/ironic/{{ item.dest }}" @@ -215,12 +215,12 @@ when: scenario == "ironic" - block: - - name: slurp requirements.yml + - name: Slurp requirements.yml slurp: src: "{{ kolla_ansible_src_dir }}/requirements.yml" register: requirements_yml - - name: write requirements.yml + - name: Write requirements.yml copy: content: "{{ new_requirements | to_nice_yaml }}" dest: "{{ kolla_ansible_src_dir }}/requirements.yml" @@ -232,7 +232,7 @@ new_requirements: collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}" - - name: ensure /etc/ansible exists + - name: Ensure /etc/ansible exists file: path: /etc/ansible state: directory @@ -255,7 +255,7 @@ state: latest virtualenv: "{{ kolla_ansible_venv_path }}" - - name: install kolla-ansible and dependencies + - name: Install kolla-ansible and dependencies vars: ansible_core_version_min: "==2.14.*" ansible_core_version_max: "==2.15.*" @@ -271,7 +271,7 @@ virtualenv: "{{ kolla_ansible_venv_path }}" # TODO(mnasiadka): Remove in Caracal - - name: install Ansible on upgrade only + - name: Install Ansible on upgrade only vars: ansible_version_min: "==7.*" ansible_version_max: "==8.*" @@ -284,32 +284,32 @@ virtualenv: "{{ kolla_ansible_venv_path }}" when: is_upgrade - - name: install Ansible collections + - name: Install Ansible collections shell: | source {{ kolla_ansible_venv_path }}/bin/activate kolla-ansible install-deps args: executable: /bin/bash - - name: get ARA callback plugin path + - name: Get ARA callback plugin path command: "{{ kolla_ansible_venv_path }}/bin/python3 -m ara.setup.callback_plugins" changed_when: false register: ara_callback_plugins - - name: template ansible.cfg + - name: Template ansible.cfg template: src: "{{ kolla_ansible_local_src_dir }}/tests/templates/ansible.cfg.j2" dest: /etc/ansible/ansible.cfg become: true - - name: copy passwords.yml file + - name: Copy passwords.yml file copy: src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml" dest: /etc/kolla/passwords.yml mode: "0640" remote_src: true - - name: generate passwords + - name: Generate passwords command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd" - name: Record the running state of the environment as seen by the setup module @@ -326,7 +326,7 @@ # NOTE(yoctozepto): k-a octavia-certificates should run before k-a bootstrap-servers # because the latter hijacks /etc/kolla permissions (due to same directory on the # same host being used by both) - - name: create TLS certificates for octavia + - name: Create TLS certificates for octavia shell: | source {{ kolla_ansible_venv_path }}/bin/activate kolla-ansible octavia-certificates @@ -390,14 +390,14 @@ mode: 0755 with_items: "{{ cephadm_kolla_ceph_services }}" - - name: copy ceph.conf to enabled services + - name: Copy ceph.conf to enabled services copy: remote_src: True src: "/etc/ceph/ceph.conf.fixed" dest: "/etc/kolla/config/{{ item.name }}/ceph.conf" with_items: "{{ cephadm_kolla_ceph_services }}" - - name: copy keyrings to enabled services + - name: Copy keyrings to enabled services copy: remote_src: True src: "/var/run/ceph/{{ ceph_fsid }}/{{ item.keyring }}" @@ -623,7 +623,7 @@ - block: # NOTE(mgoddard): This only affects the remote copy of the repo, not the # one on the executor. - - name: checkout the current ansible-collection-kolla branch + - name: Checkout the current ansible-collection-kolla branch shell: cmd: | git checkout {{ zuul.branch }} @@ -633,7 +633,7 @@ # NOTE(frickler): We modified requirements.yml, need to revert the # changes in order for the branch checkout to succeed - - name: checkout the current kolla-ansible branch + - name: Checkout the current kolla-ansible branch shell: cmd: | git checkout requirements.yml @@ -642,7 +642,7 @@ git log --pretty=oneline -1 chdir: "{{ kolla_ansible_src_dir }}" - - name: checkout the current requirements branch + - name: Checkout the current requirements branch shell: cmd: | git checkout {{ zuul.projects["opendev.org/openstack/requirements"].checkout }} @@ -668,12 +668,12 @@ dest: /etc/kolla/config/nova/nova-compute.conf when: item.when | default(true) - - name: slurp requirements.yml + - name: Slurp requirements.yml slurp: src: "{{ kolla_ansible_src_dir }}/requirements.yml" register: requirements_yml - - name: write requirements.yml + - name: Write requirements.yml copy: content: "{{ new_requirements | to_nice_yaml }}" dest: "{{ kolla_ansible_src_dir }}/requirements.yml" @@ -685,14 +685,14 @@ new_requirements: collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}" - - name: upgrade kolla-ansible + - name: Upgrade kolla-ansible pip: extra_args: "-c {{ upper_constraints_file }}" name: - "{{ kolla_ansible_src_dir }}" virtualenv: "{{ kolla_ansible_venv_path }}" - - name: install Ansible collections + - name: Install Ansible collections shell: | source {{ kolla_ansible_venv_path }}/bin/activate kolla-ansible install-deps @@ -701,20 +701,20 @@ # Update passwords.yml to include any new passwords added in this # release. - - name: move passwords.yml to passwords.yml.old + - name: Move passwords.yml to passwords.yml.old command: mv /etc/kolla/passwords.yml /etc/kolla/passwords.yml.old - - name: copy passwords.yml file + - name: Copy passwords.yml file copy: src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml" dest: /etc/kolla/passwords.yml mode: "0640" remote_src: true - - name: generate new passwords + - name: Generate new passwords command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd" - - name: merge old and new passwords + - name: Merge old and new passwords command: >- {{ kolla_ansible_venv_path }}/bin/kolla-mergepwd --old /etc/kolla/passwords.yml.old diff --git a/tox.ini b/tox.ini index 92c0b33fda..b62e6a32dc 100644 --- a/tox.ini +++ b/tox.ini @@ -95,6 +95,7 @@ setenv = ANSIBLE_LIBRARY = {toxinidir}/ansible/library ANSIBLE_ACTION_PLUGINS = {toxinidir}/ansible/action_plugins ANSIBLE_FILTER_PLUGINS = {toxinidir}/ansible/filter_plugins + ANSIBLE_ROLES_PATH = {toxinidir}/ansible/roles deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}