Newer ansbile-lint finds "when" or "become" statements that are at the
end of blocks. Ordering these before the block seems like a very
logical thing to do, as we read from top-to-bottom so it's good to see
if the block will execute or not.
This is a no-op, and just moves the places the newer linter found.
Change-Id: If4d1dc4343ea2575c64510e1829c3fe02d6c273f
ansible-lint's name[template] check looks for templates and says they
should only be at the end of the string. This is because in many
circumstances, including errors, the name can't be templated in -- so
the message has a chance of not making sense. Honestly I can never
remember when it's safe to use templates in names and not; this seems
reasonable enough compromise.
Change-Id: I3a415c7706494f393b126b36d7eec7193638a3f1
This is preparation for a later version of ansbile-lint, which finds
missing names on blocks. This seems a reasonable rule, and the
Ansible manual says [1]
Names for blocks have been available since Ansible 2.3. We recommend
using names in all tasks, within blocks or elsewhere, for better
visibility into the tasks being executed when you run the playbook.
This simply adds a name tag for blocks that are missing it. This
should have no operational change, but allows us to update the linter
in a follow-on change.
[1] https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html
Change-Id: I92ed4616775650aced352bc9088a07e919f1a25f
There are over 490 .yaml files but only a few .yml, let's rename to be
consistent.
Add a test to block .yml files.
Change-Id: I2f1354de82f231154d926b51d9812b1e9c1a6202
Using become_user only works if either the ansible_user is root
or pipeling is enabled. Use become instead to avoid the dependency
on pipelining being enabled.
Change-Id: I2ca65ab38b51d4949295674abfe594ce26fe35a1
The role to distribute the build ssh key to a user uses the "copy"
module in combination with become_user. When the target user is not
root, this does not work because the ansible user is not root
either and "copy" is not compatible with pipelining:
http://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user
To solve the issue run the copy as root and set the owner of the
target file. Use the "user" module to resolve "~" to the target user
home directory.
Change-Id: Ic66eb2b14bc55a412dfa73aa0722cd59887a4e83
Run the first task in the block, with become_user since the zuul
user may not access a generic use .ssh folder.
Depends-on: https://review.openstack.org/550091
Change-Id: I4ce120412079fe92502eee5310a03664aa55d5ce
This role also sets up authorized_keys so that inter-node ssh works
between the hosts for alternative users.
This role will be useful for things like devstack, which require an
additional user be able to ssh around for things like nova's migrations.
The role can be called multiple times, with a different target user each
time. It is assumed that the user already exists.
Change-Id: I5972d66a48802fce0c1ebb885be00c5803ff0e9a
Ian Wienand