Fix linters issue and metadata

With update of ansible-lint to version >=6.0.0 a lot of new linters were added, that enabled by default. In order to comply with linter rules we're applying changes to the role. With that we also update metdata to reflect current state. Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef
2023-07-11 14:38:40 +02:00 · 2023-07-11 14:38:40 +02:00 · 91f578f2c0
parent cef3aa94f6
commit 91f578f2c0
13 changed files with 92 additions and 58 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -79,7 +79,7 @@ galera_monitoring_max_connections: 10
 # This can be replaced with other hostnames, cidr, ips, and ips + wildcards.
 # See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
 #
-#galera_monitoring_allowed_source: "0.0.0.0/0"
+# galera_monitoring_allowed_source: "0.0.0.0/0"

 # Additional users to add or remove
 galera_additional_users: []
@ -143,15 +143,15 @@ galera_wsrep_cluster_address: >-
 galera_wsrep_node_incoming_address: "{{ galera_wsrep_address }}"
 ## Cap the maximum number of threads / workers when a user value is unspecified.
 galera_wsrep_slave_threads_max: 16
-galera_wsrep_slave_threads: "{{ [[ansible_facts['processor_vcpus']|default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}"
+galera_wsrep_slave_threads: "{{ [[ansible_facts['processor_vcpus'] | default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}"
 galera_wsrep_retry_autocommit: 3
 galera_wsrep_debug: NONE
 galera_wsrep_sst_method: mariabackup
 galera_wsrep_provider_options:
  - { option: "gcache.size", value: "{{ galera_gcache_size }}" }
-  - { option: "gmcast.listen_addr", value: "tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port  }}" }
+  - { option: "gmcast.listen_addr", value: "tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port }}" }
 galera_wsrep_sst_auth_user: "{{ galera_root_user }}"
-galera_wsrep_sst_auth_password: "{{ galera_root_password  }}"
+galera_wsrep_sst_auth_password: "{{ galera_root_password }}"

 # mariabackup parallel/sync threads
 galera_mariabackup_threads: 4
@ -227,7 +227,10 @@ galera_pki_install_ca:
 galera_pki_keys_path: "{{ galera_pki_dir ~ '/certs/private/' }}"
 galera_pki_certs_path: "{{ galera_pki_dir ~ '/certs/certs/' }}"
 galera_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('MariaDBIntermediate') }}"
-galera_pki_intermediate_cert_path: "{{ galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt' }}"
+galera_pki_intermediate_cert_path: >-
+  {{
+    galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt'
+  }}
 galera_pki_regen_cert: ''
 galera_pki_certificates:
  - name: "galera_{{ ansible_facts['hostname'] }}"
@ -284,7 +287,7 @@ galera_pki_install_certificates:
 # Setting the following variable to 'yes' will disable the PrivateDevices
 galera_disable_privatedevices: "{{ _galera_disable_privatedevices }}"

-#install and configure the galera client as well as the server
+# install and configure the galera client as well as the server
 galera_install_client: false
 galera_client_package_install: "{{ galera_install_client }}"
 galera_client_package_state: "latest"
@ -296,13 +299,18 @@ galera_ssl_server: "{{ openstack_pki_setup_host | default('localhost') }}"

 ## Database info
 galera_db_setup_host: "{{ openstack_db_setup_host | default(galera_cluster_members[0] | default('localhost')) }}"
-galera_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+galera_db_setup_python_interpreter: >-
+  {{
+    openstack_db_setup_python_interpreter | default(
+      (galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])
+    )
+  }}

 # Configure backups of database
 # copies is the number of full backups to be kept, the corresponding
 # incremental backups will also be kept. Uses systemd timer instead of cron.
 galera_mariadb_backups_enabled: false
-#galera_mariadb_backups_group_gid: <specify a GID>
+# galera_mariadb_backups_group_gid: <specify a GID>
 galera_mariadb_backups_group_name: backups
 galera_mariadb_backups_path: "/var/backup/mariadb_backups"
 galera_mariadb_backups_full_copies: 2
@ -314,7 +322,7 @@ galera_mariadb_backups_increment_on_calendar:
  - "*-*-* 12:00:00"
  - "*-*-* 18:00:00"
 galera_mariadb_backups_increment_randomized_delay_sec: 0
-#galera_mariadb_backups_user is the name of the mariadb database user
+# galera_mariadb_backups_user is the name of the mariadb database user
 galera_mariadb_backups_user: galera_mariadb_backup
 galera_mariadb_backups_suffix: "{{ inventory_hostname }}"
 galera_mariadb_backups_cnf_file: "/etc/mysql/mariabackup.cnf"
--- a/meta/main.yml
+++ b/meta/main.yml
@ -18,19 +18,19 @@ galaxy_info:
  description: Installation galera server
  company: Rackspace
  license: Apache2
-  min_ansible_version: 2.1
+  min_ansible_version: "2.10"
  platforms:
    - name: Debian
      versions:
-        - buster
+        - bullseye
    - name: Ubuntu
      versions:
-        - bionic
        - focal
+        - jammy
    - name: EL
      versions:
-        - 8
-  categories:
+        - "9"
+  galaxy_tags:
    - cloud
    - galera
    - mariadb
--- a/tasks/galera_client_main.yml
+++ b/tasks/galera_client_main.yml
@ -17,11 +17,13 @@
  set_fact:
    galera_packages_list: "{{ galera_client_distro_packages }}"

- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including distro-specific installation tasks
+  include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
  when:
    - galera_client_package_install | bool

- include_tasks: galera_client_post_install.yml
+- name: Including galera_client_post_install
+  include_tasks: galera_client_post_install.yml

 - name: Create and install SSL certificates
  include_role:
--- a/tasks/galera_devel_main.yml
+++ b/tasks/galera_devel_main.yml
@ -17,4 +17,5 @@
  set_fact:
    galera_packages_list: "{{ galera_devel_distro_packages }}"

- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including distro-specific installation tasks
+  include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
--- a/tasks/galera_install_apt.yml
+++ b/tasks/galera_install_apt.yml
@ -23,10 +23,16 @@
    src: "gpg/{{ item.id }}"
    dest: "{{ item.file }}"
    mode: '0644'
-  with_items: "{{ galera_gpg_keys | selectattr('file','defined') | list }}"
+  with_items: "{{ galera_gpg_keys | selectattr('file', 'defined') | list }}"

 - name: Install gpg keys
-  apt_key: "{{ key }}"
+  apt_key:
+    data: "{{ key['data'] | default(omit) }}"
+    file: "{{ key['file'] | default(omit) }}"
+    id: "{{ key['id'] | default(omit) }}"
+    state: "{{ key['state'] | default(omit) }}"
+    url: "{{ key['url'] | default(omit) }}"
+    validate_certs: "{{ key['validate_certs'] | default(omit) }}"
  with_items: "{{ galera_gpg_keys }}"
  loop_control:
    loop_var: key
@ -62,16 +68,6 @@
  with_items: "{{ galera_debconf_items }}"
  no_log: yes

- name: Update Apt cache
-  apt:
-    update_cache: yes
-  when:
-    - add_galera_repo is changed
-  register: update_apt_cache
-  until: update_apt_cache is success
-  retries: 5
-  delay: 2
-
 - name: Install galera role remote packages (apt)
  apt:
    name: "{{ galera_packages_list }}"
--- a/tasks/galera_server_encryption.yml
+++ b/tasks/galera_server_encryption.yml
@ -29,7 +29,7 @@
      config_type: "ini"
  notify: Restart all mysql

- name: use encryption with the file key management plugin
+- name: Use encryption with the file key management plugin
  block:
    - name: Create encryption directory
      file:
@ -50,10 +50,11 @@
      file:
        path: "{{ galera_db_encryption_tmp_dir }}"
        state: directory
+        mode: "0750"
      delegate_to: "localhost"
      run_once: true

-    - name: Create encryption keys if the user does not specify them and put them on the deploy host
+    - name: Create encryption keys if the user does not specify them and put them on the deploy host  # noqa: no-changed-when risky-shell-pipe
      shell: "for i in {1..2}; do echo \"$i;$(openssl rand -hex 32)\"; done | tee {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys > /dev/null"
      delegate_to: "localhost"
      run_once: true
@ -61,14 +62,26 @@
        - galera_db_encryption_keys is not defined

    - name: Create the encryption key file from the user provided galera_db_encryption_keys
-      shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys"
+      shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" # noqa: no-changed-when
      delegate_to: "localhost"
      run_once: true
      when:
        - galera_db_encryption_keys is defined

    - name: Create an encrypted keyfile using encryption key
-      command: "openssl enc -aes-256-cbc -md sha1 -k {{ galera_db_encryption_password }} -in {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys -out {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc"
+      command: # noqa: no-changed-when
+        argv:
+          - openssl
+          - enc
+          - -aes-256-cbc
+          - -md
+          - sha1
+          - -k
+          - "{{ galera_db_encryption_password }}"
+          - -in
+          - "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys"
+          - -out
+          - "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc"
      delegate_to: "localhost"
      run_once: true

@ -78,7 +91,7 @@
        dest: "/etc/mysql/encryption/keyfile.enc"
        owner: mysql
        group: mysql
-        mode: 0600
+        mode: "0600"
        force: false  # only copy the file if it does not exist
      notify: Restart all mysql

@ -88,7 +101,6 @@
        dest: "/etc/mysql/encryption/.keyfile.key"
        owner: mysql
        group: mysql
-        mode: 0600
+        mode: "0600"
  when:
    - galera_mariadb_encryption_plugin == "file_key_management"
-
--- a/tasks/galera_server_install.yml
+++ b/tasks/galera_server_install.yml
@ -17,9 +17,11 @@
  set_fact:
    galera_packages_list: "{{ galera_server_required_distro_packages + galera_server_mariadb_distro_packages }}"

- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including distro-specific installation tasks
+  include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"

- include_tasks: galera_server_encryption.yml
+- name: Including galera_server_encryption
+  include_tasks: galera_server_encryption.yml
  when:
    - galera_mariadb_encryption_enabled | bool
  tags:
@ -31,6 +33,7 @@
    section: galera
    option: deployed
    value: true
+    mode: "0644"

 - name: Set the galera existing cluster fact
  set_fact:
--- a/tasks/galera_server_main.yml
+++ b/tasks/galera_server_main.yml
@ -29,12 +29,13 @@
  tags:
    - always

- name: initialize local facts
+- name: Initialize local facts
  ini_file:
    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
    section: "galera"
    option: initialized
    value: true
+    mode: "0644"

 - name: Refresh local facts
  setup:
@ -63,14 +64,16 @@
  tags:
    - always

- include_tasks: galera_server_cluster_state.yml
+- name: Including galera_server_cluster_state
+  include_tasks: galera_server_cluster_state.yml
  when:
    - galera_deployed | bool
    - not galera_ignore_cluster_state | bool
  tags:
    - always

- include_tasks: galera_server_upgrade.yml
+- name: Including galera_server_upgrade
+  include_tasks: galera_server_upgrade.yml
  when: galera_deployed | bool
  args:
    apply:
@ -79,7 +82,8 @@
  tags:
    - always

- include_tasks: galera_server_install.yml
+- name: Including galera_server_install
+  include_tasks: galera_server_install.yml
  args:
    apply:
      tags:
@ -87,7 +91,8 @@
  tags:
    - always

- include_tasks: galera_server_post_install.yml
+- name: Including galera_server_post_install
+  include_tasks: galera_server_post_install.yml
  args:
    apply:
      tags:
@ -98,7 +103,8 @@
 - name: Flush handlers
  meta: flush_handlers

- include_tasks: galera_server_setup.yml
+- name: Including galera_server_setup
+  include_tasks: galera_server_setup.yml
  when: inventory_hostname == galera_server_bootstrap_node
  args:
    apply:
@ -107,7 +113,8 @@
  tags:
    - always

- include_tasks: galera_server_backups.yml
+- name: Including galera_server_backups
+  include_tasks: galera_server_backups.yml
  when:
    - galera_mariadb_backups_enabled | bool
    - inventory_hostname in galera_mariadb_backups_nodes
--- a/tasks/galera_server_post_install.yml
+++ b/tasks/galera_server_post_install.yml
@ -90,10 +90,10 @@
  file:
    path: "{{ item.path }}"
    state: "directory"
-    owner: "{{ item.owner|default('root') }}"
-    group: "{{ item.group|default('root') }}"
-    mode: "{{ item.mode|default('0755') }}"
-    recurse: "{{ item.recurse|default('false') }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0755') }}"
+    recurse: "{{ item.recurse | default('false') }}"
  with_items:
    - { path: "{{ galera_data_dir }}", owner: "mysql", mode: "02755" }
    - { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" }
@ -175,7 +175,7 @@
    state: "link"
    force: "yes"

- name: remove default mysql_safe_syslog
+- name: Remove default mysql_safe_syslog
  file:
    path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf"
    state: absent
--- a/tasks/galera_server_upgrade.yml
+++ b/tasks/galera_server_upgrade.yml
@ -37,7 +37,8 @@
  tags:
    - galera_server-upgrade

- include_tasks: galera_server_upgrade_pre.yml
+- name: Including galera_server_upgrade_pre
+  include_tasks: galera_server_upgrade_pre.yml
  when:
    - galera_upgrade | bool
  args:
--- a/tasks/galera_server_upgrade_pre.yml
+++ b/tasks/galera_server_upgrade_pre.yml
@ -17,8 +17,8 @@
 # a service may not yet exist on the target host. This will
 # cause the service stop task to fail. To cater for this
 # we only try to stop the service is it exists.
- name: Check whether a mysql service exists yet
-  shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$" # noqa command-instead-of-module risky-shell-pipe
+- name: Check whether a mysql service exists yet # noqa command-instead-of-module risky-shell-pipe
+  shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$"
  args:
    executable: /bin/bash
  changed_when: false
@ -42,4 +42,3 @@
    state: absent
  with_items:
    - "{{ galera_server_upgrade_packages_remove }}"
-
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -28,7 +28,8 @@
  tags:
    - always

- include_tasks: galera_client_main.yml
+- name: Including galera_client_main
+  include_tasks: galera_client_main.yml
  when:
    - galera_install_client | bool
    - inventory_hostname not in galera_cluster_members or galera_root_user != 'root'
@ -39,7 +40,8 @@
  tags:
    - always

- include_tasks: galera_devel_main.yml
+- name: Including galera_devel_main
+  include_tasks: galera_devel_main.yml
  when:
    - galera_install_devel | bool
  args:
@ -49,7 +51,8 @@
  tags:
    - always

- include_tasks: galera_server_main.yml
+- name: Including galera_server_main
+  include_tasks: galera_server_main.yml
  when:
    - galera_install_server | bool
  args:
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -73,7 +73,9 @@ galera_debconf_items:
    vtype: "string"

 # Repositories
-_galera_repo_url: "http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}"
+_galera_repo_url: >-
+  http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}
+
 _galera_repo:
  repo: "deb {{ galera_repo_url }} {{ ansible_facts['distribution_release'] }} main"
  state: "present"