From 91f578f2c0f96ecea5b0ec98691a4a6a4e9a3dae Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 11 Jul 2023 14:38:40 +0200 Subject: [PATCH] Fix linters issue and metadata With update of ansible-lint to version >=6.0.0 a lot of new linters were added, that enabled by default. In order to comply with linter rules we're applying changes to the role. With that we also update metdata to reflect current state. Change-Id: I13935aa1ae19449184053fc40cc64b09ed1ba9ef --- defaults/main.yml | 26 +++++++++++++++++--------- meta/main.yml | 10 +++++----- tasks/galera_client_main.yml | 6 ++++-- tasks/galera_devel_main.yml | 3 ++- tasks/galera_install_apt.yml | 20 ++++++++------------ tasks/galera_server_encryption.yml | 26 +++++++++++++++++++------- tasks/galera_server_install.yml | 7 +++++-- tasks/galera_server_main.yml | 21 ++++++++++++++------- tasks/galera_server_post_install.yml | 10 +++++----- tasks/galera_server_upgrade.yml | 3 ++- tasks/galera_server_upgrade_pre.yml | 5 ++--- tasks/main.yml | 9 ++++++--- vars/debian.yml | 4 +++- 13 files changed, 92 insertions(+), 58 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 782a59a1..ae219bbc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -79,7 +79,7 @@ galera_monitoring_max_connections: 10 # This can be replaced with other hostnames, cidr, ips, and ips + wildcards. # See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html # -#galera_monitoring_allowed_source: "0.0.0.0/0" +# galera_monitoring_allowed_source: "0.0.0.0/0" # Additional users to add or remove galera_additional_users: [] @@ -143,15 +143,15 @@ galera_wsrep_cluster_address: >- galera_wsrep_node_incoming_address: "{{ galera_wsrep_address }}" ## Cap the maximum number of threads / workers when a user value is unspecified. galera_wsrep_slave_threads_max: 16 -galera_wsrep_slave_threads: "{{ [[ansible_facts['processor_vcpus']|default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}" +galera_wsrep_slave_threads: "{{ [[ansible_facts['processor_vcpus'] | default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}" galera_wsrep_retry_autocommit: 3 galera_wsrep_debug: NONE galera_wsrep_sst_method: mariabackup galera_wsrep_provider_options: - { option: "gcache.size", value: "{{ galera_gcache_size }}" } - - { option: "gmcast.listen_addr", value: "tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port }}" } + - { option: "gmcast.listen_addr", value: "tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port }}" } galera_wsrep_sst_auth_user: "{{ galera_root_user }}" -galera_wsrep_sst_auth_password: "{{ galera_root_password }}" +galera_wsrep_sst_auth_password: "{{ galera_root_password }}" # mariabackup parallel/sync threads galera_mariabackup_threads: 4 @@ -227,7 +227,10 @@ galera_pki_install_ca: galera_pki_keys_path: "{{ galera_pki_dir ~ '/certs/private/' }}" galera_pki_certs_path: "{{ galera_pki_dir ~ '/certs/certs/' }}" galera_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('MariaDBIntermediate') }}" -galera_pki_intermediate_cert_path: "{{ galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt' }}" +galera_pki_intermediate_cert_path: >- + {{ + galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt' + }} galera_pki_regen_cert: '' galera_pki_certificates: - name: "galera_{{ ansible_facts['hostname'] }}" @@ -284,7 +287,7 @@ galera_pki_install_certificates: # Setting the following variable to 'yes' will disable the PrivateDevices galera_disable_privatedevices: "{{ _galera_disable_privatedevices }}" -#install and configure the galera client as well as the server +# install and configure the galera client as well as the server galera_install_client: false galera_client_package_install: "{{ galera_install_client }}" galera_client_package_state: "latest" @@ -296,13 +299,18 @@ galera_ssl_server: "{{ openstack_pki_setup_host | default('localhost') }}" ## Database info galera_db_setup_host: "{{ openstack_db_setup_host | default(galera_cluster_members[0] | default('localhost')) }}" -galera_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}" +galera_db_setup_python_interpreter: >- + {{ + openstack_db_setup_python_interpreter | default( + (galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']) + ) + }} # Configure backups of database # copies is the number of full backups to be kept, the corresponding # incremental backups will also be kept. Uses systemd timer instead of cron. galera_mariadb_backups_enabled: false -#galera_mariadb_backups_group_gid: +# galera_mariadb_backups_group_gid: galera_mariadb_backups_group_name: backups galera_mariadb_backups_path: "/var/backup/mariadb_backups" galera_mariadb_backups_full_copies: 2 @@ -314,7 +322,7 @@ galera_mariadb_backups_increment_on_calendar: - "*-*-* 12:00:00" - "*-*-* 18:00:00" galera_mariadb_backups_increment_randomized_delay_sec: 0 -#galera_mariadb_backups_user is the name of the mariadb database user +# galera_mariadb_backups_user is the name of the mariadb database user galera_mariadb_backups_user: galera_mariadb_backup galera_mariadb_backups_suffix: "{{ inventory_hostname }}" galera_mariadb_backups_cnf_file: "/etc/mysql/mariabackup.cnf" diff --git a/meta/main.yml b/meta/main.yml index 5dc84f6b..a2bafb76 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,19 +18,19 @@ galaxy_info: description: Installation galera server company: Rackspace license: Apache2 - min_ansible_version: 2.1 + min_ansible_version: "2.10" platforms: - name: Debian versions: - - buster + - bullseye - name: Ubuntu versions: - - bionic - focal + - jammy - name: EL versions: - - 8 - categories: + - "9" + galaxy_tags: - cloud - galera - mariadb diff --git a/tasks/galera_client_main.yml b/tasks/galera_client_main.yml index 6f8efdd8..77e612fe 100644 --- a/tasks/galera_client_main.yml +++ b/tasks/galera_client_main.yml @@ -17,11 +17,13 @@ set_fact: galera_packages_list: "{{ galera_client_distro_packages }}" -- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" +- name: Including distro-specific installation tasks + include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" when: - galera_client_package_install | bool -- include_tasks: galera_client_post_install.yml +- name: Including galera_client_post_install + include_tasks: galera_client_post_install.yml - name: Create and install SSL certificates include_role: diff --git a/tasks/galera_devel_main.yml b/tasks/galera_devel_main.yml index 6a870441..ffdca204 100644 --- a/tasks/galera_devel_main.yml +++ b/tasks/galera_devel_main.yml @@ -17,4 +17,5 @@ set_fact: galera_packages_list: "{{ galera_devel_distro_packages }}" -- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" +- name: Including distro-specific installation tasks + include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" diff --git a/tasks/galera_install_apt.yml b/tasks/galera_install_apt.yml index 9b21fd9e..27c3b7e5 100644 --- a/tasks/galera_install_apt.yml +++ b/tasks/galera_install_apt.yml @@ -23,10 +23,16 @@ src: "gpg/{{ item.id }}" dest: "{{ item.file }}" mode: '0644' - with_items: "{{ galera_gpg_keys | selectattr('file','defined') | list }}" + with_items: "{{ galera_gpg_keys | selectattr('file', 'defined') | list }}" - name: Install gpg keys - apt_key: "{{ key }}" + apt_key: + data: "{{ key['data'] | default(omit) }}" + file: "{{ key['file'] | default(omit) }}" + id: "{{ key['id'] | default(omit) }}" + state: "{{ key['state'] | default(omit) }}" + url: "{{ key['url'] | default(omit) }}" + validate_certs: "{{ key['validate_certs'] | default(omit) }}" with_items: "{{ galera_gpg_keys }}" loop_control: loop_var: key @@ -62,16 +68,6 @@ with_items: "{{ galera_debconf_items }}" no_log: yes -- name: Update Apt cache - apt: - update_cache: yes - when: - - add_galera_repo is changed - register: update_apt_cache - until: update_apt_cache is success - retries: 5 - delay: 2 - - name: Install galera role remote packages (apt) apt: name: "{{ galera_packages_list }}" diff --git a/tasks/galera_server_encryption.yml b/tasks/galera_server_encryption.yml index 7be1dd32..193a7394 100644 --- a/tasks/galera_server_encryption.yml +++ b/tasks/galera_server_encryption.yml @@ -29,7 +29,7 @@ config_type: "ini" notify: Restart all mysql -- name: use encryption with the file key management plugin +- name: Use encryption with the file key management plugin block: - name: Create encryption directory file: @@ -50,10 +50,11 @@ file: path: "{{ galera_db_encryption_tmp_dir }}" state: directory + mode: "0750" delegate_to: "localhost" run_once: true - - name: Create encryption keys if the user does not specify them and put them on the deploy host + - name: Create encryption keys if the user does not specify them and put them on the deploy host # noqa: no-changed-when risky-shell-pipe shell: "for i in {1..2}; do echo \"$i;$(openssl rand -hex 32)\"; done | tee {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys > /dev/null" delegate_to: "localhost" run_once: true @@ -61,14 +62,26 @@ - galera_db_encryption_keys is not defined - name: Create the encryption key file from the user provided galera_db_encryption_keys - shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" + shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" # noqa: no-changed-when delegate_to: "localhost" run_once: true when: - galera_db_encryption_keys is defined - name: Create an encrypted keyfile using encryption key - command: "openssl enc -aes-256-cbc -md sha1 -k {{ galera_db_encryption_password }} -in {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys -out {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc" + command: # noqa: no-changed-when + argv: + - openssl + - enc + - -aes-256-cbc + - -md + - sha1 + - -k + - "{{ galera_db_encryption_password }}" + - -in + - "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" + - -out + - "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc" delegate_to: "localhost" run_once: true @@ -78,7 +91,7 @@ dest: "/etc/mysql/encryption/keyfile.enc" owner: mysql group: mysql - mode: 0600 + mode: "0600" force: false # only copy the file if it does not exist notify: Restart all mysql @@ -88,7 +101,6 @@ dest: "/etc/mysql/encryption/.keyfile.key" owner: mysql group: mysql - mode: 0600 + mode: "0600" when: - galera_mariadb_encryption_plugin == "file_key_management" - diff --git a/tasks/galera_server_install.yml b/tasks/galera_server_install.yml index 8abd199b..b9444f5a 100644 --- a/tasks/galera_server_install.yml +++ b/tasks/galera_server_install.yml @@ -17,9 +17,11 @@ set_fact: galera_packages_list: "{{ galera_server_required_distro_packages + galera_server_mariadb_distro_packages }}" -- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" +- name: Including distro-specific installation tasks + include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml" -- include_tasks: galera_server_encryption.yml +- name: Including galera_server_encryption + include_tasks: galera_server_encryption.yml when: - galera_mariadb_encryption_enabled | bool tags: @@ -31,6 +33,7 @@ section: galera option: deployed value: true + mode: "0644" - name: Set the galera existing cluster fact set_fact: diff --git a/tasks/galera_server_main.yml b/tasks/galera_server_main.yml index 4aec775c..8f9a70dc 100644 --- a/tasks/galera_server_main.yml +++ b/tasks/galera_server_main.yml @@ -29,12 +29,13 @@ tags: - always -- name: initialize local facts +- name: Initialize local facts ini_file: dest: "/etc/ansible/facts.d/openstack_ansible.fact" section: "galera" option: initialized value: true + mode: "0644" - name: Refresh local facts setup: @@ -63,14 +64,16 @@ tags: - always -- include_tasks: galera_server_cluster_state.yml +- name: Including galera_server_cluster_state + include_tasks: galera_server_cluster_state.yml when: - galera_deployed | bool - not galera_ignore_cluster_state | bool tags: - always -- include_tasks: galera_server_upgrade.yml +- name: Including galera_server_upgrade + include_tasks: galera_server_upgrade.yml when: galera_deployed | bool args: apply: @@ -79,7 +82,8 @@ tags: - always -- include_tasks: galera_server_install.yml +- name: Including galera_server_install + include_tasks: galera_server_install.yml args: apply: tags: @@ -87,7 +91,8 @@ tags: - always -- include_tasks: galera_server_post_install.yml +- name: Including galera_server_post_install + include_tasks: galera_server_post_install.yml args: apply: tags: @@ -98,7 +103,8 @@ - name: Flush handlers meta: flush_handlers -- include_tasks: galera_server_setup.yml +- name: Including galera_server_setup + include_tasks: galera_server_setup.yml when: inventory_hostname == galera_server_bootstrap_node args: apply: @@ -107,7 +113,8 @@ tags: - always -- include_tasks: galera_server_backups.yml +- name: Including galera_server_backups + include_tasks: galera_server_backups.yml when: - galera_mariadb_backups_enabled | bool - inventory_hostname in galera_mariadb_backups_nodes diff --git a/tasks/galera_server_post_install.yml b/tasks/galera_server_post_install.yml index 34b700f5..6fb3cd71 100644 --- a/tasks/galera_server_post_install.yml +++ b/tasks/galera_server_post_install.yml @@ -90,10 +90,10 @@ file: path: "{{ item.path }}" state: "directory" - owner: "{{ item.owner|default('root') }}" - group: "{{ item.group|default('root') }}" - mode: "{{ item.mode|default('0755') }}" - recurse: "{{ item.recurse|default('false') }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default('root') }}" + mode: "{{ item.mode | default('0755') }}" + recurse: "{{ item.recurse | default('false') }}" with_items: - { path: "{{ galera_data_dir }}", owner: "mysql", mode: "02755" } - { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" } @@ -175,7 +175,7 @@ state: "link" force: "yes" -- name: remove default mysql_safe_syslog +- name: Remove default mysql_safe_syslog file: path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf" state: absent diff --git a/tasks/galera_server_upgrade.yml b/tasks/galera_server_upgrade.yml index 6e5b560a..ace546ec 100644 --- a/tasks/galera_server_upgrade.yml +++ b/tasks/galera_server_upgrade.yml @@ -37,7 +37,8 @@ tags: - galera_server-upgrade -- include_tasks: galera_server_upgrade_pre.yml +- name: Including galera_server_upgrade_pre + include_tasks: galera_server_upgrade_pre.yml when: - galera_upgrade | bool args: diff --git a/tasks/galera_server_upgrade_pre.yml b/tasks/galera_server_upgrade_pre.yml index b09ed04e..1060fa49 100644 --- a/tasks/galera_server_upgrade_pre.yml +++ b/tasks/galera_server_upgrade_pre.yml @@ -17,8 +17,8 @@ # a service may not yet exist on the target host. This will # cause the service stop task to fail. To cater for this # we only try to stop the service is it exists. -- name: Check whether a mysql service exists yet - shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$" # noqa command-instead-of-module risky-shell-pipe +- name: Check whether a mysql service exists yet # noqa command-instead-of-module risky-shell-pipe + shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$" args: executable: /bin/bash changed_when: false @@ -42,4 +42,3 @@ state: absent with_items: - "{{ galera_server_upgrade_packages_remove }}" - diff --git a/tasks/main.yml b/tasks/main.yml index 89291cad..c99c2ef1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -28,7 +28,8 @@ tags: - always -- include_tasks: galera_client_main.yml +- name: Including galera_client_main + include_tasks: galera_client_main.yml when: - galera_install_client | bool - inventory_hostname not in galera_cluster_members or galera_root_user != 'root' @@ -39,7 +40,8 @@ tags: - always -- include_tasks: galera_devel_main.yml +- name: Including galera_devel_main + include_tasks: galera_devel_main.yml when: - galera_install_devel | bool args: @@ -49,7 +51,8 @@ tags: - always -- include_tasks: galera_server_main.yml +- name: Including galera_server_main + include_tasks: galera_server_main.yml when: - galera_install_server | bool args: diff --git a/vars/debian.yml b/vars/debian.yml index 56e74372..73356b96 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -73,7 +73,9 @@ galera_debconf_items: vtype: "string" # Repositories -_galera_repo_url: "http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}" +_galera_repo_url: >- + http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }} + _galera_repo: repo: "deb {{ galera_repo_url }} {{ ansible_facts['distribution_release'] }} main" state: "present"