Merge "Fix linters issue and metadata"

2023-08-18 15:16:42 +00:00 · 2023-08-18 15:16:42 +00:00 · e8663b04ed
parent c12dc00258 91f578f2c0
commit e8663b04ed
13 changed files with 92 additions and 58 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -79,7 +79,7 @@ galera_monitoring_max_connections: 10
 # This can be replaced with other hostnames, cidr, ips, and ips + wildcards.
 # See https://www.freedesktop.org/software/systemd/man/systemd.resource-control.html
 #
-#galera_monitoring_allowed_source: "0.0.0.0/0"
+# galera_monitoring_allowed_source: "0.0.0.0/0"

 # Additional users to add or remove
 galera_additional_users: []
@ -143,15 +143,15 @@ galera_wsrep_cluster_address: >-
 galera_wsrep_node_incoming_address: "{{ galera_wsrep_address }}"
 ## Cap the maximum number of threads / workers when a user value is unspecified.
 galera_wsrep_slave_threads_max: 16
-galera_wsrep_slave_threads: "{{ [[ansible_facts['processor_vcpus']|default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}"
+galera_wsrep_slave_threads: "{{ [[ansible_facts['processor_vcpus'] | default(2), 2] | max, galera_wsrep_slave_threads_max] | min }}"
 galera_wsrep_retry_autocommit: 3
 galera_wsrep_debug: NONE
 galera_wsrep_sst_method: mariabackup
 galera_wsrep_provider_options:
  - { option: "gcache.size", value: "{{ galera_gcache_size }}" }
-  - { option: "gmcast.listen_addr", value: "tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port  }}" }
+  - { option: "gmcast.listen_addr", value: "tcp://{{ galera_wsrep_node_incoming_address }}:{{ galera_wsrep_cluster_port }}" }
 galera_wsrep_sst_auth_user: "{{ galera_root_user }}"
-galera_wsrep_sst_auth_password: "{{ galera_root_password  }}"
+galera_wsrep_sst_auth_password: "{{ galera_root_password }}"

 # mariabackup parallel/sync threads
 galera_mariabackup_threads: 4
@ -227,7 +227,10 @@ galera_pki_install_ca:
 galera_pki_keys_path: "{{ galera_pki_dir ~ '/certs/private/' }}"
 galera_pki_certs_path: "{{ galera_pki_dir ~ '/certs/certs/' }}"
 galera_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name | default('MariaDBIntermediate') }}"
-galera_pki_intermediate_cert_path: "{{ galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt' }}"
+galera_pki_intermediate_cert_path: >-
+  {{
+    galera_pki_dir ~ '/roots/' ~ galera_pki_intermediate_cert_name ~ '/certs/' ~ galera_pki_intermediate_cert_name ~ '.crt'
+  }}
 galera_pki_regen_cert: ''
 galera_pki_certificates:
  - name: "galera_{{ ansible_facts['hostname'] }}"
@ -284,7 +287,7 @@ galera_pki_install_certificates:
 # Setting the following variable to 'yes' will disable the PrivateDevices
 galera_disable_privatedevices: "{{ _galera_disable_privatedevices }}"

-#install and configure the galera client as well as the server
+# install and configure the galera client as well as the server
 galera_install_client: false
 galera_client_package_install: "{{ galera_install_client }}"
 galera_client_package_state: "latest"
@ -296,13 +299,18 @@ galera_ssl_server: "{{ openstack_pki_setup_host | default('localhost') }}"

 ## Database info
 galera_db_setup_host: "{{ openstack_db_setup_host | default(galera_cluster_members[0] | default('localhost')) }}"
-galera_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+galera_db_setup_python_interpreter: >-
+  {{
+    openstack_db_setup_python_interpreter | default(
+      (galera_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])
+    )
+  }}

 # Configure backups of database
 # copies is the number of full backups to be kept, the corresponding
 # incremental backups will also be kept. Uses systemd timer instead of cron.
 galera_mariadb_backups_enabled: false
-#galera_mariadb_backups_group_gid: <specify a GID>
+# galera_mariadb_backups_group_gid: <specify a GID>
 galera_mariadb_backups_group_name: backups
 galera_mariadb_backups_path: "/var/backup/mariadb_backups"
 galera_mariadb_backups_full_copies: 2
@ -314,7 +322,7 @@ galera_mariadb_backups_increment_on_calendar:
  - "*-*-* 12:00:00"
  - "*-*-* 18:00:00"
 galera_mariadb_backups_increment_randomized_delay_sec: 0
-#galera_mariadb_backups_user is the name of the mariadb database user
+# galera_mariadb_backups_user is the name of the mariadb database user
 galera_mariadb_backups_user: galera_mariadb_backup
 galera_mariadb_backups_suffix: "{{ inventory_hostname }}"
 galera_mariadb_backups_cnf_file: "/etc/mysql/mariabackup.cnf"
--- a/meta/main.yml
+++ b/meta/main.yml
@ -18,19 +18,19 @@ galaxy_info:
  description: Installation galera server
  company: Rackspace
  license: Apache2
-  min_ansible_version: 2.1
+  min_ansible_version: "2.10"
  platforms:
    - name: Debian
      versions:
-        - buster
+        - bullseye
    - name: Ubuntu
      versions:
-        - bionic
        - focal
+        - jammy
    - name: EL
      versions:
-        - 8
-  categories:
+        - "9"
+  galaxy_tags:
    - cloud
    - galera
    - mariadb
--- a/tasks/galera_client_main.yml
+++ b/tasks/galera_client_main.yml
@ -17,11 +17,13 @@
  set_fact:
    galera_packages_list: "{{ galera_client_distro_packages }}"

- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including distro-specific installation tasks
+  include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
  when:
    - galera_client_package_install | bool

- include_tasks: galera_client_post_install.yml
+- name: Including galera_client_post_install
+  include_tasks: galera_client_post_install.yml

 - name: Create and install SSL certificates
  include_role:
--- a/tasks/galera_devel_main.yml
+++ b/tasks/galera_devel_main.yml
@ -17,4 +17,5 @@
  set_fact:
    galera_packages_list: "{{ galera_devel_distro_packages }}"

- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including distro-specific installation tasks
+  include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
--- a/tasks/galera_install_apt.yml
+++ b/tasks/galera_install_apt.yml
@ -23,10 +23,16 @@
    src: "gpg/{{ item.id }}"
    dest: "{{ item.file }}"
    mode: '0644'
-  with_items: "{{ galera_gpg_keys | selectattr('file','defined') | list }}"
+  with_items: "{{ galera_gpg_keys | selectattr('file', 'defined') | list }}"

 - name: Install gpg keys
-  apt_key: "{{ key }}"
+  apt_key:
+    data: "{{ key['data'] | default(omit) }}"
+    file: "{{ key['file'] | default(omit) }}"
+    id: "{{ key['id'] | default(omit) }}"
+    state: "{{ key['state'] | default(omit) }}"
+    url: "{{ key['url'] | default(omit) }}"
+    validate_certs: "{{ key['validate_certs'] | default(omit) }}"
  with_items: "{{ galera_gpg_keys }}"
  loop_control:
    loop_var: key
@ -62,16 +68,6 @@
  with_items: "{{ galera_debconf_items }}"
  no_log: yes

- name: Update Apt cache
-  apt:
-    update_cache: yes
-  when:
-    - add_galera_repo is changed
-  register: update_apt_cache
-  until: update_apt_cache is success
-  retries: 5
-  delay: 2
-
 - name: Install galera role remote packages (apt)
  apt:
    name: "{{ galera_packages_list }}"
--- a/tasks/galera_server_encryption.yml
+++ b/tasks/galera_server_encryption.yml
@ -29,7 +29,7 @@
      config_type: "ini"
  notify: Restart all mysql

- name: use encryption with the file key management plugin
+- name: Use encryption with the file key management plugin
  block:
    - name: Create encryption directory
      file:
@ -50,10 +50,11 @@
      file:
        path: "{{ galera_db_encryption_tmp_dir }}"
        state: directory
+        mode: "0750"
      delegate_to: "localhost"
      run_once: true

-    - name: Create encryption keys if the user does not specify them and put them on the deploy host
+    - name: Create encryption keys if the user does not specify them and put them on the deploy host  # noqa: no-changed-when risky-shell-pipe
      shell: "for i in {1..2}; do echo \"$i;$(openssl rand -hex 32)\"; done | tee {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys > /dev/null"
      delegate_to: "localhost"
      run_once: true
@ -61,14 +62,26 @@
        - galera_db_encryption_keys is not defined

    - name: Create the encryption key file from the user provided galera_db_encryption_keys
-      shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys"
+      shell: "echo '{{ galera_db_encryption_keys }}' > {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys" # noqa: no-changed-when
      delegate_to: "localhost"
      run_once: true
      when:
        - galera_db_encryption_keys is defined

    - name: Create an encrypted keyfile using encryption key
-      command: "openssl enc -aes-256-cbc -md sha1 -k {{ galera_db_encryption_password }} -in {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys -out {{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc"
+      command: # noqa: no-changed-when
+        argv:
+          - openssl
+          - enc
+          - -aes-256-cbc
+          - -md
+          - sha1
+          - -k
+          - "{{ galera_db_encryption_password }}"
+          - -in
+          - "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keys"
+          - -out
+          - "{{ galera_db_encryption_tmp_dir }}/mysql_encryption_keyfile.enc"
      delegate_to: "localhost"
      run_once: true

@ -78,7 +91,7 @@
        dest: "/etc/mysql/encryption/keyfile.enc"
        owner: mysql
        group: mysql
-        mode: 0600
+        mode: "0600"
        force: false  # only copy the file if it does not exist
      notify: Restart all mysql

@ -88,7 +101,6 @@
        dest: "/etc/mysql/encryption/.keyfile.key"
        owner: mysql
        group: mysql
-        mode: 0600
+        mode: "0600"
  when:
    - galera_mariadb_encryption_plugin == "file_key_management"
-
--- a/tasks/galera_server_install.yml
+++ b/tasks/galera_server_install.yml
@ -17,9 +17,11 @@
  set_fact:
    galera_packages_list: "{{ galera_server_required_distro_packages + galera_server_mariadb_distro_packages }}"

- include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including distro-specific installation tasks
+  include_tasks: "galera_install_{{ ansible_facts['pkg_mgr'] }}.yml"

- include_tasks: galera_server_encryption.yml
+- name: Including galera_server_encryption
+  include_tasks: galera_server_encryption.yml
  when:
    - galera_mariadb_encryption_enabled | bool
  tags:
@ -31,6 +33,7 @@
    section: galera
    option: deployed
    value: true
+    mode: "0644"

 - name: Set the galera existing cluster fact
  set_fact:
--- a/tasks/galera_server_main.yml
+++ b/tasks/galera_server_main.yml
@ -29,12 +29,13 @@
  tags:
    - always

- name: initialize local facts
+- name: Initialize local facts
  ini_file:
    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
    section: "galera"
    option: initialized
    value: true
+    mode: "0644"

 - name: Refresh local facts
  setup:
@ -63,14 +64,16 @@
  tags:
    - always

- include_tasks: galera_server_cluster_state.yml
+- name: Including galera_server_cluster_state
+  include_tasks: galera_server_cluster_state.yml
  when:
    - galera_deployed | bool
    - not galera_ignore_cluster_state | bool
  tags:
    - always

- include_tasks: galera_server_upgrade.yml
+- name: Including galera_server_upgrade
+  include_tasks: galera_server_upgrade.yml
  when: galera_deployed | bool
  args:
    apply:
@ -79,7 +82,8 @@
  tags:
    - always

- include_tasks: galera_server_install.yml
+- name: Including galera_server_install
+  include_tasks: galera_server_install.yml
  args:
    apply:
      tags:
@ -87,7 +91,8 @@
  tags:
    - always

- include_tasks: galera_server_post_install.yml
+- name: Including galera_server_post_install
+  include_tasks: galera_server_post_install.yml
  args:
    apply:
      tags:
@ -98,7 +103,8 @@
 - name: Flush handlers
  meta: flush_handlers

- include_tasks: galera_server_setup.yml
+- name: Including galera_server_setup
+  include_tasks: galera_server_setup.yml
  when: inventory_hostname == galera_server_bootstrap_node
  args:
    apply:
@ -107,7 +113,8 @@
  tags:
    - always

- include_tasks: galera_server_backups.yml
+- name: Including galera_server_backups
+  include_tasks: galera_server_backups.yml
  when:
    - galera_mariadb_backups_enabled | bool
    - inventory_hostname in galera_mariadb_backups_nodes
--- a/tasks/galera_server_post_install.yml
+++ b/tasks/galera_server_post_install.yml
@ -90,10 +90,10 @@
  file:
    path: "{{ item.path }}"
    state: "directory"
-    owner: "{{ item.owner|default('root') }}"
-    group: "{{ item.group|default('root') }}"
-    mode: "{{ item.mode|default('0755') }}"
-    recurse: "{{ item.recurse|default('false') }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+    mode: "{{ item.mode | default('0755') }}"
+    recurse: "{{ item.recurse | default('false') }}"
  with_items:
    - { path: "{{ galera_data_dir }}", owner: "mysql", mode: "02755" }
    - { path: "{{ galera_tmp_dir }}", owner: "mysql", mode: "02755" }
@ -175,7 +175,7 @@
    state: "link"
    force: "yes"

- name: remove default mysql_safe_syslog
+- name: Remove default mysql_safe_syslog
  file:
    path: "/etc/mysql/conf.d/mysqld_safe_syslog.cnf"
    state: absent
--- a/tasks/galera_server_upgrade.yml
+++ b/tasks/galera_server_upgrade.yml
@ -37,7 +37,8 @@
  tags:
    - galera_server-upgrade

- include_tasks: galera_server_upgrade_pre.yml
+- name: Including galera_server_upgrade_pre
+  include_tasks: galera_server_upgrade_pre.yml
  when:
    - galera_upgrade | bool
  args:
--- a/tasks/galera_server_upgrade_pre.yml
+++ b/tasks/galera_server_upgrade_pre.yml
@ -17,8 +17,8 @@
 # a service may not yet exist on the target host. This will
 # cause the service stop task to fail. To cater for this
 # we only try to stop the service is it exists.
- name: Check whether a mysql service exists yet
-  shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$" # noqa command-instead-of-module risky-shell-pipe
+- name: Check whether a mysql service exists yet # noqa command-instead-of-module risky-shell-pipe
+  shell: systemctl list-unit-files --state=enabled --type=service | grep "^{{ galera_mariadb_service_name }}.service .* enabled$"
  args:
    executable: /bin/bash
  changed_when: false
@ -42,4 +42,3 @@
    state: absent
  with_items:
    - "{{ galera_server_upgrade_packages_remove }}"
-
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -28,7 +28,8 @@
  tags:
    - always

- include_tasks: galera_client_main.yml
+- name: Including galera_client_main
+  include_tasks: galera_client_main.yml
  when:
    - galera_install_client | bool
    - inventory_hostname not in galera_cluster_members or galera_root_user != 'root'
@ -39,7 +40,8 @@
  tags:
    - always

- include_tasks: galera_devel_main.yml
+- name: Including galera_devel_main
+  include_tasks: galera_devel_main.yml
  when:
    - galera_install_devel | bool
  args:
@ -49,7 +51,8 @@
  tags:
    - always

- include_tasks: galera_server_main.yml
+- name: Including galera_server_main
+  include_tasks: galera_server_main.yml
  when:
    - galera_install_server | bool
  args:
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -73,7 +73,9 @@ galera_debconf_items:
    vtype: "string"

 # Repositories
-_galera_repo_url: "http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}"
+_galera_repo_url: >-
+  http://{{ galera_repo_host }}/MariaDB/mariadb-{{ galera_major_version }}.{{ galera_minor_version }}/repo/{{ ansible_facts['distribution'] | lower }}
+
 _galera_repo:
  repo: "deb {{ galera_repo_url }} {{ ansible_facts['distribution_release'] }} main"
  state: "present"