From 3cf5320038cac7d98f9b0a313697ba0c56973ddb Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Thu, 13 Jul 2023 13:58:50 +0200 Subject: [PATCH] Fix linters issue and metadata With update of ansible-lint to version >=6.0.0 a lot of new linters were added, that enabled by default. In order to comply with linter rules we're applying changes to the role. With that we also update metdata to reflect current state. Change-Id: Ide0ca8cf60f3a92c98543465d53bc4720067b153 --- defaults/main.yml | 11 +++++----- meta/main.yml | 12 ++++++----- tasks/configure_metal_hosts.yml | 12 +++++++---- tasks/main.yml | 27 +++++++++++++++++-------- tasks/openstack_gitconfig.yml | 1 + tasks/openstack_hosts_configure_apt.yml | 3 ++- tasks/openstack_hosts_configure_dnf.yml | 15 ++++++++------ tasks/openstack_hosts_configure_yum.yml | 8 +++++--- tasks/openstack_release.yml | 1 + vars/debian.yml | 8 ++++++-- vars/redhat-9.yml | 6 ++++-- vars/ubuntu-22.04.yml | 4 +++- 12 files changed, 71 insertions(+), 37 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6e4002c5..45e83a7c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -49,9 +49,9 @@ openstack_host_custom_hosts_records: [] openstack_host_specific_kernel_modules: [] # If you want to include some specific modules per group # of hosts, override this with a group/host var, like below: -#openstack_host_specific_kernel_modules: -# - name: "ebtables" -# pattern: "CONFIG_BRIDGE_NF_EBTABLES" +# openstack_host_specific_kernel_modules: +# - name: "ebtables" +# pattern: "CONFIG_BRIDGE_NF_EBTABLES" ## Where: ## :param name: name of the kernel module ## :param pattern: pattern to grep for in /boot/config-$kernel_version to check how module is configured inside kernel @@ -168,7 +168,8 @@ openstack_hosts_rdo_repo_type: trunk openstack_hosts_rdo_mirror_url: 'https://trunk.rdoproject.org' openstack_hosts_rdo_repo_url: "{{ _openstack_hosts_rdo_repo_url }}" openstack_hosts_rdo_deps_url: "{{ _openstack_hosts_rdo_deps_url }}" -openstack_hosts_power_tool_enable: "{{ ('repo_all' in groups or 'manila_all' in groups or 'gnocchi_all' in groups or install_method | default('source') == 'distro') }}" +openstack_hosts_power_tool_enable: >- + {{ ('repo_all' in groups or 'manila_all' in groups or 'gnocchi_all' in groups or install_method | default('source') == 'distro') }} # Keep a history of systemd journals on disk after reboots openstack_host_keep_journals: yes @@ -176,7 +177,7 @@ openstack_host_keep_journals: yes # Enable/Disable the yum fastestmirror plugin openstack_hosts_enable_yum_fastestmirror: yes -#user supplied list of CA certificates to copy to hosts from the deploy host +# user supplied list of CA certificates to copy to hosts from the deploy host # example: # - name: SnakeOilCorp.crt #the filename created on the target host (must be .crt on Ubuntu) # src: /etc/ssl/certs/snake-oil-cert-latest.pem #the source file on the deploy host diff --git a/meta/main.yml b/meta/main.yml index 8570a602..5bc0a0a4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -18,19 +18,21 @@ galaxy_info: description: Base host setup for a OpenStack Private Cloud host company: Rackspace license: Apache2 - min_ansible_version: 2.9 + role_name: openstack_hosts + namespace: openstack + min_ansible_version: "2.10" platforms: - name: Debian versions: - - buster + - bullseye - name: Ubuntu versions: - - bionic - focal + - jammy - name: EL versions: - - 8 - categories: + - "9" + galaxy_tags: - cloud - host - development diff --git a/tasks/configure_metal_hosts.yml b/tasks/configure_metal_hosts.yml index fcbb68d4..adf95af8 100644 --- a/tasks/configure_metal_hosts.yml +++ b/tasks/configure_metal_hosts.yml @@ -42,7 +42,7 @@ retries: 5 delay: 2 -- name: check how kernel modules are implemented (statically builtin, dynamic, not set) +- name: Check how kernel modules are implemented (statically builtin, dynamic, not set) slurp: src: "/boot/config-{{ ansible_facts['kernel'] }}" register: modules @@ -52,7 +52,7 @@ - name: Fail fast if we can't load a module fail: msg: "{{ item.pattern }} is not set" - with_items: "{{ openstack_host_specific_kernel_modules }}" + with_items: "{{ openstack_host_specific_kernel_modules }}" when: - item.pattern is defined - (modules.content | b64decode).find(item.pattern + ' is not set') != -1 @@ -69,13 +69,14 @@ template: src: modprobe.conf.j2 dest: "{{ openstack_host_module_file }}" + mode: "0644" - name: Adding new system tuning sysctl: name: "{{ item.key }}" value: "{{ item.value }}" - sysctl_set: "{{ item.set|default('yes') }}" - state: "{{ item.state|default('present') }}" + sysctl_set: "{{ item.set | default('yes') }}" + state: "{{ item.state | default('present') }}" reload: no with_items: "{{ openstack_kernel_options + openstack_user_kernel_options }}" failed_when: false @@ -89,6 +90,9 @@ file: path: /var/log/journal state: directory + owner: root + group: systemd-journal + mode: "2755" register: journald_directory when: - openstack_host_keep_journals | bool diff --git a/tasks/main.yml b/tasks/main.yml index f4923fd3..ea61a7df 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -32,11 +32,13 @@ file: path: /etc/ansible/facts.d/ state: directory + mode: "0755" tags: - openstack_hosts-install # Deploy the release file everywhere -- import_tasks: openstack_release.yml +- name: Importing openstack_release tasks + import_tasks: openstack_release.yml tags: - openstack_hosts-install @@ -93,7 +95,7 @@ - name: Remove the blacklisted packages package: - name: "{{ openstack_hosts_package_list | selectattr('state','equalto','absent') | map(attribute='name') | list }}" + name: "{{ openstack_hosts_package_list | selectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" state: absent # This allows to include this role to get all the distro @@ -104,7 +106,8 @@ include_tasks: "openstack_hosts_configure_{{ ansible_facts['pkg_mgr'] | lower }}.yml" # Configure bare metal nodes: Kernel, sysctl, sysstat, hosts files, metal packages -- include_tasks: configure_metal_hosts.yml +- name: Including configure_metal_hosts tasks + include_tasks: configure_metal_hosts.yml args: apply: tags: @@ -145,11 +148,13 @@ retries: 5 delay: 2 -- import_tasks: openstack_authorized_keys.yml +- name: Importing openstack_authorized_keys tasks + import_tasks: openstack_authorized_keys.yml tags: - openstack_hosts-config -- include_role: +- name: Including PKI role + include_role: name: pki tasks_from: main_ca_install.yml vars: @@ -158,19 +163,25 @@ tags: - always -- include_tasks: openstack_gitconfig.yml +- name: Including openstack_gitconfig tasks + include_tasks: openstack_gitconfig.yml args: apply: tags: - openstack_hosts-config when: ansible_facts['hostname'] != 'aio1' -- include_tasks: openstack_hosts_systemd.yml +- name: Including openstack_hosts_systemd tasks + include_tasks: openstack_hosts_systemd.yml args: apply: tags: - openstack_hosts-config - openstack_hosts-systemd - when: openstack_hosts_systemd_networkd_devices or openstack_hosts_systemd_networkd_networks or openstack_hosts_systemd_services or openstack_hosts_systemd_mounts + when: + - openstack_hosts_systemd_networkd_devices or + openstack_hosts_systemd_networkd_networks or + openstack_hosts_systemd_services or + openstack_hosts_systemd_mounts tags: - always diff --git a/tasks/openstack_gitconfig.yml b/tasks/openstack_gitconfig.yml index ca4c646f..70314e7a 100644 --- a/tasks/openstack_gitconfig.yml +++ b/tasks/openstack_gitconfig.yml @@ -33,4 +33,5 @@ template: src: gitconfig.j2 dest: /etc/gitconfig + mode: "0644" when: _git_version.rc != 0 diff --git a/tasks/openstack_hosts_configure_apt.yml b/tasks/openstack_hosts_configure_apt.yml index f36d63d0..d3fdd800 100644 --- a/tasks/openstack_hosts_configure_apt.yml +++ b/tasks/openstack_hosts_configure_apt.yml @@ -41,7 +41,7 @@ - name: Add requirement packages (repositories gpg keys, toolkits...) apt: - name: "{{ openstack_hosts_package_list | rejectattr('state','equalto','absent') | map(attribute='name') | list }}" + name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" state: "{{ openstack_hosts_package_state }}" update_cache: yes cache_valid_time: "{{ cache_timeout }}" @@ -77,6 +77,7 @@ copy: content: "{{ openstack_hosts_package_manager_default_conf + openstack_hosts_package_manager_extra_conf }}" dest: /etc/apt/apt.conf.d/99openstack-ansible + mode: "0644" when: - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0 diff --git a/tasks/openstack_hosts_configure_dnf.yml b/tasks/openstack_hosts_configure_dnf.yml index 4eb4f210..e4d2ea43 100644 --- a/tasks/openstack_hosts_configure_dnf.yml +++ b/tasks/openstack_hosts_configure_dnf.yml @@ -25,6 +25,7 @@ option: enabled value: "{{ (openstack_hosts_enable_yum_fastestmirror | bool) | ternary('1', '0') }}" no_extra_spaces: yes + mode: "0644" when: - fastestmirror_plugin_check.stat.exists @@ -44,7 +45,7 @@ src: "{{ item.keyfile }}" dest: "{{ item.key }}" mode: '0644' - with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile','defined') | list }}" + with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}" - name: Ensure GPG keys have the correct SELinux contexts applied command: restorecon -Rv /etc/pki/rpm-gpg/ @@ -67,7 +68,7 @@ - name: Add requirement packages (repositories gpg keys packages, toolkits...) package: - name: "{{ openstack_hosts_package_list | rejectattr('state','equalto','absent') | map(attribute='name') | list }}" + name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" state: "{{ openstack_hosts_package_state }}" - name: Add yum repositories if they do not exist @@ -84,7 +85,7 @@ priority: "{{ repo.priority | default(99) }}" state: "{{ repo.state | default(omit) }}" module_hotfixes: "{{ repo.module_hotfixes | default(omit) }}" - with_items: "{{ openstack_hosts_package_repos }}" + with_items: "{{ openstack_hosts_package_repos }}" loop_control: loop_var: repo register: _adding_repo @@ -98,6 +99,7 @@ path: /etc/dnf/dnf.conf marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK" create: yes + mode: "0644" when: - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0 @@ -105,6 +107,7 @@ get_url: url: "{{ openstack_hosts_rdo_repo_url }}/delorean.repo" dest: /etc/yum.repos.d/rdo.repo + mode: "0640" register: _get_repo until: _get_repo is success retries: 5 @@ -139,9 +142,9 @@ file: path: "{{ item.path }}" state: directory - owner: "{{ item.owner|default(root) }}" - group: "{{ item.group|default(root) }}" - mode: "{{ item.mode|default('0755') }}" + owner: "{{ item.owner | default(root) }}" + group: "{{ item.group | default(root) }}" + mode: "{{ item.mode | default('0755') }}" with_items: - { path: "/etc/pki/tls/certs", owner: "root", group: "root" } - { path: "/etc/pki/tls/private", owner: "root", group: "root" } diff --git a/tasks/openstack_hosts_configure_yum.yml b/tasks/openstack_hosts_configure_yum.yml index ea414dc1..a0460af2 100644 --- a/tasks/openstack_hosts_configure_yum.yml +++ b/tasks/openstack_hosts_configure_yum.yml @@ -25,6 +25,7 @@ option: enabled value: "{{ (openstack_hosts_enable_yum_fastestmirror | bool) | ternary('1', '0') }}" no_extra_spaces: yes + mode: "0644" when: - fastestmirror_plugin_check.stat.exists @@ -44,7 +45,7 @@ src: "{{ item.keyfile }}" dest: "{{ item.key }}" mode: '0644' - with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile','defined') | list }}" + with_items: "{{ openstack_hosts_package_repos_keys | selectattr('keyfile', 'defined') | list }}" - name: Ensure GPG keys have the correct SELinux contexts applied command: restorecon -Rv /etc/pki/rpm-gpg/ @@ -67,7 +68,7 @@ - name: Add requirement packages (repositories gpg keys packages, toolkits...) package: - name: "{{ openstack_hosts_package_list | rejectattr('state','equalto','absent') | map(attribute='name') | list }}" + name: "{{ openstack_hosts_package_list | rejectattr('state', 'equalto', 'absent') | map(attribute='name') | list }}" state: "{{ openstack_hosts_package_state }}" - name: Add yum repositories if they do not exist @@ -82,7 +83,7 @@ enabled: "{{ repo.enabled | default('yes') }}" exclude: "{{ repo.exclude | default(omit) }}" priority: "{{ repo.priority | default(99) }}" - with_items: "{{ openstack_hosts_package_repos }}" + with_items: "{{ openstack_hosts_package_repos }}" loop_control: loop_var: repo register: _adding_repo @@ -96,5 +97,6 @@ path: /etc/yum.conf marker: "# {mark} OPENSTACK-ANSIBLE-OPENSTACK_HOSTS MANAGED BLOCK" create: yes + mode: "0644" when: - openstack_hosts_package_manager_extra_conf | length > 0 or openstack_hosts_package_manager_default_conf | length > 0 diff --git a/tasks/openstack_release.yml b/tasks/openstack_release.yml index a8d5c92b..17ab8b8f 100644 --- a/tasks/openstack_release.yml +++ b/tasks/openstack_release.yml @@ -19,6 +19,7 @@ dest: "{{ openstack_distrib_file_path }}" owner: "root" group: "root" + mode: "0644" when: - openstack_distrib_file | bool diff --git a/vars/debian.yml b/vars/debian.yml index aa3104ce..02e09a19 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -83,10 +83,14 @@ _package_list: _osbpo_release: "zed" _package_repos: - - repo: "deb {{ apt_repo_url | default('http://osbpo.debian.net/osbpo/ ' ~ ansible_facts['distribution_release'] ~ '-' ~ _osbpo_release ~ '-backports main') }}" + - repo: >- + deb {{ apt_repo_url | default('http://osbpo.debian.net/osbpo/ ' ~ ansible_facts['distribution_release'] ~ '-' ~ _osbpo_release ~ '-backports main') }} state: present filename: "osbpo" - - repo: "deb {{ apt_repo_url | default('http://osbpo.debian.net/osbpo/ ' ~ ansible_facts['distribution_release'] ~ '-' ~ _osbpo_release ~ '-backports-nochange main') }}" + - repo: >- + deb {{ apt_repo_url | default( + 'http://osbpo.debian.net/osbpo/ ' ~ ansible_facts['distribution_release'] ~ '-' ~ _osbpo_release ~ '-backports-nochange main' + ) }} state: present filename: "osbpo" diff --git a/vars/redhat-9.yml b/vars/redhat-9.yml index bf7e13e1..e6f9d6fd 100644 --- a/vars/redhat-9.yml +++ b/vars/redhat-9.yml @@ -89,8 +89,10 @@ _package_list: - name: ca-certificates state: latest -_openstack_hosts_rdo_repo_url: "{{ openstack_hosts_rdo_mirror_url }}/centos{{ ansible_facts['distribution_major_version'] }}-{{ openstack_distrib_code_name | lower }}/current/" -_openstack_hosts_rdo_deps_url: "{{ openstack_hosts_rdo_mirror_url }}/centos{{ ansible_facts['distribution_major_version'] }}-{{ openstack_distrib_code_name | lower }}/deps/latest/" +_openstack_hosts_rdo_repo_url: >- + {{ openstack_hosts_rdo_mirror_url }}/centos{{ ansible_facts['distribution_major_version'] }}-{{ openstack_distrib_code_name | lower }}/current/ +_openstack_hosts_rdo_deps_url: >- + {{ openstack_hosts_rdo_mirror_url }}/centos{{ ansible_facts['distribution_major_version'] }}-{{ openstack_distrib_code_name | lower }}/deps/latest/ _package_repos_trunk: - name: rdo-deps diff --git a/vars/ubuntu-22.04.yml b/vars/ubuntu-22.04.yml index 6bc8da5e..df0a40b7 100644 --- a/vars/ubuntu-22.04.yml +++ b/vars/ubuntu-22.04.yml @@ -87,7 +87,9 @@ _package_list: state: latest _package_repos: - - repo: "deb {{ apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }} {{ ansible_facts['lsb']['codename'] }}-updates/{{ openstack_distrib_code_name | lower }} main" + - repo: >- + deb {{ apt_repo_url | default('http://ubuntu-cloud.archive.canonical.com/ubuntu') }} + {{ ansible_facts['lsb']['codename'] }}-updates/{{ openstack_distrib_code_name | lower }} main state: present filename: "uca"