Fix linters and metadata

With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: Id8215882ee528d4c3055479e770c7432616649ba

defaults/main.yml

@@ -20,7 +20,11 @@ debug: False
 # for the service setup. The host must already have
 # clouds.yaml properly configured.
 octavia_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
-octavia_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+octavia_service_setup_host_python_interpreter: >-
+  {{
+    openstack_service_setup_host_python_interpreter | default(
+      (octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
+  }}
 
 # Set installation method.
 octavia_install_method: "{{ service_install_method | default('source') }}"
@@ -42,7 +46,8 @@ octavia_package_state: "{{ package_state | default('latest') }}"
 
 octavia_git_repo: https://opendev.org/openstack/octavia
 octavia_git_install_branch: master
-octavia_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
+octavia_upper_constraints_url: >-
+  {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
 octavia_git_constraints:
   - "--constraint {{ octavia_upper_constraints_url }}"
 
@@ -67,7 +72,11 @@ octavia_cinder_volume_type: "volumes-hdd"
 
 ## Database info
 octavia_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
-octavia_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((octavia_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+octavia_db_setup_python_interpreter: >-
+  {{
+    openstack_db_setup_python_interpreter | default(
+      (octavia_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
+  }}
 octavia_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 octavia_galera_user: octavia
 octavia_galera_database: octavia
@@ -75,7 +84,7 @@ octavia_galera_persistence_database: octavia_persistence
 octavia_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 octavia_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
 octavia_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
-octavia_db_max_pool_size: "{{ openstack_db_max_pool_size |  default('5') }}"
+octavia_db_max_pool_size: "{{ openstack_db_max_pool_size | default('5') }}"
 octavia_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
 octavia_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"
 octavia_galera_port: "{{ galera_port | default('3306') }}"
@@ -106,7 +115,8 @@ octavia_oslomsg_rpc_ssl_ca_file: "{{ oslomsg_rpc_ssl_ca_file | default('') }}"
 
 # Notify
 octavia_oslomsg_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
-octavia_oslomsg_notify_setup_host: "{{ (octavia_oslomsg_notify_host_group in groups) | ternary(groups[octavia_oslomsg_notify_host_group][0], 'localhost') }}"
+octavia_oslomsg_notify_setup_host: >-
+  {{ (octavia_oslomsg_notify_host_group in groups) | ternary(groups[octavia_oslomsg_notify_host_group][0], 'localhost') }}
 octavia_oslomsg_notify_transport: "{{ oslomsg_notify_transport | default('rabbit') }}"
 octavia_oslomsg_notify_servers: "{{ oslomsg_notify_servers | default('127.0.0.1') }}"
 octavia_oslomsg_notify_port: "{{ oslomsg_notify_port | default('5672') }}"
@@ -279,17 +289,21 @@ octavia_security_group_rule_cidr: "{{ octavia_management_net_subnet_cidr }}"
 octavia_ssh_enabled: False
 octavia_ssh_key_name: octavia_key
 octavia_keypair_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
-octavia_keypair_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((octavia_keypair_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+octavia_keypair_setup_host_python_interpreter: >-
+  {{
+    openstack_service_setup_host_python_interpreter | default((octavia_keypair_setup_host == 'localhost') | ternary(
+      ansible_playbook_python, ansible_facts['python']['executable']))
+  }}
 # port the agent listens on
 octavia_agent_port: "9443"
 octavia_health_manager_port: 5555
 
-#Octavia Nova flavor
+# Octavia Nova flavor
 octavia_amp_flavor_name: "m1.amphora"
 octavia_amp_ram: 1024
 octavia_amp_vcpu: 1
 octavia_amp_disk: 20
-#octavia_amp_extra_specs:
+# octavia_amp_extra_specs:
 
 # only increase when it's a really busy system since this is by deployed host,
 # e.g. 3 hosts, 5 workers (this param) per host, results in 15 worker total
@@ -337,7 +351,7 @@ octavia_amp_availability_zone: nova
 #    dest: "/etc/octavia/templates/macros.cfg.j2"
 octavia_user_haproxy_templates: {}
 # Path of custom haproxy template file
-#octavia_haproxy_amphora_template: /etc/octavia/templates/haproxy.cfg.j2
+# octavia_haproxy_amphora_template: /etc/octavia/templates/haproxy.cfg.j2
 
 # Name of the Octavia management network in Neutron
 octavia_neutron_management_network_name: lbaas-mgmt
@@ -346,7 +360,7 @@ octavia_provider_network_name: lbaas
 # Network type
 octavia_provider_network_type: flat
 # Network segmentation ID if vlan, gre...
-#octavia_provider_segmentation_id:
+# octavia_provider_segmentation_id:
 # Network CIDR
 octavia_management_net_subnet_cidr: 172.29.232.0/22
 # Example allocation range:
@@ -359,13 +373,18 @@ octavia_service_net_setup: True
 # This should match net_name from provider_networks structure in openstack_user_config
 octavia_provider_inventory_net_name: "{{ octavia_provider_network_name }}"
 # This gets container managment network structure based on octavia_provider_inventory_net_name
-octavia_provider_network: "{{ provider_networks|map(attribute='network')|selectattr('net_name','defined')|selectattr('net_name', 'equalto', octavia_provider_inventory_net_name)|list|first }}"
+octavia_provider_network: >-
+  {{ provider_networks | map(attribute='network') | selectattr('net_name', 'defined') | selectattr(
+    'net_name', 'equalto', octavia_provider_inventory_net_name) | list | first
+  }}
 # The name of the network address pool
 octavia_container_network_name: "{{ octavia_provider_network['ip_from_q'] }}_address"
 octavia_hm_group: "octavia-health-manager"
 # Note: We use some heuristics here but if you do anything special make sure to use the
 # ip addresses on the right network. This will use the container networking to figure out the ip
-octavia_hm_hosts: "{% for host in groups[octavia_hm_group] %}{{ hostvars[host]['container_networks'][octavia_container_network_name]['address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
+octavia_hm_hosts: >-
+  {% for host in groups[octavia_hm_group] %}{{ hostvars[host]['container_networks'][octavia_container_network_name]['address'] }}{%
+    if not loop.last %},{% endif %}{% endfor %}
 # Set this to the right container port aka the eth you connect to the octavia
 # management network
 octavia_container_interface: "{{ octavia_provider_network.container_interface }}"
@@ -382,7 +401,7 @@ octavia_iptables_rules:
   - # Allow existing connections:
     chain: INPUT
     in_interface: "{{ octavia_container_interface }}"
-    ctstate:  RELATED,ESTABLISHED
+    ctstate: RELATED,ESTABLISHED
     jump: ACCEPT
   - # Allow heartbeat:
     chain: INPUT
@@ -406,7 +425,7 @@ octavia_iptables_rules:
   - # Allow existing connections
     chain: INPUT
     in_interface: "{{ octavia_container_interface }}"
-    ctstate:  RELATED,ESTABLISHED
+    ctstate: RELATED,ESTABLISHED
     jump: ACCEPT
     ip_version: ipv6
   - # Allow heartbeat
@@ -429,7 +448,8 @@ octavia_iptables_rules:
 
 # uWSGI Settings
 octavia_wsgi_processes_max: 16
-octavia_wsgi_processes: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, octavia_wsgi_processes_max] | min }}"
+octavia_wsgi_processes: >-
+  {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, octavia_wsgi_processes_max] | min }}
 octavia_wsgi_threads: 1
 octavia_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
 octavia_uwsgi_tls:
@@ -578,27 +598,27 @@ octavia_cert_install_certificates:
     condition: "{{ octavia_generate_certs | bool }}"
 
 # Custom client CA
-#octavia_client_ca: "{{ octavia_cert_dir }}/ca_01.pem"
+# octavia_client_ca: "{{ octavia_cert_dir }}/ca_01.pem"
 ## Custom client certs
-#octavia_client_cert: "{{ octavia_cert_dir }}/client.pem"
-#octavia_client_key: "{{ octavia_cert_dir }}/client.key.pem"
+# octavia_client_cert: "{{ octavia_cert_dir }}/client.pem"
+# octavia_client_key: "{{ octavia_cert_dir }}/client.key.pem"
 ## server
-#octavia_server_ca: "{{ octavia_ca_certificate }}"
+# octavia_server_ca: "{{ octavia_ca_certificate }}"
 ## ca certs
-#octavia_ca_private_key: "{{ octavia_cert_dir }}/private/cakey.pem"
+# octavia_ca_private_key: "{{ octavia_cert_dir }}/private/cakey.pem"
 octavia_ca_private_key_passphrase: "{{ octavia_cert_client_password }}"
-#octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem"
+# octavia_ca_certificate: "{{ octavia_cert_dir }}/ca_server_01.pem"
 
 
 # Quotas for the Octavia user - assuming active/passive topology
 octavia_num_instances: 10000 # 5000 LB in active/passive
-octavia_ram: "{{ (octavia_num_instances|int)*1024 }}"
-octavia_num_server_groups: "{{ ((octavia_num_instances|int)*0.5)|int|abs }}"
+octavia_ram: "{{ (octavia_num_instances | int) * 1024 }}"
+octavia_num_server_groups: "{{ ((octavia_num_instances | int) * 0.5) | int | abs }}"
 octavia_num_server_group_members: 50
 octavia_num_cores: "{{ octavia_num_instances }}"
-octavia_num_secgroups: "{{ (octavia_num_instances|int)*1.5|int|abs }}" # average 3 listener per lb
-octavia_num_ports: "{{ (octavia_num_instances|int)*10 }}" # at least instances * 10
-octavia_num_security_group_rules: "{{ (octavia_num_secgroups|int)*100 }}"
+octavia_num_secgroups: "{{ (octavia_num_instances | int) * 1.5 | int | abs }}" # average 3 listener per lb
+octavia_num_ports: "{{ (octavia_num_instances | int) * 10 }}" # at least instances * 10
+octavia_num_security_group_rules: "{{ (octavia_num_secgroups | int) * 100 }}"
 
 ## Tunable overrides
 octavia_octavia_conf_overrides: {}
@@ -623,5 +643,5 @@ octavia_api_ssl_cert: /etc/octavia/certs/octavia-api.pem
 octavia_api_ssl_key: /etc/octavia/certs/octavia-api.key
 
 # Define user-provided SSL certificates
-#octavia_api_user_ssl_cert: <path to cert on ansible deployment host>
-#octavia_api_user_ssl_key: <path to cert on ansible deployment host>
+# octavia_api_user_ssl_cert: <path to cert on ansible deployment host>
+# octavia_api_user_ssl_key: <path to cert on ansible deployment host>

meta/main.yml

@@ -18,16 +18,21 @@ galaxy_info:
   description: Installation and setup of octavia
   company: Rackspace
   license: Apache2
-  min_ansible_version: 2.2
+  role_name: os_octavia
+  namespace: openstack
+  min_ansible_version: "2.10"
   platforms:
     - name: Debian
       versions:
-        - buster
+        - bullseye
     - name: Ubuntu
       versions:
-        - bionic
         - focal
-  categories:
+        - jammy
+    - name: EL
+      versions:
+        - "9"
+  galaxy_tags:
     - cloud
     - development
     - octavia

tasks/main.yml

@@ -51,7 +51,8 @@
   tags:
     - always
 
-- include_role:
+- name: Including osa.db_setup role
+  include_role:
     name: openstack.osa.db_setup
     apply:
       tags:
@@ -77,7 +78,8 @@
   tags:
     - always
 
-- include_role:
+- name: Including osa.mq_setup role
+  include_role:
     name: openstack.osa.mq_setup
     apply:
       tags:
@@ -104,7 +106,8 @@
   tags:
     - always
 
-- import_tasks: octavia_pre_install.yml
+- name: Importing octavia_pre_install tasks
+  import_tasks: octavia_pre_install.yml
   tags:
     - octavia-install
 
@@ -135,6 +138,9 @@
     src: /etc/octavia/certs/
     dest: /etc/octavia/certs/client.pem
     regexp: '(client\.pem\.crt|client\.pem\.key)$'
+    owner: "{{ octavia_system_user_name }}"
+    group: "{{ octavia_system_group_name }}"
+    mode: "0640"
   notify:
     - Restart octavia services
     - Restart uwsgi services
@@ -145,7 +151,8 @@
     - octavia-install
 
 
-- import_tasks: octavia_install.yml
+- name: Importing octavia_install tasks
+  import_tasks: octavia_install.yml
   tags:
     - octavia-install
 
@@ -169,16 +176,17 @@
     systemd_tempd_prefix: openstack
     systemd_slice_name: "{{ octavia_system_slice_name }}"
     systemd_lock_dir: "{{ octavia_lock_dir }}"
-    systemd_CPUAccounting: true
-    systemd_BlockIOAccounting: true
-    systemd_MemoryAccounting: true
-    systemd_TasksAccounting: true
+    systemd_service_cpu_accounting: true
+    systemd_service_block_io_accounting: true
+    systemd_service_memory_accounting: true
+    systemd_service_tasks_accounting: true
     systemd_services: "{{ filtered_octavia_services }}"
   tags:
     - octavia-config
     - systemd-service
 
-- include_role:
+- name: Including osa.service_setup role
+  include_role:
     name: openstack.osa.service_setup
     apply:
       tags:
@@ -218,7 +226,8 @@
   tags:
     - always
 
-- include_tasks: octavia_mgmt_network.yml
+- name: Including octavia_mgmt_network tasks
+  include_tasks: octavia_mgmt_network.yml
   args:
     apply:
       tags:
@@ -231,13 +240,15 @@
   tags:
     - always
 
-- import_tasks: octavia_security_group.yml
+- name: Importing octavia_security_group tasks
+  import_tasks: octavia_security_group.yml
   when:
     - _octavia_is_first_play_host
   tags:
     - octavia-install
 
-- include_tasks: octavia_keypair.yml
+- name: Including octavia_keypair tasks
+  include_tasks: octavia_keypair.yml
   args:
     apply:
       tags:
@@ -247,7 +258,8 @@
   tags:
     - always
 
-- include_tasks: octavia_flavor_create.yml
+- name: Importing octavia_flavor_create tasks
+  include_tasks: octavia_flavor_create.yml
   args:
     apply:
       tags:
@@ -259,24 +271,28 @@
   tags:
     - always
 
-- import_tasks: octavia_post_install.yml
+- name: Importing octavia_post_install tasks
+  import_tasks: octavia_post_install.yml
   tags:
     - octavia-install
     - octavia-config
 
-- import_tasks: octavia_db_sync.yml
+- name: Importing octavia_db_sync tasks
+  import_tasks: octavia_db_sync.yml
   when:
     - _octavia_is_first_play_host
   tags:
     - octavia-install
 
-- import_tasks: octavia_policy.yml
+- name: Importing octavia_policy tasks
+  import_tasks: octavia_policy.yml
   tags:
     - octavia-install
     - octavia-config
     - octavia-policy-override
 
-- include_tasks: octavia_amp_image.yml
+- name: Including octavia_amp_image tasks
+  include_tasks: octavia_amp_image.yml
   args:
     apply:
       tags:

tasks/octavia_amp_image.yml

@@ -34,6 +34,7 @@
       get_url:
         url: "{{ octavia_artefact_url }}"
         dest: "{{ octavia_amp_image_path }}"
+        mode: "0644"
       retries: 10
       delay: 10
       register: octavia_download_result
@@ -74,6 +75,7 @@
             --private
             --project {{ octavia_service_project_name }}
             amphora-x64-haproxy
+          changed_when: false
 
         - name: Delete old image from glance
           openstack.cloud.image:

tasks/octavia_install.yml

@@ -6,6 +6,7 @@
     section: "octavia"
     option: "install_method"
     value: "{{ octavia_install_method }}"
+    mode: "0644"
 
 - name: Refresh local facts to ensure the octavia section is present
   setup:
@@ -33,8 +34,11 @@
     venv_install_destination_path: "{{ octavia_bin | dirname }}"
     venv_install_distro_package_list: "{{ octavia_distro_packages }}"
     venv_pip_install_args: "{{ octavia_pip_install_args }}"
-    venv_pip_packages: "{{ octavia_pip_packages | union(octavia_user_pip_packages) +
-    (octavia_oslomsg_amqp1_enabled | bool) | ternary(octavia_optional_oslomsg_amqp1_pip_packages, []) }}"
+    venv_pip_packages: >-
+      {{
+        octavia_pip_packages | union(octavia_user_pip_packages) +
+          (octavia_oslomsg_amqp1_enabled | bool) | ternary(octavia_optional_oslomsg_amqp1_pip_packages, [])
+      }}
     venv_facts_when_changed:
       - section: "octavia"
         option: "venv_tag"

tasks/octavia_keypair.yml

@@ -35,6 +35,7 @@
   copy:
     content: "{{ _octavia_keypair['keypair']['private_key'] }}"
     dest: "{{ lookup('env', 'HOME') }}/.ssh/{{ octavia_ssh_key_name }}"
+    mode: "0600"
   delegate_to: localhost
   when:
     - _octavia_keypair is changed

tasks/octavia_post_install.yml

@@ -15,7 +15,7 @@
 
 # iptables module doesn't see empty string as a null value so this is the only
 # way to get a configurable rule definition in right now
-- name: iptables rules
+- name: IPtables rules
   iptables: "{{ item }}"
   with_items: "{{ octavia_iptables_rules }}"
   when: octavia_ip_tables_fw | bool
@@ -23,13 +23,15 @@
 # This is totally odd: If you run the commands via run-parts (as the script
 # in the distro does) they return 1; but do their job. If you run them
 # directly they work. Ignoring errors for now --
-- name: save iptables rules (Debian/Ubuntu)
+- name: Save iptables rules (Debian/Ubuntu)
   command: netfilter-persistent save
+  changed_when: false
   failed_when: false
   when: ansible_facts['os_family'] == 'Debian'
 
-- name: save iptables rules (CentOS)
+- name: Save iptables rules (CentOS)
   shell: iptables-save > /etc/sysconfig/iptables
+  changed_when: false
   when:
     - ansible_facts['distribution'] == 'CentOS'
 

tasks/octavia_pre_install.yml

@@ -33,9 +33,9 @@
   file:
     path: "{{ item.path }}"
     state: directory
-    owner: "{{ item.owner|default(octavia_system_user_name) }}"
-    group: "{{ item.group|default(octavia_system_group_name) }}"
-    mode: "{{ item.mode|default('0755') }}"
+    owner: "{{ item.owner | default(octavia_system_user_name) }}"
+    group: "{{ item.group | default(octavia_system_group_name) }}"
+    mode: "{{ item.mode | default('0755') }}"
   with_items:
     - { path: "/openstack", owner: "root", group: "root" }
     - { path: "/openstack/venvs", owner: "root", group: "root" }

vars/main.yml

@@ -13,7 +13,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-_octavia_is_first_play_host: "{{ (octavia_services['octavia-api']['group'] in group_names and inventory_hostname == (groups[octavia_services['octavia-api']['group']] | intersect(ansible_play_hosts)) | first) | bool }}"
+_octavia_is_first_play_host: >-
+  {{
+    (octavia_services['octavia-api']['group'] in group_names and
+      inventory_hostname == (groups[octavia_services['octavia-api']['group']] | intersect(ansible_play_hosts)) | first) | bool
+  }}
 
 #
 # Compile a list of the services on a host based on whether
@@ -65,14 +69,14 @@ uwsgi_octavia_services: |-
   {{ services }}
 
 _octavia_legacy_policies:
-    "context_is_admin": "role:admin or role:load-balancer_admin"
-    "admin_or_owner": "is_admin:True or project_id:%(project_id)s"
-    "load-balancer:read": "rule:admin_or_owner"
-    "load-balancer:read-global": "is_admin:True"
-    "load-balancer:write": "rule:admin_or_owner"
-    "load-balancer:read-quota": "rule:admin_or_owner"
-    "load-balancer:read-quota-global": "is_admin:True"
-    "load-balancer:write-quota": "is_admin:True"
+  "context_is_admin": "role:admin or role:load-balancer_admin"
+  "admin_or_owner": "is_admin:True or project_id:%(project_id)s"
+  "load-balancer:read": "rule:admin_or_owner"
+  "load-balancer:read-global": "is_admin:True"
+  "load-balancer:write": "rule:admin_or_owner"
+  "load-balancer:read-quota": "rule:admin_or_owner"
+  "load-balancer:read-quota-global": "is_admin:True"
+  "load-balancer:write-quota": "is_admin:True"
 
 _octavia_jobboard_driver_map:
   zookeeper: zookeeper_taskflow_driver