diff --git a/.ansible-lint b/.ansible-lint index fd1cadf..3db4f7d 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -8,3 +8,9 @@ skip_list: - '204' # Lines should be no longer than 160 chars - '301' # Commands should not change things if nothing needs doing - '701' # No 'galaxy_info' found + - 'fqcn[action-core]' # We find the shorter names easier to read + - 'fqcn[action]' # We find the shorter names easier to read + - 'name[play]' # Name your plays but they dont all need names +mock_modules: + - zuul_console + - zuul_return diff --git a/bindep.txt b/bindep.txt index 116e2ba..13960e0 100644 --- a/bindep.txt +++ b/bindep.txt @@ -3,6 +3,8 @@ libffi-devel [test platform:rpm] libffi-dev [test platform:dpkg] +# For Building Pillow wheels +libjpeg-dev [test doc platform:dpkg] libssl-dev [platform:dpkg] openssl-devel [platform:rpm] python3-dev [compile test platform:dpkg platform:apk] diff --git a/playbooks/artifacts/promote-deployment.yaml b/playbooks/artifacts/promote-deployment.yaml index 5193c3e..e33f540 100644 --- a/playbooks/artifacts/promote-deployment.yaml +++ b/playbooks/artifacts/promote-deployment.yaml @@ -9,7 +9,7 @@ - name: Create artifact staging directory file: state: directory - mode: 0755 + mode: "0755" path: "{{ zuul.executor.work_root }}/artifacts" - name: Download artifacts include_role: @@ -35,12 +35,12 @@ file: path: "{{ src_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Ensure target directory exists file: path: "{{ target_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Unpack into publish dir # TODO(clarkb) what is the proper way to set mode here? unarchive: # noqa 208 diff --git a/playbooks/artifacts/promote.yaml b/playbooks/artifacts/promote.yaml index 667bfb1..af73e58 100644 --- a/playbooks/artifacts/promote.yaml +++ b/playbooks/artifacts/promote.yaml @@ -11,7 +11,7 @@ - name: Create artifact staging directory file: state: directory - mode: 0755 + mode: "0755" path: "{{ zuul.executor.work_root }}/artifacts" - name: Download artifacts include_role: @@ -43,7 +43,7 @@ file: path: "{{ target_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Upload to AFS command: "cp {{ item.path }} {{ target_dir }}/{{ item.path | basename | regex_replace(name_replacement, name_target) }}" when: "item.path is match(name_replacement)" diff --git a/playbooks/base-minimal/cleanup.yaml b/playbooks/base-minimal/cleanup.yaml index 02a3385..33bcb79 100644 --- a/playbooks/base-minimal/cleanup.yaml +++ b/playbooks/base-minimal/cleanup.yaml @@ -1,6 +1,6 @@ - hosts: all # NOTE(pabelanger): We ignore_errors for the following tasks as not to fail # successful jobs. - ignore_errors: yes + ignore_errors: true roles: - remove-build-sshkey diff --git a/playbooks/base-minimal/post.yaml b/playbooks/base-minimal/post.yaml index a4a7408..e03cd3f 100644 --- a/playbooks/base-minimal/post.yaml +++ b/playbooks/base-minimal/post.yaml @@ -1,4 +1,5 @@ -- hosts: all +- name: Finalize build + hosts: all roles: - fetch-output - merge-output-to-logs @@ -6,18 +7,18 @@ - name: Gather debug info on job fail when: not (zuul_success | bool) block: - - name: get df disk usage + - name: Get df disk usage raw: timeout -k 5 90 df failed_when: false - - name: get df inode usage + - name: Get df inode usage raw: timeout -k 5 90 df -i failed_when: false - - name: get l2 networking + - name: Get l2 networking raw: timeout -k 5 90 ip link failed_when: false - - name: get l3 networking + - name: Get l3 networking raw: timeout -k 5 90 ip addr failed_when: false diff --git a/playbooks/base-test/cleanup.yaml b/playbooks/base-test/cleanup.yaml index 02a3385..33bcb79 100644 --- a/playbooks/base-test/cleanup.yaml +++ b/playbooks/base-test/cleanup.yaml @@ -1,6 +1,6 @@ - hosts: all # NOTE(pabelanger): We ignore_errors for the following tasks as not to fail # successful jobs. - ignore_errors: yes + ignore_errors: true roles: - remove-build-sshkey diff --git a/playbooks/base-test/post-logs.yaml b/playbooks/base-test/post-logs.yaml index d530105..0399c75 100644 --- a/playbooks/base-test/post-logs.yaml +++ b/playbooks/base-test/post-logs.yaml @@ -1,4 +1,5 @@ -- hosts: localhost +- name: Upload build logs to swift + hosts: localhost tasks: - name: Include Zuul manifest role include_role: diff --git a/playbooks/base-test/post.yaml b/playbooks/base-test/post.yaml index a4a7408..e03cd3f 100644 --- a/playbooks/base-test/post.yaml +++ b/playbooks/base-test/post.yaml @@ -1,4 +1,5 @@ -- hosts: all +- name: Finalize build + hosts: all roles: - fetch-output - merge-output-to-logs @@ -6,18 +7,18 @@ - name: Gather debug info on job fail when: not (zuul_success | bool) block: - - name: get df disk usage + - name: Get df disk usage raw: timeout -k 5 90 df failed_when: false - - name: get df inode usage + - name: Get df inode usage raw: timeout -k 5 90 df -i failed_when: false - - name: get l2 networking + - name: Get l2 networking raw: timeout -k 5 90 ip link failed_when: false - - name: get l3 networking + - name: Get l3 networking raw: timeout -k 5 90 ip addr failed_when: false diff --git a/playbooks/base-test/pre.yaml b/playbooks/base-test/pre.yaml index d10e63c..47f5226 100644 --- a/playbooks/base-test/pre.yaml +++ b/playbooks/base-test/pre.yaml @@ -1,12 +1,12 @@ -- hosts: localhost - name: Create job header and inventory +- name: Create job header and inventory + hosts: localhost roles: - role: emit-job-header zuul_log_path_shard_build: true - log-inventory -- hosts: all - name: Setup Zuul environment +- name: Setup Zuul environment + hosts: all pre_tasks: # NOTE(pabelanger): Until we hit the validate-host role, we have a minimal # set of ansible variables collected by zuul-executor. This doesn't include @@ -21,8 +21,8 @@ - start-zuul-console - ensure-output-dirs -- hosts: all - name: Configure unbound +- name: Configure unbound + hosts: all roles: # NOTE(pabelanger): We run this role in its own play to ensure unbound is # restarted before proceeding with any other role. This is because we use @@ -30,15 +30,15 @@ # actions are triggered at the end of each block of tasks in a play. - configure-unbound -- hosts: all - name: Prepare workspace and configure mirrors +- name: Prepare workspace and configure mirrors + hosts: all roles: - validate-host - test-prepare-workspace-git - mirror-info - role: configure-mirrors - set_apt_mirrors_trusted: True - mirror_use_ssl: True + set_apt_mirrors_trusted: true + mirror_use_ssl: true configure_mirrors_components_9_stream: 'baseos': true 'baseos-debug': false diff --git a/playbooks/base/cleanup.yaml b/playbooks/base/cleanup.yaml index 02a3385..33bcb79 100644 --- a/playbooks/base/cleanup.yaml +++ b/playbooks/base/cleanup.yaml @@ -1,6 +1,6 @@ - hosts: all # NOTE(pabelanger): We ignore_errors for the following tasks as not to fail # successful jobs. - ignore_errors: yes + ignore_errors: true roles: - remove-build-sshkey diff --git a/playbooks/base/post.yaml b/playbooks/base/post.yaml index a4a7408..5c2729b 100644 --- a/playbooks/base/post.yaml +++ b/playbooks/base/post.yaml @@ -6,18 +6,18 @@ - name: Gather debug info on job fail when: not (zuul_success | bool) block: - - name: get df disk usage + - name: Get df disk usage raw: timeout -k 5 90 df failed_when: false - - name: get df inode usage + - name: Get df inode usage raw: timeout -k 5 90 df -i failed_when: false - - name: get l2 networking + - name: Get l2 networking raw: timeout -k 5 90 ip link failed_when: false - - name: get l3 networking + - name: Get l3 networking raw: timeout -k 5 90 ip addr failed_when: false diff --git a/playbooks/base/pre.yaml b/playbooks/base/pre.yaml index df7f34b..30f588f 100644 --- a/playbooks/base/pre.yaml +++ b/playbooks/base/pre.yaml @@ -1,12 +1,12 @@ -- hosts: localhost - name: Create job header and inventory +- name: Create job header and inventory + hosts: localhost roles: - role: emit-job-header zuul_log_path_shard_build: true - log-inventory -- hosts: all - name: Setup Zuul environment +- name: Setup Zuul environment + hosts: all pre_tasks: # NOTE(pabelanger): Until we hit the validate-host role, we have a minimal # set of ansible variables collected by zuul-executor. This doesn't include @@ -21,8 +21,8 @@ - start-zuul-console - ensure-output-dirs -- hosts: all - name: Configure unbound +- name: Configure unbound + hosts: all roles: # NOTE(pabelanger): We run this role in its own play to ensure unbound is # restarted before proceeding with any other role. This is because we use @@ -30,15 +30,15 @@ # actions are triggered at the end of each block of tasks in a play. - configure-unbound -- hosts: all - name: Prepare workspace and configure mirrors +- name: Prepare workspace and configure mirrors + hosts: all roles: - validate-host - prepare-workspace-git - mirror-info - role: configure-mirrors - set_apt_mirrors_trusted: True - mirror_use_ssl: True + set_apt_mirrors_trusted: true + mirror_use_ssl: true configure_mirrors_components_9_stream: 'baseos': true 'baseos-debug': false diff --git a/playbooks/buildset-registry/post.yaml b/playbooks/buildset-registry/post.yaml index 2a46ae6..d959064 100644 --- a/playbooks/buildset-registry/post.yaml +++ b/playbooks/buildset-registry/post.yaml @@ -13,7 +13,7 @@ file: path: "{{ ansible_user_dir }}/zuul-output/logs/docker" state: directory - mode: 0755 + mode: "0755" - name: Save registry container logs when: "'buildset_registry' in docker_ps.stdout" @@ -26,4 +26,4 @@ - name: Trigger failure if required fail: msg: 'Triggering failure for debugging' - when: buildset_registry_debug_fail|default(false)|bool + when: buildset_registry_debug_fail | default(false) | bool diff --git a/playbooks/docs/promote.yaml b/playbooks/docs/promote.yaml index 0279277..e06da5a 100644 --- a/playbooks/docs/promote.yaml +++ b/playbooks/docs/promote.yaml @@ -18,7 +18,7 @@ file: path: "{{ zuul.executor.work_root }}/docs" state: directory - mode: 0755 + mode: "0755" - name: Extract docs archive # TODO(clarkb) what is the proper way to set mode on this task? vars: @@ -70,7 +70,7 @@ file: path: "{{ target_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Set redirect target directory when: "target_dict.redirect is defined" set_fact: @@ -84,7 +84,7 @@ copy: dest: "{{ redirect_target_dir }}" content: "{{ redirect_content }}" - mode: 0644 + mode: "0644" - name: Upload to AFS include_role: name: upload-afs-roots diff --git a/playbooks/infra-prod/setup-keys.yaml b/playbooks/infra-prod/setup-keys.yaml index f6712ad..8184edd 100644 --- a/playbooks/infra-prod/setup-keys.yaml +++ b/playbooks/infra-prod/setup-keys.yaml @@ -21,5 +21,4 @@ - name: Add bridge.o.o hostkey to known hosts known_hosts: name: bridge01.opendev.org - key: "bridge01.opendev.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2zgQQ0lpnjtST1oINVPo9jTDI0W3IJA+ZSUTsOo6gGzz6M8PN+jyxQ3EQy8H/xPjm2C55yGfaLNzj557P5arI0TkdeNHt4hzRcmpsNUVE4fOtzMblThRSA1ipfhd/DqMUKz1Ofie3hojnhE1ecB86IcdbF9rfJxl0DOuoSQfClJw3kDx5nK+0Ps5lVnSBZ+NUKbnUFizWVjKz6qIe3tZpuHAvuD/S8tM/gJ+3fC7LcssGb+njo5ghhSUl8wasGBXZQuby33mtuX+UBON+h95odanZs3iGMZScPxgchGb4xB3OTyYn0dFG3mnwPuUnrEKluJ/eFXCkM+Q35DMCa+mynco0stt136e2qTrX1jhtcaDerufb7hs2/7zM/q4zbRYKalUhnh0CZshQ3Y1AuwI3ssmwczQpwgTJnceBmmh5xYPDVCGPpAamTPKhl4VSqlfm2Nc56+dcUm0Y6jiQjBhLIbWevq6RWse6K4R39ovPlTN3z037oJxQHsIETrXxHp0=" - + key: "bridge01.opendev.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2zgQQ0lpnjtST1oINVPo9jTDI0W3IJA+ZSUTsOo6gGzz6M8PN+jyxQ3EQy8H/xPjm2C55yGfaLNzj557P5arI0TkdeNHt4hzRcmpsNUVE4fOtzMblThRSA1ipfhd/DqMUKz1Ofie3hojnhE1ecB86IcdbF9rfJxl0DOuoSQfClJw3kDx5nK+0Ps5lVnSBZ+NUKbnUFizWVjKz6qIe3tZpuHAvuD/S8tM/gJ+3fC7LcssGb+njo5ghhSUl8wasGBXZQuby33mtuX+UBON+h95odanZs3iGMZScPxgchGb4xB3OTyYn0dFG3mnwPuUnrEKluJ/eFXCkM+Q35DMCa+mynco0stt136e2qTrX1jhtcaDerufb7hs2/7zM/q4zbRYKalUhnh0CZshQ3Y1AuwI3ssmwczQpwgTJnceBmmh5xYPDVCGPpAamTPKhl4VSqlfm2Nc56+dcUm0Y6jiQjBhLIbWevq6RWse6K4R39ovPlTN3z037oJxQHsIETrXxHp0=" # noqa: yaml[line-length] diff --git a/playbooks/infra-prod/setup-src.yaml b/playbooks/infra-prod/setup-src.yaml index d9537f4..528b0c2 100644 --- a/playbooks/infra-prod/setup-src.yaml +++ b/playbooks/infra-prod/setup-src.yaml @@ -32,16 +32,16 @@ # to master. - name: Should we run from master set_fact: - infra_prod_run_from_master: "{{ zuul.pipeline|default('') in ['periodic', 'opendev-prod-hourly'] }}" + infra_prod_run_from_master: "{{ zuul.pipeline | default('') in ['periodic', 'opendev-prod-hourly'] }}" - name: Reset checkouts to master for periodic jobs - when: infra_prod_run_from_master|bool + when: infra_prod_run_from_master | bool block: - name: Update system-config from master git: repo: 'https://opendev.org/opendev/system-config' dest: '/home/zuul/src/opendev.org/opendev/system-config' - force: yes + force: true version: 'master' - name: Update project-config from master @@ -49,5 +49,5 @@ git: repo: 'https://opendev.org/openstack/project-config' dest: '/home/zuul/src/opendev.org/openstack/project-config' - force: yes + force: true version: 'master' diff --git a/playbooks/nox-docs/publish.yaml b/playbooks/nox-docs/publish.yaml index 8546606..e480162 100644 --- a/playbooks/nox-docs/publish.yaml +++ b/playbooks/nox-docs/publish.yaml @@ -4,7 +4,8 @@ when: "zuul.tag is not defined" fail: msg: "This playbook must be run in a tag-based pipeline (e.g., 'release')." - - include_role: + - name: Write root marker + include_role: name: write-root-marker vars: root_marker_dir: "{{ zuul.executor.log_root }}/docs" @@ -25,7 +26,7 @@ file: path: "{{ target_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Upload to AFS include_role: name: upload-afs-roots diff --git a/playbooks/tox-docs/publish.yaml b/playbooks/tox-docs/publish.yaml index 8546606..e480162 100644 --- a/playbooks/tox-docs/publish.yaml +++ b/playbooks/tox-docs/publish.yaml @@ -4,7 +4,8 @@ when: "zuul.tag is not defined" fail: msg: "This playbook must be run in a tag-based pipeline (e.g., 'release')." - - include_role: + - name: Write root marker + include_role: name: write-root-marker vars: root_marker_dir: "{{ zuul.executor.log_root }}/docs" @@ -25,7 +26,7 @@ file: path: "{{ target_dir }}" state: directory - mode: 0755 + mode: "0755" - name: Upload to AFS include_role: name: upload-afs-roots diff --git a/playbooks/upload-git-mirror/run.yaml b/playbooks/upload-git-mirror/run.yaml index 599b15b..278872f 100644 --- a/playbooks/upload-git-mirror/run.yaml +++ b/playbooks/upload-git-mirror/run.yaml @@ -1,4 +1,5 @@ - hosts: localhost roles: - - name: upload-git-mirror - git_mirror_repository: "{{ git_mirror_credentials.target_repository.format(zuul=zuul) }}" + - role: upload-git-mirror + vars: + git_mirror_repository: "{{ git_mirror_credentials.target_repository.format(zuul=zuul) }}" diff --git a/roles/configure-unbound/handlers/main.yaml b/roles/configure-unbound/handlers/main.yaml index 7199e29..19732af 100644 --- a/roles/configure-unbound/handlers/main.yaml +++ b/roles/configure-unbound/handlers/main.yaml @@ -1,5 +1,5 @@ - name: Restart unbound - become: yes + become: true service: name: unbound state: restarted diff --git a/roles/configure-unbound/tasks/main.yaml b/roles/configure-unbound/tasks/main.yaml index 210895a..6a2c7ee 100644 --- a/roles/configure-unbound/tasks/main.yaml +++ b/roles/configure-unbound/tasks/main.yaml @@ -19,7 +19,7 @@ - hostvars[inventory_hostname]['ansible_default_ipv6'] is defined - hostvars[inventory_hostname]['ansible_default_ipv6']['address'] is defined set_fact: - unbound_use_ipv6: True + unbound_use_ipv6: true # Use *only* ipv6 resolvers if ipv6 is present and routable. This # avoids traversing potential NAT when using ipv4 which can be @@ -48,42 +48,42 @@ - "default.yaml" - name: Ensure Unbound conf.d directory exists - become: yes + become: true file: path: "{{ unbound_confd }}" state: directory owner: root group: root - mode: 0755 + mode: "0755" # TODO: Move this to /etc/unbound/conf.d ? - name: Configure unbound forwarding - become: yes + become: true template: dest: /etc/unbound/forwarding.conf owner: root group: root - mode: 0644 + mode: "0644" src: forwarding.conf.j2 register: forwarding_config notify: - Restart unbound - name: Configure unbound TTL - become: yes + become: true template: dest: "{{ unbound_confd }}/ttl.conf" owner: root group: root - mode: 0644 + mode: "0644" src: ttl.conf.j2 register: ttl_config notify: - Restart unbound - name: Start unbound - become: yes + become: true service: name: unbound state: started - enabled: yes + enabled: true diff --git a/roles/mirror-info/tasks/main.yaml b/roles/mirror-info/tasks/main.yaml index 241b148..326af33 100644 --- a/roles/mirror-info/tasks/main.yaml +++ b/roles/mirror-info/tasks/main.yaml @@ -1,17 +1,17 @@ - name: Create /etc/ci - become: yes + become: true file: path: /etc/ci state: directory owner: root group: root - mode: 0755 + mode: '0755' - name: Install ci_mirror script - become: yes + become: true template: dest: '/etc/ci/mirror_info.sh' owner: root group: root - mode: 0644 + mode: '0644' src: mirror_info.sh.j2 diff --git a/roles/virtualenv-config/tasks/main.yaml b/roles/virtualenv-config/tasks/main.yaml index 77c54d6..1c498f8 100644 --- a/roles/virtualenv-config/tasks/main.yaml +++ b/roles/virtualenv-config/tasks/main.yaml @@ -6,7 +6,7 @@ file: path: '{{ virtualenv_config_file | dirname }}' state: directory - mode: 0755 + mode: '0755' # NOTE(ianw) : 2020-03-27 workaround 46.1.1 broken setuptools # https://github.com/pypa/virtualenv/issues/1752 diff --git a/roles/write-root-marker/tasks/main.yaml b/roles/write-root-marker/tasks/main.yaml index 68fba66..33df8c4 100644 --- a/roles/write-root-marker/tasks/main.yaml +++ b/roles/write-root-marker/tasks/main.yaml @@ -3,10 +3,10 @@ copy: dest: "{{ root_marker_dir }}/.root-marker" content: "Project: {{ zuul.project.name }} Branch: {{ zuul.branch }} Build: {{ zuul.build }} Revision: {{ zuul.ref }}" - mode: 0644 + mode: "0644" - name: Write root marker if zuul.tag when: "zuul.tag is defined" copy: dest: "{{ root_marker_dir }}/.root-marker" content: "Project: {{ zuul.project.name }} Tag: {{ zuul.tag }} Build: {{ zuul.build }} Revision: {{ zuul.ref }}" - mode: 0644 + mode: "0644" diff --git a/test-requirements.txt b/test-requirements.txt index efa7ee3..5d7e6ca 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -2,8 +2,6 @@ # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. flake8 -zuul - # We need to pin the ansible version directly here; per the # deprecation policy it should trail the version used by Zuul by 4 # weeks to give people time to update before these roles start @@ -11,9 +9,8 @@ zuul # here to pull in ansible anyway; pip doesn't actually have a # dependency solver and the uncapped ansible requirement from # ansible-lint pull in the latest version. -ansible>=2.9,<2.10 # <-- keep it as old as possible -# We need to pin ansible-lint to before 4.0 which blows up all over the place -ansible-lint>=5.0.0,<6 +ansible>=8,<9 +ansible-lint<25.0.0 bashate>=0.2 zuul-sphinx>=0.1.1 stestr>=1.0.0 # Apache-2.0 diff --git a/tox.ini b/tox.ini index ce70a9b..258a13d 100644 --- a/tox.ini +++ b/tox.ini @@ -19,8 +19,6 @@ commands = [testenv:linters] setenv = - ANSIBLE_LIBRARY= {envsitepackagesdir}/zuul/ansible/base/library - ANSIBLE_ACTION_PLUGINS = {envsitepackagesdir}/zuul/ansible/base/action # NOTE(pabelanger): if you'd like to run tox -elinters locally, # you'll need to export ANSIBLE_ROLES_PATH pointing to the required # repos. @@ -40,10 +38,6 @@ commands = {toxinidir}/tools/check_jobs_documented.py # Ansible lint ansible-lint -v - # Ansible Syntax Check - bash -c "find playbooks -type f -regex '.*.ya?ml' -exec \ - ansible-playbook --syntax-check -i {toxinidir}/tests/inventory \ - \{\} + > /dev/null" [testenv:venv] commands = {posargs}