openstack/ansible-collection-kolla
Code Issues Proposed changes

Merge "Adapt code in preparation for ansible-lint bump"

Browse Source
This commit is contained in:
Zuul 2024-10-09 12:17:36 +00:00 committed by Gerrit Code Review
commit f3051816cb
19 changed files with 99 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/apparmor_libvirt/tasks/remove-profile.yml
View File

@ -15,7 +15,7 @@
ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable
args:
executable: /bin/bash
become: True
become: true
changed_when: true
when:
- apparmor_libvirtd_profile.stat.exists

6
roles/baremetal/defaults/main.yml
View File

@ -17,17 +17,17 @@ ceph_yum_gpgcheck: true
ceph_yum_package: "ceph-common"
epel_yum_package: "epel-release"
create_kolla_user: False
create_kolla_user: false
kolla_user: "kolla"
kolla_group: "kolla"
change_selinux: True
change_selinux: true
selinux_state: "permissive"
# If true, the host firewall service (firewalld or ufw) will be disabled.
disable_firewall: True
disable_firewall: true
git_http_proxy: ""
git_https_proxy: ""

8
roles/baremetal/tasks/configure-ceph-for-zun.yml
View File

@ -6,13 +6,13 @@
file:
path: /etc/apt/sources.list.d
state: directory
recurse: yes
recurse: true
- name: Ensure apt keyrings directory exists
file:
path: /etc/apt/keyrings
state: directory
recurse: yes
recurse: true
- name: Install ceph apt gpg key
get_url:
@ -48,7 +48,7 @@
update_cache: true
when: ansible_facts.os_family == 'Debian'
become: True
become: true
- block:
- name: Enable ceph yum repository
@ -78,4 +78,4 @@
enablerepo: epel
when: ansible_facts.os_family == 'RedHat'
become: True
become: true

6
roles/baremetal/tasks/install.yml
View File

@ -3,12 +3,12 @@
- block:
- name: Set firewall default policy
# noqa ignore-errors
become: True
become: true
ufw:
state: disabled
policy: allow
when: ansible_facts.os_family == 'Debian'
ignore_errors: yes
ignore_errors: true
- name: Check if firewalld is installed
# noqa command-instead-of-module
@ -19,7 +19,7 @@
when: ansible_facts.os_family == 'RedHat'
- name: Disable firewalld
become: True
become: true
service:
name: "{{ item }}"
enabled: false

4
roles/baremetal/tasks/post-install.yml
View File

@ -12,8 +12,8 @@
state: directory
owner: "{{ kolla_user if create_kolla_user | bool else omit }}"
group: "{{ kolla_group if create_kolla_user | bool else omit }}"
mode: 0755
become: True
mode: "0755"
become: true
- import_role:
name: openstack.kolla.apparmor_libvirt

10
roles/docker/handlers/main.yml
View File

@ -1,9 +1,9 @@
---
- name: Reload docker service file
become: True
become: true
systemd:
name: docker
daemon_reload: yes
daemon_reload: true
notify:
- Restart docker
@ -11,11 +11,11 @@
systemd:
name: docker
state: "{{ 'reloaded' if docker_systemd_reload | bool else 'restarted' }}"
masked: no
become: True
masked: false
become: true
- name: Restart containerd
service:
name: containerd
state: restarted
become: True
become: true

32
roles/docker/tasks/config.yml
View File

@ -3,11 +3,11 @@
file:
path: /etc/docker
state: directory
mode: 0755
become: True
mode: "0755"
become: true
- name: Write docker config
become: True
become: true
vars:
docker_config_insecure_registries:
insecure-registries:
@ -48,12 +48,12 @@
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
mode: "0644"
notify:
- Restart docker
- name: Remove old docker options file
become: True
become: true
file:
path: /etc/systemd/system/docker.service.d/kolla.conf
state: absent
@ -66,11 +66,11 @@
- Reload docker service file
- name: Ensure docker service directory exists
become: True
become: true
file:
path: /etc/systemd/system/docker.service.d
state: directory
recurse: yes
recurse: true
when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or
@ -78,11 +78,11 @@
docker_no_proxy | length > 0
- name: Configure docker service
become: True
become: true
template:
src: docker_systemd_service.j2
dest: /etc/systemd/system/docker.service.d/kolla.conf
mode: 0644
mode: "0644"
when: >
(docker_configure_for_zun | bool and 'zun-compute' in group_names) or
docker_http_proxy | length > 0 or
@ -96,9 +96,9 @@
path: "/etc/docker/certs.d/{{ docker_registry }}"
owner: root
group: root
mode: 0700
mode: "0700"
state: directory
become: True
become: true
when: docker_registry is not none and docker_registry_ca is not none
- name: Ensure the CA file for private registry exists
@ -107,8 +107,8 @@
dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
owner: root
group: root
mode: 0600
become: True
mode: "0600"
become: true
when: docker_registry is not none and docker_registry_ca is not none
notify:
- Restart docker
@ -120,6 +120,6 @@
systemd:
name: docker
state: started
enabled: yes
masked: no
become: True
enabled: true
masked: false
become: true

8
roles/docker/tasks/configure-containerd-for-zun.yml
View File

@ -6,7 +6,7 @@
mode: "0770"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
become: True
become: true
- name: Copying CNI config file
template:
@ -15,7 +15,7 @@
mode: "0660"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
become: True
become: true
notify:
- Restart containerd
@ -26,14 +26,14 @@
mode: "0770"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
become: True
become: true
- name: Copy zun-cni script
template:
src: "zun-cni.j2"
dest: "{{ cni_bin_dir }}/zun-cni"
mode: "0775"
become: True
become: true
- name: Copying over containerd config
template:

8
roles/docker/tasks/install.yml
View File

@ -35,7 +35,7 @@
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: true
state: present
become: True
become: true
register: docker_install_result
# If any packages were updated, and any containers were running, wait for the
@ -48,9 +48,9 @@
systemd:
name: docker
state: started
enabled: yes
masked: no
become: True
enabled: true
masked: false
become: true
- name: Wait for Docker to start
command: docker info

20
roles/docker/tasks/repo-Debian.yml
View File

@ -7,21 +7,21 @@
cache_valid_time: "{{ apt_cache_valid_time }}"
update_cache: true
state: present
become: True
become: true
- name: Ensure apt sources list directory exists
file:
path: /etc/apt/sources.list.d
state: directory
recurse: yes
become: True
recurse: true
become: true
- name: Ensure apt keyrings directory exists
file:
path: /etc/apt/keyrings
state: directory
recurse: yes
become: True
recurse: true
become: true
- name: Install docker apt gpg key
get_url:
@ -29,7 +29,7 @@
dest: "/etc/apt/keyrings/docker.asc"
mode: "0644"
force: true
become: True
become: true
- name: Install docker apt pin
copy:
@ -39,14 +39,14 @@
Pin: version {{ docker_apt_package_pin }}
Pin-Priority: 1000
mode: "0644"
become: True
become: true
when: docker_apt_package_pin | length > 0
- name: Ensure old docker repository absent
file:
path: /etc/apt/sources.list.d/docker.list
state: absent
become: True
become: true
# TODO(mmalchuk): replace with ansible.builtin.deb822_repository module
# when all stable releases moves to the ansible-core >= 2.15
@ -62,9 +62,9 @@
Components: stable
Signed-by: /etc/apt/keyrings/docker.asc
mode: "0644"
become: True
become: true
- name: Update the apt cache
apt:
update_cache: true
become: True
become: true

8
roles/docker/tasks/repo-RedHat.yml
View File

@ -3,8 +3,8 @@
file:
path: /etc/yum.repos.d/
state: directory
recurse: yes
become: True
recurse: true
become: true
- name: Enable docker yum repository
yum_repository:
@ -17,11 +17,11 @@
# modular package in CentOS 8 see:
# https://bugzilla.redhat.com/show_bug.cgi?id=1734081
module_hotfixes: true
become: True
become: true
- name: Install docker rpm gpg key
rpm_key:
state: present
key: "{{ docker_yum_gpgkey }}"
become: True
become: true
when: docker_yum_gpgcheck | bool

4
roles/docker_sdk/defaults/main.yml
View File

@ -26,9 +26,9 @@ virtualenv:
# Whether the virtualenv will inherit packages from the global site-packages
# directory. This is typically required for modules such as yum and apt which
# are not available on PyPI.
virtualenv_site_packages: True
virtualenv_site_packages: true
create_kolla_user: False
create_kolla_user: false
kolla_user: "kolla"
# Owner of the virtualenv.

15
roles/docker_sdk/tasks/main.yml
View File

@ -2,7 +2,8 @@
- name: Handling for Python3.10+ externally managed environments
block:
- name: Get Python
ansible.builtin.command: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
ansible.builtin.command:
cmd: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
changed_when: false
register: python_default_scheme_path
@ -24,28 +25,28 @@
file:
path: /etc/apt/sources.list.d
state: directory
recurse: yes
become: True
recurse: true
become: true
- name: Ensure apt keyrings directory exists
file:
path: /etc/apt/keyrings
state: directory
recurse: yes
become: True
recurse: true
become: true
- name: Install osbpo apt gpg key
template:
src: osbpo_pubkey.gpg.j2
dest: /etc/apt/keyrings/osbpo.asc
mode: "0644"
become: True
become: true
- name: Enable osbpo apt repository
apt_repository:
repo: "{{ docker_sdk_osbpo_apt_repo }}"
filename: osbpo
become: True
become: true
when:
- ansible_facts.distribution == 'Debian'
- docker_sdk_python_externally_managed | default(false)

12
roles/etc_hosts/tasks/etc-hosts.yml
View File

@ -5,9 +5,9 @@
regexp: "^127.0.0.1.*"
line: "127.0.0.1 localhost"
create: true
mode: 0644
mode: "0644"
state: present
become: True
become: true
# NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local
# hostname and fqdn point to 127.0.1.1. This can break
@ -20,7 +20,7 @@
dest: /etc/hosts
regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b"
state: absent
become: True
become: true
- name: Generate /etc/hosts for all of the nodes
blockinfile:
@ -28,13 +28,13 @@
marker: "# {mark} ANSIBLE GENERATED HOSTS"
block: |
{% for host in groups['baremetal'] %}
{% set api_interface = (hostvars[host]['api_interface'] | replace('-', '_')) %}
{% set api_interface = hostvars[host]['api_interface'] | replace('-', '_') %}
{% if host not in groups['bifrost'] or api_interface in hostvars[host].ansible_facts %}
{% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %}
{{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }}
{% endif %}
{% endfor %}
become: True
become: true
when:
# Skip hosts in the bifrost group that do not have a valid api_interface.
- inventory_hostname not in groups['bifrost'] or
@ -57,4 +57,4 @@
dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg
mode: "0660"
when: cloud_init.stat.exists
become: True
become: true

10
roles/kolla_user/tasks/main.yml
View File

@ -3,7 +3,7 @@
group:
name: "{{ item }}"
state: present
become: True
become: true
loop:
- docker
- sudo
@ -18,21 +18,21 @@
- docker
- sudo
append: true
become: True
become: true
- name: Add public key to kolla user authorized keys
authorized_key:
user: "{{ kolla_user }}"
key: "{{ kolla_ssh_key.public_key }}"
become: True
become: true
- name: Grant kolla user passwordless sudo
lineinfile:
dest: /etc/sudoers.d/kolla-ansible-users
state: present
create: yes
create: true
mode: '0640'
regexp: '^{{ kolla_user }}'
line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
become: True
become: true
when: create_kolla_user_sudoers | bool

24
roles/podman/tasks/config.yml
View File

@ -3,15 +3,15 @@
file:
path: /etc/containers/{{ item }}
state: directory
mode: 0755
become: True
mode: "0755"
become: true
with_items:
- "containers.conf.d"
- "registries.conf.d"
- "storage.conf.d"
- name: Write registries config
become: True
become: true
vars:
registry: |
[[registry]]
@ -20,11 +20,11 @@
copy:
content: "{{ registry }}"
dest: /etc/containers/registries.conf.d/registries.conf
mode: 0644
mode: "0644"
when: podman_registry is not none
- name: Write registry mirror config
become: True
become: true
vars:
registry_mirror: |
[[registry.mirror]]
@ -33,11 +33,11 @@
copy:
content: "{{ registry_mirror }}"
dest: /etc/containers/registries.conf.d/registry-mirror.conf
mode: 0644
mode: "0644"
when: podman_registry_mirror is not none
- name: Write storage config
become: True
become: true
vars:
config: |
{% if podman_storage_driver is not none %}
@ -49,7 +49,7 @@
copy:
content: "{{ config }}"
dest: /etc/containers/storage.conf.d/storage.conf
mode: 0644
mode: "0644"
when: podman_storage_driver is not none or podman_runtime_directory is not none
- name: Ensure the path for CA file for podman registry exists
@ -57,9 +57,9 @@
path: "/etc/containers/certs.d/{{ podman_registry }}"
owner: root
group: root
mode: 0700
mode: "0700"
state: directory
become: True
become: true
when:
- podman_registry is not none
- podman_registry_ca is not none
@ -70,8 +70,8 @@
dest: "/etc/containers/certs.d/{{ private_registry }}/ca.crt"
owner: root
group: root
mode: 0600
become: True
mode: "0600"
become: true
when:
- podman_registry is not none
- podman_registry_ca is not none

4
roles/podman/tasks/install.yml
View File

@ -15,7 +15,7 @@
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: true
state: present
become: True
become: true
register: podman_install_result
# If any packages were updated, and any containers were running, wait for the
@ -26,7 +26,7 @@
service:
name: podman.socket
state: started
enabled: yes
enabled: true
- block:
- name: Wait for Podman to start

4
roles/podman_sdk/defaults/main.yml
View File

@ -25,9 +25,9 @@ virtualenv:
# Whether the virtualenv will inherit packages from the global site-packages
# directory. This is typically required for modules such as yum and apt which
# are not available on PyPI.
virtualenv_site_packages: True
virtualenv_site_packages: true
create_kolla_user: False
create_kolla_user: false
kolla_user: "kolla"
# Owner of the virtualenv.

11
roles/podman_sdk/tasks/main.yml
View File

@ -2,7 +2,8 @@
- name: Handling for Python3.10+ externally managed environments
block:
- name: Get Python
ansible.builtin.command: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
ansible.builtin.command:
cmd: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'"
changed_when: false
register: python_default_scheme_path
@ -24,13 +25,13 @@
file:
path: /etc/apt/sources.list.d
state: directory
recurse: yes
recurse: true
- name: Ensure apt keyrings directory exists
file:
path: /etc/apt/keyrings
state: directory
recurse: yes
recurse: true
- name: Install osbpo apt gpg key
template:
@ -65,13 +66,13 @@
- ansible_facts.distribution == 'Debian'
- podman_sdk_python_externally_managed | default(false)
- virtualenv is none
become: True
become: true
- name: Install packages
package:
name: "{{ podman_sdk_packages | select | list }}"
cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}"
state: present
become: true