diff --git a/roles/apparmor_libvirt/tasks/remove-profile.yml b/roles/apparmor_libvirt/tasks/remove-profile.yml index 8a1da37..2f1ebee 100644 --- a/roles/apparmor_libvirt/tasks/remove-profile.yml +++ b/roles/apparmor_libvirt/tasks/remove-profile.yml @@ -15,7 +15,7 @@ ln -vsf /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable args: executable: /bin/bash - become: True + become: true changed_when: true when: - apparmor_libvirtd_profile.stat.exists diff --git a/roles/baremetal/defaults/main.yml b/roles/baremetal/defaults/main.yml index c7d6133..46bd9c2 100644 --- a/roles/baremetal/defaults/main.yml +++ b/roles/baremetal/defaults/main.yml @@ -17,17 +17,17 @@ ceph_yum_gpgcheck: true ceph_yum_package: "ceph-common" epel_yum_package: "epel-release" -create_kolla_user: False +create_kolla_user: false kolla_user: "kolla" kolla_group: "kolla" -change_selinux: True +change_selinux: true selinux_state: "permissive" # If true, the host firewall service (firewalld or ufw) will be disabled. -disable_firewall: True +disable_firewall: true git_http_proxy: "" git_https_proxy: "" diff --git a/roles/baremetal/tasks/configure-ceph-for-zun.yml b/roles/baremetal/tasks/configure-ceph-for-zun.yml index 746baad..3e71309 100644 --- a/roles/baremetal/tasks/configure-ceph-for-zun.yml +++ b/roles/baremetal/tasks/configure-ceph-for-zun.yml @@ -6,13 +6,13 @@ file: path: /etc/apt/sources.list.d state: directory - recurse: yes + recurse: true - name: Ensure apt keyrings directory exists file: path: /etc/apt/keyrings state: directory - recurse: yes + recurse: true - name: Install ceph apt gpg key get_url: @@ -48,7 +48,7 @@ update_cache: true when: ansible_facts.os_family == 'Debian' - become: True + become: true - block: - name: Enable ceph yum repository @@ -78,4 +78,4 @@ enablerepo: epel when: ansible_facts.os_family == 'RedHat' - become: True + become: true diff --git a/roles/baremetal/tasks/install.yml b/roles/baremetal/tasks/install.yml index d9fce97..c8b2a2e 100644 --- a/roles/baremetal/tasks/install.yml +++ b/roles/baremetal/tasks/install.yml @@ -3,12 +3,12 @@ - block: - name: Set firewall default policy # noqa ignore-errors - become: True + become: true ufw: state: disabled policy: allow when: ansible_facts.os_family == 'Debian' - ignore_errors: yes + ignore_errors: true - name: Check if firewalld is installed # noqa command-instead-of-module @@ -19,7 +19,7 @@ when: ansible_facts.os_family == 'RedHat' - name: Disable firewalld - become: True + become: true service: name: "{{ item }}" enabled: false diff --git a/roles/baremetal/tasks/post-install.yml b/roles/baremetal/tasks/post-install.yml index f72a9db..fcfd507 100644 --- a/roles/baremetal/tasks/post-install.yml +++ b/roles/baremetal/tasks/post-install.yml @@ -12,8 +12,8 @@ state: directory owner: "{{ kolla_user if create_kolla_user | bool else omit }}" group: "{{ kolla_group if create_kolla_user | bool else omit }}" - mode: 0755 - become: True + mode: "0755" + become: true - import_role: name: openstack.kolla.apparmor_libvirt diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml index c35e54b..7584265 100644 --- a/roles/docker/handlers/main.yml +++ b/roles/docker/handlers/main.yml @@ -1,9 +1,9 @@ --- - name: Reload docker service file - become: True + become: true systemd: name: docker - daemon_reload: yes + daemon_reload: true notify: - Restart docker @@ -11,11 +11,11 @@ systemd: name: docker state: "{{ 'reloaded' if docker_systemd_reload | bool else 'restarted' }}" - masked: no - become: True + masked: false + become: true - name: Restart containerd service: name: containerd state: restarted - become: True + become: true diff --git a/roles/docker/tasks/config.yml b/roles/docker/tasks/config.yml index 0bbe658..442b452 100644 --- a/roles/docker/tasks/config.yml +++ b/roles/docker/tasks/config.yml @@ -3,11 +3,11 @@ file: path: /etc/docker state: directory - mode: 0755 - become: True + mode: "0755" + become: true - name: Write docker config - become: True + become: true vars: docker_config_insecure_registries: insecure-registries: @@ -48,12 +48,12 @@ copy: content: "{{ docker_config | to_nice_json }}" dest: /etc/docker/daemon.json - mode: 0644 + mode: "0644" notify: - Restart docker - name: Remove old docker options file - become: True + become: true file: path: /etc/systemd/system/docker.service.d/kolla.conf state: absent @@ -66,11 +66,11 @@ - Reload docker service file - name: Ensure docker service directory exists - become: True + become: true file: path: /etc/systemd/system/docker.service.d state: directory - recurse: yes + recurse: true when: > (docker_configure_for_zun | bool and 'zun-compute' in group_names) or docker_http_proxy | length > 0 or @@ -78,11 +78,11 @@ docker_no_proxy | length > 0 - name: Configure docker service - become: True + become: true template: src: docker_systemd_service.j2 dest: /etc/systemd/system/docker.service.d/kolla.conf - mode: 0644 + mode: "0644" when: > (docker_configure_for_zun | bool and 'zun-compute' in group_names) or docker_http_proxy | length > 0 or @@ -96,9 +96,9 @@ path: "/etc/docker/certs.d/{{ docker_registry }}" owner: root group: root - mode: 0700 + mode: "0700" state: directory - become: True + become: true when: docker_registry is not none and docker_registry_ca is not none - name: Ensure the CA file for private registry exists @@ -107,8 +107,8 @@ dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt" owner: root group: root - mode: 0600 - become: True + mode: "0600" + become: true when: docker_registry is not none and docker_registry_ca is not none notify: - Restart docker @@ -120,6 +120,6 @@ systemd: name: docker state: started - enabled: yes - masked: no - become: True + enabled: true + masked: false + become: true diff --git a/roles/docker/tasks/configure-containerd-for-zun.yml b/roles/docker/tasks/configure-containerd-for-zun.yml index 8c648a4..dbcc124 100644 --- a/roles/docker/tasks/configure-containerd-for-zun.yml +++ b/roles/docker/tasks/configure-containerd-for-zun.yml @@ -6,7 +6,7 @@ mode: "0770" owner: "{{ config_owner_user }}" group: "{{ config_owner_group }}" - become: True + become: true - name: Copying CNI config file template: @@ -15,7 +15,7 @@ mode: "0660" owner: "{{ config_owner_user }}" group: "{{ config_owner_group }}" - become: True + become: true notify: - Restart containerd @@ -26,14 +26,14 @@ mode: "0770" owner: "{{ config_owner_user }}" group: "{{ config_owner_group }}" - become: True + become: true - name: Copy zun-cni script template: src: "zun-cni.j2" dest: "{{ cni_bin_dir }}/zun-cni" mode: "0775" - become: True + become: true - name: Copying over containerd config template: diff --git a/roles/docker/tasks/install.yml b/roles/docker/tasks/install.yml index 2901736..54873a5 100644 --- a/roles/docker/tasks/install.yml +++ b/roles/docker/tasks/install.yml @@ -35,7 +35,7 @@ cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" update_cache: true state: present - become: True + become: true register: docker_install_result # If any packages were updated, and any containers were running, wait for the @@ -48,9 +48,9 @@ systemd: name: docker state: started - enabled: yes - masked: no - become: True + enabled: true + masked: false + become: true - name: Wait for Docker to start command: docker info diff --git a/roles/docker/tasks/repo-Debian.yml b/roles/docker/tasks/repo-Debian.yml index b58b061..8023769 100644 --- a/roles/docker/tasks/repo-Debian.yml +++ b/roles/docker/tasks/repo-Debian.yml @@ -7,21 +7,21 @@ cache_valid_time: "{{ apt_cache_valid_time }}" update_cache: true state: present - become: True + become: true - name: Ensure apt sources list directory exists file: path: /etc/apt/sources.list.d state: directory - recurse: yes - become: True + recurse: true + become: true - name: Ensure apt keyrings directory exists file: path: /etc/apt/keyrings state: directory - recurse: yes - become: True + recurse: true + become: true - name: Install docker apt gpg key get_url: @@ -29,7 +29,7 @@ dest: "/etc/apt/keyrings/docker.asc" mode: "0644" force: true - become: True + become: true - name: Install docker apt pin copy: @@ -39,14 +39,14 @@ Pin: version {{ docker_apt_package_pin }} Pin-Priority: 1000 mode: "0644" - become: True + become: true when: docker_apt_package_pin | length > 0 - name: Ensure old docker repository absent file: path: /etc/apt/sources.list.d/docker.list state: absent - become: True + become: true # TODO(mmalchuk): replace with ansible.builtin.deb822_repository module # when all stable releases moves to the ansible-core >= 2.15 @@ -62,9 +62,9 @@ Components: stable Signed-by: /etc/apt/keyrings/docker.asc mode: "0644" - become: True + become: true - name: Update the apt cache apt: update_cache: true - become: True + become: true diff --git a/roles/docker/tasks/repo-RedHat.yml b/roles/docker/tasks/repo-RedHat.yml index 7e2eacb..f06c6b9 100644 --- a/roles/docker/tasks/repo-RedHat.yml +++ b/roles/docker/tasks/repo-RedHat.yml @@ -3,8 +3,8 @@ file: path: /etc/yum.repos.d/ state: directory - recurse: yes - become: True + recurse: true + become: true - name: Enable docker yum repository yum_repository: @@ -17,11 +17,11 @@ # modular package in CentOS 8 see: # https://bugzilla.redhat.com/show_bug.cgi?id=1734081 module_hotfixes: true - become: True + become: true - name: Install docker rpm gpg key rpm_key: state: present key: "{{ docker_yum_gpgkey }}" - become: True + become: true when: docker_yum_gpgcheck | bool diff --git a/roles/docker_sdk/defaults/main.yml b/roles/docker_sdk/defaults/main.yml index 9d2d51b..eb34b0d 100644 --- a/roles/docker_sdk/defaults/main.yml +++ b/roles/docker_sdk/defaults/main.yml @@ -26,9 +26,9 @@ virtualenv: # Whether the virtualenv will inherit packages from the global site-packages # directory. This is typically required for modules such as yum and apt which # are not available on PyPI. -virtualenv_site_packages: True +virtualenv_site_packages: true -create_kolla_user: False +create_kolla_user: false kolla_user: "kolla" # Owner of the virtualenv. diff --git a/roles/docker_sdk/tasks/main.yml b/roles/docker_sdk/tasks/main.yml index 03afc87..368d3a9 100644 --- a/roles/docker_sdk/tasks/main.yml +++ b/roles/docker_sdk/tasks/main.yml @@ -2,7 +2,8 @@ - name: Handling for Python3.10+ externally managed environments block: - name: Get Python - ansible.builtin.command: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'" + ansible.builtin.command: + cmd: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'" changed_when: false register: python_default_scheme_path @@ -24,28 +25,28 @@ file: path: /etc/apt/sources.list.d state: directory - recurse: yes - become: True + recurse: true + become: true - name: Ensure apt keyrings directory exists file: path: /etc/apt/keyrings state: directory - recurse: yes - become: True + recurse: true + become: true - name: Install osbpo apt gpg key template: src: osbpo_pubkey.gpg.j2 dest: /etc/apt/keyrings/osbpo.asc mode: "0644" - become: True + become: true - name: Enable osbpo apt repository apt_repository: repo: "{{ docker_sdk_osbpo_apt_repo }}" filename: osbpo - become: True + become: true when: - ansible_facts.distribution == 'Debian' - docker_sdk_python_externally_managed | default(false) diff --git a/roles/etc_hosts/tasks/etc-hosts.yml b/roles/etc_hosts/tasks/etc-hosts.yml index 39ae0d5..f6b044b 100644 --- a/roles/etc_hosts/tasks/etc-hosts.yml +++ b/roles/etc_hosts/tasks/etc-hosts.yml @@ -5,9 +5,9 @@ regexp: "^127.0.0.1.*" line: "127.0.0.1 localhost" create: true - mode: 0644 + mode: "0644" state: present - become: True + become: true # NOTE(mgoddard): Ubuntu may include a line in /etc/hosts that makes the local # hostname and fqdn point to 127.0.1.1. This can break @@ -20,7 +20,7 @@ dest: /etc/hosts regexp: "^127.0.1.1\\b.*\\s{{ ansible_facts.hostname }}\\b" state: absent - become: True + become: true - name: Generate /etc/hosts for all of the nodes blockinfile: @@ -28,13 +28,13 @@ marker: "# {mark} ANSIBLE GENERATED HOSTS" block: | {% for host in groups['baremetal'] %} - {% set api_interface = (hostvars[host]['api_interface'] | replace('-', '_')) %} + {% set api_interface = hostvars[host]['api_interface'] | replace('-', '_') %} {% if host not in groups['bifrost'] or api_interface in hostvars[host].ansible_facts %} {% set hostnames = [hostvars[host].ansible_facts.nodename, hostvars[host].ansible_facts.hostname] %} {{ 'api' | kolla_address(host) }} {{ hostnames | unique | join(' ') }} {% endif %} {% endfor %} - become: True + become: true when: # Skip hosts in the bifrost group that do not have a valid api_interface. - inventory_hostname not in groups['bifrost'] or @@ -57,4 +57,4 @@ dest: /etc/cloud/cloud.cfg.d/99-kolla.cfg mode: "0660" when: cloud_init.stat.exists - become: True + become: true diff --git a/roles/kolla_user/tasks/main.yml b/roles/kolla_user/tasks/main.yml index 301c6e4..7cc4137 100644 --- a/roles/kolla_user/tasks/main.yml +++ b/roles/kolla_user/tasks/main.yml @@ -3,7 +3,7 @@ group: name: "{{ item }}" state: present - become: True + become: true loop: - docker - sudo @@ -18,21 +18,21 @@ - docker - sudo append: true - become: True + become: true - name: Add public key to kolla user authorized keys authorized_key: user: "{{ kolla_user }}" key: "{{ kolla_ssh_key.public_key }}" - become: True + become: true - name: Grant kolla user passwordless sudo lineinfile: dest: /etc/sudoers.d/kolla-ansible-users state: present - create: yes + create: true mode: '0640' regexp: '^{{ kolla_user }}' line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL' - become: True + become: true when: create_kolla_user_sudoers | bool diff --git a/roles/podman/tasks/config.yml b/roles/podman/tasks/config.yml index 8c96d58..851eb31 100644 --- a/roles/podman/tasks/config.yml +++ b/roles/podman/tasks/config.yml @@ -3,15 +3,15 @@ file: path: /etc/containers/{{ item }} state: directory - mode: 0755 - become: True + mode: "0755" + become: true with_items: - "containers.conf.d" - "registries.conf.d" - "storage.conf.d" - name: Write registries config - become: True + become: true vars: registry: | [[registry]] @@ -20,11 +20,11 @@ copy: content: "{{ registry }}" dest: /etc/containers/registries.conf.d/registries.conf - mode: 0644 + mode: "0644" when: podman_registry is not none - name: Write registry mirror config - become: True + become: true vars: registry_mirror: | [[registry.mirror]] @@ -33,11 +33,11 @@ copy: content: "{{ registry_mirror }}" dest: /etc/containers/registries.conf.d/registry-mirror.conf - mode: 0644 + mode: "0644" when: podman_registry_mirror is not none - name: Write storage config - become: True + become: true vars: config: | {% if podman_storage_driver is not none %} @@ -49,7 +49,7 @@ copy: content: "{{ config }}" dest: /etc/containers/storage.conf.d/storage.conf - mode: 0644 + mode: "0644" when: podman_storage_driver is not none or podman_runtime_directory is not none - name: Ensure the path for CA file for podman registry exists @@ -57,9 +57,9 @@ path: "/etc/containers/certs.d/{{ podman_registry }}" owner: root group: root - mode: 0700 + mode: "0700" state: directory - become: True + become: true when: - podman_registry is not none - podman_registry_ca is not none @@ -70,8 +70,8 @@ dest: "/etc/containers/certs.d/{{ private_registry }}/ca.crt" owner: root group: root - mode: 0600 - become: True + mode: "0600" + become: true when: - podman_registry is not none - podman_registry_ca is not none diff --git a/roles/podman/tasks/install.yml b/roles/podman/tasks/install.yml index be82fc1..7870dbd 100644 --- a/roles/podman/tasks/install.yml +++ b/roles/podman/tasks/install.yml @@ -15,7 +15,7 @@ cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" update_cache: true state: present - become: True + become: true register: podman_install_result # If any packages were updated, and any containers were running, wait for the @@ -26,7 +26,7 @@ service: name: podman.socket state: started - enabled: yes + enabled: true - block: - name: Wait for Podman to start diff --git a/roles/podman_sdk/defaults/main.yml b/roles/podman_sdk/defaults/main.yml index 4095215..06f2b34 100644 --- a/roles/podman_sdk/defaults/main.yml +++ b/roles/podman_sdk/defaults/main.yml @@ -25,9 +25,9 @@ virtualenv: # Whether the virtualenv will inherit packages from the global site-packages # directory. This is typically required for modules such as yum and apt which # are not available on PyPI. -virtualenv_site_packages: True +virtualenv_site_packages: true -create_kolla_user: False +create_kolla_user: false kolla_user: "kolla" # Owner of the virtualenv. diff --git a/roles/podman_sdk/tasks/main.yml b/roles/podman_sdk/tasks/main.yml index b8809c1..96bf72d 100644 --- a/roles/podman_sdk/tasks/main.yml +++ b/roles/podman_sdk/tasks/main.yml @@ -2,7 +2,8 @@ - name: Handling for Python3.10+ externally managed environments block: - name: Get Python - ansible.builtin.command: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'" + ansible.builtin.command: + cmd: "{{ ansible_facts.python.executable }} -c 'import sysconfig; print(sysconfig.get_path(\"stdlib\", sysconfig.get_default_scheme()))'" changed_when: false register: python_default_scheme_path @@ -24,13 +25,13 @@ file: path: /etc/apt/sources.list.d state: directory - recurse: yes + recurse: true - name: Ensure apt keyrings directory exists file: path: /etc/apt/keyrings state: directory - recurse: yes + recurse: true - name: Install osbpo apt gpg key template: @@ -65,13 +66,13 @@ - ansible_facts.distribution == 'Debian' - podman_sdk_python_externally_managed | default(false) - virtualenv is none - become: True + become: true - name: Install packages package: name: "{{ podman_sdk_packages | select | list }}" cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ true if ansible_facts.os_family == 'Debian' else omit }}" state: present become: true