openstack/bifrost
Code Issues Proposed changes

Merge "Fix key-order[task] linter warnings"

Browse Source
This commit is contained in:
Zuul 2023-07-10 11:43:10 +00:00 committed by Gerrit Code Review
commit 0c1b2ac42c
13 changed files with 202 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.ansible-lint
View File

@ -4,7 +4,6 @@ skip_list:
- fqcn[action-core] # Use FQCN for builtin actions - fqcn[action-core] # Use FQCN for builtin actions
- ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors - ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
- jinja[invalid] # Unrecognized type - jinja[invalid] # Unrecognized type
- key-order[task] # You can improve the task key order
- meta-no-info # meta/main.yml should contain relevant info - meta-no-info # meta/main.yml should contain relevant info
- meta-no-tags # Tags must contain lowercase letters and digits only - meta-no-tags # Tags must contain lowercase letters and digits only
- name[casing] #All names should start with an uppercase letter - name[casing] #All names should start with an uppercase letter

4
playbooks/roles/bifrost-create-vm-nodes/tasks/create_vm.yml
View File

@ -42,7 +42,8 @@
register: existing_vms register: existing_vms
# NOTE(pas-ha) wrapping in block/rescue to have diagnostic output, requires Ansible>=2 # NOTE(pas-ha) wrapping in block/rescue to have diagnostic output, requires Ansible>=2
- block: - when: vm_name not in existing_vms.list_vms
block:
# NOTE(pas-ha) Ansible still lacks modules to operate on libvirt volumes # NOTE(pas-ha) Ansible still lacks modules to operate on libvirt volumes
# NOTE(pas-ha) adding extra 1G for disk size to accomodate for partition table / configdrive # NOTE(pas-ha) adding extra 1G for disk size to accomodate for partition table / configdrive
- name: create volume for vm - name: create volume for vm
@ -92,7 +93,6 @@
msg: >- msg: >-
VM creation step failed, please review dmesg VM creation step failed, please review dmesg
output for additional details output for additional details
when: vm_name not in existing_vms.list_vms
# TODO(pas-ha) replace 'command: vbmc ...' tasks # TODO(pas-ha) replace 'command: vbmc ...' tasks
# with a custom Ansible module using vbmc Python API # with a custom Ansible module using vbmc Python API

11
playbooks/roles/bifrost-create-vm-nodes/tasks/prepare_libvirt.yml
View File

@ -309,17 +309,18 @@
path: /tmp/sushy-emulator path: /tmp/sushy-emulator
register: redfish_emulator_old_state_dir register: redfish_emulator_old_state_dir
- block: - become: true
ignore_errors: true
when:
- redfish_emulator_old_state_dir.stat.exists
- redfish_emulator_state_dir != '/tmp/sushy-emulator'
block:
- name: stop Redfish Emulator before migrating its state directory - name: stop Redfish Emulator before migrating its state directory
systemd: systemd:
name: redfish-emulator name: redfish-emulator
state: stopped state: stopped
- name: migrate existing Redfish Emulator state directory - name: migrate existing Redfish Emulator state directory
shell: mv /tmp/sushy-emulator/*.sqlite "{{ redfish_emulator_state_dir }}" shell: mv /tmp/sushy-emulator/*.sqlite "{{ redfish_emulator_state_dir }}"
become: true
ignore_errors: true
when: redfish_emulator_old_state_dir.stat.exists
and redfish_emulator_state_dir != '/tmp/sushy-emulator'
- name: ensure Redfish Emulator systemd service is started and enabled - name: ensure Redfish Emulator systemd service is started and enabled
systemd: systemd:

12
playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml
View File

@ -71,11 +71,13 @@
when: inventory_dhcp | bool or inventory_dns | bool when: inventory_dhcp | bool or inventory_dns | bool
- name: "Create instance info" - name: "Create instance info"
when: instance_info is not defined or instance_info == {}
block: block:
- name: "Figure out image checksum" - name: "Figure out image checksum"
when:
- deploy_image_checksum is not defined
- not deploy_image_source.startswith('file://')
block: block:
- name: "Collect the checksum of the deployment image." - name: "Collect the checksum of the deployment image."
stat: stat:
path: "{{ deploy_image_path }}" path: "{{ deploy_image_path }}"
@ -93,10 +95,6 @@
set_fact: set_fact:
deploy_image_checksum: "{{ test_deploy_image.stat.checksum }}" deploy_image_checksum: "{{ test_deploy_image.stat.checksum }}"
when:
- deploy_image_checksum is not defined
- not deploy_image_source.startswith('file://')
- name: "Set generated instance_info" - name: "Set generated instance_info"
set_fact: set_fact:
instance_info: instance_info:
@ -106,8 +104,6 @@
image_type: "{{ deploy_image_type | default(omit) }}" image_type: "{{ deploy_image_type | default(omit) }}"
root_gb: "{{ deploy_root_gb if deploy_image_type | default('') == 'partition' else omit }}" root_gb: "{{ deploy_root_gb if deploy_image_type | default('') == 'partition' else omit }}"
when: instance_info is not defined or instance_info == {}
- name: "Deploy to hardware" - name: "Deploy to hardware"
openstack.cloud.baremetal_node_action: openstack.cloud.baremetal_node_action:
cloud: "{{ cloud_name | default(omit) }}" cloud: "{{ cloud_name | default(omit) }}"

8
playbooks/roles/bifrost-download-packages/tasks/main.yml
View File

@ -20,7 +20,8 @@
set_fact: set_fact:
download_packages_string: "{{ download_packages | join(' ') }}" download_packages_string: "{{ download_packages | join(' ') }}"
- block: - when: ansible_os_family == 'Debian'
block:
- name: "Download {{ download_packages_string }}" - name: "Download {{ download_packages_string }}"
command: apt-get download {{ download_packages_string }} # noqa: command-instead-of-module command: apt-get download {{ download_packages_string }} # noqa: command-instead-of-module
args: args:
@ -30,9 +31,9 @@
shell: > shell: >
dpkg-deb -R {{ download_dest }}/{{ item }}_*.deb {{ download_dest }}/{{ item }} dpkg-deb -R {{ download_dest }}/{{ item }}_*.deb {{ download_dest }}/{{ item }}
loop: "{{ download_packages }}" loop: "{{ download_packages }}"
when: ansible_os_family == 'Debian'
- block: - when: ansible_os_family == 'RedHat'
block:
- name: "Download {{ download_packages_string }}" - name: "Download {{ download_packages_string }}"
command: > command: >
dnf download --downloaddir {{ download_dest }} {{ download_packages_string }} dnf download --downloaddir {{ download_dest }} {{ download_packages_string }}
@ -51,4 +52,3 @@
chdir: "{{ download_dest }}/{{ item }}" chdir: "{{ download_dest }}/{{ item }}"
executable: /bin/bash executable: /bin/bash
loop: "{{ download_packages }}" loop: "{{ download_packages }}"
when: ansible_os_family == 'RedHat'

4
playbooks/roles/bifrost-ironic-install/ssh_public_key_path.yaml
View File

@ -12,7 +12,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
--- ---
- block: - delegate_to: localhost
block:
- name: "Find a suitable SSH public key" - name: "Find a suitable SSH public key"
set_fact: set_fact:
ssh_public_key_path: "{{ item }}" ssh_public_key_path: "{{ item }}"
@ -37,7 +38,6 @@
fail: fail:
msg: "ssh_public_key_path {{ ssh_public_key_path }} was not found" msg: "ssh_public_key_path {{ ssh_public_key_path }} was not found"
when: not test_ssh_public_key_path.stat.exists when: not test_ssh_public_key_path.stat.exists
delegate_to: localhost
- name: "Read SSH public key in ssh_public_key" - name: "Read SSH public key in ssh_public_key"
set_fact: set_fact:

15
playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
View File

@ -401,7 +401,8 @@
- not create_ipa_image | bool - not create_ipa_image | bool
- download_ipa | bool - download_ipa | bool
- block: - when: use_cirros | bool
block:
- name: "Download cirros to use for deployment if requested" - name: "Download cirros to use for deployment if requested"
get_url: get_url:
url: "{{ cirros_deploy_image_upstream_url }}" url: "{{ cirros_deploy_image_upstream_url }}"
@ -418,9 +419,9 @@
owner: ironic owner: ironic
group: ironic group: ironic
mode: "0644" mode: "0644"
when: use_cirros | bool
- block: - when: use_cirros | bool
block:
- name: "Create a checksum file for cirros" - name: "Create a checksum file for cirros"
shell: md5sum {{ deploy_image_filename }} > {{ deploy_image_filename }}.CHECKSUMS shell: md5sum {{ deploy_image_filename }} > {{ deploy_image_filename }}.CHECKSUMS
args: args:
@ -431,7 +432,6 @@
owner: ironic owner: ironic
group: ironic group: ironic
mode: "0644" mode: "0644"
when: use_cirros | bool
- name: "Bootstrap Nginx" - name: "Bootstrap Nginx"
import_role: import_role:
@ -522,7 +522,10 @@
- 6385 - 6385
when: use_firewalld | bool when: use_firewalld | bool
- block: - when:
- ansible_os_family == 'RedHat'
- ansible_selinux.status == 'enabled'
block:
- name: "Allow nginx, ironic, inspector and IPA ports on SELinux" - name: "Allow nginx, ironic, inspector and IPA ports on SELinux"
seport: seport:
ports: "{{ file_url_port }},{{ file_url_port_tls }},6385,5050,9999" ports: "{{ file_url_port }},{{ file_url_port_tls }},6385,5050,9999"
@ -562,8 +565,6 @@
- "{{ http_boot_folder }}" - "{{ http_boot_folder }}"
- "{{ tftp_boot_folder }}" - "{{ tftp_boot_folder }}"
- "{{ ironic_tftp_master_path }}" - "{{ ironic_tftp_master_path }}"
when: (ansible_os_family == 'RedHat' or ansible_os_family == 'Suse') and
ansible_selinux.status == 'enabled'
- name: "Configure remote logging" - name: "Configure remote logging"
template: template:

3
playbooks/roles/bifrost-ironic-install/tasks/create_tftpboot.yml
View File

@ -142,6 +142,7 @@
- "{{ http_boot_folder }}" - "{{ http_boot_folder }}"
- name: "Set up iPXE for EFI booting" - name: "Set up iPXE for EFI booting"
when: "'ipxe' in enabled_boot_interfaces.split(',')"
block: block:
- name: "Check if the iPXE EFI image is present" - name: "Check if the iPXE EFI image is present"
stat: stat:
@ -177,8 +178,6 @@
mode: "0644" mode: "0644"
remote_src: true remote_src: true
when: "'ipxe' in enabled_boot_interfaces.split(',')"
# Similar logic to below can be utilized to retrieve files # Similar logic to below can be utilized to retrieve files
- name: "Determine if folder exists, else create and populate folder." - name: "Determine if folder exists, else create and populate folder."
stat: stat:

27
playbooks/roles/bifrost-ironic-install/tasks/install.yml
View File

@ -18,7 +18,11 @@
update_cache: yes update_cache: yes
when: ansible_os_family == 'Debian' when: ansible_os_family == 'Debian'
- block: - name: "Enable EPEL repositories for known EL distributions"
when:
- enable_epel | bool
- ansible_distribution in ["AlmaLinux", "CentOS", "Rocky"]
block:
- name: "Enable powertools repository for EL8" - name: "Enable powertools repository for EL8"
command: dnf config-manager --set-enabled powertools command: dnf config-manager --set-enabled powertools
when: ansible_distribution_version|int == 8 when: ansible_distribution_version|int == 8
@ -27,32 +31,27 @@
command: dnf config-manager --set-enabled crb command: dnf config-manager --set-enabled crb
when: ansible_distribution_version|int == 9 when: ansible_distribution_version|int == 9
- name: "Enable EPEL repository for EL7/8" - name: "Enable EPEL repository for EL7/8/9"
ansible.builtin.dnf: ansible.builtin.dnf:
name: epel-release name: epel-release
state: latest state: latest
when:
- enable_epel | bool
- ansible_distribution in ["AlmaLinux", "CentOS", "Rocky"]
- name: "Enable EPEL repositories for EL9" - name: "Enable EPEL-next repository for Centos 9-Stream"
ansible.builtin.dnf: ansible.builtin.dnf:
name: name: epel-next-release
- epel-next-release
state: latest state: latest
when: when:
- enable_epel | bool
- ansible_distribution == 'CentOS' - ansible_distribution == 'CentOS'
- ansible_distribution_version|int == 9 - ansible_distribution_version|int == 9
- name: "Enable EPEL repository for RedHat 9" - name: "Enable EPEL repository for RHEL 9"
command: dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
args:
creates: /etc/yum.repos.d/epel.repo
when: when:
- enable_epel | bool - enable_epel | bool
- ansible_distribution == "RedHat" - ansible_distribution == "RedHat"
- ansible_distribution_version|int >= 9 - ansible_distribution_version|int >= 9
command: dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
args:
creates: /etc/yum.repos.d/epel.repo
- name: "Install system packages" - name: "Install system packages"
package: package:
@ -206,8 +205,6 @@
dest: grub-efi dest: grub-efi
- src: "{{ shim_efi_package }}/{{ shim_efi_binary }}" - src: "{{ shim_efi_package }}/{{ shim_efi_binary }}"
dest: shim-efi dest: shim-efi
when: ansible_os_family != 'Suse'
always: always:
- name: "Delete the temporary directory" - name: "Delete the temporary directory"
file: file:

6
playbooks/roles/bifrost-keystone-client-config/tasks/validate.yml
View File

@ -15,7 +15,9 @@
set_fact: set_fact:
testing_cloud_name: "{{ (clouds | dict2items)[0].key }}" testing_cloud_name: "{{ (clouds | dict2items)[0].key }}"
- block: - become: yes
become_user: "{{ user | default('root') }}"
block:
- name: "List bare metal nodes using CLI and clouds.yaml" - name: "List bare metal nodes using CLI and clouds.yaml"
command: baremetal --debug node list command: baremetal --debug node list
environment: "{{ bifrost_venv_env | combine({'OS_CLOUD': testing_cloud_name}) }}" environment: "{{ bifrost_venv_env | combine({'OS_CLOUD': testing_cloud_name}) }}"
@ -55,5 +57,3 @@
when: when:
- enable_keystone | bool - enable_keystone | bool
- "'bifrost-admin' in clouds" - "'bifrost-admin' in clouds"
become: yes
become_user: "{{ user | default('root') }}"

10
playbooks/roles/bifrost-keystone-install/tasks/bootstrap.yml
View File

@ -242,7 +242,11 @@
group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group. group: "{{ nginx_user }}" # TODO(TheJulia): Split webserver user/group.
mode: "0755" mode: "0755"
- block: - when:
- ansible_os_family == 'RedHat'
- ansible_selinux.status == 'enabled'
- ansible_selinux.mode == "enforcing"
block:
- name: "Explicitly allow keystone port (TCP) on selinux" - name: "Explicitly allow keystone port (TCP) on selinux"
seport: seport:
ports: "5000" ports: "5000"
@ -266,7 +270,3 @@
- name: Enable keystone policy module - name: Enable keystone policy module
command: semodule -e keystone_policy command: semodule -e keystone_policy
when:
- ansible_os_family == 'RedHat'
- ansible_selinux.status == 'enabled'
- ansible_selinux.mode == "enforcing"

6
playbooks/roles/bifrost-pip-install/tasks/main.yml
View File

@ -14,8 +14,8 @@
# limitations under the License. # limitations under the License.
--- ---
- block: - when: not skip_install | bool
block:
- name: "Check that sourcedir is provided with source_install" - name: "Check that sourcedir is provided with source_install"
fail: fail:
msg: Source installation of requires sourcedir to be provided msg: Source installation of requires sourcedir to be provided
@ -69,5 +69,3 @@
extra_args: "{{ extra_args }}" extra_args: "{{ extra_args }}"
when: source_install | bool when: source_install | bool
environment: "{{ bifrost_venv_env | combine({'SETUPTOOLS_USE_DISTUTILS': 'stdlib'}) }}" environment: "{{ bifrost_venv_env | combine({'SETUPTOOLS_USE_DISTUTILS': 'stdlib'}) }}"
when: not skip_install | bool

4
playbooks/test-bifrost.yaml
View File

@ -15,7 +15,8 @@
- name: "Set testing to true" - name: "Set testing to true"
set_fact: set_fact:
testing: true testing: true
- block: - when: lookup('env', 'ZUUL_BRANCH') | length > 0
block:
- name: "Set variables if running in the CI" - name: "Set variables if running in the CI"
set_fact: set_fact:
cirros_deploy_image_upstream_url: file:///opt/cache/files/cirros-0.5.3-x86_64-disk.img cirros_deploy_image_upstream_url: file:///opt/cache/files/cirros-0.5.3-x86_64-disk.img
@ -29,7 +30,6 @@
set_fact: set_fact:
openstacksdk_source_install: true openstacksdk_source_install: true
when: sdk_path.stat.exists when: sdk_path.stat.exists
when: lookup('env', 'ZUUL_BRANCH') | length > 0
- import_playbook: install.yaml - import_playbook: install.yaml