From 82e3d013fe734c04728e9d77cb34bf696a719022 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 19 May 2021 17:15:09 +0300 Subject: [PATCH] Bump ansible-lint version Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_sahara/+/792241 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_octavia/+/792242 Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-memcached_server/+/793400 Change-Id: I73cd3ef5a8c63be66f1a68e9e2de34421e27e6fd --- .ansible-lint | 16 +++++------- playbooks/healthcheck-infrastructure.yml | 12 ++++----- playbooks/healthcheck-openstack.yml | 6 ++--- playbooks/listening-port-report.yml | 1 + scripts/gate-check-commit.sh | 25 ++++++++++++------- test-requirements.txt | 2 +- .../tasks/prepare_aio_config.yml | 2 +- zuul.d/playbooks/pre-osa-aio.yml | 4 ++- zuul.d/project-templates.yaml | 2 -- zuul.d/project.yaml | 1 + 10 files changed, 38 insertions(+), 33 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index ffd4e9c0dd..0c3a55d0e4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,13 +1,9 @@ skip_list: - - '106' # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern - - '208' # File permissions unset or incorrect + - metadata warn_list: - - '204' # Lines should be no longer than 160 chars - - '303' # Using command rather than module - - '305' # Use shell only when shell functionality is required - - '306' # Shells that use pipes should set the pipefail option - - '502' # All tasks should be named - - '602' # Don't compare to empty string - - '701' # meta/main.yml should contain relevant info - - '702' # Tags must contain lowercase letters and digits only \ No newline at end of file + - risky-file-permissions + - risky-shell-pipe + - unnamed-task + - no-handler + - var-naming diff --git a/playbooks/healthcheck-infrastructure.yml b/playbooks/healthcheck-infrastructure.yml index c6e3df2bb2..13a2ae179a 100644 --- a/playbooks/healthcheck-infrastructure.yml +++ b/playbooks/healthcheck-infrastructure.yml @@ -243,10 +243,10 @@ - name: Grant access to the DB on "{{ groups['galera_all'][-1] }}" community.mysql.mysql_user: login_user: "{{ galera_root_user | default('root') }}" - login_password: "{{ galera_root_password }}" + login_password: "{{ galera_root_password }}" # noqa no-log-password login_host: "{{ ansible_host }}" name: "osa-tester" - password: "tester-secrete" + password: "tester-secrete" # noqa no-log-password host: "{{ item }}" state: "present" priv: "OSA-test.*:ALL" @@ -268,7 +268,7 @@ - name: Remove created user community.mysql.mysql_user: login_user: "{{ galera_root_user | default('root') }}" - login_password: "{{ galera_root_password }}" + login_password: "{{ galera_root_password }}" # noqa no-log-password login_host: "{{ ansible_host }}" name: "osa-tester" state: "absent" @@ -281,7 +281,7 @@ - name: Remove created DB community.mysql.mysql_db: login_user: "{{ galera_root_user | default('root') }}" - login_password: "{{ galera_root_password }}" + login_password: "{{ galera_root_password }}" # noqa no-log-password login_host: "{{ ansible_host }}" name: "OSA-test" state: "absent" @@ -303,13 +303,12 @@ - name: Configure Rabbitmq user community.rabbitmq.rabbitmq_user: user: "testguest" - password: "secrete" + password: "secrete" # noqa no-log-password vhost: "/testvhost" configure_priv: ".*" read_priv: ".*" write_priv: ".*" state: "present" - no_log: True tags: - healthcheck @@ -337,6 +336,7 @@ mode: 0755 - name: Connect to rabbitmq command: "{{ venv_path }}/bin/python {{ venv_path }}/rabbitmq-test.py {{ hostvars[groups['rabbitmq_all'][0]]['container_address'] }}" + changed_when: false tags: - healthcheck - healthcheck-rabbitmq-install diff --git a/playbooks/healthcheck-openstack.yml b/playbooks/healthcheck-openstack.yml index bda2084b48..9040ff7358 100644 --- a/playbooks/healthcheck-openstack.yml +++ b/playbooks/healthcheck-openstack.yml @@ -149,7 +149,7 @@ - "not 'is in use' in item.msg" - name: Store facts to see if everything is ok - openstack.cloud.os_networks_facts: + openstack.cloud.networks_info: cloud: default interface: internal verify: no @@ -234,7 +234,7 @@ tasks: - block: - name: Create keypair for nova - shell: "ssh-keygen -b 2048 -t rsa -f {{ ssh_key }} -q -N ''" + command: "ssh-keygen -b 2048 -t rsa -f {{ ssh_key }} -q -N ''" # noqa no-changed-when args: creates: "{{ ssh_key }}" @@ -313,7 +313,7 @@ volume: "{{ cinder_volumes[0]['name'] }}" - name: Get server facts - openstack.cloud.os_server_facts: + openstack.cloud.server_info: cloud: default interface: internal verify: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}" diff --git a/playbooks/listening-port-report.yml b/playbooks/listening-port-report.yml index 62f1ad44cf..c7df18ca79 100644 --- a/playbooks/listening-port-report.yml +++ b/playbooks/listening-port-report.yml @@ -19,6 +19,7 @@ - name: Gather listening ports command: netstat -ln --inet --program register: listening_ports + changed_when: false - name: create report copy: diff --git a/scripts/gate-check-commit.sh b/scripts/gate-check-commit.sh index 0c4d59f489..072a32d9a0 100755 --- a/scripts/gate-check-commit.sh +++ b/scripts/gate-check-commit.sh @@ -104,7 +104,7 @@ if which iptables; then fi # Bootstrap an AIO -if [[ -z "${SKIP_OSA_BOOTSTRAP_AIO+defined}" ]]; then +if [[ -z "${SKIP_OSA_BOOTSTRAP_AIO+defined}" && "${ACTION}" != "linters" ]]; then source "${OSA_CLONE_DIR}/scripts/bootstrap-aio.sh" fi @@ -113,7 +113,7 @@ if [[ "${ACTION}" == "varstest" ]]; then openstack-ansible test-vars-overrides.yml popd elif [[ "${ACTION}" == "linters" ]]; then - pushd "${OSA_CLONE_DIR}/playbooks" + pushd "${OSA_CLONE_DIR}" # Install linter tools ${PIP_COMMAND} install --isolated ${PIP_OPTS} -r ${OSA_CLONE_DIR}/test-requirements.txt # Disable Ansible color output @@ -126,16 +126,21 @@ elif [[ "${ACTION}" == "linters" ]]; then # defining working directories VENV_BIN_DIR=$(dirname ${PIP_COMMAND}) - ROLE_DIR="/etc/ansible/roles/${SCENARIO}" - ANSIBLE_LINT_WARNINGS="-w 204 -w 208 -w 306 -w metadata" + # Due to ansible-lint bug, it can't run from venv without sourcing it + # https://github.com/ansible-community/ansible-lint/issues/1507 + source ${VENV_BIN_DIR}/activate + source /usr/local/bin/openstack-ansible.rc # Check if we have test playbook and running checks - if [[ -f "${ROLE_DIR}/examples/playbook.yml" ]]; then - ${VENV_BIN_DIR}/ansible-lint ${ROLE_DIR}/examples/playbook.yml ${ANSIBLE_LINT_WARNINGS} - ${VENV_BIN_DIR}/ansible-playbook --syntax-check --list-tasks ${ROLE_DIR}/examples/playbook.yml + if [[ -f "/etc/ansible/roles/${SCENARIO}/examples/playbook.yml" ]]; then + ROLE_DIR="/etc/ansible/roles/${SCENARIO}" + ${VENV_BIN_DIR}/ansible-lint ${ROLE_DIR}/examples/playbook.yml -c ${OSA_CLONE_DIR}/.ansible-lint + ansible-playbook --syntax-check --list-tasks ${ROLE_DIR}/examples/playbook.yml + # If we don't have test playbook we assume that we're testing integrated repo else - ${VENV_BIN_DIR}/ansible-lint ${ROLE_DIR} ${ANSIBLE_LINT_WARNINGS} - ${VENV_BIN_DIR}/ansible-playbook --syntax-check --list-tasks setup-everything.yml + ROLE_DIR="${OSA_CLONE_DIR}" + ${VENV_BIN_DIR}/ansible-lint playbooks/ --exclude /etc/ansible/roles + ansible-playbook --syntax-check --list-tasks playbooks/setup-everything.yml fi # Run bashate @@ -154,6 +159,8 @@ elif [[ "${ACTION}" == "linters" ]]; then --exclude-dir *.egg-info \ --exclude-dir doc \ "${ROLE_DIR}" | xargs -r ${VENV_BIN_DIR}/flake8 --verbose + + deactivate popd else pushd "${OSA_CLONE_DIR}/playbooks" diff --git a/test-requirements.txt b/test-requirements.txt index 70a23c5376..1943d11925 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -11,4 +11,4 @@ virtualenv>=14.0.6 # MIT # once we stop doing linters check for the integrated repo with # openstack-ansible-tests/test-ansible-lint.sh flake8==3.8.3 # MIT -ansible-lint==4.3.5 # MIT \ No newline at end of file +ansible-lint==5.0.10 # MIT diff --git a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml index fda81a7a80..c9f721556b 100644 --- a/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml +++ b/tests/roles/bootstrap-host/tasks/prepare_aio_config.yml @@ -121,7 +121,7 @@ - ansible_facts['selinux']['status'] == "enabled" - name: Get systemd version - command: "rpm -q systemd" + command: "rpm -q systemd" # noqa command-instead-of-module changed_when: false register: systemd_version when: ansible_facts['os_family'] | lower == 'redhat' diff --git a/zuul.d/playbooks/pre-osa-aio.yml b/zuul.d/playbooks/pre-osa-aio.yml index e6ac4b068f..245e47b304 100644 --- a/zuul.d/playbooks/pre-osa-aio.yml +++ b/zuul.d/playbooks/pre-osa-aio.yml @@ -48,4 +48,6 @@ SCENARIO: "{{ scenario }}" ACTION: "{{ action }}" INSTALL_METHOD: "{{ install_method }}" - when: action != 'upgrade' \ No newline at end of file + when: + - action != 'upgrade' + - action != 'linters' diff --git a/zuul.d/project-templates.yaml b/zuul.d/project-templates.yaml index 8fb170aed4..1f4e9de9ad 100644 --- a/zuul.d/project-templates.yaml +++ b/zuul.d/project-templates.yaml @@ -16,12 +16,10 @@ name: openstack-ansible-deploy-base-jobs check: jobs: - - openstack-ansible-linters - openstack-ansible-varstest-aio - openstack-tox-docs gate: jobs: - - openstack-ansible-linters - openstack-ansible-varstest-aio - openstack-tox-docs periodic: diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index d1418ca4cc..af88f49bdf 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -14,6 +14,7 @@ - project: templates: + - openstack-ansible-linters-jobs - openstack-ansible-deploy-guide-jobs - openstack-ansible-deploy-base-jobs - openstack-ansible-deploy-aio_lxc-jobs