Fix: Re-factor repo to work with ansible 9.2.x

- The ansible roles have been updated to run on latest version on
  Ansible and python 3.10.x are pulled in by common-packer returns
  several errors with newer version of Ansible.
- The new version of ansible 9.2.x requires the code to be refactored
  and moderenized accordingly.
- Update tox to run ansible lint.
- Fixes the following Violation Summary:
     count tag                   profile    rule associated tags
     1 command-instead-of-module basic      command-shell, idiom
     2 key-order[task]           basic      formatting
     4 literal-compare           basic      idiom
     6 jinja[spacing]            basic      formatting (warning)
     5 no-free-form              basic      syntax, risk
     4 partial-become[play]      basic      unpredictability
     4 schema[playbook]          basic      core
     4 name[missing]             basic      idiom
    11 name[play]                basic      idiom
     3 yaml[octal-values]        basic      formatting, yaml
    18 yaml[truthy]              basic      formatting, yaml
     5 name[casing]              moderate   idiom
     2 risky-file-permissions    safety     unpredictability
     3 no-changed-when           shared     command-shell, idempotency
    38 fqcn[action-core]         production formatting
    11 fqcn[action]              production formatting

Issue: RELENG-5175
Change-Id: I2c6af03d197236328e2389f4694edab3fe40bfc4
Signed-off-by: Anil Belur <[email protected]>

.ansible-lint-ignore

@@ -0,0 +1 @@
+provision/windows-builder.yaml

provision/baseline.yaml

@@ -1,25 +1,32 @@
 ---
-- hosts: all
+- name: Baseline for all builds
+  hosts: all
   become_user: root
-  become_method: sudo
+  become: true
+  become_method: ansible.builtin.sudo
 
   pre_tasks:
-    - include_role: name=lfit.system-update
+    - name: Pre-task system update
+      ansible.builtin.include_role:
+        name: lfit.system-update
 
     - name: Install base packages
-      include_tasks: "{{item}}"
+      ansible.builtin.include_tasks: "{{ item }}"
       with_first_found:
-        - "install-base-pkgs-{{ansible_distribution}}.yaml"
-        - "install-base-pkgs-{{ansible_os_family}}.yaml"
+        - "install-base-pkgs-{{ ansible_distribution }}.yaml"
+        - "install-base-pkgs-{{ ansible_os_family }}.yaml"
 
     - name: Allow jenkins user sudo access
-      copy:
+      ansible.builtin.copy:
         dest: /etc/sudoers.d/89-jenkins-user-defaults
         content: |
           Defaults:jenkins !requiretty
           jenkins ALL=(ALL) NOPASSWD:ALL
         validate: /usr/sbin/visudo -cf %s
-      become: yes
+        owner: root
+        group: root
+        mode: "0644"
+      become: true
 
   roles:
     - lfit.lf-recommended-tools
@@ -36,54 +43,54 @@
       # Update /etc/nss-switch.conf to map hostname with IP instead of using `localhost`
       # from /etc/hosts which is required by some of the Java API's to avoid
       # Java UnknownHostException: "Name or service not known" error.
-      replace:
+      ansible.builtin.replace:
         path: /etc/nsswitch.conf
         regexp: '^hosts:(\s+.*)?$'
         replace: 'hosts:\1 myhostname'
-        backup: yes
-      become: yes
+        backup: true
+      become: true
 
     - name: Disable periodic updates
+      when: ansible_distribution == 'Ubuntu'
+      become: true
       block:
         - name: Set all periodic update options to 0
-          replace:
+          ansible.builtin.replace:
             path: /etc/apt/apt.conf.d/10periodic
             regexp: "1"
             replace: "0"
         - name: Set all auto update options to 0
-          replace:
+          ansible.builtin.replace:
             path: /etc/apt/apt.conf.d/20auto-upgrades
             regexp: "1"
             replace: "0"
-        - name: Disable unattended upgrades
-          lineinfile:
+        - name: Disable unattended upgrades # noqa risky-file-permissions
+          ansible.builtin.lineinfile:
             path: /etc/apt/apt.conf.d/10periodic
             regexp: "^APT::Periodic::Unattended-Upgrade"
             line: 'APT::Periodic::Unattended-Upgrade "0";'
-            create: yes
+            create: true
         - name: Uninstall unattended upgrades
-          apt:
+          ansible.builtin.apt:
             name: unattended-upgrades
             state: absent
         - name: Prevent unattended upgrades from being installed
-          dpkg_selections:
+          ansible.builtin.dpkg_selections:
             name: unattended-upgrades
             selection: hold
         - name: Disable apt-daily.* systemd services
-          systemd:
-            name: "{{service}}"
-            enabled: no
-            masked: yes
+          ansible.builtin.systemd:
+            name: "{{ service }}"
+            enabled: false
+            masked: true
           with_items:
             - apt-daily.service
             - apt-daily.timer
             - apt-daily-upgrade.service
             - apt-daily-upgrade.timer
           loop_control:
             loop_var: service
-      when: ansible_distribution == 'Ubuntu'
-      become: yes
 
     - name: System Reseal
-      script: system-reseal.sh
+      ansible.builtin.script: system-reseal.sh
       become: true

provision/devstack-pre-pip-centos.yaml

@@ -1,25 +1,31 @@
 ---
-- import_playbook: ../common-packer/provision/baseline.yaml
+- name: Devstack Pre pip CentOS
+  import_playbook: ../common-packer/provision/baseline.yaml
 
-- hosts: all
+- name: Devstack pre-pip for CentOS
+  hosts: all
   become_user: root
-  become_method: sudo
+  become: true
+  become_method: ansible.builtin.sudo
 
   pre_tasks:
-    - include_role: name=lfit.system-update
+    - name: Pre-task system update
+      ansible.builtin.include_role:
+        name: lfit.system-update
 
   tasks:
-    - name: "Install devstack dependencies"
+    - name: "Install devstack dependencies" # noqa literal-compare
+      become: true
       block:
         - name: Install xpath dependencies
-          yum:
+          ansible.builtin.yum:
             name:
               - perl-XML-XPath
               - crudini
             state: present
           become: true
         - name: Install non-baseline requirements
-          yum:
+          ansible.builtin.yum:
             name:
               - libxml2-devel
               - libxslt-devel
@@ -28,51 +34,52 @@
               - "@development"
             state: present
           become: true
-        - name: check if net link setup exists
-          stat:
+        - name: Check if net link setup exists
+          ansible.builtin.stat:
             path: /etc/udev/rules.d/80-net-setup-link.rules
           register: rules_file_exists
-        - name: Update net link setup
-          file:
+        - name: Update net link setup # noqa literal-compare
+          ansible.builtin.file:
             src: /dev/null
             dest: /etc/udev/rules.d/80-net-setup-link.rules
             state: link
-            force: yes
+            force: true
           become: true
           when: rules_file_exists.stat.exists == true
         - name: Install RDMA (InfiniBand/iWARP/RoCE) requirements
-          yum:
+          ansible.builtin.yum:
             name:
               - libibverbs
               - libmlx5
             state: present
           become: true
     - name: "Pre-Install yum and pip packages"
       block:
-        - name: Create /tmp/devstack directory
-          file:
+        - name: Create /tmp/devstack directory # noqa risky-file-permissions
+          ansible.builtin.file:
             path: /tmp/devstack
             state: directory
-            mode: 0755
+            mode: "0755"
         - name: Fetch openstack devstack-dev repo
-          git:
+          ansible.builtin.git:
             repo: https://github.com/openstack-dev/devstack.git
             dest: /tmp/devstack
             version: "{{ os_branch }}"
-        - name: "Read openstack devstack dependencies"
-          shell: "sed -e 's/#.*//' /tmp/devstack/files/rpms/general"
+        - name: "Read openstack devstack dependencies" # noqa no-changed-when
+          ansible.builtin.shell: "sed -e 's/#.*//' /tmp/devstack/files/rpms/general"
           register: sed_output
           args:
-            warn: False
+            warn: false
         - name: "Install non-baseline requirements for {{ os_branch }}"
-          yum:
+          ansible.builtin.yum: # noqa no-changed-when
             name: "{{ sed_output.stdout_lines }}"
             state: present
           become: true
-        - name: git clone openstack core projects
-          git: repo='https://github.com/openstack/{{ item }}.git'
-            dest='/tmp/devstack/{{ item }}'
-            version='{{ os_branch }}'
+        - name: Clone openstack core projects
+          ansible.builtin.git:
+            repo: "https://github.com/openstack/{{ item }}.git"
+            dest: "/tmp/devstack/{{ item }}"
+            version: "{{ os_branch }}"
           with_items:
             - requirements
             - keystone
@@ -81,8 +88,8 @@
             - neutron
             - nova
             - horizon
-        - name: Install pip dependencies
-          shell: |
+        - name: Install pip dependencies # noqa no-changed-when
+          ansible.builtin.shell: |
             cd "{{ item }}"
             git branch -a
             cd ..
@@ -93,7 +100,7 @@
             exit 0
           args:
             chdir: /tmp/devstack
-            warn: False
+            warn: false
           with_items:
             - requirements
             - keystone
@@ -107,40 +114,40 @@
     - name: "Install openvswitch from relevant openstack branch"
       block:
         - name: "Install CentOS openstack release {{ rdo_branch }}"
-          yum:
+          ansible.builtin.yum:
             name: "centos-release-openstack-{{ rdo_branch }}"
             state: present
           become: true
         - name: "Install openvswitch 2.8.2 for stable/queens"
-          yum:
+          ansible.builtin.yum:
             name: openvswitch-2.8.2-1.el7
             state: present
-            disable_gpg_check: yes
+            disable_gpg_check: true
           when: rdo_branch == 'queens'
           become: true
         - name: "Install openvswitch latest for stable/rocky"
-          yum:
+          ansible.builtin.yum:
             name: openvswitch
             state: present
-            disable_gpg_check: yes
+            disable_gpg_check: true
           when: rdo_branch == 'rocky'
           become: true
 
     # Workaround for git deps conflict on rocky
     - name: Swap to git
+      become: true
       block:
         - name: Gather rpm package facts
-          package_facts:
+          ansible.builtin.package_facts:
             manager: auto
-        - name: Replace git2u with git
-          command: yum replace -y git2u --replace-with git
+        - name: Replace git2u with git # noqa no-changed-when command-instead-of-module
+          ansible.builtin.command: yum replace -y git2u --replace-with git
           when: ansible_facts.packages['git2u'] is defined
-      become: true
 
     - name: "Cleanup devstack directory"
       block:
         - name: "Removing /tmp/devstack"
-          file:
+          ansible.builtin.file:
             path: /tmp/devstack
             state: absent
           become: true

provision/devstack.yaml

@@ -1,34 +1,40 @@
 ---
-- import_playbook: ../common-packer/provision/baseline.yaml
+- name: Import baseline
+  import_playbook: ../common-packer/provision/baseline.yaml
 
-- hosts: all
+- name: Devstack
+  hosts: all
   become_user: root
-  become_method: sudo
+  become: true
+  become_method: ansible.builtin.sudo
 
   pre_tasks:
-    - include_role: name=lfit.system-update
+    - name: Pre-task system update
+      ansible.builtin.include_role:
+        name: lfit.system-update
 
   tasks:
     - name: "Install devstack dependencies"
+      become: true
       block:
         - name: Install xpath dependencies (CentOS/RedHat)
-          yum:
+          ansible.builtin.yum:
             name:
               - perl-XML-XPath
               - crudini
             state: present
           become: true
           when: ansible_os_family == 'RedHat'
         - name: Install xpath dependencies (Ubuntu/Debian)
-          apt:
+          ansible.builtin.apt:
             name:
               - libxml-xpath-perl
               - crudini
             state: present
           become: true
           when: ansible_os_family == 'Debian'
         - name: Installing non-baseline requirements (CentOS/RedHat)
-          yum:
+          ansible.builtin.yum:
             name:
               - libxml2-devel
               - libxslt-devel
@@ -39,7 +45,7 @@
           become: true
           when: ansible_os_family == 'RedHat'
         - name: Installing non-baseline requirements (Ubuntu/Debian)
-          apt:
+          ansible.builtin.apt:
             name:
               - libxml2-dev
               - libxslt-dev
@@ -49,15 +55,15 @@
             state: present
           become: true
           when: ansible_os_family == 'Debian'
-        - name: check if net link setup exists
-          stat:
+        - name: Check if net link setup exists
+          ansible.builtin.stat:
             path: /etc/udev/rules.d/80-net-setup-link.rules
           register: rules_file_exists
-        - name: Update net link setup
-          file:
+        - name: Update net link setup # noqa literal-compare
+          ansible.builtin.file:
             src: /dev/null
             dest: /etc/udev/rules.d/80-net-setup-link.rules
             state: link
-            force: yes
+            force: true
           become: true
-          when: rules_file_exists.stat.exists == true
+          when: rules_file_exists.stat.exists