diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore new file mode 100644 index 0000000..49a8077 --- /dev/null +++ b/.ansible-lint-ignore @@ -0,0 +1 @@ +provision/windows-builder.yaml diff --git a/provision/baseline.yaml b/provision/baseline.yaml index 61673a5..09fd7b1 100644 --- a/provision/baseline.yaml +++ b/provision/baseline.yaml @@ -1,25 +1,32 @@ --- -- hosts: all +- name: Baseline for all builds + hosts: all become_user: root - become_method: sudo + become: true + become_method: ansible.builtin.sudo pre_tasks: - - include_role: name=lfit.system-update + - name: Pre-task system update + ansible.builtin.include_role: + name: lfit.system-update - name: Install base packages - include_tasks: "{{item}}" + ansible.builtin.include_tasks: "{{ item }}" with_first_found: - - "install-base-pkgs-{{ansible_distribution}}.yaml" - - "install-base-pkgs-{{ansible_os_family}}.yaml" + - "install-base-pkgs-{{ ansible_distribution }}.yaml" + - "install-base-pkgs-{{ ansible_os_family }}.yaml" - name: Allow jenkins user sudo access - copy: + ansible.builtin.copy: dest: /etc/sudoers.d/89-jenkins-user-defaults content: | Defaults:jenkins !requiretty jenkins ALL=(ALL) NOPASSWD:ALL validate: /usr/sbin/visudo -cf %s - become: yes + owner: root + group: root + mode: "0644" + become: true roles: - lfit.lf-recommended-tools @@ -36,44 +43,46 @@ # Update /etc/nss-switch.conf to map hostname with IP instead of using `localhost` # from /etc/hosts which is required by some of the Java API's to avoid # Java UnknownHostException: "Name or service not known" error. - replace: + ansible.builtin.replace: path: /etc/nsswitch.conf regexp: '^hosts:(\s+.*)?$' replace: 'hosts:\1 myhostname' - backup: yes - become: yes + backup: true + become: true - name: Disable periodic updates + when: ansible_distribution == 'Ubuntu' + become: true block: - name: Set all periodic update options to 0 - replace: + ansible.builtin.replace: path: /etc/apt/apt.conf.d/10periodic regexp: "1" replace: "0" - name: Set all auto update options to 0 - replace: + ansible.builtin.replace: path: /etc/apt/apt.conf.d/20auto-upgrades regexp: "1" replace: "0" - - name: Disable unattended upgrades - lineinfile: + - name: Disable unattended upgrades # noqa risky-file-permissions + ansible.builtin.lineinfile: path: /etc/apt/apt.conf.d/10periodic regexp: "^APT::Periodic::Unattended-Upgrade" line: 'APT::Periodic::Unattended-Upgrade "0";' - create: yes + create: true - name: Uninstall unattended upgrades - apt: + ansible.builtin.apt: name: unattended-upgrades state: absent - name: Prevent unattended upgrades from being installed - dpkg_selections: + ansible.builtin.dpkg_selections: name: unattended-upgrades selection: hold - name: Disable apt-daily.* systemd services - systemd: - name: "{{service}}" - enabled: no - masked: yes + ansible.builtin.systemd: + name: "{{ service }}" + enabled: false + masked: true with_items: - apt-daily.service - apt-daily.timer @@ -81,9 +90,7 @@ - apt-daily-upgrade.timer loop_control: loop_var: service - when: ansible_distribution == 'Ubuntu' - become: yes - name: System Reseal - script: system-reseal.sh + ansible.builtin.script: system-reseal.sh become: true diff --git a/provision/devstack-pre-pip-centos.yaml b/provision/devstack-pre-pip-centos.yaml index fefe564..34c99ed 100644 --- a/provision/devstack-pre-pip-centos.yaml +++ b/provision/devstack-pre-pip-centos.yaml @@ -1,25 +1,31 @@ --- -- import_playbook: ../common-packer/provision/baseline.yaml +- name: Devstack Pre pip CentOS + import_playbook: ../common-packer/provision/baseline.yaml -- hosts: all +- name: Devstack pre-pip for CentOS + hosts: all become_user: root - become_method: sudo + become: true + become_method: ansible.builtin.sudo pre_tasks: - - include_role: name=lfit.system-update + - name: Pre-task system update + ansible.builtin.include_role: + name: lfit.system-update tasks: - - name: "Install devstack dependencies" + - name: "Install devstack dependencies" # noqa literal-compare + become: true block: - name: Install xpath dependencies - yum: + ansible.builtin.yum: name: - perl-XML-XPath - crudini state: present become: true - name: Install non-baseline requirements - yum: + ansible.builtin.yum: name: - libxml2-devel - libxslt-devel @@ -28,20 +34,20 @@ - "@development" state: present become: true - - name: check if net link setup exists - stat: + - name: Check if net link setup exists + ansible.builtin.stat: path: /etc/udev/rules.d/80-net-setup-link.rules register: rules_file_exists - - name: Update net link setup - file: + - name: Update net link setup # noqa literal-compare + ansible.builtin.file: src: /dev/null dest: /etc/udev/rules.d/80-net-setup-link.rules state: link - force: yes + force: true become: true when: rules_file_exists.stat.exists == true - name: Install RDMA (InfiniBand/iWARP/RoCE) requirements - yum: + ansible.builtin.yum: name: - libibverbs - libmlx5 @@ -49,30 +55,31 @@ become: true - name: "Pre-Install yum and pip packages" block: - - name: Create /tmp/devstack directory - file: + - name: Create /tmp/devstack directory # noqa risky-file-permissions + ansible.builtin.file: path: /tmp/devstack state: directory - mode: 0755 + mode: "0755" - name: Fetch openstack devstack-dev repo - git: + ansible.builtin.git: repo: https://github.com/openstack-dev/devstack.git dest: /tmp/devstack version: "{{ os_branch }}" - - name: "Read openstack devstack dependencies" - shell: "sed -e 's/#.*//' /tmp/devstack/files/rpms/general" + - name: "Read openstack devstack dependencies" # noqa no-changed-when + ansible.builtin.shell: "sed -e 's/#.*//' /tmp/devstack/files/rpms/general" register: sed_output args: - warn: False + warn: false - name: "Install non-baseline requirements for {{ os_branch }}" - yum: + ansible.builtin.yum: # noqa no-changed-when name: "{{ sed_output.stdout_lines }}" state: present become: true - - name: git clone openstack core projects - git: repo='https://github.com/openstack/{{ item }}.git' - dest='/tmp/devstack/{{ item }}' - version='{{ os_branch }}' + - name: Clone openstack core projects + ansible.builtin.git: + repo: "https://github.com/openstack/{{ item }}.git" + dest: "/tmp/devstack/{{ item }}" + version: "{{ os_branch }}" with_items: - requirements - keystone @@ -81,8 +88,8 @@ - neutron - nova - horizon - - name: Install pip dependencies - shell: | + - name: Install pip dependencies # noqa no-changed-when + ansible.builtin.shell: | cd "{{ item }}" git branch -a cd .. @@ -93,7 +100,7 @@ exit 0 args: chdir: /tmp/devstack - warn: False + warn: false with_items: - requirements - keystone @@ -107,40 +114,40 @@ - name: "Install openvswitch from relevant openstack branch" block: - name: "Install CentOS openstack release {{ rdo_branch }}" - yum: + ansible.builtin.yum: name: "centos-release-openstack-{{ rdo_branch }}" state: present become: true - name: "Install openvswitch 2.8.2 for stable/queens" - yum: + ansible.builtin.yum: name: openvswitch-2.8.2-1.el7 state: present - disable_gpg_check: yes + disable_gpg_check: true when: rdo_branch == 'queens' become: true - name: "Install openvswitch latest for stable/rocky" - yum: + ansible.builtin.yum: name: openvswitch state: present - disable_gpg_check: yes + disable_gpg_check: true when: rdo_branch == 'rocky' become: true # Workaround for git deps conflict on rocky - name: Swap to git + become: true block: - name: Gather rpm package facts - package_facts: + ansible.builtin.package_facts: manager: auto - - name: Replace git2u with git - command: yum replace -y git2u --replace-with git + - name: Replace git2u with git # noqa no-changed-when command-instead-of-module + ansible.builtin.command: yum replace -y git2u --replace-with git when: ansible_facts.packages['git2u'] is defined - become: true - name: "Cleanup devstack directory" block: - name: "Removing /tmp/devstack" - file: + ansible.builtin.file: path: /tmp/devstack state: absent become: true diff --git a/provision/devstack.yaml b/provision/devstack.yaml index 811a49d..a9a77d7 100644 --- a/provision/devstack.yaml +++ b/provision/devstack.yaml @@ -1,18 +1,24 @@ --- -- import_playbook: ../common-packer/provision/baseline.yaml +- name: Import baseline + import_playbook: ../common-packer/provision/baseline.yaml -- hosts: all +- name: Devstack + hosts: all become_user: root - become_method: sudo + become: true + become_method: ansible.builtin.sudo pre_tasks: - - include_role: name=lfit.system-update + - name: Pre-task system update + ansible.builtin.include_role: + name: lfit.system-update tasks: - name: "Install devstack dependencies" + become: true block: - name: Install xpath dependencies (CentOS/RedHat) - yum: + ansible.builtin.yum: name: - perl-XML-XPath - crudini @@ -20,7 +26,7 @@ become: true when: ansible_os_family == 'RedHat' - name: Install xpath dependencies (Ubuntu/Debian) - apt: + ansible.builtin.apt: name: - libxml-xpath-perl - crudini @@ -28,7 +34,7 @@ become: true when: ansible_os_family == 'Debian' - name: Installing non-baseline requirements (CentOS/RedHat) - yum: + ansible.builtin.yum: name: - libxml2-devel - libxslt-devel @@ -39,7 +45,7 @@ become: true when: ansible_os_family == 'RedHat' - name: Installing non-baseline requirements (Ubuntu/Debian) - apt: + ansible.builtin.apt: name: - libxml2-dev - libxslt-dev @@ -49,15 +55,15 @@ state: present become: true when: ansible_os_family == 'Debian' - - name: check if net link setup exists - stat: + - name: Check if net link setup exists + ansible.builtin.stat: path: /etc/udev/rules.d/80-net-setup-link.rules register: rules_file_exists - - name: Update net link setup - file: + - name: Update net link setup # noqa literal-compare + ansible.builtin.file: src: /dev/null dest: /etc/udev/rules.d/80-net-setup-link.rules state: link - force: yes + force: true become: true - when: rules_file_exists.stat.exists == true + when: rules_file_exists.stat.exists diff --git a/provision/docker.yaml b/provision/docker.yaml index 39a7206..951ac21 100644 --- a/provision/docker.yaml +++ b/provision/docker.yaml @@ -1,17 +1,22 @@ --- -- import_playbook: baseline.yaml +- name: Import baseline + import_playbook: baseline.yaml -- hosts: all +- name: Docker + hosts: all become_user: root - become_method: sudo + become: true + become_method: ansible.builtin.sudo pre_tasks: - - include_role: name=lfit.system-update + - name: Pre-tasks system update + ansible.builtin.include_role: + name: lfit.system-update roles: - { role: lfit.docker-install, mtu: 1458 } post_tasks: - name: System Reseal - script: system-reseal.sh + ansible.builtin.script: system-reseal.sh become: true diff --git a/provision/install-base-pkgs-RedHat.yaml b/provision/install-base-pkgs-RedHat.yaml index eb54182..f02ed4d 100644 --- a/provision/install-base-pkgs-RedHat.yaml +++ b/provision/install-base-pkgs-RedHat.yaml @@ -1,12 +1,12 @@ --- - name: Add IUS repository to /etc/yum.repos.d/ - yum_repository: + ansible.builtin.yum_repository: name: ius description: IUS Community Packages for Enterprise Linux baseurl: https://repo.ius.io/{{ ansible_distribution_major_version|lower }}/$basearch/ gpgkey: https://repo.ius.io/RPM-GPG-KEY-IUS-{{ ansible_distribution_major_version|lower }} - enabled: "yes" - gpgcheck: "yes" + enabled: "true" + gpgcheck: "true" state: present includepkgs: - git2* @@ -21,16 +21,18 @@ # and enable the correct repo. # Ref: https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes - name: Enable PowerTools repository for CentOS 8.{0,2,3} + when: + - ansible_facts.distribution_major_version|int >= 8 block: - name: Check the file name in path '/etc/yum.repos.d/' for CentOS 8.{2.2004} or earlier versions - shell: grep -lE "^\[PowerTools\]" /etc/yum.repos.d/*.repo + ansible.builtin.shell: grep -lE "^\[PowerTools\]" /etc/yum.repos.d/*.repo register: repofile changed_when: false failed_when: false - check_mode: no + check_mode: false - name: Enable 'PowerTools' repo for CentOS 8.{2.2004} or earlier versions if the file exist - ini_file: + community.general.ini_file: path: "{{ repofile.stdout }}" section: "PowerTools" option: enabled @@ -40,14 +42,14 @@ become: true - name: Check the file name in path '/etc/yum.repos.d/' for CentOS 8.{3.2011} or later versions - shell: grep -lE "^\[powertools\]" /etc/yum.repos.d/*.repo + ansible.builtin.shell: grep -lE "^\[powertools\]" /etc/yum.repos.d/*.repo register: repofile changed_when: false failed_when: false - check_mode: no + check_mode: false - name: Enable 'powertools' repo for CentOS 8.{3.2011} or later versions if the file exist - ini_file: + community.general.ini_file: path: "{{ repofile.stdout }}" section: "powertools" option: enabled @@ -55,20 +57,18 @@ no_extra_spaces: true when: repofile.rc == 0 become: true - when: - - ansible_facts.distribution_major_version|int >= 8 - name: "Download the RPM GPG KEY for EPEL - {{ ansible_distribution_major_version }}" - get_url: + ansible.builtin.get_url: url: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }} dest: /tmp/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }} - mode: 0600 + mode: "0644" become: true when: - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=') - name: Import RPM GPG KEY into the DB - rpm_key: + ansible.builtin.rpm_key: key: /tmp/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }} state: present become: true @@ -76,7 +76,7 @@ - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=') - name: Install base packages - yum: + ansible.builtin.yum: name: - "@base" - "@development" @@ -91,19 +91,19 @@ - name: Enable CentOS stream 8 dependent modules block: - name: Enable pki-core - command: + ansible.builtin.command: cmd: dnf module enable pki-core -y - warn: no + warn: false become: true - name: Enable pki-deps - command: + ansible.builtin.command: cmd: dnf module enable pki-deps -y - warn: no + warn: false become: true when: ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=') - name: Install sigul client for EL 7 - yum: + ansible.builtin.yum: name: - https://kojipkgs.fedoraproject.org/repos-dist/epel7-infra/latest/x86_64/Packages/s/sigul-0.207-1.el7.x86_64.rpm state: latest @@ -112,16 +112,16 @@ - ansible_facts['distribution_major_version'] is version('8', '<') - name: "Download the RPM GPG KEY for CentOS 8 Sigul" - get_url: + ansible.builtin.get_url: url: https://infrastructure.fedoraproject.org/repo/infra/RPM-GPG-KEY-INFRA-TAGS dest: /tmp/RPM-GPG-KEY-INFRA-TAGS - mode: 0600 + mode: "0644" become: true when: - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=') - name: Import RPM GPG KEY into the DB for Sigul on CentOS 8 - rpm_key: + ansible.builtin.rpm_key: key: /tmp/RPM-GPG-KEY-INFRA-TAGS state: present become: true @@ -129,7 +129,7 @@ - ansible_os_family == 'RedHat' and ansible_facts['distribution_major_version'] is version('8', '>=') - name: Install sigul client for EL 8 (Streams) - yum: + ansible.builtin.yum: name: - https://kojipkgs.fedoraproject.org/repos-dist/epel8-infra/latest/x86_64/Packages/s/sigul-1.1-1.el8.infra.x86_64.rpm state: latest @@ -140,7 +140,7 @@ - name: Swap to git236 block: - name: Install yum-plugin-replace - yum: + ansible.builtin.yum: name: yum-plugin-replace state: present update_cache: true @@ -148,7 +148,7 @@ package_facts: manager: auto - name: Replace git with git236 - command: yum replace -y git --replace-with git236 + ansible.builtin.command: yum replace -y git --replace-with git236 args: warn: false when: ansible_facts.packages['git'] is defined diff --git a/provision/install-base-pkgs-Ubuntu.yaml b/provision/install-base-pkgs-Ubuntu.yaml index 592568b..52587db 100644 --- a/provision/install-base-pkgs-Ubuntu.yaml +++ b/provision/install-base-pkgs-Ubuntu.yaml @@ -1,6 +1,6 @@ --- - name: Install base packages - apt: + ansible.builtin.apt: name: - build-essential - devscripts @@ -8,4 +8,4 @@ - equivs - gdebi state: latest - become: yes + become: true diff --git a/provision/local-builder.yaml b/provision/local-builder.yaml index ddfe3a9..20e326a 100644 --- a/provision/local-builder.yaml +++ b/provision/local-builder.yaml @@ -1,2 +1,3 @@ --- -- import_playbook: ../common-packer/provision/baseline.yaml +- name: Local baseline + import_playbook: ../common-packer/provision/baseline.yaml diff --git a/provision/local-docker.yaml b/provision/local-docker.yaml index b7518c2..151ffa7 100644 --- a/provision/local-docker.yaml +++ b/provision/local-docker.yaml @@ -1,2 +1,3 @@ --- -- import_playbook: ../common-packer/provision/docker.yaml +- name: Local docker builder + import_playbook: ../common-packer/provision/docker.yaml diff --git a/provision/local-windows-builder.yaml b/provision/local-windows-builder.yaml index 66bef3f..c459648 100644 --- a/provision/local-windows-builder.yaml +++ b/provision/local-windows-builder.yaml @@ -1,2 +1,3 @@ --- -- import_playbook: ../common-packer/provision/windows-builder.yaml +- name: Local windows builder + import_playbook: ../common-packer/provision/windows-builder.yaml diff --git a/provision/windows-builder.yaml b/provision/windows-builder.yaml index 55e1a1f..c08272f 100644 --- a/provision/windows-builder.yaml +++ b/provision/windows-builder.yaml @@ -1,10 +1,11 @@ --- -- hosts: all +- name: Windows builder + hosts: all tasks: - name: Install Tools - win_chocolatey: - name: "{{item}}" + chocolatey.chocolatey.win_chocolatey: + name: "{{ item }}" state: present with_items: - cmake @@ -19,20 +20,20 @@ - zulu8 - name: Install OpenSSH - win_chocolatey: + chocolatey.chocolatey.win_chocolatey: name: openssh state: present params: /SSHAgentFeature - name: Install CMake - win_chocolatey: + chocolatey.chocolatey.win_chocolatey: name: cmake state: present install_args: ADD_CMAKE_TO_PATH=System - name: Install Visual Studio Community Edition - win_chocolatey: - name: "{{item}}" + chocolatey.chocolatey.win_chocolatey: + name: "{{ item }}" with_items: - visualstudio2017community - visualstudio2017-workload-nativedesktop @@ -40,37 +41,37 @@ - name: Build and Install zlib block: - name: Ensure C:\temp exists - win_file: + ansible.windows.win_file: path: C:\temp state: directory - name: Download zlib - win_get_url: + ansible.windows.win_get_url: url: https://zlib.net/zlib1211.zip dest: C:\temp\zlib.zip - name: Unzip zlib - win_unzip: + ansible.windows.win_unzip: src: C:\temp\zlib.zip dest: C:\temp - name: CMake - win_command: > + ansible.windows.win_command: > "C:\Program Files\CMake\Bin\cmake" -DCMAKE_INSTALL_PREFIX=C:\lib\zlib -G "Visual Studio 15 Win64" args: chdir: C:\temp\zlib-1.2.11 - - name: msbuild - win_command: > + - name: Check msbuild + ansible.windows.win_command: > "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\msbuild" zlib.sln args: chdir: C:\temp\zlib-1.2.11 - - name: msbuild install - win_command: > + - name: Install msbuild + ansible.windows.win_command: > "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\msbuild" INSTALL.vcxproj args: chdir: C:\temp\zlib-1.2.11 - name: Cleanup - win_file: + ansible.windows.win_file: path: C:\temp state: absent diff --git a/tox.ini b/tox.ini index d21c3e3..bdfff20 100644 --- a/tox.ini +++ b/tox.ini @@ -3,7 +3,8 @@ minversion = 1.6 envlist = docs, docs-linkcheck, - pre-commit + pre-commit, + lint skipsdist = true [testenv:docs] @@ -49,3 +50,15 @@ commands = basepython = python3 deps = -rdocs/requirements.txt commands = reno {posargs:--help} + +[testenv:lint] +basepython = python310 +deps = + ansible-lint + yamllint +commands = + /bin/bash -c "ansible-lint --exclude meta provision/*.yaml" + yamllint . +allowlist_externals = + /bin/bash + yamllint