CI: Use ansible-lint for CI roles and playbooks

Removing dbus-python deps because now a-c-k handles that.

Depends-On: https://review.opendev.org/c/openstack/ansible-collection-kolla/+/942179

Change-Id: I97a97da73a7ccb27789e979656867e4adfe8a633

.ansible-lint

@@ -0,0 +1,12 @@
+---
+exclude_paths:
+  - .cache/  # implicit unless exclude_paths is defined in config
+  - .zuul.d/
+offline: true
+parseable: true
+profile: basic
+skip_list:
+  - package-latest
+  - role-name
+strict: true
+use_default_rules: true

roles/configure-ephemeral/meta/main.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - ansible.posix
+  - community.general

roles/configure-ephemeral/tasks/main.yml

@@ -3,23 +3,23 @@
 # unallocated ephemeral device attached at /dev/xvde
 - name: Set ephemeral device if /dev/xvde exists
   when: ansible_devices["xvde"] is defined
-  set_fact:
+  ansible.builtin.set_fact:
     ephemeral_device: "/dev/xvde"
 
 # On other providers, we have a device called "ephemeral0".
 - name: Set ephemeral device by label
   when: ephemeral_device is undefined
   block:
     - name: Get ephemeral0 device node
-      command: /sbin/blkid -L ephemeral0
+      ansible.builtin.command: /sbin/blkid -L ephemeral0
       register: ephemeral0
       # rc !=0 is expected
-      failed_when: False
-      changed_when: False
+      failed_when: false
+      changed_when: false
 
     - name: Set ephemeral device if LABEL exists
       when: "ephemeral0.rc == 0"
-      set_fact:
+      ansible.builtin.set_fact:
         ephemeral_device: "{{ ephemeral0.stdout }}"
 
 - name: Configure additional disk (if available)
@@ -53,13 +53,13 @@
         fstype: ext4
         dev: "{{ ephemeral_device }}"
 
-    - name: "Ensure {{ configure_ephemeral_mountpoint }} mountpoint is created"
+    - name: "Ensure mountpoint {{ configure_ephemeral_mountpoint }}"
       ansible.builtin.file:
         path: "{{ configure_ephemeral_mountpoint }}"
         owner: root
         group: root
         state: directory
-        mode: 0755
+        mode: "0755"
 
     - name: Mount additional filesystem
       ansible.posix.mount:

roles/kolla-build-config/tasks/main.yml

@@ -1,5 +1,8 @@
 ---
 - name: Ensure kolla-build.conf exists
-  template:
+  ansible.builtin.template:
     src: kolla-build.conf.j2
     dest: "{{ kolla_build_config_path }}"
+    mode: "0660"
+    owner: zuul
+    group: zuul

roles/kolla-build-deps/tasks/main.yml

@@ -3,16 +3,23 @@
   ansible.builtin.file:
     path: "{{ kolla_logs_dir }}"
     state: directory
+    mode: "0755"
+    owner: zuul
+    group: zuul
 
 - name: Dump host info to logs
   ansible.builtin.command: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tools/dump_info.sh"
   args:
     chdir: "{{ kolla_logs_dir }}"
+  changed_when: true
 
 - name: Create dir for kolla build logs
   ansible.builtin.file:
     path: "{{ kolla_build_logs_dir }}"
     state: directory
+    mode: "0755"
+    owner: zuul
+    group: zuul
 
 - name: Install Python3 pip and setuptools
   ansible.builtin.package:
@@ -29,23 +36,6 @@
   become: true
   when: ansible_facts.os_family == "Debian"
 
-- name: Install dbus-python dependencies on Debian systems
-  ansible.builtin.package:
-    name:
-      - python3-dev
-      - libdbus-glib-1-dev
-  become: true
-  when: ansible_facts.os_family == "Debian"
-
-- name: Install dbus-python dependencies on EL systems
-  ansible.builtin.package:
-    name:
-      - python3-devel
-      - dbus-glib-devel
-      - dbus-daemon
-  become: true
-  when: ansible_facts.os_family == "RedHat"
-
 - name: Install kolla in a venv
   ansible.builtin.pip:
     name:
@@ -70,5 +60,5 @@
 - name: Ensure container engine socket is world-writable
   ansible.builtin.file:
     path: "{{ '/run/docker.sock' if container_engine == 'docker' else '/run/podman/podman.sock' }}"
-    mode: 0666
+    mode: "0666"
   become: true

roles/kolla-build/tasks/main.yml

@@ -3,16 +3,21 @@
   ansible.builtin.template:
     src: "{{ kolla_build_template_overrides_path }}"
     dest: /etc/kolla/template_overrides.j2
+    mode: "0660"
+    owner: zuul
+    group: zuul
   when: kolla_build_template_overrides_path | length > 0
 
 - name: Run kolla-build to template out dockerfiles
   ansible.builtin.command:
     cmd: >-
       {{ kolla_build_venv_path }}/bin/kolla-build --template-only
       --work-dir {{ kolla_build_logs_dir }}/work_dir
+  changed_when: true
 
 - name: Run kolla-build
   vars:
     platform: "{{ '--platform linux/arm64' if base_arch == 'aarch64' and base_arch != ansible_facts.architecture }}"
   ansible.builtin.command:
     cmd: "{{ kolla_build_venv_path }}/bin/kolla-build {{ platform }}"
+  changed_when: true

test-requirements.txt

@@ -1,3 +1,4 @@
+ansible-lint<25 # MIT
 bandit!=1.6.0,>=1.1.0 # Apache-2.0
 bashate>=0.5.1 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0

test-requirements.yml

@@ -0,0 +1,5 @@
+---
+collections:
+  - ansible.posix
+  - community.docker
+  - community.general

tests/playbooks/post.yml

@@ -1,13 +1,16 @@
 ---
-- hosts: all
+- name: Zuul post
+  hosts: all
   tasks:
     - name: Dump host info to logs
-      command: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tools/dump_info.sh"
+      ansible.builtin.command: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tools/dump_info.sh"
       args:
         chdir: "{{ kolla_logs_dir }}"
+      changed_when: true
 
     - name: Collect various info to logs
-      shell:
+      changed_when: true
+      ansible.builtin.shell:
         cmd: |
           set +o errexit
           set -o xtrace
@@ -63,14 +66,17 @@
           ps -eo user,pid,ppid,lwp,%cpu,%mem,size,rss,cmd > ps.txt
 
           # docker related information
-          (sudo {{ container_engine }} info && sudo {{ container_engine }} system df && sudo {{ container_engine }} system df -v) > {{ container_engine }}-info.txt
+          (sudo {{ container_engine }} info && \
+           sudo {{ container_engine }} system df && \
+           sudo {{ container_engine }} system df -v) > {{ container_engine }}-info.txt
 
           sudo cp -r /etc/kolla kolla_configs
 
           # last sudo to own all files
           sudo chown -R {{ ansible_user_id }}: .
 
           # Parse build logs and extract pkg install info
-          {{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tests/files/process_build_logs.py -l build -b {{ base_distro }} > packages-info.txt
+          {{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tests/files/process_build_logs.py \
+          -l build -b {{ base_distro }} > packages-info.txt
         executable: /bin/bash
         chdir: "{{ kolla_logs_dir }}"

tests/playbooks/pre.yml

@@ -1,5 +1,6 @@
 ---
-- hosts: all
+- name: Zuul pre
+  hosts: all
   vars_files:
     - ../vars/zuul.yml
   roles:

tests/playbooks/publish.yml

@@ -1,44 +1,48 @@
 ---
-- hosts: all
+- name: Zuul publish
+  hosts: all
   vars:
     # NOTE(yoctozepto): We need Docker SDK, the best source is Kolla venv.
     ansible_python_interpreter: "{{ virtualenv_path }}/bin/python"
   tasks:
     - name: List all containers
-      docker_host_info:
-        images: yes
+      community.docker.docker_host_info:
+        images: true
         images_filters:
           reference: "{{ kolla_namespace }}/*"
       register: docker_host_info
 
-    - block:
+    - name: Publish to Dockerhub
+      when: kolla_registry == 'dockerhub'
+      block:
         - name: Login to Dockerhub
-          docker_login:
+          community.docker.docker_login:
             username: "{{ kolla_dockerhub_credentials.username | trim }}"
             password: "{{ kolla_dockerhub_credentials.password | trim }}"
 
         - name: Push built container images
-          docker_image:
+          community.docker.docker_image:
             name: "{{ item.RepoTags.0 }}"
-            push: yes
+            push: true
             source: local
           loop: "{{ docker_host_info.images }}"
           register: push_status
           until: push_status.failed is false
           retries: 5
-      when: kolla_registry == 'dockerhub'
 
-    - block:
+    - name: Publish to quay.io
+      when: kolla_registry == 'quay.io'
+      block:
         - name: Login to quay.io
-          docker_login:
+          community.docker.docker_login:
             registry: quay.io
             username: "{{ kolla_quay_io_creds.username | trim }}"
             password: "{{ kolla_quay_io_creds.password | trim }}"
 
         - name: Push built container images
-          docker_image:
+          community.docker.docker_image:
             name: "{{ item.RepoTags.0 }}"
-            push: yes
+            push: true
             repository: "quay.io/{{ item.RepoTags.0 }}"
             source: local
           loop: "{{ docker_host_info.images }}"
@@ -47,12 +51,11 @@
           retries: 5
 
         - name: Ensure repository visibility is public
-          uri:
+          ansible.builtin.uri:
             url: "https://quay.io/api/v1/repository/{{ item.RepoTags.0 }}/changevisibility"
             method: POST
             headers:
               Authorization: "Bearer {{ kolla_quay_io_api.token | trim }}"
             body: '{"visibility": "public"}'
             body_format: json
           loop: "{{ docker_host_info.images }}"
-      when: kolla_registry == 'quay.io'

tests/playbooks/run.yml

@@ -1,5 +1,6 @@
 ---
-- hosts: all
+- name: Zuul run
+  hosts: all
   vars_files:
     - ../vars/zuul.yml
   vars:
@@ -18,18 +19,18 @@
         network_mode: host
   tasks:
     - name: Ensure /etc/kolla exists
-      file:
+      ansible.builtin.file:
         path: /etc/kolla
         state: directory
-        mode: 0777
+        mode: "0777"
       become: true
 
     - name: Use ubuntu/debian base image from mirror
       vars:
         kolla_mirror_config:
           DEFAULT:
             base_image: "quay.io/openstack.kolla/{{ base_distro }}"
-      set_fact:
+      ansible.builtin.set_fact:
         kolla_build_config: "{{ kolla_build_config | combine(kolla_mirror_config, recursive=True) }}"
       when: base_distro in ['debian', 'ubuntu']
 
@@ -39,7 +40,7 @@
           DEFAULT:
             namespace: "{{ kolla_namespace }}"
             tag: "{{ zuul.branch | basename }}-{{ base_distro }}-{{ base_distro_version }}{{ tag_suffix }}"
-      set_fact:
+      ansible.builtin.set_fact:
         kolla_build_config: "{{ kolla_build_config | combine(kolla_publisher_config, recursive=True) }}"
       when:
         - publisher
@@ -56,13 +57,15 @@
           releaser-user:
             uid: 56000
             gid: 56000
-      set_fact:
+      ansible.builtin.set_fact:
         kolla_build_config: "{{ kolla_build_config | combine(kolla_build_external_docker_config, recursive=True) }}"
       when:
         - not publisher
 
-    - import_role:
+    - name: Import kolla-build-config role
+      import_role:
         name: kolla-build-config
 
-    - import_role:
+    - name: Import kolla-build role
+      import_role:
         name: kolla-build

tests/vars/zuul.yml

@@ -7,4 +7,8 @@ nodepool_cbs_centos_proxy: "http://{{ zuul_site_mirror_fqdn }}:8080/cbs.centos"
 nodepool_docker_proxy: "http://{{ zuul_site_mirror_fqdn }}:8080/docker"
 
 # NOTE(hrw): wheel cache goes over 80/443 not on 8080
-nodepool_wheel_mirror: "https://{{ zuul_site_mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ (ansible_os_family == 'Debian') | ternary(ansible_distribution_version, ansible_distribution_major_version) }}-{{ ansible_architecture | lower }}"
+nodepool_wheel_mirror: >-
+  https://{{ zuul_site_mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-
+  {{ (ansible_os_family == 'Debian') |
+  ternary(ansible_distribution_version, ansible_distribution_major_version) }}-
+  {{ ansible_architecture | lower }}

tox.ini

@@ -50,16 +50,16 @@ commands =
 deps =
     {[testenv]deps}
     codespell
-    yamllint
 allowlist_externals = bash
 commands =
   bash {toxinidir}/tools/run-bashate.sh
   flake8 {posargs}
   bash {toxinidir}/tools/validate-all-dockerfiles.sh
   python {toxinidir}/tools/validate-all-file.py
   bandit -r docker kolla tests tools
-  yamllint -s .
   codespell -I {toxinidir}/.codespell-ignore
+  ansible-galaxy collection install -r test-requirements.yml
+  ansible-lint
 
 [testenv:bandit]
 commands = bandit -r docker kolla tests tools