Fix linters and metadata

With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Change-Id: Idb2dd6cd4bbf815e4b32c9bfbe9a66f33e1c4b97

defaults/main.yml

@@ -40,7 +40,7 @@ ceph_client_package_state: "{{ package_state | default('latest') }}"
 #            package repositories.
 ceph_pkg_source: ceph
 ceph_stable_release: pacific
-ceph_apt_pinned_packages: [{ package: "*", release: "ceph.com",  priority: 1001 }]
+ceph_apt_pinned_packages: [{package: "*", release: "ceph.com", priority: 1001}]
 
 # Ceph Authentication
 cephx: true
@@ -55,7 +55,7 @@ ceph_cluster_name: ceph
 
 # Path to local ceph.conf file
 # Leave this commented to obtain a ceph.conf from one of the monitors defined in ceph_mons
-#ceph_conf_file: |
+# ceph_conf_file: |
 #   [global]
 #   fsid = 4037aa5f-abde-4378-9470-f73dbd6ceaba
 #   mon_initial_members = mon1.example.local,mon2.example.local,mon3.example.local
@@ -73,7 +73,7 @@ ceph_cluster_name: ceph
 # cinder.keyring
 # glance.keyring
 # etc..
-#ceph_keyrings_dir: "/etc/openstack/ceph-keyrings"
+# ceph_keyrings_dir: "/etc/openstack/ceph-keyrings"
 
 # Ceph client usernames for glance, cinder+nova, gnocchi and object cache
 glance_ceph_client: glance
@@ -125,7 +125,8 @@ ceph_client_ceph_conf_overrides: "{{ ceph_conf_overrides | default({}) }}"
 
 # CentOS repos
 ceph_centos_epel_mirror: "{{ centos_epel_mirror | default('http://download.fedoraproject.org/pub/epel') }}"
-ceph_centos_epel_key: "{{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}"
+ceph_centos_epel_key: >-
+  {{ centos_epel_key | default('http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-' ~ ansible_facts['distribution_major_version']) }}
 
 # Immutible object cache - caches a read-only base layer of rbd volumes
 ceph_immutable_object_cache_enabled: False

handlers/main.yml

@@ -18,4 +18,3 @@
     state: restarted
   with_items: "{{ ceph_client_filtered_services }}"
   failed_when: false
-

meta/main.yml

@@ -17,28 +17,30 @@ galaxy_info:
   author: openstack
   description: Installation and configuration of the ceph client
   company: OpenStack Foundation
+  role_name: ceph_client
+  namespace: openstack
   license: Apache2
-  min_ansible_version: 2.2
+  min_ansible_version: "2.10"
   platforms:
     - name: Debian
       versions:
-        - buster
+        - bullseye
     - name: Ubuntu
       versions:
-        - bionic
         - focal
+        - jammy
     - name: EL
       versions:
-        - 8
+        - "9"
 
-  categories:
+  galaxy_tags:
     - cloud
     - ceph
     - development
     - openstack
 
 dependencies:
-- role: apt_package_pinning
+  - role: apt_package_pinning
     apt_pinned_packages: "{{ ceph_apt_pinned_packages }}"
     apt_package_pinning_file_name: "ceph_client_pin.pref"
     when:

tasks/ceph_auth.yml

@@ -17,10 +17,12 @@
   group:
     name: "{{ cephkeys_access_group }}"
 
-- include_tasks: ceph_get_keyrings_from_mons.yml
+- name: Including ceph_get_keyrings_from_mons tasks
+  include_tasks: ceph_get_keyrings_from_mons.yml
   when: ceph_keyrings_dir is not defined
 
-- include_tasks: ceph_get_keyrings_from_files.yml
+- name: Including ceph_get_keyrings_from_files tasks
+  include_tasks: ceph_get_keyrings_from_files.yml
   when: ceph_keyrings_dir is defined
 
 - name: Add OpenStack service to cephkeys_access_group group
@@ -63,7 +65,7 @@
     - always
 
 - name: Define libvirt nova secret
-  command: virsh secret-define --file /tmp/nova-secret.xml
+  command: virsh secret-define --file /tmp/nova-secret.xml # noqa: no-changed-when
   when:
     - inventory_hostname in groups.nova_compute
     - libvirt_nova_defined.rc is defined
@@ -114,7 +116,8 @@
     - ceph_extra_confs is defined
     - inventory_hostname in groups[item]
 
-- include_tasks: ceph_auth_extra.yml
+- name: Including ceph_auth_extra tasks
+  include_tasks: ceph_auth_extra.yml
   when:
     - ceph_in_extra_auth_group is defined
     - ceph_in_extra_auth_group | bool
@@ -127,7 +130,8 @@
     - inventory_hostname in groups[ceph_extra_compute_group]
     - item.secret_uuid is defined
 
-- include_tasks: ceph_auth_extra_compute.yml
+- name: Including ceph_auth_extra_compute tasks
+  include_tasks: ceph_auth_extra_compute.yml
   when:
     - ceph_extra_nova_uuid is defined
     - ceph_extra_nova_uuid | bool

tasks/ceph_auth_extra.yml

@@ -15,8 +15,12 @@
 
 
 - name: Create keyring files for openstack clients from extra cluster(s)
-  shell: "ceph auth get client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} >/dev/null && ceph auth get-or-create client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp"
+  shell: >-
+    ceph auth get client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} >/dev/null &&
+    ceph auth get-or-create client.{{ item.client_name }} --cluster {{ ceph_cluster_name }}
+    > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.keyring.tmp
   with_items: "{{ ceph_extra_confs }}"
+  changed_when: false
   delegate_to: "{{ item.mon_host }}"
   when:
     - item.client_name is defined
@@ -36,7 +40,7 @@
   file:
     path: "{{ item.keyring_src }}"
     state: file
-    mode: 0600
+    mode: "0600"
   delegate_to: localhost
   with_items: "{{ ceph_extra_confs }}"
   when:
@@ -59,7 +63,7 @@
     dest: "{{ item.keyring_dest }}"
     owner: root
     group: "{{ cephkeys_access_group }}"
-    mode:   0640
+    mode: "0640"
   notify:
     - Restart os services
   with_items: "{{ ceph_extra_confs }}"

tasks/ceph_auth_extra_compute.yml

@@ -15,15 +15,20 @@
 
 
 - name: Create key files for nova_compute on extra cluster(s)
-  shell: "ceph auth get-key client.{{ item.client_name }} --cluster {{ ceph_cluster_name }} > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp"
+  shell: >-
+    ceph auth get-key client.{{ item.client_name }} --cluster {{ ceph_cluster_name }}
+    > /etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp
   with_items: "{{ ceph_extra_confs }}"
+  changed_when: false
   delegate_to: "{{ item.mon_host }}"
   when:
     - item.client_name is defined
     - item.mon_host is defined
 
 - name: Get extra key files
-  command: "scp {{ item.mon_host }}:/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp"
+  command: >-
+    scp {{ item.mon_host }}:/etc/ceph/{{ ceph_cluster_name }}.client.{{ item.client_name }}.key.tmp
+    /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp
   changed_when: false
   delegate_to: localhost
   with_items: "{{ ceph_extra_confs }}"
@@ -35,6 +40,7 @@
   copy:
     src: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp"
     dest: "/tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp"
+    mode: "0640"
   with_items: "{{ ceph_extra_confs }}"
   when:
     - item.mon_host is defined
@@ -44,6 +50,7 @@
   copy:
     src: "{{ item.keyring_src }}"
     dest: "/tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp"
+    mode: "0640"
   with_items: "{{ ceph_extra_confs }}"
   when:
     - item.keyring_src is defined
@@ -125,7 +132,7 @@
   tags:
     - always
 
-- name: Set extra secret value(s) in libvirt from monitor host
+- name: Set extra secret value(s) in libvirt from monitor host # noqa: no-changed-when
   shell: "virsh secret-set-value --secret {{ item.secret_uuid }} --base64 $(cat /tmp/{{ item.mon_host }}{{ item.client_name }}.key.tmp)"
   loop: "{{ ceph_extra_confs }}"
   loop_control:
@@ -138,8 +145,10 @@
   notify:
     - Restart os services
 
-- name: Set extra secret value(s) in libvirt from keyring
+- name: Set extra secret value(s) in libvirt from keyring # noqa: no-changed-when
-  shell: "virsh secret-set-value --secret {{ item.secret_uuid }} --base64 $(awk '/key = /{print $3}' /tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp)"
+  shell: >-
+    virsh secret-set-value --secret {{ item.secret_uuid }} --base64
+    $(awk '/key = /{print $3}' /tmp/{{ item.secret_uuid }}{{ item.client_name }}.key.tmp)
   loop: "{{ ceph_extra_confs }}"
   loop_control:
     index_var: index

tasks/ceph_config.yml

@@ -48,7 +48,7 @@
     dest: "/etc/ceph/{{ ceph_cluster_name }}.conf"
     owner: root
     group: root
-    mode:   0644
+    mode: "0644"
     config_type: ini
     config_overrides: '{{ ceph_client_ceph_conf_overrides }}'
   notify:
@@ -62,7 +62,8 @@
     - inventory_hostname in groups[item]
   with_items: "{{ ceph_extra_config_groups }}"
 
-- include_tasks: ceph_config_extra.yml
+- name: Including ceph_config_extra tasks
+  include_tasks: ceph_config_extra.yml
   when:
     - ceph_in_extra_config_group is defined
     - ceph_in_extra_config_group | bool

tasks/ceph_config_extra.yml

@@ -29,7 +29,7 @@
     dest: "{{ item.dest }}"
     owner: root
     group: root
-    mode:   0644
+    mode: "0644"
   notify:
     - Restart os services
   with_items: "{{ ceph_extra_confs }}"
@@ -43,6 +43,7 @@
     section: "client.{{ item.client_name }}"
     option: keyring
     value: "{{ item.keyring_dest }}"
+    mode: "0640"
   with_items: "{{ ceph_extra_confs }}"
   when:
     - item.src is defined

tasks/ceph_get_keyrings_from_files.yml

@@ -36,7 +36,8 @@
 - name: From files | Provision ceph client keyrings
   copy:
     dest: "/etc/ceph/{{ ceph_cluster_name }}.client.{{ item['name'] }}.keyring"
-    content: "{{ ceph_client_keys[item['name']] }}\n" # noqa 206
+    content: |
+      {{ ceph_client_keys[item['name']] }}
     owner: "{{ client['owner'] | default('root') }}"
     group: "{{ client['group'] | default(cephkeys_access_group) }}"
     # ideally the permission will be: 0600 and the owner/group will be either
@@ -45,13 +46,13 @@
     # nova/cinder to it.
     # If I'm correct, the use case for multiple users is on the computre nodes,
     # access needed by users libvirt-qemu and nova
-    mode:     "{{ client['mode'] | default ('0640') }}"
+    mode: "{{ client['mode'] | default('0640') }}"
   with_items: "{{ ceph_client_filtered_clients }}"
   notify:
     - Restart os services
 
 - name: From file | Retrieve nova secret
-  set_fact :
+  set_fact:
     ceph_nova_secret:
       stdout: "{{ (ceph_client_keys[nova_ceph_client] | regex_search('.*^\\s*key\\s*=\\s*(.*)$.*', '\\1', multiline=True))[0] }}"
   when:

tasks/ceph_get_keyrings_from_mons.yml

@@ -15,12 +15,14 @@
 
 ## Ceph client keyrings
 
-#TODO: also be able to create users, keys and pools on ceph
+# TODO: also be able to create users, keys and pools on ceph
 - name: Retrieve keyrings for openstack clients
   # the first get makes sure the client exists, so the second only runs when it
   # exists, the trick is the different output of both, the second has the right
   # output to put in a keyring; ceph admin should have already created the user
-  shell: "ceph auth get client.{{ item['name'] }} --cluster {{ ceph_cluster_name }} >/dev/null && ceph auth get-or-create client.{{ item['name'] }} --cluster {{ ceph_cluster_name }}"
+  shell: >-
+    ceph auth get client.{{ item['name'] }} --cluster {{ ceph_cluster_name }} >/dev/null &&
+    ceph auth get-or-create client.{{ item['name'] }} --cluster {{ ceph_cluster_name }}
   with_items: "{{ ceph_client_filtered_clients }}"
   changed_when: false
   delegate_to: '{{ ceph_mon_host }}'
@@ -64,4 +66,3 @@
   register: ceph_nova_secret
   tags:
     - always
-

tasks/ceph_immutable_object_cache.yml

@@ -35,7 +35,16 @@
         systemd_overrides:
           Service:
             UMask: "{{ ceph_immutable_object_cache_umask }}"
-            ExecStart: "{{ ['', '/usr/bin/ceph-immutable-object-cache -f --cluster ${CLUSTER} --name client.immutable-object-cache --setuser ' ~ ceph_immutable_object_cache_owner ~ ' --setgroup ' ~ ceph_immutable_object_cache_group ] }}"
+            ExecStart: >-
+              {{
+                [
+                  '',
+                  '/usr/bin/ceph-immutable-object-cache -f --cluster ${CLUSTER} --name client.immutable-object-cache --setuser ' ~
+                  ceph_immutable_object_cache_owner ~
+                  ' --setgroup ' ~
+                  ceph_immutable_object_cache_group
+                ]
+              }}
 
 - name: Ensure ceph immutable object cache service is running
   service:

tasks/ceph_preinstall_apt.yml

@@ -29,10 +29,15 @@
     src: "gpg/{{ item.id }}"
     dest: "{{ item.file }}"
     mode: '0644'
-  with_items: "{{ ceph_gpg_keys | selectattr('file','defined') | list }}"
+  with_items: "{{ ceph_gpg_keys | selectattr('file', 'defined') | list }}"
 
 - name: Add ceph apt-keys
-  apt_key: "{{ key }}"
+  apt_key:
+    data: "{{ key['data'] | default(omit) }}"
+    file: "{{ key['file'] | default(omit) }}"
+    id: "{{ key['id'] | default(omit) }}"
+    state: "{{ key['state'] | default('present') }}"
+    url: "{{ key['url'] | default(omit) }}"
   with_items: "{{ ceph_gpg_keys }}"
   loop_control:
     loop_var: key

tasks/ceph_preinstall_dnf.yml

@@ -17,6 +17,7 @@
   get_url:
     url: "{{ ceph_centos_epel_key }}"
     dest: /etc/pki/rpm-gpg
+    mode: "0640"
   register: _get_yum_keys
   until: _get_yum_keys is success
   retries: 5
@@ -54,7 +55,10 @@
     - ceph_pkg_source == 'ceph'
 
 - name: Install Ceph gpg keys
-  rpm_key: "{{ key }}"
+  rpm_key:
+    key: "{{ key['key'] }}"
+    fingerprint: "{{ key['fingerprint'] | default(omit) }}"
+    state: "{{ key['state'] | default('present') }}"
   with_items: "{{ ceph_gpg_keys }}"
   loop_control:
     loop_var: key

tasks/main.yml

@@ -41,38 +41,45 @@
   when:
     - ceph_pkg_source not in ['ceph', 'distro']
 
-- include_tasks: "ceph_preinstall_{{ ansible_facts['pkg_mgr'] }}.yml"
+- name: Including ceph_preinstall tasks
+  include_tasks: "ceph_preinstall_{{ ansible_facts['pkg_mgr'] }}.yml"
   when:
     - ceph_pkg_source != 'distro'
   tags:
     - ceph-install
 
-- include_tasks: ceph_install.yml
+- name: Including ceph_install tasks
+  include_tasks: ceph_install.yml
   tags:
     - ceph-install
 
-- include_tasks: ceph_install_python_libs.yml
+- name: Including ceph_install_python_libs tasks
+  include_tasks: ceph_install_python_libs.yml
   when:
     - openstack_service_venv_bin | length > 0
   tags:
     - ceph-install
 
-- include_tasks: ceph_get_mon_host.yml
+- name: Including ceph_get_mon_host tasks
+  include_tasks: ceph_get_mon_host.yml
   when: ceph_conf_file is not defined or ceph_keyrings_dir is not defined
   tags:
     - ceph-config
 
-- include_tasks: ceph_config.yml
+- name: Including ceph_config tasks
+  include_tasks: ceph_config.yml
   tags:
     - ceph-config
 
-- include_tasks: ceph_auth.yml
+- name: Including ceph_auth tasks
+  include_tasks: ceph_auth.yml
   when:
     - cephx | bool
   tags:
     - ceph-config
 
-- include_tasks: ceph_immutable_object_cache.yml
+- name: Including ceph_immutable_object_cache tasks
+  include_tasks: ceph_immutable_object_cache.yml
   when:
     - ceph_immutable_object_cache_enabled | bool
   tags:

vars/main.yml

@@ -23,17 +23,17 @@ ceph_components:
       - name: '{{ glance_ceph_client }}'
     service: '{{ ceph_glance_service_names }}'
   - component: cinder_volume
-    package: "{{ [ 'ceph-common' ] + python_ceph_packages }}"
+    package: "{{ ['ceph-common'] + python_ceph_packages }}"
     client:
       - name: '{{ cinder_ceph_client }}'
     service: '{{ ceph_cinder_service_names }}'
   - component: cinder_backup
-    package: "{{ [ 'ceph-common' ] + python_ceph_packages }}"
+    package: "{{ ['ceph-common'] + python_ceph_packages }}"
     client:
       - name: '{{ cinder_backup_ceph_client }}'
     service: '{{ ceph_cinder_service_names }}'
   - component: nova_compute
-    package: "{{ (libvirt_packages + [ 'ceph-common' ] + ceph_immutable_object_cache_packages + python_ceph_packages) | select }}"
+    package: "{{ (libvirt_packages + ['ceph-common'] + ceph_immutable_object_cache_packages + python_ceph_packages) | select }}"
     client:
       - name: "{{ nova_ceph_client }}"
       - name: "{{ immutable_object_cache_client }}"