Auto-fix yaml rules
In order to reduce divergance with ansible-lint rules, we apply auto-fixing of violations. In current patch we replace all kind of truthy variables with `true` or `false` values to align with recommendations along with alignment of used quotes. Change-Id: I07f9d0d1e0efa3fbefbc3467ea23da6ed3ef40a2
This commit is contained in:
Dmitriy Rabotyagov
parent
61a1d32bb3
commit
93c3d2e432
1
.gitignore
vendored
1
.gitignore
vendored
@ -45,6 +45,7 @@ logs/*
|
||||
# OS generated files #
|
||||
######################
|
||||
._*
|
||||
.ansible
|
||||
.tox
|
||||
*.egg-info
|
||||
.eggs
|
||||
|
||||
@ -14,7 +14,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
debug: false
|
||||
|
||||
# Set the host which will execute the shade modules
|
||||
# for the service setup. The host must already have
|
||||
@ -54,7 +54,7 @@ keystone_pip_install_args: "{{ pip_install_options | default('') }}"
|
||||
keystone_venv_tag: "{{ venv_tag | default('untagged') }}"
|
||||
keystone_bin: "{{ _keystone_bin }}"
|
||||
|
||||
keystone_fatal_deprecations: False
|
||||
keystone_fatal_deprecations: false
|
||||
|
||||
## System info
|
||||
keystone_system_user_name: keystone
|
||||
@ -129,7 +129,7 @@ keystone_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time |
|
||||
keystone_messaging_enabled: true
|
||||
|
||||
# RPC
|
||||
keystone_oslomsg_rpc_configure: False
|
||||
keystone_oslomsg_rpc_configure: false
|
||||
keystone_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
|
||||
keystone_oslomsg_rpc_setup_host: "{{ (keystone_oslomsg_rpc_host_group in groups) | ternary(groups[keystone_oslomsg_rpc_host_group][0], 'localhost') }}"
|
||||
keystone_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
|
||||
@ -272,10 +272,10 @@ keystone_pki_certs_path: "{{ keystone_pki_dir ~ '/certs/certs/' }}"
|
||||
keystone_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name }}"
|
||||
keystone_pki_intermediate_cert_path: >-
|
||||
{{ keystone_pki_dir ~ '/roots/' ~ keystone_pki_intermediate_cert_name ~ '/certs/' ~ keystone_pki_intermediate_cert_name ~ '.crt' }}
|
||||
keystone_pki_regen_cert: ''
|
||||
keystone_pki_regen_cert: ""
|
||||
|
||||
# By default, CA creation is controlled using the CA 'condition' field
|
||||
keystone_pki_create_ca: True
|
||||
keystone_pki_create_ca: true
|
||||
# An optional private certificate authority for when Keystone is an IDP
|
||||
keystone_idp_authority_name: "KeystoneIDPAuthority"
|
||||
keystone_pki_authorities:
|
||||
@ -294,7 +294,7 @@ keystone_pki_authorities:
|
||||
condition: "{{ (keystone_idp['certfile'] is defined) and _keystone_is_first_play_host }}"
|
||||
|
||||
# By default, certificate creation is controlled using the certificates 'condition' field
|
||||
keystone_pki_create_certificates: True
|
||||
keystone_pki_create_certificates: true
|
||||
# Server certificate for Apache
|
||||
keystone_pki_certificates:
|
||||
- name: "keystone_{{ ansible_facts['hostname'] }}"
|
||||
@ -305,7 +305,7 @@ keystone_pki_certificates:
|
||||
condition: "{{ keystone_backend_ssl }}"
|
||||
|
||||
# Set to the value of keystone_idp_authority_name to regenerate the IDP CA
|
||||
keystone_pki_regen_ca: ''
|
||||
keystone_pki_regen_ca: ""
|
||||
|
||||
# keystone destination files for Apache SSL certificates
|
||||
keystone_ssl_cert: /etc/ssl/certs/keystone.pem
|
||||
@ -395,7 +395,6 @@ keystone_cache_servers: "{{ keystone_memcached_servers.split(',') }}"
|
||||
keystone_ldap: {}
|
||||
keystone_ldap_domain_config_dir: /etc/keystone/domains
|
||||
|
||||
|
||||
## Policy vars
|
||||
# Provide a list of access controls to update the default policy.json with. These changes will be merged
|
||||
# with the access controls in the default policy.json. E.g.
|
||||
@ -628,7 +627,7 @@ keystone_uwsgi_init_overrides: {}
|
||||
keystone_services:
|
||||
keystone-wsgi-public:
|
||||
group: keystone_all
|
||||
wsgi_app: True
|
||||
wsgi_app: true
|
||||
wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public"
|
||||
uwsgi_overrides: >-
|
||||
{{
|
||||
@ -661,7 +660,7 @@ keystone_set_real_ip_from: []
|
||||
# database migrations. This is sometimes useful when
|
||||
# doing upgrades, but should not usually be required.
|
||||
# ref: https://bugs.launchpad.net/openstack-ansible/+bug/1793389
|
||||
keystone_flush_memcache: no
|
||||
keystone_flush_memcache: false
|
||||
|
||||
# host which holds the ssh certificate authority
|
||||
keystone_ssh_keypairs_setup_host: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}"
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
- name: Restart web server
|
||||
service:
|
||||
name: "{{ keystone_system_service_name }}"
|
||||
enabled: yes
|
||||
enabled: true
|
||||
state: restarted
|
||||
daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
|
||||
register: _restart
|
||||
@ -58,7 +58,7 @@
|
||||
- name: Start uWSGI
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
enabled: yes
|
||||
enabled: true
|
||||
state: "started"
|
||||
daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
|
||||
register: _start
|
||||
@ -86,7 +86,7 @@
|
||||
- name: Restart Shibd
|
||||
service:
|
||||
name: "shibd"
|
||||
enabled: yes
|
||||
enabled: true
|
||||
state: "restarted"
|
||||
daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
|
||||
register: _restart
|
||||
|
||||
@ -95,8 +95,8 @@
|
||||
## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files
|
||||
- name: Enable/disable proxy_uwsgi_module
|
||||
lineinfile:
|
||||
dest: '/etc/httpd/conf.modules.d/00-proxy.conf'
|
||||
line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
|
||||
dest: "/etc/httpd/conf.modules.d/00-proxy.conf"
|
||||
line: "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so"
|
||||
state: "present"
|
||||
when:
|
||||
- ansible_facts['pkg_mgr'] == 'dnf'
|
||||
@ -132,7 +132,7 @@
|
||||
- name: Ensure Apache ServerTokens
|
||||
lineinfile:
|
||||
dest: "{{ keystone_apache_security_conf }}"
|
||||
regexp: '^ServerTokens'
|
||||
regexp: "^ServerTokens"
|
||||
line: "ServerTokens {{ keystone_apache_servertokens }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
@ -140,7 +140,7 @@
|
||||
- name: Ensure Apache ServerSignature
|
||||
lineinfile:
|
||||
dest: "{{ keystone_apache_security_conf }}"
|
||||
regexp: '^ServerSignature'
|
||||
regexp: "^ServerSignature"
|
||||
line: "ServerSignature {{ keystone_apache_serversignature }}"
|
||||
notify:
|
||||
- Restart web server
|
||||
@ -148,8 +148,8 @@
|
||||
- name: Remove Listen from Apache config
|
||||
lineinfile:
|
||||
dest: "{{ keystone_apache_conf }}"
|
||||
regexp: '^(Listen.*)'
|
||||
backrefs: yes
|
||||
line: '#\1'
|
||||
regexp: "^(Listen.*)"
|
||||
backrefs: true
|
||||
line: "#\\1"
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
find:
|
||||
paths: "{{ keystone_credential_key_repository }}"
|
||||
patterns: "^[0-9]+$"
|
||||
use_regex: True
|
||||
use_regex: true
|
||||
when: not _credential_keys.stat.exists
|
||||
register: credential_key_list
|
||||
delegate_to: "{{ item }}"
|
||||
@ -75,7 +75,7 @@
|
||||
{{ keystone_bin }}/keystone-manage credential_setup
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
register: create_credential_keys
|
||||
when:
|
||||
@ -90,7 +90,7 @@
|
||||
{{ keystone_bin }}/keystone-manage credential_rotate
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
# credential_rotate might fail in case any credential is not using current private key
|
||||
# so in case it fails, we need to try perform the migraton and attempt rotation after that
|
||||
@ -100,7 +100,7 @@
|
||||
{{ keystone_bin }}/keystone-manage credential_migrate
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
|
||||
- name: Rotate credential keys for Keystone # noqa: no-changed-when
|
||||
@ -108,7 +108,7 @@
|
||||
{{ keystone_bin }}/keystone-manage credential_rotate
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
always:
|
||||
# Let's run migration at the end anyway, as we need it after successfull rotation.
|
||||
@ -117,5 +117,5 @@
|
||||
{{ keystone_bin }}/keystone-manage credential_migrate
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
--delete
|
||||
{{ keystone_credential_key_repository }}/
|
||||
{{ keystone_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:{{ keystone_credential_key_repository }}/
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
changed_when: false
|
||||
with_items: "{{ groups['keystone_all'][1:] }}"
|
||||
|
||||
@ -15,12 +15,12 @@
|
||||
|
||||
- name: Check current state of Keystone DB
|
||||
command: "{{ keystone_bin }}/keystone-manage db_sync --check"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
register: keystone_db_sync_check
|
||||
failed_when: "keystone_db_sync_check.rc == 1"
|
||||
changed_when: "keystone_db_sync_check.rc not in [2, 3, 4]"
|
||||
run_once: yes
|
||||
run_once: true
|
||||
|
||||
- name: Set the db sync local facts
|
||||
ini_file:
|
||||
@ -47,7 +47,7 @@
|
||||
- name: Test if keystone service exists
|
||||
service: # noqa: args[module]
|
||||
name: "{{ item }}"
|
||||
check_mode: yes
|
||||
check_mode: true
|
||||
register: keystone_service_exists
|
||||
with_items: "{{ keystone_services.keys() | list }}"
|
||||
|
||||
@ -69,20 +69,20 @@
|
||||
- name: Perform a Keystone DB sync expand
|
||||
command: "{{ keystone_bin }}/keystone-manage db_sync --expand"
|
||||
changed_when: false
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
when:
|
||||
- "ansible_local['openstack_ansible']['keystone']['need_db_expand'] | bool"
|
||||
run_once: yes
|
||||
run_once: true
|
||||
notify: flush cache
|
||||
|
||||
- name: Perform a Keystone DB sync contract
|
||||
command: "{{ keystone_bin }}/keystone-manage db_sync --contract"
|
||||
changed_when: false
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
when:
|
||||
- "(keystone_all_software_updated | default('no')) | bool"
|
||||
- "ansible_local['openstack_ansible']['keystone']['need_db_contract'] | bool"
|
||||
run_once: yes
|
||||
run_once: true
|
||||
notify: flush cache
|
||||
|
||||
@ -45,7 +45,7 @@
|
||||
--delete
|
||||
{{ keystone_system_user_name }}@{{ existing_fernet_hosts[0] }}:{{ keystone_fernet_tokens_key_repository }}/
|
||||
{{ keystone_fernet_tokens_key_repository }}/
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
changed_when: false
|
||||
register: _fernet_keys_shared
|
||||
@ -60,7 +60,7 @@
|
||||
{{ keystone_bin }}/keystone-manage fernet_setup
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
when:
|
||||
- not _fernet_keys.stat.exists
|
||||
@ -71,6 +71,6 @@
|
||||
{{ keystone_bin }}/keystone-manage fernet_rotate
|
||||
--keystone-user "{{ keystone_system_user_name }}"
|
||||
--keystone-group "{{ keystone_system_group_name }}"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
when: _fernet_keys.stat.exists
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
--delete
|
||||
{{ keystone_fernet_tokens_key_repository }}/
|
||||
{{ keystone_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:{{ keystone_fernet_tokens_key_repository }}/
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
changed_when: false
|
||||
with_items: "{{ groups['keystone_all'][1:] }}"
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
- name: Generate IdP metadata
|
||||
shell: |
|
||||
{{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }}
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
changed_when: false
|
||||
when: keystone_idp != {}
|
||||
|
||||
@ -42,7 +42,7 @@
|
||||
description: "shibboleth Repo"
|
||||
baseurl: "{{ keystone_centos_shibboleth_mirror }}"
|
||||
gpgkey: "{{ keystone_centos_shibboleth_key }}"
|
||||
gpgcheck: yes
|
||||
gpgcheck: true
|
||||
when:
|
||||
- ansible_facts['pkg_mgr'] == 'dnf'
|
||||
- keystone_sp != {}
|
||||
@ -144,6 +144,6 @@
|
||||
src: "{{ keystone_bin }}/keystone-wsgi-public"
|
||||
dest: "/var/www/cgi-bin/keystone/main"
|
||||
state: link
|
||||
force: yes
|
||||
force: true
|
||||
notify:
|
||||
- Restart web server
|
||||
|
||||
@ -19,7 +19,7 @@
|
||||
path: "{{ keystone_system_user_home }}/.ssh"
|
||||
owner: "{{ keystone_system_user_name }}"
|
||||
group: "{{ keystone_system_group_name }}"
|
||||
mode: '0755'
|
||||
mode: "0755"
|
||||
|
||||
- name: Create ssh keys for synchronising fernet keys
|
||||
include_role:
|
||||
|
||||
@ -20,9 +20,9 @@
|
||||
systemd:
|
||||
name: "{{ keystone_sshd }}"
|
||||
state: started
|
||||
enabled: yes
|
||||
masked: no
|
||||
daemon_reload: yes
|
||||
enabled: true
|
||||
masked: false
|
||||
daemon_reload: true
|
||||
delegate_to: "{{ item }}"
|
||||
with_items: "{{ ansible_play_hosts }}"
|
||||
when: _keystone_is_first_play_host
|
||||
@ -75,7 +75,7 @@
|
||||
fetch:
|
||||
src: "{{ item.target_f }}"
|
||||
dest: "{{ item.tmp_f }}"
|
||||
flat: yes
|
||||
flat: true
|
||||
changed_when: false
|
||||
run_once: true
|
||||
with_items: "{{ keystone_core_files }}"
|
||||
|
||||
@ -25,18 +25,18 @@
|
||||
|
||||
- name: Bootstrap keystone admin and endpoint
|
||||
command: |
|
||||
{{ keystone_bin }}/keystone-manage bootstrap \
|
||||
--bootstrap-username {{ keystone_admin_user_name }} \
|
||||
--bootstrap-password {{ keystone_auth_admin_password }} \
|
||||
--bootstrap-project-name {{ keystone_admin_tenant_name }} \
|
||||
--bootstrap-role-name {{ keystone_role_name }} \
|
||||
--bootstrap-service-name {{ keystone_service_name }} \
|
||||
--bootstrap-region-id {{ keystone_service_region }} \
|
||||
--bootstrap-admin-url {{ keystone_service_adminuri }} \
|
||||
--bootstrap-public-url {{ keystone_service_publicuri }} \
|
||||
--bootstrap-internal-url {{ keystone_service_internaluri }}
|
||||
{{ keystone_bin }}/keystone-manage bootstrap \
|
||||
--bootstrap-username {{ keystone_admin_user_name }} \
|
||||
--bootstrap-password {{ keystone_auth_admin_password }} \
|
||||
--bootstrap-project-name {{ keystone_admin_tenant_name }} \
|
||||
--bootstrap-role-name {{ keystone_role_name }} \
|
||||
--bootstrap-service-name {{ keystone_service_name }} \
|
||||
--bootstrap-region-id {{ keystone_service_region }} \
|
||||
--bootstrap-admin-url {{ keystone_service_adminuri }} \
|
||||
--bootstrap-public-url {{ keystone_service_publicuri }} \
|
||||
--bootstrap-internal-url {{ keystone_service_internaluri }}
|
||||
no_log: true
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
changed_when: false
|
||||
register: add_service
|
||||
|
||||
@ -301,12 +301,12 @@
|
||||
|
||||
- name: Diagnose common problems with keystone deployments
|
||||
command: "{{ keystone_bin }}/keystone-manage doctor"
|
||||
become: yes
|
||||
become: true
|
||||
become_user: "{{ keystone_system_user_name }}"
|
||||
register: keystone_doctor
|
||||
failed_when: not debug and keystone_doctor.rc != 0
|
||||
changed_when: false
|
||||
run_once: yes
|
||||
run_once: true
|
||||
when:
|
||||
- "_keystone_is_last_play_host"
|
||||
tags:
|
||||
|
||||
@ -8,6 +8,6 @@
|
||||
when:
|
||||
- keystone_service_setup | bool
|
||||
- keystone_sp != {}
|
||||
run_once: yes
|
||||
run_once: true
|
||||
tags:
|
||||
- keystone-config
|
||||
|
||||
@ -51,7 +51,7 @@ keystone_idp_distro_packages:
|
||||
- xmlsec1
|
||||
|
||||
# From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: true
|
||||
|
||||
keystone_sp_apache_mod_packages:
|
||||
- name: libapache2-mod-shib
|
||||
@ -103,6 +103,6 @@ keystone_apache_modules:
|
||||
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/bin'
|
||||
keystone_uwsgi_bin: "/usr/bin"
|
||||
|
||||
keystone_sshd: ssh
|
||||
|
||||
@ -70,10 +70,10 @@ _keystone_cache_backend_map:
|
||||
- oslo_cache.etcd3gw
|
||||
|
||||
_keystone_cache_backend_package: |-
|
||||
{% set oslo = namespace(backend='dogpile') %}
|
||||
{% for key, value in _keystone_cache_backend_map.items() %}
|
||||
{% if keystone_cache_backend in value %}
|
||||
{% set oslo.backend = key %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
oslo.cache[{{ oslo.backend }}]
|
||||
{% set oslo = namespace(backend='dogpile') %}
|
||||
{% for key, value in _keystone_cache_backend_map.items() %}
|
||||
{% if keystone_cache_backend in value %}
|
||||
{% set oslo.backend = key %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
oslo.cache[{{ oslo.backend }}]
|
||||
|
||||
@ -44,7 +44,7 @@ keystone_idp_distro_packages:
|
||||
- xmlsec1
|
||||
|
||||
# From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: true
|
||||
|
||||
keystone_sp_apache_mod_packages:
|
||||
- name: shibboleth
|
||||
@ -73,6 +73,6 @@ keystone_apache_configs:
|
||||
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'httpd') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/sbin'
|
||||
keystone_uwsgi_bin: "/usr/sbin"
|
||||
|
||||
keystone_sshd: sshd
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user