From 93c3d2e4328166e3e98e64e60f5d0ce39b898d37 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Wed, 12 Feb 2025 12:50:17 +0100 Subject: [PATCH] Auto-fix yaml rules In order to reduce divergance with ansible-lint rules, we apply auto-fixing of violations. In current patch we replace all kind of truthy variables with `true` or `false` values to align with recommendations along with alignment of used quotes. Change-Id: I07f9d0d1e0efa3fbefbc3467ea23da6ed3ef40a2 --- .gitignore | 1 + defaults/main.yml | 19 ++++++++-------- handlers/main.yml | 6 ++--- tasks/keystone_apache.yml | 14 ++++++------ tasks/keystone_credential_create.yml | 12 +++++----- tasks/keystone_credential_distribute.yml | 2 +- tasks/keystone_db_sync.yml | 14 ++++++------ tasks/keystone_fernet_keys_create.yml | 6 ++--- tasks/keystone_fernet_keys_distribute.yml | 2 +- tasks/keystone_idp_setup.yml | 2 +- tasks/keystone_install.yml | 4 ++-- tasks/keystone_key_setup.yml | 2 +- tasks/keystone_post_install.yml | 8 +++---- tasks/keystone_service_bootstrap.yml | 22 +++++++++---------- tasks/main.yml | 4 ++-- .../main_keystone_federation_sp_idp_setup.yml | 2 +- vars/debian.yml | 4 ++-- vars/main.yml | 14 ++++++------ vars/redhat.yml | 4 ++-- 19 files changed, 71 insertions(+), 71 deletions(-) diff --git a/.gitignore b/.gitignore index 3a772066..c46a9ec6 100644 --- a/.gitignore +++ b/.gitignore @@ -45,6 +45,7 @@ logs/* # OS generated files # ###################### ._* +.ansible .tox *.egg-info .eggs diff --git a/defaults/main.yml b/defaults/main.yml index 1629ad74..7b725084 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -14,7 +14,7 @@ # limitations under the License. ## Verbosity Options -debug: False +debug: false # Set the host which will execute the shade modules # for the service setup. The host must already have @@ -54,7 +54,7 @@ keystone_pip_install_args: "{{ pip_install_options | default('') }}" keystone_venv_tag: "{{ venv_tag | default('untagged') }}" keystone_bin: "{{ _keystone_bin }}" -keystone_fatal_deprecations: False +keystone_fatal_deprecations: false ## System info keystone_system_user_name: keystone @@ -129,7 +129,7 @@ keystone_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | keystone_messaging_enabled: true # RPC -keystone_oslomsg_rpc_configure: False +keystone_oslomsg_rpc_configure: false keystone_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}" keystone_oslomsg_rpc_setup_host: "{{ (keystone_oslomsg_rpc_host_group in groups) | ternary(groups[keystone_oslomsg_rpc_host_group][0], 'localhost') }}" keystone_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}" @@ -272,10 +272,10 @@ keystone_pki_certs_path: "{{ keystone_pki_dir ~ '/certs/certs/' }}" keystone_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name }}" keystone_pki_intermediate_cert_path: >- {{ keystone_pki_dir ~ '/roots/' ~ keystone_pki_intermediate_cert_name ~ '/certs/' ~ keystone_pki_intermediate_cert_name ~ '.crt' }} -keystone_pki_regen_cert: '' +keystone_pki_regen_cert: "" # By default, CA creation is controlled using the CA 'condition' field -keystone_pki_create_ca: True +keystone_pki_create_ca: true # An optional private certificate authority for when Keystone is an IDP keystone_idp_authority_name: "KeystoneIDPAuthority" keystone_pki_authorities: @@ -294,7 +294,7 @@ keystone_pki_authorities: condition: "{{ (keystone_idp['certfile'] is defined) and _keystone_is_first_play_host }}" # By default, certificate creation is controlled using the certificates 'condition' field -keystone_pki_create_certificates: True +keystone_pki_create_certificates: true # Server certificate for Apache keystone_pki_certificates: - name: "keystone_{{ ansible_facts['hostname'] }}" @@ -305,7 +305,7 @@ keystone_pki_certificates: condition: "{{ keystone_backend_ssl }}" # Set to the value of keystone_idp_authority_name to regenerate the IDP CA -keystone_pki_regen_ca: '' +keystone_pki_regen_ca: "" # keystone destination files for Apache SSL certificates keystone_ssl_cert: /etc/ssl/certs/keystone.pem @@ -395,7 +395,6 @@ keystone_cache_servers: "{{ keystone_memcached_servers.split(',') }}" keystone_ldap: {} keystone_ldap_domain_config_dir: /etc/keystone/domains - ## Policy vars # Provide a list of access controls to update the default policy.json with. These changes will be merged # with the access controls in the default policy.json. E.g. @@ -628,7 +627,7 @@ keystone_uwsgi_init_overrides: {} keystone_services: keystone-wsgi-public: group: keystone_all - wsgi_app: True + wsgi_app: true wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public" uwsgi_overrides: >- {{ @@ -661,7 +660,7 @@ keystone_set_real_ip_from: [] # database migrations. This is sometimes useful when # doing upgrades, but should not usually be required. # ref: https://bugs.launchpad.net/openstack-ansible/+bug/1793389 -keystone_flush_memcache: no +keystone_flush_memcache: false # host which holds the ssh certificate authority keystone_ssh_keypairs_setup_host: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}" diff --git a/handlers/main.yml b/handlers/main.yml index 3cd5aed8..afdceae8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -16,7 +16,7 @@ - name: Restart web server service: name: "{{ keystone_system_service_name }}" - enabled: yes + enabled: true state: restarted daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}" register: _restart @@ -58,7 +58,7 @@ - name: Start uWSGI service: name: "{{ item }}" - enabled: yes + enabled: true state: "started" daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}" register: _start @@ -86,7 +86,7 @@ - name: Restart Shibd service: name: "shibd" - enabled: yes + enabled: true state: "restarted" daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}" register: _restart diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml index 79ced564..5e5ed278 100644 --- a/tasks/keystone_apache.yml +++ b/tasks/keystone_apache.yml @@ -95,8 +95,8 @@ ## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files - name: Enable/disable proxy_uwsgi_module lineinfile: - dest: '/etc/httpd/conf.modules.d/00-proxy.conf' - line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so' + dest: "/etc/httpd/conf.modules.d/00-proxy.conf" + line: "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so" state: "present" when: - ansible_facts['pkg_mgr'] == 'dnf' @@ -132,7 +132,7 @@ - name: Ensure Apache ServerTokens lineinfile: dest: "{{ keystone_apache_security_conf }}" - regexp: '^ServerTokens' + regexp: "^ServerTokens" line: "ServerTokens {{ keystone_apache_servertokens }}" notify: - Restart web server @@ -140,7 +140,7 @@ - name: Ensure Apache ServerSignature lineinfile: dest: "{{ keystone_apache_security_conf }}" - regexp: '^ServerSignature' + regexp: "^ServerSignature" line: "ServerSignature {{ keystone_apache_serversignature }}" notify: - Restart web server @@ -148,8 +148,8 @@ - name: Remove Listen from Apache config lineinfile: dest: "{{ keystone_apache_conf }}" - regexp: '^(Listen.*)' - backrefs: yes - line: '#\1' + regexp: "^(Listen.*)" + backrefs: true + line: "#\\1" notify: - Restart web server diff --git a/tasks/keystone_credential_create.yml b/tasks/keystone_credential_create.yml index 475f364b..e29af619 100644 --- a/tasks/keystone_credential_create.yml +++ b/tasks/keystone_credential_create.yml @@ -22,7 +22,7 @@ find: paths: "{{ keystone_credential_key_repository }}" patterns: "^[0-9]+$" - use_regex: True + use_regex: true when: not _credential_keys.stat.exists register: credential_key_list delegate_to: "{{ item }}" @@ -75,7 +75,7 @@ {{ keystone_bin }}/keystone-manage credential_setup --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" register: create_credential_keys when: @@ -90,7 +90,7 @@ {{ keystone_bin }}/keystone-manage credential_rotate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" # credential_rotate might fail in case any credential is not using current private key # so in case it fails, we need to try perform the migraton and attempt rotation after that @@ -100,7 +100,7 @@ {{ keystone_bin }}/keystone-manage credential_migrate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" - name: Rotate credential keys for Keystone # noqa: no-changed-when @@ -108,7 +108,7 @@ {{ keystone_bin }}/keystone-manage credential_rotate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" always: # Let's run migration at the end anyway, as we need it after successfull rotation. @@ -117,5 +117,5 @@ {{ keystone_bin }}/keystone-manage credential_migrate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" diff --git a/tasks/keystone_credential_distribute.yml b/tasks/keystone_credential_distribute.yml index 948acaa8..07ac7173 100644 --- a/tasks/keystone_credential_distribute.yml +++ b/tasks/keystone_credential_distribute.yml @@ -22,7 +22,7 @@ --delete {{ keystone_credential_key_repository }}/ {{ keystone_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:{{ keystone_credential_key_repository }}/ - become: yes + become: true become_user: "{{ keystone_system_user_name }}" changed_when: false with_items: "{{ groups['keystone_all'][1:] }}" diff --git a/tasks/keystone_db_sync.yml b/tasks/keystone_db_sync.yml index 9a68994c..dbb1f6cb 100644 --- a/tasks/keystone_db_sync.yml +++ b/tasks/keystone_db_sync.yml @@ -15,12 +15,12 @@ - name: Check current state of Keystone DB command: "{{ keystone_bin }}/keystone-manage db_sync --check" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" register: keystone_db_sync_check failed_when: "keystone_db_sync_check.rc == 1" changed_when: "keystone_db_sync_check.rc not in [2, 3, 4]" - run_once: yes + run_once: true - name: Set the db sync local facts ini_file: @@ -47,7 +47,7 @@ - name: Test if keystone service exists service: # noqa: args[module] name: "{{ item }}" - check_mode: yes + check_mode: true register: keystone_service_exists with_items: "{{ keystone_services.keys() | list }}" @@ -69,20 +69,20 @@ - name: Perform a Keystone DB sync expand command: "{{ keystone_bin }}/keystone-manage db_sync --expand" changed_when: false - become: yes + become: true become_user: "{{ keystone_system_user_name }}" when: - "ansible_local['openstack_ansible']['keystone']['need_db_expand'] | bool" - run_once: yes + run_once: true notify: flush cache - name: Perform a Keystone DB sync contract command: "{{ keystone_bin }}/keystone-manage db_sync --contract" changed_when: false - become: yes + become: true become_user: "{{ keystone_system_user_name }}" when: - "(keystone_all_software_updated | default('no')) | bool" - "ansible_local['openstack_ansible']['keystone']['need_db_contract'] | bool" - run_once: yes + run_once: true notify: flush cache diff --git a/tasks/keystone_fernet_keys_create.yml b/tasks/keystone_fernet_keys_create.yml index ad4ba999..4fa00498 100644 --- a/tasks/keystone_fernet_keys_create.yml +++ b/tasks/keystone_fernet_keys_create.yml @@ -45,7 +45,7 @@ --delete {{ keystone_system_user_name }}@{{ existing_fernet_hosts[0] }}:{{ keystone_fernet_tokens_key_repository }}/ {{ keystone_fernet_tokens_key_repository }}/ - become: yes + become: true become_user: "{{ keystone_system_user_name }}" changed_when: false register: _fernet_keys_shared @@ -60,7 +60,7 @@ {{ keystone_bin }}/keystone-manage fernet_setup --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" when: - not _fernet_keys.stat.exists @@ -71,6 +71,6 @@ {{ keystone_bin }}/keystone-manage fernet_rotate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" when: _fernet_keys.stat.exists diff --git a/tasks/keystone_fernet_keys_distribute.yml b/tasks/keystone_fernet_keys_distribute.yml index eb284168..c910028e 100644 --- a/tasks/keystone_fernet_keys_distribute.yml +++ b/tasks/keystone_fernet_keys_distribute.yml @@ -22,7 +22,7 @@ --delete {{ keystone_fernet_tokens_key_repository }}/ {{ keystone_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:{{ keystone_fernet_tokens_key_repository }}/ - become: yes + become: true become_user: "{{ keystone_system_user_name }}" changed_when: false with_items: "{{ groups['keystone_all'][1:] }}" diff --git a/tasks/keystone_idp_setup.yml b/tasks/keystone_idp_setup.yml index 17c0490a..9eaee736 100644 --- a/tasks/keystone_idp_setup.yml +++ b/tasks/keystone_idp_setup.yml @@ -16,7 +16,7 @@ - name: Generate IdP metadata shell: | {{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }} - become: yes + become: true become_user: "{{ keystone_system_user_name }}" changed_when: false when: keystone_idp != {} diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index 02fac980..905adce2 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -42,7 +42,7 @@ description: "shibboleth Repo" baseurl: "{{ keystone_centos_shibboleth_mirror }}" gpgkey: "{{ keystone_centos_shibboleth_key }}" - gpgcheck: yes + gpgcheck: true when: - ansible_facts['pkg_mgr'] == 'dnf' - keystone_sp != {} @@ -144,6 +144,6 @@ src: "{{ keystone_bin }}/keystone-wsgi-public" dest: "/var/www/cgi-bin/keystone/main" state: link - force: yes + force: true notify: - Restart web server diff --git a/tasks/keystone_key_setup.yml b/tasks/keystone_key_setup.yml index bd76594a..0e25a252 100644 --- a/tasks/keystone_key_setup.yml +++ b/tasks/keystone_key_setup.yml @@ -19,7 +19,7 @@ path: "{{ keystone_system_user_home }}/.ssh" owner: "{{ keystone_system_user_name }}" group: "{{ keystone_system_group_name }}" - mode: '0755' + mode: "0755" - name: Create ssh keys for synchronising fernet keys include_role: diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml index 01ac34e4..31e71de6 100644 --- a/tasks/keystone_post_install.yml +++ b/tasks/keystone_post_install.yml @@ -20,9 +20,9 @@ systemd: name: "{{ keystone_sshd }}" state: started - enabled: yes - masked: no - daemon_reload: yes + enabled: true + masked: false + daemon_reload: true delegate_to: "{{ item }}" with_items: "{{ ansible_play_hosts }}" when: _keystone_is_first_play_host @@ -75,7 +75,7 @@ fetch: src: "{{ item.target_f }}" dest: "{{ item.tmp_f }}" - flat: yes + flat: true changed_when: false run_once: true with_items: "{{ keystone_core_files }}" diff --git a/tasks/keystone_service_bootstrap.yml b/tasks/keystone_service_bootstrap.yml index 12089d27..c0576c08 100644 --- a/tasks/keystone_service_bootstrap.yml +++ b/tasks/keystone_service_bootstrap.yml @@ -25,18 +25,18 @@ - name: Bootstrap keystone admin and endpoint command: | - {{ keystone_bin }}/keystone-manage bootstrap \ - --bootstrap-username {{ keystone_admin_user_name }} \ - --bootstrap-password {{ keystone_auth_admin_password }} \ - --bootstrap-project-name {{ keystone_admin_tenant_name }} \ - --bootstrap-role-name {{ keystone_role_name }} \ - --bootstrap-service-name {{ keystone_service_name }} \ - --bootstrap-region-id {{ keystone_service_region }} \ - --bootstrap-admin-url {{ keystone_service_adminuri }} \ - --bootstrap-public-url {{ keystone_service_publicuri }} \ - --bootstrap-internal-url {{ keystone_service_internaluri }} + {{ keystone_bin }}/keystone-manage bootstrap \ + --bootstrap-username {{ keystone_admin_user_name }} \ + --bootstrap-password {{ keystone_auth_admin_password }} \ + --bootstrap-project-name {{ keystone_admin_tenant_name }} \ + --bootstrap-role-name {{ keystone_role_name }} \ + --bootstrap-service-name {{ keystone_service_name }} \ + --bootstrap-region-id {{ keystone_service_region }} \ + --bootstrap-admin-url {{ keystone_service_adminuri }} \ + --bootstrap-public-url {{ keystone_service_publicuri }} \ + --bootstrap-internal-url {{ keystone_service_internaluri }} no_log: true - become: yes + become: true become_user: "{{ keystone_system_user_name }}" changed_when: false register: add_service diff --git a/tasks/main.yml b/tasks/main.yml index e276c2f9..66fc7c80 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -301,12 +301,12 @@ - name: Diagnose common problems with keystone deployments command: "{{ keystone_bin }}/keystone-manage doctor" - become: yes + become: true become_user: "{{ keystone_system_user_name }}" register: keystone_doctor failed_when: not debug and keystone_doctor.rc != 0 changed_when: false - run_once: yes + run_once: true when: - "_keystone_is_last_play_host" tags: diff --git a/tasks/main_keystone_federation_sp_idp_setup.yml b/tasks/main_keystone_federation_sp_idp_setup.yml index d00e9cc8..4922016c 100644 --- a/tasks/main_keystone_federation_sp_idp_setup.yml +++ b/tasks/main_keystone_federation_sp_idp_setup.yml @@ -8,6 +8,6 @@ when: - keystone_service_setup | bool - keystone_sp != {} - run_once: yes + run_once: true tags: - keystone-config diff --git a/vars/debian.yml b/vars/debian.yml index c90d3cdb..5157c029 100644 --- a/vars/debian.yml +++ b/vars/debian.yml @@ -51,7 +51,7 @@ keystone_idp_distro_packages: - xmlsec1 # From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured -_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True +_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: true keystone_sp_apache_mod_packages: - name: libapache2-mod-shib @@ -103,6 +103,6 @@ keystone_apache_modules: keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}" -keystone_uwsgi_bin: '/usr/bin' +keystone_uwsgi_bin: "/usr/bin" keystone_sshd: ssh diff --git a/vars/main.yml b/vars/main.yml index a768782f..b71c47d9 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -70,10 +70,10 @@ _keystone_cache_backend_map: - oslo_cache.etcd3gw _keystone_cache_backend_package: |- - {% set oslo = namespace(backend='dogpile') %} - {% for key, value in _keystone_cache_backend_map.items() %} - {% if keystone_cache_backend in value %} - {% set oslo.backend = key %} - {%- endif %} - {%- endfor %} - oslo.cache[{{ oslo.backend }}] + {% set oslo = namespace(backend='dogpile') %} + {% for key, value in _keystone_cache_backend_map.items() %} + {% if keystone_cache_backend in value %} + {% set oslo.backend = key %} + {%- endif %} + {%- endfor %} + oslo.cache[{{ oslo.backend }}] diff --git a/vars/redhat.yml b/vars/redhat.yml index f602bb06..d967207a 100644 --- a/vars/redhat.yml +++ b/vars/redhat.yml @@ -44,7 +44,7 @@ keystone_idp_distro_packages: - xmlsec1 # From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured -_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True +_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: true keystone_sp_apache_mod_packages: - name: shibboleth @@ -73,6 +73,6 @@ keystone_apache_configs: keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'httpd') }}" -keystone_uwsgi_bin: '/usr/sbin' +keystone_uwsgi_bin: "/usr/sbin" keystone_sshd: sshd