Run latest ansible-lint on Ubuntu Noble

We bump the Ansible version to the version that Zuul runs. We then set ansible-lint to the current latest version. This results in a number of new linter violations which we fix. These violations include: * Needing to name plays * Needing to start names with a capital letter * Using fully qualified names for action modules * Quoting permissions strings to avoid octal conversion errors * Using explicit yaml structures for tasks We also tell ansible-lint to mock zuul_return so that we don't get errors from it complaining that this module is not defined. Change-Id: Ic881313fea58f4482f70e493f3d256541d31860a
2024-08-22 16:04:27 -07:00 · 2024-08-22 16:04:27 -07:00 · 60acea0da6
commit 60acea0da6
parent 7ae2bbabbe
43 changed files with 111 additions and 76 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -18,6 +18,8 @@ skip_list:
  - yaml[truthy] # "yes" is ok
 use_default_rules: true
 verbosity: 1
+mock_modules:
+  - zuul_return

 # Local variables:
 # mode: yaml
--- a/playbooks/ansible-role-functional/pre.yaml
+++ b/playbooks/ansible-role-functional/pre.yaml
@ -1,5 +1,5 @@
- hosts: all
-  name: Set up SSH login
+- name: Set up SSH login
+  hosts: all
  tasks:

    - name: Allow ssh login into localhost
--- a/playbooks/docs/post.yaml
+++ b/playbooks/docs/post.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Fetch Sphinx Output
+  hosts: all
  roles:
    - fetch-sphinx-output
--- a/playbooks/fips/enable-fips.yaml
+++ b/playbooks/fips/enable-fips.yaml
@ -1,7 +1,7 @@
- name: playbook to enable fips
+- name: Playbook to enable fips
  hosts: all
  tasks:
-    - name: enable fips
+    - name: Enable fips
      include_role:
        name: enable-fips
      when: enable_fips | default(false)
--- a/playbooks/golang/pre.yaml
+++ b/playbooks/golang/pre.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Revoke Sudo
+  hosts: all
  roles:
    - revoke-sudo
--- a/playbooks/golang/run.yaml
+++ b/playbooks/golang/run.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Run Golang Tests
+  hosts: all

  tasks:
    - name: Run golang tests
--- a/playbooks/grafana/main.yaml
+++ b/playbooks/grafana/main.yaml
@ -2,7 +2,7 @@
  hosts: all
  tasks:

-    - name: install docker
+    - name: Install docker
      include_role:
        name: ensure-docker

@ -13,16 +13,16 @@

    - name: Make environment vars
      set_fact:
-        SECRETS_DIR: '{{ ansible_user_dir }}/grafana-secrets'
-        GRAFYAML_DIR: "{{ ansible_user_dir }}/{{ zuul.projects['opendev.org/openstack/project-config'].src_dir }}/grafana"
-        SCREENSHOTS: '{{ ansible_user_dir }}/screenshots'
+        SECRETS_DIR: '{{ ansible_user_dir }}/grafana-secrets'  # noqa: var-naming[pattern]
+        GRAFYAML_DIR: "{{ ansible_user_dir }}/{{ zuul.projects['opendev.org/openstack/project-config'].src_dir }}/grafana"  # noqa: var-naming[pattern]
+        SCREENSHOTS: '{{ ansible_user_dir }}/screenshots'  # noqa: var-naming[pattern]
        # NOTE(ianw) : screenshots are 1920 x this height.  This means
        # it is about the right width to see easily.  5000 is a
        # generic compromise; a bit long for some graphs, but it's
        # just a solid black that compresses well in the .pngs.  If
        # required we can key each graph to individual heights with a
        # config file or something some other time.
-        SCREENSHOT_HEIGHT: '5000'
+        SCREENSHOT_HEIGHT: '5000'  # noqa: var-naming[pattern]

    # Initial sanity check
    - name: Explicitly validate dashboards
@ -33,7 +33,7 @@
              --entrypoint /usr/local/bin/grafana-dashboard \
                docker.io/opendevorg/grafyaml --debug validate /grafana

-    - name: install pip
+    - name: Install pip
      include_role:
        name: ensure-pip

@ -57,7 +57,7 @@

    - name: Run grafana
      become: true
-      docker_container:
+      community.docker.docker_container:
        name: grafana-opendev_test
        image: "docker.io/grafana/grafana-oss"
        state: started
@ -73,7 +73,7 @@

    - name: Run selenium
      become: true
-      docker_container:
+      community.docker.docker_container:
        name: selenium-firefox
        state: started
        image: "docker.io/selenium/standalone-firefox"
@ -127,7 +127,7 @@
      loop: "{{ _dashboards.json | map(attribute='url') | list }}"

    - name: Copy output
-      synchronize:
+      ansible.posix.synchronize:
        src: '{{ SCREENSHOTS }}'
        dest: '{{ zuul.executor.log_root }}'
        mode: pull
--- a/playbooks/grafana/post.yaml
+++ b/playbooks/grafana/post.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Collect Container Logs
+  hosts: all
  roles:
    - collect-container-logs
--- a/playbooks/javascript/post-tarball.yaml
+++ b/playbooks/javascript/post-tarball.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Fetch JavaScript Tarball
+  hosts: all
  roles:
    - version-from-git
    - fetch-javascript-tarball
--- a/playbooks/javascript/post.yaml
+++ b/playbooks/javascript/post.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Fetch JavaScript Output
+  hosts: all
  roles:
    - fetch-javascript-output
--- a/playbooks/javascript/pre.yaml
+++ b/playbooks/javascript/pre.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Prepare JavaScript Dev Environment
+  hosts: all
  roles:
    - role: bindep
      bindep_profile: test
--- a/playbooks/javascript/tarball.yaml
+++ b/playbooks/javascript/tarball.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Run npm pack
+  hosts: all
  roles:
    - role: npm
      npm_command: pack
--- a/playbooks/openafs-deb-package-build/publish.yaml
+++ b/playbooks/openafs-deb-package-build/publish.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Push Deb to Infra PPA
+  hosts: all
  roles:
    - role: infra-deb-ppa-push
      vars:
--- a/playbooks/openafs-deb-package-build/run.yaml
+++ b/playbooks/openafs-deb-package-build/run.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Build Infra Deb Package
+  hosts: all
  roles:
    - role: infra-deb-package-build
      vars:
--- a/playbooks/openafs-rpm-package-build/publish.yaml
+++ b/playbooks/openafs-rpm-package-build/publish.yaml
@ -1,4 +1,5 @@
- hosts: localhost
+- name: Process AFS RPM Packages
+  hosts: localhost
  tasks:
    - name: Ensure artifacts directories exist
      file:
--- a/playbooks/openafs-rpm-package-build/run.yaml
+++ b/playbooks/openafs-rpm-package-build/run.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Build AFS RPM Package
+  hosts: all
  roles:
    - openafs-rpm-package-build
--- a/playbooks/puppet-branch-tarball/post.yaml
+++ b/playbooks/puppet-branch-tarball/post.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Fetch Puppet Module Output
+  hosts: all
  roles:
    - fetch-puppet-module-output

--- a/playbooks/puppet-tarball/pre.yaml
+++ b/playbooks/puppet-tarball/pre.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Prepare Puppet Module Build Environment
+  hosts: all
  roles:
    - ensure-pdk-dependencies
    - revoke-sudo
--- a/playbooks/puppet-tarball/run.yaml
+++ b/playbooks/puppet-tarball/run.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Build Puppet Module
+  hosts: all
  roles:
    - build-puppet-module
--- a/playbooks/release/announce.yaml
+++ b/playbooks/release/announce.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Send Release Announcement
+  hosts: all
  tasks:
    - name: Send release announcement
      command: >
--- a/playbooks/release/pre.yaml
+++ b/playbooks/release/pre.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Prepare Release Announcement Environment
+  hosts: all
  roles:
    - role: bindep
      bindep_profile: test
--- a/playbooks/tox-docs/pre.yaml
+++ b/playbooks/tox-docs/pre.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Prepare PDF Build Environment
+  hosts: all
  roles:
    - role: prepare-build-pdf-docs
      when: not tox_skip_pdf
--- a/playbooks/tox-docs/run.yaml
+++ b/playbooks/tox-docs/run.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Build PDF Docs
+  hosts: all
  roles:
    - revoke-sudo
    - tox
--- a/playbooks/tox-molecule/post.yaml
+++ b/playbooks/tox-molecule/post.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Return Molecule Report As Zuul Artifact
+  hosts: all
  tasks:
    - name: Return artifact to Zuul
      zuul_return:
--- a/playbooks/tox-with-sudo/run.yaml
+++ b/playbooks/tox-with-sudo/run.yaml
@ -1,3 +1,4 @@
- hosts: all
+- name: Run Tox With Sudo Enabled
+  hosts: all
  roles:
    - tox
--- a/playbooks/tox/py27.yaml
+++ b/playbooks/tox/py27.yaml
@ -8,7 +8,8 @@
 #
 # [1] https://review.opendev.org/c/openstack/project-config/+/872476

- hosts: all
+- name: Install Python2 Dependencies
+  hosts: all
  become: true
  tasks:
    - name: Install Python 2.7
--- a/playbooks/vhd-util-deb-package-build/publish.yaml
+++ b/playbooks/vhd-util-deb-package-build/publish.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Push Deb to Infra PPA
+  hosts: all
  roles:
    - role: infra-deb-ppa-push
      vars:
--- a/playbooks/vhd-util-deb-package-build/run.yaml
+++ b/playbooks/vhd-util-deb-package-build/run.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Build Infra Deb Package
+  hosts: all
  roles:
    - role: infra-deb-package-build
      vars:
--- a/playbooks/wheel-cache/build.yaml
+++ b/playbooks/wheel-cache/build.yaml
@ -1,5 +1,6 @@
- hosts: all
-  strategy: free
+- name: Build Wheel Cache
+  hosts: all
+  strategy: free  # noqa: run-once[play]

  pre_tasks:
    - name: Set fact for wheel dir
--- a/playbooks/wheel-cache/post-base.yaml
+++ b/playbooks/wheel-cache/post-base.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Collect Wheel Cache Build Logs
+  hosts: all
  tasks:
    - name: Ensure build logs directory exists
      file:
@ -7,7 +8,7 @@
      delegate_to: localhost

    - name: Compress build logs
-      archive:
+      community.general.archive:
        dest: '~/logs/build-logs.tar.bz2'
        path: '~/logs/build'
        format: bz2
@ -18,7 +19,7 @@
        path: '~/logs/build'

    - name: Collect final logs
-      synchronize:
+      ansible.posix.synchronize:
        dest: "{{ zuul.executor.log_root }}/{{ wheel_python }}"
        mode: pull
        src: ~/logs/
--- a/playbooks/wheel-cache/pre.yaml
+++ b/playbooks/wheel-cache/pre.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Setup Wheel Cache Build Environment
+  hosts: all
  roles:
    - bindep

--- a/playbooks/xstatic/check-version.yaml
+++ b/playbooks/xstatic/check-version.yaml
@ -1,4 +1,5 @@
- hosts: all
+- name: Check Xstatic Library Version
+  hosts: all
  tasks:
    - name: Copy version check script
      copy:
--- a/roles/configure-swap/tasks/ephemeral.yaml
+++ b/roles/configure-swap/tasks/ephemeral.yaml
@ -14,7 +14,7 @@

 - name: Ensure ephemeral device is unmounted
  become: yes
-  mount:
+  ansible.posix.mount:
    name: "{{ ephemeral_device }}"
    state: "{{ item }}"
  with_items:
@ -24,14 +24,14 @@

 - name: Get existing partitions
  become: yes
-  parted:
+  community.general.parted:
    device: "{{ ephemeral_device }}"
    unit: MiB
  register: ephemeral_partitions

 - name: Remove any existing partitions
  become: yes
-  parted:
+  community.general.parted:
    device: "{{ ephemeral_device }}"
    number: "{{ item.num }}"
    state: absent
@ -40,13 +40,13 @@

 - name: Create new disk label
  become: yes
-  parted:
+  community.general.parted:
    label: msdos
    device: "{{ ephemeral_device }}"

 - name: Create swap partition
  become: yes
-  parted:
+  community.general.parted:
    device: "{{ ephemeral_device }}"
    number: 1
    state: present
@ -55,7 +55,7 @@

 - name: Create opt partition
  become: yes
-  parted:
+  community.general.parted:
    device: "{{ ephemeral_device }}"
    number: 2
    state: present
@ -68,7 +68,7 @@

 - name: Write swap to fstab
  become: yes
-  mount:
+  ansible.posix.mount:
    path: none
    src: "{{ swap_partition }}"
    fstype: swap
@ -86,7 +86,7 @@

 - name: Create /opt filesystem
  become: yes
-  filesystem:
+  community.general.filesystem:
    fstype: ext4
    # The default ratio is 16384 bytes per inode or so. Reduce that to 8192
    # bytes per inode so that we get roughly twice the number of inodes as
@ -123,7 +123,7 @@
 # This overmounts any existing /opt
 - name: Add opt to fstab and mount
  become: yes
-  mount:
+  ansible.posix.mount:
    path: /opt
    src: "{{ opt_partition }}"
    fstype: ext4
--- a/roles/configure-swap/tasks/main.yaml
+++ b/roles/configure-swap/tasks/main.yaml
@ -30,7 +30,8 @@

 # If we have ephemeral storage and we don't appear to have setup swap,
 # we will create a swap and move /opt to a large data partition there.
- include_tasks: ephemeral.yaml
+- name: Setup swap on ephemeral storage
+  include_tasks: ephemeral.yaml
  when:
    - ephemeral_device is defined
    - ansible_memory_mb['swap']['total'] | int + 10 <= configure_swap_size
@ -38,7 +39,8 @@
 # If no ephemeral device and no swap, then we will setup some swap
 # space on the root device to ensure all hosts a consistent memory
 # environment.
- include_tasks: root.yaml
+- name: Setup swap file on root device
+  include_tasks: root.yaml
  when:
    - ephemeral_device is undefined
    - ansible_memory_mb['swap']['total'] | int + 10 <= configure_swap_size
@ -55,10 +57,11 @@
 # cloud I/O based swap during our runs if we can help it
 - name: Set swappiness
  become: yes
-  sysctl:
+  ansible.posix.sysctl:
    name: vm.swappiness
    value: 30
    state: present

 - name: Debug the ephemeral_device variable
-  debug: var=ephemeral_device
+  debug:
+    var: ephemeral_device
--- a/roles/configure-swap/tasks/root.yaml
+++ b/roles/configure-swap/tasks/root.yaml
@ -17,7 +17,8 @@
        root_filesystem: "{{ root_fs.stdout }}"

    - name: Debug the root_filesystem variable
-      debug: var=root_filesystem
+      debug:
+        var: root_filesystem

 # Note, we don't use a sparse device to avoid wedging when disk space
 # and memory are both unavailable.
@ -34,7 +35,7 @@
    path: /root/swapfile
    owner: root
    group: root
-    mode: 0600
+    mode: '0600'

 - name: Make swapfile
  become: yes
@ -42,7 +43,7 @@

 - name: Write swap to fstab
  become: yes
-  mount:
+  ansible.posix.mount:
    path: none
    src: /root/swapfile
    fstype: swap
@ -56,4 +57,5 @@
  command: swapon -a

 - name: Debug the swap_required variable
-  debug: var=swap_required
+  debug:
+    var: swap_required
--- a/roles/infra-deb-package-build/tasks/main.yaml
+++ b/roles/infra-deb-package-build/tasks/main.yaml
@ -62,7 +62,7 @@
      tar czf {{ infra_deb_project }}-debs.tar.gz ./{{ infra_deb_project }}

 - name: Copy built packages
-  synchronize:
+  ansible.posix.synchronize:
    src: '{{ ansible_user_dir }}/{{ infra_deb_project }}-debs.tar.gz'
    dest: '{{ zuul.executor.log_root }}'
    mode: pull
--- a/roles/legacy-copy-jenkins-scripts/tasks/main.yaml
+++ b/roles/legacy-copy-jenkins-scripts/tasks/main.yaml
@ -8,7 +8,7 @@
  copy:
    dest: '/usr/local/jenkins/slave_scripts/'
    src: '{{ item }}'
-    mode: 0755
+    mode: '0755'
  with_items:
    - install-distro-packages.sh
    - jenkinsci-upload.sh
--- a/roles/openafs-rpm-package-build/tasks/main.yaml
+++ b/roles/openafs-rpm-package-build/tasks/main.yaml
@ -75,7 +75,7 @@
      tar cvzf openafs-rpms.tar.gz RPMS

 - name: Copy built rpms
-  synchronize:
+  ansible.posix.synchronize:
    src: '{{ ansible_user_dir }}/rpmbuild/'
    dest: '{{ zuul.executor.log_root }}'
    mode: pull
--- a/roles/prepare-zanata-client/tasks/main.yaml
+++ b/roles/prepare-zanata-client/tasks/main.yaml
@ -63,7 +63,7 @@
 - name: Ensure zanata-cli perms
  file:
    path: "/opt/zanata/zanata-cli-{{ zanata_client_version }}/bin/zanata-cli"
-    mode: 0755
+    mode: '0755'

 - name: Link zanata-cli
  file:
@ -74,7 +74,7 @@

 # This is a preview module in Ansible 2.3. It may not work.
 - name: Import cert to java keystore
-  java_cert:
+  community.general.java_cert:
    cert_url: "{{ zanata_api_credentials.fqdn }}"
    keystore_path: /etc/ssl/certs/java/cacerts
    keystore_pass: changeit
@ -85,7 +85,7 @@
 - name: Set permissions for cacert
  file:
    path: /etc/ssl/certs/java/cacerts
-    mode: 0644
+    mode: '0644'
  become: true

 - name: Ensure zanata config dir
@ -102,7 +102,7 @@
  copy:
    dest: '{{ ansible_user_dir }}/scripts/'
    src: '{{ item }}'
-    mode: 0755
+    mode: '0755'
  with_items:
    - common_translation_update.sh
    - create-zanata-xml.py
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -5,8 +5,6 @@
 hacking>=7.0.0,<8.0.0 # Apache-2.0

 # ansible-lint requires ansible>=2.9
-ansible>=5,<6
-# pin these two until someone has time to update all our skips to >=6.16
-ansible-lint>=6,<6.5
-ansible-compat<4
+ansible>=8,<9
+ansible-lint<25.0.0
 bashate>=0.2
--- a/tests/base.yaml
+++ b/tests/base.yaml
@ -3,10 +3,12 @@
 # If you add new tests, also update the files section in job
 # base-integration in zuul.d/jobs.yaml.

- hosts: all
+- name: Ensure Output Dirs
+  hosts: all
  roles:
    - ensure-output-dirs

- hosts: all
+- name: Fetch Output
+  hosts: all
  roles:
    - fetch-output
--- a/tests/extra.yaml
+++ b/tests/extra.yaml
@ -3,5 +3,6 @@
 # If you add new tests, also update the files section in job
 # extra-integration in zuul.d/jobs.yaml.

- import_playbook: prepare-zanata-client.yaml
+- name: Prepare Zanata Client
+  import_playbook: prepare-zanata-client.yaml
  when: ansible_os_family == 'Debian'
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@ -1451,7 +1451,6 @@
      - openstack/project-config
      - opendev/system-config
      - zuul/zuul-jobs
-    nodeset: ubuntu-jammy
    vars:
      tox_envlist: linters
      tox_environment: