openstack/tripleo-common
Code Issues Proposed changes

Fix ansible-lint errors

Browse Source 
Prepare bumping ansible-lint by solving few linting errors:
- unamed tasks
- use of shell instead of module
- newlines between tasks (visual)
- boolean comparison
- when clauses that can be split
- missing galaxy_info sections in meta.yml
- spaces around jinja {{ variables }}
- lack of pipefail on shell blocks with pipe
- duplicate dictionary keys

Change-Id: I73ed9a031bd579bc6213923edb9c4288d0302454
Needed-By: https://review.opendev.org/#/c/665445/
This commit is contained in:
Sorin Sbarnea 2019-06-14 19:34:26 +01:00
parent 2f8b59f5c2
commit a1495d5f0f
29 changed files with 177 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
playbooks/roles/octavia-controller-config/meta/main.yml
View File

@ -1,2 +1,10 @@
dependencies:
- common
galaxy_info:
author: Red Hat
description: octavia-controller-config
license: Apache
min_ansible_version: 2.5
platforms:
- name: CentOS
- name: Fedora

8
playbooks/roles/octavia-controller-config/tasks/main.yml
View File

@ -3,12 +3,18 @@
command: "hostname -f"
register: hostname
changed_when: False
- set_fact:
- name: set node_hostname
set_fact:
node_hostname: "{{ hostname.stdout }}"
- include_tasks: certificate.yml
when: generate_certs
- include_tasks: netport.yml
- include_tasks: netinterface.yml
- name: making sure octavia common configuration directory exists
file:
path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/common"

14
playbooks/roles/octavia-controller-config/tasks/netport.yml
View File

@ -10,48 +10,62 @@
changed_when: "out_mgmt_port.stdout != ''"
notify:
- octavia config updated
- name: getting management port
shell: |
openstack port show octavia-health-manager-{{ node_hostname }}-listen-port -f value -c id
register: out_mgmt_port_id
changed_when: False
- name: setting fact for management network controller port ID
set_fact:
mgmt_port_id: "{{ out_mgmt_port_id.stdout }}"
- name: get management port mac
shell: |
openstack port show {{ mgmt_port_id }} -f value -c mac_address
register: out_mgmt_port_mac
changed_when: False
- name: setting fact for management network controller port MAC
set_fact:
mgmt_port_mac: "{{ out_mgmt_port_mac.stdout }}"
- name: get management port ip
shell: |
set -euo pipefail
openstack port show {{ mgmt_port_id }} -f value -c fixed_ips | cut -f1 -d, | cut -f2 -d= | tr -d "'"
register: out_mgmt_port_ip
changed_when: False
- name: setting fact for management network controller port IP
set_fact:
mgmt_port_ip: "{{ out_mgmt_port_ip.stdout }}"
- name: get management port net mask
shell: |
set -euo pipefail
subnet_id=$(openstack port show {{ mgmt_port_id }} -f value -c fixed_ips | cut -f2 -d, | cut -f2 -d= | tr -d "'" 2> /dev/null)
openstack subnet show $subnet_id -f value -c cidr 2> /dev/null
register: out_mgmt_subnet_cidr
- name: setting fact for management subnet cidr
set_fact:
mgmt_subnet_cidr: "{{ out_mgmt_subnet_cidr.stdout }}"
- name: setting fact for management network netmask
set_fact:
mgmt_port_netmask: "{{ mgmt_subnet_cidr | ipaddr('netmask') }}"
- name: get MTU for managment port
shell: |
openstack network show {{ lb_mgmt_net_name }} -f value -c mtu
register: out_mgmt_port_mtu
- name: setting fact for management port MTU
set_fact:
mgmt_port_mtu: "{{ out_mgmt_port_mtu.stdout }}"
- name: creating fact for management network health manager controller IP
set_fact:
o_hm_ip: "{{ mgmt_port_ip }}:5555"

6
playbooks/roles/octavia-controller-config/tasks/octavia.yml
View File

@ -6,6 +6,7 @@
selevel: s0
setype: svirt_sandbox_file_t
become: true
- name: setting [controller_worker]/amp_boot_network_list
become: true
become_user: root
@ -16,6 +17,7 @@
value: "{{ lb_mgmt_net_id }}"
selevel: s0
setype: svirt_sandbox_file_t
- name: setting [controller_worker]/amp_secgroup_list
become: true
become_user: root
@ -26,6 +28,7 @@
value: "{{ lb_mgmt_secgroup_id }}"
selevel: s0
setype: svirt_sandbox_file_t
- name: making sure octavia health manager configuration directory exists
file:
path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-health-manager"
@ -33,6 +36,7 @@
selevel: s0
setype: svirt_sandbox_file_t
become: true
- name: create octavia health manager configuration file
become: true
become_user: root
@ -41,10 +45,12 @@
src: "manager-post-deploy.conf.j2"
selevel: s0
setype: svirt_sandbox_file_t
- name: gather facts about the service project
shell: |
openstack project show "{{ auth_project_name }}" -c id -f value
register: project_id_result
- name: setting [controller_worker]/amp_image_owner_id
become: true
become_user: root

8
playbooks/roles/octavia-controller-post-config/meta/main.yml
View File

@ -1,2 +1,10 @@
dependencies:
- common
galaxy_info:
author: Red Hat
description: octavia-controller-post-config
license: Apache
min_ansible_version: 2.5
platforms:
- name: CentOS
- name: Fedora

5
playbooks/roles/octavia-controller-post-config/tasks/main.yml
View File

@ -5,8 +5,11 @@
- name: create ip list
set_fact:
o_hm_ip_list: "{% for octavia_node in groups['octavia_nodes'] %}{{ hostvars[octavia_node].o_hm_ip }}, {%endfor%}"
- set_fact:
- name: create ip list (2)
set_fact:
o_hm_ip_list: "{{ o_hm_ip_list[:-2] }}" #remove the last two characters
- name: read the current IP list
become: true
become_user: root

8
playbooks/roles/octavia-overcloud-config/meta/main.yml
View File

@ -1,2 +1,10 @@
dependencies:
- common
galaxy_info:
author: Red Hat
description: octavia-overcloud-config
license: Apache
min_ansible_version: 2.5
platforms:
- name: CentOS
- name: Fedora

12
playbooks/roles/octavia-overcloud-config/tasks/certs_gen.yml
View File

@ -28,10 +28,16 @@
become: true
shell: |
openssl genrsa -passout pass:{{ ca_passphrase }} -des3 -out {{ openssl_temp_dir }}/private/cakey.pem 2048
tags:
- skip_ansible_lint
- name: Reading private key
become: true
shell: cat {{ openssl_temp_dir }}/private/cakey.pem
register: private_key_data
tags:
- skip_ansible_lint
- name: Setting private key fact
set_fact:
private_key_content: "{{ private_key_data.stdout }}"
@ -43,10 +49,16 @@
-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
-days 365 -config {{ openssl_temp_dir }}/openssl.cnf \
-out {{ openssl_temp_dir }}/ca_01.pem
tags:
- skip_ansible_lint
- name: Reading CA certificate
become: true
shell: cat {{ openssl_temp_dir }}/ca_01.pem
register: ca_cert_data
tags:
- skip_ansible_lint
- name: Setting CA certificate fact
set_fact:
ca_cert_content: "{{ ca_cert_data.stdout }}"

11
playbooks/roles/octavia-overcloud-config/tasks/network.yml
View File

@ -6,14 +6,17 @@
fi
register: out_lb_mgmt_net
changed_when: "out_lb_mgmt_net.stdout != ''"
- name: getting management network ID
shell: |
openstack network show {{ lb_mgmt_net_name }} -f value -c id
register: out_lb_mgmt_net_id
changed_when: False
- name: setting management network ID fact
set_fact:
lb_mgmt_net_id: "{{ out_lb_mgmt_net_id.stdout }}"
- name: create subnet
shell: |
if [[ $(openstack subnet show {{ lb_mgmt_subnet_name }} > /dev/null; echo $?) -eq 1 ]]; then
@ -25,6 +28,7 @@
fi
register: lb_mgmt_subnet_result
changed_when: "lb_mgmt_subnet_result.stdout != ''"
- name: create security group #get the security group id
shell: |
if [[ $(openstack security group show {{ lb_mgmt_sec_grp_name }} > /dev/null; echo $?) -eq 1 ]]; then
@ -38,8 +42,10 @@
- name: setting fact for management network security group
set_fact:
lb_mgmt_secgroup_id: "{{ lb_mgmt_secgroup_result.stdout }}"
- name: create security group rule to open amphora management ssh port
shell: |
set -euo pipefail
if [[ $(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp --ingress -f value 2>&1 | grep "0.0.0.0/0 22:22") == "" ]]; then
openstack security group rule create --protocol tcp --dst-port 22 {{ lb_mgmt_sec_grp_name }}
fi
@ -49,8 +55,10 @@
OS_USERNAME: "{{ auth_username }}"
OS_PASSWORD: "{{ auth_password }}"
OS_PROJECT_NAME: "{{ auth_project_name }}"
- name: create security group rule to open amphora management API port
shell: |
set -euo pipefail
if [[ $(openstack security group rule list {{ lb_mgmt_sec_grp_name }} --protocol tcp --ingress -f value 2>&1 | grep "0.0.0.0/0 9443:9443") == "" ]]; then
openstack security group rule create --protocol tcp --dst-port 9443 {{ lb_mgmt_sec_grp_name }}
fi
@ -60,6 +68,7 @@
OS_USERNAME: "{{ auth_username }}"
OS_PASSWORD: "{{ auth_password }}"
OS_PROJECT_NAME: "{{ auth_project_name }}"
- name: create security group for health manager
shell: |
if [[ $(openstack security group show {{ lb_health_mgr_sec_grp_name }} > /dev/null; echo $?) -eq 1 ]]; then
@ -69,8 +78,10 @@
fi
register: lb_health_manager_sec_grp_result
changed_when: "lb_health_manager_sec_grp_result.stdout != ''"
- name: create security group rule for health manager
shell: |
set -euo pipefail
if [[ $(openstack security group rule list {{ lb_health_mgr_sec_grp_name }} --protocol udp --ingress -f value 2>&1 | grep "0.0.0.0/0 5555:5555") == "" ]]; then
openstack security group rule create --protocol udp --dst-port 5555 {{ lb_health_mgr_sec_grp_name }}
fi

8
playbooks/roles/octavia-undercloud/meta/main.yml
View File

@ -1,2 +1,10 @@
dependencies:
- common
galaxy_info:
author: Red Hat
description: octavia-undercloud
license: Apache
min_ansible_version: 2.5
platforms:
- name: CentOS
- name: Fedora

8
playbooks/roles/octavia-undercloud/tasks/main.yml
View File

@ -34,9 +34,10 @@
- name: fail if ssh pub key file does not exist or is not readable
fail: msg="{{ amp_ssh_key_path }} does not exist or is not readable by user {{ ansible_user }}"
when: key_file_result|failed or key_file_result.stat.exists == False or key_file_result.stat.readable == False
when: key_file_result|failed or not key_file_result.stat.exists or not key_file_result.stat.readable
- set_fact:
- name: set amp_ssh_key_path_final
set_fact:
amp_ssh_key_path_final: "{{ amp_ssh_key_path }}"
when: amp_ssh_key_path is defined and amp_ssh_key_path != ""
@ -49,7 +50,8 @@
- name: copy ssh public key content to temp file
copy: content="{{ amp_ssh_key_data }}" dest="{{ ssh_key_tmp_file.path }}"
- set_fact:
- name: set amp_ssh_key_path_final
set_fact:
amp_ssh_key_path_final: "{{ ssh_key_tmp_file.path }}"
when: amp_ssh_key_path is not defined or amp_ssh_key_path == ""

12
playbooks/rotate-keys.yaml
View File

@ -9,13 +9,15 @@
- name: populate service facts
service_facts:
- set_fact:
- name: Determine facts
set_fact:
is_container: containerized_keystone_dir.stat.isdir is defined and containerized_keystone_dir.stat.isdir
podman_enabled: '"tripleo_keystone.service" in ansible_facts.services'
- name: Rotate fernet keys for keystone container
block:
- set_fact:
- name: set keystone_base
set_fact:
keystone_base: /var/lib/config-data/puppet-generated/keystone
- name: Remove previous fernet keys
@ -33,12 +35,18 @@
- name: Set permissions to match container's user
shell: chown --reference={{ keystone_base }}/etc/keystone/fernet-keys {{ keystone_base }}{{ item.key }}
args:
warn: false
with_dict: "{{ fernet_keys }}"
no_log: true
tags:
- skip_ansible_lint
- name: Restart keystone container with docker
shell: docker restart keystone
when: not podman_enabled
tags:
- skip_ansible_lint
- name: Restart keystone container
service:

11
playbooks/swift_ring_rebalance.yaml
View File

@ -40,10 +40,13 @@
- name: Abort playbook run if consistency check fails
fail:
msg: "object.ring.gz does not match reference checksum"
when: (result.stat.exists == True) and (result_reference.stat.exists == True) and (result_reference.stat.checksum != result.stat.checksum)
when:
- result.stat.exists
- result_reference.stat.exists
- result_reference.stat.checksum != result.stat.checksum
- name: Deploy missing Swift rings
when: result.stat.exists == False
when: not result.stat.exists
block:
- name: Fetch missing Swift rings from undercloud
command: swift --insecure download -o /tmp/swift-rings.tar.gz overcloud-swift-rings swift-rings.tar.gz
@ -63,7 +66,9 @@
- name: Check if it is safe to continue rebalancing
set_fact:
rebalance_is_safe: True
when: (result.stat.exists == True) and ((recon.stdout | from_json).object_replication_last | int) > ((result.stat.mtime) | int)
when:
- result.stat.exists
- ((recon.stdout | from_json).object_replication_last | int) > ((result.stat.mtime) | int)
- name: Show warning and stop playbook run if unsafe
debug:

5
roles/tripleo-hieradata/defaults/main.yaml
View File

@ -1,4 +1,5 @@
hieradata_template: ""
hieradata_variable_start_string: "{{"
hieradata_variable_end_string: "}}"
# jinja2 escape trick for simple {{ and }} strings:
hieradata_variable_start_string: "{{ '{{' }}"
hieradata_variable_end_string: "{{ '}}' }}"
hieradata_per_host: false

5
roles/tripleo-hieradata/test-playbook.yaml
View File

@ -5,5 +5,6 @@
name: tripleo-hieradata
vars:
hieradata_template: hieradata.j2.yaml
variable_start_string: "{{"
variable_end_string: "}}"
# jinja2 escape trick for simple {{ and }} strings:
variable_start_string: "{{ '{{' }}"
variable_end_string: "{{ '}}' }}"

1
roles/tripleo-transfer/tasks/main.yml
View File

@ -30,6 +30,7 @@
# "no_log: true".
- name: create the archive
shell: |
set -euo pipefail
tar --transform "s|^{{ tripleo_transfer_src_dir_safe|basename }}|{{ tripleo_transfer_dest_dir_safe|basename }}|" -czf "{{ tripleo_transfer_tempfile.path }}" -C "{{ tripleo_transfer_src_dir_safe|dirname }}" "{{ tripleo_transfer_src_dir_safe|basename }}"
become: "{{ tripleo_transfer_src_become }}"
delegate_to: "{{ tripleo_transfer_src_host }}"

4
tripleo_common/tests/utils/data/config_data.yaml
View File

@ -119,19 +119,15 @@ servers:
- physical_resource_id: 00b3a5e1-5e8e-4b55-878b-2fa2271f15ad
name: overcloud-controller-0
OS::stack_id: 00b3a5e1-5e8e-4b55-878b-2fa2271f15ad
name: overcloud-controller-0
- physical_resource_id: a7db3010-a51f-4ae0-a791-2364d629d20d
name: overcloud-novacompute-0
OS::stack_id: a7db3010-a51f-4ae0-a791-2364d629d20d
name: overcloud-novacompute-0
- physical_resource_id: 8b07cd31-3083-4b88-a433-955f72039e2c
name: overcloud-novacompute-1
OS::stack_id: 8b07cd31-3083-4b88-a433-955f72039e2c
name: overcloud-novacompute-1
- physical_resource_id: 169b46f8-1965-4d90-a7de-f36fb4a830fe
name: overcloud-novacompute-2
OS::stack_id: 169b46f8-1965-4d90-a7de-f36fb4a830fe
name: overcloud-novacompute-2
server_id_data:
Controller: