We were pinning ansible to 2.8 for unittesting but Zuul currently only
supports Ansible 8 and 9. Pin Ansible to 8 in order to better test what
we expect people are using in the wild. This will also enable the
testing of Zuul and Ansible and Zuul Jobs with newer python versions
like 3.12.
In order to run testing with Ansible 8 intsead of 2.8 we drop testing
against python2.7 and python3.8 as neither of them can install an
Ansible version this new.
Change-Id: Icd563def65dcfd40b174218cc4e2b94e0230c374
This is no longer present in Ansible 9.
Removing these upsets ansible-lint, so those errors are ignored.
The base roles job has bitrotted on centos-7 and bionic due to
a bad voluptuous release used in an stestr test. That is fixed in
this change as well.
Change-Id: I67886d5ad82ab590979f82bd102d6f974b9d4421
Virtualenv 20.22.0 dropped support for python<=3.6 (including 2.7). We
still want to run tests under 2.7. Work around this by capping off
virtualenv in tox's requires list.
Change-Id: I4868cd5a8a958f04ac782e0963c52a118b2f5ebf
Tox 4 released today and is a complete rewrite with many backward
incompatible changes. We need to update a number of things to support
that in the zuul-jobs tox role and elsewhere. A possibly incomplete
list of what was changed in this commit to make this work:
* Don't run tox --showconfig with {{ tox_extra_args }} as -vv is
in tox_extra_args by default and results in interleaved debug
output in the ini output making it invalid ini content.
* Update the tox siblings tox config parser to look for renamed
environment dir locations.
* Stop using whitelist_externals and use allowlist_exteranls
because whitelist_externals is removed and external commands that
are not explicitly allowed produce errors.
* Make the tox version configurable in ensure-tox as some users
may not be able to easily upgrade to tox v4.
* Escape literal # chars in tox.ini as they are treated as comments
when in the command strings now.
https://github.com/tox-dev/tox/issues/2617
Change-Id: I38e13b4f13bb1b2d6fb7e5c70b708e9bb016a455
See notes in I4e6e85156459cca032e6c3e1d8a9284be919ccca, this ensures
the library files don't start with #! so they will run under the
Ansible interpeter on the remote node.
Change-Id: I8754d0962e8453d2030c589be23560e454e0052e
Progressive mode
... makes the linter return a success even if some failures are
found, as long the total number of violations did not increase since
the previous commit.
I have found what I think is inconsistent matching of the errors
between runs and I'm not sure it isn't hiding problems. We are
linter-clean and gate on the linter passing, so we don't need to do
this two-pass system.
Change-Id: I47be01a095d80dfb4d15f90da7bce49c3d42a2dd
- bumps ansible-lint to 5.0
- updates our custom rules to make them compatible with 5.0
- replace custom module mocking with native ansible-lint ones
- remove custom call of ansible-playbook --syntax-check as now this
is done by ansible-lint
- assured molecule vars are hosted under a vars/ folder in order to
avoid confusing linter detection.
- replaced custom rule for loop var names in role as now this this an
optional core feature of the linter (see config)
- replaced custom rule no-same-owner with opt-in one (see config)
Change-Id: I233fae8c9036d295968a97ee80e07fde8846c633
When update-test-platforms.py autogenerates parts that are checked into
git and the generated and commited content is different the CI error is
hard to understand. Make it explicit what caused this. Output the diff,
so one can see the difference.
Change-Id: Ib9751c6ad6dc55514177934e0db327c5d08b74eb
Makes use of newer feature which produces failures only when current
commit is adding new violations, exiting ones being considered
as already known.
To prove it works, it also removes the E208 from warn, making it
an error. Still, the final linting result is a success because
these violations were already present before current commit.
Change-Id: Ia858f2a3e71d9634e9d90e890d82714105e8f8c9
- Bumps linter and make use of its auto-detection
- Temporary skips linting test-playbooks/ to match previous behavior
- Documents skips in a way that makes it easy to maintain the rules
- Keeps linter config in standard location, so it can be loaded
regardless how is called.
Change-Id: Ic379c91fa9385473f6ec2af91e61953dc10c1f54
siblings: python2.7 ConfigParser has no __getitem__
Constrain soupsieve to <2 for python2.7
Add python2-dev to bindep for subprocess32
Change-Id: If9d6a0ae1a62a94dcec11f6bf637ffee7f0f4fc9
Otherwise we miss that we're not using 3.8 in the 38 env.
Fixes the cgi.escape issue that we didn't catch earlier.
Change-Id: I604bd18b70950580f60714598624d493f4a5060f
Adds yamllint to the linters with a minimal configuration, some
rules are disabled to allow us to fix them in follow-ups, if
we agree on them.
Fixes invalid YAML file containing characters inside block.
Fixes few minor linting issues.
Change-Id: I936fe2c997597972d884c5fc62655d28e8aaf8c5
- Avoid calling ansible-lint for each argument as this slows down
its execution time considerably (105s -> 41s)
- Prints list of offending files when git reports dirty, avoiding
confusions errors.
Change-Id: I4b6c6a7935febc4934d0fc6a55f7f9d3e6e87942
Current implementation failed to lint on BSD-like systems due
to the use of GNU specific find feature.
Change-Id: I0dbf635eb5b2e9b37dd0062ca165a5b51d090543
There are over 490 .yaml files but only a few .yml, let's rename to be
consistent.
Add a test to block .yml files.
Change-Id: I2f1354de82f231154d926b51d9812b1e9c1a6202
ansible-lint now supports settings in a file, including exclude_paths.
This lets us simplfy the ansible-lint command. Also, stop installing
zuul and just use a fake zuul_return and zuul_console
to fake out ansible-lint.
Change-Id: I1482a9ab915cec2d45695b60cdbeb93d58cb392c
It seems some versions of ruamel do a better job at preserving
comments than others. Create a tox env to regenerate the lists with a
version we know works.
Change-Id: I13503890fd3c18487281e3394b003e9f36cd24f2
Avoids ocasional failures caused by broken mirror repository.
We keep it, as it proves useful in discovering other issues from time
to time.
See https://zuul.opendev.org/t/zuul/builds?job_name=zuul-jobs-test-multinode-roles-opensuse-tumbleweed
Also assures linting catches errors caused by changes that missed to
regenerate the project stanza.
Change-Id: Id988a51175e8daa4f3c9725822dadcd7cd7aeb0e
This change updates the tox molecule playbook to make it platform
agnostic by moving the OS specific package lists into var files
that will be dynamically loaded based on the operating system
the playbook is being executed against. This is being done so
that we can use molecule on OS's like CentOS, Ubuntu, SUSE,
Debian, etc. While the only platforms supported at this time
are Red Hat based, this change will allow additional var files
to be added enabling additional platforms without needing any
chanages to our task structure.
> The linters job has been updated to exclude vars files from the
ansible lint playbook commands. This is done because the playbook
commands assume all found files are playbooks.
Change-Id: I88f3551838e3676374d0a795631c8769ba40fbf4
Signed-off-by: Kevin Carter <kecarter@redhat.com>
In order to edit the V2 registries.conf file used by podman, we
need to be able to manipulate toml from ansible. There is no
standard library or Ansible support for that now, and we don't want
to install any python packages on the remote node. Therefore,
vendor the remarshal and pytoml code into this role.
This is done in a standalone commit for easier review and auditing.
The originating projects are:
https://github.com/dbohdan/remarshalhttps://github.com/avakar/pytoml
And both are MIT licensed. Appropriate headers are added where
necessary.
Note that pytoml has been concatenated into one file in order to
adhere to Ansible's requirements for python modules.
Change-Id: I679ea5eb5cb29591be09d2f1b712400c49158abd
With the arrival of ansible-lint 4, Jinja2 variable expansions must
include spaces before and after the variable name inside the
brackets.
Adjust the new violations accordingly and remove the rule
206 exclusion.
Change-Id: Ib3ff7b0233a5d5cf99772f9c2adc81861cf34ffa
With the arrival of ansible-lint 4, comparisons to literal boolean
values are now forbidden. Adjust the new violations accordingly and
remove the rule 601 exclusion.
Change-Id: I18ba2d7d41fabaff35d10d520037188c7d9d1249
We have doc requirements in the normal test-requirements list.
This is causing problems for some sphinx related things which
want python3 conflicting with our py27 test job.
Change-Id: I1c4ddba56377097f1ebf39051a496577d38f0494
This splits all of the current job and role documentation into
files by subject area so that jobs and roles are easier for users to
find.
This will require that any future new jobs or roles add a line to the
appropriate area of the documentation, since that can no longer be
done automatically. A linter check is added to ensure that every
job and role continue to be documented.
After this refactor, we can begin to enhance the documentation pages
so that they include narrative documentation and subsections.
Change-Id: Ia6f0e89b57e3cb0d7d1745206384c946506d7ea0
The zuul_return plugin was recently converted to an action plugin, make
sure we also export that path for ansible-lint.
Change-Id: I9e497ef4258753d4d305f8caab6d47e469a38ccd
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Flake8 3.6.0 now warns about both line break after and *before* binary
operator, you have to choose whether you use W503 or W504. Disable the
newer W504.
Also, ignore warning about invalid escape sequence in regex.
Change-Id: Ibfbd5df21e01d5a7bd44a216ff63bc805dd5c186
We install zuul via test-requirements, so the zuul files should be in a
directory under the site-packges of the virtualenv that tox installed it
in to. Update the path to point correctly to that location.
Remove the ansible-lint skip tags which should now work because the
library path should be pointing to a location that actually holds the
content.
Change-Id: If2d4b39267c4b9a3102a951143b568f8447af8d9
Move the zuul requirement from test-requirements into the linters
section of tox.ini because we need it as a src install in the tox
env, so that we can reference the ansible library location.
Change-Id: I089c69b539107bdbc25791f5730502a4f46e7cf6
So that the syntax check which runs on playbooks can find zuul_return.
Add re2 library to bindep, it's needed for zuul.
Change-Id: I93213ee19652c0ec9f4bc699204e9445a1e891c8
This implements a module to directly interact with the ssh-agent
so that the master key may be removed from the ssh-agent without
removing any per-project keys.
Change-Id: Ife91ad8afa9b41b0e779a832e298aca8d61ae98b
Add a testenv:py27 environment that overrides basepython to 2.7
Unfortunately implicit namespace packages are a Python3 thing [1] so
we have to scatter a few __init__.py's around for the test loader
under python2 to be able to find the unit test directories.
Update documenation to mention this
Needed-By: https://review.openstack.org/592768
[1] https://www.python.org/dev/peps/pep-0420/
Change-Id: I9a653666e8a083fb7f3fbb92589fe0467a41e6e6
Add a unit testing framework for python roles. Thanks to Matthew
Treinish for the suggestion of how to perform discovery (and much of the
code which is copied from Tempest).
Change-Id: Iec95dd1026a41614def57c65c3faa0516a682a5a
The 'linters' tox environment was not running on roles, it was only
running on playbooks. This change adds a command to the linters
environment to ensure all roles are linted.
Since these weren't being linted, there were some problems with them.
The first was a warning about usage of the shell module. Both of these
usages seemed appropriate, so this patch adds a skip_ansible_lint tag to
each task that was failing. The second is a warning "no action detected
in task" for zuul modules. This is due to the fact that the linter
cannot find the custom module. One option is to set the ANSIBLE_LIBRARY
path to point to the zuul ansible library directory[1], but the linter
virtualenv does not actually have zuul installed. Instead, we just
disable the linter for the failing tasks.
This also cleans up a comment in the tox file that was referring to a
nonexistent zuul job.
[1] https://github.com/willthames/ansible-review/issues/16
Change-Id: Ie49da9a09733b623bb25c5a4c8aa07eacacf4b33
We have no legacy files in here, so no need to skip them.
Also, sync invocations of ansible lint and ansible syntax checks.
Change-Id: I003cf6a46d1dc376d83118e5e5c405aa54d33f22
This change follows I16186c929e7d0e6e34b35271559e555255a52b00 to run
openstack-zuul-jobs-linters on the repository.
Also, silence remaining lint role.
Depends-On: I46c53229f878fc707bab627654d820b891d9f625
Change-Id: I76abf21ea51c5f7553639475e408e06768fb1016
The following form raises "ANSIBLE0013 Use shell only when shell
functionality is required:
shell: '! something'
Chances are its heuristic fails to look for use of the negation (!)
shell operator.
Rather than exclude ANSIBLE0013, just stop running it completely for
now since we've had to do the same on openstack-zuul-jobs in the
I14896450b16f8e65128804b44a643da63580812d change.
Change-Id: Ie9da24a4ab20d9dd0bf7ebb2e3d957b9d8563900
Depends-On: I60daa67e7154d2bf621305e0e0aa6f4db49033c1
This also adds an exception to ansible-lint, ANSIBLE0006, because
we want to use "apt-get update" for updating the apt cache [1]
[1]: https://review.openstack.org/#/c/492716/
This reverts commit 5fe5b6ca1a.
Change-Id: Icd79198964e86c7a2c73102f3e4d845d161b924d
In working on a different patch it became clear that flake8 wasn't
actually running such that it found errors. Updated the
test-requirements to match what's in zuul and all started working (and
failing) properly.
Change-Id: Icfdb1fedbd92ff49484b116a0879686581274a25
When we lint our playbooks, we need to also have zuul install our
custom action plugins.
Also default to python3 so we can properly install zuul into tox.
Change-Id: Ib7e39e43005aa73c9d482af6becef3408d097e15
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Move our syntax-check to be first, logic being if we have bad syntax
and ansible-lint will most likely fail.
Clean our redirects to only output failures. It would be nice is
ansible-playbook / ansible-lint could use the same redirects, but
sadly they cannot.
Change-Id: Ia3c5966d60d28b81e2f2c6a446116bb37df6ab23
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Using linters makes more sense, for playbooks / roles. Make the
switch.
Change-Id: I9694f95c3c041f9816c83d60680bfde50e1fb858
Signed-off-by: Paul Belanger <pabelanger@redhat.com>