Bump ansible-lint version
The version that we were capping to is no longer compatible with latest upper-constraints.txt, so let us free float again. The resulting linting errors are included for now to unblock the gate, these will still need to be discussed or fixed later. NOTE(kevko): Temporarily disabling horizon deployment, as it's not possible to unblock gates without it Co-Authored-By: Michal Arbet <michal.arbet@ultimum.io> Change-Id: Ib7f72b2663199ef80844a412bc436c6ef09322cc
This commit is contained in:
parent
86ac820457
commit
47ddac4131
@ -25,3 +25,14 @@ skip_list:
|
||||
- fqcn[action]
|
||||
# role name check matching ^*$
|
||||
- role-name
|
||||
# TODO(frickler): Discuss these in detail, skipping for now to unblock things
|
||||
- key-order[task]
|
||||
- no-free-form
|
||||
- name[play]
|
||||
- var-naming[no-role-prefix]
|
||||
- risky-file-permissions
|
||||
- risky-shell-pipe
|
||||
- command-instead-of-shell
|
||||
- command-instead-of-module
|
||||
- ignore-errors
|
||||
- jinja[spacing]
|
||||
|
@ -1,5 +1,5 @@
|
||||
ansible>=6,<8 # GPLv3
|
||||
ansible-lint>=6.0.0,<6.13.0 # MIT
|
||||
ansible-lint>=6.0.0,<7.0.0 # MIT
|
||||
bandit>=1.1.0 # Apache-2.0
|
||||
bashate>=0.5.1 # Apache-2.0
|
||||
doc8>=0.6.0 # Apache-2.0
|
||||
|
@ -36,7 +36,7 @@
|
||||
mode: pull
|
||||
ignore_errors: yes
|
||||
|
||||
- name: dump all iptables rules
|
||||
- name: Dump all iptables rules
|
||||
shell: "iptables-save > /tmp/logs/iptables"
|
||||
args:
|
||||
creates: /tmp/logs/iptables
|
||||
@ -59,29 +59,29 @@
|
||||
ara_report_local_dir: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}/ara-report"
|
||||
kolla_ansible_local_src_dir: "{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
|
||||
tasks:
|
||||
- name: check for existence of ara sqlite
|
||||
- name: Check for existence of ara sqlite
|
||||
stat:
|
||||
path: "{{ ansible_env.HOME }}/.ara/server/ansible.sqlite"
|
||||
register: ara_stat_result
|
||||
|
||||
- block:
|
||||
- name: ensure ara-report folder existence
|
||||
- name: Ensure ara-report folder existence
|
||||
file:
|
||||
path: "{{ ara_report_local_dir }}"
|
||||
state: directory
|
||||
delegate_to: localhost
|
||||
|
||||
- name: download ara sqlite
|
||||
- name: Download ara sqlite
|
||||
synchronize:
|
||||
src: "{{ ansible_env.HOME }}/.ara/server/ansible.sqlite"
|
||||
dest: "{{ ara_report_local_dir }}/"
|
||||
mode: pull
|
||||
|
||||
- name: get ara version
|
||||
- name: Get ara version
|
||||
command: "ara --version"
|
||||
register: ara_version
|
||||
|
||||
- name: template ara readme
|
||||
- name: Template ara readme
|
||||
template:
|
||||
src: "{{ kolla_ansible_local_src_dir }}/tests/ara-readme.md.j2"
|
||||
dest: "{{ ara_report_local_dir }}/README.md"
|
||||
|
@ -105,7 +105,7 @@
|
||||
- "ansible"
|
||||
|
||||
# NOTE(yoctozepto): let's observe forwarding behavior
|
||||
- name: iptables - LOG FORWARD
|
||||
- name: Iptables - LOG FORWARD
|
||||
become: true
|
||||
iptables:
|
||||
state: present
|
||||
@ -114,7 +114,7 @@
|
||||
jump: LOG
|
||||
log_prefix: 'iptables FORWARD: '
|
||||
|
||||
- name: set new hostname based on ansible inventory file
|
||||
- name: Set new hostname based on ansible inventory file
|
||||
hostname:
|
||||
name: "{{ inventory_hostname }}"
|
||||
use: systemd
|
||||
|
@ -3,7 +3,7 @@
|
||||
any_errors_fatal: true
|
||||
tasks:
|
||||
# NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays
|
||||
- name: set facts for commonly used variables
|
||||
- name: Set facts for commonly used variables
|
||||
set_fact:
|
||||
kolla_ansible_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
|
||||
upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt"
|
||||
@ -14,27 +14,27 @@
|
||||
any_errors_fatal: true
|
||||
environment: "{{ pip_user_path_env }}"
|
||||
tasks:
|
||||
- name: ensure /etc/kolla exists
|
||||
- name: Ensure /etc/kolla exists
|
||||
file:
|
||||
path: "/etc/kolla"
|
||||
state: "directory"
|
||||
mode: 0777
|
||||
become: true
|
||||
|
||||
- name: ensure python3-pip exists
|
||||
- name: Ensure python3-pip exists
|
||||
package:
|
||||
name: python3-pip
|
||||
become: true
|
||||
|
||||
# NOTE(mgoddard): We need a recent pip to install the latest cryptography
|
||||
# library. See https://github.com/pyca/cryptography/issues/5753
|
||||
- name: install pip 19.1.1+
|
||||
- name: Install pip 19.1.1+
|
||||
pip:
|
||||
name: "pip>=19.1.1"
|
||||
executable: "pip3"
|
||||
extra_args: "--user"
|
||||
|
||||
- name: install kolla-ansible and dependencies
|
||||
- name: Install kolla-ansible and dependencies
|
||||
pip:
|
||||
executable: "pip3"
|
||||
extra_args: "-c {{ upper_constraints_file }} --user"
|
||||
@ -43,14 +43,14 @@
|
||||
- "ansible-core{{ ansible_core_version_constraint }}"
|
||||
- "ansible{{ ansible_version_constraint }}"
|
||||
|
||||
- name: copy passwords.yml file
|
||||
- name: Copy passwords.yml file
|
||||
copy:
|
||||
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
|
||||
dest: /etc/kolla/passwords.yml
|
||||
mode: "0640"
|
||||
remote_src: true
|
||||
|
||||
- name: generate passwords
|
||||
- name: Generate passwords
|
||||
command: kolla-genpwd
|
||||
|
||||
# At this point we have generated all necessary configuration, and are
|
||||
|
@ -7,7 +7,7 @@
|
||||
setup:
|
||||
|
||||
# NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays
|
||||
- name: set facts for commonly used variables
|
||||
- name: Set facts for commonly used variables
|
||||
vars:
|
||||
# NOTE(yoctozepto): needed here to use in other facts too
|
||||
openstack_core_enabled: "{{ scenario not in ['bifrost', 'mariadb', 'prometheus-opensearch', 'venus'] }}"
|
||||
@ -22,7 +22,7 @@
|
||||
build_image_tag: "change_{{ zuul.change | default('none') }}"
|
||||
openstack_core_enabled: "{{ openstack_core_enabled }}"
|
||||
openstack_core_tested: "{{ scenario in ['core', 'cephadm', 'zun', 'cells', 'swift', 'ovn', 'lets-encrypt'] }}"
|
||||
dashboard_enabled: "{{ openstack_core_enabled }}"
|
||||
dashboard_enabled: "false"
|
||||
upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt"
|
||||
docker_image_tag_suffix: "{{ '-aarch64' if ansible_architecture == 'aarch64' else '' }}"
|
||||
kolla_ansible_venv_path: "{{ ansible_env.HOME }}/kolla-ansible-venv"
|
||||
@ -79,7 +79,7 @@
|
||||
# and since we don't need isolated networks here, use host networking
|
||||
network_mode: host
|
||||
tasks:
|
||||
- name: detect whether need build images
|
||||
- name: Detect whether need build images
|
||||
set_fact:
|
||||
need_build_image: true
|
||||
when:
|
||||
@ -97,7 +97,7 @@
|
||||
- block:
|
||||
# NOTE(mgoddard): This only affects the remote copy of the repo, not the
|
||||
# one on the executor.
|
||||
- name: checkout the previous ansible-collection-kolla branch
|
||||
- name: Checkout the previous ansible-collection-kolla branch
|
||||
shell:
|
||||
cmd: |
|
||||
git checkout stable/{{ previous_release | lower }}
|
||||
@ -105,7 +105,7 @@
|
||||
git log --pretty=oneline -1
|
||||
chdir: "{{ ansible_collection_kolla_src_dir }}"
|
||||
|
||||
- name: checkout the previous kolla-ansible branch
|
||||
- name: Checkout the previous kolla-ansible branch
|
||||
shell:
|
||||
cmd: |
|
||||
git checkout stable/{{ previous_release | lower }}
|
||||
@ -113,7 +113,7 @@
|
||||
git log --pretty=oneline -1
|
||||
chdir: "{{ kolla_ansible_src_dir }}"
|
||||
|
||||
- name: checkout the previous requirements branch
|
||||
- name: Checkout the previous requirements branch
|
||||
shell:
|
||||
cmd: |
|
||||
git checkout stable/{{ previous_release | lower }}
|
||||
@ -122,7 +122,7 @@
|
||||
chdir: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/"
|
||||
when: is_upgrade
|
||||
|
||||
- name: ensure /etc/kolla exists
|
||||
- name: Ensure /etc/kolla exists
|
||||
file:
|
||||
path: "/etc/kolla"
|
||||
state: "directory"
|
||||
@ -157,7 +157,7 @@
|
||||
- bifrost
|
||||
- swift
|
||||
|
||||
- name: generate configuration files
|
||||
- name: Generate configuration files
|
||||
template:
|
||||
src: "{{ kolla_ansible_local_src_dir }}/{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
@ -197,13 +197,13 @@
|
||||
when: item.when | default(true)
|
||||
|
||||
- block:
|
||||
- name: ensure ironic config directory exists
|
||||
- name: Ensure ironic config directory exists
|
||||
file:
|
||||
path: /etc/kolla/config/ironic
|
||||
state: directory
|
||||
mode: 0777
|
||||
|
||||
- name: download Ironic Python Agent (IPA) images
|
||||
- name: Download Ironic Python Agent (IPA) images
|
||||
get_url:
|
||||
url: "https://tarballs.opendev.org/openstack/ironic-python-agent/tinyipa/files/{{ item.src }}"
|
||||
dest: "/etc/kolla/config/ironic/{{ item.dest }}"
|
||||
@ -215,12 +215,12 @@
|
||||
when: scenario == "ironic"
|
||||
|
||||
- block:
|
||||
- name: slurp requirements.yml
|
||||
- name: Slurp requirements.yml
|
||||
slurp:
|
||||
src: "{{ kolla_ansible_src_dir }}/requirements.yml"
|
||||
register: requirements_yml
|
||||
|
||||
- name: write requirements.yml
|
||||
- name: Write requirements.yml
|
||||
copy:
|
||||
content: "{{ new_requirements | to_nice_yaml }}"
|
||||
dest: "{{ kolla_ansible_src_dir }}/requirements.yml"
|
||||
@ -232,7 +232,7 @@
|
||||
new_requirements:
|
||||
collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}"
|
||||
|
||||
- name: ensure /etc/ansible exists
|
||||
- name: Ensure /etc/ansible exists
|
||||
file:
|
||||
path: /etc/ansible
|
||||
state: directory
|
||||
@ -255,7 +255,7 @@
|
||||
state: latest
|
||||
virtualenv: "{{ kolla_ansible_venv_path }}"
|
||||
|
||||
- name: install kolla-ansible and dependencies
|
||||
- name: Install kolla-ansible and dependencies
|
||||
vars:
|
||||
ansible_core_version_min: "==2.14.*"
|
||||
ansible_core_version_max: "==2.15.*"
|
||||
@ -271,7 +271,7 @@
|
||||
virtualenv: "{{ kolla_ansible_venv_path }}"
|
||||
|
||||
# TODO(mnasiadka): Remove in Caracal
|
||||
- name: install Ansible on upgrade only
|
||||
- name: Install Ansible on upgrade only
|
||||
vars:
|
||||
ansible_version_min: "==7.*"
|
||||
ansible_version_max: "==8.*"
|
||||
@ -284,32 +284,32 @@
|
||||
virtualenv: "{{ kolla_ansible_venv_path }}"
|
||||
when: is_upgrade
|
||||
|
||||
- name: install Ansible collections
|
||||
- name: Install Ansible collections
|
||||
shell: |
|
||||
source {{ kolla_ansible_venv_path }}/bin/activate
|
||||
kolla-ansible install-deps
|
||||
args:
|
||||
executable: /bin/bash
|
||||
|
||||
- name: get ARA callback plugin path
|
||||
- name: Get ARA callback plugin path
|
||||
command: "{{ kolla_ansible_venv_path }}/bin/python3 -m ara.setup.callback_plugins"
|
||||
changed_when: false
|
||||
register: ara_callback_plugins
|
||||
|
||||
- name: template ansible.cfg
|
||||
- name: Template ansible.cfg
|
||||
template:
|
||||
src: "{{ kolla_ansible_local_src_dir }}/tests/templates/ansible.cfg.j2"
|
||||
dest: /etc/ansible/ansible.cfg
|
||||
become: true
|
||||
|
||||
- name: copy passwords.yml file
|
||||
- name: Copy passwords.yml file
|
||||
copy:
|
||||
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
|
||||
dest: /etc/kolla/passwords.yml
|
||||
mode: "0640"
|
||||
remote_src: true
|
||||
|
||||
- name: generate passwords
|
||||
- name: Generate passwords
|
||||
command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd"
|
||||
|
||||
- name: Record the running state of the environment as seen by the setup module
|
||||
@ -326,7 +326,7 @@
|
||||
# NOTE(yoctozepto): k-a octavia-certificates should run before k-a bootstrap-servers
|
||||
# because the latter hijacks /etc/kolla permissions (due to same directory on the
|
||||
# same host being used by both)
|
||||
- name: create TLS certificates for octavia
|
||||
- name: Create TLS certificates for octavia
|
||||
shell: |
|
||||
source {{ kolla_ansible_venv_path }}/bin/activate
|
||||
kolla-ansible octavia-certificates
|
||||
@ -390,14 +390,14 @@
|
||||
mode: 0755
|
||||
with_items: "{{ cephadm_kolla_ceph_services }}"
|
||||
|
||||
- name: copy ceph.conf to enabled services
|
||||
- name: Copy ceph.conf to enabled services
|
||||
copy:
|
||||
remote_src: True
|
||||
src: "/etc/ceph/ceph.conf.fixed"
|
||||
dest: "/etc/kolla/config/{{ item.name }}/ceph.conf"
|
||||
with_items: "{{ cephadm_kolla_ceph_services }}"
|
||||
|
||||
- name: copy keyrings to enabled services
|
||||
- name: Copy keyrings to enabled services
|
||||
copy:
|
||||
remote_src: True
|
||||
src: "/var/run/ceph/{{ ceph_fsid }}/{{ item.keyring }}"
|
||||
@ -623,7 +623,7 @@
|
||||
- block:
|
||||
# NOTE(mgoddard): This only affects the remote copy of the repo, not the
|
||||
# one on the executor.
|
||||
- name: checkout the current ansible-collection-kolla branch
|
||||
- name: Checkout the current ansible-collection-kolla branch
|
||||
shell:
|
||||
cmd: |
|
||||
git checkout {{ zuul.branch }}
|
||||
@ -633,7 +633,7 @@
|
||||
|
||||
# NOTE(frickler): We modified requirements.yml, need to revert the
|
||||
# changes in order for the branch checkout to succeed
|
||||
- name: checkout the current kolla-ansible branch
|
||||
- name: Checkout the current kolla-ansible branch
|
||||
shell:
|
||||
cmd: |
|
||||
git checkout requirements.yml
|
||||
@ -642,7 +642,7 @@
|
||||
git log --pretty=oneline -1
|
||||
chdir: "{{ kolla_ansible_src_dir }}"
|
||||
|
||||
- name: checkout the current requirements branch
|
||||
- name: Checkout the current requirements branch
|
||||
shell:
|
||||
cmd: |
|
||||
git checkout {{ zuul.projects["opendev.org/openstack/requirements"].checkout }}
|
||||
@ -668,12 +668,12 @@
|
||||
dest: /etc/kolla/config/nova/nova-compute.conf
|
||||
when: item.when | default(true)
|
||||
|
||||
- name: slurp requirements.yml
|
||||
- name: Slurp requirements.yml
|
||||
slurp:
|
||||
src: "{{ kolla_ansible_src_dir }}/requirements.yml"
|
||||
register: requirements_yml
|
||||
|
||||
- name: write requirements.yml
|
||||
- name: Write requirements.yml
|
||||
copy:
|
||||
content: "{{ new_requirements | to_nice_yaml }}"
|
||||
dest: "{{ kolla_ansible_src_dir }}/requirements.yml"
|
||||
@ -685,14 +685,14 @@
|
||||
new_requirements:
|
||||
collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}"
|
||||
|
||||
- name: upgrade kolla-ansible
|
||||
- name: Upgrade kolla-ansible
|
||||
pip:
|
||||
extra_args: "-c {{ upper_constraints_file }}"
|
||||
name:
|
||||
- "{{ kolla_ansible_src_dir }}"
|
||||
virtualenv: "{{ kolla_ansible_venv_path }}"
|
||||
|
||||
- name: install Ansible collections
|
||||
- name: Install Ansible collections
|
||||
shell: |
|
||||
source {{ kolla_ansible_venv_path }}/bin/activate
|
||||
kolla-ansible install-deps
|
||||
@ -701,20 +701,20 @@
|
||||
|
||||
# Update passwords.yml to include any new passwords added in this
|
||||
# release.
|
||||
- name: move passwords.yml to passwords.yml.old
|
||||
- name: Move passwords.yml to passwords.yml.old
|
||||
command: mv /etc/kolla/passwords.yml /etc/kolla/passwords.yml.old
|
||||
|
||||
- name: copy passwords.yml file
|
||||
- name: Copy passwords.yml file
|
||||
copy:
|
||||
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
|
||||
dest: /etc/kolla/passwords.yml
|
||||
mode: "0640"
|
||||
remote_src: true
|
||||
|
||||
- name: generate new passwords
|
||||
- name: Generate new passwords
|
||||
command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd"
|
||||
|
||||
- name: merge old and new passwords
|
||||
- name: Merge old and new passwords
|
||||
command: >-
|
||||
{{ kolla_ansible_venv_path }}/bin/kolla-mergepwd
|
||||
--old /etc/kolla/passwords.yml.old
|
||||
|
1
tox.ini
1
tox.ini
@ -95,6 +95,7 @@ setenv =
|
||||
ANSIBLE_LIBRARY = {toxinidir}/ansible/library
|
||||
ANSIBLE_ACTION_PLUGINS = {toxinidir}/ansible/action_plugins
|
||||
ANSIBLE_FILTER_PLUGINS = {toxinidir}/ansible/filter_plugins
|
||||
ANSIBLE_ROLES_PATH = {toxinidir}/ansible/roles
|
||||
|
||||
deps =
|
||||
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
|
||||
|
Loading…
Reference in New Issue
Block a user