Auto-fix yaml rules

In order to reduce divergance with ansible-lint rules, we apply auto-fixing of violations. In current patch we replace all kind of truthy variables with `true` or `false` values to align with recommendations along with alignment of used quotes. Change-Id: I07f9d0d1e0efa3fbefbc3467ea23da6ed3ef40a2
2025-02-12 12:50:17 +01:00
parent 61a1d32bb3
commit 93c3d2e432
19 changed files with 71 additions and 71 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,7 @@ logs/*
 # OS generated files #
 ######################
 ._*
 .ansible
 .tox
 *.egg-info
 .eggs
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,7 +14,7 @@
 # limitations under the License.
 ## Verbosity Options
-debug: False
+debug: false
 # Set the host which will execute the shade modules
 # for the service setup. The host must already have
@@ -54,7 +54,7 @@ keystone_pip_install_args: "{{ pip_install_options | default('') }}"
 keystone_venv_tag: "{{ venv_tag | default('untagged') }}"
 keystone_bin: "{{ _keystone_bin }}"
-keystone_fatal_deprecations: False
+keystone_fatal_deprecations: false
 ## System info
 keystone_system_user_name: keystone
@@ -129,7 +129,7 @@ keystone_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time |
 keystone_messaging_enabled: true
 # RPC
-keystone_oslomsg_rpc_configure: False
+keystone_oslomsg_rpc_configure: false
 keystone_oslomsg_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
 keystone_oslomsg_rpc_setup_host: "{{ (keystone_oslomsg_rpc_host_group in groups) | ternary(groups[keystone_oslomsg_rpc_host_group][0], 'localhost') }}"
 keystone_oslomsg_rpc_transport: "{{ oslomsg_rpc_transport | default('rabbit') }}"
@@ -272,10 +272,10 @@ keystone_pki_certs_path: "{{ keystone_pki_dir ~ '/certs/certs/' }}"
 keystone_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name }}"
 keystone_pki_intermediate_cert_path: >-
  {{ keystone_pki_dir ~ '/roots/' ~ keystone_pki_intermediate_cert_name ~ '/certs/' ~ keystone_pki_intermediate_cert_name ~ '.crt' }}
-keystone_pki_regen_cert: ''
+keystone_pki_regen_cert: ""
 # By default, CA creation is controlled using the CA 'condition' field
-keystone_pki_create_ca: True
+keystone_pki_create_ca: true
 # An optional private certificate authority for when Keystone is an IDP
 keystone_idp_authority_name: "KeystoneIDPAuthority"
 keystone_pki_authorities:
@@ -294,7 +294,7 @@ keystone_pki_authorities:
    condition: "{{ (keystone_idp['certfile'] is defined) and _keystone_is_first_play_host }}"
 # By default, certificate creation is controlled using the certificates 'condition' field
-keystone_pki_create_certificates: True
+keystone_pki_create_certificates: true
 # Server certificate for Apache
 keystone_pki_certificates:
  - name: "keystone_{{ ansible_facts['hostname'] }}"
@@ -305,7 +305,7 @@ keystone_pki_certificates:
    condition: "{{ keystone_backend_ssl }}"
 # Set to the value of keystone_idp_authority_name to regenerate the IDP CA
-keystone_pki_regen_ca: ''
+keystone_pki_regen_ca: ""
 # keystone destination files for Apache SSL certificates
 keystone_ssl_cert: /etc/ssl/certs/keystone.pem
@@ -395,7 +395,6 @@ keystone_cache_servers: "{{ keystone_memcached_servers.split(',') }}"
 keystone_ldap: {}
 keystone_ldap_domain_config_dir: /etc/keystone/domains
 ## Policy vars
 # Provide a list of access controls to update the default policy.json with. These changes will be merged
 # with the access controls in the default policy.json. E.g.
@@ -628,7 +627,7 @@ keystone_uwsgi_init_overrides: {}
 keystone_services:
  keystone-wsgi-public:
    group: keystone_all
-    wsgi_app: True
+    wsgi_app: true
    wsgi_path: "{{ keystone_bin }}/keystone-wsgi-public"
    uwsgi_overrides: >-
      {{
@@ -661,7 +660,7 @@ keystone_set_real_ip_from: []
 # database migrations. This is sometimes useful when
 # doing upgrades, but should not usually be required.
 # ref: https://bugs.launchpad.net/openstack-ansible/+bug/1793389
-keystone_flush_memcache: no
+keystone_flush_memcache: false
 # host which holds the ssh certificate authority
 keystone_ssh_keypairs_setup_host: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}"
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -16,7 +16,7 @@
 - name: Restart web server
  service:
    name: "{{ keystone_system_service_name }}"
-    enabled: yes
+    enabled: true
    state: restarted
    daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
  register: _restart
@@ -58,7 +58,7 @@
 - name: Start uWSGI
  service:
    name: "{{ item }}"
-    enabled: yes
+    enabled: true
    state: "started"
    daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
  register: _start
@@ -86,7 +86,7 @@
 - name: Restart Shibd
  service:
    name: "shibd"
-    enabled: yes
+    enabled: true
    state: "restarted"
    daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}"
  register: _restart
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@@ -95,8 +95,8 @@
 ## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files
 - name: Enable/disable proxy_uwsgi_module
  lineinfile:
-    dest: '/etc/httpd/conf.modules.d/00-proxy.conf'
+    dest: "/etc/httpd/conf.modules.d/00-proxy.conf"
-    line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
+    line: "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so"
    state: "present"
  when:
    - ansible_facts['pkg_mgr'] == 'dnf'
@@ -132,7 +132,7 @@
 - name: Ensure Apache ServerTokens
  lineinfile:
    dest: "{{ keystone_apache_security_conf }}"
-    regexp: '^ServerTokens'
+    regexp: "^ServerTokens"
    line: "ServerTokens {{ keystone_apache_servertokens }}"
  notify:
    - Restart web server
@@ -140,7 +140,7 @@
 - name: Ensure Apache ServerSignature
  lineinfile:
    dest: "{{ keystone_apache_security_conf }}"
-    regexp: '^ServerSignature'
+    regexp: "^ServerSignature"
    line: "ServerSignature {{ keystone_apache_serversignature }}"
  notify:
    - Restart web server
@@ -148,8 +148,8 @@
 - name: Remove Listen from Apache config
  lineinfile:
    dest: "{{ keystone_apache_conf }}"
-    regexp: '^(Listen.*)'
+    regexp: "^(Listen.*)"
-    backrefs: yes
+    backrefs: true
-    line: '#\1'
+    line: "#\\1"
  notify:
    - Restart web server
--- a/tasks/keystone_credential_create.yml
+++ b/tasks/keystone_credential_create.yml
@@ -22,7 +22,7 @@
  find:
    paths: "{{ keystone_credential_key_repository }}"
    patterns: "^[0-9]+$"
-    use_regex: True
+    use_regex: true
  when: not _credential_keys.stat.exists
  register: credential_key_list
  delegate_to: "{{ item }}"
@@ -75,7 +75,7 @@
    {{ keystone_bin }}/keystone-manage credential_setup
                                       --keystone-user "{{ keystone_system_user_name }}"
                                       --keystone-group "{{ keystone_system_group_name }}"
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  register: create_credential_keys
  when:
@@ -90,7 +90,7 @@
        {{ keystone_bin }}/keystone-manage credential_rotate
                                          --keystone-user "{{ keystone_system_user_name }}"
                                          --keystone-group "{{ keystone_system_group_name }}"
-      become: yes
+      become: true
      become_user: "{{ keystone_system_user_name }}"
  # credential_rotate might fail in case any credential is not using current private key
  # so in case it fails, we need to try perform the migraton and attempt rotation after that
@@ -100,7 +100,7 @@
        {{ keystone_bin }}/keystone-manage credential_migrate
                                          --keystone-user "{{ keystone_system_user_name }}"
                                          --keystone-group "{{ keystone_system_group_name }}"
-      become: yes
+      become: true
      become_user: "{{ keystone_system_user_name }}"
    - name: Rotate credential keys for Keystone # noqa: no-changed-when
@@ -108,7 +108,7 @@
        {{ keystone_bin }}/keystone-manage credential_rotate
                                          --keystone-user "{{ keystone_system_user_name }}"
                                          --keystone-group "{{ keystone_system_group_name }}"
-      become: yes
+      become: true
      become_user: "{{ keystone_system_user_name }}"
  always:
    # Let's run migration at the end anyway, as we need it after successfull rotation.
@@ -117,5 +117,5 @@
        {{ keystone_bin }}/keystone-manage credential_migrate
                                          --keystone-user "{{ keystone_system_user_name }}"
                                          --keystone-group "{{ keystone_system_group_name }}"
-      become: yes
+      become: true
      become_user: "{{ keystone_system_user_name }}"
--- a/tasks/keystone_credential_distribute.yml
+++ b/tasks/keystone_credential_distribute.yml
@@ -22,7 +22,7 @@
          --delete
          {{ keystone_credential_key_repository }}/
          {{ keystone_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:{{ keystone_credential_key_repository }}/
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  changed_when: false
  with_items: "{{ groups['keystone_all'][1:] }}"
--- a/tasks/keystone_db_sync.yml
+++ b/tasks/keystone_db_sync.yml
@@ -15,12 +15,12 @@
 - name: Check current state of Keystone DB
  command: "{{ keystone_bin }}/keystone-manage db_sync --check"
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  register: keystone_db_sync_check
  failed_when: "keystone_db_sync_check.rc == 1"
  changed_when: "keystone_db_sync_check.rc not in [2, 3, 4]"
-  run_once: yes
+  run_once: true
 - name: Set the db sync local facts
  ini_file:
@@ -47,7 +47,7 @@
 - name: Test if keystone service exists
  service: # noqa: args[module]
    name: "{{ item }}"
-  check_mode: yes
+  check_mode: true
  register: keystone_service_exists
  with_items: "{{ keystone_services.keys() | list }}"
@@ -69,20 +69,20 @@
 - name: Perform a Keystone DB sync expand
  command: "{{ keystone_bin }}/keystone-manage db_sync --expand"
  changed_when: false
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  when:
    - "ansible_local['openstack_ansible']['keystone']['need_db_expand'] | bool"
-  run_once: yes
+  run_once: true
  notify: flush cache
 - name: Perform a Keystone DB sync contract
  command: "{{ keystone_bin }}/keystone-manage db_sync --contract"
  changed_when: false
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  when:
    - "(keystone_all_software_updated | default('no')) | bool"
    - "ansible_local['openstack_ansible']['keystone']['need_db_contract'] | bool"
-  run_once: yes
+  run_once: true
  notify: flush cache
--- a/tasks/keystone_fernet_keys_create.yml
+++ b/tasks/keystone_fernet_keys_create.yml
@@ -45,7 +45,7 @@
          --delete
          {{ keystone_system_user_name }}@{{ existing_fernet_hosts[0] }}:{{ keystone_fernet_tokens_key_repository }}/
          {{ keystone_fernet_tokens_key_repository }}/
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  changed_when: false
  register: _fernet_keys_shared
@@ -60,7 +60,7 @@
    {{ keystone_bin }}/keystone-manage fernet_setup
                                       --keystone-user "{{ keystone_system_user_name }}"
                                       --keystone-group "{{ keystone_system_group_name }}"
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  when:
    - not _fernet_keys.stat.exists
@@ -71,6 +71,6 @@
    {{ keystone_bin }}/keystone-manage fernet_rotate
                                       --keystone-user "{{ keystone_system_user_name }}"
                                       --keystone-group "{{ keystone_system_group_name }}"
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  when: _fernet_keys.stat.exists
--- a/tasks/keystone_fernet_keys_distribute.yml
+++ b/tasks/keystone_fernet_keys_distribute.yml
@@ -22,7 +22,7 @@
          --delete
          {{ keystone_fernet_tokens_key_repository }}/
          {{ keystone_system_user_name }}@{{ hostvars[item]['ansible_host'] | default(item) }}:{{ keystone_fernet_tokens_key_repository }}/
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  changed_when: false
  with_items: "{{ groups['keystone_all'][1:] }}"
--- a/tasks/keystone_idp_setup.yml
+++ b/tasks/keystone_idp_setup.yml
@@ -16,7 +16,7 @@
 - name: Generate IdP metadata
  shell: |
    {{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }}
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  changed_when: false
  when: keystone_idp != {}
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@@ -42,7 +42,7 @@
    description: "shibboleth Repo"
    baseurl: "{{ keystone_centos_shibboleth_mirror }}"
    gpgkey: "{{ keystone_centos_shibboleth_key }}"
-    gpgcheck: yes
+    gpgcheck: true
  when:
    - ansible_facts['pkg_mgr'] == 'dnf'
    - keystone_sp != {}
@@ -144,6 +144,6 @@
    src: "{{ keystone_bin }}/keystone-wsgi-public"
    dest: "/var/www/cgi-bin/keystone/main"
    state: link
-    force: yes
+    force: true
  notify:
    - Restart web server
--- a/tasks/keystone_key_setup.yml
+++ b/tasks/keystone_key_setup.yml
@@ -19,7 +19,7 @@
    path: "{{ keystone_system_user_home }}/.ssh"
    owner: "{{ keystone_system_user_name }}"
    group: "{{ keystone_system_group_name }}"
-    mode: '0755'
+    mode: "0755"
 - name: Create ssh keys for synchronising fernet keys
  include_role:
--- a/tasks/keystone_post_install.yml
+++ b/tasks/keystone_post_install.yml
@@ -20,9 +20,9 @@
  systemd:
    name: "{{ keystone_sshd }}"
    state: started
-    enabled: yes
+    enabled: true
-    masked: no
+    masked: false
-    daemon_reload: yes
+    daemon_reload: true
  delegate_to: "{{ item }}"
  with_items: "{{ ansible_play_hosts }}"
  when: _keystone_is_first_play_host
@@ -75,7 +75,7 @@
  fetch:
    src: "{{ item.target_f }}"
    dest: "{{ item.tmp_f }}"
-    flat: yes
+    flat: true
  changed_when: false
  run_once: true
  with_items: "{{ keystone_core_files }}"
--- a/tasks/keystone_service_bootstrap.yml
+++ b/tasks/keystone_service_bootstrap.yml
@@ -36,7 +36,7 @@
    --bootstrap-public-url {{ keystone_service_publicuri }} \
    --bootstrap-internal-url {{ keystone_service_internaluri }}
  no_log: true
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  changed_when: false
  register: add_service
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -301,12 +301,12 @@
 - name: Diagnose common problems with keystone deployments
  command: "{{ keystone_bin }}/keystone-manage doctor"
-  become: yes
+  become: true
  become_user: "{{ keystone_system_user_name }}"
  register: keystone_doctor
  failed_when: not debug and keystone_doctor.rc != 0
  changed_when: false
-  run_once: yes
+  run_once: true
  when:
    - "_keystone_is_last_play_host"
  tags:
--- a/tasks/main_keystone_federation_sp_idp_setup.yml
+++ b/tasks/main_keystone_federation_sp_idp_setup.yml
@@ -8,6 +8,6 @@
  when:
    - keystone_service_setup | bool
    - keystone_sp != {}
-  run_once: yes
+  run_once: true
  tags:
    - keystone-config
--- a/vars/debian.yml
+++ b/vars/debian.yml
@@ -51,7 +51,7 @@ keystone_idp_distro_packages:
  - xmlsec1
 # From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
-_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
+_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: true
 keystone_sp_apache_mod_packages:
  - name: libapache2-mod-shib
@@ -103,6 +103,6 @@ keystone_apache_modules:
 keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
-keystone_uwsgi_bin: '/usr/bin'
+keystone_uwsgi_bin: "/usr/bin"
 keystone_sshd: ssh
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -44,7 +44,7 @@ keystone_idp_distro_packages:
  - xmlsec1
 # From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
-_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
+_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: true
 keystone_sp_apache_mod_packages:
  - name: shibboleth
@@ -73,6 +73,6 @@ keystone_apache_configs:
 keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'httpd') }}"
-keystone_uwsgi_bin: '/usr/sbin'
+keystone_uwsgi_bin: "/usr/sbin"
 keystone_sshd: sshd