diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000000..a335f18003 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,12 @@ +--- +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .zuul.d/ +offline: true +parseable: true +profile: basic +skip_list: + - package-latest + - role-name +strict: true +use_default_rules: true diff --git a/.yamllint b/.yamllint deleted file mode 100644 index bfc9e04c14..0000000000 --- a/.yamllint +++ /dev/null @@ -1,10 +0,0 @@ ---- -extends: default -ignore: | - .tox/ - -rules: - line-length: disable - truthy: disable - braces: - max-spaces-inside: 1 diff --git a/roles/configure-ephemeral/meta/main.yml b/roles/configure-ephemeral/meta/main.yml new file mode 100644 index 0000000000..a6b0fd849e --- /dev/null +++ b/roles/configure-ephemeral/meta/main.yml @@ -0,0 +1,4 @@ +--- +collections: + - ansible.posix + - community.general diff --git a/roles/configure-ephemeral/tasks/main.yml b/roles/configure-ephemeral/tasks/main.yml index 7d6402c301..d8733a8f93 100644 --- a/roles/configure-ephemeral/tasks/main.yml +++ b/roles/configure-ephemeral/tasks/main.yml @@ -3,7 +3,7 @@ # unallocated ephemeral device attached at /dev/xvde - name: Set ephemeral device if /dev/xvde exists when: ansible_devices["xvde"] is defined - set_fact: + ansible.builtin.set_fact: ephemeral_device: "/dev/xvde" # On other providers, we have a device called "ephemeral0". @@ -11,15 +11,15 @@ when: ephemeral_device is undefined block: - name: Get ephemeral0 device node - command: /sbin/blkid -L ephemeral0 + ansible.builtin.command: /sbin/blkid -L ephemeral0 register: ephemeral0 # rc !=0 is expected - failed_when: False - changed_when: False + failed_when: false + changed_when: false - name: Set ephemeral device if LABEL exists when: "ephemeral0.rc == 0" - set_fact: + ansible.builtin.set_fact: ephemeral_device: "{{ ephemeral0.stdout }}" - name: Configure additional disk (if available) @@ -53,13 +53,13 @@ fstype: ext4 dev: "{{ ephemeral_device }}" - - name: "Ensure {{ configure_ephemeral_mountpoint }} mountpoint is created" + - name: "Ensure mountpoint {{ configure_ephemeral_mountpoint }}" ansible.builtin.file: path: "{{ configure_ephemeral_mountpoint }}" owner: root group: root state: directory - mode: 0755 + mode: "0755" - name: Mount additional filesystem ansible.posix.mount: diff --git a/roles/kolla-build-config/tasks/main.yml b/roles/kolla-build-config/tasks/main.yml index f4d7f3eec4..4460ceb670 100644 --- a/roles/kolla-build-config/tasks/main.yml +++ b/roles/kolla-build-config/tasks/main.yml @@ -1,5 +1,8 @@ --- - name: Ensure kolla-build.conf exists - template: + ansible.builtin.template: src: kolla-build.conf.j2 dest: "{{ kolla_build_config_path }}" + mode: "0660" + owner: zuul + group: zuul diff --git a/roles/kolla-build-deps/tasks/main.yml b/roles/kolla-build-deps/tasks/main.yml index 2863cc0604..ebb5f00fa9 100644 --- a/roles/kolla-build-deps/tasks/main.yml +++ b/roles/kolla-build-deps/tasks/main.yml @@ -3,16 +3,23 @@ ansible.builtin.file: path: "{{ kolla_logs_dir }}" state: directory + mode: "0755" + owner: zuul + group: zuul - name: Dump host info to logs ansible.builtin.command: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tools/dump_info.sh" args: chdir: "{{ kolla_logs_dir }}" + changed_when: true - name: Create dir for kolla build logs ansible.builtin.file: path: "{{ kolla_build_logs_dir }}" state: directory + mode: "0755" + owner: zuul + group: zuul - name: Install Python3 pip and setuptools ansible.builtin.package: @@ -29,23 +36,6 @@ become: true when: ansible_facts.os_family == "Debian" -- name: Install dbus-python dependencies on Debian systems - ansible.builtin.package: - name: - - python3-dev - - libdbus-glib-1-dev - become: true - when: ansible_facts.os_family == "Debian" - -- name: Install dbus-python dependencies on EL systems - ansible.builtin.package: - name: - - python3-devel - - dbus-glib-devel - - dbus-daemon - become: true - when: ansible_facts.os_family == "RedHat" - - name: Install kolla in a venv ansible.builtin.pip: name: @@ -70,5 +60,5 @@ - name: Ensure container engine socket is world-writable ansible.builtin.file: path: "{{ '/run/docker.sock' if container_engine == 'docker' else '/run/podman/podman.sock' }}" - mode: 0666 + mode: "0666" become: true diff --git a/roles/kolla-build/tasks/main.yml b/roles/kolla-build/tasks/main.yml index ec09e4f79a..e5529f381d 100644 --- a/roles/kolla-build/tasks/main.yml +++ b/roles/kolla-build/tasks/main.yml @@ -3,6 +3,9 @@ ansible.builtin.template: src: "{{ kolla_build_template_overrides_path }}" dest: /etc/kolla/template_overrides.j2 + mode: "0660" + owner: zuul + group: zuul when: kolla_build_template_overrides_path | length > 0 - name: Run kolla-build to template out dockerfiles @@ -10,9 +13,11 @@ cmd: >- {{ kolla_build_venv_path }}/bin/kolla-build --template-only --work-dir {{ kolla_build_logs_dir }}/work_dir + changed_when: true - name: Run kolla-build vars: platform: "{{ '--platform linux/arm64' if base_arch == 'aarch64' and base_arch != ansible_facts.architecture }}" ansible.builtin.command: cmd: "{{ kolla_build_venv_path }}/bin/kolla-build {{ platform }}" + changed_when: true diff --git a/test-requirements.txt b/test-requirements.txt index ad35b87960..e9fa093f77 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,3 +1,4 @@ +ansible-lint<25 # MIT bandit!=1.6.0,>=1.1.0 # Apache-2.0 bashate>=0.5.1 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 diff --git a/test-requirements.yml b/test-requirements.yml new file mode 100644 index 0000000000..51f1743f6f --- /dev/null +++ b/test-requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - ansible.posix + - community.docker + - community.general diff --git a/tests/playbooks/post.yml b/tests/playbooks/post.yml index 7245b7ba8d..0306638103 100644 --- a/tests/playbooks/post.yml +++ b/tests/playbooks/post.yml @@ -1,13 +1,16 @@ --- -- hosts: all +- name: Zuul post + hosts: all tasks: - name: Dump host info to logs - command: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tools/dump_info.sh" + ansible.builtin.command: "{{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tools/dump_info.sh" args: chdir: "{{ kolla_logs_dir }}" + changed_when: true - name: Collect various info to logs - shell: + changed_when: true + ansible.builtin.shell: cmd: | set +o errexit set -o xtrace @@ -63,7 +66,9 @@ ps -eo user,pid,ppid,lwp,%cpu,%mem,size,rss,cmd > ps.txt # docker related information - (sudo {{ container_engine }} info && sudo {{ container_engine }} system df && sudo {{ container_engine }} system df -v) > {{ container_engine }}-info.txt + (sudo {{ container_engine }} info && \ + sudo {{ container_engine }} system df && \ + sudo {{ container_engine }} system df -v) > {{ container_engine }}-info.txt sudo cp -r /etc/kolla kolla_configs @@ -71,6 +76,7 @@ sudo chown -R {{ ansible_user_id }}: . # Parse build logs and extract pkg install info - {{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tests/files/process_build_logs.py -l build -b {{ base_distro }} > packages-info.txt + {{ ansible_user_dir }}/{{ zuul.project.src_dir }}/tests/files/process_build_logs.py \ + -l build -b {{ base_distro }} > packages-info.txt executable: /bin/bash chdir: "{{ kolla_logs_dir }}" diff --git a/tests/playbooks/pre.yml b/tests/playbooks/pre.yml index 7ebb660319..7733709678 100644 --- a/tests/playbooks/pre.yml +++ b/tests/playbooks/pre.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Zuul pre + hosts: all vars_files: - ../vars/zuul.yml roles: diff --git a/tests/playbooks/publish.yml b/tests/playbooks/publish.yml index 76352d299d..fd9124cd57 100644 --- a/tests/playbooks/publish.yml +++ b/tests/playbooks/publish.yml @@ -1,44 +1,48 @@ --- -- hosts: all +- name: Zuul publish + hosts: all vars: # NOTE(yoctozepto): We need Docker SDK, the best source is Kolla venv. ansible_python_interpreter: "{{ virtualenv_path }}/bin/python" tasks: - name: List all containers - docker_host_info: - images: yes + community.docker.docker_host_info: + images: true images_filters: reference: "{{ kolla_namespace }}/*" register: docker_host_info - - block: + - name: Publish to Dockerhub + when: kolla_registry == 'dockerhub' + block: - name: Login to Dockerhub - docker_login: + community.docker.docker_login: username: "{{ kolla_dockerhub_credentials.username | trim }}" password: "{{ kolla_dockerhub_credentials.password | trim }}" - name: Push built container images - docker_image: + community.docker.docker_image: name: "{{ item.RepoTags.0 }}" - push: yes + push: true source: local loop: "{{ docker_host_info.images }}" register: push_status until: push_status.failed is false retries: 5 - when: kolla_registry == 'dockerhub' - - block: + - name: Publish to quay.io + when: kolla_registry == 'quay.io' + block: - name: Login to quay.io - docker_login: + community.docker.docker_login: registry: quay.io username: "{{ kolla_quay_io_creds.username | trim }}" password: "{{ kolla_quay_io_creds.password | trim }}" - name: Push built container images - docker_image: + community.docker.docker_image: name: "{{ item.RepoTags.0 }}" - push: yes + push: true repository: "quay.io/{{ item.RepoTags.0 }}" source: local loop: "{{ docker_host_info.images }}" @@ -47,7 +51,7 @@ retries: 5 - name: Ensure repository visibility is public - uri: + ansible.builtin.uri: url: "https://quay.io/api/v1/repository/{{ item.RepoTags.0 }}/changevisibility" method: POST headers: @@ -55,4 +59,3 @@ body: '{"visibility": "public"}' body_format: json loop: "{{ docker_host_info.images }}" - when: kolla_registry == 'quay.io' diff --git a/tests/playbooks/run.yml b/tests/playbooks/run.yml index 238b2f7bd6..c946343a53 100644 --- a/tests/playbooks/run.yml +++ b/tests/playbooks/run.yml @@ -1,5 +1,6 @@ --- -- hosts: all +- name: Zuul run + hosts: all vars_files: - ../vars/zuul.yml vars: @@ -18,10 +19,10 @@ network_mode: host tasks: - name: Ensure /etc/kolla exists - file: + ansible.builtin.file: path: /etc/kolla state: directory - mode: 0777 + mode: "0777" become: true - name: Use ubuntu/debian base image from mirror @@ -29,7 +30,7 @@ kolla_mirror_config: DEFAULT: base_image: "quay.io/openstack.kolla/{{ base_distro }}" - set_fact: + ansible.builtin.set_fact: kolla_build_config: "{{ kolla_build_config | combine(kolla_mirror_config, recursive=True) }}" when: base_distro in ['debian', 'ubuntu'] @@ -39,7 +40,7 @@ DEFAULT: namespace: "{{ kolla_namespace }}" tag: "{{ zuul.branch | basename }}-{{ base_distro }}-{{ base_distro_version }}{{ tag_suffix }}" - set_fact: + ansible.builtin.set_fact: kolla_build_config: "{{ kolla_build_config | combine(kolla_publisher_config, recursive=True) }}" when: - publisher @@ -56,13 +57,15 @@ releaser-user: uid: 56000 gid: 56000 - set_fact: + ansible.builtin.set_fact: kolla_build_config: "{{ kolla_build_config | combine(kolla_build_external_docker_config, recursive=True) }}" when: - not publisher - - import_role: + - name: Import kolla-build-config role + import_role: name: kolla-build-config - - import_role: + - name: Import kolla-build role + import_role: name: kolla-build diff --git a/tests/vars/zuul.yml b/tests/vars/zuul.yml index 1c0c99e3db..e49f9d3560 100644 --- a/tests/vars/zuul.yml +++ b/tests/vars/zuul.yml @@ -7,4 +7,8 @@ nodepool_cbs_centos_proxy: "http://{{ zuul_site_mirror_fqdn }}:8080/cbs.centos" nodepool_docker_proxy: "http://{{ zuul_site_mirror_fqdn }}:8080/docker" # NOTE(hrw): wheel cache goes over 80/443 not on 8080 -nodepool_wheel_mirror: "https://{{ zuul_site_mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}-{{ (ansible_os_family == 'Debian') | ternary(ansible_distribution_version, ansible_distribution_major_version) }}-{{ ansible_architecture | lower }}" +nodepool_wheel_mirror: >- + https://{{ zuul_site_mirror_fqdn }}/wheel/{{ ansible_distribution | lower }}- + {{ (ansible_os_family == 'Debian') | + ternary(ansible_distribution_version, ansible_distribution_major_version) }}- + {{ ansible_architecture | lower }} diff --git a/tox.ini b/tox.ini index 923d4d821d..e57c38d0fb 100644 --- a/tox.ini +++ b/tox.ini @@ -50,7 +50,6 @@ commands = deps = {[testenv]deps} codespell - yamllint allowlist_externals = bash commands = bash {toxinidir}/tools/run-bashate.sh @@ -58,8 +57,9 @@ commands = bash {toxinidir}/tools/validate-all-dockerfiles.sh python {toxinidir}/tools/validate-all-file.py bandit -r docker kolla tests tools - yamllint -s . codespell -I {toxinidir}/.codespell-ignore + ansible-galaxy collection install -r test-requirements.yml + ansible-lint [testenv:bandit] commands = bandit -r docker kolla tests tools