From 1e250727c10a271df0b50478bd7fedf229d45b56 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Wed, 20 Aug 2025 11:38:27 +0200 Subject: [PATCH] fix ansible-lint errors in hypervisor role for issue 101 --- .ansible-lint | 18 +++++++----- .../.ansible-lint | 16 ----------- .../defaults/main.yml | 5 ++-- .../handlers/main.yml | 4 ++- .../tasks/main.yml | 19 +++++++++++-- .../cluster/wait-mcp-finished-updating.yml | 2 +- .../tasks/platform/redhat_ocp_virt/main.yml | 2 +- .../operators/install-cnv-operator.yml | 8 +++--- .../operators/install-nmstate-operator.yml | 2 +- .../operators/install-sriov-operator.yml | 8 +++--- .../storage/install-trident.yml | 2 +- .../redhat_ocp_virt/worker/node-network.yml | 8 +++--- .../allocate-hugepages-at-runtime.yml | 6 ++-- .../redhat_rhel_kvm/assert-configuration.yml | 28 +++++++++---------- .../redhat_rhel_kvm/assert-installation.yml | 2 +- .../redhat_rhel_kvm/assert-rhv-hooks.yml | 6 ++-- .../assert-set-tuned-profile.yml | 2 +- .../tasks/platform/redhat_rhel_kvm/main.yml | 8 +++--- 18 files changed, 77 insertions(+), 69 deletions(-) delete mode 100644 roles/sap_hypervisor_node_preconfigure/.ansible-lint diff --git a/.ansible-lint b/.ansible-lint index 743bf739..21b29859 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -5,11 +5,10 @@ exclude_paths: - .ansible/ - .cache/ - .github/ - #- docs/ + - docs/ - changelogs/ # Changelog files are missing '---' required in normal yml files. - roles/sap_vm_preconfigure # Role is WIP - # TODO: Remove when ansible-lint issues are resolved (Issue #101). - - roles/sap_hypervisor_node_preconfigure + - roles/sap_vm_verify # Role is WIP enable_list: - yaml @@ -25,10 +24,15 @@ skip_list: - schema # Allow templating inside name because it creates more detailed output: - name[template] - - yaml[comments] - - yaml[line-length] + # Allow command tasks without defining changed_when - no-changed-when - - no-tabs + # Allow tasks that could be replaced by handlers - no-handler + # Disable jinja formatting check - jinja[spacing] - - var-naming[no-jinja] + + # Disabled skips, because they are not not required now. + # - yaml[comments] + # - yaml[line-length] + # - no-tabs + # - var-naming[no-jinja] diff --git a/roles/sap_hypervisor_node_preconfigure/.ansible-lint b/roles/sap_hypervisor_node_preconfigure/.ansible-lint deleted file mode 100644 index 8a5df4d4..00000000 --- a/roles/sap_hypervisor_node_preconfigure/.ansible-lint +++ /dev/null @@ -1,16 +0,0 @@ ---- -exclude_paths: - - tests/ -enable_list: - - yaml -skip_list: - # We don't want to enforce new Ansible versions for Galaxy: - - meta-runtime[unsupported-version] - # We do not want to use checks which are marked as experimental: - - experimental - # We use ignore_errors for all the assert tasks, which should be acceptable: - - ignore-errors - # We want to allow single digit version numbers in a role's meta/main.yml file: - - schema - # Allow templating inside name because it creates more detailed output: - - name[template] diff --git a/roles/sap_hypervisor_node_preconfigure/defaults/main.yml b/roles/sap_hypervisor_node_preconfigure/defaults/main.yml index 9f19324f..2329d13f 100644 --- a/roles/sap_hypervisor_node_preconfigure/defaults/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/defaults/main.yml @@ -1,4 +1,5 @@ --- -# ibmpower_phyp, redhat_ocp_virt, redhat_rhel_kvm, vmware_vsphere -sap_hypervisor_node_preconfigure_platform: +# Define which hypervisor platform to use (String). +# Available options: redhat_ocp_virt, redhat_rhel_kvm +sap_hypervisor_node_preconfigure_platform: '' diff --git a/roles/sap_hypervisor_node_preconfigure/handlers/main.yml b/roles/sap_hypervisor_node_preconfigure/handlers/main.yml index 01ac2a01..317e707a 100644 --- a/roles/sap_hypervisor_node_preconfigure/handlers/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/handlers/main.yml @@ -1,3 +1,5 @@ --- - name: Hypervisor node preconfigure - Include Handler Tasks for {{ sap_hypervisor_node_preconfigure_platform }} - ansible.builtin.import_tasks: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml" + ansible.builtin.include_tasks: + file: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml" + when: (role_path ~ '/handlers/platform/' ~ sap_hypervisor_node_preconfigure_platform ~ '/main.yml') is file diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/main.yml index fe1e8b12..f1af0bfa 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/main.yml @@ -1,6 +1,21 @@ --- +- name: Assert that the variable 'sap_hypervisor_node_preconfigure_platform' is defined and valid + ansible.builtin.assert: + that: + - sap_hypervisor_node_preconfigure_platform is defined + - sap_hypervisor_node_preconfigure_platform is string + - sap_hypervisor_node_preconfigure_platform | trim | length > 0 + - sap_hypervisor_node_preconfigure_platform in ['redhat_ocp_virt', 'redhat_rhel_kvm'] + fail_msg: | + The variable 'sap_hypervisor_node_preconfigure_platform' is undefined or invalid. + Available options: redhat_ocp_virt, redhat_rhel_kvm + - name: SAP certified hypervisor node preconfigure - Include Vars for {{ sap_hypervisor_node_preconfigure_platform }} - ansible.builtin.include_vars: "platform_defaults_{{ sap_hypervisor_node_preconfigure_platform }}.yml" + ansible.builtin.include_vars: + file: "platform_defaults_{{ sap_hypervisor_node_preconfigure_platform }}.yml" + when: (role_path ~ '/vars/platform_defaults_' ~ sap_hypervisor_node_preconfigure_platform ~ '.yml') is file - name: SAP certified hypervisor node preconfigure - Include Tasks for {{ sap_hypervisor_node_preconfigure_platform }} - ansible.builtin.include_tasks: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml" + ansible.builtin.include_tasks: + file: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml" + when: (role_path ~ '/tasks/platform/' ~ sap_hypervisor_node_preconfigure_platform ~ '/main.yml') is file diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/cluster/wait-mcp-finished-updating.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/cluster/wait-mcp-finished-updating.yml index 55de648f..9216e657 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/cluster/wait-mcp-finished-updating.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/cluster/wait-mcp-finished-updating.yml @@ -1,5 +1,5 @@ --- -- name: Wait for worker MachineConfigPool to start updating +- name: Wait for worker MachineConfigPool to start updating # noqa: ignore-errors kubernetes.core.k8s_info: api_version: machineconfiguration.openshift.io/v1 kind: MachineConfigPool diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml index 5c2501d1..743f2c55 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml @@ -45,7 +45,7 @@ __sap_hypervisor_node_preconfigure_register_worker_memory_gib: "{{ (__sap_hypervisor_node_preconfigure_register_nodes[0]['status']['capacity']['memory'] | replace('Ki', '') | int / 1048576) }}" -- name: Check if host has minimal amount of memory (96GiB) +- name: Check if host has minimal amount of memory (96GiB) # noqa: ignore-errors ansible.builtin.assert: that: __sap_hypervisor_node_preconfigure_register_worker_memory_gib | int >= 96 fail_msg: "Not enough memory on node {{ __sap_hypervisor_node_preconfigure_register_worker_name }}" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-cnv-operator.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-cnv-operator.yml index 9f3e9d05..dd667236 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-cnv-operator.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-cnv-operator.yml @@ -56,7 +56,7 @@ vars: install_plan_name: "{{ __sap_hypervisor_node_preconfigure_register_cnv_subscription_install_plan_name.stdout }}" block: - - name: Get Install Plan details + - name: Get Install Plan details # noqa: ignore-errors kubernetes.core.k8s_info: api_version: operators.coreos.com/v1alpha1 kind: InstallPlan @@ -73,7 +73,7 @@ msg: "Install Plan is not Complete after the specified wait period." when: __sap_hypervisor_node_preconfigure_register_wait_for_installplan.resources[0].status.phase != "Complete" -- name: Wait and check for pod with label name hyperconverged-cluster-webhook under "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" namespace +- name: Wait and check for pod with label name hyperconverged-cluster-webhook under the namespace "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" kubernetes.core.k8s_info: kind: Pod namespace: "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" @@ -84,7 +84,7 @@ delay: 60 until: hco_webhook_pod.resources | selectattr('status.phase', 'equalto', 'Running') | list | length == hco_webhook_pod.resources | length -- name: Wait and check for pod with name hco-webhook under "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" namespace +- name: Wait and check for pod with name hco-webhook under the namespace "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" kubernetes.core.k8s_info: kind: Pod namespace: "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" @@ -95,7 +95,7 @@ delay: 60 until: __sap_hypervisor_node_preconfigure_register_hco_webhook_pod.resources | selectattr('status.phase', 'equalto', 'Running') | list | length == __sap_hypervisor_node_preconfigure_register_hco_webhook_pod.resources | length -- name: Wait and check if hco-webhook-service exists in "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" namespace +- name: Wait and check if hco-webhook-service exists in the namespace "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" kubernetes.core.k8s_info: kind: Service namespace: "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-nmstate-operator.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-nmstate-operator.yml index db9c171f..345a055e 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-nmstate-operator.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-nmstate-operator.yml @@ -100,7 +100,7 @@ delay: 10 until: nmstate_status.resources | length > 0 -- name: Wait and check for pod with label name nmstate-webhook under "{{ sap_hypervisor_node_preconfigure_nmstate_namespace }}" namespace +- name: Wait and check for pod with label name nmstate-webhook under the namespace "{{ sap_hypervisor_node_preconfigure_nmstate_namespace }}" kubernetes.core.k8s_info: kind: Pod namespace: "{{ sap_hypervisor_node_preconfigure_nmstate_namespace }}" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-sriov-operator.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-sriov-operator.yml index 35acedac..119ff1cf 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-sriov-operator.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-sriov-operator.yml @@ -47,7 +47,7 @@ delay: 10 until: subscription_status.resources[0].status.installplan.name is defined -- name: Wait for InstallPlan to complete for SR-IOV +- name: Wait for InstallPlan to complete for SR-IOV # noqa: ignore-errors kubernetes.core.k8s_info: api_version: operators.coreos.com/v1alpha1 kind: InstallPlan @@ -56,7 +56,7 @@ register: installplan_status retries: 30 delay: 10 - ignore_errors: yes + ignore_errors: true until: installplan_status.resources[0].status.phase == "Complete" - name: Verify SR-IOV Operator is running @@ -70,14 +70,14 @@ delay: 10 until: operatorgroup_status.resources -- name: Check if SriovOperatorConfig exists +- name: Check if SriovOperatorConfig exists # noqa: ignore-errors kubernetes.core.k8s_info: api_version: sriovnetwork.openshift.io/v1 kind: SriovOperatorConfig name: default namespace: openshift-sriov-network-operator register: sriov_operator_config_status - ignore_errors: yes + ignore_errors: true - name: Enable unsupported NICs for SR-IOV usage if the resource exists kubernetes.core.k8s: diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/storage/install-trident.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/storage/install-trident.yml index 416c8af4..49e36f34 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/storage/install-trident.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/storage/install-trident.yml @@ -5,7 +5,7 @@ src: "{{ sap_hypervisor_node_preconfigure_install_trident_url }}" dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_role.path }}/" -- name: Uninstall trident +- name: Uninstall trident # noqa: ignore-errors ansible.builtin.command: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_role.path }}/trident-installer/tridentctl uninstall -n trident" ignore_errors: true register: __sap_hypervisor_node_preconfigure_register_uninstall_trident diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/worker/node-network.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/worker/node-network.yml index 9a1212bc..f860447c 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/worker/node-network.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/worker/node-network.yml @@ -5,7 +5,7 @@ - name: "Create NodeNetworkConfigurationPolicy \ {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }} on \ - {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" # noqa name[template] kubernetes.core.k8s: state: present definition: @@ -23,7 +23,7 @@ or __sap_hypervisor_node_preconfigure_register_worker_network.type == 'ethernet' or __sap_hypervisor_node_preconfigure_register_worker_network.type == 'vlan' -- name: "Create NetworkAttachmentDefinition {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}" +- name: "Create NetworkAttachmentDefinition {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}" # noqa jinja kubernetes.core.k8s: state: present definition: @@ -41,7 +41,7 @@ 'type': 'cnv-bridge', 'bridge': __sap_hypervisor_node_preconfigure_register_worker_network.name, 'macspoofchk': true - } | to_json }}" + } | to_json }}" when: __sap_hypervisor_node_preconfigure_register_worker_network.type == 'linux-bridge' - name: Label the node with feature.node.kubernetes.io/network-sriov.capable=true @@ -58,7 +58,7 @@ - name: "Create SR-IOV NodeNetworkConfigurationPolicy \ {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }} on \ - {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" # noqa name[template] kubernetes.core.k8s: state: present definition: diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/allocate-hugepages-at-runtime.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/allocate-hugepages-at-runtime.yml index a36d9fd6..b1929122 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/allocate-hugepages-at-runtime.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/allocate-hugepages-at-runtime.yml @@ -1,7 +1,9 @@ --- - name: Install libhugetlbfs - ansible.builtin.yum: - name: libhugetlbfs, libhugetlbfs-utils + ansible.builtin.package: + name: + - libhugetlbfs + - libhugetlbfs-utils state: present # better location than rc.local? diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml index 934fdc25..43da5c57 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml @@ -6,26 +6,26 @@ register: __sap_hypervisor_node_preconfigure_kernelcmdline_assert changed_when: __sap_hypervisor_node_preconfigure_kernelcmdline_assert.rc != 0 -- name: "Assert - Kernel same page merging (KSM): Get status" +- name: "Assert - Kernel same page merging (KSM): Get status" # noqa: ignore-errors ansible.builtin.command: systemctl status ksm register: __sap_hypervisor_node_preconfigure_ksmstatus_assert ignore_errors: true changed_when: __sap_hypervisor_node_preconfigure_ksmstatus_assert.rc != 0 -- name: "Assert - Kernel same page merging (KSM): Check if stopped" +- name: "Assert - Kernel same page merging (KSM): Check if stopped" # noqa: ignore-errors ansible.builtin.assert: that: "'Active: inactive (dead)' in __sap_hypervisor_node_preconfigure_ksmstatus_assert.stdout" fail_msg: "FAIL: ksm is running" success_msg: "PASS: ksm not running" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" -- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Get status" +- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Get status" # noqa: ignore-errors ansible.builtin.command: systemctl status ksmtuned register: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert ignore_errors: true changed_when: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert.rc != 0 -- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Check if stopped" +- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Check if stopped" # noqa: ignore-errors ansible.builtin.assert: that: "'Active: inactive (dead)' in __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert.stdout" fail_msg: "FAIL: ksmtuned is running" @@ -49,20 +49,20 @@ - name: Assert - Check Intel Skylake CPU Platform when: __sap_hypervisor_node_preconfigure_cpu_stepping_assert == "4" block: - - name: Get ple_gap + - name: Get ple_gap # noqa: ignore-errors ansible.builtin.command: grep -E '^options\s+kvm_intel.*?ple_gap\s*=\s*0.*$' /etc/modprobe.d/kvm.conf register: __sap_hypervisor_node_preconfigure_skylake_plegap_assert ignore_errors: true changed_when: __sap_hypervisor_node_preconfigure_skylake_plegap_assert.rc != 0 - - name: Assert - Check if ple_gap=0 + - name: Assert - Check if ple_gap=0 # noqa: ignore-errors ansible.builtin.assert: that: "__sap_hypervisor_node_preconfigure_skylake_plegap_assert.rc == 0" fail_msg: "FAIL: ple_gap is not set to 0" success_msg: "PASS: ple_gap is set to 0" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - - name: Assert - Check for spectre_v2=retpoline + - name: Assert - Check for spectre_v2=retpoline # noqa: ignore-errors ansible.builtin.assert: that: "'spectre_v2=retpoline' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: spectre_v2=retpoline is not on Kernel command line" @@ -75,7 +75,7 @@ - name: Set fact for sap_hypervisor_node_preconfigure_register_assert_nx_huge_pages ansible.builtin.set_fact: sap_hypervisor_node_preconfigure_register_assert_nx_huge_pages: "{{ __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout | regex_search('kvm.nx_huge_pages=(.+)', '\\1') | first }}" - - name: "Assert - Check kvm.nx_huge_pages is {{ sap_hypervisor_node_preconfigure_kvm_nx_huge_pages }}" + - name: "Assert - Check kvm.nx_huge_pages is {{ sap_hypervisor_node_preconfigure_kvm_nx_huge_pages }}" # noqa: ignore-errors ansible.builtin.assert: that: sap_hypervisor_node_preconfigure_register_assert_nx_huge_pages == sap_hypervisor_node_preconfigure_kvm_nx_huge_pages fail_msg: "FAIL: kvm.nx_huge_pages is not {{ sap_hypervisor_node_preconfigure_kvm_nx_huge_pages }}" @@ -84,13 +84,13 @@ - name: Assert - check seccomp_sandbox=0 block: - - name: Get seccomp setting + - name: Get seccomp setting # noqa: ignore-errors ansible.builtin.command: grep -E '^seccomp_sandbox\s+=\s+0.*$' /etc/libvirt/qemu.conf register: __sap_hypervisor_node_preconfigure_seccomp_assert ignore_errors: true changed_when: __sap_hypervisor_node_preconfigure_seccomp_assert.rc != 0 - - name: "Assert - Check seccomp_sandbox=0 is in /etc/libvirt/qemu.conf" + - name: "Assert - Check seccomp_sandbox=0 is in /etc/libvirt/qemu.conf" # noqa: ignore-errors ansible.builtin.assert: that: __sap_hypervisor_node_preconfigure_seccomp_assert is success fail_msg: "FAIL: seccomp_sandbox != 0" @@ -104,7 +104,7 @@ register: __sap_hypervisor_node_preconfigure_1g_hugepages_assert changed_when: __sap_hypervisor_node_preconfigure_1g_hugepages_assert.rc != 0 - - name: "Check that at least {{ sap_hypervisor_node_preconfigure_reserved_ram }} GB are available for the hypervisor and the rest are 1G hugepages" + - name: "Ensure hypervisor RAM and hugepages meet min requirement (GB) {{ sap_hypervisor_node_preconfigure_reserved_ram }}" # noqa: ignore-errors ansible.builtin.assert: that: ((ansible_memtotal_mb / 1024) | int - sap_hypervisor_node_preconfigure_reserved_ram | int) >= (__sap_hypervisor_node_preconfigure_1g_hugepages_assert.stdout | int) fail_msg: "FAIL: Not enough memory reserved for hypervisor" @@ -113,14 +113,14 @@ - name: Assert - check Kernel command line block: - - name: Ensure iommu is enabled + - name: Ensure iommu is enabled # noqa: ignore-errors ansible.builtin.assert: that: "'intel_iommu=on' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: intel_iommu=on not on Kernel command line" success_msg: "PASS: intel_iommu=on on Kernel command line" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - - name: Ensure iommu passthrough is enabled + - name: Ensure iommu passthrough is enabled # noqa: ignore-errors ansible.builtin.assert: that: "'iommu=pt' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: iommu=pt not on Kernel command line" @@ -128,7 +128,7 @@ ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" # See SAP Note 2737837 - SAP HANA and the Intel Transactional Synchronization Extensions Capability - - name: Ensure tsx is on + - name: Ensure tsx is on # noqa: ignore-errors ansible.builtin.assert: that: "'tsx=on' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: tsx=on not in Kernel command line" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml index 34aa3014..445b7280 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml @@ -2,7 +2,7 @@ - name: Gather package facts ansible.builtin.package_facts: -- name: Assert that all required packages are installed +- name: Assert that all required packages are installed # noqa: ignore-errors ansible.builtin.assert: that: line_item in ansible_facts.packages fail_msg: "FAIL: Package '{{ line_item }}' is not installed!" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml index e4f40b9a..1dd011e4 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml @@ -4,7 +4,7 @@ register: __sap_hypervisor_node_preconfigure_register_file_permissions_assert changed_when: __sap_hypervisor_node_preconfigure_register_file_permissions_assert.rc != 0 -- name: Assert hook file permissions +- name: Assert hook file permissions # noqa: ignore-errors ansible.builtin.assert: that: "__sap_hypervisor_node_preconfigure_register_file_permissions_assert.stdout == '755'" fail_msg: "FAIL: Hook {{ item }} does not have the correct file permissions (!= 755)." @@ -23,13 +23,13 @@ src: "{{ item }}" mode: "0755" -- name: Diff hook +- name: Diff hook # noqa: ignore-errors ansible.builtin.command: "diff -uw /tmp/sap_hypervisor_node_preconfigure/{{ item }} /usr/libexec/vdsm/hooks/before_vm_start/{{ item }}" register: __sap_hypervisor_node_preconfigure_register_hook_diff_assert ignore_errors: true changed_when: __sap_hypervisor_node_preconfigure_register_hook_diff_assert.rc != 0 -- name: Assert hook content +- name: Assert hook content # noqa: ignore-errors ansible.builtin.assert: that: "__sap_hypervisor_node_preconfigure_register_hook_diff_assert.rc == 0" fail_msg: "FAIL: Hook {{ item }} has been modified, please investigate manually." diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml index ab0d0c9b..653e872d 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml @@ -6,7 +6,7 @@ register: __sap_hypervisor_node_preconfigure_tuned_profile_assert changed_when: __sap_hypervisor_node_preconfigure_tuned_profile_assert.rc != 0 - - name: Verify tuned profile + - name: Verify tuned profile # noqa: ignore-errors ansible.builtin.assert: that: "'Current active profile: sap-hana-kvm-host' in __sap_hypervisor_node_preconfigure_tuned_profile_assert.stdout" fail_msg: "FAIL: tuned profile is not sap-hana-kvm-host" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml index dd405a44..30bb731d 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml @@ -12,16 +12,16 @@ assert_prefix: "assert-" when: sap_hypervisor_node_preconfigure_assert -- name: Include "{{ assert_prefix }}installation.yml" +- name: Include the task file "{{ assert_prefix ~ 'installation.yml' }}" ansible.builtin.include_tasks: '{{ assert_prefix }}installation.yml' -- name: Include "{{ assert_prefix }}configuration.yml" +- name: Include the task file "{{ assert_prefix ~ 'configuration.yml' }}" ansible.builtin.include_tasks: '{{ assert_prefix }}configuration.yml' -- name: Include "{{ assert_prefix }}set-tuned-profile.yml" +- name: Include the task file "{{ assert_prefix ~ 'set-tuned-profile.yml' }}" ansible.builtin.include_tasks: '{{ assert_prefix }}set-tuned-profile.yml' -- name: Include "{{ assert_prefix }}rhv-hooks.yml" +- name: Include the task file "{{ assert_prefix ~ 'rhv-hooks.yml' }}" ansible.builtin.include_tasks: "{{ assert_prefix }}rhv-hooks.yml" loop: - 50_hana