sap_hypervisor_node_preconfigure: Fix ansible-lint errors from issue 101

.ansible-lint

@@ -5,11 +5,10 @@ exclude_paths:
   - .ansible/
   - .cache/
   - .github/
-  #- docs/
+  - docs/
   - changelogs/  # Changelog files are missing '---' required in normal yml files.
   - roles/sap_vm_preconfigure  # Role is WIP
-  # TODO: Remove when ansible-lint issues are resolved (Issue #101).
-  - roles/sap_hypervisor_node_preconfigure
+  - roles/sap_vm_verify  # Role is WIP
 
 enable_list:
   - yaml
@@ -25,10 +24,15 @@ skip_list:
   - schema
   # Allow templating inside name because it creates more detailed output:
   - name[template]
-  - yaml[comments]
-  - yaml[line-length]
+  # Allow command tasks without defining changed_when
   - no-changed-when
-  - no-tabs
+  # Allow tasks that could be replaced by handlers
   - no-handler
+  # Disable jinja formatting check
   - jinja[spacing]
-  - var-naming[no-jinja]
+
+  # Disabled skips, because they are not not required now.
+  # - yaml[comments]
+  # - yaml[line-length]
+  # - no-tabs
+  # - var-naming[no-jinja]

roles/sap_hypervisor_node_preconfigure/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
 
-# ibmpower_phyp, redhat_ocp_virt, redhat_rhel_kvm, vmware_vsphere
-sap_hypervisor_node_preconfigure_platform:
+# Define which hypervisor platform to use (String).
+# Available options: redhat_ocp_virt, redhat_rhel_kvm
+sap_hypervisor_node_preconfigure_platform: ''

roles/sap_hypervisor_node_preconfigure/handlers/main.yml

@@ -1,3 +1,5 @@
 ---
 - name: Hypervisor node preconfigure - Include Handler Tasks for {{ sap_hypervisor_node_preconfigure_platform }}
-  ansible.builtin.import_tasks: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml"
+  ansible.builtin.include_tasks:
+    file: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml"
+  when: (role_path ~ '/handlers/platform/' ~ sap_hypervisor_node_preconfigure_platform ~ '/main.yml') is file

roles/sap_hypervisor_node_preconfigure/tasks/main.yml

@@ -1,6 +1,21 @@
 ---
+- name: Assert that the variable 'sap_hypervisor_node_preconfigure_platform' is defined and valid
+  ansible.builtin.assert:
+    that:
+      - sap_hypervisor_node_preconfigure_platform is defined
+      - sap_hypervisor_node_preconfigure_platform is string
+      - sap_hypervisor_node_preconfigure_platform | trim | length > 0
+      - sap_hypervisor_node_preconfigure_platform in ['redhat_ocp_virt', 'redhat_rhel_kvm']
+    fail_msg: |
+      The variable 'sap_hypervisor_node_preconfigure_platform' is undefined or invalid.
+      Available options: redhat_ocp_virt, redhat_rhel_kvm
+
 - name: SAP certified hypervisor node preconfigure - Include Vars for {{ sap_hypervisor_node_preconfigure_platform }}
-  ansible.builtin.include_vars: "platform_defaults_{{ sap_hypervisor_node_preconfigure_platform }}.yml"
+  ansible.builtin.include_vars:
+    file: "platform_defaults_{{ sap_hypervisor_node_preconfigure_platform }}.yml"
+  when: (role_path ~ '/vars/platform_defaults_' ~ sap_hypervisor_node_preconfigure_platform ~ '.yml') is file
 
 - name: SAP certified hypervisor node preconfigure - Include Tasks for {{ sap_hypervisor_node_preconfigure_platform }}
-  ansible.builtin.include_tasks: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml"
+  ansible.builtin.include_tasks:
+    file: "platform/{{ sap_hypervisor_node_preconfigure_platform }}/main.yml"
+  when: (role_path ~ '/tasks/platform/' ~ sap_hypervisor_node_preconfigure_platform ~ '/main.yml') is file

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/cluster/wait-mcp-finished-updating.yml

@@ -1,5 +1,5 @@
 ---
-- name: Wait for worker MachineConfigPool to start updating
+- name: Wait for worker MachineConfigPool to start updating  # noqa: ignore-errors
   kubernetes.core.k8s_info:
     api_version: machineconfiguration.openshift.io/v1
     kind: MachineConfigPool

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml

@@ -45,7 +45,7 @@
     __sap_hypervisor_node_preconfigure_register_worker_memory_gib:
       "{{ (__sap_hypervisor_node_preconfigure_register_nodes[0]['status']['capacity']['memory'] | replace('Ki', '') | int / 1048576) }}"
 
-- name: Check if host has minimal amount of memory (96GiB)
+- name: Check if host has minimal amount of memory (96GiB)  # noqa: ignore-errors
   ansible.builtin.assert:
     that: __sap_hypervisor_node_preconfigure_register_worker_memory_gib | int >= 96
     fail_msg: "Not enough memory on node {{ __sap_hypervisor_node_preconfigure_register_worker_name }}"

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-cnv-operator.yml

@@ -56,7 +56,7 @@
   vars:
     install_plan_name: "{{ __sap_hypervisor_node_preconfigure_register_cnv_subscription_install_plan_name.stdout }}"
   block:
-    - name: Get Install Plan details
+    - name: Get Install Plan details  # noqa: ignore-errors
       kubernetes.core.k8s_info:
         api_version: operators.coreos.com/v1alpha1
         kind: InstallPlan
@@ -73,7 +73,7 @@
         msg: "Install Plan is not Complete after the specified wait period."
       when: __sap_hypervisor_node_preconfigure_register_wait_for_installplan.resources[0].status.phase != "Complete"
 
-- name: Wait and check for pod with label name hyperconverged-cluster-webhook under "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" namespace
+- name: Wait and check for pod with label name hyperconverged-cluster-webhook under the namespace "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}"
   kubernetes.core.k8s_info:
     kind: Pod
     namespace: "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}"
@@ -84,7 +84,7 @@
   delay: 60
   until: hco_webhook_pod.resources | selectattr('status.phase', 'equalto', 'Running') | list | length == hco_webhook_pod.resources | length
 
-- name: Wait and check for pod with name hco-webhook under "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" namespace
+- name: Wait and check for pod with name hco-webhook under the namespace "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}"
   kubernetes.core.k8s_info:
     kind: Pod
     namespace: "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}"
@@ -95,7 +95,7 @@
   delay: 60
   until: __sap_hypervisor_node_preconfigure_register_hco_webhook_pod.resources | selectattr('status.phase', 'equalto', 'Running') | list | length == __sap_hypervisor_node_preconfigure_register_hco_webhook_pod.resources | length
 
-- name: Wait and check if hco-webhook-service exists in "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}" namespace
+- name: Wait and check if hco-webhook-service exists in the namespace "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}"
   kubernetes.core.k8s_info:
     kind: Service
     namespace: "{{ sap_hypervisor_node_preconfigure_ocpv_namespace }}"

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-nmstate-operator.yml

@@ -100,7 +100,7 @@
   delay: 10
   until: nmstate_status.resources | length > 0
 
-- name: Wait and check for pod with label name nmstate-webhook under "{{ sap_hypervisor_node_preconfigure_nmstate_namespace }}" namespace
+- name: Wait and check for pod with label name nmstate-webhook under the namespace "{{ sap_hypervisor_node_preconfigure_nmstate_namespace }}"
   kubernetes.core.k8s_info:
     kind: Pod
     namespace: "{{ sap_hypervisor_node_preconfigure_nmstate_namespace }}"

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/operators/install-sriov-operator.yml

@@ -47,7 +47,7 @@
   delay: 10
   until: subscription_status.resources[0].status.installplan.name is defined
 
-- name: Wait for InstallPlan to complete for SR-IOV
+- name: Wait for InstallPlan to complete for SR-IOV  # noqa: ignore-errors
   kubernetes.core.k8s_info:
     api_version: operators.coreos.com/v1alpha1
     kind: InstallPlan
@@ -56,7 +56,7 @@
   register: installplan_status
   retries: 30
   delay: 10
-  ignore_errors: yes
+  ignore_errors: true
   until: installplan_status.resources[0].status.phase == "Complete"
 
 - name: Verify SR-IOV Operator is running
@@ -70,14 +70,14 @@
   delay: 10
   until: operatorgroup_status.resources
 
-- name: Check if SriovOperatorConfig exists
+- name: Check if SriovOperatorConfig exists  # noqa: ignore-errors
   kubernetes.core.k8s_info:
     api_version: sriovnetwork.openshift.io/v1
     kind: SriovOperatorConfig
     name: default
     namespace: openshift-sriov-network-operator
   register: sriov_operator_config_status
-  ignore_errors: yes
+  ignore_errors: true
 
 - name: Enable unsupported NICs for SR-IOV usage if the resource exists
   kubernetes.core.k8s:

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/storage/install-trident.yml

@@ -5,7 +5,7 @@
     src: "{{ sap_hypervisor_node_preconfigure_install_trident_url }}"
     dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_role.path }}/"
 
-- name: Uninstall trident
+- name: Uninstall trident  # noqa: ignore-errors
   ansible.builtin.command: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_role.path }}/trident-installer/tridentctl uninstall -n trident"
   ignore_errors: true
   register: __sap_hypervisor_node_preconfigure_register_uninstall_trident

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/worker/node-network.yml

@@ -5,7 +5,7 @@
 
 - name: "Create NodeNetworkConfigurationPolicy \
          {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }} on \
-         {{ __sap_hypervisor_node_preconfigure_register_worker.name }}"
+         {{ __sap_hypervisor_node_preconfigure_register_worker.name }}"  # noqa name[template]
   kubernetes.core.k8s:
     state: present
     definition:
@@ -23,7 +23,7 @@
           or __sap_hypervisor_node_preconfigure_register_worker_network.type == 'ethernet'
           or __sap_hypervisor_node_preconfigure_register_worker_network.type == 'vlan'
 
-- name: "Create NetworkAttachmentDefinition {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}"
+- name: "Create NetworkAttachmentDefinition {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}"  # noqa jinja
   kubernetes.core.k8s:
     state: present
     definition:
@@ -41,7 +41,7 @@
           'type': 'cnv-bridge',
           'bridge': __sap_hypervisor_node_preconfigure_register_worker_network.name,
           'macspoofchk': true
-        } | to_json }}"
+          } | to_json }}"
   when: __sap_hypervisor_node_preconfigure_register_worker_network.type == 'linux-bridge'
 
 - name: Label the node with feature.node.kubernetes.io/network-sriov.capable=true
@@ -58,7 +58,7 @@
 
 - name: "Create SR-IOV NodeNetworkConfigurationPolicy \
          {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }} on \
-         {{ __sap_hypervisor_node_preconfigure_register_worker.name }}"
+         {{ __sap_hypervisor_node_preconfigure_register_worker.name }}"  # noqa name[template]
   kubernetes.core.k8s:
     state: present
     definition:

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/allocate-hugepages-at-runtime.yml

@@ -1,7 +1,9 @@
 ---
 - name: Install libhugetlbfs
-  ansible.builtin.yum:
-    name: libhugetlbfs, libhugetlbfs-utils
+  ansible.builtin.package:
+    name:
+      - libhugetlbfs
+      - libhugetlbfs-utils
     state: present
 
 # better location than rc.local?

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml

@@ -6,26 +6,26 @@
   register: __sap_hypervisor_node_preconfigure_kernelcmdline_assert
   changed_when: __sap_hypervisor_node_preconfigure_kernelcmdline_assert.rc != 0
 
-- name: "Assert - Kernel same page merging (KSM): Get status"
+- name: "Assert - Kernel same page merging (KSM): Get status"  # noqa: ignore-errors
   ansible.builtin.command: systemctl status ksm
   register: __sap_hypervisor_node_preconfigure_ksmstatus_assert
   ignore_errors: true
   changed_when: __sap_hypervisor_node_preconfigure_ksmstatus_assert.rc != 0
 
-- name: "Assert - Kernel same page merging (KSM): Check if stopped"
+- name: "Assert - Kernel same page merging (KSM): Check if stopped"  # noqa: ignore-errors
   ansible.builtin.assert:
     that: "'Active: inactive (dead)' in __sap_hypervisor_node_preconfigure_ksmstatus_assert.stdout"
     fail_msg: "FAIL: ksm is running"
     success_msg: "PASS: ksm not running"
   ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
-- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Get status"
+- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Get status"  # noqa: ignore-errors
   ansible.builtin.command: systemctl status ksmtuned
   register: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert
   ignore_errors: true
   changed_when: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert.rc != 0
 
-- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Check if stopped"
+- name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Check if stopped"  # noqa: ignore-errors
   ansible.builtin.assert:
     that: "'Active: inactive (dead)' in __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert.stdout"
     fail_msg: "FAIL: ksmtuned is running"
@@ -49,20 +49,20 @@
 - name: Assert - Check Intel Skylake CPU Platform
   when: __sap_hypervisor_node_preconfigure_cpu_stepping_assert == "4"
   block:
-    - name: Get ple_gap
+    - name: Get ple_gap  # noqa: ignore-errors
       ansible.builtin.command: grep -E '^options\s+kvm_intel.*?ple_gap\s*=\s*0.*$' /etc/modprobe.d/kvm.conf
       register: __sap_hypervisor_node_preconfigure_skylake_plegap_assert
       ignore_errors: true
       changed_when: __sap_hypervisor_node_preconfigure_skylake_plegap_assert.rc != 0
 
-    - name: Assert - Check if ple_gap=0
+    - name: Assert - Check if ple_gap=0  # noqa: ignore-errors
       ansible.builtin.assert:
         that: "__sap_hypervisor_node_preconfigure_skylake_plegap_assert.rc == 0"
         fail_msg: "FAIL: ple_gap is not set to 0"
         success_msg: "PASS: ple_gap is set to 0"
       ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
-    - name: Assert - Check for spectre_v2=retpoline
+    - name: Assert - Check for spectre_v2=retpoline  # noqa: ignore-errors
       ansible.builtin.assert:
         that: "'spectre_v2=retpoline' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: spectre_v2=retpoline is not on Kernel command line"
@@ -75,7 +75,7 @@
     - name: Set fact for sap_hypervisor_node_preconfigure_register_assert_nx_huge_pages
       ansible.builtin.set_fact:
         sap_hypervisor_node_preconfigure_register_assert_nx_huge_pages: "{{ __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout | regex_search('kvm.nx_huge_pages=(.+)', '\\1') | first }}"
-    - name: "Assert - Check kvm.nx_huge_pages is {{ sap_hypervisor_node_preconfigure_kvm_nx_huge_pages }}"
+    - name: "Assert - Check kvm.nx_huge_pages is {{ sap_hypervisor_node_preconfigure_kvm_nx_huge_pages }}"  # noqa: ignore-errors
       ansible.builtin.assert:
         that: sap_hypervisor_node_preconfigure_register_assert_nx_huge_pages == sap_hypervisor_node_preconfigure_kvm_nx_huge_pages
         fail_msg: "FAIL: kvm.nx_huge_pages is not {{ sap_hypervisor_node_preconfigure_kvm_nx_huge_pages }}"
@@ -84,13 +84,13 @@
 
 - name: Assert - check seccomp_sandbox=0
   block:
-    - name: Get seccomp setting
+    - name: Get seccomp setting  # noqa: ignore-errors
       ansible.builtin.command: grep -E '^seccomp_sandbox\s+=\s+0.*$' /etc/libvirt/qemu.conf
       register: __sap_hypervisor_node_preconfigure_seccomp_assert
       ignore_errors: true
       changed_when: __sap_hypervisor_node_preconfigure_seccomp_assert.rc != 0
 
-    - name: "Assert - Check seccomp_sandbox=0 is in /etc/libvirt/qemu.conf"
+    - name: "Assert - Check seccomp_sandbox=0 is in /etc/libvirt/qemu.conf"  # noqa: ignore-errors
       ansible.builtin.assert:
         that: __sap_hypervisor_node_preconfigure_seccomp_assert is success
         fail_msg: "FAIL: seccomp_sandbox != 0"
@@ -104,7 +104,7 @@
       register: __sap_hypervisor_node_preconfigure_1g_hugepages_assert
       changed_when: __sap_hypervisor_node_preconfigure_1g_hugepages_assert.rc != 0
 
-    - name: "Check that at least {{ sap_hypervisor_node_preconfigure_reserved_ram }} GB are available for the hypervisor and the rest are 1G hugepages"
+    - name: "Ensure hypervisor RAM and hugepages meet min requirement (GB) {{ sap_hypervisor_node_preconfigure_reserved_ram }}"  # noqa: ignore-errors
       ansible.builtin.assert:
         that: ((ansible_memtotal_mb / 1024) | int - sap_hypervisor_node_preconfigure_reserved_ram | int)  >= (__sap_hypervisor_node_preconfigure_1g_hugepages_assert.stdout | int)
         fail_msg: "FAIL: Not enough memory reserved for hypervisor"
@@ -113,22 +113,22 @@
 
 - name: Assert - check Kernel command line
   block:
-    - name: Ensure iommu is enabled
+    - name: Ensure iommu is enabled  # noqa: ignore-errors
       ansible.builtin.assert:
         that: "'intel_iommu=on' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: intel_iommu=on not on Kernel command line"
         success_msg: "PASS: intel_iommu=on on Kernel command line"
       ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
-    - name: Ensure iommu passthrough is enabled
+    - name: Ensure iommu passthrough is enabled  # noqa: ignore-errors
       ansible.builtin.assert:
         that: "'iommu=pt' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: iommu=pt not on Kernel command line"
         success_msg: "PASS: iommu=pt on Kernel command line"
       ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
     # See SAP Note 2737837 - SAP HANA and the Intel Transactional Synchronization Extensions Capability
-    - name: Ensure tsx is on
+    - name: Ensure tsx is on  # noqa: ignore-errors
       ansible.builtin.assert:
         that: "'tsx=on' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: tsx=on not in Kernel command line"

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml

@@ -2,7 +2,7 @@
 - name: Gather package facts
   ansible.builtin.package_facts:
 
-- name: Assert that all required packages are installed
+- name: Assert that all required packages are installed  # noqa: ignore-errors
   ansible.builtin.assert:
     that: line_item in ansible_facts.packages
     fail_msg: "FAIL: Package '{{ line_item }}' is not installed!"

roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml

@@ -4,7 +4,7 @@
   register: __sap_hypervisor_node_preconfigure_register_file_permissions_assert
   changed_when: __sap_hypervisor_node_preconfigure_register_file_permissions_assert.rc != 0
 
-- name: Assert hook file permissions
+- name: Assert hook file permissions  # noqa: ignore-errors
   ansible.builtin.assert:
     that: "__sap_hypervisor_node_preconfigure_register_file_permissions_assert.stdout == '755'"
     fail_msg: "FAIL: Hook {{ item }} does not have the correct file permissions (!= 755)."
@@ -23,13 +23,13 @@
     src: "{{ item }}"
     mode: "0755"
 
-- name: Diff hook
+- name: Diff hook  # noqa: ignore-errors
   ansible.builtin.command: "diff -uw /tmp/sap_hypervisor_node_preconfigure/{{ item }} /usr/libexec/vdsm/hooks/before_vm_start/{{ item }}"
   register: __sap_hypervisor_node_preconfigure_register_hook_diff_assert
   ignore_errors: true
   changed_when: __sap_hypervisor_node_preconfigure_register_hook_diff_assert.rc != 0
 
-- name: Assert hook content
+- name: Assert hook content  # noqa: ignore-errors
   ansible.builtin.assert:
     that: "__sap_hypervisor_node_preconfigure_register_hook_diff_assert.rc == 0"
     fail_msg: "FAIL: Hook {{ item }} has been modified, please investigate manually."