Add ansible-lint CI (#1368)

CI: Add Ansible lint job

Co-authored-by: Mark Goddard <mark@stackhpc.com>
Co-authored-by: Matt Crees <mattc@stackhpc.com>
Co-authored-by: Pierre Riteau <pierre@stackhpc.com>

Author: 4 people

.ansible-lint

@@ -0,0 +1,10 @@
+---
+skip_list:
+  - no-changed-when
+  - risky-file-permissions
+  - run-once
+  - name[template]
+  - package-latest
+  - yaml
+  - role-name[path]
+  - yaml[line-length]

.ansible-lint-ignore

@@ -0,0 +1,7 @@
+# This file contains ignores to rule violations for ansible-lint
+etc/kayobe/ansible/vault-deploy-barbican.yml fqcn[action-core]
+etc/kayobe/ansible/vault-generate-backend-tls.yml fqcn[action-core]
+etc/kayobe/ansible/vault-generate-internal-tls.yml fqcn[action-core]
+etc/kayobe/ansible/vault-generate-test-external-tls.yml fqcn[action-core]
+etc/kayobe/ansible/rabbitmq-reset.yml command-instead-of-module
+etc/kayobe/ansible/ubuntu-upgrade.yml syntax-check[missing-file]

.github/workflows/stackhpc-pull-request.yml

@@ -61,6 +61,43 @@ jobs:
       - name: Run Tox ${{ matrix.environment }} 🧪
         run: tox -e ${{ matrix.environment }}
 
+  lint:
+    runs-on: ubuntu-22.04
+    permissions: {}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # NOTE(upgrade): Keep these in sync with Kayobe's supported Ansible and Python versions (see release notes).
+          - ansible: "2.16"
+            python: "3.12"
+          - ansible: "2.15"
+            python: "3.10"
+    name: Ansible ${{ matrix.ansible }} lint with Python ${{ matrix.python }}
+    if: github.repository == 'stackhpc/stackhpc-kayobe-config'
+    steps:
+      - name: GitHub Checkout 🛎
+        uses: actions/checkout@v3
+
+      - name: Setup Python ${{ matrix.python-version }} 🐍
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python }}
+
+      - name: Install dependencies 📦
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-core==${{ matrix.ansible }}.* ansible-lint -r requirements.txt
+
+      - name: Install Ansible Galaxy collections and roles
+        run: |
+          ansible-galaxy collection install -r etc/kayobe/ansible/requirements.yml
+          ansible-galaxy role install -r etc/kayobe/ansible/requirements.yml
+
+      - name: Linting code 🧪
+        run: |
+          ansible-lint -v --force-color etc/kayobe/ansible/.
+
   # A skipped job is treated as success when used as a required status check.
   # The registered required status checks refer to the name of the job in the
   # called reusable workflow rather than the jobs in this file.  The following

etc/kayobe/ansible/advise-run.yml

@@ -1,47 +1,47 @@
 ---
 - name: ADVise run
   hosts: localhost
-  gather_facts: no
+  gather_facts: false
   tags:
     - advise
   vars:
-    venv: "~/venvs/advise-review"
+    venv: ~/venvs/advise-review
     input_dir: "{{ lookup('env', 'PWD') }}/overcloud-introspection-data"
     output_dir: "{{ lookup('env', 'PWD') }}/review"
-    advise_pattern: ".*.eval"  # Uses regex
+    advise_pattern: .*.eval # Uses regex
   tasks:
     - name: Install dependencies
-      pip:
+      ansible.builtin.pip:
         virtualenv: "{{ venv }}"
         name:
           - git+https://github.com/stackhpc/ADVise
         state: latest
-        virtualenv_command: "python3 -m venv"
+        virtualenv_command: python3 -m venv
 
     - name: Create data directory
-      file:
-        path: '{{ output_dir }}/data'
+      ansible.builtin.file:
+        path: "{{ output_dir }}/data"
         state: directory
 
     - name: Extract data
-      shell:
+      ansible.builtin.shell:
         cmd: >
           {{ venv }}/bin/m2-extract {{ input_dir }}/*.json --output_dir {{ output_dir }}/data
 
     - name: Create review directory
-      file:
-        path: '{{ output_dir }}/results'
+      ansible.builtin.file:
+        path: "{{ output_dir }}/results"
         state: directory
 
     - name: Process data
-      shell:
+      ansible.builtin.shell:
         cmd: >
           {{ venv }}/bin/advise-process
           -I ipmi
           -p '{{ output_dir }}/data/extra-hardware/{{ advise_pattern }}'
           -o '{{ output_dir }}'
 
     - name: Visualise data
-      command: >
+      ansible.builtin.command: >
         {{ venv }}/bin/advise-visualise
         --output_dir '{{ output_dir }}'

etc/kayobe/ansible/build-ofed-rocky.yml

@@ -6,8 +6,8 @@
   tasks:
     - name: Check whether noexec is enabled for /var/tmp
       ansible.builtin.lineinfile:
-        path: "/etc/fstab"
-        regexp: "noexec"
+        path: /etc/fstab
+        regexp: noexec
         state: absent
       changed_when: false
       check_mode: true
@@ -42,7 +42,7 @@
 
     - name: Add DOCA host repository package
       ansible.builtin.dnf:
-        name: https://developer.nvidia.com/downloads/networking/secure/doca-sdk/DOCA_2.8/doca-host-2.8.0-204000_{{ stackhpc_pulp_doca_ofed_version }}_rhel9{{ stackhpc_pulp_repo_rocky_9_minor_version }}.x86_64.rpm
+        name: "https://developer.nvidia.com/downloads/networking/secure/doca-sdk/DOCA_2.8/doca-host-2.8.0-204000_{{ stackhpc_pulp_doca_ofed_version }}_rhel9{{ stackhpc_pulp_repo_rocky_9_minor_version }}.x86_64.rpm"
         disable_gpg_check: true
 
     - name: Install DOCA extra packages
@@ -53,13 +53,13 @@
       ansible.builtin.file:
         path: /home/cloud-user/ofed
         state: directory
-        mode: 0777
+        mode: "0777"
 
     - name: Set build directory
       ansible.builtin.replace:
         path: /opt/mellanox/doca/tools/doca-kernel-support
-        regexp: 'TMP_DIR=\$1'
-        replace: 'TMP_DIR=/home/cloud-user/ofed'
+        regexp: TMP_DIR=\$1
+        replace: TMP_DIR=/home/cloud-user/ofed
 
     - name: Build OFED kernel modules
       ansible.builtin.shell:

etc/kayobe/ansible/cephadm-commands-post.yml

@@ -7,7 +7,8 @@
     - cephadm
     - cephadm-commands
   tasks:
-    - import_role:
+    - name: Apply Cephadm commands role
+      ansible.builtin.import_role:
         name: stackhpc.cephadm.commands
       vars:
         cephadm_commands: "{{ cephadm_commands_post | default([]) }}"

etc/kayobe/ansible/cephadm-commands-pre.yml

@@ -7,7 +7,8 @@
     - cephadm
     - cephadm-commands
   tasks:
-    - import_role:
+    - name: Apply Cephadm commands role
+      ansible.builtin.import_role:
         name: stackhpc.cephadm.commands
       vars:
         cephadm_commands: "{{ cephadm_commands_pre | default([]) }}"

etc/kayobe/ansible/cephadm-crush-rules.yml

@@ -7,5 +7,6 @@
     - cephadm
     - cephadm-crush-rules
   tasks:
-    - import_role:
+    - name: Apply Cephadm crush rule role
+      ansible.builtin.import_role:
         name: stackhpc.cephadm.crush_rules

etc/kayobe/ansible/cephadm-deploy.yml

@@ -7,5 +7,6 @@
     - cephadm
     - cephadm-deploy
   tasks:
-    - import_role:
+    - name: Apply Cephadm role
+      ansible.builtin.import_role:
         name: stackhpc.cephadm.cephadm

etc/kayobe/ansible/cephadm-ec-profiles.yml

@@ -7,5 +7,6 @@
     - cephadm
     - cephadm-ec-profiles
   tasks:
-    - import_role:
+    - name: Apply Cephadm EC profiles role
+      ansible.builtin.import_role:
         name: stackhpc.cephadm.ec_profiles