From 3d04b2fa004d25c306a18aa244069a9e9e356711 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 16:08:32 +0200 Subject: [PATCH 01/15] Update pre-commit actions This was done by running "pre-commit autoupdate --freeze". --- .pre-commit-config.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e6fbf597..b5b4ddba 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: 3298ddab3c13dd77d6ce1fc0baf97691430d84b0 # v4.3.0 + rev: f71fa2c1f9cf5cb705f73dffe4b21f7c61470ba9 # frozen: v4.4.0 hooks: - id: requirements-txt-fixer - id: sort-simple-yaml @@ -12,24 +12,24 @@ repos: - id: trailing-whitespace args: [--markdown-linebreak-ext=md] - repo: https://github.com/adrienverge/yamllint.git - rev: 9cce2940414e9560ae4c8518ddaee2ac1863a4d2 # v1.28.0 + rev: b05e028c5881819161d11cb543fd96a30c06cceb # frozen: v1.32.0 hooks: - id: yamllint args: [-c=.yamllint] - repo: https://github.com/ansible-community/ansible-lint.git - rev: a058554b9bcf88f12ad09ab9fb93b267a214368f # v6.8.6 + rev: 3293b64b939c0de16ef8cb81dd49255e475bf89a # frozen: v6.17.2 hooks: - id: ansible-lint - repo: https://github.com/shellcheck-py/shellcheck-py - rev: 4c7c3dd7161ef39e984cb295e93a968236dc8e8a # v0.8.0.4 + rev: 375289a39f5708101b1f916eb729e8d6da96993f # frozen: v0.9.0.5 hooks: - id: shellcheck - repo: https://github.com/Lucas-C/pre-commit-hooks - rev: 04618e68aa2380828a36a23ff5f65a06ae8f59b9 # v1.3.1 + rev: 12885e376b93dc4536ad68d156065601e4433665 # frozen: v1.5.1 hooks: - id: remove-crlf - id: remove-tabs - repo: https://github.com/sirosen/texthooks - rev: 30d9af95631de0d7cff4e282bde9160d38bb0359 # 0.4.0 + rev: c4ffd3e31669dd4fa4d31a23436cc13839730084 # frozen: 0.5.0 hooks: - id: fix-smartquotes From 5c0a20f0b8503351326ee1698dfd0c5a513aee54 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 16:10:11 +0200 Subject: [PATCH 02/15] Remove pre-commit only dependencies from requirements.in Including them in the file would create the illusion that those were the versions actually used in CI, but they are not. The exact versions are determined by the pre-commit hooks which are pinned in .pre-commit-config.yaml. --- requirements.in | 2 -- requirements.txt | 45 ++++++--------------------------------------- 2 files changed, 6 insertions(+), 41 deletions(-) diff --git a/requirements.in b/requirements.in index 151033d3..715153b2 100644 --- a/requirements.in +++ b/requirements.in @@ -1,5 +1,4 @@ ansible-core>=2.13.5 -ansible-lint>=6.8.6 jmespath>=1.0.1 jsonpatch>=1.32 kubernetes>=25.3.0 @@ -9,4 +8,3 @@ netaddr>=0.8.0 pre-commit>=2.20.0 pre-commit-hooks>=1.3.1 pyyaml>=6.0 -yamllint>=1.28.0 diff --git a/requirements.txt b/requirements.txt index 999a3434..919e7f25 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # -# This file is autogenerated by pip-compile with python 3.8 -# To update, run: +# This file is autogenerated by pip-compile with Python 3.11 +# by the following command: # # pip-compile requirements.in # @@ -10,19 +10,12 @@ ansible-core==2.14.5 # via # -r requirements.in # ansible-compat - # ansible-lint -ansible-lint==6.15.0 - # via -r requirements.in arrow==1.2.3 # via jinja2-time attrs==22.1.0 # via jsonschema binaryornot==0.4.4 # via cookiecutter -black==22.10.0 - # via ansible-lint -bracex==2.3.post1 - # via wcmatch cachetools==5.2.0 # via google-auth certifi==2022.9.24 @@ -39,7 +32,6 @@ charset-normalizer==2.1.1 # via requests click==8.1.3 # via - # black # click-help-colors # cookiecutter # molecule @@ -58,9 +50,7 @@ distro==1.8.0 enrich==1.2.7 # via molecule filelock==3.8.0 - # via - # ansible-lint - # virtualenv + # via virtualenv google-auth==2.14.0 # via kubernetes identify==2.5.8 @@ -85,7 +75,6 @@ jsonpointer==2.3 jsonschema==4.17.0 # via # ansible-compat - # ansible-lint # molecule kubernetes==25.3.0 # via -r requirements.in @@ -97,8 +86,6 @@ molecule==4.0.4 # molecule-vagrant molecule-vagrant==1.0.0 # via -r requirements.in -mypy-extensions==0.4.3 - # via black netaddr==0.8.0 # via -r requirements.in nodeenv==1.7.0 @@ -109,16 +96,9 @@ packaging==21.3 # via # ansible-compat # ansible-core - # ansible-lint # molecule -pathspec==0.10.1 - # via - # black - # yamllint platformdirs==2.5.2 - # via - # black - # virtualenv + # via virtualenv pluggy==1.0.0 # via molecule pre-commit==2.21.0 @@ -152,13 +132,11 @@ pyyaml==6.0 # -r requirements.in # ansible-compat # ansible-core - # ansible-lint # cookiecutter # kubernetes # molecule # molecule-vagrant # pre-commit - # yamllint requests==2.28.1 # via # cookiecutter @@ -170,15 +148,12 @@ resolvelib==0.8.1 # via ansible-core rich==12.6.0 # via - # ansible-lint # enrich # molecule rsa==4.9 # via google-auth ruamel-yaml==0.17.21 - # via - # ansible-lint - # pre-commit-hooks + # via pre-commit-hooks selinux==0.2.1 # via molecule-vagrant six==1.16.0 @@ -187,9 +162,7 @@ six==1.16.0 # kubernetes # python-dateutil subprocess-tee==0.4.1 - # via - # ansible-compat - # ansible-lint + # via ansible-compat text-unidecode==1.3 # via python-slugify urllib3==1.26.12 @@ -198,14 +171,8 @@ urllib3==1.26.12 # requests virtualenv==20.16.6 # via pre-commit -wcmatch==8.4.1 - # via ansible-lint websocket-client==1.4.2 # via kubernetes -yamllint==1.31.0 - # via - # -r requirements.in - # ansible-lint # The following packages are considered to be unsafe in a requirements file: # setuptools From 0df7fa54b6b86f401e6a425da3e0cb2a0a4187ae Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 16:40:38 +0200 Subject: [PATCH 03/15] Ansible Lint: Fix role-name[path] --- molecule/resources/verify.yml | 2 +- .../from_outside => verify_from_outside}/defaults/main.yml | 2 +- .../tasks/kubecfg-cleanup.yml | 0 .../tasks/kubecfg-fetch.yml | 0 .../from_outside => verify_from_outside}/tasks/main.yml | 0 .../tasks/test/deploy-example.yml | 0 .../tasks/test/get-nodes.yml | 0 roles/{k3s/node => k3s_agent}/tasks/main.yml | 0 roles/{k3s/node => k3s_agent}/templates/k3s.service.j2 | 0 roles/{k3s/master => k3s_server}/defaults/main.yml | 0 .../master => k3s_server}/tasks/fetch_k3s_init_logs.yml | 0 roles/{k3s/master => k3s_server}/tasks/main.yml | 0 roles/{k3s/master => k3s_server}/tasks/metallb.yml | 0 roles/{k3s/master => k3s_server}/tasks/vip.yml | 0 roles/{k3s/master => k3s_server}/templates/content.j2 | 0 roles/{k3s/master => k3s_server}/templates/k3s.service.j2 | 0 roles/{k3s/master => k3s_server}/templates/vip.yaml.j2 | 0 roles/{k3s/post => k3s_server_post}/defaults/main.yml | 0 roles/{k3s/post => k3s_server_post}/tasks/main.yml | 0 roles/{k3s/post => k3s_server_post}/tasks/metallb.yml | 0 .../{k3s/post => k3s_server_post}/templates/metallb.crs.j2 | 0 site.yml | 7 +++---- 22 files changed, 5 insertions(+), 6 deletions(-) rename molecule/resources/{verify/from_outside => verify_from_outside}/defaults/main.yml (85%) rename molecule/resources/{verify/from_outside => verify_from_outside}/tasks/kubecfg-cleanup.yml (100%) rename molecule/resources/{verify/from_outside => verify_from_outside}/tasks/kubecfg-fetch.yml (100%) rename molecule/resources/{verify/from_outside => verify_from_outside}/tasks/main.yml (100%) rename molecule/resources/{verify/from_outside => verify_from_outside}/tasks/test/deploy-example.yml (100%) rename molecule/resources/{verify/from_outside => verify_from_outside}/tasks/test/get-nodes.yml (100%) rename roles/{k3s/node => k3s_agent}/tasks/main.yml (100%) rename roles/{k3s/node => k3s_agent}/templates/k3s.service.j2 (100%) rename roles/{k3s/master => k3s_server}/defaults/main.yml (100%) rename roles/{k3s/master => k3s_server}/tasks/fetch_k3s_init_logs.yml (100%) rename roles/{k3s/master => k3s_server}/tasks/main.yml (100%) rename roles/{k3s/master => k3s_server}/tasks/metallb.yml (100%) rename roles/{k3s/master => k3s_server}/tasks/vip.yml (100%) rename roles/{k3s/master => k3s_server}/templates/content.j2 (100%) rename roles/{k3s/master => k3s_server}/templates/k3s.service.j2 (100%) rename roles/{k3s/master => k3s_server}/templates/vip.yaml.j2 (100%) rename roles/{k3s/post => k3s_server_post}/defaults/main.yml (100%) rename roles/{k3s/post => k3s_server_post}/tasks/main.yml (100%) rename roles/{k3s/post => k3s_server_post}/tasks/metallb.yml (100%) rename roles/{k3s/post => k3s_server_post}/templates/metallb.crs.j2 (100%) diff --git a/molecule/resources/verify.yml b/molecule/resources/verify.yml index ce0cccb2..ef7ea526 100644 --- a/molecule/resources/verify.yml +++ b/molecule/resources/verify.yml @@ -2,4 +2,4 @@ - name: Verify hosts: all roles: - - verify/from_outside + - verify_from_outside diff --git a/molecule/resources/verify/from_outside/defaults/main.yml b/molecule/resources/verify_from_outside/defaults/main.yml similarity index 85% rename from molecule/resources/verify/from_outside/defaults/main.yml rename to molecule/resources/verify_from_outside/defaults/main.yml index f8db768a..104fda4d 100644 --- a/molecule/resources/verify/from_outside/defaults/main.yml +++ b/molecule/resources/verify_from_outside/defaults/main.yml @@ -6,4 +6,4 @@ outside_host: localhost testing_namespace: molecule-verify-from-outside # The directory in which the example manifests reside -example_manifests_path: ../../../../example +example_manifests_path: ../../../example diff --git a/molecule/resources/verify/from_outside/tasks/kubecfg-cleanup.yml b/molecule/resources/verify_from_outside/tasks/kubecfg-cleanup.yml similarity index 100% rename from molecule/resources/verify/from_outside/tasks/kubecfg-cleanup.yml rename to molecule/resources/verify_from_outside/tasks/kubecfg-cleanup.yml diff --git a/molecule/resources/verify/from_outside/tasks/kubecfg-fetch.yml b/molecule/resources/verify_from_outside/tasks/kubecfg-fetch.yml similarity index 100% rename from molecule/resources/verify/from_outside/tasks/kubecfg-fetch.yml rename to molecule/resources/verify_from_outside/tasks/kubecfg-fetch.yml diff --git a/molecule/resources/verify/from_outside/tasks/main.yml b/molecule/resources/verify_from_outside/tasks/main.yml similarity index 100% rename from molecule/resources/verify/from_outside/tasks/main.yml rename to molecule/resources/verify_from_outside/tasks/main.yml diff --git a/molecule/resources/verify/from_outside/tasks/test/deploy-example.yml b/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml similarity index 100% rename from molecule/resources/verify/from_outside/tasks/test/deploy-example.yml rename to molecule/resources/verify_from_outside/tasks/test/deploy-example.yml diff --git a/molecule/resources/verify/from_outside/tasks/test/get-nodes.yml b/molecule/resources/verify_from_outside/tasks/test/get-nodes.yml similarity index 100% rename from molecule/resources/verify/from_outside/tasks/test/get-nodes.yml rename to molecule/resources/verify_from_outside/tasks/test/get-nodes.yml diff --git a/roles/k3s/node/tasks/main.yml b/roles/k3s_agent/tasks/main.yml similarity index 100% rename from roles/k3s/node/tasks/main.yml rename to roles/k3s_agent/tasks/main.yml diff --git a/roles/k3s/node/templates/k3s.service.j2 b/roles/k3s_agent/templates/k3s.service.j2 similarity index 100% rename from roles/k3s/node/templates/k3s.service.j2 rename to roles/k3s_agent/templates/k3s.service.j2 diff --git a/roles/k3s/master/defaults/main.yml b/roles/k3s_server/defaults/main.yml similarity index 100% rename from roles/k3s/master/defaults/main.yml rename to roles/k3s_server/defaults/main.yml diff --git a/roles/k3s/master/tasks/fetch_k3s_init_logs.yml b/roles/k3s_server/tasks/fetch_k3s_init_logs.yml similarity index 100% rename from roles/k3s/master/tasks/fetch_k3s_init_logs.yml rename to roles/k3s_server/tasks/fetch_k3s_init_logs.yml diff --git a/roles/k3s/master/tasks/main.yml b/roles/k3s_server/tasks/main.yml similarity index 100% rename from roles/k3s/master/tasks/main.yml rename to roles/k3s_server/tasks/main.yml diff --git a/roles/k3s/master/tasks/metallb.yml b/roles/k3s_server/tasks/metallb.yml similarity index 100% rename from roles/k3s/master/tasks/metallb.yml rename to roles/k3s_server/tasks/metallb.yml diff --git a/roles/k3s/master/tasks/vip.yml b/roles/k3s_server/tasks/vip.yml similarity index 100% rename from roles/k3s/master/tasks/vip.yml rename to roles/k3s_server/tasks/vip.yml diff --git a/roles/k3s/master/templates/content.j2 b/roles/k3s_server/templates/content.j2 similarity index 100% rename from roles/k3s/master/templates/content.j2 rename to roles/k3s_server/templates/content.j2 diff --git a/roles/k3s/master/templates/k3s.service.j2 b/roles/k3s_server/templates/k3s.service.j2 similarity index 100% rename from roles/k3s/master/templates/k3s.service.j2 rename to roles/k3s_server/templates/k3s.service.j2 diff --git a/roles/k3s/master/templates/vip.yaml.j2 b/roles/k3s_server/templates/vip.yaml.j2 similarity index 100% rename from roles/k3s/master/templates/vip.yaml.j2 rename to roles/k3s_server/templates/vip.yaml.j2 diff --git a/roles/k3s/post/defaults/main.yml b/roles/k3s_server_post/defaults/main.yml similarity index 100% rename from roles/k3s/post/defaults/main.yml rename to roles/k3s_server_post/defaults/main.yml diff --git a/roles/k3s/post/tasks/main.yml b/roles/k3s_server_post/tasks/main.yml similarity index 100% rename from roles/k3s/post/tasks/main.yml rename to roles/k3s_server_post/tasks/main.yml diff --git a/roles/k3s/post/tasks/metallb.yml b/roles/k3s_server_post/tasks/metallb.yml similarity index 100% rename from roles/k3s/post/tasks/metallb.yml rename to roles/k3s_server_post/tasks/metallb.yml diff --git a/roles/k3s/post/templates/metallb.crs.j2 b/roles/k3s_server_post/templates/metallb.crs.j2 similarity index 100% rename from roles/k3s/post/templates/metallb.crs.j2 rename to roles/k3s_server_post/templates/metallb.crs.j2 diff --git a/site.yml b/site.yml index 5104cce2..36809111 100644 --- a/site.yml +++ b/site.yml @@ -1,5 +1,4 @@ --- - - hosts: proxmox gather_facts: true become: yes @@ -22,15 +21,15 @@ - hosts: master roles: - - role: k3s/master + - role: k3s_server become: true - hosts: node roles: - - role: k3s/node + - role: k3s_agent become: true - hosts: master roles: - - role: k3s/post + - role: k3s_server_post become: true From 55126d7d2e2ce3519ce5dc9b5654952815c51b92 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 16:54:47 +0200 Subject: [PATCH 04/15] Ansible Lint: Fix name[play] --- reset.yml | 7 ++++--- site.yml | 15 ++++++++++----- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/reset.yml b/reset.yml index 2cf6efbd..02d4d892 100644 --- a/reset.yml +++ b/reset.yml @@ -1,6 +1,6 @@ --- - -- hosts: k3s_cluster +- name: Reset k3s cluster + hosts: k3s_cluster gather_facts: yes roles: - role: reset @@ -14,7 +14,8 @@ reboot: reboot_timeout: 3600 -- hosts: proxmox +- name: Revert changes to Proxmox cluster + hosts: proxmox gather_facts: true become: yes remote_user: "{{ proxmox_lxc_ssh_user }}" diff --git a/site.yml b/site.yml index 36809111..8f249825 100644 --- a/site.yml +++ b/site.yml @@ -1,12 +1,14 @@ --- -- hosts: proxmox +- name: Prepare Proxmox cluster + hosts: proxmox gather_facts: true become: yes roles: - role: proxmox_lxc when: proxmox_lxc_configure -- hosts: k3s_cluster +- name: Prepare k3s nodes + hosts: k3s_cluster gather_facts: yes roles: - role: lxc @@ -19,17 +21,20 @@ - role: raspberrypi become: true -- hosts: master +- name: Setup k3s servers + hosts: master roles: - role: k3s_server become: true -- hosts: node +- name: Setup k3s agents + hosts: node roles: - role: k3s_agent become: true -- hosts: master +- name: Configure k3s cluster + hosts: master roles: - role: k3s_server_post become: true From 653d377d8a050741f2287bfa686c547d43268fd1 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 16:57:34 +0200 Subject: [PATCH 05/15] Ansible Lint: Fix key-order[task] --- roles/k3s_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index 76b910c3..de186a21 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -28,6 +28,7 @@ creates: "{{ systemd_dir }}/k3s.service" - name: Verification + when: not ansible_check_mode block: - name: Verify that all nodes actually joined (check k3s-init.service if this fails) command: @@ -49,7 +50,6 @@ name: k3s-init state: stopped failed_when: false - when: not ansible_check_mode - name: Copy K3s service file register: k3s_service From 11d25b949883724510fb97aa183a1a393c1e5d7d Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 17:10:16 +0200 Subject: [PATCH 06/15] Ansible Lint: Fix jinja[spacing] --- roles/k3s_server/tasks/metallb.yml | 2 +- roles/raspberrypi/tasks/main.yml | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/roles/k3s_server/tasks/metallb.yml b/roles/k3s_server/tasks/metallb.yml index 917b4a82..22405cda 100644 --- a/roles/k3s_server/tasks/metallb.yml +++ b/roles/k3s_server/tasks/metallb.yml @@ -10,7 +10,7 @@ - name: "Download to first master: manifest for metallb-{{ metal_lb_type }}" ansible.builtin.get_url: - url: "https://raw.githubusercontent.com/metallb/metallb/{{ metal_lb_controller_tag_version }}/config/manifests/metallb-{{metal_lb_type}}.yaml" # noqa yaml[line-length] + url: "https://raw.githubusercontent.com/metallb/metallb/{{ metal_lb_controller_tag_version }}/config/manifests/metallb-{{ metal_lb_type }}.yaml" # noqa yaml[line-length] dest: "/var/lib/rancher/k3s/server/manifests/metallb-crds.yaml" owner: root group: root diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index 50c4af4c..d2276eca 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -57,10 +57,6 @@ - "{{ action }}/default.yml" vars: action: >- - {% if state == "present" -%} - setup - {%- else -%} - teardown - {%- endif %} + {% if state == "present" %}setup{% else %}teardown{% endif %} when: - raspberry_pi|default(false) From 43243519c823b976d00532e38f1a1a243f5a4bf6 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 17:11:30 +0200 Subject: [PATCH 07/15] Ansible Lint: Fix no-free-form --- roles/raspberrypi/tasks/setup/Raspbian.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/raspberrypi/tasks/setup/Raspbian.yml b/roles/raspberrypi/tasks/setup/Raspbian.yml index 371a255e..4e8790a5 100644 --- a/roles/raspberrypi/tasks/setup/Raspbian.yml +++ b/roles/raspberrypi/tasks/setup/Raspbian.yml @@ -8,7 +8,9 @@ notify: reboot - name: Install iptables - apt: name=iptables state=present + apt: + name: iptables + state: present - name: Flush iptables before changing to iptables-legacy iptables: From 45ae3f1c18c8bd7c2058946cce38faa3f7277df1 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 17:15:27 +0200 Subject: [PATCH 08/15] Ansible Lint: Fix var-naming[no-reserved] --- .../tasks/test/deploy-example.yml | 4 ++-- roles/raspberrypi/tasks/main.yml | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml b/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml index 9248be72..61c4cec0 100644 --- a/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml +++ b/molecule/resources/verify_from_outside/tasks/test/deploy-example.yml @@ -34,14 +34,14 @@ - name: Assert that the nginx welcome page is available ansible.builtin.uri: - url: http://{{ ip | ansible.utils.ipwrap }}:{{ port }}/ + url: http://{{ ip | ansible.utils.ipwrap }}:{{ port_ }}/ return_content: yes register: result failed_when: "'Welcome to nginx!' not in result.content" vars: ip: >- {{ nginx_services.resources[0].status.loadBalancer.ingress[0].ip }} - port: >- + port_: >- {{ nginx_services.resources[0].spec.ports[0].port }} # Deactivated linter rules: # - jinja[invalid]: As of version 6.6.0, ansible-lint complains that the input to ipwrap diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index d2276eca..48e36bc2 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -47,16 +47,16 @@ - raspberry_pi|default(false) - ansible_facts.lsb.description|default("") is match("Debian.*bullseye") -- name: execute OS related tasks on the Raspberry Pi - {{ action }} +- name: execute OS related tasks on the Raspberry Pi - {{ action_ }} include_tasks: "{{ item }}" with_first_found: - - "{{ action }}/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" - - "{{ action }}/{{ detected_distribution }}.yml" - - "{{ action }}/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" - - "{{ action }}/{{ ansible_distribution }}.yml" - - "{{ action }}/default.yml" + - "{{ action_ }}/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" + - "{{ action_ }}/{{ detected_distribution }}.yml" + - "{{ action_ }}/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml" + - "{{ action_ }}/{{ ansible_distribution }}.yml" + - "{{ action_ }}/default.yml" vars: - action: >- + action_: >- {% if state == "present" %}setup{% else %}teardown{% endif %} when: - raspberry_pi|default(false) From d6b5256eb488dca1cdd564c21d1e2bc40d5caca0 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 17:17:31 +0200 Subject: [PATCH 09/15] Ansible Lint: Fix yaml[comments] --- roles/k3s_server/tasks/metallb.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/k3s_server/tasks/metallb.yml b/roles/k3s_server/tasks/metallb.yml index 22405cda..b6f4fbed 100644 --- a/roles/k3s_server/tasks/metallb.yml +++ b/roles/k3s_server/tasks/metallb.yml @@ -10,7 +10,7 @@ - name: "Download to first master: manifest for metallb-{{ metal_lb_type }}" ansible.builtin.get_url: - url: "https://raw.githubusercontent.com/metallb/metallb/{{ metal_lb_controller_tag_version }}/config/manifests/metallb-{{ metal_lb_type }}.yaml" # noqa yaml[line-length] + url: "https://raw.githubusercontent.com/metallb/metallb/{{ metal_lb_controller_tag_version }}/config/manifests/metallb-{{ metal_lb_type }}.yaml" # noqa yaml[line-length] dest: "/var/lib/rancher/k3s/server/manifests/metallb-crds.yaml" owner: root group: root From 578dc5272587af14368f115eb8df5ed6cff0c3fe Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 17:23:55 +0200 Subject: [PATCH 10/15] Ansible Lint: Fix yaml[line-length] --- molecule/default/overrides.yml | 3 ++- molecule/ipv6/overrides.yml | 3 ++- molecule/single_node/overrides.yml | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/molecule/default/overrides.yml b/molecule/default/overrides.yml index 3c47c63b..4eea472b 100644 --- a/molecule/default/overrides.yml +++ b/molecule/default/overrides.yml @@ -4,7 +4,8 @@ tasks: - name: Override host variables ansible.builtin.set_fact: - # See: https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant # noqa yaml[line-length] + # See: + # https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant flannel_iface: eth1 # The test VMs might be a bit slow, so we give them more time to join the cluster: diff --git a/molecule/ipv6/overrides.yml b/molecule/ipv6/overrides.yml index d701d24c..44bbc07a 100644 --- a/molecule/ipv6/overrides.yml +++ b/molecule/ipv6/overrides.yml @@ -4,7 +4,8 @@ tasks: - name: Override host variables (1/2) ansible.builtin.set_fact: - # See: https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant # noqa yaml[line-length] + # See: + # https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant flannel_iface: eth1 # In this scenario, we have multiple interfaces that the VIP could be diff --git a/molecule/single_node/overrides.yml b/molecule/single_node/overrides.yml index 777ef4b0..799275ef 100644 --- a/molecule/single_node/overrides.yml +++ b/molecule/single_node/overrides.yml @@ -4,7 +4,8 @@ tasks: - name: Override host variables ansible.builtin.set_fact: - # See: https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant # noqa yaml[line-length] + # See: + # https://github.com/flannel-io/flannel/blob/67d603aaf45ef80f5dd39f43714fc5e6f8a637eb/Documentation/troubleshooting.md#Vagrant flannel_iface: eth1 # The test VMs might be a bit slow, so we give them more time to join the cluster: From cd44bd9577695e15181bb0592288200931de3920 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 17:27:53 +0200 Subject: [PATCH 11/15] Ansible Lint: Fix name[casing] --- roles/lxc/handlers/main.yml | 2 +- roles/proxmox_lxc/handlers/main.yml | 2 +- roles/proxmox_lxc/tasks/main.yml | 6 +++--- roles/raspberrypi/handlers/main.yml | 2 +- roles/raspberrypi/tasks/main.yml | 2 +- roles/reset_proxmox_lxc/handlers/main.yml | 2 +- roles/reset_proxmox_lxc/tasks/main.yml | 6 +++--- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/lxc/handlers/main.yml b/roles/lxc/handlers/main.yml index 20013cc5..7d73985d 100644 --- a/roles/lxc/handlers/main.yml +++ b/roles/lxc/handlers/main.yml @@ -1,4 +1,4 @@ --- -- name: reboot server +- name: Reboot server become: true reboot: diff --git a/roles/proxmox_lxc/handlers/main.yml b/roles/proxmox_lxc/handlers/main.yml index 9b99cb2f..99541e8d 100644 --- a/roles/proxmox_lxc/handlers/main.yml +++ b/roles/proxmox_lxc/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: reboot containers +- name: Reboot containers command: "pct reboot {{ item }}" loop: "{{ proxmox_lxc_filtered_ids }}" diff --git a/roles/proxmox_lxc/tasks/main.yml b/roles/proxmox_lxc/tasks/main.yml index 76d43a0a..e7aa9f57 100644 --- a/roles/proxmox_lxc/tasks/main.yml +++ b/roles/proxmox_lxc/tasks/main.yml @@ -1,17 +1,17 @@ --- -- name: check for container files that exist on this host +- name: Check for container files that exist on this host stat: path: "/etc/pve/lxc/{{ item }}.conf" loop: "{{ proxmox_lxc_ct_ids }}" register: stat_results -- name: filter out files that do not exist +- name: Filter out files that do not exist set_fact: proxmox_lxc_filtered_files: '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}' # used for the reboot handler -- name: get container ids from filtered files +- name: Get container ids from filtered files set_fact: proxmox_lxc_filtered_ids: '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}' diff --git a/roles/raspberrypi/handlers/main.yml b/roles/raspberrypi/handlers/main.yml index d25cf908..ac385a78 100644 --- a/roles/raspberrypi/handlers/main.yml +++ b/roles/raspberrypi/handlers/main.yml @@ -1,3 +1,3 @@ --- -- name: reboot +- name: Reboot reboot: diff --git a/roles/raspberrypi/tasks/main.yml b/roles/raspberrypi/tasks/main.yml index 48e36bc2..29f824a9 100644 --- a/roles/raspberrypi/tasks/main.yml +++ b/roles/raspberrypi/tasks/main.yml @@ -47,7 +47,7 @@ - raspberry_pi|default(false) - ansible_facts.lsb.description|default("") is match("Debian.*bullseye") -- name: execute OS related tasks on the Raspberry Pi - {{ action_ }} +- name: Execute OS related tasks on the Raspberry Pi - {{ action_ }} include_tasks: "{{ item }}" with_first_found: - "{{ action_ }}/{{ detected_distribution }}-{{ detected_distribution_major_version }}.yml" diff --git a/roles/reset_proxmox_lxc/handlers/main.yml b/roles/reset_proxmox_lxc/handlers/main.yml index 9b99cb2f..99541e8d 100644 --- a/roles/reset_proxmox_lxc/handlers/main.yml +++ b/roles/reset_proxmox_lxc/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: reboot containers +- name: Reboot containers command: "pct reboot {{ item }}" loop: "{{ proxmox_lxc_filtered_ids }}" diff --git a/roles/reset_proxmox_lxc/tasks/main.yml b/roles/reset_proxmox_lxc/tasks/main.yml index d9f402d9..46837c32 100644 --- a/roles/reset_proxmox_lxc/tasks/main.yml +++ b/roles/reset_proxmox_lxc/tasks/main.yml @@ -1,17 +1,17 @@ --- -- name: check for container files that exist on this host +- name: Check for container files that exist on this host stat: path: "/etc/pve/lxc/{{ item }}.conf" loop: "{{ proxmox_lxc_ct_ids }}" register: stat_results -- name: filter out files that do not exist +- name: Filter out files that do not exist set_fact: proxmox_lxc_filtered_files: '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}' # used for the reboot handler -- name: get container ids from filtered files +- name: Get container ids from filtered files set_fact: proxmox_lxc_filtered_ids: '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}' From 84f0d76e33e696d32fb2956294db37f8d92348de Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 18:19:23 +0200 Subject: [PATCH 12/15] Ansible Lint: Fix no-changed-when --- roles/proxmox_lxc/handlers/main.yml | 12 +++++++++--- roles/proxmox_lxc/tasks/main.yml | 6 ------ roles/reset_proxmox_lxc/handlers/main.yml | 6 +----- roles/reset_proxmox_lxc/tasks/main.yml | 6 ------ 4 files changed, 10 insertions(+), 20 deletions(-) mode change 100644 => 120000 roles/reset_proxmox_lxc/handlers/main.yml diff --git a/roles/proxmox_lxc/handlers/main.yml b/roles/proxmox_lxc/handlers/main.yml index 99541e8d..565c882c 100644 --- a/roles/proxmox_lxc/handlers/main.yml +++ b/roles/proxmox_lxc/handlers/main.yml @@ -1,5 +1,11 @@ --- - name: Reboot containers - command: - "pct reboot {{ item }}" - loop: "{{ proxmox_lxc_filtered_ids }}" + block: + - name: Get container ids from filtered files + set_fact: + proxmox_lxc_filtered_ids: >- + {{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }} + - name: Reboot container + command: "pct reboot {{ item }}" + loop: "{{ proxmox_lxc_filtered_ids }}" + changed_when: true diff --git a/roles/proxmox_lxc/tasks/main.yml b/roles/proxmox_lxc/tasks/main.yml index e7aa9f57..8ca1b3db 100644 --- a/roles/proxmox_lxc/tasks/main.yml +++ b/roles/proxmox_lxc/tasks/main.yml @@ -10,12 +10,6 @@ proxmox_lxc_filtered_files: '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}' -# used for the reboot handler -- name: Get container ids from filtered files - set_fact: - proxmox_lxc_filtered_ids: - '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}' - # https://gist.github.com/triangletodd/02f595cd4c0dc9aac5f7763ca2264185 - name: Ensure lxc config has the right apparmor profile lineinfile: diff --git a/roles/reset_proxmox_lxc/handlers/main.yml b/roles/reset_proxmox_lxc/handlers/main.yml deleted file mode 100644 index 99541e8d..00000000 --- a/roles/reset_proxmox_lxc/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Reboot containers - command: - "pct reboot {{ item }}" - loop: "{{ proxmox_lxc_filtered_ids }}" diff --git a/roles/reset_proxmox_lxc/handlers/main.yml b/roles/reset_proxmox_lxc/handlers/main.yml new file mode 120000 index 00000000..7f79c4b9 --- /dev/null +++ b/roles/reset_proxmox_lxc/handlers/main.yml @@ -0,0 +1 @@ +../../proxmox_lxc/handlers/main.yml \ No newline at end of file diff --git a/roles/reset_proxmox_lxc/tasks/main.yml b/roles/reset_proxmox_lxc/tasks/main.yml index 46837c32..74036b32 100644 --- a/roles/reset_proxmox_lxc/tasks/main.yml +++ b/roles/reset_proxmox_lxc/tasks/main.yml @@ -10,12 +10,6 @@ proxmox_lxc_filtered_files: '{{ stat_results.results | rejectattr("stat.exists", "false") | map(attribute="stat.path") }}' -# used for the reboot handler -- name: Get container ids from filtered files - set_fact: - proxmox_lxc_filtered_ids: - '{{ proxmox_lxc_filtered_files | map("split", "/") | map("last") | map("split", ".") | map("first") }}' - - name: Remove LXC apparmor profile lineinfile: dest: "{{ item }}" From cf137e96097eda28d8e13ebcc72e862159427742 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 18:24:27 +0200 Subject: [PATCH 13/15] Ansible Lint: Fix fqcn[action] --- roles/prereq/tasks/main.yml | 14 +++++++------- roles/raspberrypi/tasks/setup/Raspbian.yml | 4 ++-- roles/reset/tasks/umount_with_children.yml | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/roles/prereq/tasks/main.yml b/roles/prereq/tasks/main.yml index dcab6134..b85ae0df 100644 --- a/roles/prereq/tasks/main.yml +++ b/roles/prereq/tasks/main.yml @@ -1,30 +1,30 @@ --- - name: Set same timezone on every Server - timezone: + community.general.timezone: name: "{{ system_timezone }}" when: (system_timezone is defined) and (system_timezone != "Your/Timezone") - name: Set SELinux to disabled state - selinux: + ansible.posix.selinux: state: disabled when: ansible_os_family == "RedHat" - name: Enable IPv4 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv4.ip_forward value: "1" state: present reload: yes - name: Enable IPv6 forwarding - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding value: "1" state: present reload: yes - name: Enable IPv6 router advertisements - sysctl: + ansible.posix.sysctl: name: net.ipv6.conf.all.accept_ra value: "2" state: present @@ -38,13 +38,13 @@ when: ansible_os_family == "RedHat" - name: Load br_netfilter - modprobe: + community.general.modprobe: name: br_netfilter state: present when: ansible_os_family == "RedHat" - name: Set bridge-nf-call-iptables (just to be sure) - sysctl: + ansible.posix.sysctl: name: "{{ item }}" value: "1" state: present diff --git a/roles/raspberrypi/tasks/setup/Raspbian.yml b/roles/raspberrypi/tasks/setup/Raspbian.yml index 4e8790a5..03fd9431 100644 --- a/roles/raspberrypi/tasks/setup/Raspbian.yml +++ b/roles/raspberrypi/tasks/setup/Raspbian.yml @@ -17,13 +17,13 @@ flush: true - name: Changing to iptables-legacy - alternatives: + community.general.alternatives: path: /usr/sbin/iptables-legacy name: iptables register: ip4_legacy - name: Changing to ip6tables-legacy - alternatives: + community.general.alternatives: path: /usr/sbin/ip6tables-legacy name: ip6tables register: ip6_legacy diff --git a/roles/reset/tasks/umount_with_children.yml b/roles/reset/tasks/umount_with_children.yml index 5883b70a..e0f9d5c9 100644 --- a/roles/reset/tasks/umount_with_children.yml +++ b/roles/reset/tasks/umount_with_children.yml @@ -9,7 +9,7 @@ check_mode: false - name: Umount filesystem - mount: + ansible.posix.mount: path: "{{ item }}" state: unmounted with_items: From f6fb5d4ee0ac4597f881eeea357b141547f32b1b Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 18:25:48 +0200 Subject: [PATCH 14/15] Ansible Lint: Fix args[module] --- roles/k3s_server/tasks/main.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index de186a21..4a247398 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -6,12 +6,11 @@ state: stopped failed_when: false -- name: Clean previous runs of k3s-init +- name: Clean previous runs of k3s-init # noqa command-instead-of-module + # The systemd module does not support "reset-failed", so we need to resort to command. command: systemctl reset-failed k3s-init failed_when: false changed_when: false - args: - warn: false # The ansible systemd module does not support reset-failed - name: Deploy vip manifest include_tasks: vip.yml From 86dd1f31b853923051e774f69b22e645ffcd2e37 Mon Sep 17 00:00:00 2001 From: Simon Leiner Date: Sun, 16 Jul 2023 18:49:49 +0200 Subject: [PATCH 15/15] Improve task naming --- roles/k3s_server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/k3s_server/tasks/main.yml b/roles/k3s_server/tasks/main.yml index 4a247398..bd81a298 100644 --- a/roles/k3s_server/tasks/main.yml +++ b/roles/k3s_server/tasks/main.yml @@ -1,6 +1,6 @@ --- -- name: Clean previous runs of k3s-init +- name: Stop k3s-init systemd: name: k3s-init state: stopped