diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..f179e49 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,60 @@ +name: Ansible Lint # feel free to pick your own name + +on: [push, pull_request] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + # Important: This sets up your GITHUB_WORKSPACE environment variable + - uses: actions/checkout@v2 + +# - name: Install Ansible galaxy roles +# run: ansible-galaxy install -r requirements.yml + + - name: Lint Ansible Playbook + # replace "master" with any valid ref + uses: ansible/ansible-lint-action@master + with: + # [required] + # Paths to ansible files (i.e., playbooks, tasks, handlers etc..) + # or valid Ansible directories according to the Ansible role + # directory structure. + # If you want to lint multiple ansible files, use the following syntax + # targets: | + # playbook_1.yml + # playbook_2.yml + targets: | + playbooks/virthost-setup.yml + playbooks/kube-install.yml + playbooks/kube-install-ovn.yml + # [optional] + # Arguments to override a package and its version to be set explicitly. + # Must follow the example syntax. + override-deps: | + ansible==2.10.6 + ansible-lint==5.0.2 + # [optional] + # Arguments to be passed to the ansible-lint + # Options: + # -q quieter, although not silent output + # -p parseable output in the format of pep8 + # --parseable-severity parseable output including severity of rule + # -r RULESDIR specify one or more rules directories using one or + # more -r arguments. Any -r flags override the default + # rules in ansiblelint/rules, unless -R is also used. + # -R Use default rules in ansiblelint/rules in addition to + # any extra + # rules directories specified with -r. There is no need + # to specify this if no -r flags are used + # -t TAGS only check rules whose id/tags match these values + # -x SKIP_LIST only check rules whose id/tags do not match these + # values + # --nocolor disable colored output + # --exclude=EXCLUDE_PATHS + # path to directories or files to skip. This option is + # repeatable. + # -c C Specify configuration file to use. Defaults to ".ansible-lint" + args: "-x risky-file-permissions -x role-name" diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 1d69908..0000000 --- a/.travis.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -sudo: required -language: python -python: '2.7' - -services: - - docker - -before_install: - # perform updates - - sudo apt-get update -qq - - # install ansible - - sudo apt-get install -qq python-apt - -install: - - pip install ansible - - pip install ansible-lint - - ansible-galaxy install -r requirements.yml - -script: - - ansible-lint playbooks/virthost-setup.yml - - ansible-lint playbooks/kube-install.yml - - ansible-lint playbooks/kube-install-ovn.yml diff --git a/playbooks/kube-install-ovn.yml b/playbooks/kube-install-ovn.yml index 59025f2..dde5152 100644 --- a/playbooks/kube-install-ovn.yml +++ b/playbooks/kube-install-ovn.yml @@ -33,7 +33,7 @@ sysctl_set: yes state: present reload: yes - - name: Load module if parameter is not in node # noqa 301 + - name: Load module if parameter is not in node # noqa no-changed-when shell: > if [ ! -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then \ modprobe br_netfilter; \ diff --git a/playbooks/kube-install.yml b/playbooks/kube-install.yml index ba9134b..6207035 100644 --- a/playbooks/kube-install.yml +++ b/playbooks/kube-install.yml @@ -32,7 +32,7 @@ sysctl_set: yes state: present reload: yes - - name: Load module if parameter is not in node # noqa 301 + - name: Load module if parameter is not in node # noqa no-changed-when shell: > if [ ! -f /proc/sys/net/bridge/bridge-nf-call-iptables ]; then \ modprobe br_netfilter; \ diff --git a/roles/bridge-setup/tasks/main.yml b/roles/bridge-setup/tasks/main.yml index 31cc481..a5ac959 100644 --- a/roles/bridge-setup/tasks/main.yml +++ b/roles/bridge-setup/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: Install bridge-utils and firewalld # noqa 403 +- name: Install bridge-utils and firewalld # noqa package-latest yum: name: bridge-utils,firewalld state: latest @@ -10,7 +10,7 @@ state: started enabled: yes -- name: Accept bridge forwarding and accept packets # noqa 301 +- name: Accept bridge forwarding and accept packets # noqa no-changed-when shell: > firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT; firewall-cmd --permanent --direct --passthrough ipv4 -D INPUT -j REJECT --reject-with icmp-host-prohibited diff --git a/roles/cri-o-install/tasks/build_install.yml b/roles/cri-o-install/tasks/build_install.yml index 59efeda..c8a8b36 100644 --- a/roles/cri-o-install/tasks/build_install.yml +++ b/roles/cri-o-install/tasks/build_install.yml @@ -72,7 +72,7 @@ dest: "{{ ansible_env.HOME }}/{{ gopath }}/src/github.com/containernetworking/plugins" version: master -- name: build runc # noqa 301 +- name: build runc # noqa no-changed-when shell: | cd {{ ansible_env.HOME }}/{{ gopath }}/src/github.com/opencontainers/runc && \ export GOPATH={{ ansible_env.HOME }}/{{ gopath }} && \ @@ -80,13 +80,13 @@ environment: PATH: "{{ extended_path }}" -- name: link runc # noqa 301 +- name: link runc # noqa no-changed-when file: src: /usr/local/sbin/runc dest: /usr/bin/runc state: link -- name: build cri-o # noqa 301 +- name: build cri-o # noqa no-changed-when shell: | cd {{ ansible_env.HOME }}/{{ gopath }}/src/github.com/cri-o/cri-o && \ make && \ @@ -99,7 +99,7 @@ PATH: "{{ extended_path }}" GOPATH: "{{ ansible_env.HOME }}/{{ gopath }}" -- name: build conmon # noqa 301 +- name: build conmon # noqa no-changed-when shell: | cd {{ ansible_env.HOME }}/{{ gopath }}/src/github.com/containers/conmon && \ make && \ @@ -108,7 +108,7 @@ PATH: "{{ extended_path }}" GOPATH: "{{ ansible_env.HOME }}/{{ gopath }}" -- name: build cri-tools # noqa 301 +- name: build cri-tools # noqa no-changed-when shell: | cd {{ ansible_env.HOME }}/{{ gopath }}/src/github.com/kubernetes-sigs/cri-tools && \ make && \ @@ -117,7 +117,7 @@ PATH: "{{ extended_path }}" GOPATH: "{{ ansible_env.HOME }}/{{ gopath }}" -- name: build CNI stuff # noqa 301 +- name: build CNI stuff # noqa no-changed-when shell: | cd {{ ansible_env.HOME }}/{{ gopath }}/src/github.com/containernetworking/plugins && \ ./build_linux.sh && \ @@ -154,7 +154,7 @@ sysctl_set: yes sysctl_file: /etc/sysctl.conf -- name: systemd dropin for kubeadm # noqa 301 +- name: systemd dropin for kubeadm # noqa no-changed-when shell: > sh -c 'echo "[Service] Environment=\"KUBELET_EXTRA_ARGS=--container-runtime=remote diff --git a/roles/cri-o-install/tasks/pkg_copr_install.yml b/roles/cri-o-install/tasks/pkg_copr_install.yml index ebc9aeb..431fcce 100644 --- a/roles/cri-o-install/tasks/pkg_copr_install.yml +++ b/roles/cri-o-install/tasks/pkg_copr_install.yml @@ -78,7 +78,7 @@ with_items: - /etc/systemd/system/kubelet.service.d/ -- name: systemd dropin for kubeadm # noqa 301 +- name: systemd dropin for kubeadm # noqa no-changed-when shell: > sh -c 'echo "[Service] Environment=\"KUBELET_EXTRA_ARGS=--cgroup-driver=systemd diff --git a/roles/kube-init/tasks/main.yml b/roles/kube-init/tasks/main.yml index bb76f1f..42a5a0f 100644 --- a/roles/kube-init/tasks/main.yml +++ b/roles/kube-init/tasks/main.yml @@ -93,7 +93,7 @@ path: /etc/.kubeadm-complete state: directory -- name: Get join command # noqa 301 +- name: Get join command # noqa no-changed-when shell: > kubeadm token create --print-join-command register: kubeadm_join_output diff --git a/roles/multus-2nics-setup/tasks/main.yml b/roles/multus-2nics-setup/tasks/main.yml index 5acbc6f..d2f5f8f 100644 --- a/roles/multus-2nics-setup/tasks/main.yml +++ b/roles/multus-2nics-setup/tasks/main.yml @@ -22,7 +22,7 @@ group: root mode: 0755 -- name: Delete automatically created connection # noqa 301 +- name: Delete automatically created connection # noqa no-changed-when shell: | nmcli d disconnect eth1 && \ nmcli c delete 'Wired connection 1' @@ -39,10 +39,10 @@ dest: /etc/sysconfig/network-scripts/ifcfg-eth1.1 when: "'master' in group_names" -- name: Reload NetworkManager connection # noqa 301 +- name: Reload NetworkManager connection # noqa no-changed-when command: nmcli connection reload -- name: bring up eth1 # noqa 301 +- name: bring up eth1 # noqa no-changed-when command: nmcli c up eth1 - name: rename eth1.1 connection name diff --git a/roles/ovnkube-setup/tasks/main.yml b/roles/ovnkube-setup/tasks/main.yml index 7f856b7..9afd596 100644 --- a/roles/ovnkube-setup/tasks/main.yml +++ b/roles/ovnkube-setup/tasks/main.yml @@ -1,4 +1,4 @@ -- name: Taint master nodes # noqa 301 +- name: Taint master nodes # noqa no-changed-when command: kubectl taint nodes --all node-role.kubernetes.io/master- failed_when: false @@ -9,7 +9,7 @@ path: ${HOME}/work/src/github.com/ovn-org state: directory - - name: git clone # noqa 401 + - name: git clone # noqa git-latest git: repo: "{{ ovn_kubernetes_repo | default('https://github.com/ovn-org/ovn-kubernetes') }}" dest: ${HOME}/work/src/github.com/ovn-org/ovn-kubernetes @@ -78,10 +78,11 @@ - ovnkube-node.yaml when: enable_ovn_raft is not defined and not enable_ovn_raft -- name: Patch coredns +- name: Patch coredns # noqa no-changed-when command: | - kubectl -n kube-system patch deploy coredns -p '{"spec":{"template":{"metadata":{"annotations": {"kubernetes.io/egress-bandwidth": "1M", "kubernetes.io/ingress-bandwidth": "1M"}}}}}' + kubectl -n kube-system patch deploy coredns -p \ + '{"spec":{"template":{"metadata":{"annotations": {"kubernetes.io/egress-bandwidth": "1M", "kubernetes.io/ingress-bandwidth": "1M" }}}}}' -- name: Stop kube-proxy daemonset # noqa 301 +- name: Stop kube-proxy daemonset # noqa no-changed-when command: kubectl -n kube-system delete ds kube-proxy failed_when: false