Add noqa and disable .ansible-lint global exclusions (#6410)

e70f27dd · Maxime Guyot · GitHub · b680cdd0 · e70f27dd · e70f27dd
Unverified Commit e70f27dd authored 4 years ago by Maxime Guyot Committed by GitHub 4 years ago
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -2,15 +2,8 @@
 parseable: true
 skip_list:
  # see https://docs.ansible.com/ansible-lint/rules/default_rules.html for a list of all default rules
-  # The following rules throw errors.
-  # These either still need to be corrected in the repository and the rules re-enabled or documented why they are skipped on purpose.
+  # DO NOT add any other rules to this skip_list, instead use local `# noqa` with a comment explaining WHY it is necessary
-  - '301'
-  - '302'
-  - '303'
-  - '305'
-  - '306'
-  - '404'
-  - '503'
  # These rules are intentionally skipped:
  #

--- a/contrib/azurerm/roles/generate-inventory/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-inventory/tasks/main.yml
 ---
- name: Query Azure VMs
+- name: Query Azure VMs  # noqa 301
  command: azure vm list-ip-address --json {{ azure_resource_group }}
  register: vm_list_cmd

--- a/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
+++ b/contrib/azurerm/roles/generate-inventory_2/tasks/main.yml
 ---
- name: Query Azure VMs IPs
+- name: Query Azure VMs IPs  # noqa 301
  command: az vm list-ip-addresses -o json --resource-group {{ azure_resource_group }}
  register: vm_ip_list_cmd
- name: Query Azure VMs Roles
+- name: Query Azure VMs Roles  # noqa 301
  command: az vm list -o json --resource-group {{ azure_resource_group }}
  register: vm_list_cmd
- name: Query Azure Load Balancer Public IP
+- name: Query Azure Load Balancer Public IP  # noqa 301
  command: az network public-ip show -o json -g {{ azure_resource_group }} -n kubernetes-api-pubip
  register: lb_pubip_cmd

--- a/contrib/dind/roles/dind-host/tasks/main.yaml
+++ b/contrib/dind/roles/dind-host/tasks/main.yaml
@@ -69,7 +69,7 @@
 # Running systemd-machine-id-setup doesn't create a unique id for each node container on Debian,
 # handle manually
- name: Re-create unique machine-id (as we may just get what comes in the docker image), needed by some CNIs for mac address seeding (notably weave)
+- name: Re-create unique machine-id (as we may just get what comes in the docker image), needed by some CNIs for mac address seeding (notably weave)  # noqa 301
  raw: |
    echo {{ item | hash('sha1') }} > /etc/machine-id.new
    mv -b /etc/machine-id.new /etc/machine-id

--- a/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml
+++ b/contrib/network-storage/glusterfs/roles/glusterfs/client/tasks/setup-Debian.yml
@@ -7,7 +7,7 @@
  register: glusterfs_ppa_added
  when: glusterfs_ppa_use
- name: Ensure GlusterFS client will reinstall if the PPA was just added.
+- name: Ensure GlusterFS client will reinstall if the PPA was just added.  # noqa 503
  apt:
    name: "{{ item }}"
    state: absent

--- a/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml
+++ b/contrib/network-storage/glusterfs/roles/glusterfs/server/tasks/setup-Debian.yml
@@ -7,7 +7,7 @@
  register: glusterfs_ppa_added
  when: glusterfs_ppa_use
- name: Ensure GlusterFS will reinstall if the PPA was just added.
+- name: Ensure GlusterFS will reinstall if the PPA was just added.  # noqa 503
  apt:
    name: "{{ item }}"
    state: absent

--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/tear-down.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/tear-down.yml
@@ -6,7 +6,7 @@
 - name: "Delete bootstrap Heketi."
  command: "{{ bin_dir }}/kubectl delete all,service,jobs,deployment,secret --selector=\"deploy-heketi\""
  when: "heketi_resources.stdout|from_json|json_query('items[*]')|length > 0"
- name: "Ensure there is nothing left over."
+- name: "Ensure there is nothing left over."  # noqa 301
  command: "{{ bin_dir }}/kubectl get all,service,jobs,deployment,secret --selector=\"deploy-heketi\" -o=json"
  register: "heketi_result"
  until: "heketi_result.stdout|from_json|json_query('items[*]')|length == 0"

--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/topology.yml
@@ -13,7 +13,7 @@
 - name: "Copy topology configuration into container."
  changed_when: false
  command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ initial_heketi_pod_name }}:/tmp/topology.json"
- name: "Load heketi topology."
+- name: "Load heketi topology."  # noqa 503
  when: "render.changed"
  command: "{{ bin_dir }}/kubectl exec {{ initial_heketi_pod_name }} -- heketi-cli --user admin --secret {{ heketi_admin_key }} topology load --json=/tmp/topology.json"
  register: "load_heketi"

--- a/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/volumes.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/bootstrap/volumes.yml
@@ -18,7 +18,7 @@
 - name: "Provision database volume."
  command: "{{ bin_dir }}/kubectl exec {{ initial_heketi_pod_name }} -- heketi-cli --user admin --secret {{ heketi_admin_key }} setup-openshift-heketi-storage"
  when: "heketi_database_volume_exists is undefined"
- name: "Copy configuration from pod."
+- name: "Copy configuration from pod."  # noqa 301
  become: true
  command: "{{ bin_dir }}/kubectl cp {{ initial_heketi_pod_name }}:/heketi-storage.json {{ kube_config_dir }}/heketi-storage-bootstrap.json"
 - name: "Get heketi volume ids."

--- a/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
+++ b/contrib/network-storage/heketi/roles/provision/tasks/topology.yml
@@ -10,10 +10,10 @@
  template:
    src: "topology.json.j2"
    dest: "{{ kube_config_dir }}/topology.json"
- name: "Copy topology configuration into container."
+- name: "Copy topology configuration into container."  # noqa 503
  when: "rendering.changed"
  command: "{{ bin_dir }}/kubectl cp {{ kube_config_dir }}/topology.json {{ heketi_pod_name }}:/tmp/topology.json"
- name: "Load heketi topology."
+- name: "Load heketi topology."  # noqa 503
  when: "rendering.changed"
  command: "{{ bin_dir }}/kubectl exec {{ heketi_pod_name }} -- heketi-cli --user admin --secret {{ heketi_admin_key }} topology load --json=/tmp/topology.json"
 - name: "Get heketi topology."

--- a/contrib/network-storage/heketi/roles/tear-down-disks/tasks/main.yml
+++ b/contrib/network-storage/heketi/roles/tear-down-disks/tasks/main.yml
@@ -22,7 +22,7 @@
  ignore_errors: true
  changed_when: false
- name: "Remove volume groups."
+- name: "Remove volume groups."  # noqa 301
  environment:
    PATH: "{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
  become: true
@@ -30,7 +30,7 @@
  with_items: "{{ volume_groups.stdout_lines }}"
  loop_control: { loop_var: "volume_group" }
- name: "Remove physical volume from cluster disks."
+- name: "Remove physical volume from cluster disks."  # noqa 301
  environment:
    PATH: "{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
  become: true

--- a/contrib/network-storage/heketi/roles/tear-down/tasks/main.yml
+++ b/contrib/network-storage/heketi/roles/tear-down/tasks/main.yml
 ---
- name: "Remove storage class."
+- name: "Remove storage class."  # noqa 301
  command: "{{ bin_dir }}/kubectl delete storageclass gluster"
  ignore_errors: true
- name: "Tear down heketi."
+- name: "Tear down heketi."  # noqa 301
  command: "{{ bin_dir }}/kubectl delete all,service,jobs,deployment,secret --selector=\"glusterfs=heketi-pod\""
  ignore_errors: true
- name: "Tear down heketi."
+- name: "Tear down heketi."  # noqa 301
  command: "{{ bin_dir }}/kubectl delete all,service,jobs,deployment,secret --selector=\"glusterfs=heketi-deployment\""
  ignore_errors: true
 - name: "Tear down bootstrap."
  include_tasks: "../provision/tasks/bootstrap/tear-down.yml"
- name: "Ensure there is nothing left over."
+- name: "Ensure there is nothing left over."  # noqa 301
  command: "{{ bin_dir }}/kubectl get all,service,jobs,deployment,secret --selector=\"glusterfs=heketi-pod\" -o=json"
  register: "heketi_result"
  until: "heketi_result.stdout|from_json|json_query('items[*]')|length == 0"
  retries: 60
  delay: 5
- name: "Ensure there is nothing left over."
+- name: "Ensure there is nothing left over."  # noqa 301
  command: "{{ bin_dir }}/kubectl get all,service,jobs,deployment,secret --selector=\"glusterfs=heketi-deployment\" -o=json"
  register: "heketi_result"
  until: "heketi_result.stdout|from_json|json_query('items[*]')|length == 0"
  retries: 60
  delay: 5
- name: "Tear down glusterfs."
+- name: "Tear down glusterfs."  # noqa 301
  command: "{{ bin_dir }}/kubectl delete daemonset.extensions/glusterfs"
  ignore_errors: true
- name: "Remove heketi storage service."
+- name: "Remove heketi storage service."  # noqa 301
  command: "{{ bin_dir }}/kubectl delete service heketi-storage-endpoints"
  ignore_errors: true
- name: "Remove heketi gluster role binding"
+- name: "Remove heketi gluster role binding"  # noqa 301
  command: "{{ bin_dir }}/kubectl delete clusterrolebinding heketi-gluster-admin"
  ignore_errors: true
- name: "Remove heketi config secret"
+- name: "Remove heketi config secret"  # noqa 301
  command: "{{ bin_dir }}/kubectl delete secret heketi-config-secret"
  ignore_errors: true
- name: "Remove heketi db backup"
+- name: "Remove heketi db backup"  # noqa 301
  command: "{{ bin_dir }}/kubectl delete secret heketi-db-backup"
  ignore_errors: true
- name: "Remove heketi service account"
+- name: "Remove heketi service account"  # noqa 301
  command: "{{ bin_dir }}/kubectl delete serviceaccount heketi-service-account"
  ignore_errors: true
 - name: "Get secrets"

--- a/extra_playbooks/migrate_openstack_provider.yml
+++ b/extra_playbooks/migrate_openstack_provider.yml
@@ -16,13 +16,13 @@
        src: get_cinder_pvs.sh
        dest: /tmp
        mode: u+rwx
-    - name: Get PVs provisioned by in-tree cloud provider
+    - name: Get PVs provisioned by in-tree cloud provider  # noqa 301
      command: /tmp/get_cinder_pvs.sh
      register: pvs
    - name: Remove get_cinder_pvs.sh
      file:
        path: /tmp/get_cinder_pvs.sh
        state: absent
-    - name: Rewrite the "pv.kubernetes.io/provisioned-by" annotation
+    - name: Rewrite the "pv.kubernetes.io/provisioned-by" annotation  # noqa 301
      command: "{{ bin_dir }}/kubectl annotate --overwrite pv {{ item }} pv.kubernetes.io/provisioned-by=cinder.csi.openstack.org"
      loop: "{{ pvs.stdout_lines | list }}"
--- a/roles/container-engine/containerd/tasks/crictl.yml
+++ b/roles/container-engine/containerd/tasks/crictl.yml
@@ -4,7 +4,7 @@
  vars:
    download: "{{ download_defaults | combine(downloads.crictl) }}"
- name: Install crictl config
+- name: Install crictl config  # noqa 404
  template:
    src: ../templates/crictl.yaml.j2
    dest: /etc/crictl.yaml

--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -34,7 +34,7 @@
  tags:
    - facts
- name: disable unified_cgroup_hierarchy in Fedora 31+
+- name: disable unified_cgroup_hierarchy in Fedora 31+  # noqa 305
  shell:
    cmd: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
  when:

--- a/roles/container-engine/cri-o/tasks/crictl.yml
+++ b/roles/container-engine/cri-o/tasks/crictl.yml
@@ -4,7 +4,7 @@
  vars:
    download: "{{ download_defaults | combine(downloads.crictl) }}"
- name: Install crictl config
+- name: Install crictl config  # noqa 404
  template:
    src: ../templates/crictl.yaml.j2
    dest: /etc/crictl.yaml
@@ -21,7 +21,7 @@
    group: no
  delegate_to: "{{ inventory_hostname }}"
- name: Get crictl completion
+- name: Get crictl completion  # noqa 305
  shell: "{{ bin_dir }}/crictl completion"
  changed_when: False
  register: cri_completion

--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -59,7 +59,7 @@
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "8"
- name: Ensure latest version of libseccom installed
+- name: Ensure latest version of libseccom installed  # noqa 303
  command: "yum update -y libseccomp"
  when:
    - ansible_distribution == "CentOS"

--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@@ -47,7 +47,7 @@
  tags:
    - facts
- name: disable unified_cgroup_hierarchy in Fedora 31+
+- name: disable unified_cgroup_hierarchy in Fedora 31+  # noqa 305
  shell:
    cmd: grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
  when:

--- a/roles/container-engine/docker/tasks/set_facts_dns.yml
+++ b/roles/container-engine/docker/tasks/set_facts_dns.yml
@@ -28,13 +28,13 @@
  set_fact:
    docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains|default([]) }}"
- name: check system nameservers
+- name: check system nameservers  # noqa 306
  shell: grep "^nameserver" /etc/resolv.conf | sed -r 's/^nameserver\s*([^#\s]+)\s*(#.*)?/\1/'
  changed_when: False
  register: system_nameservers
  check_mode: no
- name: check system search domains
+- name: check system search domains  # noqa 306
  shell: grep "^search" /etc/resolv.conf | sed -r 's/^search\s*([^#]+)\s*(#.*)?/\1/'
  changed_when: False
  register: system_search_domains

--- a/roles/container-engine/docker/tasks/systemd.yml
+++ b/roles/container-engine/docker/tasks/systemd.yml
@@ -11,7 +11,7 @@
  notify: restart docker
  when: http_proxy is defined or https_proxy is defined
- name: get systemd version
+- name: get systemd version  # noqa 306
  # noqa 303 - systemctl is called intentionally here
  shell: systemctl --version | head -n 1 | cut -d " " -f 2
  register: systemd_version