diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..1b6e891f --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,107 @@ +--- +# .ansible-lint +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option will be parsed relative to the CWD of execution. +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - .github/ + - roles/compute_build_nodes + - roles/compute_build_vnfs + - roles/gpu_build_nodes + - roles/gpu_build_vnfs + - roles/login_build_nodes + - roles/login_build_vnfs + - roles/nodes_vivify + - roles/ohpc_config + - roles/ohpc_install + - roles/pre_ohpc + - roles/viz_build_nodes + +# parseable: true +# quiet: true +# verbosity: 1 + +# Mock modules or roles in order to pass ansible-playbook --syntax-check +#mock_modules: +# - zuul_return +# # note the foo.bar is invalid as being neither a module or a collection +# - fake_namespace.fake_collection.fake_module +# - fake_namespace.fake_collection.fake_module.fake_submodule +#mock_roles: +# - mocked_role +# - author.role_name # old standalone galaxy role +# - fake_namespace.fake_collection.fake_role # role within a collection + +# Enable checking of loop variable prefixes in roles +#loop_var_prefix: "{role}_" + +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +# var_naming_pattern: "^[a-z_][a-z0-9_]*$" + +use_default_rules: true +# Load custom rules from this specific folder +# rulesdir: +# - ./rule/directory/ + +# This makes linter to fully ignore rules/tags listed below +skip_list: + - skip_this_tag + - git-latest + +# Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is +# mentioned in the enable_list: +enable_list: + - empty-string-compare # opt-in + - no-log-password # opt-in + - no-same-owner # opt-in + # add yaml here if you want to avoid ignoring yaml checks when yamllint + # library is missing. Normally its absence just skips using that rule. + - yaml +# Report only a subset of tags and fully ignore any others +# tags: +# - jinja[spacing] + +# This makes the linter display but not fail for rules/tags listed below: +warn_list: + - fqcn-builtins + - skip_this_tag + - git-latest + - experimental # experimental is included in the implicit list + # - role-name + # - yaml[document-start] # you can also use sub-rule matches + +# Some rules can transform files to fix (or make it easier to fix) identified +# errors. `ansible-lint --write` will reformat YAML files and run these transforms. +# By default it will run all transforms (effectively `write_list: ["all"]`). +# You can disable running transforms by setting `write_list: ["none"]`. +# Or only enable a subset of rule transforms by listing rules/tags here. +# write_list: +# - all + +# Offline mode disables installation of requirements.yml +offline: false + +# Define required Ansible's variables to satisfy syntax check +#extra_vars: +# foo: bar +# multiline_string_variable: | +# line1 +# line2 +# complex_variable: ":{;\t$()" + +# Uncomment to enforce action validation with tasks, usually is not +# needed as Ansible syntax check also covers it. +# skip_action_validation: false + +# List of additional kind:pattern to be added at the top of the default +# match list, first match determines the file kind. +kinds: + # - playbook: "**/examples/*.{yml,yaml}" + # - galaxy: "**/folder/galaxy.yml" + # - tasks: "**/tasks/*.yml" + # - vars: "**/vars/*.yml" + # - meta: "**/meta/main.yml" + - yaml: "**/*.yaml-too" diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 7ac4222d..ee2842a9 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -1,72 +1,21 @@ -# This is a basic workflow to help you get started with Actions - name: Ansible lint on: [pull_request] -# A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: - # This workflow contains a single job called "build" build: - # The type of runner that the job will run on runs-on: ubuntu-latest - container: - image: centos:7 - # Steps represent a sequence of tasks that will be executed as part of the job steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Get file changes - id: get_file_changes - uses: trilom/file-changes-action@v1.2.4 - with: - output: ' ' - - - name: Echo file changes - run: | - echo Changed files: ${{ steps.get_file_changes.outputs.files }} - - - name: Lint Ansible Playbook - # replace "master" with any valid ref - uses: iranzo/ansible-lint-action@master - with: - # [required] - # Paths to ansible files (i.e., playbooks, tasks, handlers etc..) - # or valid Ansible directories according to the Ansible role - # directory structure. - # If you want to lint multiple ansible files, use the following syntax - # targets: | - # playbook_1.yml - # playbook_2.yml - targets: "${{ steps.get_file_changes.outputs.files }}" - # [optional] - # Arguments to override a package and its version to be set explicitly. - # Must follow the example syntax. - override-deps: | - ansible==2.9 - ansible-lint==4.2.0 - # [optional] - # Arguments to be passed to the ansible-lint - - # Options: - # -q quieter, although not silent output - # -p parseable output in the format of pep8 - # --parseable-severity parseable output including severity of rule - # -r RULESDIR specify one or more rules directories using one or - # more -r arguments. Any -r flags override the default - # rules in ansiblelint/rules, unless -R is also used. - # -R Use default rules in ansiblelint/rules in addition to - # any extra - # rules directories specified with -r. There is no need - # to specify this if no -r flags are used - # -t TAGS only check rules whose id/tags match these values - # -x SKIP_LIST only check rules whose id/tags do not match these - # values - # --nocolor disable colored output - # --exclude=EXCLUDE_PATHS - # path to directories or files to skip. This option is - # repeatable. - # -c C Specify configuration file to use. Defaults to ".ansible-lint" - args: "--exclude .github" + - uses: actions/checkout@v2 + + - name: Get file changes + id: changed-files + uses: tj-actions/changed-files@v28.0.0 + + - name: Lint Ansible Playbook + # replace `main` with any valid ref, or tags like `v6` + uses: ansible-community/ansible-lint-action@main + # optional: + with: + path: ${{ steps.changed-files.outputs.all_changed_files }} diff --git a/cod.yaml b/cod.yaml index fbe8547e..b9c989ce 100644 --- a/cod.yaml +++ b/cod.yaml @@ -1,6 +1,6 @@ --- - hosts: headnode roles: - - { name: 'cod_module', tags: 'cod_module' } - - { name: 'cod_login_node', tags: 'cod_login_node' } - - { name: 'cod_compute_node', tags: 'cod_compute_node' } + - {name: 'cod_module', tags: 'cod_module'} + - {name: 'cod_login_node', tags: 'cod_login_node'} + - {name: 'cod_compute_node', tags: 'cod_compute_node'} diff --git a/ood-cod.yaml b/ood-cod.yaml index 2bad6f9d..944c898c 100644 --- a/ood-cod.yaml +++ b/ood-cod.yaml @@ -1,7 +1,7 @@ --- - hosts: chroot roles: - - { name: 'ood', tags: 'ood' } + - {name: 'ood', tags: 'ood' } - { name: 'ood_enable_ssl', tags: 'ood_enable_ssl' } - { name: 'ood_jupyter', tags: 'ood_jupyter', when: jupyter_provision} - { name: 'ood_vnc_form', tags: 'ood_vnc_form' } diff --git a/ood.yaml b/ood.yaml deleted file mode 100644 index f5563e84..00000000 --- a/ood.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: ood - roles: - - { name: 'prep_ood', tags: 'prep_ood' } - - { name: 'ood', tags: 'ood' } - - { name: 'warewulf_sync', tags: 'warewulf_sync' } - - { name: 'ood_jupyter', tags: 'ood_jupyter', when: jupyter_provision} - - { name: 'ood_vnc_form', tags: 'ood_vnc_form' } - - { name: 'ood_add_rstudio', tags: 'ood_add_rstudio', when: rstudio_provision } - - { name: 'ood_matlab', tags: 'ood_matlab', when: matlab_provision } - - { name: 'ood_sas', tags: 'ood_sas', when: sas_provision } - - { name: 'ood_firewall_and_services', tags: 'ood_firewall_and_services' } - - { name: 'ohpc_firewall_and_services', tags: 'ohpc_firewall_and_services' } - - { name: 'ood_shib_sso', tags: 'ood_shib_sso', when: enable_shib } - - { name: 'ood_user_reg', tags: 'ood_user_reg', when: enable_user_reg } - - { name: 'warewulf_sync', tags: 'warewulf_sync' } diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 00000000..8dd51618 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +--- +collections: + - community.general diff --git a/roles/cod_module/tasks/main.yaml b/roles/cod_module/tasks/main.yaml index 29859510..b8ee69e0 100644 --- a/roles/cod_module/tasks/main.yaml +++ b/roles/cod_module/tasks/main.yaml @@ -20,7 +20,7 @@ - name: Put DefaultModules in place copy: src: DefaultModules.lua - dest: "{{ item }}" + dest: {{ item }} loop: - "/usr/share/modulefiles" - "/cm/images/default-image/usr/share/modulefiles" diff --git a/roles/ood_add_rstudio/files/submit.yml b/roles/ood_add_rstudio/files/submit.yml.erb similarity index 100% rename from roles/ood_add_rstudio/files/submit.yml rename to roles/ood_add_rstudio/files/submit.yml.erb diff --git a/roles/ood_add_rstudio/tasks/main.yaml b/roles/ood_add_rstudio/tasks/main.yaml index e74ba615..73a4ca72 100644 --- a/roles/ood_add_rstudio/tasks/main.yaml +++ b/roles/ood_add_rstudio/tasks/main.yaml @@ -14,7 +14,7 @@ - name: Replace form submission template copy: - src: submit.yml + src: submit.yml.erb dest: /var/www/ood/apps/sys/bc_rstudio_server/submit.yml.erb - name: Replace manifest file