Move to Ansible 3.4.0 (#7672)

* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
2026-01-31 17:19:17 -03:30 · 2021-07-12 10:00:47 +03:00
parent b0e4c375a7
commit 7516fe142f
103 changed files with 298 additions and 129 deletions
--- a/tests/cloud_playbooks/create-aws.yml
+++ b/tests/cloud_playbooks/create-aws.yml
@@ -22,3 +22,4 @@
    template:
      src: ../templates/inventory-aws.j2  # noqa 404 CI inventory templates are not in role_path
      dest: "{{ inventory_path }}"
+      mode: 0644
--- a/tests/cloud_playbooks/create-do.yml
+++ b/tests/cloud_playbooks/create-do.yml
@@ -79,7 +79,7 @@
      register: droplets
      with_items: "{{ instance_names }}"

-    - debug:
+    - debug:  # noqa unnamed-task
        msg: "{{ droplets }}, {{ inventory_path }}"
      when: state == 'present'

@@ -87,4 +87,5 @@
      template:
        src: ../templates/inventory-do.j2  # noqa 404 CI templates are not in role_path
        dest: "{{ inventory_path }}"
+        mode: 0644
      when: state == 'present'
--- a/tests/cloud_playbooks/create-gce.yml
+++ b/tests/cloud_playbooks/create-gce.yml
@@ -28,7 +28,7 @@
          {%- endif -%}

    - name: Create gce instances
-      gce:
+      google.cloud.gcp_compute_instance:
        instance_names: "{{ instance_names }}"
        machine_type: "{{ cloud_machine_type }}"
        image: "{{ cloud_image | default(omit) }}"
@@ -53,17 +53,20 @@
      template:
        src: ../templates/inventory-gce.j2
        dest: "{{ inventory_path }}"
+        mode: 0644

    - name: Make group_vars directory
      file:
        path: "{{ inventory_path|dirname }}/group_vars"
        state: directory
+        mode: 0755
      when: mode in ['scale', 'separate-scale', 'ha-scale']

    - name: Template fake hosts group vars  # noqa 404 CI templates are not in role_path
      template:
        src: ../templates/fake_hosts.yml.j2
        dest: "{{ inventory_path|dirname }}/group_vars/fake_hosts.yml"
+        mode: 0644
      when: mode in ['scale', 'separate-scale', 'ha-scale']

    - name: Delete group_vars directory
--- a/tests/cloud_playbooks/delete-gce.yml
+++ b/tests/cloud_playbooks/delete-gce.yml
@@ -20,7 +20,7 @@
          {%- endif -%}

    - name: stop gce instances
-      gce:
+      google.cloud.gcp_compute_instance:
        instance_names: "{{ instance_names }}"
        image: "{{ cloud_image | default(omit) }}"
        service_account_email: "{{ gce_service_account_email }}"
@@ -34,7 +34,7 @@
      register: gce

    - name: delete gce instances
-      gce:
+      google.cloud.gcp_compute_instance:
        instance_names: "{{ instance_names }}"
        image: "{{ cloud_image | default(omit) }}"
        service_account_email: "{{ gce_service_account_email }}"
--- a/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
+++ b/tests/cloud_playbooks/roles/packet-ci/tasks/create-vms.yml
@@ -12,11 +12,13 @@
  file:
    path: "/tmp/{{ test_name }}"
    state: directory
+    mode: 0755

 - name: Template vm files for CI job
  template:
    src: "vm.yml.j2"
    dest: "/tmp/{{ test_name }}/instance-{{ vm_id }}.yml"
+    mode: 0644
  loop: "{{ range(1, vm_count|int + 1, 1) | list }}"
  loop_control:
    index_var: vm_id
@@ -47,5 +49,6 @@
  template:
    src: "inventory.j2"
    dest: "{{ inventory_path }}"
+    mode: 0644
  vars:
    vms: "{{ vm_ips }}"
--- a/tests/cloud_playbooks/upload-logs-gcs.yml
+++ b/tests/cloud_playbooks/upload-logs-gcs.yml
@@ -33,11 +33,13 @@
      template:
        src: gcs_life.json.j2
        dest: "{{ dir }}/gcs_life.json"
+        mode: 0644

    - name: Create a boto config to access GCS
      template:
        src: boto.j2
        dest: "{{ dir }}/.boto"
+        mode: 0640
      no_log: True

    - name: Download gsutil cp installer
@@ -74,5 +76,5 @@
      failed_when: false
      no_log: True

-    - debug:
+    - debug:  # noqa unnamed-task
        msg: "A public url https://storage.googleapis.com/{{ test_name }}/{{ file_name }}"
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -4,7 +4,7 @@ apache-libcloud==2.2.1
 tox==3.11.1
 dopy==0.3.7
 cryptography==2.8
-ansible-lint==4.2.0
+ansible-lint==5.0.11
 openshift==0.8.8
 molecule==3.0.6
 molecule-vagrant==0.3
--- a/tests/scripts/testcases_prepare.sh
+++ b/tests/scripts/testcases_prepare.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 set -euxo pipefail

+/usr/bin/python -m pip uninstall -y ansible
 /usr/bin/python -m pip install -r tests/requirements.txt
 mkdir -p /.ssh
 mkdir -p cluster-dump
--- a/tests/testcases/010_check-apiserver.yml
+++ b/tests/testcases/010_check-apiserver.yml
@@ -9,7 +9,7 @@
      status_code: 200
    register: apiserver_response

-  - debug:
+  - debug:  # noqa unnamed-task
      msg: "{{ apiserver_response.json }}"

  - name: Check API servers version
--- a/tests/testcases/015_check-nodes-ready.yml
+++ b/tests/testcases/015_check-nodes-ready.yml
@@ -12,7 +12,7 @@
      bin_dir: "/usr/local/bin"
    when: not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]

-  - import_role:
+  - import_role:  # noqa unnamed-task
      name: cluster-dump

  - name: Check kubectl output
@@ -21,7 +21,7 @@
    register: get_nodes
    no_log: true

-  - debug:
+  - debug:  # noqa unnamed-task
      msg: "{{ get_nodes.stdout.split('\n') }}"

  - name: Check that all nodes are running and ready
--- a/tests/testcases/020_check-pods-running.yml
+++ b/tests/testcases/020_check-pods-running.yml
@@ -12,7 +12,7 @@
      bin_dir: "/usr/local/bin"
    when: not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]

-  - import_role:
+  - import_role:  # noqa unnamed-task
      name: cluster-dump

  - name: Check kubectl output
@@ -21,7 +21,7 @@
    register: get_pods
    no_log: true

-  - debug:
+  - debug:  # noqa unnamed-task
      msg: "{{ get_pods.stdout.split('\n') }}"

  - name: Check that all pods are running and ready
@@ -44,6 +44,6 @@
    register: get_pods
    no_log: true

-  - debug:
+  - debug:  # noqa unnamed-task
      msg: "{{ get_pods.stdout.split('\n') }}"
    failed_when: not run_pods_log is success
--- a/tests/testcases/030_check-network.yml
+++ b/tests/testcases/030_check-network.yml
@@ -34,7 +34,7 @@
      when: get_csr.stdout_lines | length > 0
      changed_when: certificate_approve.stdout

-    - debug:
+    - debug:  # noqa unnamed-task
        msg: "{{ certificate_approve.stdout.split('\n') }}"

    when: kubelet_rotate_server_certificates | default(false)
@@ -60,7 +60,7 @@
    - busybox1
    - busybox2

-  - import_role:
+  - import_role:  # noqa unnamed-task
      name: cluster-dump

  - name: Check that all pods are running and ready
@@ -83,7 +83,7 @@
    register: pods
    no_log: true

-  - debug:
+  - debug:  # noqa unnamed-task
      msg: "{{ pods.stdout.split('\n') }}"
    failed_when: not run_pods_log is success

@@ -92,7 +92,7 @@
            jsonpath='{range .items[?(.spec.hostNetwork)]}{.metadata.name} {.status.podIP} {.status.containerStatuses} {end}'"
    changed_when: false
    register: hostnet_pods
-    ignore_errors: true
+    ignore_errors: true  # noqa ignore-errors
    no_log: true

  - name: Get running pods
@@ -108,7 +108,7 @@
    register: get_pods
    no_log: true

-  - debug:
+  - debug:  # noqa unnamed-task
      msg: "{{ get_pods.stdout.split('\n') }}"

  - name: Set networking facts
--- a/tests/testcases/040_check-network-adv.yml
+++ b/tests/testcases/040_check-network-adv.yml
@@ -26,7 +26,7 @@
        bin_dir: "/usr/local/bin"
      when: not ansible_os_family in ["Flatcar Container Linux by Kinvolk"]

-    - import_role:
+    - import_role:  # noqa unnamed-task
        name: cluster-dump

    - name: Wait for netchecker server
@@ -60,7 +60,7 @@
        - netchecker-agent-hostnet
      when: not nca_pod is success

-    - debug:
+    - debug:  # noqa unnamed-task
        var: nca_pod.stdout_lines
      failed_when: not nca_pod is success
      when: inventory_hostname == groups['kube_control_plane'][0]
@@ -80,7 +80,7 @@
      failed_when: false
      no_log: true

-    - debug:
+    - debug:  # noqa unnamed-task
        var: agents.content | from_json
      failed_when: not agents is success and not agents.content=='{}'
      run_once: true
@@ -106,7 +106,7 @@
      when:
        - agents.content != '{}'

-    - debug:
+    - debug:  # noqa unnamed-task
        var: ncs_pod
      run_once: true
      when: not result is success
@@ -131,7 +131,7 @@
        - calico-node
        - cilium

-    - debug:
+    - debug:  # noqa unnamed-task
        var: result.content | from_json
      failed_when: not result is success
      run_once: true
@@ -140,14 +140,14 @@
        - result.content
        - result.content[0] == '{'

-    - debug:
+    - debug:  # noqa unnamed-task
        var: result
      failed_when: not result is success
      run_once: true
      when:
        - not agents.content == '{}'

-    - debug:
+    - debug:  # noqa unnamed-task
        msg: "Cannot get reports from agents, consider as PASSING"
      run_once: true
      when:
--- a/tests/testcases/roles/cluster-dump/tasks/main.yml
+++ b/tests/testcases/roles/cluster-dump/tasks/main.yml
@@ -8,6 +8,7 @@
  archive:
    path: /tmp/cluster-dump
    dest: /tmp/cluster-dump.tgz
+    mode: 0644
  when: inventory_hostname in groups['kube_control_plane']

 - name: Fetch dump file