Merge pull request #204 from RedHat-EMEA-SSA-Team/devel

Merge devel into Master - Release 2022-02-16

.ansible-lint

@@ -0,0 +1,8 @@
+exclude_paths:
+  - pipeline/
+
+skip_list:
+  - role-name
+  - ignore-errors   # Should be fixed
+  - no-changed-when  # Should be fixed
+  - package-latest

.pre-commit-config.yaml

@@ -0,0 +1,22 @@
+---
+exclude: pipeline
+
+repos:
+  - repo: https://github.com/ansible-community/ansible-lint.git
+    rev: v5.3.2
+    hooks:
+      - id: ansible-lint
+        name: Ansible-lint
+        description: This hook runs ansible-lint.
+        entry: ansible-lint --force-color
+        language: python
+        # do not pass files to ansible-lint, see:
+        # https://github.com/ansible-community/ansible-lint/issues/611
+        pass_filenames: false
+        always_run: true
+        additional_dependencies:
+          # https://github.com/pre-commit/pre-commit/issues/1526
+          # if you want to use only the base ansible version for linting,
+          # replace 'community' extra with 'core' or just mention the exact
+          # version of Ansible you want to install as a dependency.
+          - .[community,yamllint]

.yamllint

@@ -0,0 +1,14 @@
+---
+extends: default
+
+rules:
+  comments-indentation: false
+  document-start: disable
+  line-length:
+    max: 180
+    level: warning
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+  braces:
+    level: warning
+    max-spaces-inside: 1

README.md

@@ -27,7 +27,7 @@ Our instructions are based on the CentOS Root Server as provided by https://www.
 **NOTE: If you are running on other environments than bare metal servers from Hetzner, check if there is specific instruction under Infra providers list and then jump to section [Initialize tools](https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4#initialize-tools)
 
 ** Supported root server operating systems: **
-- CentOS 8
+- CentOS Stream 8
 - RHEL 8 - How to install RHEL8: https://keithtenzer.com/2019/10/24/how-to-create-a-rhel-8-image-for-hetzner-root-servers/
 
 ## Infra providers
@@ -72,7 +72,7 @@ subscription-manager repos \
     --enable=openstack-15-for-rhel-8-x86_64-rpms
 ```
 
-## In case of Centos 8
+## In case of CentOS Stream 8
 
 Enable ansible repo:
 ```
@@ -81,16 +81,16 @@ yum install -y centos-release-ansible-29.noarch
 
 ## Initialize tools
 
-Install ansible (min version 2.8) and git
+Install ansible (min version 2.9) and git
 
 ```
-[root@server ~]# yum install -y ansible git
+yum install -y ansible git
 ```
 
 You are now ready to clone this project to your CentOS system.
 
 ```
-[root@server ~]# git clone https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4.git
+git clone https://github.com/RedHat-EMEA-SSA-Team/hetzner-ocp4.git
 ```
 
 We are now ready to install `libvirt` as our hypervisor, provision VMs and prepare those for OCP.

ansible/00-provision-hetzner.yml

@@ -6,21 +6,21 @@
   connection: local
   gather_facts: no
   vars_files:
-  - ../cluster.yml
+    - ../cluster.yml
   tasks:
-  - name: Add hetzner server to inventory
-    add_host: 
-      name: "{{ hetzner_ip }}"
+    - name: Add hetzner server to inventory
+      add_host:
+        name: "{{ hetzner_ip }}"
 
 - name: install hetzner server
   hosts: all
   gather_facts: no
   remote_user: root
   vars_files:
-  - ../cluster.yml
+    - ../cluster.yml
   tasks:
-  - name: provision hetzner root server
-    import_role:
-      name: provision-hetzner
-    tags:
-      - provision-hetzner
+    - name: provision hetzner root server
+      import_role:
+        name: provision-hetzner
+      tags:
+        - provision-hetzner

ansible/02-create-cluster.yml

@@ -1,15 +1,15 @@
-#!/usr/bin/env ansible-playbook 
+#!/usr/bin/env ansible-playbook
 ---
 # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt
 - hosts: localhost
   connection: local
   # gather_facts true because we need the public ip address
   gather_facts: true
   vars_files:
-  - ../cluster.yml
+    - ../cluster.yml
 
   tasks:
-  - name: Deploy cluster
-    import_role: 
-      name: openshift-4-cluster
-      tasks_from: create.yml
+    - name: Deploy cluster
+      import_role:
+        name: openshift-4-cluster
+        tasks_from: create.yml

ansible/03-stop-cluster.yml

@@ -1,15 +1,15 @@
-#!/usr/bin/env ansible-playbook 
+#!/usr/bin/env ansible-playbook
 ---
 # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt
 - hosts: localhost
   connection: local
   # gather_facts true because we need the public ip address
   gather_facts: true
   vars_files:
-  - ../cluster.yml
+    - ../cluster.yml
 
   tasks:
-  - name: Stop cluster
-    import_role: 
-      name: openshift-4-cluster
-      tasks_from: stop.yml
+    - name: Stop cluster
+      import_role:
+        name: openshift-4-cluster
+        tasks_from: stop.yml

ansible/04-start-cluster.yml

@@ -1,15 +1,15 @@
-#!/usr/bin/env ansible-playbook 
+#!/usr/bin/env ansible-playbook
 ---
 # If you like to play: ./ansible/create.yml --skip-tags public_dns,letsencrypt
 - hosts: localhost
   connection: local
   # gather_facts true because we need the public ip address
   gather_facts: true
   vars_files:
-  - ../cluster.yml
+    - ../cluster.yml
 
   tasks:
-  - name: Start cluster
-    import_role: 
-      name: openshift-4-cluster
-      tasks_from: start.yml
+    - name: Start cluster
+      import_role:
+        name: openshift-4-cluster
+        tasks_from: start.yml

ansible/99-destroy-cluster.yml

@@ -1,14 +1,14 @@
-#!/usr/bin/env ansible-playbook 
+#!/usr/bin/env ansible-playbook
 ---
 # If you like to play: ./ansible/destroy.yml --skip-tags public_dns,letsencrypt
 
 - hosts: localhost
   connection: local
   gather_facts: true
   vars_files:
-  - ../cluster.yml
+    - ../cluster.yml
   tasks:
-  - name: Destroy cluster
-    import_role:
-      name: openshift-4-cluster
-      tasks_from: destroy.yml
+    - name: Destroy cluster
+      import_role:
+        name: openshift-4-cluster
+        tasks_from: destroy.yml

ansible/add-on-roles/cluster-entitlement/tasks/entitlement-from-rhel-node.yaml

@@ -8,7 +8,9 @@
 
 - name: "Check amount of entitlement"
   fail:
-    msg: "To many entitlements, please specify one if the entitlement ids via entitlement_id: {{ files.files | map(attribute='path') | map('regex_replace','^/etc/pki/entitlement/([0-9]+)-key.pem$', '\\1') | join(', ')  }}"
+    msg:
+      - "To many entitlements, please specify one if the entitlement ids via entitlement_id: "
+      - "  {{ files.files | map(attribute='path') | map('regex_replace','^/etc/pki/entitlement/([0-9]+)-key.pem$', '\\1') | join(', ')  }}"
   when: entitlement_id is not defined and files.matched > 1
 
 # /etc/pki/entitlement/4988695409571740307-key.pem
@@ -20,10 +22,12 @@
     entitlement_id: "{{ files.files[0].path | regex_replace('^/etc/pki/entitlement/([0-9]+)-key.pem$', '\\1') }}"
   when: entitlement_id is not defined and files.matched == 1
 
-- shell: "cat /etc/pki/entitlement/{{ entitlement_id }}-key.pem | base64 -w0"
+- name: Create base64 of entitlement-key
+  shell: "set -o pipefail && cat /etc/pki/entitlement/{{ entitlement_id }}-key.pem | base64 -w0"
   register: register_entitlement_key_base64
 
-- shell: "cat /etc/pki/entitlement/{{ entitlement_id }}.pem | base64 -w0"
+- name: Create base64 of entitlement-key
+  shell: "set -o pipefail && cat /etc/pki/entitlement/{{ entitlement_id }}.pem | base64 -w0"
   register: register_entitlement_base64
 
 - name: Apply entitle machineconfig
@@ -44,5 +48,3 @@
     - worker
   loop_control:
     loop_var: loop_role
-
-

ansible/add-on-roles/cluster-entitlement/tasks/post-install.yaml

@@ -5,4 +5,4 @@
 
 - name: "Include entitlement-from-rhel-node.yaml"
   include: "entitlement-from-rhel-node.yaml"
-  when: ansible_distribution  == "RedHat"
+  when: ansible_distribution  == "RedHat"

ansible/add-on-roles/ntp/meta/main.yml

@@ -27,6 +27,10 @@ galaxy_info:
   # To view available platforms and versions (or releases), visit:
   # https://galaxy.ansible.com/api/v1/platforms/
   #
+  platforms:
+    - name: OpenShift
+      versions:
+        - all
   # platforms:
   # - name: Fedora
   #   versions:

ansible/add-on-roles/ntp/tasks/post-install.yml

@@ -1,8 +1,10 @@
 ---
-- set_fact:
+- name: Chrony conf
+  set_fact:
     chrony_conf: "{{ lookup('template', 'templates/chrony.conf.j2') | b64encode }}"
 
-- shell: "echo {{ chrony_conf }} | base64 -w0"
+- name: Create base64
+  shell: "set -o pipefail && echo {{ chrony_conf }} | base64 -w0"
   register: register_encoded_chrony_conf
 
 - name: Apply NTP machineconfig

ansible/add-on-roles/ntp/vars/main.yml

@@ -1,2 +1,2 @@
 ---
-# vars file for ntp
+# vars file for ntp

ansible/add-on-roles/web-terminal/.travis.yml

@@ -9,7 +9,7 @@ sudo: false
 addons:
   apt:
     packages:
-    - python-pip
+      - python-pip
 
 install:
   # Install ansible
@@ -26,4 +26,4 @@ script:
   - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
 
 notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

ansible/add-on-roles/web-terminal/defaults/main.yml

@@ -1,2 +1,2 @@
 ---
-# defaults file for web-terminal
+# defaults file for web-terminal

ansible/add-on-roles/web-terminal/handlers/main.yml

@@ -1,2 +1,2 @@
 ---
-# handlers file for web-terminal
+# handlers file for web-terminal

ansible/add-on-roles/web-terminal/meta/main.yml

@@ -1,7 +1,6 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: Robert Bohne
+  description: install web terminal
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,7 +13,7 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
   min_ansible_version: 2.9
 
@@ -27,7 +26,10 @@ galaxy_info:
   # To view available platforms and versions (or releases), visit:
   # https://galaxy.ansible.com/api/v1/platforms/
   #
-  # platforms:
+  platforms:
+    - name: OpenShift
+      versions:
+        - all
   # - name: Fedora
   #   versions:
   #   - all
@@ -50,4 +52,3 @@ galaxy_info:
 dependencies: []
   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
   # if you add dependencies to this list.
-

ansible/add-on-roles/web-terminal/tasks/main.yml

@@ -1,2 +1,2 @@
 ---
-# tasks file for web-terminal
+# tasks file for web-terminal

ansible/add-on-roles/web-terminal/tests/test.yml

@@ -2,4 +2,4 @@
 - hosts: localhost
   remote_user: root
   roles:
-    - web-terminal
+    - web-terminal

ansible/add-on-roles/web-terminal/vars/main.yml

@@ -1,2 +1,2 @@
 ---
-# vars file for web-terminal
+# vars file for web-terminal

ansible/renewal-certificate.yml

@@ -13,5 +13,3 @@
       name: openshift-4-cluster
       tasks_from: certificate-install.yml
     when: letsencrypt_disabled == false
-
-

ansible/roles/letsencrypt/tasks/create-hetzner.yml

@@ -12,7 +12,7 @@
       Content-Type: 'application/json'
   register: le_hetzner_zone_id
 
-- name: Create DNS record at Hetzner
+- name: Create letsencrypt DNS record at Hetzner
   uri:
     url: "https://dns.hetzner.com/api/v1/records"
     method: POST

ansible/roles/letsencrypt/tasks/destroy-hetzner.yml

@@ -1,11 +1,11 @@
 ---
 - name: Delete DNS record at Hetzner
-  uri:
+  uri:  # noqa no-handler
     url: "https://dns.hetzner.com/api/v1/records/{{ item.json.record.id }}"
     method: DELETE
     headers:
       Auth-API-Token: "{{ le_hetzner_account_api_token }}"
       Content-Type: 'application/json'
   with_items: "{{ hetzner_record.results }}"
   when:
-    - sample_com_challenge is changed
+    - sample_com_challenge is changed