Merge pull request #144 from nebari-dev/lint

Add linting for ansible

.ansible-lint

@@ -0,0 +1,12 @@
+---
+# .ansible-lint
+
+skip_list:
+  - var-naming
+  - package-latest
+  - yaml[line-length]
+  - risky-file-permissions
+  - no-changed-when
+  - no-handler
+  - risky-octal
+  - args[module]

.github/workflows/kvm-test.yaml

@@ -1,4 +1,5 @@
-name: "Vagrant (KVM) Tests"
+---
+name: Vagrant (KVM) Tests
 
 on:
   pull_request:
@@ -9,7 +10,7 @@ on:
 jobs:
   # https://github.com/jonashackt/vagrant-github-actions
   test-kvm:
-    name: "KVM Test"
+    name: KVM Test
     runs-on: macos-latest
     steps:
       - uses: actions/checkout@v2
@@ -34,6 +35,7 @@ jobs:
       - name: Show Vagrant version
         run: vagrant --version
 
-      - name: Run vagrant up
-        working-directory: tests/ubuntu2004-singlenode
-        run: vagrant up
+# Disabled until we fix it
+#      - name: Run vagrant up
+#        working-directory: tests/ubuntu2004-singlenode
+#        run: vagrant up

.github/workflows/lint.yaml

@@ -0,0 +1,14 @@
+---
+name: Ansible Lint
+
+on:
+  push:
+  pull_request:
+jobs:
+  build:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main

.readthedocs.yaml

@@ -1,3 +1,4 @@
+---
 # .readthedocs.yaml
 # Read the Docs configuration file
 # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
@@ -9,7 +10,6 @@ version: 2
 sphinx:
   configuration: docs/conf.py
 
-
 # Optionally set the version of Python and requirements required to build your docs
 python:
   version: 3.8

inventory.template/group_vars/all.yaml

@@ -1,3 +1,4 @@
+---
 # Any additional users and groups you would like added to all nodes
 enabled_users:
   - username: example-user
@@ -6,7 +7,7 @@ enabled_users:
     email: [email protected]
     # mkpasswd --method=sha-512
     # password: example-user
-    password: "$6$3aaf4gr8D$2T31r9/GtXM6rVY8oHOejn.sThwhBZehbPZC.ZkN0XJOZUuguR9VnRQRYmqYAt9eW3LgLR21q1kbqSYSEDm5U."
+    password: $6$3aaf4gr8D$2T31r9/GtXM6rVY8oHOejn.sThwhBZehbPZC.ZkN0XJOZUuguR9VnRQRYmqYAt9eW3LgLR21q1kbqSYSEDm5U.
     primary_group: example-user
     groups:
       - users
@@ -24,9 +25,9 @@ munge_key: eC36WeTj1JKUGyQEcfqkaRO0fDBoyTVHnkn7kE5sOZ1YUYyqWMSp3qeRZEmtEX9B
 
 openldap_bind_password: EsicntiZOhQaGomPiJZLWJEJ
 
-jupyterhub_client_secret: "SUPERSECRETPASSWORDJUPYTERHUB"
-conda_store_client_secret: "SUPERSECRETPASSWORDCONDASTORE"
-grafana_client_secret: "SUPERSECRETPASSWORDGRAFANA"
+jupyterhub_client_secret: SUPERSECRETPASSWORDJUPYTERHUB
+conda_store_client_secret: SUPERSECRETPASSWORDCONDASTORE
+grafana_client_secret: SUPERSECRETPASSWORDGRAFANA
 
 minio_password: mWdaGyPmNOApU93Vxk6sNTac
 keycloak_admin_password: XLWUMUu8OG0XqlMREZK9id9o
@@ -45,4 +46,4 @@ mysql_users:
 postgres_users:
   - username: conda-store
     password: eIbmUditL4RbQm0YPeLozRme
-    role: 'CREATEDB,CREATEROLE'
+    role: CREATEDB,CREATEROLE

inventory.template/group_vars/hpc_master.yaml

@@ -1,3 +1,4 @@
+---
 dask_gateway_enabled: true
 firewall_enabled: true
 grafana_enabled: true
@@ -21,6 +22,6 @@ openldap_server_enabled: true
 openldap_client_enabled: true
 
 nfs_server_exports:
-  - "/home"
-  - "/opt/conda"
-  - "/opt/conda-store"
+  - /home
+  - /opt/conda
+  - /opt/conda-store

inventory.template/group_vars/hpc_worker.yaml

@@ -1,3 +1,4 @@
+---
 dask_gateway_client_enabled: true
 firewall_enabled: true
 ipyparallel_enabled: true

inventory.template/host_vars/hpc01-test.yaml

@@ -1,3 +1,4 @@
+---
 # or set these variables in group_vars/hpc_worker.yaml if all
 # workers have the same resources
 slurm_memory: 5900

playbook.yaml

@@ -1,56 +1,58 @@
 ---
- - hosts: all
-   pre_tasks:
-     - name: Gather facts from ALL hosts (regardless of limit or tags)
-       setup:
-       delegate_to: "{{ item }}"
-       delegate_facts: True
-       when: hostvars[item]['ansible_default_ipv4'] is not defined
-       with_items: "{{ groups['all'] }}"
-     - name: Copy files
-       include_tasks: tasks/copy_files.yaml
-       loop: '{{ ["all"] + group_names + [inventory_hostname_short] }}'
-       loop_control:
-         loop_var: myhost
+- name: Setup Nebari Slurm
+  hosts: all
+  pre_tasks:
+    - name: Gather facts from ALL hosts (regardless of limit or tags)
+      ansible.builtin.setup:
+      delegate_to: "{{ item }}"
+      delegate_facts: true
+      when: hostvars[item]['ansible_default_ipv4'] is not defined
+      with_items: "{{ groups['all'] }}"
+    - name: Copy files
+      ansible.builtin.include_tasks: tasks/copy_files.yaml
+      loop: '{{ ["all"] + group_names + [inventory_hostname_short] }}'
+      loop_control:
+        loop_var: myhost
 
-   roles:
-     # core services
-     - hosts
-     - firewall
-     - accounts
-     - apt_packages
-     - miniforge
-     - cifs
-     - nfs
-     - mysql
-     - postgresql
-     - minio
-     - backups
-     - traefik
-     - openldap
-     - keycloak
-     # workflows
-     - slurm
-     # monitoring
-     - prometheus
-     - grafana
-     # data-science services
-     - conda_store
-     - jupyterhub
-     - dask_gateway
-     - ipyparallel
-     # plugins
-     - bodo
+  roles:
+    # core services
+    - hosts
+    - firewall
+    - accounts
+    - apt_packages
+    - miniforge
+    - cifs
+    - nfs
+    - mysql
+    - postgresql
+    - minio
+    - backups
+    - traefik
+    - openldap
+    - keycloak
+    # workflows
+    - slurm
+    # monitoring
+    - prometheus
+    - grafana
+    # data-science services
+    - conda_store
+    - jupyterhub
+    - dask_gateway
+    - ipyparallel
+    # plugins
+    - bodo
 
-   tasks:
-     - name: Additional ansible tasks
-       include_tasks: "{{ item }}"
-       with_items: "{{ additional_tasks | default([]) }}"
+  tasks:
+    - name: Additional ansible tasks
+      ansible.builtin.include_tasks: "{{ item }}"
+      with_items: "{{ additional_tasks | default([]) }}"
 
-     - name: Keycloak administration credentials
-       ansible.builtin.debug:
-         msg: "Keycloak administration username={{ keycloak_admin_username }} via https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host) }}/auth/admin/"
+    - name: Keycloak administration credentials
+      ansible.builtin.debug:
+        msg: Keycloak administration username={{ keycloak_admin_username }} via https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host)
+          }}/auth/admin/
 
-     - name: Accessing cluster
-       ansible.builtin.debug:
-         msg: "Access cluster via following url: https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host) }}"
+    - name: Accessing cluster
+      ansible.builtin.debug:
+        msg: "Access cluster via following url: https://{{ traefik_domain | default(hostvars[groups['hpc_master'][0]].ansible_ssh_host) }}"

roles/accounts/defaults/main.yml

@@ -1,8 +1,5 @@
 ---
 enabled_users: []
-
 enabled_groups: []
-
 disabled_users: []
-
 disabled_groups: []

roles/accounts/tasks/main.yml

@@ -1,38 +1,38 @@
 ---
- - name: Ensure groups are present
-   become: true
-   group:
-     name: "{{ item.name }}"
-     gid: "{{ item.gid }}"
-     state: present
-   with_items: "{{ enabled_groups }}"
+- name: Ensure groups are present
+  become: true
+  ansible.builtin.group:
+    name: "{{ item.name }}"
+    gid: "{{ item.gid }}"
+    state: present
+  with_items: "{{ enabled_groups }}"
 
- - name: Ensure users are present
-   become: true
-   user:
-     name: "{{ item.username }}"
-     uid: "{{ item.uid }}"
-     shell: /bin/bash
-     createhome: true
-     generate_ssh_key: false
-     comment: "{{ item.fullname }},,,,{{ item.email }}"
-     group: "{{ item.primary_group | default(omit) }}"
-     groups: "{{ item.groups | default(omit) }}"
-     password: "{{ item.password | default(omit) }}"
-     home: /home/{{ item.username }}
-     state: present
-   with_items: "{{ enabled_users }}"
+- name: Ensure users are present
+  become: true
+  ansible.builtin.user:
+    name: "{{ item.username }}"
+    uid: "{{ item.uid }}"
+    shell: /bin/bash
+    createhome: true
+    generate_ssh_key: false
+    comment: "{{ item.fullname }},,,,{{ item.email }}"
+    group: "{{ item.primary_group | default(omit) }}"
+    groups: "{{ item.groups | default(omit) }}"
+    password: "{{ item.password | default(omit) }}"
+    home: /home/{{ item.username }}
+    state: present
+  with_items: "{{ enabled_users }}"
 
- - name: Ensure users are disabled
-   become: true
-   user:
-     name: "{{ item }}"
-     state: absent
-   with_items: "{{ disabled_users }}"
+- name: Ensure users are disabled
+  become: true
+  ansible.builtin.user:
+    name: "{{ item }}"
+    state: absent
+  with_items: "{{ disabled_users }}"
 
- - name: Ensure groups are disabled
-   become: true
-   group:
-     name: "{{ item }}"
-     state: absent
-   with_items: "{{ disabled_groups }}"
+- name: Ensure groups are disabled
+  become: true
+  ansible.builtin.group:
+    name: "{{ item }}"
+    state: absent
+  with_items: "{{ disabled_groups }}"

roles/apt_packages/defaults/main.yml

@@ -1 +1,2 @@
+---
 installed_packages: []

roles/apt_packages/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
- - name: Ensure apt packages are installed
-   become: true
-   apt:
-     name: "{{ installed_packages }}"
-     state: latest
-     update_cache: yes
-     cache_valid_time: 3600
+- name: Ensure apt packages are installed
+  become: true
+  ansible.builtin.apt:
+    name: "{{ installed_packages }}"
+    state: latest
+    update_cache: true
+    cache_valid_time: 3600

roles/backups/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 backup_enabled: false
-backup_on_calendar: "daily"
+backup_on_calendar: daily
 backup_randomized_delay: "3600"
 backup_environment:
-  RESTIC_REPOSITORY: ...
-  RESTIC_PASSWORD: ...
+  RESTIC_REPOSITORY: "..."
+  RESTIC_PASSWORD: "..."