From 0870a0a34bceb2c161e0a70458a8c28f6a63491f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Wed, 4 Jun 2025 23:11:08 +0000
Subject: [PATCH] YAML linting

---
 common/deployments/hub-production.yaml        |  8 +-
 common/deployments/hub-staging.yaml           |  8 +-
 common/playbooks/k8s.yaml                     | 87 ++++++++++---------
 .../accounting-config.yaml                    |  9 +-
 egi-devel/deployments/hub.yaml                | 12 +--
 egi-devel/playbooks/templates/binder.yaml     |  2 +-
 eosc-devel/deployments/fullhub.yaml           |  8 +-
 eosc-testing/deployments/hub.yaml             |  9 +-
 8 files changed, 75 insertions(+), 68 deletions(-)

diff --git a/common/deployments/hub-production.yaml b/common/deployments/hub-production.yaml
index 0316dbb..5c142a7 100644
--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -161,7 +161,7 @@ hub:
     # k8s-hub 4.2.0
     tag: "sha-4e2fb2f"
   loadRoles:
-    #user scopes required for user initiated sharing API
+    # user scopes required for user initiated sharing API
     user:
       scopes: ["self", "shares!user"]
   config:
@@ -322,10 +322,10 @@ hub:
       c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
       c.WebDavOIDCSpawner.http_timeout = 90
 
-      #Scopes for user sharing api extension to be able to
-      #use browser token for API queries
+      # Scopes for user sharing api extension to be able to
+      # use browser token for API queries
       c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
-        "access:servers!server", 
+        "access:servers!server",
         "shares!server"
       ]
 {% endraw %}
diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml
index 7c85970..8af278c 100644
--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -161,7 +161,7 @@ hub:
     # k8s-hub 4.2.0
     tag: "sha-4e2fb2f"
   loadRoles:
-    #user scopes required for user initiated sharing API
+    # user scopes required for user initiated sharing API
     user:
       scopes: ["self", "shares!user"]
   config:
@@ -320,10 +320,10 @@ hub:
       c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
       c.WebDavOIDCSpawner.http_timeout = 90
 
-      #Scopes for user sharing api extension to be able to
-      #use browser token for API queries
+      # Scopes for user sharing api extension to be able to
+      # use browser token for API queries
       c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
-        "access:servers!server", 
+        "access:servers!server",
         "shares!server"
       ]
 {% endraw %}
diff --git a/common/playbooks/k8s.yaml b/common/playbooks/k8s.yaml
index cec8cdc..b3c9de7 100644
--- a/common/playbooks/k8s.yaml
+++ b/common/playbooks/k8s.yaml
@@ -561,7 +561,7 @@
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
       changed_when: true
       when: true
-# TODO: Following step can be removed as gpu-operator
+# XXX: Following step can be removed as gpu-operator
 # installs drivers in containers but it requires
 # the latest kernels or a workaround is needed -
 # provide an outdated kernel repo for operator to access
@@ -585,48 +585,49 @@
   hosts: master[0]
   become: true
   tasks:
-    - block:
-      - name: Configure Nvidia gpu-operator Helm repo
-        shell: |-
-          helm repo add nvidia https://helm.ngc.nvidia.com/nvidia
-          helm repo update
-        changed_when: true
-        when: "'nvidia' not in ansible_local.helm_repos | map(attribute='name') | list"
-      - name: Deploy/upgrade Nvidia gpu-operator instance
-        vars:
-          driver_enabled: false # if set to true the operator will install containerized drivers
-          mig_strategy: single
-        shell: |-
-          helm status --namespace gpu-operator gpu-operator
-          if [ $? -ne 0 ]; then
-              helm install --wait --create-namespace --namespace gpu-operator \
-                gpu-operator  nvidia/gpu-operator --set driver.enabled={{ driver_enabled }} \
-                 --set mig.strategy={{ mig_strategy }}
-          else
-              helm upgrade --wait --namespace gpu-operator  \
-                gpu-operator  nvidia/gpu-operator  --set driver.enabled={{ driver_enabled }} \
-                  --set mig.strategy={{ mig_strategy }}
-          fi
-        changed_when: true
-        when: true
-      - name: Get GPU node hostnames
-        shell: |-
-          kubectl get nodes --no-headers -o custom-columns=NAME:.metadata.name | grep -- -gpu-
-        register: gpu_nodes
-        changed_when: false
-        failed_when: gpu_nodes.rc != 0 and gpu_nodes.rc != 1
-        when: true
-      - name: Print GPU node hostnames
-        debug:
-          var: gpu_nodes
-      - name: Add required label to GPU nodes to create mig profiles
-        vars:
-          mig_profile: all-1g.12gb
-        shell: |-
-          kubectl label node {{ item }} nvidia.com/mig.config={{ mig_profile }} --overwrite
-        loop: "{{ gpu_nodes.stdout_lines }}"
-        changed_when: true
-        when: true
+    - name: GPU Setup
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      block:
+        - name: Configure Nvidia gpu-operator Helm repo
+          shell: |-
+            helm repo add nvidia https://helm.ngc.nvidia.com/nvidia
+            helm repo update
+          changed_when: true
+          when: "'nvidia' not in ansible_local.helm_repos | map(attribute='name') | list"
+        - name: Deploy/upgrade Nvidia gpu-operator instance
+          vars:
+            driver_enabled: false # if set to true the operator will install containerized drivers
+            mig_strategy: single
+          shell: |-
+            helm status --namespace gpu-operator gpu-operator
+            if [ $? -ne 0 ]; then
+                helm install --wait --create-namespace --namespace gpu-operator \
+                  gpu-operator  nvidia/gpu-operator --set driver.enabled={{ driver_enabled }} \
+                    --set mig.strategy={{ mig_strategy }}
+            else
+                helm upgrade --wait --namespace gpu-operator  \
+                  gpu-operator  nvidia/gpu-operator  --set driver.enabled={{ driver_enabled }} \
+                    --set mig.strategy={{ mig_strategy }}
+            fi
+          changed_when: true
+          when: true
+        - name: Get GPU node hostnames
+          shell: |-
+            kubectl get nodes --no-headers -o custom-columns=NAME:.metadata.name | grep -- -gpu-
+          register: gpu_nodes
+          changed_when: false
+          failed_when: gpu_nodes.rc != 0 and gpu_nodes.rc != 1
+          when: true
+        - name: Print GPU node hostnames
+          debug:
+            var: gpu_nodes
+        - name: Add required label to GPU nodes to create mig profiles
+          vars:
+            mig_profile: all-1g.12gb
+          shell: |-
+            kubectl label node {{ item }} nvidia.com/mig.config={{ mig_profile }} --overwrite
+          loop: "{{ gpu_nodes.stdout_lines }}"
+          changed_when: true
+          when: true
diff --git a/egi-devel/accounting_deployments/accounting-config.yaml b/egi-devel/accounting_deployments/accounting-config.yaml
index c4311dd..3fd3812 100644
--- a/egi-devel/accounting_deployments/accounting-config.yaml
+++ b/egi-devel/accounting_deployments/accounting-config.yaml
@@ -1,3 +1,4 @@
+---
 accounting:
   # schedule: 23 */6 * * *
   sitename: EGI-NOTEBOOKS-DEVEL2
@@ -6,11 +7,15 @@ accounting:
   fqan:
     auger: urn:mace:egi.eu:group:auger:role=member#aai.egi.eu
     biomed: urn:mace:egi.eu:group:biomed:role=member#aai.egi.eu
-    eiscat.se: urn:mace:egi.eu:group:eiscat.se:Dev:role=member#aai.egi.eu,urn:mace:egi.eu:group:eiscat.se:Hub:role=member#aai.egi.eu,urn:mace:egi.eu:group:cc-eiscat3d#sso.egi.eu
+    eiscat.se: >-
+      urn:mace:egi.eu:group:eiscat.se:Dev:role=
+      member#aai.egi.eu,urn:mace:egi.eu:group:eiscat.se:Hub:role=member#aai.egi.eu,urn:mace:egi.eu:group:cc-eiscat3d#sso.egi.eu
     eval.c-scale.eu: urn:mace:egi.eu:group:eval.c-scale.eu:role=member#aai.egi.eu
     vo.cessda.eduteams.org: urn:mace:egi.eu:group:vo.cessda.eduteams.org:role=member#aai.egi.eu
     vo.environmental.egi.eu: urn:mace:egi.eu:group:vo.environmental.egi.eu:role=member#aai.egi.eu
-    vo.lethe-project.eu: urn:mace:egi.eu:group:vo.lethe-project.eu:role=member#aai.egi.eu,urn:mace:egi.eu:group:vo.lethe-project.eu:lethe-notebooks:role=member#aai.egi.eu
+    vo.lethe-project.eu: >-
+      urn:mace:egi.eu:group:vo.lethe-project.eu:role=
+      member#aai.egi.eu,urn:mace:egi.eu:group:vo.lethe-project.eu:lethe-notebooks:role=member#aai.egi.eu
     vo.panosc.eu: urn:mace:egi.eu:group:vo.panosc.eu:role=vm_operator#aai.egi.eu
     vo.reliance-project.eu: urn:mace:egi.eu:group:vo.reliance-project.eu:role=member#aai.egi.eu
     vo.access.egi.eu: urn:mace:egi.eu:group:vo.access.egi.eu:role=member#aai.egi.eu
diff --git a/egi-devel/deployments/hub.yaml b/egi-devel/deployments/hub.yaml
index 6b389ea..63b9916 100644
--- a/egi-devel/deployments/hub.yaml
+++ b/egi-devel/deployments/hub.yaml
@@ -243,9 +243,9 @@ hub:
               except ApiException:
                   return
               if secret and secret.data:
-                   self.b2drop_user = base64.b64decode(secret.data.get("b2drop-user", "")).decode()
-                   self.b2drop_pwd = base64.b64decode(secret.data.get("b2drop-pwd", "")).decode()
-                   self.b2drop_ready = (self.b2drop_user and self.b2drop_pwd)
+                  self.b2drop_user = base64.b64decode(secret.data.get("b2drop-user", "")).decode()
+                  self.b2drop_pwd = base64.b64decode(secret.data.get("b2drop-pwd", "")).decode()
+                  self.b2drop_ready = (self.b2drop_user and self.b2drop_pwd)
 
           def _render_options_form(self, profile_list):
               # old hub: self._profile_list = self._init_profile_list(profile_list)
@@ -253,7 +253,9 @@ hub:
               profile_form_template = Environment(loader=BaseLoader).from_string(
                   self.profile_form_template
               )
-              return profile_form_template.render(profile_list=self._profile_list, b2drop_ready=self.b2drop_ready, b2drop_user=self.b2drop_user, b2drop_pwd=self.b2drop_pwd)
+              return profile_form_template.render(
+                  profile_list=self._profile_list, b2drop_ready=self.b2drop_ready, b2drop_user=self.b2drop_user, b2drop_pwd=self.b2drop_pwd
+              )
 
           async def pre_spawn_hook(self, spawner):
               await super(B2DropSpawner, self).pre_spawn_hook(spawner)
@@ -295,7 +297,7 @@ hub:
                     }
                   )
               if b2drop_remember:
-                 await self._update_secret({"b2drop-user": b2drop_user,
+                  await self._update_secret({"b2drop-user": b2drop_user,
                                             "b2drop-pwd":  b2drop_pwd})
               else:
                   await self._update_secret({"b2drop-user": "", "b2drop-pwd": ""})
diff --git a/egi-devel/playbooks/templates/binder.yaml b/egi-devel/playbooks/templates/binder.yaml
index 88fb762..7cffcda 100644
--- a/egi-devel/playbooks/templates/binder.yaml
+++ b/egi-devel/playbooks/templates/binder.yaml
@@ -4,7 +4,7 @@ config:
     auth_enabled: true
     hub_url: "https://{{ binder_hostname }}/hub"
     use_registry: true
-    image_prefix: {{ registry_binder_hostname }}/{{site_name}}/binder-
+    image_prefix: "{{ registry_binder_hostname }}/{{site_name}}/binder-"
     # build_image: quay.io/jupyterhub/repo2docker:2024.07.0
     build_token_secret: "{{ secrets['build_token_secret'] }}"
     template_path: /etc/egi/templates
diff --git a/eosc-devel/deployments/fullhub.yaml b/eosc-devel/deployments/fullhub.yaml
index ff1258b..b974970 100644
--- a/eosc-devel/deployments/fullhub.yaml
+++ b/eosc-devel/deployments/fullhub.yaml
@@ -162,7 +162,7 @@ hub:
     # k8s-hub 4.2.0
     tag: "sha-4e2fb2f"
   loadRoles:
-    #user roles required for user initiated sharing API
+    # user roles required for user initiated sharing API
     user:
       scopes: ["self", "shares!user"]
 
@@ -323,10 +323,10 @@ hub:
       c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
       c.WebDavOIDCSpawner.http_timeout = 90
 
-      #Scopes for user sharing api extension to be able to
-      #use browser token for API queries
+      # Scopes for user sharing api extension to be able to
+      # use browser token for API queries
       c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
-        "access:servers!server", 
+        "access:servers!server",
         "shares!server"
       ]
 {% endraw %}
diff --git a/eosc-testing/deployments/hub.yaml b/eosc-testing/deployments/hub.yaml
index 4315d1f..f741494 100644
--- a/eosc-testing/deployments/hub.yaml
+++ b/eosc-testing/deployments/hub.yaml
@@ -162,10 +162,9 @@ hub:
     # k8s-hub 4.2.0
     tag: "sha-4e2fb2f"
   loadRoles:
-    #user roles required for user initiated sharing API
+    # user roles required for user initiated sharing API
     user:
       scopes: ["self", "shares!user"]
-  
   config:
     Authenticator:
       enable_auth_state: true
@@ -322,10 +321,10 @@ hub:
       c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
       c.WebDavOIDCSpawner.http_timeout = 90
 
-      #Scopes for user sharing api extension to be able to
-      #use browser token for API queries
+      # Scopes for user sharing api extension to be able to
+      # use browser token for API queries
       c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
-        "access:servers!server", 
+        "access:servers!server",
         "shares!server"
       ]
 {% endraw %}
-- 
GitLab