From 406db3927f3d49fb57c6ed73ad14444a8a18bc4f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Fri, 15 Nov 2024 15:31:17 +0100
Subject: [PATCH] ENVRI-Hub ansible linting

---
 common/playbooks/notebooks-redirect.yaml |  1 +
 envri-hub/inventory/99-all.yaml          |  7 ++++--
 envri-hub/playbooks/k8s.yaml             | 30 ++++++++++++++----------
 envri-hub/playbooks/notebooks.yaml       | 14 +++++++----
 4 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/common/playbooks/notebooks-redirect.yaml b/common/playbooks/notebooks-redirect.yaml
index e300772..103f456 100644
--- a/common/playbooks/notebooks-redirect.yaml
+++ b/common/playbooks/notebooks-redirect.yaml
@@ -51,4 +51,5 @@
                 path: /(.*)
                 pathType: Prefix
         EOF
+      changed_when: true
       when: notebooks_redirect is defined
diff --git a/envri-hub/inventory/99-all.yaml b/envri-hub/inventory/99-all.yaml
index 8d32ea6..61a698e 100644
--- a/envri-hub/inventory/99-all.yaml
+++ b/envri-hub/inventory/99-all.yaml
@@ -9,9 +9,12 @@ allnodes:
 
 all:
   vars:
-    ansible_become: yes
+    ansible_become: true
     ansible_user: ubuntu
-    ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q ubuntu@admin.envri-vre.cloud.cesnet.cz" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+    ansible_ssh_common_args: >-
+      -o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q ubuntu@admin.envri-vre.cloud.cesnet.cz"
+      -o StrictHostKeyChecking=no
+      -o UserKnownHostsFile=/dev/null'
 
     site_name: envri-hub
     vault_mount_point: secrets/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/envri-hub
diff --git a/envri-hub/playbooks/k8s.yaml b/envri-hub/playbooks/k8s.yaml
index 78468df..484c084 100644
--- a/envri-hub/playbooks/k8s.yaml
+++ b/envri-hub/playbooks/k8s.yaml
@@ -4,7 +4,7 @@
   become: true
   tasks:
     - name: Add SSH keys
-      authorized_key:
+      ansible.posix.authorized_key:
         user: ubuntu
         state: present
         key: '{{ item }}'
@@ -43,6 +43,7 @@
       delay: 10
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
+      changed_when: false
       when: true
     - name: Create custom fact directory
       file:
@@ -80,6 +81,7 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
     - name: Cluster issuer file
       copy:
@@ -107,12 +109,14 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
     # Accounting / monitoring needs
     - name: Helm repo add prometheus-community
       shell: |-
         helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
         helm repo update
+      changed_when: true
       when: "'prometheus-community' not in ansible_local.helm_repos | map(attribute='name') | list"
     - name: Prometheus configuration
       copy:
@@ -145,6 +149,7 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
     - name: Grafana configuration
       copy:
@@ -163,17 +168,17 @@
               - "{{ grafana_hostname }}"
               secretName: acme-tls-grafana
           datasources:
-           datasources.yaml:
-             apiVersion: 1
-             datasources:
-              - name: Prometheus
-                type: prometheus
-                access: Server
-                orgId: 1
-                url: http://prometheus-server.prometheus.svc.cluster.local
-                isDefault: true
-                version: 1
-                editable: false
+            datasources.yaml:
+              apiVersion: 1
+              datasources:
+                - name: Prometheus
+                  type: prometheus
+                  access: Server
+                  orgId: 1
+                  url: http://prometheus-server.prometheus.svc.cluster.local
+                  isDefault: true
+                  version: 1
+                  editable: false
           sidecar:
             dashboards:
               enabled: true
@@ -196,4 +201,5 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
diff --git a/envri-hub/playbooks/notebooks.yaml b/envri-hub/playbooks/notebooks.yaml
index 857e555..b4ddce7 100644
--- a/envri-hub/playbooks/notebooks.yaml
+++ b/envri-hub/playbooks/notebooks.yaml
@@ -8,14 +8,15 @@
         helm repo add jupyterhub https://jupyterhub.github.io/helm-chart/
         helm repo add eginotebooks https://egi-federation.github.io/egi-notebooks-chart/
         helm repo update
+      changed_when: true
       when: "'jupyterhub' not in ansible_local.helm_repos | map(attribute='name') | list or
-             'eginotebooks' not in ansible_local.helm_repos | map(attribute='name') | list"
+            'eginotebooks' not in ansible_local.helm_repos | map(attribute='name') | list"
     - name: Get Secrets from Vault for notebooks
       vars:
         name: "{{ item | basename | splitext | first }}"
       set_fact:
-        deployment_secrets: "{{ deployment_secrets|default({}) | combine({name: lookup('community.hashi_vault.hashi_vault',
-          (vault_mount_point, 'deployment-' + name)  | join('/'),  token_validate=false)}) }}"
+        deployment_secrets: "{{ deployment_secrets | default({}) | combine({name: lookup('community.hashi_vault.hashi_vault',
+          (vault_mount_point, 'deployment-' + name) | join('/'), token_validate=false)}) }}"
       with_fileglob:
         - "../deployments/*.yaml"
     - name: Debug Deployments Secrets
@@ -35,13 +36,14 @@
     - name: Deploy/upgrade notebook instance
       vars:
         name: "{{ item | basename | splitext | first }}"
+        # keep in sync with ../deployments/*.yaml (original k8s-hub image version)
         version: "3.2.1" # app 4.0.2 (2023-11-27)
       shell: |-
         helm status --namespace {{ name }} {{ name }}
         if [ $? -ne 0 ]; then
             helm install --create-namespace --namespace {{ name }} \
                 -f /tmp/{{ item | basename }} --version {{ version }} --timeout 2h \
-                 {{ name }} jupyterhub/jupyterhub
+                {{ name }} jupyterhub/jupyterhub
         else
             helm upgrade --version {{ version }} -f /tmp/{{ item | basename }} --timeout 2h \
                 --namespace {{ name }} {{ name }} jupyterhub/jupyterhub
@@ -49,6 +51,7 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
       with_fileglob:
         - "../deployments/*.yaml"
@@ -70,6 +73,7 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
       with_fileglob:
         - "../deployments/*.yaml"
@@ -106,6 +110,7 @@
       environment:
         KUBECONFIG: /etc/kubernetes/admin.conf
         PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      changed_when: true
       when: true
       with_fileglob:
         - "../deployments/*.yaml"
@@ -127,4 +132,5 @@
         KUBECONFIG: /etc/kubernetes/admin.conf
       with_fileglob:
         - "../extra/*.yaml"
+      changed_when: true
       when: true
-- 
GitLab