Add a few playbooks
- Update tooling versions, add mysql collection
- Document how to work around lint issues with collections
- Fix reuse validation of cookiecutter generated files
- add template for .gitreview file
Change-Id: If03962ed3b3daf230e5543b7603f9e9cef09661c
diff --git a/.gitignore b/.gitignore
index 3119a73..4d7fd1e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,5 +7,8 @@
__pycache__
ansible_collections
cookiecutter/*default*
+files/*
+playbooks/*_vars
+inventory/*
roles/*
venv_onfansible
diff --git a/README.md b/README.md
index 288e4a9..2c34d69 100644
--- a/README.md
+++ b/README.md
@@ -67,6 +67,17 @@
Once you've done this, you can run the `ansible-plabook` command.
+Playbooks are stored in the `playbooks` directory. Note that playbooks can be
+organized in this way, but the [*_vars directries must be relative to either
+the inventory or playbook
+files](https://github.com/ansible/ansible/issues/12862#issuecomment-461015045).
+
+Inventory files or sources are stored in the `inventory` directory.
+
+A typical invocation would be:
+
+ $ ansible-playbook -i inventory/<source>.ini playbooks/static-playbook.yml
+
Starting a New Role
-------------------
@@ -119,8 +130,8 @@
that they are well structured and formatted. [yamllint]{.title-ref} in
particular differs from most Ansible examples when it comes to booleans -
lowercase [true]{.title-ref} and [false]{.title-ref} should be used instead of
-other \"truthy\" values like [yes]{.title-ref} and [no]{.title-ref}. There are
-some cases when an Ansible modules will require that you use these \"truthy\"
+other "truthy" values like [yes]{.title-ref} and [no]{.title-ref}. There are
+some cases when an Ansible modules will require that you use these "truthy"
values, in which case you can [disable
yamllint](https://yamllint.readthedocs.io/en/stable/disable_with_comments.html)
for just that line. `ansible-lint` can also be [disabled per-line or
@@ -134,7 +145,12 @@
inserting multiple lines of text into the output). More information is
available at [yaml multiline strings](https://yaml-multiline.info/). The flow
scalar syntax is less obvious and easier to accidentally introduce mistakes
-with, so using it isn\'t recommended.
+with, so using it isn't recommended.
+
+While ansible-lint tends to direct you to solution that improve your roles most
+of the time, the [503 warning may introduce additional
+complexity](https://github.com/ansible/ansible-lint/issues/419) and may be
+skipped.
When listing parameters within a task, put parameters each on their own line
(the YAML style). Even though there are examples of the `key=value` one-line
@@ -163,7 +179,9 @@
- For package signing keys and GPG keys, put them as files within the role
and use a file lookup when using the
[apt_key](https://docs.ansible.com/ansible/latest/modules/apt_key_module.html)
- and similar modules.
+ and similar modules. `apt_key` requires an "ASCII Armored" GPG key to be
+ used with it - if upstream provides a binary version, convert it with `gpg
+ --enarmor file.gpg` and which creates a `file.gpg.asc` version.
When optionally executing a task using `when`, it's easier to follow if you
put the `when` condition right after the name of the task, not at the end of
@@ -183,6 +201,10 @@
should not be leaked into the output, set `no_log: true` so the items being
iterated on are not printed.
+All templated files should contain a commented line with `{{ ansible_managed
+}}`, to indicate that the file is managed by ansbile, when it was created, and
+by what user.
+
Avoid using `tags`, as these are generally used to change the behavior
of a role or playbook in an arbitrary way - instead use information
derived from setup to control optional actions, or use different roles
@@ -257,11 +279,21 @@
Linting and code quality
------------------------
-All Ansible playbooks and roles are scanned with `ansible-lint`.
-
All YAML files (including Ansible playbooks, roles, etc. ) are scanned
with `yamllint`.
+All Ansible playbooks and roles are scanned with `ansible-lint`. Occasionally,
+you may run into issues that look like this:
+
+ CRITICAL Couldn't parse task at molecule/default/verify.yml:27 (couldn't
+ resolve module/action 'community.mysql.mysql_query'. This often indicates a
+ misspelling, missing collection, or incorrect module path.)
+
+This happens when `ansible-lint` can't find the correct collection. To resolev,
+set the variable ANSIBLE_COLLECTIONS_PATHS to the ansible directory - example:
+
+ export ANSIBLE_COLLECTIONS_PATHS=~/Documents/onf/infra/ansible
+
Python code is formatted with [black](https://github.com/psf/black), and
must pass [flake8](https://flake8.pycqa.org/) and [pylint (py3k compat
check only)](https://www.pylint.org/) .
diff --git a/ansible.cfg b/ansible.cfg
index 9ee1e9a..4698e7c 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -8,3 +8,7 @@
; don't use cowsay
nocows = True
+remote_tmp=/tmp/.ansible/tmp
+
+# change syntax of ansible_managed to be less verbose
+ansible_managed = Ansible managed - modified by {uid} on %Y-%m-%d %H:%M:%S
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.gitreview" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.gitreview"
new file mode 100644
index 0000000..fca4978
--- /dev/null
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.gitreview"
@@ -0,0 +1,5 @@
+[gerrit]
+host=gerrit.opencord.org
+port=29418
+project=ansible/role/{{ cookiecutter.role_name }}.git
+defaultremote=origin
diff --git "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5" "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5"
index f488d8a..8bcf9a4 100644
--- "a/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5"
+++ "b/cookiecutters/role/\173\173cookiecutter.role_name\175\175/.reuse/dep5"
@@ -1,5 +1,5 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Files: .cookiecutter_params.json LICENSE .gitreview
+Files: .cookiecutter_params.json VERSION .gitreview
Copyright: {{ cookiecutter.year }} {{ cookiecutter.author }}
License: {{ cookiecutter.license }}
diff --git a/galaxy.yml b/galaxy.yml
index 6085673..13574a9 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -5,4 +5,6 @@
collections:
- name: "netbox.netbox"
- version: "1.0.2"
+ version: "1.1.0"
+ - name: "community.mysql"
+ version: "1.1.0"
diff --git a/playbooks/netbox-playbook.yml b/playbooks/netbox-playbook.yml
new file mode 100644
index 0000000..c73a861
--- /dev/null
+++ b/playbooks/netbox-playbook.yml
@@ -0,0 +1,12 @@
+---
+# Ansible playbook to configure a NetBox instance
+
+- name: Configure netbox
+ hosts: netbox
+ become: true
+ roles:
+ - acme
+ - nginx
+ - postgresql
+ - redis
+ - netbox
diff --git a/playbooks/static-playbook.yml b/playbooks/static-playbook.yml
new file mode 100644
index 0000000..9d3b86c
--- /dev/null
+++ b/playbooks/static-playbook.yml
@@ -0,0 +1,9 @@
+---
+# Ansible playbook to configure static webservers
+
+- name: Configure a webserver
+ hosts: static
+ become: true
+ roles:
+ - acme
+ - nginx
diff --git a/playbooks/timesheets-playbook.yml b/playbooks/timesheets-playbook.yml
new file mode 100644
index 0000000..d119459
--- /dev/null
+++ b/playbooks/timesheets-playbook.yml
@@ -0,0 +1,12 @@
+---
+# Ansible playbook to configure timesheets app
+
+- name: Configure the timesheets application server
+ hosts: timesheets
+ become: true
+ roles:
+ - acme
+ - nginx
+ - nodejs
+ - postgresql
+ - timesheets
diff --git a/requirements.txt b/requirements.txt
index c9487b8..03890a8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,7 +15,7 @@
netaddr~=0.7.19
passlib~=1.7.2
pylint~=2.5.3
-pynetbox~=5.0.7
+pynetbox~=5.1.0
python-vagrant~=0.5.15
reuse~=0.11.1
yamllint~=1.24.2