Run ansible-lint in the CI

[JMLX42]

• [ ] Run on every branches.
• [ ] Run on push, PR submission and as pre-commit hook.

[jerome-caucat]

@JMLX42 I found this guide: Want to trigger linting to your Ansible deployment on every Pull Request? explaining how to setup the ansible-lint GitHub Action.

Is this what we want?

If so I can take care of this issue and setup ansible lint

• To run on every branches.
• To run on push, PR submission and as pre-commit hook.

Let me know if I can start working on this and if you agree with the bullet points above.

[JMLX42]

Let me know if I can start working on this and if you agree with the bullet points above.

I do.

Does that mean that PR get automatically rejected if ansible-lint fails in the CI? I guess that's the whole point of the CI/Github actions... that's what we want for sure.

[jerome-caucat]

Does that mean that PR get automatically rejected if ansible-lint fails in the CI? I guess that's the whole point of the CI/Github actions... that's what we want for sure.

I think so and with the pre-commit hook the commit itself will be rejected.

[jerome-caucat]

ansible-lint went through a lot of changes since the latest release (v4.1.0.post0 from Mar 13, 2019) so I suggest we use the current master and fix the version to the latest commit SHA until the next release is out.

[JMLX42]

I suggest we use the current master and fix the version to the latest commit SHA until the next release is out.

Agreed.

[jerome-caucat]

Currently the ansible files of the project do not pass the linting.

Ansible-lint can be executed locally with the following command:

shopt -s globstar
ansible-lint -v --force-color **/*.yml

Which produces the following output:

ansible-lint -v --force-color **/*.yml

```bash Examining provisioning/group_vars/all/main.yml of type playbook Examining provisioning/host_vars/laprimaire_2022/main.yml of type playbook Examining provisioning/hosts.yml of type playbook Examining provisioning/playbook.yml of type playbook Examining provisioning/roles/geerlingguy.pip/tasks/main.yml of type tasks Examining provisioning/roles/geerlingguy.pip/meta/main.yml of type meta Examining provisioning/roles/geerlingguy.docker/tasks/docker-compose.yml of type tasks Examining provisioning/roles/geerlingguy.docker/tasks/setup-RedHat.yml of type tasks Examining provisioning/roles/geerlingguy.docker/tasks/setup-Debian.yml of type tasks Examining provisioning/roles/geerlingguy.docker/tasks/main.yml of type tasks Examining provisioning/roles/geerlingguy.docker/tasks/docker-users.yml of type tasks Examining provisioning/roles/geerlingguy.docker/handlers/main.yml of type handlers Examining provisioning/roles/geerlingguy.docker/meta/main.yml of type meta Examining provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml of type tasks Examining provisioning/roles/laprimaire.reverse-proxy/handlers/main.yml of type handlers Examining provisioning/roles/laprimaire.logs/tasks/main.yml of type tasks Examining provisioning/roles/laprimaire.logs/handlers/main.yml of type handlers Examining provisioning/roles/laprimaire.blog/tasks/main.yml of type tasks Examining provisioning/roles/laprimaire.blog/handlers/main.yml of type handlers Examining provisioning/roles/laprimaire.forum/tasks/main.yml of type tasks Examining provisioning/roles/laprimaire.analytics/tasks/main.yml of type tasks Examining provisioning/roles/laprimaire.monitoring/tasks/grafana.yml of type tasks Examining provisioning/roles/laprimaire.monitoring/tasks/main.yml of type tasks Examining provisioning/roles/laprimaire.monitoring/tasks/prometheus.yml of type tasks Examining provisioning/roles/laprimaire.monitoring/handlers/main.yml of type handlers Examining provisioning/requirements.yml of type playbook Examining provisioning/roles/geerlingguy.docker/defaults/main.yml of type playbook Examining provisioning/roles/geerlingguy.docker/handlers/main.yml of type playbook Examining provisioning/roles/geerlingguy.docker/meta/main.yml of type playbook Examining provisioning/roles/geerlingguy.docker/molecule/default/converge.yml of type playbook Examining provisioning/roles/geerlingguy.docker/molecule/default/molecule.yml of type playbook Examining provisioning/roles/geerlingguy.docker/tasks/docker-compose.yml of type playbook Examining provisioning/roles/geerlingguy.docker/tasks/docker-users.yml of type playbook Examining provisioning/roles/geerlingguy.docker/tasks/main.yml of type playbook Examining provisioning/roles/geerlingguy.docker/tasks/setup-Debian.yml of type playbook Examining provisioning/roles/geerlingguy.docker/tasks/setup-RedHat.yml of type playbook Examining provisioning/roles/geerlingguy.pip/defaults/main.yml of type playbook Examining provisioning/roles/geerlingguy.pip/meta/main.yml of type playbook Examining provisioning/roles/geerlingguy.pip/molecule/default/converge.yml of type playbook Examining provisioning/roles/geerlingguy.pip/molecule/default/molecule.yml of type playbook Examining provisioning/roles/geerlingguy.pip/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.analytics/defaults/main.yml of type playbook Examining provisioning/roles/laprimaire.analytics/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.blog/defaults/main.yml of type playbook Examining provisioning/roles/laprimaire.blog/handlers/main.yml of type playbook Examining provisioning/roles/laprimaire.blog/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.forum/defaults/main.yml of type playbook Examining provisioning/roles/laprimaire.forum/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.logs/defaults/main.yml of type playbook Examining provisioning/roles/laprimaire.logs/handlers/main.yml of type playbook Examining provisioning/roles/laprimaire.logs/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/defaults/main/grafana.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/defaults/main/main.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/handlers/main.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/tasks/grafana.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.monitoring/tasks/prometheus.yml of type playbook Examining provisioning/roles/laprimaire.reverse-proxy/defaults/main.yml of type playbook Examining provisioning/roles/laprimaire.reverse-proxy/handlers/main.yml of type playbook Examining provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml of type playbook Examining provisioning/roles/laprimaire.ssl-certs/tasks/main.yml of type playbook [204] Lines should be no longer than 160 chars provisioning/hosts.yml:5 ansible_ssh_private_key_file: "{{ (base_hostname == 'laprimaire.org.test') | ternary('/vagrant/.vagrant/machines/laprimaire_2022/virtualbox/private_key', '/vagrant/key/laprimaire.org') }}" [204] Lines should be no longer than 160 chars provisioning/roles/geerlingguy.docker/defaults/main.yml:20 docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" [306] Shells that use pipes should set the pipefail option provisioning/roles/geerlingguy.docker/tasks/setup-Debian.yml:29 Task/Handler: Add Docker apt key (alternative for older systems without SNI). [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.blog/handlers/main.yml:3 Task/Handler: restart ghost [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.logs/handlers/main.yml:3 Task/Handler: restart EFK [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.logs/handlers/main.yml:8 Task/Handler: restart fluent-bit [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:63 description: "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty." [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:82 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:84 expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 40\nand\n predict_linear(node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"}[6h], 24*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:90 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:92 expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 20\nand\n predict_linear(node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"}[6h], 4*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:98 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:100 expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 5\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:106 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:108 expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 3\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:114 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:116 expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 40\nand\n predict_linear(node_filesystem_files_free{job=\"node\",fstype!=\"\"}[6h], 24*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:122 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:124 expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 20\nand\n predict_linear(node_filesystem_files_free{job=\"node\",fstype!=\"\"}[6h], 4*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:130 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:132 expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 5\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:138 description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:140 expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 3\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:146 description: '{% raw %}{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:154 description: '{% raw %}{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.{% endraw %}' [204] Lines should be no longer than 160 chars provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml:171 expr: "(\n node_timex_offset_seconds > 0.05\nand\n deriv(node_timex_offset_seconds[5m]) >= 0\n)\nor\n(\n node_timex_offset_seconds < -0.05\nand\n deriv(node_timex_offset_seconds[5m]) <= 0\n)\n" [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.monitoring/handlers/main.yml:3 Task/Handler: restart monitoring [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.monitoring/handlers/main.yml:8 Task/Handler: restart prometheus [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.monitoring/handlers/main.yml:13 Task/Handler: restart grafana [305] Use shell only when shell functionality is required provisioning/roles/laprimaire.reverse-proxy/handlers/main.yml:3 Task/Handler: restart nginx-proxy [502] All tasks should be named provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml:27 Task/Handler: template src=vouch.conf.j2 dest=/opt/nginx/vhost.d/{{ hostvars[item]['ansible_host'] }} __line__=28 __file__=/home/jerome/GitHub/democratech-2022/provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml [502] All tasks should be named provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml:32 Task/Handler: template src=vouch_location.conf.j2 dest=/opt/nginx/vhost.d/{{ hostvars[item]['ansible_host'] }}_location __line__=33 __file__=/home/jerome/GitHub/democratech-2022/provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml [502] All tasks should be named provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml:41 Task/Handler: file path=/opt/nginx/vhost.d/{{ hostvars[item]['ansible_host'] }} state=absent __line__=42 __file__=/home/jerome/GitHub/democratech-2022/provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml [502] All tasks should be named provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml:46 Task/Handler: file path=/opt/nginx/vhost.d/{{ hostvars[item]['ansible_host'] }}_location state=absent __line__=47 __file__=/home/jerome/GitHub/democratech-2022/provisioning/roles/laprimaire.reverse-proxy/tasks/main.yml [201] Trailing whitespace provisioning/roles/laprimaire.ssl-certs/tasks/main.yml:19 -out /opt/nginx/certs/{{ ssl_cert_fqdn }}.crt ```

@JMLX42 If that is OK with you I will fix thoses linting errors in a second PR before continuing the setup of the GitHub action.

@JMLX42 How would you prefer long lines to be split?

• 1

  test: "{{ test \
         | test \
         | test }}"

• 2

  test: >-
      {{ test
      | test 
      | test 
      }}

• 3

  test: >-
      {{ 
        test
        | test 
        | test 
      }}

• 4 Other?

Personnally I prefer 3.

Edit: actually the backslashes are not needed in 1. 1 is fine as well for small blocks.

[JMLX42]

If that is OK with you I will fix thoses linting errors in a second PR

@jerome-caucat Make it so.

How would you prefer long lines to be split?

If we're talking about shell tasks then yes, number 3 is best I guess.

[jerome-caucat]

@JMLX42 I'm going to have to modify the long lines in provisioning/roles/laprimaire.monitoring/defaults/main/prometheus.yml but I don't know how to test my modifications to make sure I don't break anything.

I thought it could be connected to https://monitoring.infra.laprimaire.org.test/alerting/list but I have no alert rules.

How could I test this file?

[JMLX42]

@jerome-caucat this file was loosely inspired from https://github.com/cloudalchemy/ansible-prometheus/blob/master/defaults/main.yml

Here is the .ansible-lint the corresponding project uses: https://github.com/cloudalchemy/ansible-prometheus/blob/master/.ansible-lint

[jerome-caucat]

@JMLX42 We can indeed ignore the linting error [204] Lines should be no longer than 160 chars, this would greatly reduce the number of lines to change and the risk of breaking things.

Normally I would prefer to be strict on the linting, but I guess long lines are not such a big deal.

So I will use the following .ansible-lint and fix the remaining errors:

---
skip_list:
  - '204'

Let me know I you would actually prefer not to ignore long lines.