project: fix var-spacing ansible rule (#10266)

* project: fix var-spacing ansible rule

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing on the beginning/end of jinja template

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing of default filter

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix spacing between filter arguments

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix double space at beginning/end of jinja

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

* project: fix remaining jinja[spacing] ansible-lint warning

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

---------

Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>

roles/kubernetes/preinstall/defaults/main.yml

@@ -73,7 +73,7 @@ ping_access_ip: true
 ntp_enabled: false
 # The package to install which provides NTP functionality.
 # The default is ntp for most platforms, or chrony on RHEL/CentOS 7 and later.
-# The ntp_package can be one of ['ntp','chrony']
+# The ntp_package can be one of ['ntp', 'chrony']
 ntp_package: >-
       {% if ansible_os_family == "RedHat" -%}
       chrony

roles/kubernetes/preinstall/handlers/main.yml

@@ -45,7 +45,7 @@
     - Preinstall | restart kube-controller-manager crio/containerd
     - Preinstall | restart kube-apiserver docker
     - Preinstall | restart kube-apiserver crio/containerd
-  when: not dns_early|bool
+  when: not dns_early | bool
 
 # FIXME(mattymo): Also restart for kubeadm mode
 - name: Preinstall | kube-apiserver configured

roles/kubernetes/preinstall/tasks/0020-set_facts.yml

@@ -84,12 +84,12 @@
 
 - name: Stop if /etc/resolv.conf not configured nameservers
   assert:
-    that: configured_nameservers|length>0
+    that: configured_nameservers | length>0
     fail_msg: "nameserver should not empty in /etc/resolv.conf"
   when:
     - not ignore_assert_errors
     - configured_nameservers is defined
-    - not (upstream_dns_servers is defined and upstream_dns_servers|length > 0)
+    - not (upstream_dns_servers is defined and upstream_dns_servers | length > 0)
     - not (disable_host_nameservers | default(false))
 
 - name: NetworkManager | Check if host has NetworkManager
@@ -111,14 +111,14 @@
 - name: set default dns if remove_default_searchdomains is false
   set_fact:
     default_searchdomains: ["default.svc.{{ dns_domain }}", "svc.{{ dns_domain }}"]
-  when: not remove_default_searchdomains|default()|bool or (remove_default_searchdomains|default()|bool and searchdomains|default([])|length==0)
+  when: not remove_default_searchdomains | default() | bool or (remove_default_searchdomains | default() | bool and searchdomains | default([]) | length==0)
 
 - name: set dns facts
   set_fact:
     resolvconf: >-
       {%- if resolvconf.rc == 0 and resolvconfd_path.stat.isdir is defined and resolvconfd_path.stat.isdir -%}true{%- else -%}false{%- endif -%}
     bogus_domains: |-
-      {% for d in default_searchdomains|default([]) + searchdomains|default([]) -%}
+      {% for d in default_searchdomains | default([]) + searchdomains | default([]) -%}
       {{ dns_domain }}.{{ d }}./{{ d }}.{{ d }}./com.{{ d }}./
       {%- endfor %}
     cloud_resolver: "{{ ['169.254.169.254'] if cloud_provider is defined and cloud_provider == 'gce' else
@@ -142,9 +142,9 @@
   set_fact:
     resolvconffile: /etc/resolv.conf
     base: >-
-      {%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
+      {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/base{%- endif -%}
     head: >-
-      {%- if resolvconf|bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
+      {%- if resolvconf | bool -%}/etc/resolvconf/resolv.conf.d/head{%- endif -%}
   when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] and not is_fedora_coreos
 
 - name: target temporary resolvconf cloud init file (Flatcar Container Linux by Kinvolk / Fedora CoreOS)
@@ -191,36 +191,36 @@
 - name: generate search domains to resolvconf
   set_fact:
     searchentries:
-      search {{ (default_searchdomains|default([]) + searchdomains|default([])) | join(' ') }}
+      search {{ (default_searchdomains | default([]) + searchdomains | default([])) | join(' ') }}
     domainentry:
       domain {{ dns_domain }}
     supersede_search:
-      supersede domain-search "{{ (default_searchdomains|default([]) + searchdomains|default([])) | join('", "') }}";
+      supersede domain-search "{{ (default_searchdomains | default([]) + searchdomains | default([])) | join('", "') }}";
     supersede_domain:
       supersede domain-name "{{ dns_domain }}";
 
 - name: pick coredns cluster IP or default resolver
   set_fact:
     coredns_server: |-
-      {%- if dns_mode == 'coredns' and not dns_early|bool -%}
-        {{ [ skydns_server ] }}
-      {%- elif dns_mode == 'coredns_dual' and not dns_early|bool -%}
-        {{ [ skydns_server ] + [ skydns_server_secondary ] }}
-      {%- elif dns_mode == 'manual' and not dns_early|bool -%}
-        {{ ( manual_dns_server.split(',') | list) }}
-      {%- elif dns_mode == 'none' and not dns_early|bool -%}
+      {%- if dns_mode == 'coredns' and not dns_early | bool -%}
+        {{ [skydns_server] }}
+      {%- elif dns_mode == 'coredns_dual' and not dns_early | bool -%}
+        {{ [skydns_server] + [skydns_server_secondary] }}
+      {%- elif dns_mode == 'manual' and not dns_early | bool -%}
+        {{ (manual_dns_server.split(',') | list) }}
+      {%- elif dns_mode == 'none' and not dns_early | bool -%}
         []
-      {%- elif dns_early|bool -%}
-        {{ upstream_dns_servers|default([]) }}
+      {%- elif dns_early | bool -%}
+        {{ upstream_dns_servers | default([]) }}
       {%- endif -%}
 
 # This task should only run after cluster/nodelocal DNS is up, otherwise all DNS lookups will timeout
 - name: generate nameservers for resolvconf, including cluster DNS
   set_fact:
     nameserverentries: |-
-      {{ (([nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server|d([]) if not enable_nodelocaldns else []) + nameservers|d([]) + cloud_resolver|d([]) + (configured_nameservers|d([]) if not disable_host_nameservers|d()|bool else [])) | unique | join(',') }}
+      {{ (([nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server | d([]) if not enable_nodelocaldns else []) + nameservers | d([]) + cloud_resolver | d([]) + (configured_nameservers | d([]) if not disable_host_nameservers | d() | bool else [])) | unique | join(',') }}
     supersede_nameserver:
-      supersede domain-name-servers {{ ( ( [nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server|d([]) if not enable_nodelocaldns else []) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
+      supersede domain-name-servers {{ (([nodelocaldns_ip] if enable_nodelocaldns else []) + (coredns_server | d([]) if not enable_nodelocaldns else []) + nameservers | d([]) + cloud_resolver | d([])) | unique | join(', ') }};
   when: not dns_early or dns_late
 
 # This task should run instead of the above task when cluster/nodelocal DNS hasn't
@@ -228,20 +228,20 @@
 - name: generate nameservers for resolvconf, not including cluster DNS
   set_fact:
     nameserverentries: |-
-      {{ ( nameservers|d([]) + cloud_resolver|d([]) + configured_nameservers|d([])) | unique | join(',') }}
+      {{ (nameservers | d([]) + cloud_resolver | d([]) + configured_nameservers | d([])) | unique | join(',') }}
     supersede_nameserver:
-      supersede domain-name-servers {{ ( nameservers|d([]) + cloud_resolver|d([])) | unique | join(', ') }};
+      supersede domain-name-servers {{ (nameservers | d([]) + cloud_resolver | d([])) | unique | join(', ') }};
   when: dns_early and not dns_late
 
 - name: gather os specific variables
   include_vars: "{{ item }}"
   with_first_found:
     - files:
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}.yml"
+        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower | replace('/', '_') }}.yml"
+        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower | replace('/', '_') }}.yml"
+        - "{{ ansible_distribution | lower }}.yml"
+        - "{{ ansible_os_family | lower }}.yml"
         - defaults.yml
       paths:
         - ../vars

roles/kubernetes/preinstall/tasks/0040-verify-settings.yml

@@ -45,7 +45,7 @@
 # simplify this items-list when   https://github.com/ansible/ansible/issues/15753  is resolved
 - name: "Stop if known booleans are set as strings (Use JSON format on CLI: -e \"{'key': true }\")"
   assert:
-    that: item.value|type_debug == 'bool'
+    that: item.value | type_debug == 'bool'
     msg: "{{ item.value }} isn't a bool"
   run_once: yes
   with_items:
@@ -58,7 +58,7 @@
 
 - name: Stop if even number of etcd hosts
   assert:
-    that: groups.etcd|length is not divisibleby 2
+    that: groups.etcd | length is not divisibleby 2
   when:
     - not ignore_assert_errors
     - inventory_hostname in groups.get('etcd',[])
@@ -102,6 +102,7 @@
 
 - name: Ensure ping package
   package:
+    # noqa: jinja[spacing]
     name: >-
           {%- if ansible_os_family == 'Debian' -%}
           iputils-ping
@@ -207,7 +208,7 @@
 
 - name: Stop if unknown cert_management
   assert:
-    that: cert_management|d('script') in ['script', 'none']
+    that: cert_management | d('script') in ['script', 'none']
     msg: "cert_management can only be 'script' or 'none'"
   run_once: true
 

roles/kubernetes/preinstall/tasks/0060-resolvconf.yml

@@ -13,7 +13,7 @@
       {% for item in nameserverentries.split(',') %}
       nameserver {{ item }}
       {% endfor %}
-      options ndots:{{ ndots }} timeout:{{ dns_timeout|default('2') }} attempts:{{ dns_attempts|default('2') }}
+      options ndots:{{ ndots }} timeout:{{ dns_timeout | default('2') }} attempts:{{ dns_attempts | default('2') }}
     state: present
     insertbefore: BOF
     create: yes
@@ -28,7 +28,7 @@
     regexp: '^{{ item[1] }}[^#]*(?=# Ansible entries BEGIN)'
     backup: "{{ not resolvconf_stat.stat.islnk }}"
   with_nested:
-    - "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
+    - "{{ [resolvconffile, base | default(''), head | default('')] | difference(['']) }}"
     - [ 'search\s', 'nameserver\s', 'domain\s', 'options\s' ]
   notify: Preinstall | propagate resolvconf to k8s components
 
@@ -39,7 +39,7 @@
     replace: '\1'
     backup: "{{ not resolvconf_stat.stat.islnk }}"
   with_nested:
-    - "{{ [resolvconffile, base|default(''), head|default('')] | difference(['']) }}"
+    - "{{ [resolvconffile, base | default(''), head | default('')] | difference(['']) }}"
     - [ 'search\s', 'nameserver\s', 'domain\s', 'options\s' ]
   notify: Preinstall | propagate resolvconf to k8s components
 

roles/kubernetes/preinstall/tasks/0063-networkmanager-dns.yml

@@ -12,14 +12,14 @@
 - name: set default dns if remove_default_searchdomains is false
   set_fact:
     default_searchdomains: ["default.svc.{{ dns_domain }}", "svc.{{ dns_domain }}"]
-  when: not remove_default_searchdomains|default()|bool or (remove_default_searchdomains|default()|bool and searchdomains|default([])|length==0)
+  when: not remove_default_searchdomains | default() | bool or (remove_default_searchdomains | default() | bool and searchdomains | default([]) | length==0)
 
 - name: NetworkManager | Add DNS search to NM configuration
   community.general.ini_file:
     path: /etc/NetworkManager/conf.d/dns.conf
     section: global-dns
     option: searches
-    value: "{{ (default_searchdomains|default([]) + searchdomains|default([])) | join(',') }}"
+    value: "{{ (default_searchdomains | default([]) + searchdomains | default([])) | join(',') }}"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for networkmanager
@@ -29,7 +29,7 @@
     path: /etc/NetworkManager/conf.d/dns.conf
     section: global-dns
     option: options
-    value: "ndots:{{ ndots }},timeout:{{ dns_timeout|default('2') }},attempts:{{ dns_attempts|default('2') }}"
+    value: "ndots:{{ ndots }},timeout:{{ dns_timeout | default('2') }},attempts:{{ dns_attempts | default('2') }}"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for networkmanager

roles/kubernetes/preinstall/tasks/0070-system-packages.yml

@@ -55,7 +55,7 @@
   delay: "{{ retry_stagger | random + 3 }}"
   when:
     - ansible_distribution == "Fedora"
-    - ansible_distribution_major_version|int >= 30
+    - ansible_distribution_major_version | int >= 30
     - not is_fedora_coreos
   changed_when: False
   tags:
@@ -68,18 +68,18 @@
   when:
     - ansible_os_family == "RedHat"
     - not is_fedora_coreos
-    - epel_enabled|bool
+    - epel_enabled | bool
   tags:
     - bootstrap-os
 
 - name: Update common_required_pkgs with ipvsadm when kube_proxy_mode is ipvs
   set_fact:
-    common_required_pkgs: "{{ common_required_pkgs|default([]) + ['ipvsadm', 'ipset'] }}"
+    common_required_pkgs: "{{ common_required_pkgs | default([]) + ['ipvsadm', 'ipset'] }}"
   when: kube_proxy_mode == 'ipvs'
 
 - name: Install packages requirements
   package:
-    name: "{{ required_pkgs | default([]) | union(common_required_pkgs|default([])) }}"
+    name: "{{ required_pkgs | default([]) | union(common_required_pkgs | default([])) }}"
     state: present
   register: pkgs_task_result
   until: pkgs_task_result is succeeded

roles/kubernetes/preinstall/tasks/0080-system-configurations.yml

@@ -119,7 +119,7 @@
     - { name: kernel.panic_on_oops, value: 1 }
     - { name: vm.overcommit_memory, value: 1 }
     - { name: vm.panic_on_oom, value: 0 }
-  when: kubelet_protect_kernel_defaults|bool
+  when: kubelet_protect_kernel_defaults | bool
 
 - name: Check dummy module
   community.general.modprobe:

roles/kubernetes/preinstall/tasks/0081-ntp-configurations.yml

@@ -17,6 +17,7 @@
 
 - name: Set fact NTP settings
   set_fact:
+    # noqa: jinja[spacing]
     ntp_config_file: >-
       {% if ntp_package == "ntp" -%}
       /etc/ntp.conf
@@ -25,6 +26,7 @@
       {%- else -%}
       /etc/chrony/chrony.conf
       {%- endif -%}
+    # noqa: jinja[spacing]
     ntp_service_name: >-
       {% if ntp_package == "chrony" -%}
       chronyd
@@ -51,6 +53,7 @@
     - ntp_force_sync_immediately
 
 - name: Force Sync NTP Immediately
+  # noqa: jinja[spacing]
   command: >-
       timeout -k 60s 60s
       {% if ntp_package == "ntp" -%}

roles/kubernetes/preinstall/tasks/0090-etchosts.yml

@@ -4,7 +4,7 @@
     - name: Hosts | create list from inventory
       set_fact:
         etc_hosts_inventory_block: |-
-          {% for item in (groups['k8s_cluster'] + groups['etcd']|default([]) + groups['calico_rr']|default([]))|unique -%}
+          {% for item in (groups['k8s_cluster'] + groups['etcd'] | default([]) + groups['calico_rr'] | default([])) | unique -%}
           {% if 'access_ip' in hostvars[item] or 'ip' in hostvars[item] or 'ansible_default_ipv4' in hostvars[item] -%}
           {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(hostvars[item]['ansible_default_ipv4']['address'])) }}
           {%- if ('ansible_hostname' in hostvars[item] and item != hostvars[item]['ansible_hostname']) %} {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }} {{ hostvars[item]['ansible_hostname'] }} {% else %} {{ item }}.{{ dns_domain }} {{ item }} {% endif %}
@@ -51,8 +51,8 @@
     - name: Hosts | Extract existing entries for localhost from hosts file
       set_fact:
         etc_hosts_localhosts_dict: >-
-          {%- set splitted = (item | regex_replace('[ \t]+', ' ')|regex_replace('#.*$')|trim).split( ' ') -%}
-          {{ etc_hosts_localhosts_dict|default({}) | combine({splitted[0]: splitted[1::] }) }}
+          {%- set splitted = (item | regex_replace('[ \t]+', ' ') | regex_replace('#.*$') | trim).split(' ') -%}
+          {{ etc_hosts_localhosts_dict | default({}) | combine({splitted[0]: splitted[1::]}) }}
       with_items: "{{ (etc_hosts_content['content'] | b64decode).splitlines() }}"
       when:
         - etc_hosts_content.content is defined
@@ -61,19 +61,19 @@
     - name: Hosts | Update target hosts file entries dict with required entries
       set_fact:
         etc_hosts_localhosts_dict_target: >-
-          {%- set target_entries = (etc_hosts_localhosts_dict|default({})).get(item.key, []) | difference(item.value.get('unexpected' ,[])) -%}
-          {{ etc_hosts_localhosts_dict_target|default({}) | combine({item.key: (target_entries + item.value.expected)|unique}) }}
-      loop: "{{ etc_hosts_localhost_entries|dict2items }}"
+          {%- set target_entries = (etc_hosts_localhosts_dict | default({})).get(item.key, []) | difference(item.value.get('unexpected', [])) -%}
+          {{ etc_hosts_localhosts_dict_target | default({}) | combine({item.key: (target_entries + item.value.expected) | unique}) }}
+      loop: "{{ etc_hosts_localhost_entries | dict2items }}"
 
     - name: Hosts | Update (if necessary) hosts file
       lineinfile:
         dest: /etc/hosts
-        line: "{{ item.key }} {{ item.value|join(' ') }}"
+        line: "{{ item.key }} {{ item.value | join(' ') }}"
         regexp: "^{{ item.key }}.*$"
         state: present
         backup: yes
         unsafe_writes: yes
-      loop: "{{ etc_hosts_localhosts_dict_target|default({})|dict2items }}"
+      loop: "{{ etc_hosts_localhosts_dict_target | default({}) | dict2items }}"
   when: populate_localhost_entries_to_hosts_file
 
 # gather facts to update ansible_fqdn

roles/kubernetes/preinstall/tasks/0100-dhclient-hooks.yml

@@ -2,7 +2,7 @@
 - name: Configure dhclient to supersede search/domain/nameservers
   blockinfile:
     block: |-
-      {% for item in [ supersede_domain, supersede_search, supersede_nameserver ] -%}
+      {% for item in [supersede_domain, supersede_search, supersede_nameserver] -%}
       {{ item }}
       {% endfor %}
     path: "{{ dhclientconffile }}"

roles/kubernetes/preinstall/tasks/0120-growpart-azure-centos-7.yml

@@ -14,7 +14,7 @@
 - name: Search root filesystem device
   vars:
     query: "[?mount=='/'].device"
-    _root_device: "{{ ansible_mounts|json_query(query) }}"
+    _root_device: "{{ ansible_mounts | json_query(query) }}"
   set_fact:
     device: "{{ _root_device | first | regex_replace('([^0-9]+)[0-9]+', '\\1') }}"
     partition: "{{ _root_device | first | regex_replace('[^0-9]+([0-9]+)', '\\1') }}"

roles/kubernetes/preinstall/vars/centos.yml

@@ -1,6 +1,6 @@
 ---
 required_pkgs:
-  - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
+  - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}"
   - device-mapper-libs
   - nss
   - conntrack

roles/kubernetes/preinstall/vars/redhat.yml

@@ -1,6 +1,6 @@
 ---
 required_pkgs:
-  - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
+  - "{{ ((ansible_distribution_major_version | int) < 8) | ternary('libselinux-python', 'python3-libselinux') }}"
   - device-mapper-libs
   - nss
   - conntrack