Merge "Fix linters and metadata"

2023-08-14 11:19:50 +00:00 · 2023-08-14 11:19:50 +00:00 · 2928f95e1a
commit 2928f95e1a
parent 7000bc3f3f 9b9bc21121
18 changed files with 141 additions and 84 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -37,7 +37,11 @@ debug: False
 # for the service setup. The host must already have
 # clouds.yaml properly configured.
 nova_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
-nova_service_setup_host_python_interpreter: "{{ openstack_service_setup_host_python_interpreter | default((nova_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+nova_service_setup_host_python_interpreter: >-
+  {{
+    openstack_service_setup_host_python_interpreter | default(
+      (nova_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
+  }}

 # Set the host which will run compute initialization tasks such as checking
 # for a compute node to be up and running cell discovery.
@ -54,7 +58,8 @@ nova_venv_python_executable: "{{ openstack_venv_python_executable | default('pyt
 nova_git_repo: https://opendev.org/openstack/nova
 nova_git_install_branch: master

-nova_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
+nova_upper_constraints_url: >-
+  {{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}
 nova_git_constraints:
  - "--constraint {{ nova_upper_constraints_url }}"
 nova_pip_install_args: "{{ pip_install_options | default('') }}"
@ -90,7 +95,11 @@ nova_management_address: "127.0.0.1"

 ## Database info
 nova_db_setup_host: "{{ openstack_db_setup_host | default('localhost') }}"
-nova_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter | default((nova_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }}"
+nova_db_setup_python_interpreter: >-
+  {{
+    openstack_db_setup_python_interpreter | default(
+      (nova_db_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable']))
+  }}
 nova_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 nova_galera_user: nova
 nova_galera_database: nova
@ -176,12 +185,12 @@ nova_virt_types:


 # If this is not set, then the playbook will try to guess it.
-#nova_virt_type: kvm
+# nova_virt_type: kvm

 # Enable Kernel Shared Memory (KSM)
 nova_compute_ksm_enabled: False

-#if set, nova_virt_type must be one of these:
+# if set, nova_virt_type must be one of these:
 nova_supported_virt_types:
  - qemu
  - kvm
@ -265,7 +274,7 @@ nova_nested_virt_enabled: False

 # Uwsgi settings
 nova_wsgi_processes_max: 16
-nova_wsgi_processes: "{{ [[ansible_facts['processor_vcpus']|default(1), 1] | max * 2, nova_wsgi_processes_max] | min }}"
+nova_wsgi_processes: "{{ [[ansible_facts['processor_vcpus'] | default(1), 1] | max * 2, nova_wsgi_processes_max] | min }}"
 nova_wsgi_threads: 1
 nova_uwsgi_tls:
  crt: "{{ nova_ssl_cert }}"
@ -354,7 +363,7 @@ nova_nfs_client: []

 # Nova Ceph rbd
 # Enble and define nova_libvirt_images_rbd_pool to use rbd as nova backend
-#nova_libvirt_images_rbd_pool: vms
+# nova_libvirt_images_rbd_pool: vms
 nova_libvirt_images_rbd_pool: ''
 nova_ceph_client: "{{ cinder_ceph_client }}"

@ -381,14 +390,15 @@ nova_rbd_inuse: "{{ (nova_libvirt_images_rbd_pool | length > 0) or (nova_cinder_

 ## Cap the maximun number of threads / workers when a user value is unspecified.
 nova_api_threads_max: 16
-nova_api_threads: "{{ [[(ansible_facts['processor_vcpus']//ansible_facts['processor_threads_per_core'])|default(1), 1] | max * 2, nova_api_threads_max] | min }}"
+nova_api_threads: >-
+  {{ [[(ansible_facts['processor_vcpus'] // ansible_facts['processor_threads_per_core']) | default(1), 1] | max * 2, nova_api_threads_max] | min }}

 ## Policy vars
 # Provide a list of access controls to update the default policy.json with. These changes will be merged
 # with the access controls in the default policy.json. E.g.
-#nova_policy_overrides:
-#  "compute:create": ""
-#  "compute:create:attach_network": ""
+# nova_policy_overrides:
+#   "compute:create": ""
+#   "compute:create:attach_network": ""

 ## Resource provider vars
 # Optionally specify a set of resource providers that a particular compute node exposes
@ -585,7 +595,8 @@ nova_pki_setup_host: "{{ openstack_pki_setup_host | default('localhost') }}"
 nova_pki_keys_path: "{{ nova_pki_dir ~ '/certs/private/' }}"
 nova_pki_certs_path: "{{ nova_pki_dir ~ '/certs/certs/' }}"
 nova_pki_intermediate_cert_name: "{{ openstack_pki_service_intermediate_cert_name }}"
-nova_pki_intermediate_chain_path: "{{ nova_pki_dir ~ '/roots/' ~ nova_pki_intermediate_cert_name ~ '/certs/' ~ nova_pki_intermediate_cert_name ~ '-chain.crt' }}"
+nova_pki_intermediate_chain_path: >-
+  {{ nova_pki_dir ~ '/roots/' ~ nova_pki_intermediate_cert_name ~ '/certs/' ~ nova_pki_intermediate_cert_name ~ '-chain.crt' }}
 nova_pki_regen_cert: ''
 nova_pki_san: "{{ openstack_pki_san | default('DNS:' ~ ansible_facts['hostname'] ~ ',IP:' ~ management_address) }}"
 # Create client and server cert for compute hosts
@ -594,7 +605,11 @@ nova_pki_compute_certificates:
  - name: "nova_{{ ansible_facts['hostname'] }}"
    provider: ownca
    cn: "{{ ansible_facts['nodename'] }}"
-    san: "{{ 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary('127.0.0.1', nova_management_address) }}"
+    san: >-
+      {{
+        'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
+          '127.0.0.1', nova_management_address)
+      }}
    signed_by: "{{ nova_pki_intermediate_cert_name }}"
    key_usage:
      - digitalSignature
@ -677,9 +692,9 @@ nova_pki_compute_install_certificates:

 # Define user-provided SSL certificates in:
 # /etc/openstack_deploy/user_variables.yml
-#nova_user_ssl_cert: <path to cert on ansible deployment host>
-#nova_user_ssl_key: <path to cert on ansible deployment host>
-#nova_user_ssl_ca_cert: <path to cert on ansible deployment host>
+# nova_user_ssl_cert: <path to cert on ansible deployment host>
+# nova_user_ssl_key: <path to cert on ansible deployment host>
+# nova_user_ssl_ca_cert: <path to cert on ansible deployment host>

 # TLS certficates for console hosts
 nova_pki_console_certificates:
@ -687,7 +702,11 @@ nova_pki_console_certificates:
  - name: "nova_{{ ansible_facts['hostname'] }}-client"
    provider: ownca
    cn: "{{ ansible_facts['nodename'] }}"
-    san: "{{ 'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary('127.0.0.1', nova_management_address) }}"
+    san: >-
+      {{
+        'DNS:' ~ ansible_facts['hostname'] ~ ',DNS:' ~ ansible_facts['nodename'] ~ ',IP:' ~ (nova_management_address == 'localhost') | ternary(
+          '127.0.0.1', nova_management_address)
+      }}
    signed_by: "{{ nova_pki_intermediate_cert_name }}"
    key_usage:
      - digitalSignature
@ -719,12 +738,12 @@ nova_pki_console_install_certificates:
    condition: "{{ nova_qemu_vnc_tls == 1 and nova_console_type == 'novnc' }}"

 # host which holds the ssh certificate authority
-nova_ssh_keypairs_setup_host: "{{ openstack_ssh_keypairs_setup_host  | default('localhost') }}"
+nova_ssh_keypairs_setup_host: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}"

 # directory on the deploy host to create and store SSH keypairs
 nova_ssh_keypairs_dir: "{{ openstack_ssh_keypairs_dir | default('/etc/openstack_deploy/ssh_keypairs') }}"

-#Each compute host needs a signed ssh certificate to log into the others
+# Each compute host needs a signed ssh certificate to log into the others
 nova_ssh_keypairs:
  - name: "nova-{{ inventory_hostname }}"
    cert:
@ -733,7 +752,7 @@ nova_ssh_keypairs:
      valid_from: "{{ nova_ssh_key_valid_from | default('always') }}"
      valid_to: "{{ nova_ssh_key_valid_to | default('forever') }}"

-#Each compute host needs the signed ssh certificate installing to the nova user
+# Each compute host needs the signed ssh certificate installing to the nova user
 nova_ssh_keypairs_install_keys:
  owner: "{{ nova_system_user_name }}"
  group: "{{ nova_system_group_name }}"
@ -741,10 +760,10 @@ nova_ssh_keypairs_install_keys:
    - cert: "nova-{{ inventory_hostname }}"
      dest: "{{ nova_system_home_folder }}/.ssh/id_rsa"

-#Each compute host must trust the SSHD certificate authoritiy in the sshd configuration
+# Each compute host must trust the SSHD certificate authoritiy in the sshd configuration
 nova_ssh_keypairs_install_ca: "{{ openstack_ssh_keypairs_authorities }}"

-#Each compute host must allow SSH certificates with the appropriate principal to log into the nova user
+# Each compute host must allow SSH certificates with the appropriate principal to log into the nova user
 nova_ssh_keypairs_principals:
  - user: "{{ nova_system_user_name }}"
    principals: "{{ nova_ssh_key_principals | default(['nova']) }}"
--- a/meta/main.yml
+++ b/meta/main.yml
@ -18,19 +18,21 @@ galaxy_info:
  description: Installation and setup of nova
  company: Rackspace
  license: Apache2
-  min_ansible_version: 2.4
+  role_name: os_nova
+  namespace: openstack
+  min_ansible_version: "2.10"
  platforms:
    - name: Debian
      versions:
-        - buster
+        - bullseye
    - name: Ubuntu
      versions:
-        - bionic
        - focal
+        - jammy
    - name: EL
      versions:
-        - 8
-  categories:
+        - "9"
+  galaxy_tags:
    - cloud
    - python
    - nova
--- a/tasks/consoles/nova_console_novnc_install.yml
+++ b/tasks/consoles/nova_console_novnc_install.yml
@ -59,7 +59,8 @@
  tags:
    - nova-novnc-git

- include_tasks: nova_console_novnc_ssl.yml
+- name: Including nova_console_novnc_ssl tasks
+  include_tasks: nova_console_novnc_ssl.yml
  when:
    - nova_console_user_ssl_cert is defined
    - nova_console_user_ssl_key is defined
--- a/tasks/consoles/nova_console_novnc_ssl.yml
+++ b/tasks/consoles/nova_console_novnc_ssl.yml
@ -22,7 +22,7 @@
    mode: "0755"

 - name: Prepare combined nova-console SSL and CA certs
-  command: cat {{ nova_console_user_ssl_cert }} {{ nova_console_user_ssl_ca_cert is defined | ternary(nova_console_user_ssl_ca_cert,'') }}
+  command: cat {{ nova_console_user_ssl_cert }} {{ nova_console_user_ssl_ca_cert is defined | ternary(nova_console_user_ssl_ca_cert, '') }}
  changed_when: false
  register: nova_console_user_ssl_combined
  tags:
--- a/tasks/drivers/kvm/nova_compute_kvm.yml
+++ b/tasks/drivers/kvm/nova_compute_kvm.yml
@ -13,7 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- include_tasks: nova_compute_kvm_install.yml
+- name: Including nova_compute_kvm_install tasks
+  include_tasks: nova_compute_kvm_install.yml
  args:
    apply:
      tags:
@ -27,7 +28,7 @@
    dest: /etc/modprobe.d/kvm.conf
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  when:
    - nova_nested_virt_enabled | bool
  tags:
@ -70,7 +71,7 @@
    dest: /etc/libvirt/libvirtd.conf
    owner: "root"
    group: "root"
-    mode: 0644
+    mode: "0644"
  notify: Restart libvirt-bin
  tags:
    - nova-config
@ -125,7 +126,7 @@
 - name: Set qemu-kvm KSM config (Ubuntu)
  lineinfile:
    dest: "/etc/default/qemu-kvm"
-    line: "KSM_ENABLED={{ nova_compute_ksm_enabled | ternary('1','0') }}"
+    line: "KSM_ENABLED={{ nova_compute_ksm_enabled | ternary('1', '0') }}"
    regexp: "^KSM_ENABLED=*"
    backup: yes
  when:
@ -136,7 +137,8 @@
    - nova-kvm
    - nova-libvirt

- include_tasks: nova_disable_smt.yml
+- name: Including nova_disable_smt tasks
+  include_tasks: nova_disable_smt.yml
  when:
    - ansible_facts['architecture'] == 'ppc64le'
  args:
@ -146,7 +148,8 @@
  tags:
    - always

- include_tasks: nova_enable_ksm.yml
+- name: Including nova_enable_ksm tasks
+  include_tasks: nova_enable_ksm.yml
  when:
    - nova_compute_ksm_enabled | bool
  args:
@ -156,7 +159,8 @@
  tags:
    - always

- include_tasks: nova_compute_kvm_virsh_net_remove.yml
+- name: Including nova_compute_kvm_virsh_net_remove tasks
+  include_tasks: nova_compute_kvm_virsh_net_remove.yml
  args:
    apply:
      tags:
--- a/tasks/drivers/kvm/nova_compute_kvm_install.yml
+++ b/tasks/drivers/kvm/nova_compute_kvm_install.yml
@ -37,7 +37,7 @@
    - _qemu_save_dir.stat.isdir | bool

 - name: Move the existing save directory to nova_libvirt_save_path
-  command: "mv /var/lib/libvirt/qemu/save {{ nova_libvirt_save_path }}"
+  command: "mv /var/lib/libvirt/qemu/save {{ nova_libvirt_save_path }}" # noqa: no-changed-when
  when:
    - _qemu_save_dir.stat.isdir is defined
    - _qemu_save_dir.stat.isdir | bool
@ -47,6 +47,7 @@
  file:
    path: "{{ nova_libvirt_save_path }}"
    state: directory
+    mode: "0755"

 - name: Symlink qemu save dir to nova_libvirt_save_path
  file:
--- a/tasks/drivers/kvm/nova_compute_kvm_virsh_net_remove.yml
+++ b/tasks/drivers/kvm/nova_compute_kvm_virsh_net_remove.yml
@ -18,11 +18,11 @@
  changed_when: false
  register: default_net

- name: Disable libvirt default network
+- name: Disable libvirt default network # noqa: no-changed-when
  command: "virsh net-autostart default --disable"
  failed_when: false
  when: default_net.stdout.find('default') != -1

- name: Destroy libvirt default network
+- name: Destroy libvirt default network # noqa: no-changed-when
  command: "virsh net-destroy default"
  when: default_net.stdout.find('default') != -1
--- a/tasks/drivers/kvm/nova_enable_ksm.yml
+++ b/tasks/drivers/kvm/nova_enable_ksm.yml
@ -12,4 +12,3 @@
    state: started
  when:
    - ansible_facts['pkg_mgr'] in ['dnf', 'apt']
-
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -52,7 +52,8 @@
  tags:
    - always

- include_role:
+- name: Including osa.db_setup role
+  include_role:
    name: openstack.osa.db_setup
    apply:
      tags:
@ -81,7 +82,8 @@
  tags:
    - always

- include_role:
+- name: Including osa.mq_setup role
+  include_role:
    name: openstack.osa.mq_setup
    apply:
      tags:
@ -103,7 +105,8 @@
  tags:
    - always

- include_tasks: nova_virt_detect.yml
+- name: Including nova_virt_detect tasks
+  include_tasks: nova_virt_detect.yml
  args:
    apply:
      tags:
@ -113,19 +116,22 @@
  tags:
    - always

- import_tasks: nova_mdev_detect.yml
+- name: Importing nova_mdev_detect tasks
+  import_tasks: nova_mdev_detect.yml
  tags:
    - always

- import_tasks: nova_pre_install.yml
+- name: Importing nova_pre_install tasks
+  import_tasks: nova_pre_install.yml
  tags:
    - nova-install

- import_tasks: nova_install.yml
+- name: Importing nova_install tasks
+  import_tasks: nova_install.yml
  tags:
    - nova-install

- name: refresh local facts
+- name: Refresh local facts
  setup:
    filter: ansible_local
    gather_subset: "!all"
@ -195,11 +201,13 @@
  tags:
    - always

- import_tasks: nova_post_install.yml
+- name: Including nova_post_install tasks
+  import_tasks: nova_post_install.yml
  tags:
    - nova-config

- include_role:
+- name: Including osa.service_setup tasks
+  include_role:
    name: openstack.osa.service_setup
    apply:
      tags:
@ -235,7 +243,8 @@
  tags:
    - always

- include_tasks: nova_db_setup.yml
+- name: Including nova_db_setup tasks
+  include_tasks: nova_db_setup.yml
  args:
    apply:
      tags:
@ -266,10 +275,10 @@
    systemd_tempd_prefix: openstack
    systemd_slice_name: "{{ nova_system_slice_name }}"
    systemd_lock_dir: "{{ nova_lock_dir }}"
-    systemd_CPUAccounting: true
-    systemd_BlockIOAccounting: true
-    systemd_MemoryAccounting: true
-    systemd_TasksAccounting: true
+    systemd_service_cpu_accounting: true
+    systemd_service_block_io_accounting: true
+    systemd_service_memory_accounting: true
+    systemd_service_tasks_accounting: true
    systemd_services: |-
      {% set services = [] %}
      {% for service in filtered_nova_services %}
@ -290,7 +299,8 @@
    - nova-config
    - systemd-service

- include_tasks: nova_compute.yml
+- name: Including nova_compute tasks
+  include_tasks: nova_compute.yml
  args:
    apply:
      tags:
@ -320,7 +330,8 @@
 - name: Flush handlers
  meta: flush_handlers

- import_tasks: nova_compute_wait.yml
+- name: Importing nova_compute_wait tasks
+  import_tasks: nova_compute_wait.yml
  when:
    - "nova_services['nova-compute']['group'] in group_names"
    - "nova_discover_hosts_in_cells_interval | int < 1"
@ -333,7 +344,8 @@
 # because the compute hosts do not have access to
 # the database connection string and therefore
 # cannot run nova-manage.
- import_tasks: nova_db_post_setup.yml
+- name: Importing nova_db_post_setup tasks
+  import_tasks: nova_db_post_setup.yml
  delegate_to: "{{ nova_conductor_setup_host }}"
  run_once: true
  when:
--- a/tasks/nova_compute.yml
+++ b/tasks/nova_compute.yml
@ -13,7 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- include_tasks: "drivers/{{ nova_virt_type }}/nova_compute_{{ nova_virt_type }}.yml"
+- name: Including nova_compute tasks for {{ nova_virt_type }}
+  include_tasks: "drivers/{{ nova_virt_type }}/nova_compute_{{ nova_virt_type }}.yml"
  args:
    apply:
      tags:
@ -50,12 +51,12 @@
      tags:
        - nova-key
  vars:
-      ssh_keypairs_setup_host: "{{ nova_ssh_keypairs_setup_host }}"
-      ssh_keypairs_dir: "{{ nova_ssh_keypairs_dir }}"
-      ssh_keypairs: "{{ nova_ssh_keypairs }}"
-      ssh_keypairs_install_keys: "{{ nova_ssh_keypairs_install_keys }}"
-      ssh_keypairs_install_ca: "{{ nova_ssh_keypairs_install_ca }}"
-      ssh_keypairs_principals: "{{ nova_ssh_keypairs_principals }}"
+    ssh_keypairs_setup_host: "{{ nova_ssh_keypairs_setup_host }}"
+    ssh_keypairs_dir: "{{ nova_ssh_keypairs_dir }}"
+    ssh_keypairs: "{{ nova_ssh_keypairs }}"
+    ssh_keypairs_install_keys: "{{ nova_ssh_keypairs_install_keys }}"
+    ssh_keypairs_install_ca: "{{ nova_ssh_keypairs_install_ca }}"
+    ssh_keypairs_principals: "{{ nova_ssh_keypairs_principals }}"
  tags:
    - always

--- a/tasks/nova_db_post_setup.yml
+++ b/tasks/nova_db_post_setup.yml
@ -20,7 +20,9 @@

 # This needs to be done after Compute hosts are added.
 - name: Perform a cell_v2 discover
-  command: "{{ _db_nova_bin }}/nova-manage cell_v2 discover_hosts{{ (debug | bool) | ternary(' --verbose', '') }}{{ (nova_virt_type == 'ironic') | ternary(' --by-service', '') }}"
+  command: >-
+    {{ _db_nova_bin }}/nova-manage cell_v2 discover_hosts{{ (debug | bool) | ternary(' --verbose', '') }}{{
+      (nova_virt_type == 'ironic') | ternary(' --by-service', '') }}
  become: yes
  become_user: "{{ _db_nova_system_user_name }}"
  changed_when: false
@ -35,6 +37,7 @@
  command: "{{ _db_nova_bin }}/nova-manage db online_data_migrations"
  become: yes
  become_user: "{{ _db_nova_system_user_name }}"
+  changed_when: false
  when:
    - hostvars[nova_conductor_setup_host]['ansible_local']['openstack_ansible']['nova']['need_online_data_migrations'] | bool
  retries: 5
@ -49,6 +52,7 @@
    section: nova
    option: need_online_data_migrations
    value: False
+    mode: "0644"
  with_items: "{{ groups[nova_services['nova-conductor']['group']] }}"
  when:
    - data_migrations is not skipped
@ -67,7 +71,7 @@
    systemd_services:
      - service_name: "nova-archive-deleted"
        execstarts:
-          - /bin/sh -c "{{ _db_nova_bin }}/nova-manage db archive_deleted_rows --until-complete --all-cells --before \"$(date -d '{{ nova_archive_deleted_before }}' +'%%Y-%%m-%%d %%H:%%M')\" {{ (nova_archive_deleted_purge) | ternary('--purge', '') }} {{ (nova_archive_task_log) | ternary('--task-log', '') }}"
+          - /bin/sh -c "{{ _db_nova_bin }}/nova-manage db archive_deleted_rows --until-complete --all-cells --before \"$(date -d '{{ nova_archive_deleted_before }}' +'%%Y-%%m-%%d %%H:%%M')\" {{ (nova_archive_deleted_purge) | ternary('--purge', '') }} {{ (nova_archive_task_log) | ternary('--task-log', '') }}" # noqa: yaml[line-length]
        environment:
          UMASK: '0640'
          UMASK_DIR: '0750'
@ -84,7 +88,7 @@
            Unit: "nova-archive-deleted.service"
      - service_name: "nova-purge-deleted"
        execstarts:
-          - /bin/sh -c "{{ _db_nova_bin }}/nova-manage db purge --until-complete --all-cells --before \"$(date -d '{{ nova_purge_deleted_before }}' +'%%Y-%%m-%%d %%H:%%M')\""
+          - /bin/sh -c "{{ _db_nova_bin }}/nova-manage db purge --until-complete --all-cells --before \"$(date -d '{{ nova_purge_deleted_before }}' +'%%Y-%%m-%%d %%H:%%M')\"" # noqa: yaml[line-length]
        environment:
          UMASK: '0640'
          UMASK_DIR: '0750'
--- a/tasks/nova_db_setup.yml
+++ b/tasks/nova_db_setup.yml
@ -24,7 +24,8 @@
 - name: Create the cell0 mapping entry in the nova API DB
  command: >-
    {{ nova_bin }}/nova-manage cell_v2 map_cell0
-      --database_connection mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{ nova_cell0_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %}
+      --database_connection mysql+pymysql://{{ nova_api_galera_user }}:{{ nova_api_container_mysql_password }}@{{ nova_api_galera_address }}/{{
+        nova_cell0_database }}?charset=utf8{% if nova_galera_use_ssl | bool %}&ssl_ca={{ nova_galera_ssl_ca_cert }}{% endif %}
  become: yes
  become_user: "{{ nova_system_user_name }}"
  changed_when: false
--- a/tasks/nova_install.yml
+++ b/tasks/nova_install.yml
@ -19,6 +19,7 @@
    section: "nova"
    option: "install_method"
    value: "{{ nova_install_method }}"
+    mode: "0644"

 - name: Refresh local facts to ensure the nova section is present
  setup:
@ -59,7 +60,8 @@
    venv_build_distro_package_list: "{{ nova_devel_distro_packages }}"
    venv_install_destination_path: "{{ nova_bin | dirname }}"
    venv_pip_install_args: "{{ nova_pip_install_args }}"
-    venv_packages_to_symlink: "{{ (nova_services['nova-compute']['group'] in group_names and nova_virt_type != 'ironic') | ternary(nova_compute_kvm_packages_to_symlink, []) }}"
+    venv_packages_to_symlink: >-
+      {{ (nova_services['nova-compute']['group'] in group_names and nova_virt_type != 'ironic') | ternary(nova_compute_kvm_packages_to_symlink, []) }}
    venv_pip_packages: "{{ nova_venv_packages }}"
    venv_facts_when_changed:
      - section: "nova"
@ -73,7 +75,8 @@
        value: "{{ nova_venv_tag }}"
  when: nova_install_method == 'source'

- include_tasks: "consoles/nova_console_{{ nova_console_type }}_install.yml"
+- name: Including nova_console tasks
+  include_tasks: "consoles/nova_console_{{ nova_console_type }}_install.yml"
  when:
    - "nova_services['nova-novncproxy']['group'] in group_names or
        nova_services['nova-spicehtml5proxy']['group'] in group_names or
@ -144,6 +147,7 @@
        section: nova
        option: venv_tag
        value: "{{ nova_venv_tag }}"
+        mode: "0644"

    - name: Initialise the upgrade facts
      ini_file:
@ -151,6 +155,7 @@
        section: nova
        option: "{{ item.name }}"
        value: "{{ item.state }}"
+        mode: "0644"
      with_items:
        - name: "need_service_restart"
          state: "True"
--- a/tasks/nova_mdev_detect.yml
+++ b/tasks/nova_mdev_detect.yml
@ -14,12 +14,14 @@
 # limitations under the License.

 - name: Check if the mdev folder exist
-  stat: path=/sys/class/mdev_bus
+  stat:
+    path: /sys/class/mdev_bus
  register: mdev_folder

 - name: Get mdev info content and store as var
  command: "/bin/sh -c 'ls -1 /sys/class/mdev_bus/*/mdev_supported_types'"
  register: mdev
+  changed_when: false
  when: mdev_folder.stat.exists

 - name: Register a fact for nova enabled_mdev_types
--- a/tasks/nova_post_install.yml
+++ b/tasks/nova_post_install.yml
@ -17,7 +17,8 @@
 #  dynamically loading facts from the nova_virt_types based on the
 #  nova_virt_type setting.
 - name: Set nova config facts
-  set_fact: '{{ item.key }}="{{ item.value }}"'
+  set_fact:
+    "{{ item.key }}": "{{ item.value }}" # noqa: var-naming[no-jinja]
  with_dict: "{{ nova_virt_types[nova_virt_type] }}"
  when:
    - item.key not in hostvars[inventory_hostname] or item.key is undefined
@ -31,8 +32,8 @@
  file:
    path: "{{ item.path | default(omit) }}"
    state: "directory"
-    owner: "{{ item.owner|default(nova_system_user_name) }}"
-    group: "{{ item.group|default(nova_system_group_name) }}"
+    owner: "{{ item.owner | default(nova_system_user_name) }}"
+    group: "{{ item.group | default(nova_system_group_name) }}"
    mode: "{{ item.mode | default(omit) }}"
  with_items:
    - path: "/etc/nova/rootwrap.d"
@ -45,6 +46,7 @@
    dest: "/etc/nova/rootwrap.d/"
    owner: "root"
    group: "root"
+    mode: "0644"
  with_fileglob:
    - rootwrap.d/*
  notify:
@ -59,7 +61,7 @@
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
-    group: "{{ item.group|default(nova_system_group_name) }}"
+    group: "{{ item.group | default(nova_system_group_name) }}"
    mode: "0640"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
@ -99,7 +101,7 @@
    dest: "/etc/nova/provider_config/{{ item.name }}.yaml"
    owner: "root"
    group: "{{ nova_system_group_name }}"
-    mode: 0640
+    mode: "0640"
    config_type: yaml
  with_items:
    - "{{ nova_provider_overrides }}"
--- a/tasks/nova_pre_install.yml
+++ b/tasks/nova_pre_install.yml
@ -13,10 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

- name: create the system group
+- name: Create the system group
  group:
    name: "{{ nova_system_group_name }}"
-    gid: "{{ nova_system_group_gid|default(omit) }}"
+    gid: "{{ nova_system_group_gid | default(omit) }}"
    state: "present"
    system: "yes"
  tags:
@ -25,7 +25,7 @@
 - name: Create the nova system user
  user:
    name: "{{ nova_system_user_name }}"
-    uid: "{{ nova_system_user_uid|default(omit) }}"
+    uid: "{{ nova_system_user_uid | default(omit) }}"
    group: "{{ nova_system_group_name }}"
    comment: "{{ nova_system_comment }}"
    shell: "{{ nova_system_shell }}"
@ -72,8 +72,8 @@
    path: "{{ item.path }}"
    src: "{{ item.src | default(omit) }}"
    state: "{{ item.state | default('directory') }}"
-    owner: "{{ item.owner|default(nova_system_user_name) }}"
-    group: "{{ item.group|default(nova_system_group_name) }}"
+    owner: "{{ item.owner | default(nova_system_user_name) }}"
+    group: "{{ item.group | default(nova_system_group_name) }}"
    mode: "{{ item.mode | default('0755') }}"
    force: "{{ item.force | default(omit) }}"
  when:
--- a/tasks/nova_virt_detect.yml
+++ b/tasks/nova_virt_detect.yml
@ -40,4 +40,4 @@
  set_fact:
    nova_virt_type: "qemu"
  when:
-    - nova_virt_type is not defined
+    - nova_virt_type is not defined
--- a/vars/main.yml
+++ b/vars/main.yml
@ -13,7 +13,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-_nova_is_first_play_host: "{{ (nova_services['nova-conductor']['group'] in group_names and inventory_hostname == (groups[nova_services['nova-conductor']['group']] | intersect(ansible_play_hosts)) | first) | bool }}"
+_nova_is_first_play_host: >-
+  {{
+    (nova_services['nova-conductor']['group'] in group_names and
+      inventory_hostname == (groups[nova_services['nova-conductor']['group']] | intersect(ansible_play_hosts)) | first) | bool
+  }}

 nova_venv_packages: |-
  {%- set pkg_list = nova_pip_packages | union(nova_user_pip_packages) %}
@ -106,7 +110,7 @@ nova_core_files:
 _nova_scheduler_filters: |-
  {% set default_filters = nova_scheduler_default_filters %}
  {% if default_filters is not iterable and default_filters is string %}
-  {%   set filters = default_filters.split(',')  %}
+  {%   set filters = default_filters.split(',') %}
  {% else %}
  {%   set filters = default_filters %}
  {% endif %}