From 8f24a74bc7eef6ba5e4d54d57a00cb43e47d6ffc Mon Sep 17 00:00:00 2001
From: Andrii Ostapenko <andrii.ostapenko@att.com>
Date: Thu, 11 Jun 2020 11:30:01 -0500
Subject: [PATCH] Introduces templates linting

This commit rewrites lint job to make template linting available.
Currently yamllint is run in warning mode against all templates
rendered with default values. Duplicates detected and issues will be
addressed in subsequent commits.

Also all y*ml files are added for linting and corresponding code changes
are made. For non-templates warning rules are disabled to improve
readability. Chart and requirements yamls are also modified in the name
of consistency.

Change-Id: Ife6727c5721a00c65902340d95b7edb0a9c77365
---
 ca-issuer/Chart.yaml                          |  2 +
 ca-issuer/requirements.yaml                   |  2 +
 calico/Chart.yaml                             |  2 +
 calico/requirements.yaml                      |  2 +
 ceph-client/Chart.yaml                        |  2 +
 ceph-client/requirements.yaml                 |  2 +
 ceph-mon/Chart.yaml                           |  2 +
 ceph-mon/requirements.yaml                    |  2 +
 ceph-osd/Chart.yaml                           |  2 +
 ceph-osd/requirements.yaml                    |  2 +
 ceph-provisioners/Chart.yaml                  |  2 +
 ceph-provisioners/requirements.yaml           |  2 +
 ceph-rgw/Chart.yaml                           |  2 +
 ceph-rgw/requirements.yaml                    |  2 +
 daemonjob-controller/Chart.yaml               |  2 +
 daemonjob-controller/requirements.yaml        |  2 +
 elastic-apm-server/Chart.yaml                 |  2 +
 elastic-apm-server/requirements.yaml          |  2 +
 elastic-filebeat/Chart.yaml                   |  2 +
 elastic-filebeat/requirements.yaml            |  2 +
 elastic-metricbeat/Chart.yaml                 |  2 +
 elastic-metricbeat/requirements.yaml          |  2 +
 elastic-packetbeat/Chart.yaml                 |  2 +
 elastic-packetbeat/requirements.yaml          |  2 +
 elasticsearch/Chart.yaml                      |  2 +
 elasticsearch/requirements.yaml               |  2 +
 etcd/Chart.yaml                               |  2 +
 etcd/requirements.yaml                        |  2 +
 falco/Chart.yaml                              |  3 +-
 falco/requirements.yaml                       |  2 +
 flannel/Chart.yaml                            |  2 +
 flannel/requirements.yaml                     |  2 +
 fluentbit/Chart.yaml                          |  2 +
 fluentbit/requirements.yaml                   |  2 +
 fluentd/Chart.yaml                            |  2 +
 fluentd/requirements.yaml                     |  2 +
 gnocchi/Chart.yaml                            |  2 +
 gnocchi/requirements.yaml                     |  2 +
 grafana/Chart.yaml                            |  2 +
 grafana/requirements.yaml                     |  2 +
 helm-toolkit/Chart.yaml                       |  2 +
 helm-toolkit/requirements.yaml                |  2 +
 ingress/Chart.yaml                            |  2 +
 ingress/requirements.yaml                     |  2 +
 kafka/Chart.yaml                              |  2 +
 kafka/requirements.yaml                       |  2 +
 kibana/Chart.yaml                             |  3 +-
 kibana/requirements.yaml                      |  2 +
 kube-dns/Chart.yaml                           |  2 +
 kube-dns/requirements.yaml                    |  2 +
 kubernetes-keystone-webhook/Chart.yaml        |  3 +-
 kubernetes-keystone-webhook/requirements.yaml |  2 +
 ldap/Chart.yaml                               |  2 +
 ldap/requirements.yaml                        |  2 +
 libvirt/Chart.yaml                            |  2 +
 libvirt/requirements.yaml                     |  2 +
 local-storage/Chart.yaml                      |  2 +
 local-storage/requirements.yaml               |  2 +
 lockdown/Chart.yaml                           |  2 +
 mariadb/Chart.yaml                            |  2 +
 mariadb/requirements.yaml                     |  2 +
 memcached/Chart.yaml                          |  2 +
 memcached/requirements.yaml                   |  2 +
 metacontroller/Chart.yaml                     |  2 +
 metacontroller/requirements.yaml              |  2 +
 mongodb/Chart.yaml                            |  2 +
 mongodb/requirements.yaml                     |  3 +-
 nagios/Chart.yaml                             |  2 +
 nagios/requirements.yaml                      |  2 +
 namespace-config/Chart.yaml                   |  2 +
 nfs-provisioner/Chart.yaml                    |  2 +
 nfs-provisioner/requirements.yaml             |  3 +-
 openvswitch/Chart.yaml                        |  2 +
 openvswitch/requirements.yaml                 |  2 +
 playbooks/gather-armada-manifests.yaml        |  2 +
 playbooks/osh-infra-bandit.yaml               |  2 +
 playbooks/osh-infra-build.yaml                |  2 +
 playbooks/osh-infra-collect-logs.yaml         |  2 +
 playbooks/osh-infra-deploy-docker.yaml        |  2 +
 playbooks/osh-infra-deploy-k8s.yaml           |  2 +
 playbooks/osh-infra-deploy-selenium.yaml      |  2 +
 playbooks/osh-infra-gate-runner.yaml          |  2 +
 playbooks/osh-infra-upgrade-host.yaml         |  2 +
 playbooks/vars.yaml                           |  2 +
 playbooks/zuul-linter.yaml                    |  9 ++++
 podsecuritypolicy/Chart.yaml                  |  2 +
 podsecuritypolicy/requirements.yaml           |  2 +
 postgresql/Chart.yaml                         |  2 +
 postgresql/requirements.yaml                  |  3 +-
 powerdns/Chart.yaml                           |  2 +
 powerdns/requirements.yaml                    |  2 +
 prometheus-alertmanager/Chart.yaml            |  2 +
 prometheus-alertmanager/requirements.yaml     |  2 +
 prometheus-kube-state-metrics/Chart.yaml      |  2 +
 .../requirements.yaml                         |  3 +-
 prometheus-node-exporter/Chart.yaml           |  2 +
 prometheus-node-exporter/requirements.yaml    |  3 +-
 prometheus-openstack-exporter/Chart.yaml      |  2 +
 .../requirements.yaml                         |  3 +-
 prometheus-process-exporter/Chart.yaml        |  2 +
 prometheus-process-exporter/requirements.yaml |  3 +-
 .../value_overrides/apparmor.yaml             |  2 +
 prometheus/Chart.yaml                         |  2 +
 prometheus/requirements.yaml                  |  2 +
 rabbitmq/Chart.yaml                           |  2 +
 rabbitmq/requirements.yaml                    |  2 +
 redis/Chart.yaml                              |  2 +
 redis/requirements.yaml                       |  2 +
 registry/Chart.yaml                           |  2 +
 registry/requirements.yaml                    |  2 +
 ...rameter-to-ovs-chart-41d2b05b79300a31.yaml |  1 +
 ...ge-default-ovs-image-c1e24787f1b03170.yaml |  1 +
 ...ed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml |  1 +
 roles/build-helm-packages/defaults/main.yml   |  2 +
 roles/build-helm-packages/tasks/main.yaml     |  2 +
 .../tasks/setup-helm-serve.yaml               |  4 +-
 roles/build-images/defaults/main.yml          |  2 +
 roles/build-images/tasks/kubeadm-aio.yaml     |  6 ++-
 roles/build-images/tasks/main.yaml            |  2 +
 roles/clean-host/tasks/main.yaml              |  2 +
 roles/deploy-apparmor/tasks/main.yaml         |  2 +
 roles/deploy-docker/defaults/main.yml         |  2 +
 .../tasks/deploy-ansible-docker-support.yaml  |  4 +-
 roles/deploy-docker/tasks/main.yaml           | 10 ++--
 roles/deploy-jq/tasks/main.yaml               |  4 +-
 .../defaults/main.yml                         |  2 +
 .../tasks/clean-node.yaml                     |  2 +
 .../tasks/deploy-kubelet.yaml                 |  2 +
 .../deploy-kubeadm-aio-common/tasks/main.yaml |  2 +
 .../tasks/util-kubeadm-aio-run.yaml           |  2 +
 .../deploy-kubeadm-aio-master/tasks/main.yaml |  2 +
 .../deploy-kubeadm-aio-node/defaults/main.yml |  2 +
 roles/deploy-kubeadm-aio-node/tasks/main.yaml |  2 +
 .../tasks/util-generate-join-command.yaml     |  2 +
 .../tasks/util-run-join-command.yaml          |  2 +
 roles/deploy-package/defaults/main.yml        |  2 +
 roles/deploy-package/tasks/dist.yaml          |  2 +
 roles/deploy-package/tasks/pip.yaml           |  2 +
 roles/deploy-python-pip/defaults/main.yml     |  2 +
 roles/deploy-python-pip/tasks/main.yaml       |  2 +
 roles/deploy-python/tasks/main.yaml           |  2 +
 roles/deploy-selenium/tasks/main.yaml         |  2 +
 .../tasks/main.yaml                           |  2 +
 .../disable-local-nameserver/tasks/main.yaml  |  4 +-
 roles/gather-host-logs/tasks/main.yaml        |  2 +
 roles/gather-pod-logs/tasks/main.yaml         |  2 +
 roles/gather-prom-metrics/tasks/main.yaml     |  2 +
 roles/gather-selenium-data/tasks/main.yaml    |  2 +
 roles/helm-release-status/tasks/main.yaml     |  2 +
 roles/osh-run-script/defaults/main.yaml       |  4 +-
 roles/osh-run-script/tasks/main.yaml          |  2 +
 roles/setup-firewall/tasks/main.yaml          |  4 +-
 roles/upgrade-host/defaults/main.yml          |  2 +
 roles/upgrade-host/tasks/main.yaml            |  2 +
 tiller/Chart.yaml                             |  2 +
 tiller/requirements.yaml                      |  2 +
 .../armada/manifests/armada-ceph.yaml         |  8 +++
 .../manifests/armada-cluster-ingress.yaml     |  4 ++
 .../armada/manifests/armada-lma.yaml          | 25 ++++++++++
 tools/gate/devel/local-inventory.yaml         |  2 +
 tools/gate/devel/local-vars.yaml              |  2 +
 tools/gate/devel/multinode-inventory.yaml     |  2 +
 tools/gate/lint.sh                            | 35 +++++++++++++
 .../opt/playbooks/kubeadm-aio-clean.yaml      |  2 +
 .../playbooks/kubeadm-aio-deploy-kubelet.yaml |  2 +
 .../playbooks/kubeadm-aio-deploy-master.yaml  |  2 +
 .../playbooks/kubeadm-aio-deploy-node.yaml    |  2 +
 .../roles/clean-host/tasks/main.yaml          |  2 +
 .../deploy-kubeadm-master/tasks/helm-cni.yaml |  2 +
 .../tasks/helm-deploy.yaml                    |  4 +-
 .../deploy-kubeadm-master/tasks/helm-dns.yaml |  2 +
 .../tasks/helm-keystone-auth.yaml             |  4 +-
 .../deploy-kubeadm-master/tasks/main.yaml     | 10 ++--
 .../tasks/wait-for-kube-system-namespace.yaml |  2 +
 .../roles/deploy-kubeadm-node/tasks/main.yaml |  4 +-
 .../roles/deploy-kubelet/tasks/hostname.yaml  |  2 +
 .../roles/deploy-kubelet/tasks/kubelet.yaml   | 20 ++++----
 .../roles/deploy-kubelet/tasks/main.yaml      |  2 +
 .../roles/deploy-kubelet/tasks/setup-dns.yaml |  2 +
 .../tasks/support-packages.yaml               | 14 +++---
 .../roles/deploy-package/tasks/dist.yaml      |  2 +
 .../roles/deploy-package/tasks/pip.yaml       |  2 +
 .../assets/opt/playbooks/vars.yaml            |  4 +-
 tox.ini                                       | 12 ++---
 yamllint-templates.conf                       | 49 +++++++++++++++++++
 yamllint.conf                                 |  6 +--
 zookeeper/Chart.yaml                          |  2 +
 zookeeper/requirements.yaml                   |  2 +
 zuul.d/jobs.yaml                              |  1 +
 zuul.d/nodesets.yaml                          |  1 +
 zuul.d/playbooks/lint.yml                     |  8 +++
 zuul.d/project.yaml                           |  5 +-
 192 files changed, 543 insertions(+), 57 deletions(-)
 create mode 100755 tools/gate/lint.sh
 create mode 100644 yamllint-templates.conf

diff --git a/ca-issuer/Chart.yaml b/ca-issuer/Chart.yaml
index 8bbb8fe1a..ae6f634d3 100644
--- a/ca-issuer/Chart.yaml
+++ b/ca-issuer/Chart.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 appVersion: "1.0"
 description: Certificate Issuer chart for OSH
 home: https://cert-manager.io/
 name: ca-issuer
 version: 0.1.0
+...
diff --git a/ca-issuer/requirements.yaml b/ca-issuer/requirements.yaml
index d4b01e182..27fb08a13 100644
--- a/ca-issuer/requirements.yaml
+++ b/ca-issuer/requirements.yaml
@@ -10,4 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies: []
+...
diff --git a/calico/Chart.yaml b/calico/Chart.yaml
index f512698c4..d2e281200 100644
--- a/calico/Chart.yaml
+++ b/calico/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Calico
 name: calico
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/calico/requirements.yaml b/calico/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/calico/requirements.yaml
+++ b/calico/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/ceph-client/Chart.yaml b/ceph-client/Chart.yaml
index bd59500c9..0ba7ab220 100644
--- a/ceph-client/Chart.yaml
+++ b/ceph-client/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Ceph Client
 name: ceph-client
 version: 0.1.0
+...
diff --git a/ceph-client/requirements.yaml b/ceph-client/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ceph-client/requirements.yaml
+++ b/ceph-client/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/ceph-mon/Chart.yaml b/ceph-mon/Chart.yaml
index 43801c70b..0827c3a8d 100644
--- a/ceph-mon/Chart.yaml
+++ b/ceph-mon/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Ceph Mon
 name: ceph-mon
 version: 0.1.0
+...
diff --git a/ceph-mon/requirements.yaml b/ceph-mon/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ceph-mon/requirements.yaml
+++ b/ceph-mon/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/ceph-osd/Chart.yaml b/ceph-osd/Chart.yaml
index ce1e4c94a..0bc6ec285 100644
--- a/ceph-osd/Chart.yaml
+++ b/ceph-osd/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Ceph OSD
 name: ceph-osd
 version: 0.1.0
+...
diff --git a/ceph-osd/requirements.yaml b/ceph-osd/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ceph-osd/requirements.yaml
+++ b/ceph-osd/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/ceph-provisioners/Chart.yaml b/ceph-provisioners/Chart.yaml
index 2c16b7293..49b1c5bad 100644
--- a/ceph-provisioners/Chart.yaml
+++ b/ceph-provisioners/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Ceph Client
 name: ceph-provisioners
 version: 0.1.0
+...
diff --git a/ceph-provisioners/requirements.yaml b/ceph-provisioners/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ceph-provisioners/requirements.yaml
+++ b/ceph-provisioners/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/ceph-rgw/Chart.yaml b/ceph-rgw/Chart.yaml
index 89f77a1bf..b83b49ac4 100644
--- a/ceph-rgw/Chart.yaml
+++ b/ceph-rgw/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Ceph RadosGW
 name: ceph-rgw
 version: 0.1.0
+...
diff --git a/ceph-rgw/requirements.yaml b/ceph-rgw/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ceph-rgw/requirements.yaml
+++ b/ceph-rgw/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/daemonjob-controller/Chart.yaml b/daemonjob-controller/Chart.yaml
index 2186ea7bc..f7918f728 100644
--- a/daemonjob-controller/Chart.yaml
+++ b/daemonjob-controller/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: A Helm chart for DaemonjobController
 name: daemonjob-controller
 version: 0.1.0
+...
diff --git a/daemonjob-controller/requirements.yaml b/daemonjob-controller/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/daemonjob-controller/requirements.yaml
+++ b/daemonjob-controller/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/elastic-apm-server/Chart.yaml b/elastic-apm-server/Chart.yaml
index 3f542d8b9..dd022c999 100644
--- a/elastic-apm-server/Chart.yaml
+++ b/elastic-apm-server/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Elastic APM Server
 name: elastic-apm-server
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/elastic-apm-server/requirements.yaml b/elastic-apm-server/requirements.yaml
index 4fe6998aa..ea793ee81 100644
--- a/elastic-apm-server/requirements.yaml
+++ b/elastic-apm-server/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts/
     version: 0.1.0
+...
diff --git a/elastic-filebeat/Chart.yaml b/elastic-filebeat/Chart.yaml
index cac619c66..d04f46b8d 100644
--- a/elastic-filebeat/Chart.yaml
+++ b/elastic-filebeat/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Elastic Filebeat
 name: elastic-filebeat
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/elastic-filebeat/requirements.yaml b/elastic-filebeat/requirements.yaml
index 4fe6998aa..ea793ee81 100644
--- a/elastic-filebeat/requirements.yaml
+++ b/elastic-filebeat/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts/
     version: 0.1.0
+...
diff --git a/elastic-metricbeat/Chart.yaml b/elastic-metricbeat/Chart.yaml
index d10ce1f3f..58ce7f4a3 100644
--- a/elastic-metricbeat/Chart.yaml
+++ b/elastic-metricbeat/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Elastic Metricbeat
 name: elastic-metricbeat
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/elastic-metricbeat/requirements.yaml b/elastic-metricbeat/requirements.yaml
index 4fe6998aa..ea793ee81 100644
--- a/elastic-metricbeat/requirements.yaml
+++ b/elastic-metricbeat/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts/
     version: 0.1.0
+...
diff --git a/elastic-packetbeat/Chart.yaml b/elastic-packetbeat/Chart.yaml
index 03a2b37dc..87f778b80 100644
--- a/elastic-packetbeat/Chart.yaml
+++ b/elastic-packetbeat/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Elastic Packetbeat
 name: elastic-packetbeat
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/elastic-packetbeat/requirements.yaml b/elastic-packetbeat/requirements.yaml
index 4fe6998aa..ea793ee81 100644
--- a/elastic-packetbeat/requirements.yaml
+++ b/elastic-packetbeat/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts/
     version: 0.1.0
+...
diff --git a/elasticsearch/Chart.yaml b/elasticsearch/Chart.yaml
index 254bc8dac..ff9523398 100644
--- a/elasticsearch/Chart.yaml
+++ b/elasticsearch/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm ElasticSearch
 name: elasticsearch
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-addons
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/elasticsearch/requirements.yaml b/elasticsearch/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/elasticsearch/requirements.yaml
+++ b/elasticsearch/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/etcd/Chart.yaml b/etcd/Chart.yaml
index 8434ab231..e4bc6c8d9 100644
--- a/etcd/Chart.yaml
+++ b/etcd/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm etcd
 name: etcd
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/etcd/requirements.yaml b/etcd/requirements.yaml
index 4b1563203..eab27c0c2 100644
--- a/etcd/requirements.yaml
+++ b/etcd/requirements.yaml
@@ -1,4 +1,6 @@
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/falco/Chart.yaml b/falco/Chart.yaml
index 7974a9236..e2070302e 100644
--- a/falco/Chart.yaml
+++ b/falco/Chart.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 name: falco
 version: 0.1.0
@@ -29,3 +29,4 @@ sources:
   - https://github.com/draios/falco
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/falco/requirements.yaml b/falco/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/falco/requirements.yaml
+++ b/falco/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/flannel/Chart.yaml b/flannel/Chart.yaml
index 9706c889c..a48eaceea 100644
--- a/flannel/Chart.yaml
+++ b/flannel/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm BootStrap Flannel
 name: flannel
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/flannel/requirements.yaml b/flannel/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/flannel/requirements.yaml
+++ b/flannel/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/fluentbit/Chart.yaml b/fluentbit/Chart.yaml
index ba54d4863..d4d85c1ab 100644
--- a/fluentbit/Chart.yaml
+++ b/fluentbit/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Fluentbit
 name: fluentbit
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/fluentbit/requirements.yaml b/fluentbit/requirements.yaml
index 4fe6998aa..ea793ee81 100644
--- a/fluentbit/requirements.yaml
+++ b/fluentbit/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts/
     version: 0.1.0
+...
diff --git a/fluentd/Chart.yaml b/fluentd/Chart.yaml
index 022f0143a..13282c7d1 100644
--- a/fluentd/Chart.yaml
+++ b/fluentd/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Fluentd
 name: fluentd
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/fluentd/requirements.yaml b/fluentd/requirements.yaml
index 4fe6998aa..ea793ee81 100644
--- a/fluentd/requirements.yaml
+++ b/fluentd/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts/
     version: 0.1.0
+...
diff --git a/gnocchi/Chart.yaml b/gnocchi/Chart.yaml
index 67a3fa098..6b2b944e3 100644
--- a/gnocchi/Chart.yaml
+++ b/gnocchi/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Gnocchi
 name: gnocchi
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/gnocchi/requirements.yaml b/gnocchi/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/gnocchi/requirements.yaml
+++ b/gnocchi/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/grafana/Chart.yaml b/grafana/Chart.yaml
index f4b49df12..031c3e3e8 100644
--- a/grafana/Chart.yaml
+++ b/grafana/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Grafana
 name: grafana
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-addons
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/grafana/requirements.yaml b/grafana/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/grafana/requirements.yaml
+++ b/grafana/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/helm-toolkit/Chart.yaml b/helm-toolkit/Chart.yaml
index 49a2d5465..89c5d282d 100644
--- a/helm-toolkit/Chart.yaml
+++ b/helm-toolkit/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Helm-Toolkit
 name: helm-toolkit
@@ -22,3 +23,4 @@ sources:
 maintainers:
   - name: OpenStack-Helm Authors
 tillerVersion: ">=2.13.0"
+...
diff --git a/helm-toolkit/requirements.yaml b/helm-toolkit/requirements.yaml
index d4b01e182..27fb08a13 100644
--- a/helm-toolkit/requirements.yaml
+++ b/helm-toolkit/requirements.yaml
@@ -10,4 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies: []
+...
diff --git a/ingress/Chart.yaml b/ingress/Chart.yaml
index 5e7b74a66..3af5d2a81 100644
--- a/ingress/Chart.yaml
+++ b/ingress/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Ingress Controller
 name: ingress
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/ingress/requirements.yaml b/ingress/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ingress/requirements.yaml
+++ b/ingress/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/kafka/Chart.yaml b/kafka/Chart.yaml
index 7c68f9472..7c48b1a31 100644
--- a/kafka/Chart.yaml
+++ b/kafka/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Kafka
 name: kafka
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/kafka/requirements.yaml b/kafka/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/kafka/requirements.yaml
+++ b/kafka/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/kibana/Chart.yaml b/kibana/Chart.yaml
index 8aafb4463..6350535ce 100644
--- a/kibana/Chart.yaml
+++ b/kibana/Chart.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Kibana
 name: kibana
@@ -21,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/kibana/requirements.yaml b/kibana/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/kibana/requirements.yaml
+++ b/kibana/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/kube-dns/Chart.yaml b/kube-dns/Chart.yaml
index 243c61294..8809717bf 100644
--- a/kube-dns/Chart.yaml
+++ b/kube-dns/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Kube-DNS
 name: kube-dns
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/kube-dns/requirements.yaml b/kube-dns/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/kube-dns/requirements.yaml
+++ b/kube-dns/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/kubernetes-keystone-webhook/Chart.yaml b/kubernetes-keystone-webhook/Chart.yaml
index 9828f4c6f..04b36327f 100644
--- a/kubernetes-keystone-webhook/Chart.yaml
+++ b/kubernetes-keystone-webhook/Chart.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Kubernetes keystone webhook
 name: kubernetes-keystone-webhook
@@ -21,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/kubernetes-keystone-webhook/requirements.yaml b/kubernetes-keystone-webhook/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/kubernetes-keystone-webhook/requirements.yaml
+++ b/kubernetes-keystone-webhook/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/ldap/Chart.yaml b/ldap/Chart.yaml
index de67527eb..c4f21254b 100644
--- a/ldap/Chart.yaml
+++ b/ldap/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm LDAP
 name: ldap
@@ -17,3 +18,4 @@ version: 0.1.0
 home: https://www.openldap.org/
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/ldap/requirements.yaml b/ldap/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/ldap/requirements.yaml
+++ b/ldap/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/libvirt/Chart.yaml b/libvirt/Chart.yaml
index 24ff33d49..a71f72ab6 100644
--- a/libvirt/Chart.yaml
+++ b/libvirt/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm libvirt
 name: libvirt
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/libvirt/requirements.yaml b/libvirt/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/libvirt/requirements.yaml
+++ b/libvirt/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/local-storage/Chart.yaml b/local-storage/Chart.yaml
index 999a9efcc..248bb2e3d 100644
--- a/local-storage/Chart.yaml
+++ b/local-storage/Chart.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Local Storage
 name: local-storage
 version: 0.1.0
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/local-storage/requirements.yaml b/local-storage/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/local-storage/requirements.yaml
+++ b/local-storage/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/lockdown/Chart.yaml b/lockdown/Chart.yaml
index 1a369a964..e7b1a4ba8 100644
--- a/lockdown/Chart.yaml
+++ b/lockdown/Chart.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 appVersion: "1.0"
 description: |
   A helm chart used to lockdown all ingress and egress for a namespace
 name: lockdown
 version: 0.1.0
+...
diff --git a/mariadb/Chart.yaml b/mariadb/Chart.yaml
index c549ef2c3..4cbdd0380 100644
--- a/mariadb/Chart.yaml
+++ b/mariadb/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm MariaDB
 name: mariadb
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/mariadb/requirements.yaml b/mariadb/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/mariadb/requirements.yaml
+++ b/mariadb/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/memcached/Chart.yaml b/memcached/Chart.yaml
index c4643a143..49febcf07 100644
--- a/memcached/Chart.yaml
+++ b/memcached/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Memcached
 name: memcached
 version: 0.1.0
+...
diff --git a/memcached/requirements.yaml b/memcached/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/memcached/requirements.yaml
+++ b/memcached/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/metacontroller/Chart.yaml b/metacontroller/Chart.yaml
index d2404c0ac..99e72851a 100644
--- a/metacontroller/Chart.yaml
+++ b/metacontroller/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: A Helm chart for Metacontroller
 name: metacontroller
@@ -22,3 +23,4 @@ sources:
   - https://github.com/GoogleCloudPlatform/metacontroller
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/metacontroller/requirements.yaml b/metacontroller/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/metacontroller/requirements.yaml
+++ b/metacontroller/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/mongodb/Chart.yaml b/mongodb/Chart.yaml
index 0ad5abe45..b60362149 100644
--- a/mongodb/Chart.yaml
+++ b/mongodb/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm MongoDB
 name: mongodb
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/mongodb/requirements.yaml b/mongodb/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/mongodb/requirements.yaml
+++ b/mongodb/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/nagios/Chart.yaml b/nagios/Chart.yaml
index 6cde80278..1ca076354 100644
--- a/nagios/Chart.yaml
+++ b/nagios/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Nagios
 name: nagios
@@ -19,3 +20,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-addons
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/nagios/requirements.yaml b/nagios/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/nagios/requirements.yaml
+++ b/nagios/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/namespace-config/Chart.yaml b/namespace-config/Chart.yaml
index 0fdc203ee..32796a23c 100644
--- a/namespace-config/Chart.yaml
+++ b/namespace-config/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Namespace Config
 name: namespace-config
 version: 0.1.0
+...
diff --git a/nfs-provisioner/Chart.yaml b/nfs-provisioner/Chart.yaml
index 43edf6ef3..a182c2aab 100644
--- a/nfs-provisioner/Chart.yaml
+++ b/nfs-provisioner/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm NFS
 name: nfs-provisioner
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/nfs-provisioner/requirements.yaml b/nfs-provisioner/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/nfs-provisioner/requirements.yaml
+++ b/nfs-provisioner/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/openvswitch/Chart.yaml b/openvswitch/Chart.yaml
index 12f535dbc..b23f62c2f 100644
--- a/openvswitch/Chart.yaml
+++ b/openvswitch/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm OpenVSwitch
 name: openvswitch
@@ -21,3 +22,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/openvswitch/requirements.yaml b/openvswitch/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/openvswitch/requirements.yaml
+++ b/openvswitch/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/playbooks/gather-armada-manifests.yaml b/playbooks/gather-armada-manifests.yaml
index 360923c76..5971d4134 100644
--- a/playbooks/gather-armada-manifests.yaml
+++ b/playbooks/gather-armada-manifests.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: primary
   tasks:
     - name: "creating directory for rendered armada manifests"
@@ -40,3 +41,4 @@
         dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
         mode: pull
       ignore_errors: True
+...
diff --git a/playbooks/osh-infra-bandit.yaml b/playbooks/osh-infra-bandit.yaml
index 754ecda19..5ed6a630a 100644
--- a/playbooks/osh-infra-bandit.yaml
+++ b/playbooks/osh-infra-bandit.yaml
@@ -1,3 +1,4 @@
+---
 - hosts: all
   name: openstack-helm-infra-bandit
   tasks:
@@ -26,3 +27,4 @@
       shell: bandit -r ./python-files
       args:
         chdir: "{{ zuul.project.src_dir }}"
+...
diff --git a/playbooks/osh-infra-build.yaml b/playbooks/osh-infra-build.yaml
index bd150846f..5765727d6 100644
--- a/playbooks/osh-infra-build.yaml
+++ b/playbooks/osh-infra-build.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: primary
   vars_files:
     - vars.yaml
@@ -32,3 +33,4 @@
     - build-images
   tags:
     - build-images
+...
diff --git a/playbooks/osh-infra-collect-logs.yaml b/playbooks/osh-infra-collect-logs.yaml
index 2b9416897..83e768877 100644
--- a/playbooks/osh-infra-collect-logs.yaml
+++ b/playbooks/osh-infra-collect-logs.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   vars_files:
     - vars.yaml
@@ -39,3 +40,4 @@
     - gather-pod-logs
     - gather-prom-metrics
     - gather-selenium-data
+...
diff --git a/playbooks/osh-infra-deploy-docker.yaml b/playbooks/osh-infra-deploy-docker.yaml
index 7de83a377..785617dbe 100644
--- a/playbooks/osh-infra-deploy-docker.yaml
+++ b/playbooks/osh-infra-deploy-docker.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   vars_files:
     - vars.yaml
@@ -39,3 +40,4 @@
     - deploy-python-pip
     - deploy-docker
     - deploy-jq
+...
diff --git a/playbooks/osh-infra-deploy-k8s.yaml b/playbooks/osh-infra-deploy-k8s.yaml
index 9f56e28d3..fe867017d 100644
--- a/playbooks/osh-infra-deploy-k8s.yaml
+++ b/playbooks/osh-infra-deploy-k8s.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: primary
   vars_files:
     - vars.yaml
@@ -32,3 +33,4 @@
     - deploy-kubeadm-aio-node
   tags:
     - deploy-kubeadm-aio-node
+...
diff --git a/playbooks/osh-infra-deploy-selenium.yaml b/playbooks/osh-infra-deploy-selenium.yaml
index 40938e1df..7169d2d0d 100644
--- a/playbooks/osh-infra-deploy-selenium.yaml
+++ b/playbooks/osh-infra-deploy-selenium.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: primary
   vars_files:
     - vars.yaml
@@ -21,3 +22,4 @@
     - deploy-selenium
   tags:
     - deploy-selenium
+...
diff --git a/playbooks/osh-infra-gate-runner.yaml b/playbooks/osh-infra-gate-runner.yaml
index f6f27c5fb..ea84904b6 100644
--- a/playbooks/osh-infra-gate-runner.yaml
+++ b/playbooks/osh-infra-gate-runner.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: primary
   tasks:
     - name: "creating directory for run artifacts"
@@ -28,3 +29,4 @@
         dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
         mode: pull
       ignore_errors: True
+...
diff --git a/playbooks/osh-infra-upgrade-host.yaml b/playbooks/osh-infra-upgrade-host.yaml
index 73696f96d..0807eae5e 100644
--- a/playbooks/osh-infra-upgrade-host.yaml
+++ b/playbooks/osh-infra-upgrade-host.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   vars_files:
     - vars.yaml
@@ -49,3 +50,4 @@
     - deploy-apparmor
   tags:
     - deploy-apparmor
+...
diff --git a/playbooks/vars.yaml b/playbooks/vars.yaml
index 736b2a2e3..fc4d71a10 100644
--- a/playbooks/vars.yaml
+++ b/playbooks/vars.yaml
@@ -12,4 +12,6 @@
 
 # NOTE(portdirect): for use in the dev-deploy scripts, a valid vars.yaml is
 # required, so provide some nonsense, yet harmless input.
+---
 dummy_value: "Lorem Ipsum"
+...
diff --git a/playbooks/zuul-linter.yaml b/playbooks/zuul-linter.yaml
index 3cf00ea89..8c6bee088 100644
--- a/playbooks/zuul-linter.yaml
+++ b/playbooks/zuul-linter.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: primary
   tasks:
     - name: Execute a Whitespace Linter check
@@ -22,6 +23,14 @@
         path: yamllint.conf
       register: yamllintconf
 
+    - name: Install jq
+      apt:
+        pkg:
+          - jq
+      become: yes
+      when: yamllintconf.stat.exists == True
+
     - name: Execute yamllint check for values* yaml files
       command: tox -e lint
       when: yamllintconf.stat.exists == True
+...
diff --git a/podsecuritypolicy/Chart.yaml b/podsecuritypolicy/Chart.yaml
index ecf2c3715..299ef9b6f 100644
--- a/podsecuritypolicy/Chart.yaml
+++ b/podsecuritypolicy/Chart.yaml
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm PodSecurityPolicy Chart
 name: podsecuritypolicy
@@ -19,3 +20,4 @@ version: 0.1.0
 home: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/podsecuritypolicy/requirements.yaml b/podsecuritypolicy/requirements.yaml
index 443fcd66c..818c97fbb 100644
--- a/podsecuritypolicy/requirements.yaml
+++ b/podsecuritypolicy/requirements.yaml
@@ -12,7 +12,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/postgresql/Chart.yaml b/postgresql/Chart.yaml
index a736cede0..3253ddf05 100644
--- a/postgresql/Chart.yaml
+++ b/postgresql/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm PostgreSQL
 name: postgresql
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/postgresql/requirements.yaml b/postgresql/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/postgresql/requirements.yaml
+++ b/postgresql/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/powerdns/Chart.yaml b/powerdns/Chart.yaml
index 5e2384610..c6ef76b1e 100644
--- a/powerdns/Chart.yaml
+++ b/powerdns/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm PowerDNS
 name: powerdns
@@ -17,3 +18,4 @@ version: 0.1.0
 home: https://www.powerdns.com/
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/powerdns/requirements.yaml b/powerdns/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/powerdns/requirements.yaml
+++ b/powerdns/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/prometheus-alertmanager/Chart.yaml b/prometheus-alertmanager/Chart.yaml
index f2db9c45f..3a86da598 100644
--- a/prometheus-alertmanager/Chart.yaml
+++ b/prometheus-alertmanager/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Alertmanager for Prometheus
 name: prometheus-alertmanager
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/prometheus-alertmanager/requirements.yaml b/prometheus-alertmanager/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/prometheus-alertmanager/requirements.yaml
+++ b/prometheus-alertmanager/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/prometheus-kube-state-metrics/Chart.yaml b/prometheus-kube-state-metrics/Chart.yaml
index 469b6d8a4..0b9f781c4 100644
--- a/prometheus-kube-state-metrics/Chart.yaml
+++ b/prometheus-kube-state-metrics/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Kube-State-Metrics for Prometheus
 name: prometheus-kube-state-metrics
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/prometheus-kube-state-metrics/requirements.yaml b/prometheus-kube-state-metrics/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/prometheus-kube-state-metrics/requirements.yaml
+++ b/prometheus-kube-state-metrics/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/prometheus-node-exporter/Chart.yaml b/prometheus-node-exporter/Chart.yaml
index 840b5c49e..d38a7aadd 100644
--- a/prometheus-node-exporter/Chart.yaml
+++ b/prometheus-node-exporter/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Node Exporter for Prometheus
 name: prometheus-node-exporter
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/prometheus-node-exporter/requirements.yaml b/prometheus-node-exporter/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/prometheus-node-exporter/requirements.yaml
+++ b/prometheus-node-exporter/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/prometheus-openstack-exporter/Chart.yaml b/prometheus-openstack-exporter/Chart.yaml
index 720a3f40c..eeaed3444 100644
--- a/prometheus-openstack-exporter/Chart.yaml
+++ b/prometheus-openstack-exporter/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack Metrics Exporter for Prometheus
 name: prometheus-openstack-exporter
@@ -20,3 +21,4 @@ sources:
   - https://github.com/rakesh-patnaik/prometheus-openstack-exporter
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/prometheus-openstack-exporter/requirements.yaml b/prometheus-openstack-exporter/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/prometheus-openstack-exporter/requirements.yaml
+++ b/prometheus-openstack-exporter/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/prometheus-process-exporter/Chart.yaml b/prometheus-process-exporter/Chart.yaml
index aded499b7..b32c2127f 100644
--- a/prometheus-process-exporter/Chart.yaml
+++ b/prometheus-process-exporter/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Process Exporter for Prometheus
 name: prometheus-process-exporter
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/prometheus-process-exporter/requirements.yaml b/prometheus-process-exporter/requirements.yaml
index 8814a44b8..efd01ef7a 100644
--- a/prometheus-process-exporter/requirements.yaml
+++ b/prometheus-process-exporter/requirements.yaml
@@ -1,4 +1,3 @@
-
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -11,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/prometheus-process-exporter/value_overrides/apparmor.yaml b/prometheus-process-exporter/value_overrides/apparmor.yaml
index f09b88da8..3a955bb62 100644
--- a/prometheus-process-exporter/value_overrides/apparmor.yaml
+++ b/prometheus-process-exporter/value_overrides/apparmor.yaml
@@ -1,6 +1,8 @@
+---
 pod:
   mandatory_access_control:
     type: apparmor
     process-exporter:
       process-exporter: runtime/default
       init: runtime/default
+...
diff --git a/prometheus/Chart.yaml b/prometheus/Chart.yaml
index fc3d9dca1..e6b66a019 100644
--- a/prometheus/Chart.yaml
+++ b/prometheus/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Prometheus
 name: prometheus
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/prometheus/requirements.yaml b/prometheus/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/prometheus/requirements.yaml
+++ b/prometheus/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/rabbitmq/Chart.yaml b/rabbitmq/Chart.yaml
index a6e56d405..fe90b7faa 100644
--- a/rabbitmq/Chart.yaml
+++ b/rabbitmq/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm RabbitMQ
 name: rabbitmq
 version: 0.1.0
+...
diff --git a/rabbitmq/requirements.yaml b/rabbitmq/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/rabbitmq/requirements.yaml
+++ b/rabbitmq/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/redis/Chart.yaml b/redis/Chart.yaml
index 5f6eb8e6a..6f757f6e7 100644
--- a/redis/Chart.yaml
+++ b/redis/Chart.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Redis
 name: redis
 version: 0.1.0
+...
diff --git a/redis/requirements.yaml b/redis/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/redis/requirements.yaml
+++ b/redis/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/registry/Chart.yaml b/registry/Chart.yaml
index ec6dc7c63..a1bf78b2a 100644
--- a/registry/Chart.yaml
+++ b/registry/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Docker Registry
 name: registry
@@ -19,3 +20,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/registry/requirements.yaml b/registry/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/registry/requirements.yaml
+++ b/registry/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/releasenotes/notes/added-nova-uid-parameter-to-ovs-chart-41d2b05b79300a31.yaml b/releasenotes/notes/added-nova-uid-parameter-to-ovs-chart-41d2b05b79300a31.yaml
index cae56c16d..853d7c71d 100644
--- a/releasenotes/notes/added-nova-uid-parameter-to-ovs-chart-41d2b05b79300a31.yaml
+++ b/releasenotes/notes/added-nova-uid-parameter-to-ovs-chart-41d2b05b79300a31.yaml
@@ -9,3 +9,4 @@ other:
     uses the same default as the Nova chart (42424). However, if the Nova UID
     is changed in the Nova chart in a particular deployment, it also needs to
     be changed in the OVS chart correspondingly if DPDK is used.
+...
diff --git a/releasenotes/notes/change-default-ovs-image-c1e24787f1b03170.yaml b/releasenotes/notes/change-default-ovs-image-c1e24787f1b03170.yaml
index 698adbd36..c07024c90 100644
--- a/releasenotes/notes/change-default-ovs-image-c1e24787f1b03170.yaml
+++ b/releasenotes/notes/change-default-ovs-image-c1e24787f1b03170.yaml
@@ -5,3 +5,4 @@ other:
     a Debian based image including a source build of openvswitch v2.8.1 to an
     Ubuntu Bionic based image including a distribution provided build of
     openvswitch v2.9.2.
+...
diff --git a/releasenotes/notes/changed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml b/releasenotes/notes/changed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml
index d4580f37c..795c40935 100644
--- a/releasenotes/notes/changed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml
+++ b/releasenotes/notes/changed-ovs-dpdk-root-key-f8aaf3ad65189c8a.yaml
@@ -4,3 +4,4 @@ other:
     The root configuration key of the DPDK section has been changed from
     "dpdk" to "ovs_dpdk" to achieve parity with the corresponding configuration
     key in the Neutron chart.
+...
diff --git a/roles/build-helm-packages/defaults/main.yml b/roles/build-helm-packages/defaults/main.yml
index 7441dd795..d614a66eb 100644
--- a/roles/build-helm-packages/defaults/main.yml
+++ b/roles/build-helm-packages/defaults/main.yml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 version:
   helm: v2.14.1
 url:
   google_helm_repo: https://storage.googleapis.com/kubernetes-helm
+...
diff --git a/roles/build-helm-packages/tasks/main.yaml b/roles/build-helm-packages/tasks/main.yaml
index 1bd179c2e..ef8cd1c45 100644
--- a/roles/build-helm-packages/tasks/main.yaml
+++ b/roles/build-helm-packages/tasks/main.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - include: setup-helm-serve.yaml
 
 - name: build all charts in repo
   make:
     chdir: "{{ work_dir }}"
     target: all
+...
diff --git a/roles/build-helm-packages/tasks/setup-helm-serve.yaml b/roles/build-helm-packages/tasks/setup-helm-serve.yaml
index 302c60782..6592fd205 100644
--- a/roles/build-helm-packages/tasks/setup-helm-serve.yaml
+++ b/roles/build-helm-packages/tasks/setup-helm-serve.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - block:
     - name: check if correct version of helm client already installed
       shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1"
@@ -55,7 +56,7 @@
       template:
         src: helm-serve.service.j2
         dest: /etc/systemd/system/helm-serve.service
-        mode: 0640
+        mode: 416
     - name: starting helm serve service
       when: helm_server_running is failed
       become: yes
@@ -87,3 +88,4 @@
 
 - name: adding helm local repo
   command: helm repo add local http://localhost:8879/charts
+...
diff --git a/roles/build-images/defaults/main.yml b/roles/build-images/defaults/main.yml
index 4a3c09353..50edbb6ca 100644
--- a/roles/build-images/defaults/main.yml
+++ b/roles/build-images/defaults/main.yml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 version:
   kubernetes: v1.16.2
   helm: v2.13.0
@@ -28,3 +29,4 @@ url:
   google_kubernetes_repo: https://storage.googleapis.com/kubernetes-release/release/{{ version.kubernetes }}/bin/linux/amd64
   google_helm_repo: https://storage.googleapis.com/kubernetes-helm
   cni_repo: https://github.com/containernetworking/plugins/releases/download/{{ version.cni }}
+...
diff --git a/roles/build-images/tasks/kubeadm-aio.yaml b/roles/build-images/tasks/kubeadm-aio.yaml
index 937040dd9..cd04f028e 100644
--- a/roles/build-images/tasks/kubeadm-aio.yaml
+++ b/roles/build-images/tasks/kubeadm-aio.yaml
@@ -10,17 +10,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: set zuul_site_mirror_fqdn from env var if not defined
   when: zuul_site_mirror_fqdn is not defined
   ignore_errors: True
   set_fact:
     zuul_site_mirror_fqdn: "{{ lookup('env','zuul_site_mirror_fqdn') }}"
 
-#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
+# NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
 # reolved, we build with a shell script to make use of the host network.
 - name: Kubeadm-AIO build
   block:
-    #NOTE(portdirect): we do this to ensure we are feeding the docker build
+    # NOTE(portdirect): we do this to ensure we are feeding the docker build
     # a clean path to work with.
     - name: Kubeadm-AIO image build path
       shell: cd "{{ work_dir }}"; pwd
@@ -94,3 +95,4 @@
       args:
         chdir: "{{ kubeadm_aio_path.stdout }}/"
         executable: /bin/bash
+...
diff --git a/roles/build-images/tasks/main.yaml b/roles/build-images/tasks/main.yaml
index e9bafbc0a..cd8a2f372 100644
--- a/roles/build-images/tasks/main.yaml
+++ b/roles/build-images/tasks/main.yaml
@@ -10,4 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - include: kubeadm-aio.yaml
+...
diff --git a/roles/clean-host/tasks/main.yaml b/roles/clean-host/tasks/main.yaml
index 32c2ff8ef..9913ab14a 100644
--- a/roles/clean-host/tasks/main.yaml
+++ b/roles/clean-host/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: remove osh directory
   become: yes
   become_user: root
@@ -18,3 +19,4 @@
     state: absent
   with_items:
     - /var/lib/openstack-helm
+...
diff --git a/roles/deploy-apparmor/tasks/main.yaml b/roles/deploy-apparmor/tasks/main.yaml
index 80ea62f16..d00e7c8ad 100644
--- a/roles/deploy-apparmor/tasks/main.yaml
+++ b/roles/deploy-apparmor/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - block:
     - name: ensuring AppArmor is deployed on host
       when: ansible_distribution == 'Ubuntu'
@@ -33,3 +34,4 @@
       args:
         executable: /bin/bash
       ignore_errors: True
+...
diff --git a/roles/deploy-docker/defaults/main.yml b/roles/deploy-docker/defaults/main.yml
index dd75cc9ad..b1a6fabd9 100644
--- a/roles/deploy-docker/defaults/main.yml
+++ b/roles/deploy-docker/defaults/main.yml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 proxy:
   http: null
   https: null
   noproxy: null
+...
diff --git a/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml b/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml
index 36ea45ae5..dcb8c1868 100644
--- a/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml
+++ b/roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: ensuring SELinux is disabled on centos & fedora
   when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora'
   become: true
@@ -17,7 +18,7 @@
   command: setenforce 0
   ignore_errors: True
 
-#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
+# NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
 - name: fix docker removal issue with ansible's docker_container on centos
   when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
   block:
@@ -49,3 +50,4 @@
   vars:
     packages:
       - docker
+...
diff --git a/roles/deploy-docker/tasks/main.yaml b/roles/deploy-docker/tasks/main.yaml
index fd0fadbb8..453ef916d 100644
--- a/roles/deploy-docker/tasks/main.yaml
+++ b/roles/deploy-docker/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: check if docker deploy is needed
   raw: which docker
   register: need_docker
@@ -20,21 +21,21 @@
   template:
     src: centos-docker.service.j2
     dest: /etc/systemd/system/docker.service
-    mode: 0640
+    mode: 416
 
 - name: fedora | moving systemd unit into place
   when: ( ansible_distribution == 'Fedora' ) and ( need_docker is failed )
   template:
     src: fedora-docker.service.j2
     dest: /etc/systemd/system/docker.service
-    mode: 0640
+    mode: 416
 
 - name: ubuntu | moving systemd unit into place
   when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker is failed )
   template:
     src: ubuntu-docker.service.j2
     dest: /etc/systemd/system/docker.service
-    mode: 0640
+    mode: 416
 
 # NOTE: (lamt) Setting up the proxy before installing docker
 - name: ensure docker.service.d directory exists
@@ -48,7 +49,7 @@
   template:
     src: http-proxy.conf.j2
     dest: /etc/systemd/system/docker.service.d/http-proxy.conf
-    mode: 0640
+    mode: 416
 
 - name: deploy docker packages
   when: need_docker is failed
@@ -69,3 +70,4 @@
     name: docker
 
 - include: deploy-ansible-docker-support.yaml
+...
diff --git a/roles/deploy-jq/tasks/main.yaml b/roles/deploy-jq/tasks/main.yaml
index f888645a0..ed78c625d 100644
--- a/roles/deploy-jq/tasks/main.yaml
+++ b/roles/deploy-jq/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - block:
     - name: ensuring jq is deployed on host
       when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora'
@@ -30,5 +31,6 @@
       get_url:
         url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
         dest: /usr/bin/jq
-        mode: 0555
+        mode: 365
         force: yes
+...
diff --git a/roles/deploy-kubeadm-aio-common/defaults/main.yml b/roles/deploy-kubeadm-aio-common/defaults/main.yml
index 4548ed298..056c16cae 100644
--- a/roles/deploy-kubeadm-aio-common/defaults/main.yml
+++ b/roles/deploy-kubeadm-aio-common/defaults/main.yml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 kubernetes_cluster_cni: calico
 kubernetes_cluster_pod_subnet: 192.168.0.0/16
 kubernetes_cluster_domain: cluster.local
@@ -51,3 +52,4 @@ nodes:
 
 gate_fqdn_test: false
 gate_fqdn_tld: openstackhelm.test
+...
diff --git a/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml
index bb4892a20..23efe7218 100644
--- a/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml
+++ b/roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: master
   vars:
     kubeadm_aio_action: clean-host
@@ -65,3 +66,4 @@
       docker_container:
         name: "kubeadm-{{ kubeadm_aio_action }}"
         state: absent
+...
diff --git a/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml
index 59db165dc..e5c9e9094 100644
--- a/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml
+++ b/roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml
@@ -11,6 +11,7 @@
 # limitations under the License.
 
 
+---
 - name: setting node labels
   vars:
     kubeadm_kubelet_labels_node:
@@ -23,3 +24,4 @@
   vars:
     kubeadm_aio_action: deploy-kubelet
   include: util-kubeadm-aio-run.yaml
+...
diff --git a/roles/deploy-kubeadm-aio-common/tasks/main.yaml b/roles/deploy-kubeadm-aio-common/tasks/main.yaml
index f7642add5..cf605e99d 100644
--- a/roles/deploy-kubeadm-aio-common/tasks/main.yaml
+++ b/roles/deploy-kubeadm-aio-common/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: setting playbook facts
   set_fact:
     playbook_user_id: "{{ ansible_user_uid }}"
@@ -32,3 +33,4 @@
 - include: clean-node.yaml
 
 - include: deploy-kubelet.yaml
+...
diff --git a/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
index dedb81619..f14bfd79e 100644
--- a/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
+++ b/roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: Run Kubeadm-AIO container
   vars:
     kubeadm_aio_action: null
@@ -79,3 +80,4 @@
         - kube-system
         - kube-public
       ignore_errors: True
+...
diff --git a/roles/deploy-kubeadm-aio-master/tasks/main.yaml b/roles/deploy-kubeadm-aio-master/tasks/main.yaml
index ff99a660a..aeb3c89d6 100644
--- a/roles/deploy-kubeadm-aio-master/tasks/main.yaml
+++ b/roles/deploy-kubeadm-aio-master/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: setting playbook user info facts before escalating privileges
   set_fact:
     playbook_user_id: "{{ ansible_user_uid }}"
@@ -27,3 +28,4 @@
   include_role:
     name: deploy-kubeadm-aio-common
     tasks_from: util-kubeadm-aio-run
+...
diff --git a/roles/deploy-kubeadm-aio-node/defaults/main.yml b/roles/deploy-kubeadm-aio-node/defaults/main.yml
index 70f1201e8..8497dc8cb 100644
--- a/roles/deploy-kubeadm-aio-node/defaults/main.yml
+++ b/roles/deploy-kubeadm-aio-node/defaults/main.yml
@@ -10,6 +10,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 images:
   kubernetes:
     kubeadm_aio: openstackhelm/kubeadm-aio:dev
+...
diff --git a/roles/deploy-kubeadm-aio-node/tasks/main.yaml b/roles/deploy-kubeadm-aio-node/tasks/main.yaml
index 77d3dbeb5..b1c635890 100644
--- a/roles/deploy-kubeadm-aio-node/tasks/main.yaml
+++ b/roles/deploy-kubeadm-aio-node/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: setting playbook user info facts before escalating privileges
   set_fact:
     playbook_user_id: "{{ ansible_user_uid }}"
@@ -47,3 +48,4 @@
   until: task_result.stdout == 'Ready'
   retries: 120
   delay: 5
+...
diff --git a/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml
index 8f0bae384..0671a2ec0 100644
--- a/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml
+++ b/roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: generate the kubeadm join command for nodes
   vars:
     kubeadm_aio_action: generate-join-cmd
@@ -52,3 +53,4 @@
       docker_container:
         name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
         state: absent
+...
diff --git a/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml
index d909574ac..ee78b7b31 100644
--- a/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml
+++ b/roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: master
   vars:
     kubeadm_aio_action: join-kube
@@ -55,3 +56,4 @@
       docker_container:
         name: "kubeadm-{{ kubeadm_aio_action }}"
         state: absent
+...
diff --git a/roles/deploy-package/defaults/main.yml b/roles/deploy-package/defaults/main.yml
index dd75cc9ad..b1a6fabd9 100644
--- a/roles/deploy-package/defaults/main.yml
+++ b/roles/deploy-package/defaults/main.yml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 proxy:
   http: null
   https: null
   noproxy: null
+...
diff --git a/roles/deploy-package/tasks/dist.yaml b/roles/deploy-package/tasks/dist.yaml
index bbd4e4531..73939ffd5 100644
--- a/roles/deploy-package/tasks/dist.yaml
+++ b/roles/deploy-package/tasks/dist.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: managing distro packages for ubuntu
   become: true
   become_user: root
@@ -42,3 +43,4 @@
     name: "{{ item }}"
     state: "{{ state }}"
   with_items: "{{ packages.rpm }}"
+...
diff --git a/roles/deploy-package/tasks/pip.yaml b/roles/deploy-package/tasks/pip.yaml
index 172130bc1..0b2a48368 100644
--- a/roles/deploy-package/tasks/pip.yaml
+++ b/roles/deploy-package/tasks/pip.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: managing pip packages
   become: true
   become_user: root
@@ -23,3 +24,4 @@
     name: "{{ item }}"
     state: "{{ state }}"
   with_items: "{{ packages }}"
+...
diff --git a/roles/deploy-python-pip/defaults/main.yml b/roles/deploy-python-pip/defaults/main.yml
index dd75cc9ad..b1a6fabd9 100644
--- a/roles/deploy-python-pip/defaults/main.yml
+++ b/roles/deploy-python-pip/defaults/main.yml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 proxy:
   http: null
   https: null
   noproxy: null
+...
diff --git a/roles/deploy-python-pip/tasks/main.yaml b/roles/deploy-python-pip/tasks/main.yaml
index 08dfc0d81..a65c100c2 100644
--- a/roles/deploy-python-pip/tasks/main.yaml
+++ b/roles/deploy-python-pip/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: check if pip installed
   command: pip --version
   register: pip_version_output
@@ -50,3 +51,4 @@
   pip:
     name: pip
     state: latest
+...
diff --git a/roles/deploy-python/tasks/main.yaml b/roles/deploy-python/tasks/main.yaml
index 7be822f71..365ae2807 100644
--- a/roles/deploy-python/tasks/main.yaml
+++ b/roles/deploy-python/tasks/main.yaml
@@ -10,5 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: ensuring python2 is present on all hosts
   raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2)
+...
diff --git a/roles/deploy-selenium/tasks/main.yaml b/roles/deploy-selenium/tasks/main.yaml
index db1368c3f..69f673ac8 100644
--- a/roles/deploy-selenium/tasks/main.yaml
+++ b/roles/deploy-selenium/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating selenium configuration directory"
   file:
     path: /etc/selenium
@@ -51,3 +52,4 @@
   apt:
     name: google-chrome-stable
     update_cache: yes
+...
diff --git a/roles/describe-kubernetes-objects/tasks/main.yaml b/roles/describe-kubernetes-objects/tasks/main.yaml
index bbd2bad30..1fc207d7f 100644
--- a/roles/describe-kubernetes-objects/tasks/main.yaml
+++ b/roles/describe-kubernetes-objects/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating directory for cluster scoped objects"
   file:
     path: "{{ logs_dir }}/objects/cluster"
@@ -106,3 +107,4 @@
     dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
     mode: pull
   ignore_errors: yes
+...
diff --git a/roles/disable-local-nameserver/tasks/main.yaml b/roles/disable-local-nameserver/tasks/main.yaml
index 35b7f31c2..f2ea4e91c 100644
--- a/roles/disable-local-nameserver/tasks/main.yaml
+++ b/roles/disable-local-nameserver/tasks/main.yaml
@@ -15,13 +15,14 @@
 # See the following for the original config:
 # * https://github.com/openstack/project-config/blob/0332c33dd134033e0620645c252f82b77e4c16f5/nodepool/elements/nodepool-base/finalise.d/89-unbound
 
+---
 - name: Disable local nameserver and systemd-resolved service
   when: ansible_distribution == 'Ubuntu'
   block:
     - name: update rc.local
       blockinfile:
         path: /etc/rc.local
-        mode: 0555
+        mode: 365
         block: |
           #!/bin/bash
           set -o xtrace
@@ -55,3 +56,4 @@
         masked: yes
         daemon_reload: yes
         name: systemd-resolved
+...
diff --git a/roles/gather-host-logs/tasks/main.yaml b/roles/gather-host-logs/tasks/main.yaml
index 29f028e35..e2161bda2 100644
--- a/roles/gather-host-logs/tasks/main.yaml
+++ b/roles/gather-host-logs/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating directory for system status"
   file:
     path: "{{ logs_dir }}/system"
@@ -37,3 +38,4 @@
     dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
     mode: pull
   ignore_errors: True
+...
diff --git a/roles/gather-pod-logs/tasks/main.yaml b/roles/gather-pod-logs/tasks/main.yaml
index 8f48b7da3..373f5a0a5 100644
--- a/roles/gather-pod-logs/tasks/main.yaml
+++ b/roles/gather-pod-logs/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating directory for pod logs"
   file:
     path: "{{ logs_dir }}/pod-logs"
@@ -59,3 +60,4 @@
     dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
     mode: pull
   ignore_errors: True
+...
diff --git a/roles/gather-prom-metrics/tasks/main.yaml b/roles/gather-prom-metrics/tasks/main.yaml
index 0f22b2bef..0bbc8e46e 100644
--- a/roles/gather-prom-metrics/tasks/main.yaml
+++ b/roles/gather-prom-metrics/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating directory for helm release descriptions"
   file:
     path: "{{ logs_dir }}/prometheus"
@@ -81,3 +82,4 @@
     dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
     mode: pull
   ignore_errors: True
+...
diff --git a/roles/gather-selenium-data/tasks/main.yaml b/roles/gather-selenium-data/tasks/main.yaml
index 3fcc9ca7d..f5f32c199 100644
--- a/roles/gather-selenium-data/tasks/main.yaml
+++ b/roles/gather-selenium-data/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating directory for helm release descriptions"
   file:
     path: "{{ logs_dir }}/selenium"
@@ -29,3 +30,4 @@
     dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
     mode: pull
   ignore_errors: True
+...
diff --git a/roles/helm-release-status/tasks/main.yaml b/roles/helm-release-status/tasks/main.yaml
index b73250af9..954b13f36 100644
--- a/roles/helm-release-status/tasks/main.yaml
+++ b/roles/helm-release-status/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "creating directory for helm release status"
   file:
     path: "{{ logs_dir }}/helm/{{ directory }}"
@@ -49,3 +50,4 @@
     dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
     mode: pull
   ignore_errors: True
+...
diff --git a/roles/osh-run-script/defaults/main.yaml b/roles/osh-run-script/defaults/main.yaml
index fc1d61755..8de078a0b 100644
--- a/roles/osh-run-script/defaults/main.yaml
+++ b/roles/osh-run-script/defaults/main.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 osh_params:
   container_distro_name: ubuntu
   container_distro_version: xenial
-  #feature_gates:
+  # feature_gates:
+...
diff --git a/roles/osh-run-script/tasks/main.yaml b/roles/osh-run-script/tasks/main.yaml
index 667747bc9..7e63ed62d 100644
--- a/roles/osh-run-script/tasks/main.yaml
+++ b/roles/osh-run-script/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: "Run script {{ gate_script_path }}"
   shell: |
     set -xe;
@@ -25,3 +26,4 @@
     CONTAINER_DISTRO_NAME: "{{ osh_params.container_distro_name | default('') }}"
     CONTAINER_DISTRO_VERSION: "{{ osh_params.container_distro_version | default('') }}"
     FEATURE_GATES: "{{ osh_params.feature_gates | default('') }}"
+...
diff --git a/roles/setup-firewall/tasks/main.yaml b/roles/setup-firewall/tasks/main.yaml
index 84675a614..64e75ddc7 100644
--- a/roles/setup-firewall/tasks/main.yaml
+++ b/roles/setup-firewall/tasks/main.yaml
@@ -10,7 +10,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
+# NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
+---
 - name: deploy iptables packages
   include_role:
     name: deploy-package
@@ -25,3 +26,4 @@
 - command: iptables -F
 - command: iptables -P INPUT ACCEPT
 - command: iptables -S
+...
diff --git a/roles/upgrade-host/defaults/main.yml b/roles/upgrade-host/defaults/main.yml
index 669aa1108..93b068cd7 100644
--- a/roles/upgrade-host/defaults/main.yml
+++ b/roles/upgrade-host/defaults/main.yml
@@ -10,4 +10,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 ubuntu_kernel_hwe: false
+...
diff --git a/roles/upgrade-host/tasks/main.yaml b/roles/upgrade-host/tasks/main.yaml
index 51a2bc380..d3cbd0112 100644
--- a/roles/upgrade-host/tasks/main.yaml
+++ b/roles/upgrade-host/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: Upgrade to HWE kernel on Ubuntu Hosts
   when:
     - ansible_distribution == 'Ubuntu'
@@ -40,3 +41,4 @@
         timeout: 240
       with_items: '{{ play_hosts }}'
       connection: local
+...
diff --git a/tiller/Chart.yaml b/tiller/Chart.yaml
index ba339c6a9..9d47ac56b 100644
--- a/tiller/Chart.yaml
+++ b/tiller/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Tiller
 name: tiller
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/tiller/requirements.yaml b/tiller/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/tiller/requirements.yaml
+++ b/tiller/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/tools/deployment/armada/manifests/armada-ceph.yaml b/tools/deployment/armada/manifests/armada-ceph.yaml
index e247a5401..6b6f85e7d 100644
--- a/tools/deployment/armada/manifests/armada-ceph.yaml
+++ b/tools/deployment/armada/manifests/armada-ceph.yaml
@@ -14,6 +14,7 @@ data:
     subpath: helm-toolkit
     reference: master
   dependencies: []
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -56,6 +57,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -121,6 +123,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -191,6 +194,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -255,6 +259,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -324,6 +329,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -338,6 +344,7 @@ data:
     - ceph-osd
     - ceph-client
     - ceph-provisioners
+...
 ---
 schema: armada/Manifest/v1
 metadata:
@@ -347,3 +354,4 @@ data:
   release_prefix: osh
   chart_groups:
     - ceph-storage
+...
diff --git a/tools/deployment/armada/manifests/armada-cluster-ingress.yaml b/tools/deployment/armada/manifests/armada-cluster-ingress.yaml
index 5a3ceb801..71087a0d1 100644
--- a/tools/deployment/armada/manifests/armada-cluster-ingress.yaml
+++ b/tools/deployment/armada/manifests/armada-cluster-ingress.yaml
@@ -14,6 +14,7 @@ data:
     subpath: helm-toolkit
     reference: master
   dependencies: []
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -60,6 +61,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -70,6 +72,7 @@ data:
   sequenced: False
   chart_group:
     - ingress-kube-system
+...
 ---
 schema: armada/Manifest/v1
 metadata:
@@ -79,3 +82,4 @@ data:
   release_prefix: osh
   chart_groups:
     - cluster-ingress-controller
+...
diff --git a/tools/deployment/armada/manifests/armada-lma.yaml b/tools/deployment/armada/manifests/armada-lma.yaml
index 9840eea28..622a6a917 100644
--- a/tools/deployment/armada/manifests/armada-lma.yaml
+++ b/tools/deployment/armada/manifests/armada-lma.yaml
@@ -14,6 +14,7 @@ data:
     subpath: helm-toolkit
     reference: master
   dependencies: []
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -52,6 +53,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -105,6 +107,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -173,6 +176,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -212,6 +216,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -260,6 +265,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -434,6 +440,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -477,6 +484,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -534,6 +542,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -592,6 +601,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -646,6 +656,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -684,6 +695,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -722,6 +734,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -763,6 +776,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -814,6 +828,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/Chart/v1
 metadata:
@@ -884,6 +899,7 @@ data:
     reference: master
   dependencies:
     - helm-toolkit
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -894,6 +910,7 @@ data:
   sequenced: False
   chart_group:
     - osh-infra-ingress-controller
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -904,6 +921,7 @@ data:
   sequenced: True
   chart_group:
     - osh-infra-ceph-config
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -914,6 +932,7 @@ data:
   sequenced: True
   chart_group:
     - osh-infra-radosgw
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -924,6 +943,7 @@ data:
   sequenced: True
   chart_group:
     - osh-infra-ldap
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -934,6 +954,7 @@ data:
   sequenced: True
   chart_group:
     - osh-infra-mariadb
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -946,6 +967,7 @@ data:
     - elasticsearch
     - fluentd
     - fluentbit
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -960,6 +982,7 @@ data:
     - prometheus-kube-state-metrics
     - prometheus
     - nagios
+...
 ---
 schema: armada/ChartGroup/v1
 metadata:
@@ -971,6 +994,7 @@ data:
   chart_group:
     - grafana
     - kibana
+...
 ---
 schema: armada/Manifest/v1
 metadata:
@@ -987,3 +1011,4 @@ data:
     - osh-infra-monitoring
     - osh-infra-mariadb
     - osh-infra-dashboards
+...
diff --git a/tools/gate/devel/local-inventory.yaml b/tools/gate/devel/local-inventory.yaml
index 1eb8349e3..adb6e5c23 100644
--- a/tools/gate/devel/local-inventory.yaml
+++ b/tools/gate/devel/local-inventory.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 all:
   children:
     primary:
       hosts:
         local:
           ansible_connection: local
+...
diff --git a/tools/gate/devel/local-vars.yaml b/tools/gate/devel/local-vars.yaml
index 7d468e11c..bedb8f3a2 100644
--- a/tools/gate/devel/local-vars.yaml
+++ b/tools/gate/devel/local-vars.yaml
@@ -10,5 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 kubernetes_network_default_device: docker0
 gate_fqdn_test: true
+...
diff --git a/tools/gate/devel/multinode-inventory.yaml b/tools/gate/devel/multinode-inventory.yaml
index 5a905f9d1..d954177c2 100644
--- a/tools/gate/devel/multinode-inventory.yaml
+++ b/tools/gate/devel/multinode-inventory.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 all:
   children:
     primary:
@@ -28,3 +29,4 @@ all:
           ansible_user: ubuntu
           ansible_ssh_private_key_file: /home/ubuntu/.ssh/insecure.pem
           ansible_ssh_extra_args: -o StrictHostKeyChecking=no
+...
diff --git a/tools/gate/lint.sh b/tools/gate/lint.sh
new file mode 100755
index 000000000..d429d78f3
--- /dev/null
+++ b/tools/gate/lint.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -e
+
+HELM_DATA_YAML=../openstack-helm-infra/roles/build-helm-packages/defaults/main.yml
+HELM_VERSION=$(yq -r '.version.helm' ${HELM_DATA_YAML})
+GOOGLE_HELM_REPO_URL=$(yq -r '.url.google_helm_repo' ${HELM_DATA_YAML})
+LINT_DIR=.yamllint
+
+mkdir ${LINT_DIR}
+cp -r * ${LINT_DIR}
+rm -rf ${LINT_DIR}/*/templates
+rm -rf */charts/helm-toolkit
+wget -qO ${LINT_DIR}/helm.tgz ${GOOGLE_HELM_REPO_URL}/helm-${HELM_VERSION}-linux-amd64.tar.gz
+tar xzf ${LINT_DIR}/helm.tgz -C ${LINT_DIR} --strip-components=1 linux-amd64/helm
+
+for i in */; do
+    # avoid helm-toolkit to symlink on itself
+    [ -d "$i/templates" -a "$i" != "helm-toolkit/" ] || continue
+    mkdir -p $i/charts
+    ln -s ../../../openstack-helm-infra/helm-toolkit $i/charts/helm-toolkit
+    ${LINT_DIR}/helm template $i --output-dir ${LINT_DIR} 2>&1 > /dev/null
+done
+rm -rf */charts/helm-toolkit
+
+find .yamllint -type f -exec sed -i 's/%%%.*/XXX/g' {} +
+
+set +e
+shopt -s globstar extglob
+# lint all y*mls except for templates with the first config
+yamllint -c yamllint.conf ${LINT_DIR}/*{,/!(templates)/**}/*.y*ml yamllint*.conf
+result=$?
+# lint templates with the second config
+yamllint -c yamllint-templates.conf ${LINT_DIR}/*/templates/*.yaml
+exit $(($?|$result))
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml
index ad76858db..db6d37e23 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-clean.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   gather_facts: True
   become: yes
@@ -17,3 +18,4 @@
     - clean-host
   tags:
     - clean-host
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml
index 6b2db4bdb..3e74e8a91 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-kubelet.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   gather_facts: True
   become: yes
@@ -17,3 +18,4 @@
     - deploy-kubelet
   tags:
     - deploy-kubelet
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml
index b303b4863..d085eefe5 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-master.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   become: yes
   roles:
     - deploy-kubeadm-master
   tags:
     - deploy-kubeadm-master
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml
index fbdccd62e..48e2a5684 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/kubeadm-aio-deploy-node.yaml
@@ -10,9 +10,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - hosts: all
   become: yes
   roles:
     - deploy-kubeadm-node
   tags:
     - deploy-kubeadm-node
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml
index abe489895..0782846f1 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/clean-host/tasks/main.yaml
@@ -11,6 +11,7 @@
 # limitations under the License.
 
 
+---
 - name: clean | kube | remove config
   file:
     path: "{{ item }}"
@@ -58,3 +59,4 @@
 - name: clean | kube | reload systemd
   systemd:
     daemon_reload: yes
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml
index e361932ea..872de3b7f 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-cni.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - name: setting up bootstrap tiller
   block:
     - name: pull the helm tiller Image
@@ -138,3 +139,4 @@
   docker_container:
     name: "helm-tiller"
     state: absent
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml
index 52b77ca04..e9343132e 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-deploy.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - name: setting up bootstrap tiller
   block:
     - name: pull the helm tiller Image
@@ -78,10 +79,11 @@
         dest: /usr/bin/helm
         owner: root
         group: root
-        mode: 0555
+        mode: 365
     - name: setting up helm client for user
       environment:
         http_proxy: "{{ proxy.http }}"
         https_proxy: "{{ proxy.https }}"
         no_proxy: "{{ proxy.noproxy }}"
       command: helm init --client-only --skip-refresh
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml
index 5221a6fc4..ebcd913cf 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-dns.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - name: setting up bootstrap tiller
   block:
     - name: pull the helm tiller Image
@@ -67,3 +68,4 @@
   docker_container:
     name: "helm-tiller"
     state: absent
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
index 7329be076..1041037c2 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/helm-keystone-auth.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - name: setting up bootstrap tiller
   block:
     - name: pull the helm tiller Image
@@ -78,7 +79,7 @@
       template:
         src: webhook.kubeconfig.j2
         dest: /etc/kubernetes/pki/webhook.kubeconfig
-        mode: 0640
+        mode: 416
     - name: kubeadm | configuring api server
       become: true
       become_user: root
@@ -98,3 +99,4 @@
   docker_container:
     name: "helm-tiller"
     state: absent
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
index 8fbb9d650..2e28cb7a1 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/main.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - name: storing node hostname
   set_fact:
     kubeadm_node_hostname: "{% if ansible_domain is defined %}{{ ansible_fqdn }}{% else %}{{ ansible_hostname }}.node.{{ k8s.networking.dnsDomain }}{% endif %}"
@@ -35,7 +36,7 @@
       template:
         src: kubeadm-conf.yaml.j2
         dest: /etc/kubernetes/kubeadm-conf.yaml
-        mode: 0640
+        mode: 416
 
 - name: generating certs
   delegate_to: 127.0.0.1
@@ -170,7 +171,7 @@
       template:
         src: cluster-info.yaml.j2
         dest: /etc/kubernetes/cluster-info.yaml
-        mode: 0644
+        mode: 420
     - name: removing any pre-existing cluster-info configmap
       command: kubectl --kubeconfig /mnt/rootfs/etc/kubernetes/admin.conf delete -f /etc/kubernetes/cluster-info.yaml --ignore-not-found
     - name: creating cluster-info configmap
@@ -219,7 +220,7 @@
         dest: "/usr/bin/{{ item }}"
         owner: root
         group: root
-        mode: 0555
+        mode: 365
       with_items:
         - kubectl
         - kubeadm
@@ -235,4 +236,5 @@
         dest: "{{ vars.user.home }}/.kube/config"
         owner: "{{ vars.user.uid }}"
         group: "{{ vars.user.gid }}"
-        mode: 0600
+        mode: 384
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml
index f544e1cb3..db92b84f1 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/tasks/wait-for-kube-system-namespace.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - name: wait for kube pods to all be running in kube-system namespace
   delegate_to: 127.0.0.1
   shell: /usr/bin/test-kube-pods-ready kube-system
@@ -21,3 +22,4 @@
     KUBECONFIG: '/mnt/rootfs/etc/kubernetes/admin.conf'
   args:
     executable: /bin/bash
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml
index dc4d455ab..a2233e6d5 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-node/tasks/main.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 - block:
     - name: base kubeadm deploy
       file:
@@ -25,7 +26,7 @@
         dest: /usr/bin/kubeadm
         owner: root
         group: root
-        mode: 0555
+        mode: 365
     - debug:
         msg: "{{ kubeadm_join_command }}"
     - name: running kubeadm join command
@@ -36,3 +37,4 @@
         state: absent
       with_items:
         - /usr/bin/kubeadm
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml
index 163ba2802..9928ca014 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/hostname.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: DNS | Ensure node fully qualified hostname is set
   lineinfile:
     unsafe_writes: true
@@ -33,3 +34,4 @@
         dest: /etc/hosts
         line: "::1 localhost6 localhost6.localdomain6"
         regexp: "^::1"
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml
index 0c0e14eae..baa1e6cbe 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/kubelet.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: ubuntu or debian | installing kubelet support packages
   when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
   apt:
@@ -101,22 +102,22 @@
         dest: /usr/bin/kubelet
         owner: root
         group: root
-        mode: 0555
+        mode: 365
     - name: copying base systemd unit to host
       template:
         src: kubelet.service.j2
         dest: /etc/systemd/system/kubelet.service
-        mode: 0640
+        mode: 416
     - name: copying kubeadm drop-in systemd unit to host
       template:
         src: 10-kubeadm.conf.j2
         dest: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
-        mode: 0640
+        mode: 416
     - name: copying kubelet DNS config to host
       template:
         src: kubelet-resolv.conf.j2
         dest: /etc/kubernetes/kubelet-resolv.conf
-        mode: 0640
+        mode: 416
 
 - name: base cni support
   block:
@@ -132,7 +133,7 @@
         dest: /opt/cni/bin/{{ item }}
         owner: root
         group: root
-        mode: 0555
+        mode: 365
       with_items:
         - flannel
         - ptp
@@ -154,7 +155,7 @@
       template:
         src: 0-crio.conf.j2
         dest: /etc/systemd/system/kubelet.service.d/0-crio.conf
-        mode: 0640
+        mode: 416
     - name: CRI-O | ensure service is restarted and enabled
       systemd:
         name: crio
@@ -174,7 +175,7 @@
     - name: Setup DNS redirector | Populating new kubelet resolv.conf
       copy:
         dest: "/etc/kubernetes/kubelet-resolv.conf"
-        mode: 0640
+        mode: 416
         content: |
           nameserver 172.17.0.1
     - name: Setup DNS redirector | Ensuring static manifests dir exists
@@ -190,12 +191,12 @@
       template:
         src: resolv-upstream.conf.j2
         dest: /etc/resolv-upstream.conf
-        mode: 0664
+        mode: 436
     - name: Setup DNS redirector | Placing pod manifest on host
       template:
         src: osh-dns-redirector.yaml.j2
         dest: /etc/kubernetes/manifests/osh-dns-redirector.yaml
-        mode: 0640
+        mode: 416
 
 - name: docker | ensure service is started and enabled
   when: kubelet.container_runtime == 'docker'
@@ -212,3 +213,4 @@
     daemon_reload: yes
     enabled: yes
     masked: no
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml
index 9302ce0db..8d73d4783 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/main.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - include_tasks: support-packages.yaml
 
 - include_tasks: hostname.yaml
@@ -17,3 +18,4 @@
 - include_tasks: setup-dns.yaml
 
 - include_tasks: kubelet.yaml
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml
index 947efd339..a102449a5 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/setup-dns.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: DNS | Check if NetworkManager is being used
   raw: systemctl status NetworkManager --no-pager
   register: network_manager_in_use
@@ -58,3 +59,4 @@
       delay: 5
       args:
         executable: /bin/bash
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml
index 2560d270f..2eea44413 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/tasks/support-packages.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: installing community ceph repository
   when: kubelet.pv_support_ceph
   block:
@@ -67,8 +68,8 @@
       name: "{{item}}"
       state: latest
     with_items:
-        - ceph-common
-        - rbd-nbd
+      - ceph-common
+      - rbd-nbd
 
   - name: ubuntu | uninstall packages
     when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
@@ -76,7 +77,7 @@
       name: "{{item}}"
       state: absent
     with_items:
-        - ceph
+      - ceph
 
   - name: centos | installing packages
     when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
@@ -84,8 +85,8 @@
       name: "{{item}}"
       state: latest
     with_items:
-        - ceph-common
-        - rbd-nbd
+      - ceph-common
+      - rbd-nbd
 
   - name: centos | installing packages
     when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
@@ -93,7 +94,7 @@
       name: "{{item}}"
       state: absent
     with_items:
-        - ceph
+      - ceph
 
 - name: blacklist kernel RBD driver module
   when: kubelet.pv_support_ceph
@@ -124,3 +125,4 @@
         - bridge-utils
       rpm:
         - bridge-utils
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml
index fb721d56c..2a81698b3 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/dist.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 - name: ubuntu | installing packages
   become: true
   become_user: root
@@ -36,3 +37,4 @@
     name: "{{item}}"
     state: present
   with_items: "{{ packages.rpm }}"
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml
index efaf2a87e..1fb8609d3 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-package/tasks/pip.yaml
@@ -1,3 +1,4 @@
+---
 - name: "installing python {{ package }}"
   become: true
   become_user: root
@@ -7,3 +8,4 @@
     no_proxy: "{{ proxy.noproxy }}"
   pip:
     name: "{{ package }}"
+...
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
index bb51778a7..d06ad267f 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
@@ -10,6 +10,7 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+---
 all:
   vars:
     my_container_name: null
@@ -41,7 +42,7 @@ all:
       keystoneAuth: false
       api:
         bindPort: 6443
-        #NOTE(portdirect): The following is a custom key, which resolves the
+        # NOTE(portdirect): The following is a custom key, which resolves the
         # 'advertiseAddress' key dynamicly.
         advertiseAddressDevice: null
       networking:
@@ -52,3 +53,4 @@ all:
       fqdn_testing: false
       ingress_ip: 127.0.0.1
       fqdn_tld: openstackhelm.test
+...
diff --git a/tox.ini b/tox.ini
index 9bea18c52..c84a068c3 100644
--- a/tox.ini
+++ b/tox.ini
@@ -22,12 +22,12 @@ whitelist_externals =
   rm
 
 [testenv:lint]
-deps = yamllint
+deps =
+  yq
+  yamllint
 commands =
-  bash -c "rm -rf {toxinidir}/.yamllint"
-  bash -c "mkdir -p {toxinidir}/.yamllint"
-  bash -c "cp -r $(ls {toxinidir}) {toxinidir}/.yamllint/"
-  bash -c "find {toxinidir}/.yamllint -type f -exec sed -i 's/%%%.*/XXX/g' \{\} +"
-  bash -c "yamllint -c {toxinidir}/yamllint.conf {toxinidir}/.yamllint/*/values*"
+  rm -rf .yamllint
+  bash ../openstack-helm-infra/tools/gate/lint.sh
 whitelist_externals =
+  rm
   bash
diff --git a/yamllint-templates.conf b/yamllint-templates.conf
new file mode 100644
index 000000000..c356561e1
--- /dev/null
+++ b/yamllint-templates.conf
@@ -0,0 +1,49 @@
+---
+
+yaml-files:
+- '*.yaml'
+- '*.yml'
+- '.yamllint'
+
+rules:
+  braces:
+    level: warning
+  brackets:
+    level: warning
+  colons:
+    level: warning
+  commas:
+    level: warning
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines:
+    level: warning
+  empty-values:
+    level: warning
+  hyphens:
+    level: warning
+  indentation:
+    spaces: 2
+    indent-sequences: whatever
+    level: warning
+  key-duplicates:
+    level: warning
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file:
+    level: warning
+  new-lines:
+    level: warning
+  octal-values:
+    level: warning
+  quoted-strings: disable
+  trailing-spaces:
+    level: warning
+  truthy:
+    level: warning
+...
diff --git a/yamllint.conf b/yamllint.conf
index 919ee6ea2..fb359aef5 100644
--- a/yamllint.conf
+++ b/yamllint.conf
@@ -11,8 +11,7 @@ rules:
   colons: enable
   commas: enable
   comments: enable
-  comments-indentation:
-    level: warning
+  comments-indentation: disable
   document-end: enable
   document-start: enable
   empty-lines: enable
@@ -29,6 +28,5 @@ rules:
   octal-values: enable
   quoted-strings: disable
   trailing-spaces: enable
-  truthy:
-    level: warning
+  truthy: disable
 ...
diff --git a/zookeeper/Chart.yaml b/zookeeper/Chart.yaml
index 95b46d508..0a3166009 100644
--- a/zookeeper/Chart.yaml
+++ b/zookeeper/Chart.yaml
@@ -10,6 +10,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 apiVersion: v1
 description: OpenStack-Helm Zookeeper
 name: zookeeper
@@ -20,3 +21,4 @@ sources:
   - https://opendev.org/openstack/openstack-helm-infra
 maintainers:
   - name: OpenStack-Helm Authors
+...
diff --git a/zookeeper/requirements.yaml b/zookeeper/requirements.yaml
index 5669e12cf..efd01ef7a 100644
--- a/zookeeper/requirements.yaml
+++ b/zookeeper/requirements.yaml
@@ -10,7 +10,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+---
 dependencies:
   - name: helm-toolkit
     repository: http://localhost:8879/charts
     version: 0.1.0
+...
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 92d54ea79..00369c143 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -575,3 +575,4 @@
         - ./tools/deployment/osh-infra-local-storage/040-prometheus.sh
         - ./tools/deployment/osh-infra-local-storage/050-elasticsearch.sh
         - ./tools/deployment/osh-infra-local-storage/060-volume-info.sh
+...
diff --git a/zuul.d/nodesets.yaml b/zuul.d/nodesets.yaml
index 2a83d6f14..a4cb079bd 100644
--- a/zuul.d/nodesets.yaml
+++ b/zuul.d/nodesets.yaml
@@ -157,3 +157,4 @@
       - name: primary
         nodes:
           - primary
+...
diff --git a/zuul.d/playbooks/lint.yml b/zuul.d/playbooks/lint.yml
index 9ebcc7b98..3b27a64cc 100644
--- a/zuul.d/playbooks/lint.yml
+++ b/zuul.d/playbooks/lint.yml
@@ -27,8 +27,16 @@
         path: "{{ ansible_user_dir }}/src/{{ zuul.project.canonical_name }}/yamllint.conf"
       register: yamllintconf
 
+    - name: Install jq
+      apt:
+        pkg:
+          - jq
+      become: yes
+      when: yamllintconf.stat.exists == True
+
     - name: Execute yamllint check for values* yaml files
       command: tox -e lint
       args:
         chdir: "{{ ansible_user_dir }}/src/{{ zuul.project.canonical_name }}"
       when: yamllintconf.stat.exists == True
+...
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index bf285e4d5..560c7399b 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -52,9 +52,9 @@
     experimental:
       jobs:
         # NOTE(srwilkers): Disable fedora experimental jobs until issues resolved
-        #- openstack-helm-infra-five-fedora
+        # - openstack-helm-infra-five-fedora
         # NOTE(srwilkers): Disable centos experimental jobs until issues resolved
-        #- openstack-helm-infra-five-centos
+        # - openstack-helm-infra-five-centos
         # - openstack-helm-infra-five-ubuntu
         - openstack-helm-infra-elastic-beats
         # - openstack-helm-infra-tenant-ceph
@@ -69,3 +69,4 @@
         - openstack-helm-infra-aio-logging-apparmor
         - openstack-helm-infra-openstack-support-apparmor
         - openstack-helm-infra-metacontroller
+...