Fix linting to bring back 'production' status for all non-server k3s roles

Signed-off-by: Derek Nola <[email protected]>

Author: dereknola

roles/airgap/tasks/main.yml

@@ -13,13 +13,13 @@
       delegate_to: localhost
       ansible.builtin.stat:
         path: "{{ airgap_dir + '/k3s-install.sh' }}"
-      register: host_install_script
+      register: airgap_host_install_script
 
     - name: Download k3s install script
       become: false
       delegate_to: localhost
       # Workaround for https://github.com/ansible/ansible/issues/64016
-      when: not host_install_script.stat.exists
+      when: not airgap_host_install_script.stat.exists
       ansible.builtin.get_url:
         url: https://get.k3s.io/
         timeout: 120
@@ -34,11 +34,11 @@
         group: root
         mode: "0755"
 
-    - name: Determine architecture and set k3s_arch
+    - name: Determine architecture and set airgap_k3s_arch
       ansible.builtin.set_fact:
-        k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}"
+        airgap_k3s_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'arm' if ansible_architecture == 'armv7l' else 'amd64' }}"
 
-    - name: Distribute K3s binary {{ k3s_arch }}
+    - name: Distribute K3s binary {{ airgap_k3s_arch }}
       ansible.builtin.copy:
         src: "{{ item }}"
         dest: /usr/local/bin/k3s
@@ -47,7 +47,7 @@
         mode: "0755"
       with_first_found:
         - files:
-            - "{{ airgap_dir }}/k3s-{{ k3s_arch }}"
+            - "{{ airgap_dir }}/k3s-{{ airgap_k3s_arch }}"
             - "{{ airgap_dir }}/k3s"
           # with_first_found always runs, even inside the when block
           # so we need to skip it if the file is not found
@@ -62,15 +62,15 @@
         mode: "0755"
       with_fileglob:
         - "{{ airgap_dir }}/k3s-selinux*.rpm"
-      register: selinux_copy
+      register: airgap_selinux_copy
       ignore_errors: true
 
     - name: Install K3s SELinux RPM
       when:
         - ansible_os_family == 'RedHat'
-        - selinux_copy.skipped is false
+        - airgap_selinux_copy.skipped is false
       ansible.builtin.dnf:
-        name: "{{ selinux_copy.results[0].dest }}"
+        name: "{{ airgap_selinux_copy.results[0].dest }}"
         state: present
         disable_gpg_check: true
         disablerepo: "*"

roles/k3s_agent/tasks/main.yml

@@ -1,21 +1,21 @@
 ---
 - name: Get k3s installed version
   ansible.builtin.command: k3s --version
-  register: k3s_version_output
+  register: k3s_agent_version_output
   changed_when: false
   ignore_errors: true
 
 - name: Set k3s installed version
-  when: not ansible_check_mode and k3s_version_output.rc == 0
+  when: not ansible_check_mode and k3s_agent_version_output.rc == 0
   ansible.builtin.set_fact:
-    installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
+    k3s_agent_installed_version: "{{ k3s_agent_version_output.stdout_lines[0].split(' ')[2] }}"
 
 # If airgapped, all K3s artifacts are already on the node.
 # We should be downloading and installing the newer version only if we are in one of the following cases :
 #   - we couldn't get k3s installed version in the first task of this role
 #   - the installed version of K3s on the nodes is older than the requested version in ansible vars
 - name: Download artifact only if needed
-  when: not ansible_check_mode and airgap_dir is undefined and ( k3s_version_output.rc != 0 or installed_k3s_version is version(k3s_version, '<') )
+  when: not ansible_check_mode and airgap_dir is undefined and ( k3s_agent_version_output.rc != 0 or k3s_agent_installed_version is version(k3s_version, '<') )
   block:
     - name: Download K3s install script
       ansible.builtin.get_url:
@@ -50,13 +50,15 @@
         mode: "0755"
         state: directory
     - name: Copy config values
+      # noqa var-naming[no-role-prefix]
       ansible.builtin.copy:
         content: "{{ agent_config_yaml }}"
         dest: "/etc/rancher/k3s/config.yaml"
         mode: "0644"
       register: _agent_config_result
 
 - name: Get the token from the first server
+  # noqa var-naming[no-role-prefix]
   ansible.builtin.set_fact:
     token: "{{ hostvars[groups[server_group][0]].token }}"
 

roles/k3s_upgrade/tasks/main.yml

@@ -3,21 +3,22 @@
 # local control-plane instead of the remote host. Shell supports wildcards.
 - name: Get k3s installed version
   ansible.builtin.command: k3s --version
-  register: k3s_version_output
+  register: k3s_upgrade_version_output
   changed_when: false
   check_mode: false
 
 - name: Set k3s installed version
   ansible.builtin.set_fact:
-    installed_k3s_version: "{{ k3s_version_output.stdout_lines[0].split(' ')[2] }}"
+    k3s_upgrade_current_version: "{{ k3s_upgrade_version_output.stdout_lines[0].split(' ')[2] }}"
   check_mode: false
 
 # We should be downloading and installing the newer version only if we are in the following case :
 #   - the installed version of K3s on the nodes is older than the requested version in ansible vars
 - name: Update node only if needed
-  when: installed_k3s_version is version(k3s_version, '<')
+  when: k3s_upgrade_current_version is version(k3s_version, '<')
   block:
     - name: Find K3s service files
+      # noqa var-naming[no-role-prefix]
       ansible.builtin.find:
         paths: "{{ systemd_dir }}"
         patterns: "k3s*.service"

roles/prereq/tasks/main.yml

@@ -44,19 +44,19 @@
       ansible.builtin.command:
         cmd: ufw status
       changed_when: false
-      register: ufw_status
+      register: prereq_ufw_status
 
     - name: If ufw enabled, open api port
       when:
-        - "'Status: active' in ufw_status['stdout']"
+        - "'Status: active' in prereq_ufw_status['stdout']"
       community.general.ufw:
         rule: allow
         port: "{{ api_port }}"
         proto: tcp
 
     - name: If ufw enabled, open etcd ports
       when:
-        - "'Status: active' in ufw_status['stdout']"
+        - "'Status: active' in prereq_ufw_status['stdout']"
         - groups[server_group] | length > 1
       community.general.ufw:
         rule: allow
@@ -65,7 +65,7 @@
 
     - name: If ufw enabled, allow default CIDRs
       when:
-        - "'Status: active' in ufw_status['stdout']"
+        - "'Status: active' in prereq_ufw_status['stdout']"
       community.general.ufw:
         rule: allow
         src: '{{ item }}'
@@ -162,19 +162,19 @@
 - name: Check for Apparmor existence
   ansible.builtin.stat:
     path: /sys/module/apparmor/parameters/enabled
-  register: apparmor_enabled
+  register: prereq_apparmor_enabled
 
 - name: Check if Apparmor is enabled
-  when: apparmor_enabled.stat.exists
+  when: prereq_apparmor_enabled.stat.exists
   ansible.builtin.command: cat /sys/module/apparmor/parameters/enabled
-  register: apparmor_status
+  register: prereq_apparmor_status
   changed_when: false
 
 - name: Install Apparmor Parser [Suse]
   when:
     - ansible_os_family == 'Suse'
-    - apparmor_status is defined
-    - apparmor_status.stdout == "Y"
+    - prereq_apparmor_status is defined
+    - prereq_apparmor_status.stdout == "Y"
   ansible.builtin.package:
     name: apparmor-parser
     state: present
@@ -183,8 +183,8 @@
   when:
     - ansible_distribution == 'Debian'
     - ansible_facts['distribution_major_version'] == "11"
-    - apparmor_status is defined
-    - apparmor_status.stdout == "Y"
+    - prereq_apparmor_status is defined
+    - prereq_apparmor_status.stdout == "Y"
   ansible.builtin.package:
     name: apparmor
     state: present

roles/raspberrypi/tasks/main.yml

@@ -1,52 +1,48 @@
 ---
 - name: Test for raspberry pi /proc/cpuinfo
   ansible.builtin.command: grep -E "Raspberry Pi|BCM2708|BCM2709|BCM2835|BCM2836" /proc/cpuinfo
-  register: grep_cpuinfo_raspberrypi
+  register: raspberrypi_grep_cpuinfo
   failed_when: false
   changed_when: false
 
 - name: Test for raspberry pi /proc/device-tree/model
   ansible.builtin.command: grep -E "Raspberry Pi" /proc/device-tree/model
-  register: grep_device_tree_model_raspberrypi
+  register: raspberrypi_grep_device_tree_model
   failed_when: false
   changed_when: false
 
-- name: Set raspberry_pi fact to true
-  ansible.builtin.set_fact:
-    raspberry_pi: true
+- name: Run Raspberry Pi-specific tasks
   when:
-    grep_cpuinfo_raspberrypi.rc == 0 or grep_device_tree_model_raspberrypi.rc == 0
+    - raspberrypi_grep_cpuinfo.rc == 0 or raspberrypi_grep_device_tree_model.rc == 0
+  block:
+    - name: Set detected_distribution to Raspbian
+      # noqa var-naming[no-role-prefix]
+      ansible.builtin.set_fact:
+        detected_distribution: Raspbian
+      when: >
+        ansible_facts.lsb.id|default("") == "Raspbian" or
+        ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*")
 
-- name: Set detected_distribution to Raspbian
-  ansible.builtin.set_fact:
-    detected_distribution: Raspbian
-  when: >
-    raspberry_pi|default(false) and
-    ( ansible_facts.lsb.id|default("") == "Raspbian" or
-      ansible_facts.lsb.description|default("") is match("[Rr]aspbian.*") )
+    - name: Set detected_distribution to Debian
+      # noqa var-naming[no-role-prefix]
+      ansible.builtin.set_fact:
+        detected_distribution: Debian
+      when: >
+        ansible_facts.lsb.id|default("") == "Debian" or
+        ansible_facts.lsb.description|default("") is match("Debian")
 
-- name: Set detected_distribution to Debian
-  ansible.builtin.set_fact:
-    detected_distribution: Debian
-  when: >
-    raspberry_pi|default(false) and
-    ( ansible_facts.lsb.id|default("") == "Debian" or
-      ansible_facts.lsb.description|default("") is match("Debian") )
+    - name: Set detected_distribution to ArchLinux (ARM64)
+      # noqa var-naming[no-role-prefix]
+      ansible.builtin.set_fact:
+        detected_distribution: Archlinux
+      when:
+        - ansible_facts.architecture is search("aarch64")
+        - ansible_facts.os_family is match("Archlinux")
 
-- name: Set detected_distribution to ArchLinux (ARM64)
-  ansible.builtin.set_fact:
-    detected_distribution: Archlinux
-  when:
-    - ansible_facts.architecture is search("aarch64")
-    - raspberry_pi|default(false)
-    - ansible_facts.os_family is match("Archlinux")
-
-- name: Execute OS related tasks on the Raspberry Pi
-  ansible.builtin.include_tasks: "{{ item }}"
-  with_first_found:
-    - "prereq/{{ detected_distribution }}.yml"
-    - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
-    - "prereq/{{ ansible_distribution }}.yml"
-    - "prereq/default.yml"
-  when:
-    - raspberry_pi|default(false)
+    - name: Execute OS related tasks on the Raspberry Pi
+      ansible.builtin.include_tasks: "{{ item }}"
+      with_first_found:
+        - "prereq/{{ detected_distribution }}.yml"
+        - "prereq/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
+        - "prereq/{{ ansible_distribution }}.yml"
+        - "prereq/default.yml"