From ba9bb0508472c537423382ad89cbe44d62fe837c Mon Sep 17 00:00:00 2001
From: Nils Koenig <nkoenig@redhat.com>
Date: Mon, 25 Sep 2023 16:33:02 +0200
Subject: [PATCH] fixed ansible-lint errors for KVM part of
 sap_hypervisor_preconfigure

---
 .../meta/main.yml                             |  9 ++-
 .../configure-kargs-per-node.yml              |  1 +
 .../redhat_ocp_virt/download-rhel-images.yml  |  1 +
 .../redhat_ocp_virt/install-trident.yml       |  1 +
 .../tasks/platform/redhat_ocp_virt/kargs.yml  |  1 +
 .../platform/redhat_ocp_virt/node-network.yml |  1 +
 .../platform/redhat_ocp_virt/prepare.yml      |  1 +
 .../redhat_ocp_virt/setup-worker-node.yml     |  1 +
 .../redhat_rhel_kvm/assert-configuration.yml  | 39 +++++++-----
 .../redhat_rhel_kvm/assert-rhv-hooks.yml      |  4 ++
 .../assert-set-tuned-profile.yml              |  1 +
 .../redhat_rhel_kvm/configuration.yml         | 63 +++++--------------
 .../platform/redhat_rhel_kvm/rhv-hooks.yml    |  3 +-
 .../redhat_rhel_kvm/set-tuned-profile.yml     |  4 ++
 14 files changed, 65 insertions(+), 65 deletions(-)

diff --git a/roles/sap_hypervisor_node_preconfigure/meta/main.yml b/roles/sap_hypervisor_node_preconfigure/meta/main.yml
index 0b4c2c801..47965cdc0 100644
--- a/roles/sap_hypervisor_node_preconfigure/meta/main.yml
+++ b/roles/sap_hypervisor_node_preconfigure/meta/main.yml
@@ -3,8 +3,15 @@ galaxy_info:
   namespace: community
   role_name: sap_hypervisor_node_preconfigure
   author: Nils Koenig
-  description: Provide the configuration of SAP-certified hypervisors
+  description: Provide the configuration of hypervisors for SAP workloads
   license: Apache-2.0
   min_ansible_version: 2.9
   galaxy_tags: [ 'sap', 'hana', 'rhel', 'redhat', 'sles', 'suse' ]
+  platforms:
+    - name: CentOS
+      versions:
+        8
+    - name: RHEL
+      versions:
+        8
 dependencies: []
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml
index 2368cfc75..488c3eaa9 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml
@@ -1,3 +1,4 @@
+---
 - name: Get worker name
   ansible.builtin.set_fact:
     __sap_hypervisor_node_preconfigure_register_worker_name:
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml
index 7c9f31af6..6dd050ea9 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml
@@ -1,3 +1,4 @@
+---
 - name: "Download rhel 8.6 image"
   kubernetes.core.k8s:
     state: present
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml
index 6cd1be8dc..9747b55ad 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml
@@ -1,3 +1,4 @@
+---
 - name: Download trident
   ansible.builtin.unarchive:
     remote_src: true
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml
index 036925867..bd28ea55b 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml
@@ -1,3 +1,4 @@
+---
 - name: Personalize template
   ansible.builtin.template:
     src: 99-kargs-worker.yml.j2
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml
index 5026b15ff..088f86fe8 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml
@@ -1,3 +1,4 @@
+---
 - name: Print network
   ansible.builtin.debug:
     var: __sap_hypervisor_node_preconfigure_register_worker_network
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml
index b24b1228d..dd879b22c 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml
@@ -1,3 +1,4 @@
+---
 - name: Gather Facts
   ansible.builtin.gather_facts:
 
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml
index 066285366..2dc78034f 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml
@@ -1,3 +1,4 @@
+---
 - name: Include configure kargs
   ansible.builtin.include_tasks: configure-kargs-per-node.yml
   with_items: "{{ __sap_hypervisor_node_preconfigure_register_nodes }}"
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml
index 52cd899ce..8b1b4f59b 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml
@@ -4,11 +4,13 @@
 - name: Get kernel command line
   ansible.builtin.command: cat /proc/cmdline
   register: __sap_hypervisor_node_preconfigure_kernelcmdline_assert
+  changed_when: __sap_hypervisor_node_preconfigure_kernelcmdline_assert.rc != 0
 
 - name: "Assert - Kernel same page merging (KSM): Get status"
-  ansible.builtin.shell: systemctl status ksm
+  ansible.builtin.command: systemctl status ksm
   register: __sap_hypervisor_node_preconfigure_ksmstatus_assert
   ignore_errors: yes
+  changed_when: __sap_hypervisor_node_preconfigure_ksmstatus_assert.rc != 0
 
 - name: "Assert - Kernel same page merging (KSM): Check if stopped"
   ansible.builtin.assert:
@@ -18,9 +20,10 @@
   ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
 - name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Get status"
-  ansible.builtin.shell: systemctl status ksmtuned
+  ansible.builtin.command: systemctl status ksmtuned
   register: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert
   ignore_errors: yes
+  changed_when: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert.rc != 0
 
 - name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Check if stopped"
   ansible.builtin.assert:
@@ -30,10 +33,12 @@
   ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
 - name: Check CPU Stepping
-  ansible.builtin.shell: lscpu | awk '/Stepping/{print $2}'
+  ansible.builtin.shell: set -o pipefail && lscpu | awk '/Stepping/{print $2}'
   register: __sap_hypervisor_node_preconfigure_cpu_stepping_output_assert
+  changed_when: __sap_hypervisor_node_preconfigure_cpu_stepping_output_assert.rc != 0
 
-- set_fact:
+- name: register stepping as fact
+  set_fact:
     __sap_hypervisor_node_preconfigure_cpu_stepping_assert: "{{ __sap_hypervisor_node_preconfigure_cpu_stepping_output_assert.stdout }}"
 
 - name: Print CPU Stepping
@@ -47,6 +52,7 @@
       ansible.builtin.command: grep -E '^options\s+kvm_intel.*?ple_gap\s*=\s*0.*$' /etc/modprobe.d/kvm.conf
       register: __sap_hypervisor_node_preconfigure_skylake_plegap_assert
       ignore_errors: yes
+      changed_when: __sap_hypervisor_node_preconfigure_skylake_plegap_assert.rc != 0
 
     - name: Assert - Check if ple_gap=0
       ansible.builtin.assert:
@@ -76,9 +82,11 @@
 
 - name: Assert - check seccomp_sanbox=0
   block:
-    - command: grep -E '^seccomp_sandbox\s+=\s+0.*$' /etc/libvirt/qemu.conf
+    - name: Get seccomp setting
+      ansible.builtin.command: grep -E '^seccomp_sandbox\s+=\s+0.*$' /etc/libvirt/qemu.conf
       register: __sap_hypervisor_node_preconfigure_seccomp_assert
       ignore_errors: yes
+      changed_when: __sap_hypervisor_node_preconfigure_seccomp_assert.rc != 0
 
     - name: "Assert - Check seccomp_sanbox=0 is in /etc/libvirt/qemu.conf"
       ansible.builtin.assert:
@@ -90,8 +98,9 @@
 - name: Assert - check amount of 1G hugepages
   block:
     - name: Get amount of 1G hugepages
-      ansible.builtin.shell: hugeadm --pool-list | grep 1073741824 | awk '{print $3}'
-      register: __sap_hypervisor_node_preconfigure_1Ghugepages_assert
+      ansible.builtin.shell: set -o pipefail && hugeadm --pool-list | grep 1073741824 | awk '{print $3}'
+      register: __sap_hypervisor_node_preconfigure_1g_hugepages_assert
+      changed_when: __sap_hypervisor_node_preconfigure_1g_hugepages_assert.rc != 0
 
     - name: "Check that at least {{ sap_hypervisor_node_preconfigure_reserved_ram }} GB are available for the hypervisor and the rest are 1G hugepages"
       ansible.builtin.assert:
@@ -102,26 +111,24 @@
 
 - name: Assert - check Kernel command line
   block:
-    - assert:
+    - name: Ensure iommu is enabled
+      ansible.builtin.assert:
         that: "'intel_iommu=on' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: intel_iommu=on not on Kernel command line"
         success_msg: "PASS: intel_iommu=on on Kernel command line"
       ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
-    - assert:
+    - name: Ensure iommu passthrough is enabled
+      ansible.builtin.assert:
         that: "'iommu=pt' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: iommu=pt not on Kernel command line"
         success_msg: "PASS: iommu=pt on Kernel command line"
       ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
 
-    - assert:
+    # XXX shouldn't tsx be on?
+    - name: Ensure tsx is off
+      ansible.builtin.assert:
         that: "'tsx=off' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout"
         fail_msg: "FAIL: tsx=off not on Kernel command line"
         success_msg: "PASS: tsx=off on Kernel command line"
       ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}"
-
-
-#- name: Trigger tuned profile sap-hana-kvm activation
-#  include_tasks: set-tuned-profile.yml
-#
-##### install hooks: HP, cpufreq
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml
index 2abf6750e..4838f18fd 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml
@@ -2,6 +2,7 @@
 - name: Check file permissions
   ansible.builtin.command: "stat -c%a /usr/libexec/vdsm/hooks/before_vm_start/{{ item }}"
   register: __sap_hypervisor_node_preconfigure_register_file_permissions_assert
+  changed_when: __sap_hypervisor_node_preconfigure_register_file_permissions_assert.rc != 0
 
 - name: Assert hook file permissions
   ansible.builtin.assert:
@@ -14,16 +15,19 @@
   ansible.builtin.file:
     path: /tmp/sap_hypervisor_node_preconfigure
     state: directory
+    mode: "0755"
 
 - name: Copy hook for checking
   ansible.builtin.copy:
     dest: "/tmp/sap_hypervisor_node_preconfigure/{{ item }}"
     src: "{{ item }}"
+    mode: "0755"
 
 - name: Diff hook
   ansible.builtin.command: "diff -uw /tmp/sap_hypervisor_node_preconfigure/{{ item }} /usr/libexec/vdsm/hooks/before_vm_start/{{ item }}"
   register: __sap_hypervisor_node_preconfigure_register_hook_diff_assert
   ignore_errors: yes
+  changed_when: __sap_hypervisor_node_preconfigure_register_hook_diff_assert.rc != 0
 
 - name: Assert hook content
   ansible.builtin.assert:
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml
index cb6508c2f..ab0d0c9b3 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml
@@ -4,6 +4,7 @@
     - name: Get tuned profile
       ansible.builtin.command: tuned-adm active
       register: __sap_hypervisor_node_preconfigure_tuned_profile_assert
+      changed_when: __sap_hypervisor_node_preconfigure_tuned_profile_assert.rc != 0
 
     - name: Verify tuned profile
       ansible.builtin.assert:
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml
index e7ae07c18..8bd29ba87 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml
@@ -1,60 +1,29 @@
 ---
 # tasks file for sap_hypervisor_node_preconfigure
 
-- name: Test if kernel same page merging (KSM) exists
-  ansible.builtin.shell: systemctl cat ksm
-  register: ksm
-  ignore_errors: true
-  become: true
-  become_user: root
-
-- name: Test if kernel same page merging (KSM) tuning daemon exists
-  ansible.builtin.shell: systemctl cat ksmtuned
-  register: ksmtuned
-  ignore_errors: true
-  become: true
-  become_user: root
-
-- name: Stop kernel same page merging (KSM)
-  ansible.builtin.shell: systemctl stop ksm
-  when: ksm.rc == 0
-  become: true
-  become_user: root
-
-- name: Disable kernel same page merging (KSM)
-  ansible.builtin.shell: systemctl disable ksm
-  when: ksm.rc == 0
-  become: true
-  become_user: root
-
-- name: Stop Kernel Samepage Merging (KSM) Tuning Daemon
-  ansible.builtin.shell: systemctl stop ksmtuned
-  when: ksmtuned.rc == 0
-  become: true
-  become_user: root
-
-- name: Disable Kernel Samepage Merging (KSM) Tuning Daemon
-  ansible.builtin.shell: systemctl disable ksmtuned
-  when: ksmtuned.rc == 0
-  become: true
-  become_user: root
+- name: Stop and disable kernel same page merging (KSM)
+  ansible.builtin.systemd:
+    name: ksm
+    state: stopped
+    enabled: false
+
+- name: Stop and disable kernel same page merging (KSM) tuning daemon
+  ansible.builtin.systemd:
+    name: ksmtuned
+    state: stopped
+    enabled: false
 
 - name: Check CPU Stepping
-  ansible.builtin.shell: lscpu | awk '/Stepping/{print $2}'
+  ansible.builtin.shell: set -o pipefail && lscpu | awk '/Stepping/{print $2}'
   register: cpu_stepping_output
-  become: true
-  become_user: root
+  changed_when: cpu_stepping_output.rc != 0
 
-- set_fact:
+- name: Register CPU stepping as fact
+  set_fact:
     cpu_stepping: "{{ cpu_stepping_output.stdout }}"
   become: true
   become_user: root
 
-- name: Print CPU Stepping
-  ansible.builtin.shell: echo "{{ cpu_stepping }}"
-  become: true
-  become_user: root
-
 # skylake:
 - name: Set ple_gap=0 on Intel Skylake CPU Platform
   ansible.builtin.lineinfile:
@@ -108,7 +77,7 @@
   become: true
   become_user: root
 
-- name: Trigger tuned profile sap-hana-kvm activation
+- name: Include allocate hughepages at runtime
   ansible.builtin.include_tasks: allocate-hugepages-at-runtime.yml
   when: sap_hypervisor_node_preconfigure_reserve_hugepages == "runtime"
 
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml
index 045b55069..ee0d63a8d 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml
@@ -3,6 +3,7 @@
   ansible.builtin.file:
     path: /usr/libexec/vdsm/hooks/before_vm_start
     state: directory
+    mode: "0755"
   become: true
   become_user: root
 
@@ -10,6 +11,6 @@
   ansible.builtin.copy:
     dest: "/usr/libexec/vdsm/hooks/before_vm_start/{{ item }}"
     src: "{{ item }}"
-    mode: '0755'
+    mode: "0755"
   become: true
   become_user: root
diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml
index 415c4a194..91c3d7757 100644
--- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml
+++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml
@@ -3,12 +3,14 @@
   ansible.builtin.file:
     path: /usr/lib/tuned/sap-hana-kvm-host
     state: directory
+    mode: "0755"
   become: true
   become_user: root
 
 - name: Create sap-hana-kvm-host tuned profile
   ansible.builtin.copy:
     dest: "/usr/lib/tuned/sap-hana-kvm-host/tuned.conf"
+    mode: "0644"
     content: |
         #
         # tuned configuration
@@ -36,5 +38,7 @@
 
 - name: Activate tuned profile
   ansible.builtin.command: tuned-adm profile sap-hana-kvm-host
+  register: __sap_hypervisor_node_preconfigre_register_tuned_activation_output
   become: true
   become_user: root
+  changed_when: __sap_hypervisor_node_preconfigre_register_tuned_activation_output.rc != 0