notebook

都内でWEB系エンジニアやってます。

ansible-lintを入れてみる

Ansible

入れる機会があったのでメモしておく

dotfilesで使っているAnsibleに入れた

ansible/ansible-lint: Best practices checker for Ansible

github.com

インストール

pip install ansible-lint

設定

  • .ansible-lint
parseable: true
quiet: true
use_default_rules: true
verbosity: 1
skip_list:
  - '401'

他にも指定できるみたいだがいったんはデフォルトに近い形で設定する

parseable, quietは出力フォーマットに影響があるので好みの設定で使えば良さそう

各種設定はREADME読むのが良さそう

実行

実行してみる

playbook1つ指定するとそこで読み込んでいるroleなどもlintの対象にしてくれる

$ ansible-lint ubuntu.yml mac.yml development.yml
Examining development.yml of type playbook
Examining roles/common/tasks/debian.yml of type tasks
Examining roles/common/tasks/main.yml of type tasks
Examining roles/common/tasks/redhat.yml of type tasks
Examining roles/git/tasks/main.yml of type tasks
Examining roles/zsh/tasks/main.yml of type tasks
Examining roles/zsh/tasks/source.yml of type tasks
Examining roles/jo/tasks/main.yml of type tasks
Examining roles/peco/tasks/main.yml of type tasks
Examining roles/jq/tasks/main.yml of type tasks
Examining roles/docker-compose/tasks/main.yml of type tasks
Examining roles/terraform/tasks/main.yml of type tasks
Examining roles/embulk/tasks/main.yml of type tasks
Examining roles/sshrc/tasks/main.yml of type tasks
Examining roles/vim8/tasks/main.yml of type tasks
Examining roles/tmux/tasks/main.yml of type tasks
Examining roles/docker/tasks/main.yml of type tasks
Examining roles/samba/tasks/main.yml of type tasks
Examining roles/q/tasks/main.yml of type tasks
Examining roles/nginx/tasks/main.yml of type tasks
Examining roles/notofont/tasks/main.yml of type tasks
Examining roles/by_pip/tasks/main.yml of type tasks
Examining roles/preconfig/tasks/main.yml of type tasks
Examining roles/anyenv/tasks/main.yml of type tasks
Examining roles/direnv/tasks/main.yml of type tasks
Examining roles/powerline/tasks/main.yml of type tasks
Examining roles/zsh_syntax_highlighting/tasks/main.yml of type tasks
Examining roles/postconfig/tasks/main.yml of type tasks
Examining mac.yml of type playbook
Examining roles/brew/tasks/main.yml of type tasks
Examining ubuntu.yml of type playbook
roles/anyenv/tasks/main.yml:1: [E401] Git checkouts must contain explicit version
roles/anyenv/tasks/main.yml:26: [E305] Use shell only when shell functionality is required
roles/anyenv/tasks/main.yml:33: [E305] Use shell only when shell functionality is required
roles/anyenv/tasks/main.yml:48: [E404] Doesn't need a relative path in role
roles/anyenv/tasks/main.yml:60: [E305] Use shell only when shell functionality is required
roles/anyenv/tasks/main.yml:67: [E305] Use shell only when shell functionality is required
roles/anyenv/tasks/main.yml:75: [E305] Use shell only when shell functionality is required
roles/direnv/tasks/main.yml:4: [E206] Variables should have spaces before and after: {{ var_name }}
roles/direnv/tasks/main.yml:9: [E305] Use shell only when shell functionality is required
roles/direnv/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/docker-compose/tasks/main.yml:4: [E206] Variables should have spaces before and after: {{ var_name }}
roles/docker-compose/tasks/main.yml:9: [E305] Use shell only when shell functionality is required
roles/docker-compose/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/docker/tasks/main.yml:4: [E206] Variables should have spaces before and after: {{ var_name }}
roles/docker/tasks/main.yml:9: [E305] Use shell only when shell functionality is required
roles/docker/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/docker/tasks/main.yml:20: [E305] Use shell only when shell functionality is required
roles/embulk/tasks/main.yml:7: [E206] Variables should have spaces before and after: {{ var_name }}
roles/embulk/tasks/main.yml:12: [E305] Use shell only when shell functionality is required
roles/embulk/tasks/main.yml:15: [E206] Variables should have spaces before and after: {{ var_name }}
roles/git/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/git/tasks/main.yml:17: [E303] git used in place of git module
roles/git/tasks/main.yml:17: [E305] Use shell only when shell functionality is required
roles/git/tasks/main.yml:20: [E206] Variables should have spaces before and after: {{ var_name }}
roles/jo/tasks/main.yml:4: [E206] Variables should have spaces before and after: {{ var_name }}
roles/jo/tasks/main.yml:9: [E305] Use shell only when shell functionality is required
roles/jo/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/notofont/tasks/main.yml:2: [E206] Variables should have spaces before and after: {{ var_name }}
roles/notofont/tasks/main.yml:38: [E301] Commands should not change things if nothing needs doing
roles/postconfig/tasks/main.yml:70: [E401] Git checkouts must contain explicit version
roles/postconfig/tasks/main.yml:78: [E301] Commands should not change things if nothing needs doing
roles/powerline/tasks/main.yml:1: [E403] Package installs should not use latest
roles/powerline/tasks/main.yml:4: [E301] Commands should not change things if nothing needs doing
roles/powerline/tasks/main.yml:4: [E305] Use shell only when shell functionality is required
roles/preconfig/tasks/main.yml:13: [E401] Git checkouts must contain explicit version
roles/samba/tasks/main.yml:12: [E503] Tasks that run when changed should likely be handlers
roles/terraform/tasks/main.yml:4: [E206] Variables should have spaces before and after: {{ var_name }}
roles/terraform/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/tmux/tasks/main.yml:4: [E206] Variables should have spaces before and after: {{ var_name }}
roles/tmux/tasks/main.yml:9: [E305] Use shell only when shell functionality is required
roles/tmux/tasks/main.yml:12: [E206] Variables should have spaces before and after: {{ var_name }}
roles/zsh/tasks/main.yml:27: [E401] Git checkouts must contain explicit version
roles/zsh_syntax_highlighting/tasks/main.yml:1: [E401] Git checkouts must contain explicit version

めちゃくちゃ出てきた…

特定ルールの除外

  • skip_list

Exxxの部分のコードを指定すると指摘をスキップできる

Gitのcheckoutバージョンの指定はまぁいいかなということで今回除外した

 [E401] Git checkouts must contain explicit version
  • .ansible-lint
skip_list:
  - '401'

特定行のlint除外

ansible/ansible-lint: Best practices checker for Ansible

github.com

対象行の末尾に # noqa 401 というようにコードを指定すると除外できる

「全体としては適用したいがこの場合はやむなし」のような事情がある場合などに使う

- name: get git version  # noqa 303
  • noqa

いきなり「noqaを書くことで除外できます」といわれて「何の略なんだ?」が気になったので調べた

noqaの元はno quality assuranceらしい

flake8,pep8などのツールもnoqa + コードで指定した気がするのでPython製のツールはこういう感じでやりますよっていう感じなのかな

What does '# noqa' mean in Python comments? - Stack Overflow

stackoverflow.com

とりあえずコードで除外指定できるのはコメントがスッキリして個人的には好きです

※2022-02-28現在、ルール指定の方法にIDを使うのは非推奨になっていく模様(ansible-lintの特定ルール除外方法 | >> swfz[:memo]