I’ve started seeing a weird behavior with ansible-lint quite recently. Specifically, that it seems it started to resolving symlinks to their destination.
While it can be fine in most cases, it is very confusing in CI, where instead of installing role as it should be installed, we symlink it from CI-prepared directory to DEFAULT_ROLES_PATH
We make a symlink from /home/zuul/src/opendev.org/openstack/ansible-role-httpd/ to /etc/ansible/roles/httpd/ (as we expect users to have role installed under it’s proper name).
Then, our example playbook tries to be quite abstract, ie:
---
- name: Installing Apache Web Server
hosts: httpd
roles:
- role: "{{ playbook_dir | dirname | basename }}"
So while we run ansible-lint /etc/ansible/roles/httpd/examples/playbook.yml it actually seems to launch “original” location: /home/zuul/src/opendev.org/openstack/ansible-role-httpd/examples/playbook.yml
Full output is like this:
+ /opt/ansible-runtime/bin/ansible-lint /etc/ansible/roles/httpd/examples/playbook.yml -c /home/zuul/src/opendev.org/openstack/openstack-ansible/.ansible-lint
WARNING: PATH altered to include /opt/ansible-runtime/bin, /opt/ansible-runtime/bin :: This is usually a sign of broken local setup, which can cause unexpected behaviors.
[DEPRECATION WARNING]: DEFAULT_GATHER_SUBSET option, the module_defaults
keyword is a more generic version and can apply to all calls to the
M(ansible.builtin.gather_facts) or M(ansible.builtin.setup) actions, use
module_defaults instead. This feature will be removed from ansible-core in
version 2.18. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
WARNING Listing 1 violation(s) that are fatal
syntax-check[specific]: the role 'ansible-role-httpd' was not found in /home/zuul/src/opendev.org/openstack/ansible-role-httpd/examples/roles:/root/.cache/ansible-compat/8cbc9d/roles:/etc/ansible/roles:/etc/ansible/roles/ceph-ansible/roles:/home/zuul/src/opendev.org/openstack/ansible-role-httpd/examples
/home/zuul/src/opendev.org/openstack/ansible-role-httpd/examples/playbook.yml:5:7
# Rule Violation Summary
1 syntax-check profile:min tags:core,unskippable
Failed: 1 failure(s), 0 warning(s) on 1 files.
Yeah, I think that the bug report mentioned is related. I think we’ve started observing the issue between Jan 14 and Feb 17.
And sure, adjusting ANSIBLE_ROLES_PATH would sort it out. But the point is kind of to set the CI in a way that most consumers will use roles as well, so we’d love to avoid this workaround.
Another workaround would be in our case to leave an example playbook alone, and supply molecule a different converge file. As this approach with role: "{{ playbook_dir | dirname | basename }}" was to satisfy both molecule and ansible-lint which we execute separately.