stackhpc · Alex-Welsh · Dec 1, 2025 · Sep 23, 2025 · Nov 12, 2025 · Nov 12, 2025
@@ -1,10 +1,12 @@
 ---
 exclude_paths:
-  - etc
+  - releasenotes
   - roles
   - tests
   - zuul.d
-strict: true
+# NOTE(mnasiadka): Switched to false due to rules skipped via .ansible-lint-ignore causing
+#                  failures
+strict: false
 use_default_rules: true
 skip_list:
   # [E301] Commands should not change things if nothing needs doing
@@ -35,7 +37,4 @@ skip_list:
   - var-naming[no-role-prefix]
   - risky-file-permissions
   - risky-shell-pipe
-  - command-instead-of-shell
-  - command-instead-of-module
-  - yaml[truthy]
   - yaml[line-length]
@@ -0,0 +1 @@
+etc/kolla/globals.yml yaml[comments] skip
@@ -53,6 +53,7 @@ releasenotes/build
 
 # Files generated by Ansible
 ansible/*.retry
+.ansible/
 
 # Others
 .DS_Store

@@ -2,5 +2,5 @@
 - name: Apply role bifrost
   hosts: bifrost
   roles:
-    - { role: bifrost,
-        tags: bifrost}
+    - role: bifrost
+      tags: bifrost
@@ -50,7 +50,7 @@
       setup:
         filter: "{{ kolla_ansible_setup_filter }}"
         gather_subset: "{{ kolla_ansible_setup_gather_subset }}"
-      delegate_facts: True
+      delegate_facts: true
       delegate_to: "{{ item }}"
       with_items: "{{ delegate_hosts }}"
       when:

@@ -1,5 +1,5 @@
 ---
-enable_aodh: "no"
+enable_aodh: false
 
 # Ports
 aodh_internal_fqdn: "{{ kolla_internal_fqdn }}"

@@ -1,5 +1,5 @@
 ---
-enable_barbican: "no"
+enable_barbican: false
 
 #######################
 # Barbican options

@@ -1,5 +1,5 @@
 ---
-enable_blazar: "no"
+enable_blazar: false
 
 # Ports
 blazar_internal_fqdn: "{{ kolla_internal_fqdn }}"

@@ -1,4 +1,4 @@
 ---
-enable_ceilometer: "no"
-enable_ceilometer_ipmi: "no"
-enable_ceilometer_prometheus_pushgateway: "no"
+enable_ceilometer: false
+enable_ceilometer_ipmi: false
+enable_ceilometer_prometheus_pushgateway: false
@@ -1,5 +1,5 @@
 ---
-enable_ceph_rgw: "no"
+enable_ceph_rgw: false
 enable_ceph_rgw_loadbalancer: "{{ enable_ceph_rgw | bool }}"
 
 ceph_rgw_internal_fqdn: "{{ kolla_internal_fqdn }}"

@@ -3,7 +3,7 @@
 # External Ceph options
 ###################
 # External Ceph - cephx auth enabled (this is the standard nowadays, defaults to yes)
-external_ceph_cephx_enabled: "yes"
+external_ceph_cephx_enabled: true
 
 ceph_cluster: "ceph"
 

@@ -1,21 +1,21 @@
 ---
-enable_cinder: "no"
-enable_cinder_backup: "yes"
+enable_cinder: false
+enable_cinder_backup: true
 enable_cinder_backend_iscsi: "{{ enable_cinder_backend_lvm | bool }}"
-enable_cinder_backend_lvm: "no"
-enable_cinder_backend_nfs: "no"
-enable_cinder_backend_quobyte: "no"
-enable_cinder_backend_pure_iscsi: "no"
-enable_cinder_backend_pure_fc: "no"
-enable_cinder_backend_pure_roce: "no"
-enable_cinder_backend_pure_nvme_tcp: "no"
-enable_cinder_backend_lightbits: "no"
+enable_cinder_backend_lvm: false
+enable_cinder_backend_nfs: false
+enable_cinder_backend_quobyte: false
+enable_cinder_backend_pure_iscsi: false
+enable_cinder_backend_pure_fc: false
+enable_cinder_backend_pure_roce: false
+enable_cinder_backend_pure_nvme_tcp: false
+enable_cinder_backend_lightbits: false
 
 #################################
 # Cinder options
 #################################
-cinder_backend_ceph: "no"
-cinder_backend_huawei: "no"
+cinder_backend_ceph: false
+cinder_backend_huawei: false
 cinder_backend_huawei_xml_files: []
 cinder_volume_group: "cinder-volumes"
 cinder_target_helper: "{{ 'lioadm' if ansible_facts.os_family == 'RedHat' else 'tgtadm' }}"

@@ -1,5 +1,5 @@
 ---
-enable_cloudkitty: "no"
+enable_cloudkitty: false
 
 #######################
 # Cloudkitty options

@@ -1,4 +1,4 @@
 ---
-enable_collectd: "no"
+enable_collectd: false
 
 collectd_udp_port: "25826"
@@ -31,13 +31,13 @@ docker_image_name_prefix: ""
 docker_image_url: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ docker_image_name_prefix }}"
 docker_registry_username:
 # Please read the docs carefully before applying docker_registry_insecure.
-docker_registry_insecure: "no"
+docker_registry_insecure: false
 docker_runtime_directory: ""
 # Docker client timeout in seconds.
 docker_client_timeout: 120
 
 # Docker networking options
-docker_disable_default_iptables_rules: "yes"
+docker_disable_default_iptables_rules: true
 docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}"
 docker_disable_ip_forward: "{{ docker_disable_default_iptables_rules }}"
 
@@ -79,14 +79,13 @@ container_engine_volumes_path: "{{ docker_volumes_path if kolla_container_engine
 # Podman has problem with mounting whole /run directory
 # described here: https://github.com/containers/podman/issues/16305
 run_default_volumes_podman:
-  - '/run/netns:/run/netns:shared'
-  - '/run/lock/nova:/run/lock/nova:shared'
+  - "/run/netns:/run/netns:shared"
+  - "/run/lock/nova:/run/lock/nova:shared"
   - "/run/libvirt:/run/libvirt:shared"
   - "/run/nova:/run/nova:shared"
   - "/run/openvswitch:/run/openvswitch:shared"
 
 run_default_volumes_docker: []
-
 ####################
 # Dimensions options
 ####################
@@ -112,7 +111,7 @@ default_podman_dimensions_el9:
 #####################
 # Healthcheck options
 #####################
-enable_container_healthchecks: "yes"
+enable_container_healthchecks: true
 # Healthcheck options for Docker containers
 # interval/timeout/start_period are in seconds
 default_container_healthcheck_interval: 30
@@ -125,7 +124,6 @@ default_container_healthcheck_start_period: 5
 #######################
 # Extra volumes for Docker Containers
 default_extra_volumes: []
-
 ##################
 # Firewall options
 ##################
@@ -174,8 +172,8 @@ kolla_external_fqdn: "{{ kolla_internal_fqdn if kolla_same_external_internal_vip
 
 kolla_dev_repos_directory: "/opt/stack/"
 kolla_dev_repos_git: "https://opendev.org/openstack"
-kolla_dev_repos_pull: "no"
-kolla_dev_mode: "no"
+kolla_dev_repos_pull: false
+kolla_dev_mode: false
 kolla_source_version: "{% if openstack_release == 'master' %}master{% else %}stable/{{ openstack_release }}{% endif %}"
 
 # Proxy settings for containers such as magnum that need internet access
@@ -202,7 +200,6 @@ api_interface_address: "{{ 'api' | kolla_address }}"
 ####################
 kolla_container_engine: "docker"
 
-
 #########################
 # Internal Image options
 #########################
@@ -213,8 +210,6 @@ kolla_base_distro_version_default_map: {
   "ubuntu": "noble",
 }
 
-distro_python_version: "3"
-
 kolla_base_distro_version: "{{ kolla_base_distro_version_default_map[kolla_base_distro] }}"
 
 ####################
@@ -233,10 +228,10 @@ public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
 internal_protocol: "{{ 'https' if kolla_enable_tls_internal | bool else 'http' }}"
 
 # Additional optional OpenStack features and services are specified here
-enable_central_logging: "no"
+enable_central_logging: false
 
 # Clean images options are specified here
-enable_destroy_images: "no"
+enable_destroy_images: false
 
 ####################
 # Global Options
@@ -246,7 +241,6 @@ enable_destroy_images: "no"
 #   - container1
 #   - container2
 skip_stop_containers: []
-
 ###################
 # Messaging options
 ###################
@@ -321,9 +315,9 @@ openstack_cacert: ""
 
 # Enable core OpenStack services. This includes:
 # glance, keystone, neutron, nova, heat, and horizon.
-enable_openstack_core: "yes"
+enable_openstack_core: true
 
-enable_osprofiler: "no"
+enable_osprofiler: false
 
 ####################
 # Osprofiler options
@@ -336,8 +330,8 @@ osprofiler_backend_connection_string: "{{ valkey_connection_string if osprofiler
 ######################
 # Backend TLS options
 ######################
-kolla_enable_tls_backend: "no"
-kolla_verify_tls_backend: "yes"
+kolla_enable_tls_backend: false
+kolla_verify_tls_backend: true
 kolla_tls_backend_cert: "{{ kolla_certificates_dir }}/backend-cert.pem"
 kolla_tls_backend_key: "{{ kolla_certificates_dir }}/backend-key.pem"
 
@@ -353,7 +347,7 @@ database_enable_tls_backend: "{{ 'yes' if ((kolla_enable_tls_backend | bool) and
 database_enable_tls_internal: "{{ 'yes' if ((kolla_enable_tls_internal | bool) and (enable_proxysql | bool)) else 'no' }}"
 
 # Optionally allow Kolla to set sysctl values
-set_sysctl: "yes"
+set_sysctl: true
 
 # Optionally change the path to sysctl.conf modified by Kolla Ansible plays.
 kolla_sysctl_conf_path: /etc/sysctl.conf
@@ -1,5 +1,5 @@
 ---
-enable_cyborg: "no"
+enable_cyborg: false
 
 cyborg_internal_fqdn: "{{ kolla_internal_fqdn }}"
 cyborg_external_fqdn: "{{ kolla_external_fqdn }}"

@@ -1,5 +1,5 @@
 ---
-enable_designate: "no"
+enable_designate: false
 
 designate_keystone_user: "designate"
 
@@ -10,12 +10,12 @@ designate_keystone_user: "designate"
 designate_backend: "bind9"
 designate_ns_record:
   - "ns1.example.org"
-designate_backend_external: "no"
+designate_backend_external: false
 designate_backend_external_bind9_nameservers: ""
 # Valid options are [ '', valkey ]
 designate_coordination_backend: "{{ 'valkey' if enable_valkey | bool else '' }}"
 
-designate_enable_notifications_sink: "no"
+designate_enable_notifications_sink: false
 designate_notifications_topic_name: "notifications_designate"
 
 dns_interface: "{{ network_interface }}"

@@ -1,5 +1,5 @@
 ---
-enable_etcd: "no"
+enable_etcd: false
 
 etcd_client_port: "2379"
 etcd_peer_port: "2380"

@@ -1,5 +1,5 @@
 ---
-enable_fluentd: "yes"
+enable_fluentd: true
 enable_fluentd_systemd: "{{ (enable_fluentd | bool) and (enable_central_logging | bool) }}"
 
 fluentd_syslog_port: "5140"

@@ -7,13 +7,13 @@ glance_keystone_user: "glance"
 # Glance options
 #######################
 glance_backend_file: "{{ not (glance_backend_ceph | bool or glance_backend_s3 | bool) }}"
-glance_backend_ceph: "no"
-glance_backend_s3: "no"
-enable_glance_image_cache: "no"
+glance_backend_ceph: false
+glance_backend_s3: false
+enable_glance_image_cache: false
 glance_file_datadir_volume: "glance"
-glance_enable_rolling_upgrade: "no"
-glance_enable_property_protection: "no"
-glance_enable_interoperable_image_import: "no"
+glance_enable_rolling_upgrade: false
+glance_enable_property_protection: false
+glance_enable_interoperable_image_import: false
 glance_api_hosts: "{{ [groups['glance-api'] | first] if glance_backend_file | bool and glance_file_datadir_volume == 'glance' else groups['glance-api'] }}"
 # NOTE(mnasiadka): For use in common role
 glance_enable_tls_backend: "{{ kolla_enable_tls_backend }}"

@@ -1,6 +1,6 @@
 ---
-enable_gnocchi: "no"
-enable_gnocchi_statsd: "no"
+enable_gnocchi: false
+enable_gnocchi_statsd: false
 
 #################
 # Gnocchi options

@@ -1,5 +1,5 @@
 ---
-enable_grafana: "no"
+enable_grafana: false
 enable_grafana_external: "{{ enable_grafana | bool }}"
 
 grafana_internal_fqdn: "{{ kolla_internal_fqdn }}"