major lint auto-fixes

.ansible-lint

@@ -0,0 +1,125 @@
+---
+# .ansible-lint
+
+profile: production # min, basic, moderate,safety, shared, production
+
+# Allows dumping of results in SARIF format
+# sarif_file: result.sarif
+
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option are parsed relative to the CWD of execution.
+exclude_paths:
+  - .cache/ # implicit unless exclude_paths is defined in config
+  - test/fixtures/formatting-before/
+  - test/fixtures/formatting-prettier/
+# parseable: true
+# quiet: true
+# strict: true
+# verbosity: 1
+
+# Mock modules or roles in order to pass ansible-playbook --syntax-check
+mock_modules:
+  - zuul_return
+  # note the foo.bar is invalid as being neither a module or a collection
+  - fake_namespace.fake_collection.fake_module
+  - fake_namespace.fake_collection.fake_module.fake_submodule
+mock_roles:
+  - mocked_role
+  - author.role_name # old standalone galaxy role
+  - fake_namespace.fake_collection.fake_role # role within a collection
+
+# Enable checking of loop variable prefixes in roles
+loop_var_prefix: ^(__|{role}_)
+
+# Enforce variable names to follow pattern below, in addition to Ansible own
+# requirements, like avoiding python identifiers. To disable add `var-naming`
+# to skip_list.
+var_naming_pattern: ^[a-z_][a-z0-9_]*$
+
+use_default_rules: true
+# Load custom rules from this specific folder
+# rulesdir:
+#   - ./rule/directory/
+
+# Ansible-lint is able to recognize and load skip rules stored inside
+# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+# on a new line.
+# Optionally you can add comments after the tag, prefixed by "#". We discourage
+# the use of skip_list below because that will hide violations from the output.
+# When putting ignores inside the ignore file, they are marked as ignored, but
+# still visible, making it easier to address later.
+skip_list:
+  - command-instead-of-shell
+  - yaml[line-length]
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+# You must enable opt-in rules by listing each rule 'id' below.
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  # - name[prefix] # opt-in
+  # add yaml here if you want to avoid ignoring yaml checks when yamllint
+  # library is missing. Normally its absence just skips using that rule.
+  # - yaml
+# Report only a subset of tags and fully ignore any others
+# tags:
+#   - jinja[spacing]
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+warn_list:
+  - skip_this_tag
+  - experimental # experimental is included in the implicit list
+  # - role-name
+  # - yaml[document-start]  # you can also use sub-rule matches
+
+# Some rules can transform files to fix (or make it easier to fix) identified
+# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
+# By default it will run all transforms (effectively `write_list: ["all"]`).
+# You can disable running transforms by setting `write_list: ["none"]`.
+# Or only enable a subset of rule transforms by listing rules/tags here.
+write_list:
+  - all
+
+# Offline mode disables installation of requirements.yml and schema refreshing
+offline: false
+
+# Define required Ansible's variables to satisfy syntax check
+extra_vars:
+  foo: bar
+  multiline_string_variable: |
+    line1
+    line2
+  # complex_variable: ":{;\t$()"
+
+# Uncomment to enforce action validation with tasks, usually is not
+# needed as Ansible syntax check also covers it.
+# skip_action_validation: false
+
+# List of additional kind:pattern to be added at the top of the default
+# match list, first match determines the file kind.
+kinds:
+  - playbook: "**/examples/*.{yml,yaml}"
+  - galaxy: "**/folder/galaxy.yml"
+  - tasks: "**/tasks/*.yml"
+  - vars: "**/vars/*.yml"
+  - meta: "**/meta/main.yml"
+  - yaml: "**/*.yaml-too"
+
+# List of additional collections to allow in only-builtins rule.
+# only_builtins_allow_collections:
+#   - example_ns.example_collection
+
+# List of additions modules to allow in only-builtins rule.
+# only_builtins_allow_modules:
+#   - example_module
+
+# Allow setting custom prefix for name[prefix] rule
+task_name_prefix: "{stem} | "
+# Complexity related settings
+
+# Limit the depth of the nested blocks:
+# max_block_depth: 20

.github/workflows/publish.yml

@@ -1,9 +1,9 @@
+---
 name: Publish to Ansible Galaxy on release
 
 on:
   release:
-    types: [ created ]
-
+    types: [created]
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/tag_on_merge.yml

@@ -1,3 +1,4 @@
+---
 # This workflow will do a clean install of node dependencies, build the source code and run tests across different versions of node
 # For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
 
@@ -31,4 +32,3 @@ jobs:
           github_token: ${{ secrets.GH_TOKEN }}
           force: true
           branch: ${{ github.ref }}
-

handlers/main.yml

@@ -1,16 +1,16 @@
 ---
-- name: restart iptables
+- name: Restart iptables
   service:
     name: iptables
     state: restarted
-    enabled: yes
+    enabled: true
 
 - name: fix ldap perms
   listen: restart slapd
   file:
     path: "{{ openldap_server_app_path }}"
     state: directory
-    recurse: yes
+    recurse: true
     owner: "{{ openldap_server_user }}"
     group: "{{ openldap_server_group }}"
     mode: 0755

meta/main.yml

@@ -1,3 +1,4 @@
+---
 galaxy_info:
   author: Alan Janis
   description: Set up an OpenLDAP webserver with configurable posix users, posix groups, samba authz/authn, samba shares, AutoFS mount configurations.

openldap.yml

@@ -2,18 +2,18 @@
 - name: Deploy OpenLDAP Server with users, ssh keys, autoFS configurations
   hosts: all
   remote_user: root
-  gather_facts: yes
+  gather_facts: true
   tasks:
-    - import_role:
+    - ansible.builtin.include_role:
         name: common
-    - import_role:
+    - ansible.builtin.include_role:
         name: openldap
-      when:  openldap_server_ip is defined and openldap_server_ip != None
-    - import_role:
+      when: openldap_server_ip is defined and openldap_server_ip != None
+    - ansible.builtin.include_role:
         name: ceph-fs
       when:
         - shared_storage
         - storage_backend == "cephfs"
-    - import_role:
+    - ansible.builtin.include_role:
         name: telegraf
       when: "'telegraf' in group_names"

tasks/ldap_account_configure.yml

@@ -26,7 +26,7 @@
     server_uri: "{{ openldap_server_uri }}"
     bind_dn: "{{ openldap_server_bind_dn }}"
     bind_pw: "{{ openldap_server_rootpw }}"
-    dn: "cn={{ item.key }},{{ groups_ou }}"
+    dn: cn={{ item.key }},{{ groups_ou }}
     objectClass:
       - posixGroup
       - top
@@ -44,7 +44,7 @@
   community.general.ldap_attrs:
     bind_dn: "{{ openldap_server_bind_dn }}"
     bind_pw: "{{ openldap_server_rootpw }}"
-    dn: "cn={{ item.key }},{{ groups_ou }}"
+    dn: cn={{ item.key }},{{ groups_ou }}
     attributes:
       memberUid: "{{ item.value.members }}"
     state: exact
@@ -54,12 +54,12 @@
   loop_control:
     label: "{{ item.key }}"
 
-- name: "Set up SSH users"
+- name: Set up SSH users
   community.general.ldap_entry:
     server_uri: "{{ openldap_server_uri }}"
     bind_dn: "{{ openldap_server_bind_dn }}"
     bind_pw: "{{ openldap_server_rootpw }}"
-    dn: "uid={{ item.key }},{{ users_ou }}"
+    dn: uid={{ item.key }},{{ users_ou }}
     objectClass:
       - top
       - posixAccount
@@ -70,7 +70,7 @@
     attributes:
       gidNumber: "{{ item.value.gid | default(omit) }}"
       uidNumber: "{{ item.value.uid | default(omit) }}"
-      homeDirectory: "/home/{{ item.key }}"
+      homeDirectory: /home/{{ item.key }}
       loginShell: "{{ item.value.shell | default('/bin/bash') }}"
       givenName: "{{ item.value.givenname | default(omit) }}"
       sn: "{{ item.value.sn | default(omit) }}"

tasks/ldap_autofs_configure.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Admin OU
   community.general.ldap_entry:
     server_uri: "{{ openldap_server_uri }}"
@@ -15,7 +14,6 @@
   notify:
     - restart_ns_daemons
 
-
 - name: Automount OU
   community.general.ldap_entry:
     server_uri: "{{ openldap_server_uri }}"
@@ -47,19 +45,18 @@
   notify:
     - restart_ns_daemons
 
-
 - name: Home automount CN
   community.general.ldap_entry:
     server_uri: "{{ openldap_server_uri }}"
     bind_dn: "{{ openldap_server_bind_dn }}"
     bind_pw: "{{ openldap_server_rootpw }}"
-    dn: "cn=/home,{{ auto_master_ou }}"
+    dn: cn=/home,{{ auto_master_ou }}
     objectClass:
       - top
       - automount
     attributes:
       cn: /home
-      automountInformation: "ldap:ou=auto.home,ou=automount,ou=admin,{{ openldap_server_dc }} --timeout=60 --ghost"
+      automountInformation: ldap:ou=auto.home,ou=automount,ou=admin,{{ openldap_server_dc }} --timeout=60 --ghost
     state: present
   notify:
     - restart_ns_daemons
@@ -84,7 +81,7 @@
     server_uri: "{{ openldap_server_uri }}"
     bind_dn: "{{ openldap_server_bind_dn }}"
     bind_pw: "{{ openldap_server_rootpw }}"
-    dn: "cn={{ item.key }},{{ auto_home_ou }}"
+    dn: cn={{ item.key }},{{ auto_home_ou }}
     objectClass:
       - top
       - automount
@@ -103,7 +100,7 @@
 
 - name: Update User home directory CNs if needed
   community.general.ldap_attrs:
-    dn: "cn={{ item.key }},{{ auto_home_ou }}"
+    dn: cn={{ item.key }},{{ auto_home_ou }}
     attributes:
       automountInformation: >-
         -fstype=ceph,{{ cephfs_mount_options }}