Fix ansible lint issues in all roles and playbooks

.ansible-lint

@@ -3,9 +3,11 @@
 
 # Exclude these files from the linter
 exclude_paths:
-  - .gitlab
+  - .git*
 
 # Rules that we feel should not be errors but warnings
 warn_list:
   - yaml[line-length]
   - var-naming[no-role-prefix]
+  - meta-runtime[unsupported-version]
+  - run-once[task]

galaxy.yml

@@ -16,11 +16,11 @@ readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
-- Steven Schattenberg <steven.schattenberg@itential.com>
-- Travis Nicks <travis.nicks@itential.com>
-- Kevin Velarde <kevin.velarde@itential.com>
-- Peter Sprygada <peter.sprygada@itential.com>
-- Nick Andreano <nick.andreano@itential.com>
+  - Steven Schattenberg <steven.schattenberg@itential.com>
+  - Travis Nicks <travis.nicks@itential.com>
+  - Kevin Velarde <kevin.velarde@itential.com>
+  - Peter Sprygada <peter.sprygada@itential.com>
+  - Nick Andreano <nick.andreano@itential.com>
 
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
@@ -38,6 +38,7 @@ license_file: 'LICENSE'
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
 tags:
+  - tools
   - itential
   - deployer
 

playbooks/install_active_standby.yml

@@ -68,13 +68,6 @@
         - mongodb
         - mongodb_install
 
-    # Insert some day zero data into the MongoDB, Itential users, profiles,
-    # configure redis, configure rabbitmq, etc...
-    - role: itential.deployer.mongodb_init
-      tags:
-        - mongodb
-        - mongodb_init
-
     # Enable MongoDB replication, configure replica set if required
     # https://www.mongodb.com/docs/manual/replication/
     - role: itential.deployer.mongodb_replication
@@ -129,12 +122,6 @@
         - platform
         - platform_install
 
-    # Install any listed apps and/or adapters
-    - role: itential.deployer.platform_adapters
-      tags:
-        - platform
-        - platform_adapters
-
 - name: Install IAP
   hosts: platform
   become: true

playbooks/prometheus.yml

@@ -10,7 +10,7 @@
     - role: itential.deployer.common_vars
       tags:
         - always
-        
+
     - role: itential.deployer.prometheus
       tags:
-        - prometheus_install
+        - prometheus_install

roles/common_vars/defaults/main/prometheus.yml

@@ -2,4 +2,4 @@
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 ---
 prometheus: false
-prometheus_grafana: false
+prometheus_grafana: false

roles/gateway/tasks/download-packages-python.yml

@@ -22,7 +22,7 @@
     file: download-python-dependencies.yml
 
 - name: Uninstall Python rpms
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: absent
     autoremove: true

roles/gateway/tasks/download-packages.yml

@@ -37,7 +37,7 @@
   tags: download_gateway_packages
 
 - name: Install Gateway rpms
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: present
   with_items: "{{ gateway_packages }}"
@@ -71,7 +71,7 @@
     dest_dir: "{{ rpms_download_dir_control_node }}"
 
 - name: Uninstall Gateway packages
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: absent
     autoremove: true

roles/gateway/tasks/main.yml

@@ -7,6 +7,7 @@
   with_first_found:
     - "{{ iag_release }}-{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version }}.yml"
     - "release-undefined.yml"
+  tags: always
 
 - name: Check for valid IAG release
   ansible.builtin.fail:
@@ -24,7 +25,7 @@
   register: workingdir
 
 - name: Install Gateway packages (online)
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: present
   with_items: "{{ gateway_packages }}"
@@ -95,9 +96,11 @@
   when: iag_https and iag_ssl_copy_certs
 
 - name: Install Python
-  ansible.builtin.include_tasks:
-    file: install-python.yml
   tags: install_python
+  block:
+    - name: Install Python
+      ansible.builtin.include_tasks:
+        file: install-python.yml
 
 # Need to install ansible within the virtual environment
 - name: Install Ansible

roles/mongodb/tasks/download-packages-python.yml

@@ -39,7 +39,7 @@
     - app_python_dependencies | length > 0
 
 - name: Uninstall Python rpms
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: absent
     autoremove: true

roles/mongodb/tasks/mongodb-online.yml

@@ -16,7 +16,7 @@
 
 # Install mongodb if mongodb is not already installed
 - name: Install MongoDB packages (online)
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ mongodb_packages }}"
     state: present
   when: "'mongodb-org' not in ansible_facts.packages"

roles/offline/tasks/download-adapter.yml

@@ -15,7 +15,7 @@
   ansible.builtin.set_fact:
     adapter_name: "{{ adapter | basename | split('.') | first }}"
 
-- name: Git clone {{ adapter }}
+- name: Git clone adapter # noqa: latest (always clone the latest)
   ansible.builtin.git:
     repo: "{{ adapter }}"
     dest: "{{ download_dir }}/{{ adapter_name }}"
@@ -35,9 +35,9 @@
     chdir: "{{ download_dir }}/{{ adapter_name }}"
   changed_when: true
 
-# The bundleDependencies defines an array of package names that will be bundled 
+# The bundleDependencies defines an array of package names that will be bundled
 # when publishing the package.  This really should be defined in the package.json
-# when it's downloaded.  If it is not already defined, set it to true.  A value of true 
+# when it's downloaded.  If it is not already defined, set it to true.  A value of true
 # will bundle all dependencies.
 - name: Check if bundleDependencies is already defined in package.json
   ansible.builtin.lineinfile:

roles/offline/tasks/download-rpms.yml

@@ -29,20 +29,20 @@
         mode: '0755'
 
     - name: Download packages (ansible yum module)
-      ansible.builtin.yum:
+      ansible.builtin.dnf:
         name: "{{ download_packages }}"
         state: present
         download_only: true
         download_dir: "{{ download_dir }}"
       when: download_method == "yum_module"
 
-    - name: Download packages (yum install)
+    - name: Download packages (yum install) # noqa command-instead-of-module (yum module does not support downloadonly)
       ansible.builtin.command:
         cmd: yum install --downloadonly --downloaddir "{{ download_dir }}" -y "{{ download_packages }}"
       changed_when: true
       when: download_method == "yum_install"
 
-    - name: Download packages (yum reinstall)
+    - name: Download packages (yum reinstall) # noqa command-instead-of-module (yum module does not support downloadonly)
       ansible.builtin.command:
         cmd: yum reinstall --downloadonly --downloaddir "{{ download_dir }}" -y "{{ download_packages }}"
       changed_when: true
@@ -60,7 +60,7 @@
       when: download_method == "yumdownloader"
       block:
         - name: Install Yum utils
-          ansible.builtin.yum:
+          ansible.builtin.dnf:
             name: yum-utils
             state: present
 
@@ -69,4 +69,3 @@
             cmd: "yumdownloader --resolve --downloaddir {{ download_dir }} {{ download_packages | join(' ') }}"
           changed_when: true
           failed_when: false
-

roles/offline/tasks/install-rpms.yml

@@ -28,13 +28,13 @@
   ansible.builtin.command: rpmdb --rebuilddb
   changed_when: false
 
-- name: Get list of yum repos (to disable temporarily)
+- name: Get list of yum repos (to disable temporarily) # noqa command-instead-of-module (yum module does not support repolist)
   ansible.builtin.command: yum -q repolist
   register: repolist_result
   changed_when: false
 
 - name: Install RPMs
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ rpm_list.files | map(attribute='path') | list | sort }}"
     state: present
     disable_gpg_check: true

roles/os/defaults/main.yml

@@ -1,8 +1,7 @@
 # Copyright (c) 2024, Itential, Inc
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 ---
-yum_update: false
 
 # Offline install settings
 # Refer to the offline variables in common_vars for additional settings
-packages_path: "{{ itential_packages_path }}/{{ iap_release }}/os"
+packages_path: "{{ itential_packages_path }}/{{ iap_release }}/os"

roles/os/tasks/redhat-online.yml

@@ -1,26 +1,20 @@
 # Copyright (c) 2024, Itential, Inc
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 ---
-- name: Update the current yum packages
-  ansible.builtin.yum:
-    name: '*'
-    state: latest
-  when: yum_update | bool
-
 - name: Install OS Packages
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ os_packages }}"
     state: present
     validate_certs: false
     skip_broken: true
     update_cache: true
 
 - name: Install Security Packages
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ security_packages }}"
     state: present
 
 - name: Install Operations Packages
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ operational_packages }}"
     state: present

roles/os/vars/release-undefined.yml

@@ -1,3 +1,3 @@
 # Copyright (c) 2024, Itential, Inc
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
-invalid_os_release: true
+invalid_os_release: true

roles/platform/tasks/backup-mongo.yml

@@ -20,3 +20,6 @@
       - --out="{{ iap_install_dir }}/current/backups"
       - --gzip
       - "{{ mongo_connection_string }}"
+  register: result
+  changed_when: result.rc == 0
+  failed_when: result.rc > 0

roles/platform/tasks/configure-firewalld.yml

@@ -14,10 +14,9 @@
     immediate: true
   when:
     - ansible_facts.services["firewalld.service"] is defined
-    - (ansible_facts.services["firewalld.service"].state == "running")
-    - (ansible_facts.services["firewalld.service"].status == "enabled")
+    - ansible_facts.services["firewalld.service"].state == "running"
+    - ansible_facts.services["firewalld.service"].status == "enabled"
     - not iap_https | bool
-  ignore_errors: true
 
 - name: Open HTTPS Port on FirewallD Public Zone
   ansible.posix.firewalld:
@@ -28,7 +27,6 @@
     immediate: true
   when:
     - ansible_facts.services["firewalld.service"] is defined
-    - (ansible_facts.services["firewalld.service"].state == "running")
-    - (ansible_facts.services["firewalld.service"].status == "enabled")
+    - ansible_facts.services["firewalld.service"].state == "running"
+    - ansible_facts.services["firewalld.service"].status == "enabled"
     - iap_https | bool
-  ignore_errors: true

roles/platform/tasks/download-adapters.yml

@@ -2,7 +2,7 @@
 # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
 ---
 - name: Install rpms required for download
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: present
   with_items:
@@ -11,10 +11,11 @@
   register: install_result
 
 - name: Disable safe repository checks
-  ansible.builtin.command:
-    cmd: "git config --global --add safe.directory '*'"
+  community.general.git_config:
+    name: safe.directory
+    scope: global
+    value: '*'
   when: disable_git_safe_repo_checks
-  changed_when: true
 
 - name: Install NodeJS
   ansible.builtin.include_tasks:
@@ -75,14 +76,14 @@
       with_items: "{{ found_custom_adapters.files }}"
 
 - name: Uninstall rpms required for download
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: absent
     autoremove: true
   with_items: "{{ install_result.results | selectattr('changed', 'equalto', true) | map(attribute='item') }}"
 
 - name: Uninstall nodejs rpms
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: absent
     autoremove: true

roles/platform/tasks/download-packages-python.yml

@@ -36,7 +36,7 @@
     download_dir: "{{ wheels_download_dir_target_node }}/app"
 
 - name: Uninstall Python rpms
-  ansible.builtin.yum:
+  ansible.builtin.dnf:
     name: "{{ item }}"
     state: absent
     autoremove: true