Use absolute in paths in salt scripts

susemanager-utils/susemanager-sls/salt/bootloader/autoinstall.sls

@@ -50,7 +50,7 @@ mgr_set_default_boot:
 
 mgr_elilo_copy_config:
   cmd.run:
-    - name: elilo
+    - name: /sbin/elilo
     - onchanges:
       - file: mgr_create_elilo_entry
       - file: mgr_set_default_boot
@@ -72,7 +72,7 @@ mgr_set_default_boot:
 
 mgr_generate_grubconf:
   cmd.run:
-    - name: grub2-mkconfig -o /boot/grub2/grub.cfg
+    - name: /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
     - onchanges:
       - file: mgr_copy_kernel
       - file: mgr_copy_initrd
@@ -82,7 +82,7 @@ mgr_generate_grubconf:
 
 mgr_autoinstall_start:
   cmd.run:
-    - name: shutdown -r +1
+    - name: /usr/sbin/shutdown -r +1
     - require:
 {% if loader_type == 'grub' %}
       - cmd: mgr_grub_boot_once

susemanager-utils/susemanager-sls/salt/bootstrap/init.sls

@@ -162,7 +162,7 @@ bootstrap_repo:
 {% set salt_minion_installed = (salt['pkg.info_installed']('venv-salt-minion', attr='version', failhard=False).get('venv-salt-minion', {}).get('version') != None) %}
 check_bootstrap_dbg:
   cmd.run:
-    - name: echo "{{ salt_minion_installed }}"
+    - name: /usr/bin/echo "{{ salt_minion_installed }}"
 {% set venv_available_request = salt_minion_installed or salt['http.query'](bootstrap_repo_url + 'venv-enabled-' + grains['osarch'] + '.txt', status=True, verify_ssl=False) %}
 {# Prefer venv-salt-minion if available and not disabled #}
 {%- set use_venv_salt = salt['pillar.get']('mgr_force_venv_salt_minion') or ((salt_minion_installed or (0 < venv_available_request.get('status', 404) < 300)) and not salt['pillar.get']('mgr_avoid_venv_salt_minion')) %}
@@ -326,7 +326,7 @@ copy_transactional_conf_file_to_etc:
     - name: /etc/transactional-update.conf
     - source: /usr/etc/transactional-update.conf
     - unless:
-      - test -f /etc/transactional-update.conf
+      - /usr/bin/test -f /etc/transactional-update.conf
 
 transactional_update_set_reboot_method_systemd:
   file.keyvalue:
@@ -339,6 +339,6 @@ transactional_update_set_reboot_method_systemd:
     - require:
       - file: copy_transactional_conf_file_to_etc
     - unless:
-      - grep -P '^(?=[\s]*+[^#])[^#]*(REBOOT_METHOD=(?!auto))' /etc/transactional-update.conf
+      - /usr/bin/grep -P '^(?=[\s]*+[^#])[^#]*(REBOOT_METHOD=(?!auto))' /etc/transactional-update.conf
 
 {%- endif %}

susemanager-utils/susemanager-sls/salt/bootstrap/remove_traditional_stack.sls

@@ -42,7 +42,7 @@ remove_traditional_stack:
 {%- if grains['os_family'] == 'Suse' %}
       - suseRegisterInfo
 {%- endif %}
-    - unless: rpm -q spacewalk-proxy-common || rpm -q spacewalk-common
+    - unless: /usr/bin/rpm -q spacewalk-proxy-common || /usr/bin/rpm -q spacewalk-common
 
 # only removing apt-transport-spacewalk above
 # causes apt-get update to 'freeze' if this

susemanager-utils/susemanager-sls/salt/bootstrap/set_proxy.sls

@@ -20,7 +20,7 @@
 restart:
   mgrcompat.module_run:
     - name: cmd.run_bg
-    - cmd: "sleep 2; service {{ salt_service }} restart"
+    - cmd: "/usr/bin/sleep 2; /usr/sbin/service {{ salt_service }} restart"
     - python_shell: true
 
 {% else -%}

susemanager-utils/susemanager-sls/salt/certs/init.sls

@@ -8,4 +8,4 @@ mgr_proxy_ca_cert_symlink:
   file.symlink:
     - name: /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
     - target: /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT
-    - onlyif: grep -Eq "^proxy.rhn_parent *= *[a-zA-Z0-9]+" /etc/rhn/rhn.conf && -e /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT
+    - onlyif: /usr/bin/grep -Eq "^proxy.rhn_parent *= *[a-zA-Z0-9]+" /etc/rhn/rhn.conf && -e /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT

susemanager-utils/susemanager-sls/salt/certs/redhat.sls

@@ -3,7 +3,7 @@ enable_ca_store:
   cmd.run:
     - name: /usr/bin/update-ca-trust enable
     - runas: root
-    - unless: "/usr/bin/update-ca-trust check | grep \"PEM/JAVA Status: ENABLED\""
+    - unless: "/usr/bin/update-ca-trust check | /usr/bin/grep \"PEM/JAVA Status: ENABLED\""
 {%- endif %}
 
 mgr_ca_cert:

susemanager-utils/susemanager-sls/salt/channels/init.sls

@@ -42,7 +42,7 @@ mgrchannels_enable_dnf_plugins:
     - pattern: plugins=.*
     - repl: plugins=1
 {#- default is '1' when option is not specififed #}
-    - onlyif: grep -e 'plugins=0' -e 'plugins=False' -e 'plugins=no' /etc/dnf/dnf.conf
+    - onlyif: /usr/bin/grep -e 'plugins=0' -e 'plugins=False' -e 'plugins=no' /etc/dnf/dnf.conf
 {%- endif %}
 
 {# this break the susemanagerplugin as it overwrite HTTP headers (bsc#1214601) #}
@@ -51,7 +51,7 @@ mgrchannels_disable_dnf_rhui_plugin:
     - name: /etc/yum/pluginconf.d/dnf_rhui_plugin.conf
     - pattern: enabled=.*
     - repl: enabled=0
-    - onlyif: grep -e 'enabled=1' -e 'enabled=True' -e 'enabled=yes' /etc/yum/pluginconf.d/dnf_rhui_plugin.conf
+    - onlyif: /usr/bin/grep -e 'enabled=1' -e 'enabled=True' -e 'enabled=yes' /etc/yum/pluginconf.d/dnf_rhui_plugin.conf
 
 {%- endif %}
 
@@ -79,7 +79,7 @@ mgrchannels_enable_yum_plugins:
     - name: /etc/yum.conf
     - pattern: plugins=.*
     - repl: plugins=1
-    - onlyif: grep plugins=0 /etc/yum.conf
+    - onlyif: /usr/bin/grep plugins=0 /etc/yum.conf
 
 {%- endif %}
 {%- endif %}
@@ -135,7 +135,7 @@ mgrchannels_dnf_clean_all:
     - runas: root
     - onchanges:
        - file: "/etc/yum.repos.d/susemanager:channels.repo"
-    -  unless: "/usr/bin/dnf repolist | grep \"repolist: 0$\""
+    -  unless: "/usr/bin/dnf repolist | /usr/bin/grep \"repolist: 0$\""
 {%- endif %}
 {%- if is_yum %}
 mgrchannels_yum_clean_all:
@@ -144,7 +144,7 @@ mgrchannels_yum_clean_all:
     - runas: root
     - onchanges: 
        - file: "/etc/yum.repos.d/susemanager:channels.repo"
-    -  unless: "/usr/bin/yum repolist | grep \"repolist: 0$\""
+    -  unless: "/usr/bin/yum repolist | /usr/bin/grep \"repolist: 0$\""
 {%- endif %}
 {%- elif grains['os_family'] == 'Debian' %}
 install_gnupg_debian:

susemanager-utils/susemanager-sls/salt/cleanup_minion/init.sls

@@ -56,15 +56,15 @@ mgr_remove_salt_master_key:
 {%- if salt['pillar.get']('contact_method') not in ['ssh-push', 'ssh-push-tunnel'] %}
 mgr_disable_salt:
   cmd.run:
-    - name: systemctl disable {{ salt_minion_name }}
+    - name: /usr/bin/systemctl disable {{ salt_minion_name }}
     - require:
       - file: mgr_remove_salt_config
 
 {%- if not grains['transactional'] %}
 mgr_stop_salt:
   cmd.run:
     - bg: True
-    - name: sleep 9 && systemctl stop {{ salt_minion_name }}
+    - name: /usr/bin/sleep 9 && /usr/bin/systemctl stop {{ salt_minion_name }}
     - order: last
     - require:
       - file: mgr_remove_salt_config

susemanager-utils/susemanager-sls/salt/cocoattest/requestdata.sls

@@ -18,28 +18,28 @@ mgr_inst_snpguest:
 
 mgr_write_request_data:
   cmd.run:
-    - name: echo "{{ salt['pillar.get']('attestation_data:nonce') }}" | base64 -d > /tmp/cocoattest/request-data.txt
-    - onlyif: test -x /usr/bin/base64
+    - name: /usr/bin/echo "{{ salt['pillar.get']('attestation_data:nonce') }}" | base64 -d > /tmp/cocoattest/request-data.txt
+    - onlyif: /usr/bin/grep -x /usr/bin/base64
     - require:
       - file: mgr_create_attestdir
 
 mgr_create_snpguest_report:
   cmd.run:
-    - name: snpguest report /tmp/cocoattest/report.bin /tmp/cocoattest/request-data.txt
+    - name: /usr/bin/snpguest report /tmp/cocoattest/report.bin /tmp/cocoattest/request-data.txt
     - require:
       - cmd: mgr_write_request_data
       - file: mgr_create_attestdir
 
 mgr_snpguest_report:
   cmd.run:
-    - name: cat /tmp/cocoattest/report.bin | base64
+    - name: /usr/bin/cat /tmp/cocoattest/report.bin | base64
     - require:
       - cmd: mgr_create_snpguest_report
       - file: mgr_create_attestdir
 
 mgr_secureboot_enabled:
   cmd.run:
-    - name: mokutil --sb-state
+    - name: /usr/bin/mokutil --sb-state
     - success_retcodes:
       - 255
       - 0

susemanager-utils/susemanager-sls/salt/hardware/profileupdate.sls

@@ -154,7 +154,7 @@ dns_fqdns:
       - mgrcompat: sync_states
 {%- endif %}
     - onlyif:
-        which host || which nslookup
+        /usr/bin/which host || /usr/bin/which nslookup
 {% endif%}
 {% if 'network.fqdns' in salt %}
 fqdns:

susemanager-utils/susemanager-sls/salt/images/kiwi-image-build.sls

@@ -42,7 +42,7 @@ mgr_buildimage_prepare_activation_key_in_source:
 {%- if use_kiwi_ng %}
 # KIWI NG
 #
-{%- set kiwi = 'kiwi-ng' %}
+{%- set kiwi = '/usr/bin/kiwi-ng' %}
 
 {%- set kiwi_options = pillar.get('kiwi_options', '') %}
 {%- set bootstrap_packages = ['findutils', 'rhn-org-trusted-ssl-cert-osimage'] %}
@@ -91,7 +91,7 @@ mgr_buildimage_kiwi_bundle:
 
 # i586 build on x86_64 host must be called with linux32
 # let's consider the build i586 if there is no x86_64 repo specified
-{%- set kiwi = 'linux32 kiwi' if (pillar.get('kiwi_repositories')|join(' ')).find('x86_64') == -1 and grains.get('osarch') == 'x86_64' else 'kiwi' %}
+{%- set kiwi = '/usr/bin/linux32 /usr/bin/kiwi' if (pillar.get('kiwi_repositories')|join(' ')).find('x86_64') == -1 and grains.get('osarch') == 'x86_64' else '/usr/bin/kiwi' %}
 
 # in SLES11 Kiwi the --add-repotype is required
 {%- macro kiwi_params() -%}

susemanager-utils/susemanager-sls/salt/images/kiwi-image-inspect.sls

@@ -20,6 +20,6 @@ mgr_inspect_kiwi_image:
 
 mgr_kiwi_cleanup:
   cmd.run:
-    - name: "rm -rf '{{ root_dir }}'"
+    - name: "/usr/bin/rm -rf '{{ root_dir }}'"
     - require:
       - mgrcompat: mgr_inspect_kiwi_image

susemanager-utils/susemanager-sls/salt/images/profileupdate.sls

@@ -32,7 +32,7 @@ mgr_container_remove:
     - args: [ "{{ container_name }}" ]
     - force: False
     - onlyif:
-      - docker ps -a | grep "{{ container_name }}" >/dev/null
+      - /usr/bin/docker ps -a | /usr/bin/grep "{{ container_name }}" >/dev/null
 
 mgr_image_remove:
   mgrcompat.module_run:
@@ -85,7 +85,7 @@ mgr_container_remove:
     - args: [ "{{ container_name }}" ]
     - force: False
     - onlyif:
-      - docker ps -a | grep "{{ container_name }}" >/dev/null
+      - /usr/bin/docker ps -a | /usr/bin/grep "{{ container_name }}" >/dev/null
 
 mgr_image_remove:
   mgrcompat.module_run:

susemanager-utils/susemanager-sls/salt/packages/profileupdate.sls

@@ -24,8 +24,8 @@ modules:
 {% elif grains['os_family'] == 'Debian' %}
 debianrelease:
   cmd.run:
-    - name: cat /etc/os-release
-    - onlyif: test -f /etc/os-release
+    - name: /usr/bin/cat /etc/os-release
+    - onlyif: /usr/bin/test -f /etc/os-release
 {% endif %}
 
 include:

susemanager-utils/susemanager-sls/salt/packages/redhatproductinfo.sls

@@ -1,38 +1,38 @@
 {% if grains['os_family'] == 'RedHat' %}
 rhelrelease:
   cmd.run:
-    - name: cat /etc/redhat-release
-    - onlyif: test -f /etc/redhat-release -a ! -L /etc/redhat-release
+    - name: /usr/bin/cat /etc/redhat-release
+    - onlyif: /usr/bin/test -f /etc/redhat-release -a ! -L /etc/redhat-release
 alibabarelease:
   cmd.run:
-    - name: cat /etc/alinux-release
-    - onlyif: test -f /etc/alinux-release
+    - name: /usr/bin/cat /etc/alinux-release
+    - onlyif: /usr/bin/test -f /etc/alinux-release
 centosrelease:
   cmd.run:
-    - name: cat /etc/centos-release
-    - onlyif: test -f /etc/centos-release
+    - name: /usr/bin/cat /etc/centos-release
+    - onlyif: /usr/bin/test -f /etc/centos-release
 oraclerelease:
   cmd.run:
-    - name: cat /etc/oracle-release
-    - onlyif: test -f /etc/oracle-release
+    - name: /usr/bin/cat /etc/oracle-release
+    - onlyif: /usr/bin/test -f /etc/oracle-release
 amazonrelease:
   cmd.run:
-    - name: cat /etc/system-release
-    - onlyif: test -f /etc/system-release && grep -qi Amazon /etc/system-release
+    - name: /usr/bin/cat /etc/system-release
+    - onlyif: /usr/bin/test -f /etc/system-release && grep -qi Amazon /etc/system-release
 almarelease:
   cmd.run:
-    - name: cat /etc/almalinux-release
-    - onlyif: test -f /etc/almalinux-release
+    - name: /usr/bin/cat /etc/almalinux-release
+    - onlyif: /usr/bin/test -f /etc/almalinux-release
 rockyrelease:
   cmd.run:
-    - name: cat /etc/rocky-release
-    - onlyif: test -f /etc/rocky-release    
+    - name: /usr/bin/cat /etc/rocky-release
+    - onlyif: /usr/bin/test -f /etc/rocky-release
 respkgquery:
   cmd.run:
-    - name: rpm -q --whatprovides 'sles_es-release-server'
-    - onlyif: rpm -q --whatprovides 'sles_es-release-server'
+    - name: /usr/bin/rpm -q --whatprovides 'sles_es-release-server'
+    - onlyif: /usr/bin/rpm -q --whatprovides 'sles_es-release-server'
 sllpkgquery:
   cmd.run:
-    - name: rpm -q --whatprovides 'sll-release'
-    - onlyif: rpm -q --whatprovides 'sll-release'
+    - name: /usr/bin/rpm -q --whatprovides 'sll-release'
+    - onlyif: /usr/bin/rpm -q --whatprovides 'sll-release'
 {% endif %}

susemanager-utils/susemanager-sls/salt/services/salt-minion.sls

@@ -28,7 +28,7 @@ mgr_salt_minion_inst:
 rm_old_venv_python_env:
   cmd.run:
     - name: /usr/lib/venv-salt-minion/bin/post_start_cleanup.sh
-    - onlyif: test -f /usr/lib/venv-salt-minion/bin/post_start_cleanup.sh
+    - onlyif: /usr/bin/test -f /usr/lib/venv-salt-minion/bin/post_start_cleanup.sh
 {%- endif %}
 
 mgr_salt_minion_run:

susemanager-utils/susemanager-sls/salt/srvmonitoring/disable.sls

@@ -28,8 +28,8 @@ jmx_taskomatic_config:
 
 mgr_enable_prometheus_self_monitoring:
   cmd.run:
-    - name: grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 0/' /etc/rhn/rhn.conf || echo 'prometheus_monitoring_enabled = 0' >> /etc/rhn/rhn.conf
+    - name: /usr/bin/grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 0/' /etc/rhn/rhn.conf || echo 'prometheus_monitoring_enabled = 0' >> /etc/rhn/rhn.conf
 
 mgr_is_prometheus_self_monitoring_disabled:
   cmd.run:
-    - name: grep -qF 'prometheus_monitoring_enabled = 0' /etc/rhn/rhn.conf
+    - name: /usr/bin/grep -qF 'prometheus_monitoring_enabled = 0' /etc/rhn/rhn.conf

susemanager-utils/susemanager-sls/salt/srvmonitoring/enable.sls

@@ -139,8 +139,8 @@ jmx_exporter_taskomatic_service_cleanup:
 
 mgr_enable_prometheus_self_monitoring:
   cmd.run:
-    - name: grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 1/' /etc/rhn/rhn.conf || echo 'prometheus_monitoring_enabled = 1' >> /etc/rhn/rhn.conf
+    - name: /usr/bin/grep -q '^prometheus_monitoring_enabled.*=.*' /etc/rhn/rhn.conf && sed -i 's/^prometheus_monitoring_enabled.*/prometheus_monitoring_enabled = 1/' /etc/rhn/rhn.conf || echo 'prometheus_monitoring_enabled = 1' >> /etc/rhn/rhn.conf
 
 mgr_is_prometheus_self_monitoring_enabled:
   cmd.run:
-    - name: grep -qF 'prometheus_monitoring_enabled = 1' /etc/rhn/rhn.conf
+    - name: /usr/bin/grep -qF 'prometheus_monitoring_enabled = 1' /etc/rhn/rhn.conf

susemanager-utils/susemanager-sls/salt/srvmonitoring/removejmxprops.sls

@@ -1,24 +1,24 @@
 remove_{{remove_jmx_props.service}}_jmx_host:
   cmd.run:
-    - name: sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.host=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
-    - onlyif: grep -F -- '-Dcom.sun.management.jmxremote.host=' {{remove_jmx_props.file}}
+    - name: /usr/bin/sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.host=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
+    - onlyif: /usr/bin/grep -F -- '-Dcom.sun.management.jmxremote.host=' {{remove_jmx_props.file}}
 
 remove_{{remove_jmx_props.service}}_jmx_port:
   cmd.run:
-    - name: sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.port=[0-9]*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
-    - onlyif: grep -E -- '-Dcom\.sun\.management\.jmxremote\.port=[0-9]+' {{remove_jmx_props.file}}
+    - name: /usr/bin/sed -ri 's/JAVA_OPTS="(.*)-Dcom\.sun\.management\.jmxremote\.port=[0-9]*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
+    - onlyif: /usr/bin/grep -E -- '-Dcom\.sun\.management\.jmxremote\.port=[0-9]+' {{remove_jmx_props.file}}
 
 remove_{{remove_jmx_props.service}}_jmx_ssl:
   cmd.run:
-    - name: sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.ssl=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
-    - onlyif: grep -F -- '-Dcom.sun.management.jmxremote.ssl=false' {{remove_jmx_props.file}}
+    - name: /usr/bin/sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.ssl=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
+    - onlyif: /usr/bin/grep -F -- '-Dcom.sun.management.jmxremote.ssl=false' {{remove_jmx_props.file}}
 
 remove_{{remove_jmx_props.service}}_jmx_auth:
   cmd.run:
-    - name: sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.authenticate=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
-    - onlyif: grep -F -- '-Dcom.sun.management.jmxremote.authenticate=false' {{remove_jmx_props.file}}
+    - name: /usr/bin/sed -i 's/JAVA_OPTS="\(.*\)-Dcom\.sun\.management\.jmxremote\.authenticate=false\(.*\)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
+    - onlyif: /usr/bin/grep -F -- '-Dcom.sun.management.jmxremote.authenticate=false' {{remove_jmx_props.file}}
 
 remove_{{remove_jmx_props.service}}_jmx_hostname:
   cmd.run:
-    - name: sed -ri 's/JAVA_OPTS="(.*)-Djava\.rmi\.server\.hostname=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
-    - onlyif: grep -F -- '-Djava.rmi.server.hostname=' {{remove_jmx_props.file}}
+    - name: /usr/bin/sed -ri 's/JAVA_OPTS="(.*)-Djava\.rmi\.server\.hostname=\S*(.*)"/JAVA_OPTS="\1 \2"/' {{remove_jmx_props.file}}
+    - onlyif: /usr/bin/grep -F -- '-Djava.rmi.server.hostname=' {{remove_jmx_props.file}}

susemanager-utils/susemanager-sls/salt/srvmonitoring/status.sls

@@ -22,7 +22,7 @@ jmx_taskomatic_java_config:
 
 mgr_is_prometheus_self_monitoring_enabled:
   cmd.run:
-    - name: grep -q -E 'prometheus_monitoring_enabled\s*=\s*(1|y|true|yes|on)\s*$' /etc/rhn/rhn.conf
+    - name: /usr/bin/grep -q -E 'prometheus_monitoring_enabled\s*=\s*(1|y|true|yes|on)\s*$' /etc/rhn/rhn.conf
 
 include:
   - util.syncstates

susemanager-utils/susemanager-sls/salt/ssh_bootstrap/init.sls

@@ -37,7 +37,7 @@ proxy_ssh_identity:
 
 generate_own_ssh_key:
   cmd.run:
-    - name: ssh-keygen -N '' -C 'susemanager-own-ssh-push' -f {{ home }}/.ssh/mgr_own_id -t rsa -q
+    - name: /usr/bin/ssh-keygen -N '' -C 'susemanager-own-ssh-push' -f {{ home }}/.ssh/mgr_own_id -t rsa -q
     - creates: {{ home }}/.ssh/mgr_own_id.pub
 
 ownership_own_ssh_key: