ansiblelint fixes - fqcn[action-core] - shell to ansible.builtin.shell

Replaces references to shell: with ansible.builtin.shell Signed-off-by: Ryan Lerch <rlerch@redhat.com>
2024-12-19 16:42:30 +10:00 · 2024-12-19 16:42:30 +10:00 · 3c41882bb0
commit 3c41882bb0
parent 25391e95b7
95 changed files with 179 additions and 179 deletions
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@ -125,10 +125,10 @@
  service: name=memcached state=restarted
 - name: restart nagios
-  shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
+  ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
 - name: restart bridge
-  shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge
+  ansible.builtin.shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge
 - name: reload libvirtd
  service: name=libvirtd state=reloaded
--- a/playbooks/check-host.yml
+++ b/playbooks/check-host.yml
@ -10,12 +10,12 @@
  tasks:
  - name: Create temp dir for collecting info
-    shell: mktemp -d
+    ansible.builtin.shell: mktemp -d
    register: temp_dir
    changed_when: false
  - name: Get list of active loaded services with systemctl
-    shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
+    ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
    changed_when: false
    when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
    register: loaded_active_services_systemctl
@ -24,7 +24,7 @@
      - services
  - name: Get list of active loaded services with systemctl
-    shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
+    ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1'
    changed_when: false
    when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat'
    register: loaded_active_services_systemctl
@ -33,7 +33,7 @@
      - services
  - name: Get list of inactive loaded services with systemctl
-    shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
+    ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
    changed_when: false
    when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora'
    register: loaded_inactive_services_systemctl
@ -42,7 +42,7 @@
      - services
  - name: Get list of inactive loaded services with systemctl
-    shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
+    ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1'
    changed_when: false
    when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat'
    register: loaded_inactive_services_systemctl
@ -52,7 +52,7 @@
  - name: Get list of enabled services with chkconfig at current runlevel
-    shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'"
+    ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'"
    changed_when: false
    when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat'
    register: enabled_services_chkconfig
@ -61,7 +61,7 @@
      - services
  - name: Get list of disabled services with chkconfig at current runlevel
-    shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'"
+    ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'"
    changed_when: false
    when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat'
    register: disabled_services_chkconfig
@ -71,7 +71,7 @@
  - name: Output enabled service list chkconfig
-    shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices
+    ansible.builtin.shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices
    when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0
    changed_when: false
    tags:
@ -79,7 +79,7 @@
      - services
  - name: Output disabled loaded service list chkconfig
-    shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices
+    ansible.builtin.shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices
    when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0
    changed_when: false
    tags:
@ -88,7 +88,7 @@
  - name: Output loaded active service list systemctl
-    shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices
+    ansible.builtin.shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices
    when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0
    changed_when: false
    tags:
@ -96,7 +96,7 @@
      - services
  - name: Output loaded inactive service list systemctl
-    shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices
+    ansible.builtin.shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices
    when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0
    changed_when: false
    tags:
@ -114,14 +114,14 @@
      - updates
  - name: Show pending updates
-    shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates
+    ansible.builtin.shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates
    changed_when: false
    tags:
      - check
      - updates
  - name: Get processes that need restarting
-    shell: needs-restarting
+    ansible.builtin.shell: needs-restarting
    register: needs_restarting
    changed_when: false
    tags:
@ -129,14 +129,14 @@
      - restart
  - name: Show processes that need restarting
-    shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart
+    ansible.builtin.shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart
    changed_when: false
    tags:
      - check
      - restart
  - name: Get locally changed files from the rpm package
-    shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no
+    ansible.builtin.shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no
    register: localchanges
    changed_when: false
    tags:
@ -153,7 +153,7 @@
      - fileverify
  - name: Show locally changed files (excluding config files)
-    shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed
+    ansible.builtin.shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed
    when: rpm_va_nc.stdout != ""
    changed_when: false
    tags:
@ -170,7 +170,7 @@
      - fileverify
  - name: 'Whitelist - Show locally changed files (config files)'
-    shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed
+    ansible.builtin.shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed
    changed_when: false
    when: rpm_va_c.stdout != ""
    tags:
@ -178,7 +178,7 @@
      - fileverify
  - name: Check if using iptables
-    shell: /sbin/iptables -S
+    ansible.builtin.shell: /sbin/iptables -S
    register: iptablesn
    changed_when: false
    tags:
@ -186,21 +186,21 @@
      - iptables
  - name: Show iptables rules
-    shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables
+    ansible.builtin.shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables
    changed_when: false
    tags:
      - check
      - iptables
  - name: Show current SELinux status
-    shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux
+    ansible.builtin.shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux
    changed_when: false
    tags:
      - check
      - selinux
  - name: Show Boot SELinux mode
-    shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux
+    ansible.builtin.shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux
    when: ansible_selinux.status != "disabled"
    changed_when: false
    tags:
@ -208,7 +208,7 @@
      - selinux
  - name: Show Current SELinux mode
-    shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux
+    ansible.builtin.shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux
    when: ansible_selinux.status != "disabled"
    changed_when: false
    tags:
@ -216,7 +216,7 @@
      - selinux
  - name: Match current SELinux status with boot status
-    shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux
+    ansible.builtin.shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux
    when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode == ansible_selinux.mode
    changed_when: false
    tags:
@ -225,7 +225,7 @@
  - name: MisMatch current SELinux status with boot status
-    shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux
+    ansible.builtin.shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux
    when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode
    changed_when: false
    tags:
@ -239,12 +239,12 @@
    ignore_errors: true
  - name: Get file list
-    shell: ls -1 {{temp_dir.stdout}}/*
+    ansible.builtin.shell: ls -1 {{temp_dir.stdout}}/*
    register: file_list
    changed_when: false
  - name: Get timestamp
-    shell: "date +%Y-%m-%d-%H-%M-%S"
+    ansible.builtin.shell: "date +%Y-%m-%d-%H-%M-%S"
    register: timestamp
    changed_when: false
--- a/playbooks/checks_log_failed_services.yml
+++ b/playbooks/checks_log_failed_services.yml
@ -7,11 +7,11 @@
  tasks:
    - name: Listing failed units
-      shell: systemctl list-units --state failed --no-legend | awk  '{ print $1 }'
+      ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk  '{ print $1 }'
      register: listing_failed
    - name: Check log with journalctl
-      shell: journalctl -lru {{ item }} -n 50
+      ansible.builtin.shell: journalctl -lru {{ item }} -n 50
      register: display_log
      with_items: "{{ listing_failed.stdout_lines[0:] }}"
--- a/playbooks/groups/ipa.yml
+++ b/playbooks/groups/ipa.yml
@ -60,7 +60,7 @@
  tasks:
  - name: Combine IPA keytabs
-    shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil
+    ansible.builtin.shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil
    changed_when: false
    tags:
    - krb5
--- a/playbooks/groups/pkgs.yml
+++ b/playbooks/groups/pkgs.yml
@ -49,7 +49,7 @@
    user:
      name: pagure
      uid: "{{ pagure_static_uid }}"
-      shell: /sbin/nologin
+      ansible.builtin.shell: /sbin/nologin
      comment: "Pagure User"
    when: env == "staging"
    ## The above should be deleted when we rebuild pkgs02 in future.
--- a/playbooks/groups/proxies.yml
+++ b/playbooks/groups/proxies.yml
@ -148,7 +148,7 @@
  # Do not count these as changed ever
  #
  - name: make sure docs are synced. This could take a very very very logtime to finish
-    shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null
+    ansible.builtin.shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null
    changed_when: false
    ignore_errors: true
--- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
+++ b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
@ -32,7 +32,7 @@
  - import_tasks: "{{ tasks_path }}/motd.yml"
  - name: check if ntpd port is already known by selinux
-    shell: semanage port -l | grep ntp
+    ansible.builtin.shell: semanage port -l | grep ntp
    register: ntp_selinux_port
    check_mode: no
    changed_when: false
--- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
+++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
@ -42,7 +42,7 @@
        - dhcp-server
  - name: check if ntpd port is already known by selinux
-    shell: semanage port -l | grep ntp
+    ansible.builtin.shell: semanage port -l | grep ntp
    register: ntp_selinux_port
    check_mode: no
    changed_when: false
--- a/playbooks/manual/copr/copr-frontend-upgrade.yml
+++ b/playbooks/manual/copr/copr-frontend-upgrade.yml
@ -17,7 +17,7 @@
    import_tasks: _generic_tasks.yml
  - name: Check for copr-frontend update
-    shell: dnf clean expire-cache ; dnf check-update copr-frontend
+    ansible.builtin.shell: dnf clean expire-cache ; dnf check-update copr-frontend
    register: frontend_has_update
    changed_when: "frontend_has_update.rc != 0"
    failed_when: false
@ -37,7 +37,7 @@
      - python3-copr-common
  - name: Upgrade db to head, logs in /var/log/copr-frontend/migrations.log
-    shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log
+    ansible.builtin.shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log
    become: yes
    become_user: copr-fe
    args:
--- a/playbooks/manual/fas-readonly/fas-readonly.yml
+++ b/playbooks/manual/fas-readonly/fas-readonly.yml
@ -11,7 +11,7 @@
    template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql
  - name: Change permissions for relevant tables in the fas db
-    shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/fas-readonly.sql
+    ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/fas-readonly.sql
    become: yes
    become_user: postgres
    become_method: su
--- a/playbooks/manual/fas-readonly/rollback-readonly.yml
+++ b/playbooks/manual/fas-readonly/rollback-readonly.yml
@ -11,7 +11,7 @@
    template: src=rollback.sql dest=/var/lib/pgsql/rollback.sql
  - name: Rollback permissions for relevant tables in the fas db
-    shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/rollback.sql
+    ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 fas2 </var/lib/pgsql/rollback.sql
    become: yes
    become_user: postgres
    become_method: su
--- a/playbooks/manual/gdpr/sar.yml
+++ b/playbooks/manual/gdpr/sar.yml
@ -41,7 +41,7 @@
      when: "sar_huge is not defined or not sar_huge"
    # Huge SAR retrieval
-    - shell: "ssh {{ inventory_hostname }} sudo -u {{ sar_script_user }} SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ sar_script }} >{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}"
+    - ansible.builtin.shell: "ssh {{ inventory_hostname }} sudo -u {{ sar_script_user }} SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ sar_script }} >{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}"
      delegate_to: localhost
      when: "sar_huge is defined and sar_huge"
@ -57,7 +57,7 @@
    - name: "Create the archive"
      block:
        # Generate a private tarball of the files from each service.
-        - shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *"
+        - ansible.builtin.shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *"
          args:
            chdir: "{{ sar_tmp_dir }}"
        # Move the tarball into the desired pick up location.
--- a/playbooks/manual/gdpr/sar_openshift.yml
+++ b/playbooks/manual/gdpr/sar_openshift.yml
@ -2,7 +2,7 @@
 # Get the correct pod
 ---
 - name: Retrieve the id of the running container/pod
-  shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'"
+  ansible.builtin.shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'"
  register: pod_id
 # Run the SAR script
 - name: Run oc exec in container to extract the data
--- a/playbooks/manual/get-system-packages.yml
+++ b/playbooks/manual/get-system-packages.yml
@ -11,7 +11,7 @@
  tasks:
  - name: RPM_output
-    shell: "/usr/bin/rpm -qa"
+    ansible.builtin.shell: "/usr/bin/rpm -qa"
    register: rpm_output
    args:
      warn: false # set warn=false to prevent warning
--- a/playbooks/manual/history_undo.yml
+++ b/playbooks/manual/history_undo.yml
@ -15,7 +15,7 @@
  tasks:
  - name: Find the ID of the last yum transaction
-    shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' '
+    ansible.builtin.shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' '
    register: transaction_id
  # If transaction_id.stderr == "", then that means that the $PACKAGE we're
--- a/playbooks/manual/noggin-deployment/create-full-backup.yml
+++ b/playbooks/manual/noggin-deployment/create-full-backup.yml
@ -10,6 +10,6 @@
      ansible.builtin.command: ipa-backup
    - name: Make the latest backup available under a fixed name
-      shell:
+      ansible.builtin.shell:
        cmd: ln -snf $(ls -1t ipa-full* | head -n 1) ipa-full-latest
        chdir: /var/lib/ipa/backup
--- a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml
+++ b/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml
@ -25,7 +25,7 @@
  - name: Fix ownership of home directories in /home/fedora
    # assumes that directory name == user name
-    shell:
+    ansible.builtin.shell:
      chdir: /home/fedora
      cmd: /usr/local/sbin/fix-home-fedora-ownerships.sh
    register: chown_res
--- a/playbooks/manual/remote_delldrive.yml
+++ b/playbooks/manual/remote_delldrive.yml
@ -13,7 +13,7 @@
    ansible.builtin.copy: src={{private}}/scripts/drivestatus.py dest=/root/drivestatus.py
  - name: Run it for {{mgmt}}
-    shell: python /root/drivestatus.py {{mgmt}}
+    ansible.builtin.shell: python /root/drivestatus.py {{mgmt}}
    register: out
  - name: Remove it
--- a/playbooks/manual/sign-and-import.yml
+++ b/playbooks/manual/sign-and-import.yml
@ -41,7 +41,7 @@
  # TODO -- I'd also like to fail if there are no *.rpm files in there.
  - name: Sign all the rpms with our gpg key
-    shell: /bin/rpm --resign {{ rpmdir }}/*.rpm
+    ansible.builtin.shell: /bin/rpm --resign {{ rpmdir }}/*.rpm
  - name: Make a directory where we store the rpms afterwards
    ansible.builtin.file: path={{ rpmdir }}-old state=directory
--- a/playbooks/manual/staging-sync/bodhi.yml
+++ b/playbooks/manual/staging-sync/bodhi.yml
@ -65,7 +65,7 @@
  - ansible.builtin.command: dropdb bodhi2
  - ansible.builtin.command: createdb -O bodhi2 bodhi2
  - name: Import the prod db.
-    shell: cat /var/tmp/bodhi2.dump | psql bodhi2
+    ansible.builtin.shell: cat /var/tmp/bodhi2.dump | psql bodhi2
  - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent
 - name: Bring staging services up (OpenShift web services)
--- a/playbooks/manual/staging-sync/db-sync.yml
+++ b/playbooks/manual/staging-sync/db-sync.yml
@ -31,7 +31,7 @@
  tasks:
  - name: Dumping the production db. This might take a minute. Go out to the lobby!
-    shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz
  # Get the dump from `from` in the batcave
  - name: Export the dump from the dbhost in prod to batcave
@ -89,7 +89,7 @@
    ansible.builtin.command: createdb {{ db }}
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
-    shell: cat /var/tmp/{{ db }}.dump | psql {{ db }}
+    ansible.builtin.shell: cat /var/tmp/{{ db }}.dump | psql {{ db }}
 - name: Bring staging services up
  hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}"
--- a/playbooks/manual/staging-sync/koji.yml
+++ b/playbooks/manual/staging-sync/koji.yml
@ -73,7 +73,7 @@
 # buildroot_listing is excluded from the sync to save some time
 # TODO: install mbuffer on db-koji.stg
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
-    shell: >
+    ansible.builtin.shell: >
      curl -s -S https://infrastructure.fedoraproject.org/infra/db-dumps/koji.dump.xz |
      mbuffer -q -s 8M -m 128M -l /tmp/mbuffer-curl-to-xz.log |
      xzcat |
@ -82,9 +82,9 @@
      mbuffer -q -s 16M -m 512M -l /tmp/mbuffer-sed-to-psql.log |
      psql -v ON_ERROR_STOP=1
  - name: Repoint all the prod rpm entries at the secondary volume (and other stuff)
-    shell: psql -1 -v ON_ERROR_STOP=1 koji </var/lib/pgsql/koji-reset-staging.sql
+    ansible.builtin.shell: psql -1 -v ON_ERROR_STOP=1 koji </var/lib/pgsql/koji-reset-staging.sql
  - name: Vacuum database
-    shell: psql -v ON_ERROR_STOP=1 koji <<<"VACUUM ANALYZE"
+    ansible.builtin.shell: psql -v ON_ERROR_STOP=1 koji <<<"VACUUM ANALYZE"
 - name: Bring staging services up
  hosts: koji_stg
@ -147,7 +147,7 @@
  tasks:
  - name: Remount koji nfs
-    shell: umount /mnt/fedora_koji && mount /mnt/fedora_koji
+    ansible.builtin.shell: umount /mnt/fedora_koji && mount /mnt/fedora_koji
    args:
      warn: false
    when: "'.s390.' not in inventory_hostname"
--- a/playbooks/manual/staging-sync/koschei.yml
+++ b/playbooks/manual/staging-sync/koschei.yml
@ -21,16 +21,16 @@
  tasks:
  - name: Delete all jobs
-    shell: oc -n koschei delete job --all
+    ansible.builtin.shell: oc -n koschei delete job --all
  - name: Pause all deployments
-    shell: oc -n koschei rollout pause deploy
+    ansible.builtin.shell: oc -n koschei rollout pause deploy
  - name: Delete all replica sets
-    shell: oc -n koschei delete rs --all
+    ansible.builtin.shell: oc -n koschei delete rs --all
  - name: Delete all pods
-    shell: oc -n koschei delete pod --all
+    ansible.builtin.shell: oc -n koschei delete pod --all
  - name: Drop koschei database
    postgresql_db: name=koschei state=absent
@ -52,4 +52,4 @@
      job_command: "koschei-admin create-db && koschei-admin create-collection f41 --display-name 'Fedora Rawhide' --target f41 --bugzilla-product Fedora --bugzilla-version rawhide && koschei-admin create-group php"
  - name: Resume all deployments
-    shell: oc -n koschei rollout resume deploy
+    ansible.builtin.shell: oc -n koschei rollout resume deploy
--- a/playbooks/manual/staging-sync/mailman.yml
+++ b/playbooks/manual/staging-sync/mailman.yml
@ -47,7 +47,7 @@
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
    ansible.builtin.command: psql -f /var/tmp/mailman.dump mailman
  # - name: Fix the database
-  #  shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman
+  #  ansible.builtin.shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman
  # - template: src=templates/hyperkitty-reset-staging.sql dest=/var/lib/pgsql/hyperkitty-reset-staging.sql
  - ansible.builtin.copy:
@ -62,7 +62,7 @@
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
    ansible.builtin.command: psql -f /var/tmp/hyperkitty.dump hyperkitty
  # - name: Fix the database
-  #  shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty
+  #  ansible.builtin.shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty
  # TODO: reindex emails (fulltext)? Not a full-reindex, it may take days.
--- a/playbooks/manual/upgrade/bodhi.yml
+++ b/playbooks/manual/upgrade/bodhi.yml
@ -11,7 +11,7 @@
  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
  - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml
  - name: Check for running composes
-    shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/"
+    ansible.builtin.shell: "curl https://bodhi{{env_suffix}}.fedoraproject.org/composes/"
    register: composes
  - name: Fail if we found that a compose was in progress
--- a/playbooks/manual/upgrade/koji.yml
+++ b/playbooks/manual/upgrade/koji.yml
@ -71,7 +71,7 @@
    ansible.builtin.package: name=koji state=latest update_cache=yes
    when: db_upgrade_file is defined
  - name: Execute the db upgrade script
-    shell: psql koji  < {{db_upgrade_file}}
+    ansible.builtin.shell: psql koji  < {{db_upgrade_file}}
    become: true
    become_user: postgres
    when: db_upgrade_file is defined
--- a/playbooks/manual/upgrade/koschei-full.yml
+++ b/playbooks/manual/upgrade/koschei-full.yml
@ -18,16 +18,16 @@
  tasks:
  - name: Delete all jobs
-    shell: oc -n koschei delete job --all
+    ansible.builtin.shell: oc -n koschei delete job --all
  - name: Pause all deployments
-    shell: oc -n koschei rollout pause deploy
+    ansible.builtin.shell: oc -n koschei rollout pause deploy
  - name: Delete all replica sets
-    shell: oc -n koschei delete rs --all
+    ansible.builtin.shell: oc -n koschei delete rs --all
  - name: Delete all pods
-    shell: oc -n koschei delete pod --all
+    ansible.builtin.shell: oc -n koschei delete pod --all
  - name: Import upstream image into OpenShift
    include_role: name=openshift/import-image
@ -52,4 +52,4 @@
      job_command: "koschei-admin psql <<<'VACUUM FULL ANALYZE'"
  - name: Resume all deployments
-    shell: oc -n koschei rollout resume deploy
+    ansible.builtin.shell: oc -n koschei rollout resume deploy
--- a/playbooks/manual/upgrade/koschei-rolling.yml
+++ b/playbooks/manual/upgrade/koschei-rolling.yml
@ -23,4 +23,4 @@
      import_image_imagestreamname: koschei
  - name: Restart all deployments
-    shell: oc -n koschei rollout restart deploy
+    ansible.builtin.shell: oc -n koschei rollout restart deploy
--- a/playbooks/restart_when_failed.yml
+++ b/playbooks/restart_when_failed.yml
@ -7,11 +7,11 @@
  tasks:
    - name: Listing failed units
-      shell: systemctl list-units --state failed --no-legend | awk  '{ print $1 }'
+      ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk  '{ print $1 }'
      register: listing_failed
    - name: Check log with journalctl
-      shell: journalctl -lru {{ item }} -n 50
+      ansible.builtin.shell: journalctl -lru {{ item }} -n 50
      register: display_log
      with_items: "{{ listing_failed.stdout_lines[0:] }}"
--- a/roles/abrt/faf-post/tasks/opsys_and_releases.yml
+++ b/roles/abrt/faf-post/tasks/opsys_and_releases.yml
@ -1,7 +1,7 @@
 ---
 - name: Add CentOS opsys releases
  loop: "{{ rs_internal_centos_vers }}"
-  shell: >
+  ansible.builtin.shell: >
    faf releaseadd -o centos --opsys-release {{ item }} -s ACTIVE
  become: yes
  become_user: faf
@ -10,7 +10,7 @@
 - name: Add Fedora opsys releases
  loop: "{{ rs_internal_fedora_vers }}"
-  shell: >
+  ansible.builtin.shell: >
    faf releaseadd -o fedora --opsys-release {{ item }} -s ACTIVE
  become: yes
  become_user: faf
--- a/roles/abrt/faf-post/tasks/repositories.yml
+++ b/roles/abrt/faf-post/tasks/repositories.yml
@ -1,7 +1,7 @@
 ---
 - name: Add Fedora package repositories
  loop: "{{ faf_repos }}"
-  shell: >
+  ansible.builtin.shell: >
    faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}"
  become: yes
  become_user: faf
@ -18,7 +18,7 @@
 - name: List repositories of EOL Fedora releases
  loop: "{{ rs_internal_fedora_vers_removed }}"
-  shell: "faf repolist | grep fedora-{{ item }} || true"
+  ansible.builtin.shell: "faf repolist | grep fedora-{{ item }} || true"
  become: yes
  become_user: faf
  register: eol_repolist
--- a/roles/abrt/faf/tasks/first_time_setup.yml
+++ b/roles/abrt/faf/tasks/first_time_setup.yml
@ -1,7 +1,7 @@
 ---
 - name: Check for count of faf tables
-  shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables"
+  ansible.builtin.shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables"
  register: count_tables
  changed_when: "( count_tables.stdout_lines[2]|int ) == 0"
  check_mode: no
--- a/roles/abrt/retrace-post/tasks/retrace_setup.yml
+++ b/roles/abrt/retrace-post/tasks/retrace_setup.yml
@ -2,7 +2,7 @@
 # long running tasks - run them in background - we do not actually care about the results
 - name: Reposync for fedora
-  shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} </dev/null >$(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) &
+  ansible.builtin.shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} </dev/null >$(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) &
  loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}"
  become: yes
  become_user: retrace
@ -10,7 +10,7 @@
  when: env != 'staging'
 - name: Reposync for centos
-  shell: nohup retrace-server-reposync centos {{ item }} x86_64 </dev/null >$(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) &
+  ansible.builtin.shell: nohup retrace-server-reposync centos {{ item }} x86_64 </dev/null >$(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) &
  loop: "{{ rs_internal_centos_vers }}"
  become: yes
  become_user: retrace
--- a/roles/abrt/retrace/tasks/podman.yml
+++ b/roles/abrt/retrace/tasks/podman.yml
@ -16,7 +16,7 @@
 - block:
  - name: Get last subuid entry
-    shell: |
+    ansible.builtin.shell: |
      set -o pipefail
      sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }'
    changed_when: false
@ -41,7 +41,7 @@
 - block:
  - name: Get last subgid entry
-    shell: |
+    ansible.builtin.shell: |
      set -o pipefail
      cut -d ':' -f2 /etc/subgid | sort | tail -1
    changed_when: false
--- a/roles/apps-fp-o/handlers/main.yml
+++ b/roles/apps-fp-o/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: Rebuild apps-fp-o html
-  shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html
+  ansible.builtin.shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html
 - name: Rebuild apps-fp-o json
-  shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js
+  ansible.builtin.shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js
--- a/roles/awx/execution_node/tasks/main.yml
+++ b/roles/awx/execution_node/tasks/main.yml
@ -2,7 +2,7 @@
 - name: Create the awx user
  user:
    name: awx
-    shell: /bin/bash
+    ansible.builtin.shell: /bin/bash
 - name: Enable Copr repo for Ansible Receptor (Fedora)
  community.general.copr:
--- a/roles/base/tasks/keytab.yml
+++ b/roles/base/tasks/keytab.yml
@ -10,7 +10,7 @@
 - name: Get admin keytab
  delegate_to: "{{ ipa_server }}"
-  shell: echo "{{ipa_admin_password}}" | kinit admin
+  ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
  tags:
  - base
  - config
@ -106,7 +106,7 @@
  when: not host_keytab_status.stat.exists
 - name: Base64-decode keytab
-  shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab"
+  ansible.builtin.shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab"
  tags:
  - base
  - config
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -149,7 +149,7 @@
  - base
 - name: Setup builder ipset if this is a new install
-  shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi"
+  ansible.builtin.shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi"
  args:
    creates: /etc/sysconfig/ipset-osbuildapi
  when: "'osbuild' in group_names"
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@ -46,7 +46,7 @@
  when: ( ansible_distribution == 'Fedora' and ansible_distribution_major_version|int >= 30 ) or ( ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8 )
 - name: Check if sshd port is already known by selinux
-  shell: semanage port -l | grep ssh
+  ansible.builtin.shell: semanage port -l | grep ssh
  register: sshd_selinux_port
  check_mode: no
  changed_when: false
@ -199,7 +199,7 @@
 # Currently, we use the epoch as serial. That's unique enough for now
 - name: Sign the certificates
-  shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
+  ansible.builtin.shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
  delegate_to: localhost
  with_items: "{{certs_to_sign}}"
  check_mode: no
--- a/roles/bkernel/tasks/main.yml
+++ b/roles/bkernel/tasks/main.yml
@ -18,7 +18,7 @@
  - bkernel
 - name: Setup opensc in pcscd
-  shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC ||  modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so
+  ansible.builtin.shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC ||  modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so
  check_mode: no
  changed_when: "1 != 1"
  tags:
--- a/roles/blockerbugs/tasks/main.yml
+++ b/roles/blockerbugs/tasks/main.yml
@ -32,7 +32,7 @@
  user:
    name: blockerbugs
    group: blockerbugs
-    shell: /bin/nologin
+    ansible.builtin.shell: /bin/nologin
    home: /usr/share/blockerbugs
  tags:
  - blockerbugs
--- a/roles/bodhi2/base/tasks/main.yml
+++ b/roles/bodhi2/base/tasks/main.yml
@ -19,7 +19,7 @@
    name: bodhi
    group: bodhi
    comment: Bodhi Server
-    shell: /sbin/nologin
+    ansible.builtin.shell: /sbin/nologin
    home: /usr/share/bodhi
    system: yes
    state: present
--- a/roles/collectd/base/tasks/main.yml
+++ b/roles/collectd/base/tasks/main.yml
@ -133,7 +133,7 @@
 # TODO: consider using selinux_modules from https://galaxy.ansible.com/linux-system-roles/selinux instead
 - name: Check to see what version is installed (if any)
-  shell: "semodule -l -m | grep fi-collectd | cut -d: -f2"
+  ansible.builtin.shell: "semodule -l -m | grep fi-collectd | cut -d: -f2"
  register: ficgeneral_installed_version
  check_mode: no
  changed_when: false
@ -143,7 +143,7 @@
 # This cmd comes from the last example of the semodule man page
 - name: Check to see what version we have
-  shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1
+  ansible.builtin.shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1
  register: ficgeneral_local_version
  check_mode: no
  changed_when: false
@ -166,7 +166,7 @@
  - selinux
 - name: Check to see if its even installed yet
-  shell: semodule -l | grep fi-pstorefs | wc -l
+  ansible.builtin.shell: semodule -l | grep fi-pstorefs | wc -l
  register: ficpstorefs_grep
  check_mode: no
  changed_when: "'0' in ficpstorefs_grep.stdout"
--- a/roles/collectd/fcomm-queue/tasks/main.yml
+++ b/roles/collectd/fcomm-queue/tasks/main.yml
@ -37,7 +37,7 @@
  - selinux
 - name: Check to see if its even installed yet
-  shell: semodule -l | grep fi-collectd-fcomm | wc -l
+  ansible.builtin.shell: semodule -l | grep fi-collectd-fcomm | wc -l
  register: ficfcomm_grep
  check_mode: no
  changed_when: "'0' in ficfcomm_grep.stdout"
--- a/roles/communishift/tasks/retrieve-communishift-admin-data.yml
+++ b/roles/communishift/tasks/retrieve-communishift-admin-data.yml
@ -1,7 +1,7 @@
 ---
 # tasks file for CommunishiftAuthorization
 - name: Authorize with kinit
-  shell: kinit -k -t "{{ communishift_keytab_path }}" -l 3600 "{{ communishift_keytab_principal }}"
+  ansible.builtin.shell: kinit -k -t "{{ communishift_keytab_path }}" -l 3600 "{{ communishift_keytab_principal }}"
  run_once: true
 - name: Retrieve fasjson group/user data based on pattern supplied
--- a/roles/copr/backend/files/provision/check_path_free_space.yml
+++ b/roles/copr/backend/files/provision/check_path_free_space.yml
@ -1,6 +1,6 @@
 ---
 - name: "call dnf on {{ path }}"
-  shell: "df '{{ path }}' --output=avail | tail -1"
+  ansible.builtin.shell: "df '{{ path }}' --output=avail | tail -1"
  register: df
  changed_when: false
--- a/roles/copr/backend/files/provision/libdnf5.yml
+++ b/roles/copr/backend/files/provision/libdnf5.yml
@ -1,6 +1,6 @@
 ---
 - name: "Work-around for https://github.com/ansible/ansible/issues/84206 #1 (install python3 libdnf5)"
-  shell: dnf -y install python3-libdnf5
+  ansible.builtin.shell: dnf -y install python3-libdnf5
 - name: "Work-around for https://github.com/ansible/ansible/issues/84206 #2 (reload remote python modules)"
  meta: reset_connection
--- a/roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml
+++ b/roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml
@ -46,7 +46,7 @@
      register: helpers_installed
    - name: remount with larger TMP
-      shell: mount -o remount,size=20G /tmp
+      ansible.builtin.shell: mount -o remount,size=20G /tmp
      when: helpers_installed.changed
    - name: set direct backend for guestfish
@ -102,7 +102,7 @@
      register: key_stat
    - name: create ssh keypair for password-less connection to nested-VMs
-      shell: 'ssh-keygen -b 4096 -t rsa -q -N "" -f {{ private_key_file }}'
+      ansible.builtin.shell: 'ssh-keygen -b 4096 -t rsa -q -N "" -f {{ private_key_file }}'
      when: not key_stat.stat.exists
 #    - name: install composer packages
--- a/roles/copr/backend/files/provision/provision_builder_tasks.yml
+++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml
@ -72,7 +72,7 @@
 #     - starting_builder
 - name: clean dnf cache before checking for updated packages
-  shell: dnf clean all
+  ansible.builtin.shell: dnf clean all
  when:
    - preparing_image
@ -124,7 +124,7 @@
      - pyp2spec
 - name: Activate Red Hat Subscription
-  shell:
+  ansible.builtin.shell:
    cmd: >
      echo "{{ copr_rhsm_activation_key }}"
      | /usr/bin/copr-builder-rhsm-subscribe-daemon
@ -137,7 +137,7 @@
  when: starting_builder
 - name: make sure the enable-swap service has already finished
-  shell: "systemctl is-active enable-swap || :"
+  ansible.builtin.shell: "systemctl is-active enable-swap || :"
  register: enable_swap_active
  until: "'inactive' in enable_swap_active.stdout or 'failed' in enable_swap_active.stdout"
  retries: 20
@ -145,7 +145,7 @@
  when: starting_builder
 - name: debug the swap failure
-  shell: journalctl -u enable-swap
+  ansible.builtin.shell: journalctl -u enable-swap
  register: journalctl_output
  when:
    - starting_builder
@ -207,7 +207,7 @@
    - starting_builder
 - name: run /bin/copr-update-builder from copr-builder package
-  shell: /usr/bin/copr-update-builder
+  ansible.builtin.shell: /usr/bin/copr-update-builder
 # - name: install the latest mock and mock-core-configs from updates-testing
 #  ansible.builtin.package: state=latest name={{ packages }}
@ -218,7 +218,7 @@
 #    - https://kojipkgs.fedoraproject.org/packages/mock-core-configs/32.6/1.fc31/noarch/mock-core-configs-32.6-1.fc31.noarch.rpm
 #
 # - name: re-run copr-update builder when mock/mock-core-configs are updated
-#   shell: /usr/bin/copr-update-builder
+#   ansible.builtin.shell: /usr/bin/copr-update-builder
 #   when: mock_updated.changed
 - name: patch from https://github.com/rpm-software-management/mock/pull/1341
@ -327,4 +327,4 @@
    - copr-rpmbuild.yml
 - name: Set up motd for builder
-  shell: "copr-builder help > /etc/motd || :"
+  ansible.builtin.shell: "copr-builder help > /etc/motd || :"
--- a/roles/copr/backend/tasks/copr-ping.yml
+++ b/roles/copr/backend/tasks/copr-ping.yml
@ -56,7 +56,7 @@
  tags: copr_ping
 - name: Restorecon ping_log
-  shell: restorecon -irv "{{ ping_log }}"
+  ansible.builtin.shell: restorecon -irv "{{ ping_log }}"
  when: semanage_run.changed or ping_log_created.changed
  tags: copr_ping
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@ -274,7 +274,7 @@
  register: copr_results_dir_st
 - name: Change owner for results dir if it isn't copr
-  shell: "chown -R copr:copr /var/lib/copr/public_html"
+  ansible.builtin.shell: "chown -R copr:copr /var/lib/copr/public_html"
  when: '"copr" not in copr_results_dir_st.stat.pw_name'
 - ansible.builtin.command: "ls -dZ /var/lib/copr/public_html/"
--- a/roles/copr/backend/tasks/mount_fs.yml
+++ b/roles/copr/backend/tasks/mount_fs.yml
@ -36,7 +36,7 @@
    - name: Scan and assemble raid volumes and activate volume groups
      when: not stat_repo_fs.stat.exists
-      shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5
+      ansible.builtin.shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5
    - name: Stat the ext4 filesystem
      stat: path=/dev/disk/by-label/copr-repo
--- a/roles/copr/backend/tasks/resalloc.yml
+++ b/roles/copr/backend/tasks/resalloc.yml
@ -56,7 +56,7 @@
  register: postgres_initialized
 - name: Init postgresql
-  shell: "postgresql-setup initdb"
+  ansible.builtin.shell: "postgresql-setup initdb"
  when: not postgres_initialized.stat.exists
 - name: Enable PostgreSQL service
--- a/roles/copr/base/tasks/main.yml
+++ b/roles/copr/base/tasks/main.yml
@ -87,7 +87,7 @@
    - "'pulp' not in inventory_hostname"
 # - name: Check offloading
-#   shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'"
+#   ansible.builtin.shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'"
 #   register: offloading
 #   failed_when: offloading.rc == 2
 #   changed_when: "1 != 1"
@ -100,7 +100,7 @@
 #     - ansible_distribution == 'Fedora'
 #
 # - name: Disable offloading (persitently)
-#   shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off"
+#   ansible.builtin.shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off"
 #   when:
 #     - offloading.rc == 0
 #     - ansible_distribution == 'Fedora'
@ -108,7 +108,7 @@
 #   - config
 #
 # - name: Check we have the needed ipv6
-#   shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}"
+#   ansible.builtin.shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}"
 #   register: ipv6_config_check
 #   failed_when: false
 #   changed_when: ipv6_config_check.rc == 1
@ -117,7 +117,7 @@
 #   tags: ipv6_config
 #
 # - name: Setup ipv6 networking
-#   shell: |
+#   ansible.builtin.shell: |
 #     nmcli con modify '{{ aws_ipv6_con }}' ipv6.method auto ipv6.may-fail yes ipv6.never-default no ipv6.addresses '{{ aws_ipv6_addr }}'
 #     nmcli con up '{{ aws_ipv6_con }}'
 #   when:
--- a/roles/copr/certbot/tasks/letsencrypt.yml
+++ b/roles/copr/certbot/tasks/letsencrypt.yml
@ -53,7 +53,7 @@
  register: some_cert_restored
 - name: Initialize certbot configuration
-  shell: |
+  ansible.builtin.shell: |
      certbot certonly --standalone \
            -w {{ item.item.value.challenge_dir }} \
            -d {{ item.item.value.domains | join(' -d ') }} \
@ -87,7 +87,7 @@
    - certbot
 - name: Post init script
-  shell: |
+  ansible.builtin.shell: |
      /usr/libexec/auto-certbot-deploy \
            --init {{ item.item.key }}
  when:
--- a/roles/copr/frontend/tasks/psql_setup.yml
+++ b/roles/copr/frontend/tasks/psql_setup.yml
@ -11,7 +11,7 @@
  register: postgres_initialized
 - name: Init postgresql
-  shell: "postgresql-setup initdb"
+  ansible.builtin.shell: "postgresql-setup initdb"
  when: not postgres_initialized.stat.exists
 - name: Copy pg_hba.conf
--- a/roles/copr/hypervisor/tasks/main.yml
+++ b/roles/copr/hypervisor/tasks/main.yml
@ -22,7 +22,7 @@
 #   tags: swap
 # - name: Mount the swap
-#   shell: swapon -a
+#   ansible.builtin.shell: swapon -a
 #   when: fstab_swap_entry.changed
 #   tags: swap
@ -76,12 +76,12 @@
  tags: libvirtd
 - name: Restorecon
-  shell: restorecon -irv "{{ image_pool_dir }}"
+  ansible.builtin.shell: restorecon -irv "{{ image_pool_dir }}"
  when: semanage_run.changed
  tags: libvirtd
 - name: Check host-bridge in libvirt
-  shell: virsh net-info host-bridge
+  ansible.builtin.shell: virsh net-info host-bridge
  register: libvirt_bridge_exists
  failed_when: false
  changed_when: libvirt_bridge_exists.rc != 0
@ -94,7 +94,7 @@
  tags: libvirtd
 - name: Define host-bridge in libvirt
-  shell: |
+  ansible.builtin.shell: |
    virsh net-define /root/.tmp-ansible-file.xml
    virsh net-start host-bridge
    virsh net-autostart host-bridge
@ -103,7 +103,7 @@
  tags: libvirtd
 - name: Check if image pool exists
-  shell: virsh pool-info "{{ image_pool_name }}"
+  ansible.builtin.shell: virsh pool-info "{{ image_pool_name }}"
  register: libvirt_pool_exists
  failed_when: false
  changed_when: libvirt_pool_exists.rc != 0
@ -116,7 +116,7 @@
  tags: libvirtd
 - name: Define image pool in libvirt
-  shell: |
+  ansible.builtin.shell: |
    virsh pool-define /root/.tmp-ansible-file.xml
    virsh pool-start "{{ image_pool_name }}"
    virsh pool-autostart "{{ image_pool_name }}"
--- a/roles/copr/keygen/tasks/main.yml
+++ b/roles/copr/keygen/tasks/main.yml
@ -61,4 +61,4 @@
 # Sorry for writting this as `shell`. We will drop this task once it
 # is in stable repos.
 - name: Install gnupg2 with required bugfixes
-  shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2"
+  ansible.builtin.shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2"
--- a/roles/copr/keygen/tasks/setup_backup.yml
+++ b/roles/copr/keygen/tasks/setup_backup.yml
@ -7,7 +7,7 @@
  register: pub_key_installed
 - name: Import pubkey for backup encryption
-  shell: gpg2 --import /root/backup_key.asc creates=/root/backupkeyimported
+  ansible.builtin.shell: gpg2 --import /root/backup_key.asc creates=/root/backupkeyimported
  when: pub_key_installed.changed
 - name: Copy backup script
--- a/roles/fedmsg/base/tasks/main.yml
+++ b/roles/fedmsg/base/tasks/main.yml
@ -287,7 +287,7 @@
  - fedmsg/base
 - name: Check if the nrpe user exists
-  shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' '
+  ansible.builtin.shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' '
  register: nrpe_exists
  check_mode: no
  changed_when: "1 != 1"
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -92,7 +92,7 @@
  - selinux
 - name: Check to see if its even installed yet
-  shell: semodule -l | grep fi-haproxy | wc -l
+  ansible.builtin.shell: semodule -l | grep fi-haproxy | wc -l
  register: fi_haproxy_grep
  check_mode: no
  changed_when: "'0' in fi_haproxy_grep.stdout"
--- a/roles/ipa/client/handlers/main.yml
+++ b/roles/ipa/client/handlers/main.yml
@ -3,4 +3,4 @@
  ansible.builtin.command: sss_cache -E
 - name: Restart sssd
-  shell: systemctl restart sssd
+  ansible.builtin.shell: systemctl restart sssd
--- a/roles/ipa/servicedelegationrule/tasks/main.yml
+++ b/roles/ipa/servicedelegationrule/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Get admin ticket
  delegate_to: "{{ ipa_server }}"
-  shell: echo "{{ipa_admin_password}}" | kinit admin
+  ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
  check_mode: no
  changed_when: "1 != 1"
  tags:
--- a/roles/ipa/servicedelegationtarget/tasks/main.yml
+++ b/roles/ipa/servicedelegationtarget/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Get admin ticket
  delegate_to: "{{ ipa_server }}"
-  shell: echo "{{ipa_admin_password}}" | kinit admin
+  ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
  check_mode: no
  changed_when: "1 != 1"
  tags:
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@ -64,7 +64,7 @@
    name: ipa/client
 - name: Get admin ticket
-  shell: echo "{{ipa_admin_password}}" | kinit admin
+  ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
  check_mode: no
  tags:
  - ipsilon
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@ -29,7 +29,7 @@
 - name: Get admin ticket
  delegate_to: "{{ ipa_server }}"
-  shell: echo "{{ipa_admin_password}}" | kinit admin
+  ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin
  check_mode: no
  changed_when: "1 != 1"
  tags:
@ -126,7 +126,7 @@
  when: not keytab_status.stat.exists
 - name: Base64-decode keytab
-  shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
+  ansible.builtin.shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}"
  tags:
  - keytab
  - config
--- a/roles/koji_db/tasks/main.yml
+++ b/roles/koji_db/tasks/main.yml
@ -22,7 +22,7 @@
 # Load the initial schema and create a file to note that it's loaded now.
 #
 - name: Load initial schema
-  shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql
+  ansible.builtin.shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql
  tags:
  - db
  when: is_kojidb == "True"
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@ -24,7 +24,7 @@
 - name: Get the directory to use
  delegate_to: "certgetter01.iad2.fedoraproject.org"
  # Sometimes we get directories like site-0001, site-0002, etc. We want the latest
-  shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
+  ansible.builtin.shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'"
  register: certbot_dir
  changed_when: 'false'
  check_mode: no
--- a/roles/mirror_pagure_ansible/tasks/main.yml
+++ b/roles/mirror_pagure_ansible/tasks/main.yml
@ -14,7 +14,7 @@
 - name: Setup pagure user
  user:
    name: mirror_pagure_ansible
-    shell: /sbin/nologin
+    ansible.builtin.shell: /sbin/nologin
    comment: "mirror_pagure_ansible User"
  tags:
  - mirror_pagure_ansible
--- a/roles/nagios_client/tasks/main.yml
+++ b/roles/nagios_client/tasks/main.yml
@ -8,7 +8,7 @@
    uid: "{{nrpe_client_uid|default(omit)}}"
    comment: NRPE user for the NRPE service
    home: /var/run/nrpe
-    shell: /sbin/nologin
+    ansible.builtin.shell: /sbin/nologin
    system: true
  tags:
  - nagios_client
@ -323,7 +323,7 @@
    - pagure
 - name: Check if the fedmsg group exists
-  shell: /usr/bin/getent group fedmsg | /usr/bin/wc -l | tr -d ' '
+  ansible.builtin.shell: /usr/bin/getent group fedmsg | /usr/bin/wc -l | tr -d ' '
  register: fedmsg_exists
  check_mode: no
  changed_when: "1 != 1"
--- a/roles/openqa/server/tasks/main.yml
+++ b/roles/openqa/server/tasks/main.yml
@ -97,7 +97,7 @@
    home: "/var/lib/openqa"
    createhome: no
    system: yes
-    shell: /sbin/nologin
+    ansible.builtin.shell: /sbin/nologin
  when: "openqa_static_uid is defined"
 - name: Remove old scratch repo directory
@ -250,7 +250,7 @@
  - config
 - name: Initialize database
-  shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305
+  ansible.builtin.shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305
  register: initdb
  changed_when: "initdb.rc == 0"
  failed_when: "(initdb.rc > 0) and (initdb.stdout is not defined or initdb.stdout.find('already exists') == -1)"
@ -316,7 +316,7 @@
  register: templatesfif
 - name: Dump existing config for checking changes
-  shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :"
+  ansible.builtin.shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :"
  when: "(gittests is defined) and (gittests is changed)"
  changed_when: "1 != 1"
@ -342,7 +342,7 @@
  changed_when: "1 != 1"
 - name: Check if the tests changed in previous step
-  shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)"
+  ansible.builtin.shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)"
  when: "(gittests is defined) and (gittests is changed)"
  register: testsdiff
  changed_when: "testsdiff.rc > 0"
--- a/roles/openqa/worker/tasks/tap-setup.yml
+++ b/roles/openqa/worker/tasks/tap-setup.yml
@ -56,13 +56,13 @@
 # nmcli collection does not support tun type
 - name: Check whether tap device interface connection profiles exist
-  shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)"
+  ansible.builtin.shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)"
  register: tapsexist
  changed_when: "1 != 1"
  failed_when: "1 != 1"
 - name: Create openvswitch interfaces for tap devices
-  shell: "nmcli con add type tun mode tap owner $(id -u _openqa-worker) group $(getent group nogroup | cut -f3 -d:) con.int tap{{ item }} master tap{{ item }}"
+  ansible.builtin.shell: "nmcli con add type tun mode tap owner $(id -u _openqa-worker) group $(getent group nogroup | cut -f3 -d:) con.int tap{{ item }} master tap{{ item }}"
  with_sequence: start=0 end={{ openqa_workers | int }}
  when: tapsexist.rc > 0
--- a/roles/openshift-apps/koschei/job/tasks/main.yml
+++ b/roles/openshift-apps/koschei/job/tasks/main.yml
@ -5,10 +5,10 @@
    dest: "/etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml"
 - name: Delete previous job (if any)
-  shell: oc -n {{ job_app }} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
+  ansible.builtin.shell: oc -n {{ job_app }} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
 - name: Start job
-  shell: oc -n {{ job_app }} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
+  ansible.builtin.shell: oc -n {{ job_app }} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
 - name: Wait for job to complete
-  shell: oc -n {{ job_app }} wait job/job-{{job_name}} --for condition=complete
+  ansible.builtin.shell: oc -n {{ job_app }} wait job/job-{{job_name}} --for condition=complete
--- a/roles/openshift/import-image/tasks/main.yml
+++ b/roles/openshift/import-image/tasks/main.yml
@ -1,3 +1,3 @@
 ---
 - name: Run `oc import-image`
-  shell: oc -n {{import_image_app}} import-image {{import_image_imagestreamname}}
+  ansible.builtin.shell: oc -n {{import_image_app}} import-image {{import_image_imagestreamname}}
--- a/roles/openshift/ipa-client/tasks/main.yml
+++ b/roles/openshift/ipa-client/tasks/main.yml
@ -16,5 +16,5 @@
  register: ipa_config_result
 - name: Call `oc apply` on the copied file
-  shell: oc -n {{ipa_client_app}} apply -f /etc/openshift_apps/{{ipa_client_app}}/configmap-ipa-client.yml
+  ansible.builtin.shell: oc -n {{ipa_client_app}} apply -f /etc/openshift_apps/{{ipa_client_app}}/configmap-ipa-client.yml
  when: ipa_config_result.changed or object_always_apply
--- a/roles/openshift/job/tasks/main.yml
+++ b/roles/openshift/job/tasks/main.yml
@ -17,10 +17,10 @@
    dest: "/etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml"
 - name: Delete previous job (if any)
-  shell: oc -n {{os_app}} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
+  ansible.builtin.shell: oc -n {{os_app}} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
 - name: Start job
-  shell: oc -n {{os_app}} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
+  ansible.builtin.shell: oc -n {{os_app}} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml
 - debug:
    msg: "Job started. You can watch the logs with: oc -n {{os_app}} logs -f job/job-{{job_name}}"
@ -28,4 +28,4 @@
    msg: "You can cancel it with: oc -n {{os_app}} delete job/job-{{job_name}}"
 - name: Wait for job to complete
-  shell: oc -n {{os_app}} wait job/job-{{job_name}} --for condition=complete
+  ansible.builtin.shell: oc -n {{os_app}} wait job/job-{{job_name}} --for condition=complete
--- a/roles/openshift/keytab/tasks/main.yml
+++ b/roles/openshift/keytab/tasks/main.yml
@ -8,13 +8,13 @@
    kt_location: "/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt"
 - name: Call `oc secrets new` on the copied file
-  shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
+  ansible.builtin.shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
  register: create_out
  when: not ocp4
  failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
 - name: Call `oc create secret generic` on the copied file
-  shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
+  ansible.builtin.shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt
  register: create_out
  when: ocp4 and not keytab_status.stat.exists
  failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr"
--- a/roles/openshift/object-delete/tasks/main.yml
+++ b/roles/openshift/object-delete/tasks/main.yml
@ -12,4 +12,4 @@
  when: object_delete_objecttype == 'project'
 - name: Call `oc delete` on the object
-  shell: oc -n {{object_delete_app}} delete {{object_delete_objecttype}}/{{object_delete_objectname}}
+  ansible.builtin.shell: oc -n {{object_delete_app}} delete {{object_delete_objecttype}}/{{object_delete_objectname}}
--- a/roles/openshift/object/tasks/main.yml
+++ b/roles/openshift/object/tasks/main.yml
@ -15,5 +15,5 @@
  register: object_file_result
 - name: Call `oc apply` on the copied file
-  shell: oc -n {{object_os_app}} apply --validate=strict -f /etc/openshift_apps/{{object_os_app}}/{{object_objectname}}
+  ansible.builtin.shell: oc -n {{object_os_app}} apply --validate=strict -f /etc/openshift_apps/{{object_os_app}}/{{object_objectname}}
  when: object_template_result.changed or object_template_fullpath_result.changed or object_file_result.changed or object_always_apply
--- a/roles/openshift/project/tasks/main.yml
+++ b/roles/openshift/project/tasks/main.yml
@ -19,7 +19,7 @@
    dest=/etc/openshift_apps/{{project_app}}/project.yml
 - name: Create project
-  shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml
+  ansible.builtin.shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml
  when: "'not found' in project_exists.stderr"
 - name: Deployer.yml
--- a/roles/openshift/rollout/tasks/main.yml
+++ b/roles/openshift/rollout/tasks/main.yml
@ -1,3 +1,3 @@
 ---
 - name: Run `oc rollout latest`
-  shell: oc -n {{rollout_app}} rollout latest {{rollout_dcname}}
+  ansible.builtin.shell: oc -n {{rollout_app}} rollout latest {{rollout_dcname}}
--- a/roles/openshift/secret-file/tasks/main.yml
+++ b/roles/openshift/secret-file/tasks/main.yml
@ -15,18 +15,18 @@
  register: secret_privatefile
 - name: Delete existing secrets
-  shell: oc -n {{os_app}} delete secret/{{secret_file_secret_name}}
+  ansible.builtin.shell: oc -n {{os_app}} delete secret/{{secret_file_secret_name}}
  register: delete_out
  changed_when: "'NotFound' in delete_out.stderr"
  failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
  when: secret_template.changed or secret_file.changed or secret_privatefile.changed
 - name: Call `oc secrets new` on the copied file
-  shell: oc -n {{os_app}} secrets new {{secret_file_secret_name}} {{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
+  ansible.builtin.shell: oc -n {{os_app}} secrets new {{secret_file_secret_name}} {{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
  register: create_out
  when: not ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed)
 - name: Call `oc create secret generic` on the copied file
-  shell: oc -n {{os_app}} create secret generic {{secret_file_secret_name}} --from-file={{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
+  ansible.builtin.shell: oc -n {{os_app}} create secret generic {{secret_file_secret_name}} --from-file={{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}}
  register: create_out
  when: ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed)
--- a/roles/openshift/secret-tls/tasks/main.yml
+++ b/roles/openshift/secret-tls/tasks/main.yml
@ -8,18 +8,18 @@
  register: secret_privatekey
 - name: Delete existing secrets
-  shell: oc -n {{secret_tls_app}} delete secret/{{secret_tls_secret_name}}
+  ansible.builtin.shell: oc -n {{secret_tls_app}} delete secret/{{secret_tls_secret_name}}
  register: delete_out
  changed_when: "'NotFound' in delete_out.stderr"
  failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)"
  when: secret_privatecert.changed or secret_privatekey.changed
 - name: Call `oc create secret tls` on the copied file
-  shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
+  ansible.builtin.shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
  register: create_out
  when: secret_privatecert.changed or secret_privatekey.changed
 - name: Call `oc create secret tls` on the copied file
-  shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
+  ansible.builtin.shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key
  register: create_out
  when: secret_privatecert.changed or secret_privatekey.changed
--- a/roles/openshift/start-build/tasks/main.yml
+++ b/roles/openshift/start-build/tasks/main.yml
@ -1,3 +1,3 @@
 ---
 - name: Run `oc start-build`
-  shell: oc -n {{start_build_app}} start-build {{start_build_buildname}}
+  ansible.builtin.shell: oc -n {{start_build_app}} start-build {{start_build_buildname}}
--- a/roles/pagure/tasks/main.yml
+++ b/roles/pagure/tasks/main.yml
@ -192,7 +192,7 @@
    name: paguremirroring
    group: paguremirroring
    groups: paguremirroring,git
-    shell: /bin/nologin
+    ansible.builtin.shell: /bin/nologin
    home: /srv/mirror
  tags:
  - pagure
--- a/roles/rabbit/queue/handlers/main.yml
+++ b/roles/rabbit/queue/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: restart nagios on noc
-  shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
+  ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios
  delegate_to: "{{ queue_nagios_server }}"
 - name: restart nrpe on rabbitmq
--- a/roles/robosignatory/tasks/main.yml
+++ b/roles/robosignatory/tasks/main.yml
@ -29,7 +29,7 @@
    system: yes
    home: /etc/robosignatory
    comment: Robosignatory
-    shell: /sbin/nologin
+    ansible.builtin.shell: /sbin/nologin
    uid: 263
  tags:
  - config
--- a/roles/serial-console/tasks/main.yml
+++ b/roles/serial-console/tasks/main.yml
@ -3,7 +3,7 @@
 #
 ---
 - name: Check for grub serial setup
-  shell: grep options /boot/loader/entries/*
+  ansible.builtin.shell: grep options /boot/loader/entries/*
  register: serial
  check_mode: no
  changed_when: '1 != 1'
--- a/roles/smtp-auth-relay/tasks/main.yml
+++ b/roles/smtp-auth-relay/tasks/main.yml
@ -18,7 +18,7 @@
    - smtp_auth_relay
 - name: Regenerate the password db file
-  shell: postmap /etc/postfix/sasl_passwd
+  ansible.builtin.shell: postmap /etc/postfix/sasl_passwd
  when: smtp_relay_password_file.changed
  notify: restart postfix
  tags:
--- a/roles/web-data-analysis/tasks/main.yml
+++ b/roles/web-data-analysis/tasks/main.yml
@ -108,7 +108,7 @@
  user:
    name: countme
    group: countme
-    shell: /sbin/nologin
+    ansible.builtin.shell: /sbin/nologin
    home: /srv/countme
    comment: "DNF countme counter"
  tags:
@ -125,7 +125,7 @@
 - name: Remove local mirrors-countme git repo, scripts and Python package
  # Using `shell` here because `file` doesn't know wild cards
-  shell: >-
+  ansible.builtin.shell: >-
    shopt -s nullglob;
    rm -rfv \
        /srv/countme/mirrors-countme \
--- a/roles/zabbix/zabbix_agent/handlers/main.yml
+++ b/roles/zabbix/zabbix_agent/handlers/main.yml
@ -3,5 +3,5 @@
  service: name=zabbix-agent state=restarted
 - name: reload custom selinux files
-  shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
+  ansible.builtin.shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
  when: ansible_selinux.mode == "enforcing"
--- a/roles/zabbix/zabbix_agent/tasks/main.yml
+++ b/roles/zabbix/zabbix_agent/tasks/main.yml
@ -35,7 +35,7 @@
    - zabbix_agent
 - name: Reload custom selinux files
-  shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
+  ansible.builtin.shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp"
  when: ansible_distribution == "Centos" and ansible_selinux.status == "enabled" and sepolicy.changed
  tags:
    - zabbix_agent
--- a/tasks/cloud_setup_basic.yml
+++ b/tasks/cloud_setup_basic.yml
@ -25,7 +25,7 @@
  include_role: name=basessh
 # - name: Edit hostname to be instance name - prefix hostbase var if it exists
-#  shell: hostname  {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
+#  ansible.builtin.shell: hostname  {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
 #  tags:
 #  - config
--- a/tasks/swap.yml
+++ b/tasks/swap.yml
@ -88,7 +88,7 @@
    - swap
 - name: Disable zram0
-  shell: swapoff /dev/zram0
+  ansible.builtin.shell: swapoff /dev/zram0
  tags:
    - swap
    - swap.file.swapoffzram
--- a/tasks/virt_instance_create.yml
+++ b/tasks/virt_instance_create.yml
@ -21,7 +21,7 @@
  when: inventory_hostname not in result.list_vms
 - name: Run the virt-install
-  shell: "{{ virt_install_command }}"
+  ansible.builtin.shell: "{{ virt_install_command }}"
  delegate_to: "{{ vmhost }}"
  when: inventory_hostname not in result.list_vms