diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 4a50e693de..4fd586b2cd 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -3,10 +3,10 @@ # --- - name: reload systemd - command: systemctl daemon-reload + ansible.builtin.command: systemctl daemon-reload - name: restart apache - command: /usr/local/bin/conditional-restart.sh httpd httpd + ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd - name: reload apache action: service name=httpd state=reloaded @@ -18,31 +18,31 @@ action: service name=crond state=restarted - name: restart fedmsg-gateway - command: /usr/local/bin/conditional-restart.sh fedmsg-gateway + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-gateway - name: restart fedmsg-hub - command: /usr/local/bin/conditional-restart.sh {{ item }} + ansible.builtin.command: /usr/local/bin/conditional-restart.sh {{ item }} with_items: - fedmsg-hub - fedmsg-hub-3 - name: restart fedmsg-hub-3 - command: /usr/local/bin/conditional-restart.sh {{ item }} + ansible.builtin.command: /usr/local/bin/conditional-restart.sh {{ item }} with_items: - fedmsg-hub - fedmsg-hub-3 - name: restart fedmsg-irc - command: /usr/local/bin/conditional-restart.sh fedmsg-irc + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-irc - name: restart fedmsg-relay - command: /usr/local/bin/conditional-restart.sh fedmsg-relay + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-relay - name: restart fm-consumer@koji_sync_listener action: service name=fm-consumer@koji_sync_listener state=restarted enabled=yes - name: reload httpd - command: /usr/local/bin/conditional-reload.sh httpd httpd + ansible.builtin.command: /usr/local/bin/conditional-reload.sh httpd httpd - name: restart iptables action: service name=iptables state=restarted @@ -98,22 +98,22 @@ action: service name=network state=restarted - name: rebuild postfix transport - command: /usr/sbin/postmap /etc/postfix/transport + ansible.builtin.command: /usr/sbin/postmap /etc/postfix/transport - name: rebuild postfix bysender - command: /usr/sbin/postmap /etc/postfix/bysender + ansible.builtin.command: /usr/sbin/postmap /etc/postfix/bysender - name: rebuild postfix tls_policy - command: /usr/sbin/postmap /etc/postfix/tls_policy + ansible.builtin.command: /usr/sbin/postmap /etc/postfix/tls_policy - name: restart postfix service: name=postfix state=restarted - name: reload proxyhttpd - command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd + ansible.builtin.command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd - name: run rkhunter - command: rkhunter --propupd + ansible.builtin.command: rkhunter --propupd - name: restart moksha-hub service: name=moksha-hub state=restarted @@ -139,7 +139,7 @@ service: name=pagure_ev state=restarted - name: "update ca-trust" - command: /usr/bin/update-ca-trust + ansible.builtin.command: /usr/bin/update-ca-trust - name: restart stunnel service: name=stunnel state=restarted @@ -151,20 +151,20 @@ service: name=NetworkManager state=restarted - name: reload NetworkManager-connections - command: nmcli c reload + ansible.builtin.command: nmcli c reload - name: restart basset-worker service: name=basset-worker state=restarted - name: apply interface-changes - command: nmcli con up {{ item.split()[1] }} + ansible.builtin.command: nmcli con up {{ item.split()[1] }} async: 1 poll: 0 loop: "{{ if_uuid.stdout_lines|flatten(levels=1) }}" when: item.split()[1] not in ansible_ifcfg_disabled - name: flush journald tmpfiles to persistent store - command: pkill -f -USR1 systemd-journald + ansible.builtin.command: pkill -f -USR1 systemd-journald - name: restart idmapd service: name=nfs-idmapd state=restarted diff --git a/playbooks/check-for-updates.yml b/playbooks/check-for-updates.yml index 1b093bf783..f1f554d39c 100644 --- a/playbooks/check-for-updates.yml +++ b/playbooks/check-for-updates.yml @@ -33,7 +33,7 @@ # - name: Make dnf recheck for new metadata from repos - command: dnf clean expire-cache + ansible.builtin.command: dnf clean expire-cache - name: Check for updates (dnf) dnf: list=updates diff --git a/playbooks/check-host.yml b/playbooks/check-host.yml index 0cc3787773..e38cbc96cb 100644 --- a/playbooks/check-host.yml +++ b/playbooks/check-host.yml @@ -144,7 +144,7 @@ - fileverify - name: Get locally changed files (excluding config files) - command: "egrep -v ' c /' {{ localchanges.stdout }}" + ansible.builtin.command: "egrep -v ' c /' {{ localchanges.stdout }}" register: rpm_va_nc changed_when: false when: localchanges is defined and localchanges.stdout != "" @@ -161,7 +161,7 @@ - fileverify - name: 'Whitelist - Get locally changed files (config files)' - command: "egrep ' c /' {{ localchanges.stdout }}" + ansible.builtin.command: "egrep ' c /' {{ localchanges.stdout }}" register: rpm_va_c when: localchanges is defined and localchanges.stdout != "" changed_when: false diff --git a/playbooks/clear_memcached.yml b/playbooks/clear_memcached.yml index 6f14586e8f..7ca2061284 100644 --- a/playbooks/clear_memcached.yml +++ b/playbooks/clear_memcached.yml @@ -5,4 +5,4 @@ tasks: - name: Clear memcache - command: echo flush_all | nc localhost 11211 + ansible.builtin.command: echo flush_all | nc localhost 11211 diff --git a/playbooks/clear_varnish.yml b/playbooks/clear_varnish.yml index ab6f3750a8..a05601734d 100644 --- a/playbooks/clear_varnish.yml +++ b/playbooks/clear_varnish.yml @@ -6,4 +6,4 @@ tasks: - name: Clear varnish - command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == . + ansible.builtin.command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == . diff --git a/playbooks/death_to_postfix.yml b/playbooks/death_to_postfix.yml index 25f46643c0..e380b78c29 100644 --- a/playbooks/death_to_postfix.yml +++ b/playbooks/death_to_postfix.yml @@ -13,10 +13,10 @@ # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there.. - name: Really kill postfix master process - command: pkill -u root master removes=/var/spool/postfix/pid/master.pid + ansible.builtin.command: pkill -u root master removes=/var/spool/postfix/pid/master.pid - name: Clean up old pid lock file. - command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid + ansible.builtin.command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid - name: Try to start postfix cleanly service: name=postfix state=started diff --git a/playbooks/destroy_virt_inst.yml b/playbooks/destroy_virt_inst.yml index bbbed06377..0cd6de5dc2 100644 --- a/playbooks/destroy_virt_inst.yml +++ b/playbooks/destroy_virt_inst.yml @@ -42,5 +42,5 @@ delegate_to: "{{ vmhost }}" - name: Destroy the lv - command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} + ansible.builtin.command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}} delegate_to: "{{ vmhost }}" diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index 32ed9f43d5..28fe1be161 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -153,5 +153,5 @@ ignore_errors: true - name: make sure selinux contexts are right on srv - command: restorecon -R /srv + ansible.builtin.command: restorecon -R /srv changed_when: false diff --git a/playbooks/host_reboot.yml b/playbooks/host_reboot.yml index 064e56e979..06c32ea1b8 100644 --- a/playbooks/host_reboot.yml +++ b/playbooks/host_reboot.yml @@ -14,13 +14,13 @@ ignore_errors: true - name: Reboot the host - command: /sbin/shutdown -r 1 + ansible.builtin.command: /sbin/shutdown -r 1 - name: Wait for host to come back - up to 15 minutes local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH # - name: Sync time -# command: ntpdate -u 1.rhel.pool.ntp.org +# ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org - name: Tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} diff --git a/playbooks/host_update.yml b/playbooks/host_update.yml index dd31c32462..ac6650b666 100644 --- a/playbooks/host_update.yml +++ b/playbooks/host_update.yml @@ -11,10 +11,10 @@ tasks: - name: Expire-caches - command: yum clean expire-cache + ansible.builtin.command: yum clean expire-cache - name: Yum -y {{ yumcommand }} - command: yum -y {{ yumcommand }} + ansible.builtin.command: yum -y {{ yumcommand }} async: 7200 poll: 30 @@ -24,10 +24,10 @@ tasks: - name: Check for rkhunter - command: /usr/bin/test -f /usr/bin/rkhunter + ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: Run rkhunter --propupd - command: /usr/bin/rkhunter --propupd + ansible.builtin.command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml index 7a4b42ba29..20b06078c2 100644 --- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml +++ b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml @@ -42,7 +42,7 @@ - selinux - name: allow alternate ntpd port - command: semanage port -a -t ntp_port_t -p tcp 124 + ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124 when: '"124" not in ntp_selinux_port' failed_when: false tags: @@ -50,7 +50,7 @@ - selinux - name: allow alternate ntpd port - command: semanage port -a -t ntp_port_t -p udp 124 + ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124 when: '"124" not in ntp_selinux_port' failed_when: false tags: diff --git a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml index 2cc8af886e..6ef01b6163 100644 --- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml +++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml @@ -52,7 +52,7 @@ - selinux - name: allow alternate ntpd port - command: semanage port -a -t ntp_port_t -p tcp 124 + ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124 when: '"124" not in ntp_selinux_port' failed_when: false tags: @@ -60,7 +60,7 @@ - selinux - name: allow alternate ntpd port - command: semanage port -a -t ntp_port_t -p udp 124 + ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124 when: '"124" not in ntp_selinux_port' failed_when: false tags: diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 548ae7dbef..72f827d4f0 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -20,7 +20,7 @@ - httpd/website - name: Check the selinux context of webdir - command: matchpathcon /srv/web + ansible.builtin.command: matchpathcon /srv/web register: webdir check_mode: no changed_when: "1 != 1" @@ -31,7 +31,7 @@ - httpd/website - name: /srv/web file contexts - command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: webdir.stdout.find('httpd_sys_content_t') == -1 tags: - config diff --git a/playbooks/manual/gdpr/delete.yml b/playbooks/manual/gdpr/delete.yml index cb407fb2c3..af2c80c85e 100644 --- a/playbooks/manual/gdpr/delete.yml +++ b/playbooks/manual/gdpr/delete.yml @@ -9,7 +9,7 @@ strategy: free tasks: # Non-huge SAR retrieval - - command: "{{ gdpr_delete_script }}" + - ansible.builtin.command: "{{ gdpr_delete_script }}" environment: SAR_USERNAME: "{{ gdpr_delete_fas_user }}" SAR_EMAIL: "{{ gdpr_delete_email }}" diff --git a/playbooks/manual/gdpr/sar.yml b/playbooks/manual/gdpr/sar.yml index 078f92f9c5..ec88702e5c 100644 --- a/playbooks/manual/gdpr/sar.yml +++ b/playbooks/manual/gdpr/sar.yml @@ -9,7 +9,7 @@ - name: "Create the archive" block: # Create a safe place to store the files. - - command: "mktemp -d" + - ansible.builtin.command: "mktemp -d" register: sar_tmp_dir # Let's make this a more conveniently expressed variable. - set_fact: @@ -20,7 +20,7 @@ strategy: free tasks: # Non-huge SAR retrieval - - command: "{{ sar_script }}" + - ansible.builtin.command: "{{ sar_script }}" environment: SAR_USERNAME: "{{ sar_fas_user }}" SAR_EMAIL: "{{ sar_email }}" @@ -36,7 +36,7 @@ delegate_facts: false when: "sar_huge is not defined or not sar_huge" # Remove the variable from memory - - command: "/bin/true" + - ansible.builtin.command: "/bin/true" register: sar_data when: "sar_huge is not defined or not sar_huge" @@ -61,7 +61,7 @@ args: chdir: "{{ sar_tmp_dir }}" # Move the tarball into the desired pick up location. - - command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}" + - ansible.builtin.command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}" always: # Let's clean up our temporary directory. - - command: "rm -r {{ sar_tmp_dir }}" + - ansible.builtin.command: "rm -r {{ sar_tmp_dir }}" diff --git a/playbooks/manual/gdpr/sar_openshift.yml b/playbooks/manual/gdpr/sar_openshift.yml index 8a3056e92b..f412e184ec 100644 --- a/playbooks/manual/gdpr/sar_openshift.yml +++ b/playbooks/manual/gdpr/sar_openshift.yml @@ -6,7 +6,7 @@ register: pod_id # Run the SAR script - name: Run oc exec in container to extract the data - command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'" + ansible.builtin.command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'" register: sar_data # Store the result on disk - name: Copy the output data locally diff --git a/playbooks/manual/history_undo.yml b/playbooks/manual/history_undo.yml index 8b213a5ff5..b9d2f784f8 100644 --- a/playbooks/manual/history_undo.yml +++ b/playbooks/manual/history_undo.yml @@ -24,7 +24,7 @@ when: transaction_id.stderr == "" - name: Get info on that transaction - command: yum history info {{ transaction_id.stdout }} + ansible.builtin.command: yum history info {{ transaction_id.stdout }} register: transaction_info when: transaction_id.stderr == "" @@ -35,5 +35,5 @@ # when: transaction_id.stderr == "" - name: Okay.. undo that transaction now - command: yum -y history undo {{ transaction_id.stdout }} + ansible.builtin.command: yum -y history undo {{ transaction_id.stdout }} when: transaction_id.stderr == "" diff --git a/playbooks/manual/import-irc-cookies-to-matrix.yml b/playbooks/manual/import-irc-cookies-to-matrix.yml index 5e2e6e1bf6..5f6c3c42ac 100644 --- a/playbooks/manual/import-irc-cookies-to-matrix.yml +++ b/playbooks/manual/import-irc-cookies-to-matrix.yml @@ -33,7 +33,7 @@ mode: "0755" - name: Run the import script - command: + ansible.builtin.command: argv: - /usr/local/bin/karma-to-cookies-db - -i diff --git a/playbooks/manual/noggin-deployment/create-full-backup.yml b/playbooks/manual/noggin-deployment/create-full-backup.yml index 953a901961..3007ca4bb0 100644 --- a/playbooks/manual/noggin-deployment/create-full-backup.yml +++ b/playbooks/manual/noggin-deployment/create-full-backup.yml @@ -7,7 +7,7 @@ # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Create backup of FreeIPA server data - command: ipa-backup + ansible.builtin.command: ipa-backup - name: Make the latest backup available under a fixed name shell: diff --git a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml b/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml index 2f44ccd31c..f3177f51a5 100644 --- a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml +++ b/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml @@ -32,14 +32,14 @@ # Checks - name: Check if the host can obtain a Kerberos ticket - command: kinit -kt /etc/krb5.keytab + ansible.builtin.command: kinit -kt /etc/krb5.keytab ignore_errors: yes changed_when: no register: kinit_res when: ipa_server is defined - name: Ping the IPA server - command: ipa ping + ansible.builtin.command: ipa ping ignore_errors: yes changed_when: no register: ipa_ping_res @@ -56,7 +56,7 @@ # Do the things - name: Unenroll IPA client - command: ipa-client-install --uninstall --unattended + ansible.builtin.command: ipa-client-install --uninstall --unattended when: do_the_things - name: Apply the ipa/client role diff --git a/playbooks/manual/noggin-deployment/restore-latest-backup.yml b/playbooks/manual/noggin-deployment/restore-latest-backup.yml index ea042df268..79f6d62435 100644 --- a/playbooks/manual/noggin-deployment/restore-latest-backup.yml +++ b/playbooks/manual/noggin-deployment/restore-latest-backup.yml @@ -7,4 +7,4 @@ # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Restore latest backup of FreeIPA server data - command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }} + ansible.builtin.command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }} diff --git a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml b/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml index 9dd023d566..70740e3861 100644 --- a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml +++ b/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml @@ -9,7 +9,7 @@ tasks: - name: Uninstall IPA client - command: ipa-client-install --uninstall --unattended + ansible.builtin.command: ipa-client-install --uninstall --unattended ignore_errors: yes - import_playbook: "/srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml" @@ -67,7 +67,7 @@ loop: "{{keytabs}}" - name: Remove keytab secret - command: oc -n {{item.app}} delete secret {{item.secret_name}} + ansible.builtin.command: oc -n {{item.app}} delete secret {{item.secret_name}} register: delete_out failed_when: "delete_out.rc != 0 and 'NotFound' not in delete_out.stderr" changed_when: "delete_out.rc == 0 and 'secret \"{{item.secret_name}}\" deleted' in delete_out.stdout" diff --git a/playbooks/manual/oci-registry-prune.yml b/playbooks/manual/oci-registry-prune.yml index 6bc56637e4..d6affeac75 100644 --- a/playbooks/manual/oci-registry-prune.yml +++ b/playbooks/manual/oci-registry-prune.yml @@ -29,7 +29,7 @@ - debug: var=prod_output.stdout_lines - name: Run registry garbage collection to reclaim disk space - command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" + ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" when: env == "production" - name: Find and Delete 30 days old OCI images (stg) @@ -45,5 +45,5 @@ - debug: var=stg_output.stdout_lines - name: Run registry garbage collection to reclaim disk space (stg) - command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" + ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml" when: env == "staging" diff --git a/playbooks/manual/ocp4-place-ignitionfiles.yml b/playbooks/manual/ocp4-place-ignitionfiles.yml index 44175b64d5..0bb74296ed 100644 --- a/playbooks/manual/ocp4-place-ignitionfiles.yml +++ b/playbooks/manual/ocp4-place-ignitionfiles.yml @@ -100,7 +100,7 @@ - kvm_deploy when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms'] - name: == OCP KVM provisioning == Deploying the OCP Virtual Guest[s] - command: "{{ virt_install_command }}" + ansible.builtin.command: "{{ virt_install_command }}" delegate_to: "{{ vmhost }}" tags: - kvm_deploy diff --git a/playbooks/manual/rebuild/websites.yml b/playbooks/manual/rebuild/websites.yml index 4f391376ad..5e992fee8a 100644 --- a/playbooks/manual/rebuild/websites.yml +++ b/playbooks/manual/rebuild/websites.yml @@ -11,7 +11,7 @@ tasks: - name: Run syncStatic (this takes a while)... - command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic + ansible.builtin.command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic - name: Tell the proxies to sync that freshness hosts: proxies:proxies_stg @@ -23,7 +23,7 @@ tasks: - name: Rsync each site in to place - command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/ + ansible.builtin.command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/ with_items: - getfedora.org - fedoracommunity.org diff --git a/playbooks/manual/sign-and-import.yml b/playbooks/manual/sign-and-import.yml index ae7e04063f..5906dd05c4 100644 --- a/playbooks/manual/sign-and-import.yml +++ b/playbooks/manual/sign-and-import.yml @@ -52,7 +52,7 @@ - "{{ rpmdir }}/*.src.rpm" - name: Move processed srpms out to {{ rpmdir }}-old - command: /bin/mv {{ item }} {{ rpmdir }}-old/ + ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/ when: not testing with_fileglob: - "{{ rpmdir }}/*.src.rpm" @@ -68,13 +68,13 @@ - "{{ rpmdir }}/*.rpm" - name: Move processed rpms out to {{ rpmdir }}-old - command: /bin/mv {{ item }} {{ rpmdir }}-old/ + ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/ when: not testing with_fileglob: - "{{ rpmdir }}/*.rpm" - name: Run createrepo on each repo - command: createrepo --update {{ repodir }}/{{ item }}/ + ansible.builtin.command: createrepo --update {{ repodir }}/{{ item }}/ with_items: - SRPMS - x86_64 diff --git a/playbooks/manual/staging-sync/bodhi.yml b/playbooks/manual/staging-sync/bodhi.yml index 3e57a9b2de..d407237015 100644 --- a/playbooks/manual/staging-sync/bodhi.yml +++ b/playbooks/manual/staging-sync/bodhi.yml @@ -20,9 +20,9 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - command: oc -n bodhi scale dc/bodhi-web --replicas=0 - - command: oc -n bodhi scale dc/bodhi-consumer --replicas=0 - - command: oc -n bodhi scale dc/bodhi-celery --replicas=0 + - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0 + - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=0 + - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=0 - name: Bring staging services down (messaging) hosts: bodhi_backend_stg @@ -60,10 +60,10 @@ src: /srv/web/infra/db-dumps/bodhi2.dump.xz dest: /var/tmp/bodhi2.dump.xz owner: postgres group=postgres - - command: unxz /var/tmp/bodhi2.dump.xz + - ansible.builtin.command: unxz /var/tmp/bodhi2.dump.xz creates=/var/tmp/bodhi2.dump - - command: dropdb bodhi2 - - command: createdb -O bodhi2 bodhi2 + - ansible.builtin.command: dropdb bodhi2 + - ansible.builtin.command: createdb -O bodhi2 bodhi2 - name: Import the prod db. shell: cat /var/tmp/bodhi2.dump | psql bodhi2 - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent @@ -77,9 +77,9 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - - command: oc -n bodhi scale dc/bodhi-web --replicas=1 - - command: oc -n bodhi scale dc/bodhi-consumer --replicas=1 - - command: oc -n bodhi scale dc/bodhi-celery --replicas=1 + - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=1 + - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=1 + - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=1 - name: Bring staging services up (httpd) hosts: bodhi2_stg diff --git a/playbooks/manual/staging-sync/db-sync.yml b/playbooks/manual/staging-sync/db-sync.yml index 81d350f766..1991687fcd 100644 --- a/playbooks/manual/staging-sync/db-sync.yml +++ b/playbooks/manual/staging-sync/db-sync.yml @@ -78,15 +78,15 @@ dest: /var/tmp/{{ db }}.dump.xz - name: Unpack the archive - command: unxz /var/tmp/{{ db }}.dump.xz + ansible.builtin.command: unxz /var/tmp/{{ db }}.dump.xz creates=/var/tmp/{{ db }}.dump - name: Drop the postgresql database in staging - command: dropdb {{ db }} + ansible.builtin.command: dropdb {{ db }} ignore_errors: yes - name: Create the postgresql database in staging - command: createdb {{ db }} + ansible.builtin.command: createdb {{ db }} - name: Import the prod db. This will take quite a while. Go get a snack! shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} @@ -123,7 +123,7 @@ tasks: - name: Remove the db dump on the prod server - command: rm -f /var/tmp/{{ db }}.dump.xz + ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz - name: Remove the prod db dump on batcave hosts: batcave01.iad2.fedoraproject.org @@ -138,4 +138,4 @@ tasks: - name: Remove the DB dump from batcave - command: rm -f /var/tmp/{{ db }}.dump.xz + ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz diff --git a/playbooks/manual/staging-sync/mailman.yml b/playbooks/manual/staging-sync/mailman.yml index 409fd1113c..a4ed0deda5 100644 --- a/playbooks/manual/staging-sync/mailman.yml +++ b/playbooks/manual/staging-sync/mailman.yml @@ -40,12 +40,12 @@ dest: /var/tmp/mailman.dump.xz owner: postgres group: postgres - - command: unxz /var/tmp/mailman.dump.xz + - ansible.builtin.command: unxz /var/tmp/mailman.dump.xz creates=/var/tmp/mailman.dump - - command: dropdb mailman - - command: createdb -O mailmanadmin mailman + - ansible.builtin.command: dropdb mailman + - ansible.builtin.command: createdb -O mailmanadmin mailman - name: Import the prod db. This will take quite a while. Go get a snack! - command: psql -f /var/tmp/mailman.dump mailman + ansible.builtin.command: psql -f /var/tmp/mailman.dump mailman # - name: Fix the database # shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman @@ -55,12 +55,12 @@ dest: /var/tmp/hyperkitty.dump.xz owner: postgres group: postgres - - command: unxz /var/tmp/hyperkitty.dump.xz + - ansible.builtin.command: unxz /var/tmp/hyperkitty.dump.xz creates=/var/tmp/hyperkitty.dump - - command: dropdb hyperkitty - - command: createdb -O hyperkittyadmin hyperkitty + - ansible.builtin.command: dropdb hyperkitty + - ansible.builtin.command: createdb -O hyperkittyadmin hyperkitty - name: Import the prod db. This will take quite a while. Go get a snack! - command: psql -f /var/tmp/hyperkitty.dump hyperkitty + ansible.builtin.command: psql -f /var/tmp/hyperkitty.dump hyperkitty # - name: Fix the database # shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty @@ -91,4 +91,4 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - - command: /srv/webui/bin/prod-to-stg.py + - ansible.builtin.command: /srv/webui/bin/prod-to-stg.py diff --git a/playbooks/manual/update-firmware.yml b/playbooks/manual/update-firmware.yml index fdefdeabae..e3da09f3f2 100644 --- a/playbooks/manual/update-firmware.yml +++ b/playbooks/manual/update-firmware.yml @@ -76,7 +76,7 @@ # Dell updates here - name: Check Dell updates check_mode: no - command: /root/firmware-upgrades/{{ item.item.1}} -qc + ansible.builtin.command: /root/firmware-upgrades/{{ item.item.1}} -qc register: check_results failed_when: "'System(s) supported by this package' in check_results.stdout" changed_when: "'is the same' not in check_results.stdout" @@ -84,7 +84,7 @@ with_items: "{{is_applied_results.results}}" - name: Apply Dell updates - command: /root/firmware-upgrades/{{ item.item.item.1}} -q + ansible.builtin.command: /root/firmware-upgrades/{{ item.item.item.1}} -q register: update_results failed_when: "'System(s) supported by this package:' in update_results.stdout" changed_when: "'should be restarted' in update_results.stdout or 'completed successfully' in update_results.stdout" diff --git a/playbooks/manual/update-packages.yml b/playbooks/manual/update-packages.yml index fa32342a72..5718d0081d 100644 --- a/playbooks/manual/update-packages.yml +++ b/playbooks/manual/update-packages.yml @@ -25,7 +25,7 @@ when: testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' - name: Dnf clean all (since we can't do it when updating) - command: dnf clean all + ansible.builtin.command: dnf clean all when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - name: Dnf update {{ package }} from main repo @@ -33,7 +33,7 @@ when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - name: Dnf clean all (since we can't do it when updating) - command: dnf clean all --enablerepo=infrastructure-tags-stg + ansible.builtin.command: dnf clean all --enablerepo=infrastructure-tags-stg when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora' - name: Dnf update {{ package }} from testing repo diff --git a/playbooks/manual/upgrade/bodhi.yml b/playbooks/manual/upgrade/bodhi.yml index 46ad293cff..e31173dc85 100644 --- a/playbooks/manual/upgrade/bodhi.yml +++ b/playbooks/manual/upgrade/bodhi.yml @@ -58,7 +58,7 @@ tasks: - name: Find out what the current migration version is - command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current + ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current register: current_migration_version - name: Stop the front end if there are migrations to run @@ -82,7 +82,7 @@ # This will be a bool that indicates whether we need to run migrations or not. migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout" - name: Scale down to 0 pods - command: oc -n bodhi scale dc/bodhi-web --replicas=0 + ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0 when: migrations - name: Verify the backends, stop them, and then upgrade the db @@ -114,7 +114,7 @@ - bodhi-celery - name: Upgrade the database - command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head + ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head args: chdir: /usr/share/bodhi/ @@ -145,10 +145,10 @@ tasks: - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml - name: Scale up pods - command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} + ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} when: env != "staging" - name: Scale up pods - command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} + ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }} when: env == "staging" # Redeploy the build config as it may request a newer version in the Dockerfile # Only do it on prod because staging tracks a branch diff --git a/playbooks/manual/upgrade/bugzilla2fedmsg.yml b/playbooks/manual/upgrade/bugzilla2fedmsg.yml index 969d369c80..2c9fb7b4ae 100644 --- a/playbooks/manual/upgrade/bugzilla2fedmsg.yml +++ b/playbooks/manual/upgrade/bugzilla2fedmsg.yml @@ -13,7 +13,7 @@ tasks: - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - name: Update bugzilla2fedmsg packages from main repo package: name="python-bugzilla2fedmsg" state=latest diff --git a/playbooks/manual/upgrade/datagrepper.yml b/playbooks/manual/upgrade/datagrepper.yml index 78e9b30a9a..dff34a5b1e 100644 --- a/playbooks/manual/upgrade/datagrepper.yml +++ b/playbooks/manual/upgrade/datagrepper.yml @@ -13,7 +13,7 @@ tasks: - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - name: Yum update datagrepper packages from main repo package: name="datagrepper" state=latest diff --git a/playbooks/manual/upgrade/datanommer.yml b/playbooks/manual/upgrade/datanommer.yml index 72197c1e0f..d8705af4b7 100644 --- a/playbooks/manual/upgrade/datanommer.yml +++ b/playbooks/manual/upgrade/datanommer.yml @@ -33,7 +33,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - name: Scale down datagrepper to 0 pods - command: oc -n datagrepper scale dc/datagrepper --replicas=0 + ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=0 - name: Stop datanommer hosts: @@ -48,7 +48,7 @@ - import_tasks: "{{ handlers_path }}/restart_services.yml" tasks: - name: Scale down datanommer to 0 pods - command: oc -n datanommer scale dc/datanommer --replicas=0 + ansible.builtin.command: oc -n datanommer scale dc/datanommer --replicas=0 - name: Upgrade the database role: openshift/object @@ -57,7 +57,7 @@ object_objectname: job.yml - name: Wait for the db-upgrade completion - command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}' + ansible.builtin.command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}' register: status until: status.stdout | int == 1 retries: 5 @@ -81,7 +81,7 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Scale up datanommer pods - command: oc -n datanommer scale dc/db-datanommer --replicas=1 + ansible.builtin.command: oc -n datanommer scale dc/db-datanommer --replicas=1 - name: Start the datagrepper again hosts: @@ -94,7 +94,7 @@ - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml tasks: - name: Scale up datagrepper pods - command: oc -n datagrepper scale dc/datagrepper --replicas=1 + ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=1 - name: Restart the last backend piece (badges) hosts: diff --git a/playbooks/manual/upgrade/fedmsg.yml b/playbooks/manual/upgrade/fedmsg.yml index 1914a65688..9a38ec8131 100644 --- a/playbooks/manual/upgrade/fedmsg.yml +++ b/playbooks/manual/upgrade/fedmsg.yml @@ -35,7 +35,7 @@ tasks: - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - name: Yum update fedmsg packages from the main repo package: name={{item}} state=latest diff --git a/playbooks/manual/upgrade/mote.yml b/playbooks/manual/upgrade/mote.yml index cfa85d07b3..7f31208e2f 100644 --- a/playbooks/manual/upgrade/mote.yml +++ b/playbooks/manual/upgrade/mote.yml @@ -13,7 +13,7 @@ tasks: - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - name: Update mote packages from main repo package: name="mote" state=latest diff --git a/playbooks/manual/upgrade/packages.yml b/playbooks/manual/upgrade/packages.yml index 3c1f9e124d..8a09ece0b0 100644 --- a/playbooks/manual/upgrade/packages.yml +++ b/playbooks/manual/upgrade/packages.yml @@ -13,7 +13,7 @@ tasks: - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%} - command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} + ansible.builtin.command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%} check_mode: no - name: Update fedora-packages packages from main repo package: name="fedora-packages" state=latest diff --git a/playbooks/manual/upgrade/pagure.yml b/playbooks/manual/upgrade/pagure.yml index 53640272a7..89f58417b4 100644 --- a/playbooks/manual/upgrade/pagure.yml +++ b/playbooks/manual/upgrade/pagure.yml @@ -75,7 +75,7 @@ when: inventory_hostname.startswith('pagure') - name: Upgrade the database - command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head + ansible.builtin.command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head args: chdir: /etc/pagure/ environment: diff --git a/playbooks/rkhunter_only.yml b/playbooks/rkhunter_only.yml index 9b6ff0901e..c703f2fd15 100644 --- a/playbooks/rkhunter_only.yml +++ b/playbooks/rkhunter_only.yml @@ -7,10 +7,10 @@ tasks: - name: Check for rkhunter - command: /usr/bin/test -f /usr/bin/rkhunter + ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: Run rkhunter --propupd - command: /usr/bin/rkhunter --propupd + ansible.builtin.command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/rkhunter_update.yml b/playbooks/rkhunter_update.yml index 59680d277f..46d58ecc22 100644 --- a/playbooks/rkhunter_update.yml +++ b/playbooks/rkhunter_update.yml @@ -7,18 +7,18 @@ tasks: - name: Expire-caches - command: yum clean expire-cache + ansible.builtin.command: yum clean expire-cache - name: Yum -y {{ yumcommand }} - command: yum -y {{ yumcommand }} + ansible.builtin.command: yum -y {{ yumcommand }} async: 7200 poll: 15 - name: Check for rkhunter - command: /usr/bin/test -f /usr/bin/rkhunter + ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: Run rkhunter --propupd - command: /usr/bin/rkhunter --propupd + ansible.builtin.command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/universe_update.yml b/playbooks/universe_update.yml index 185fcf64e5..f3d1d9129b 100644 --- a/playbooks/universe_update.yml +++ b/playbooks/universe_update.yml @@ -57,10 +57,10 @@ tasks: - name: Check for rkhunter - command: /usr/bin/test -f /usr/bin/rkhunter + ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: Run rkhunter --propupd - command: /usr/bin/rkhunter --propupd + ansible.builtin.command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/playbooks/update-proxy-dns.yml b/playbooks/update-proxy-dns.yml index d020405d33..ed2e5c5396 100644 --- a/playbooks/update-proxy-dns.yml +++ b/playbooks/update-proxy-dns.yml @@ -55,7 +55,7 @@ when: nodns is not defined or not "true" in nodns - name: Run update-dns on each nameserver - command: /usr/local/bin/update-dns + ansible.builtin.command: /usr/local/bin/update-dns delegate_to: "{{item}}" with_items: "{{groups.dns}}" when: nodns is not defined or not "true" in nodns diff --git a/playbooks/update_dns.yml b/playbooks/update_dns.yml index 7712401d6e..caa4186411 100644 --- a/playbooks/update_dns.yml +++ b/playbooks/update_dns.yml @@ -6,4 +6,4 @@ tasks: - name: Push dns changes out - command: /usr/local/bin/update-dns + ansible.builtin.command: /usr/local/bin/update-dns diff --git a/playbooks/update_ticketkey.yml b/playbooks/update_ticketkey.yml index d9044f9d6d..3b4ff51850 100644 --- a/playbooks/update_ticketkey.yml +++ b/playbooks/update_ticketkey.yml @@ -13,10 +13,10 @@ tasks: - name: create new production ticket key - command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod + ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod - name: create new staging ticket key - command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag + ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag - name: Push out new ticket key hosts: proxies:proxies_stg diff --git a/playbooks/vhost_halt_guests.yml b/playbooks/vhost_halt_guests.yml index 0ec5110edb..e6ad857328 100644 --- a/playbooks/vhost_halt_guests.yml +++ b/playbooks/vhost_halt_guests.yml @@ -45,7 +45,7 @@ delegate_to: noc01.iad2.fedoraproject.org - name: Echo-y - command: /sbin/halt -p + ansible.builtin.command: /sbin/halt -p ignore_errors: true # if one of them is down we don't care diff --git a/playbooks/vhost_poweroff.yml b/playbooks/vhost_poweroff.yml index 59dfc08f12..c4bca9497b 100644 --- a/playbooks/vhost_poweroff.yml +++ b/playbooks/vhost_poweroff.yml @@ -41,7 +41,7 @@ tasks: - name: Halt the vm instances - to poweroff - command: /sbin/shutdown -h 1 + ansible.builtin.command: /sbin/shutdown -h 1 ignore_errors: true # if one of them is down we don't care @@ -61,4 +61,4 @@ tasks: - name: Halt the virthost - command: /sbin/shutdown -h 1 + ansible.builtin.command: /sbin/shutdown -h 1 diff --git a/playbooks/vhost_reboot.yml b/playbooks/vhost_reboot.yml index a1cb293bc6..40fd487935 100644 --- a/playbooks/vhost_reboot.yml +++ b/playbooks/vhost_reboot.yml @@ -105,7 +105,7 @@ with_items: "{{ newvmlist.list_vms }}" # - name: sync time -# command: ntpdate -u 1.rhel.pool.ntp.org +# ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org - name: tell nagios to unshush nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }} diff --git a/playbooks/vhost_update.yml b/playbooks/vhost_update.yml index 2dee94c844..85f3fa59c2 100644 --- a/playbooks/vhost_update.yml +++ b/playbooks/vhost_update.yml @@ -83,10 +83,10 @@ tasks: - name: Check for rkhunter - command: /usr/bin/test -f /usr/bin/rkhunter + ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter register: rkhunter ignore_errors: true - name: Run rkhunter --propupd - command: /usr/bin/rkhunter --propupd + ansible.builtin.command: /usr/bin/rkhunter --propupd when: rkhunter is success diff --git a/roles/abrt/faf-post/tasks/repositories.yml b/roles/abrt/faf-post/tasks/repositories.yml index 7dc344bfde..c2142cadaa 100644 --- a/roles/abrt/faf-post/tasks/repositories.yml +++ b/roles/abrt/faf-post/tasks/repositories.yml @@ -11,7 +11,7 @@ - name: Assign repositories to Fedora releases loop: "{{ faf_repos }}" - command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'" + ansible.builtin.command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'" become: yes become_user: faf tags: add_repo @@ -26,14 +26,14 @@ - name: Remove repositories of EOL Fedora releases loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}" - command: "faf repodel '{{ item }}'" + ansible.builtin.command: "faf repodel '{{ item }}'" become: yes become_user: faf ignore_errors: yes - name: Clean up packages from EOL Fedora releases loop: "{{ rs_internal_fedora_vers_removed }}" - command: "faf cleanup-packages Fedora '{{ item }}'" + ansible.builtin.command: "faf cleanup-packages Fedora '{{ item }}'" become: yes become_user: faf ignore_errors: yes diff --git a/roles/abrt/faf-pre/tasks/setup_db.yml b/roles/abrt/faf-pre/tasks/setup_db.yml index 4d9d6393ef..a15d1893e1 100644 --- a/roles/abrt/faf-pre/tasks/setup_db.yml +++ b/roles/abrt/faf-pre/tasks/setup_db.yml @@ -1,6 +1,6 @@ --- - name: Ensure PostgreSQL database is initialized. - command: "postgresql-setup --initdb --unit postgresql" + ansible.builtin.command: "postgresql-setup --initdb --unit postgresql" args: creates: "/var/lib/pgsql/data/PG_VERSION" diff --git a/roles/abrt/faf/tasks/check.yml b/roles/abrt/faf/tasks/check.yml index 8b2ffddcc5..2a324343de 100644 --- a/roles/abrt/faf/tasks/check.yml +++ b/roles/abrt/faf/tasks/check.yml @@ -3,13 +3,13 @@ # check backend functionality - name: Add dummy Fedora 42 release - command: faf releaseadd -o fedora --opsys-release 42 + ansible.builtin.command: faf releaseadd -o fedora --opsys-release 42 become: yes become_user: faf changed_when: false - name: Get releases from FAF - command: faf releaselist + ansible.builtin.command: faf releaselist become: yes become_user: faf register: release_list @@ -17,7 +17,7 @@ changed_when: false - name: Add dummy meta_faf component to Fedora 42 release - command: faf compadd -o fedora --opsys-release 42 meta_faf + ansible.builtin.command: faf compadd -o fedora --opsys-release 42 meta_faf become: yes become_user: faf changed_when: false @@ -30,7 +30,7 @@ group: faf - name: Faf - command: faf {{ item }} + ansible.builtin.command: faf {{ item }} become: yes become_user: faf loop: diff --git a/roles/abrt/faf/tasks/cleanup.yml b/roles/abrt/faf/tasks/cleanup.yml index 1290cd243a..b59930dc98 100644 --- a/roles/abrt/faf/tasks/cleanup.yml +++ b/roles/abrt/faf/tasks/cleanup.yml @@ -1,6 +1,6 @@ --- - name: Remove EOLed opsys - command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL + ansible.builtin.command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL loop: "{{ eol_opsys }}" become: yes become_user: faf @@ -8,7 +8,7 @@ changed_when: false - name: Remove EOLed packages - command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}" + ansible.builtin.command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}" loop: "{{ eol_opsys }}" become: yes become_user: faf @@ -16,7 +16,7 @@ changed_when: false - name: Remove unassigned packages - command: faf cleanup-unassigned -f + ansible.builtin.command: faf cleanup-unassigned -f become: yes become_user: faf failed_when: false diff --git a/roles/abrt/faf/tasks/first_time_setup.yml b/roles/abrt/faf/tasks/first_time_setup.yml index 3a4acf81fa..ffc425d803 100644 --- a/roles/abrt/faf/tasks/first_time_setup.yml +++ b/roles/abrt/faf/tasks/first_time_setup.yml @@ -11,17 +11,17 @@ # Skip whole block if faf owns atleast 1 table in db - block: - name: Create faf's database schema - command: faf-migrate-db --create-all + ansible.builtin.command: faf-migrate-db --create-all become: yes become_user: faf - name: Stamp database as migrated to latest version - command: faf-migrate-db --stamp-only + ansible.builtin.command: faf-migrate-db --stamp-only become: yes become_user: faf - name: Init faf - command: faf init + ansible.builtin.command: faf init become: yes become_user: faf when: ( count_tables.stdout_lines[2]|int ) == 0 diff --git a/roles/abrt/faf/tasks/migrate_db.yml b/roles/abrt/faf/tasks/migrate_db.yml index 5a3f4fc97d..e55d40237a 100644 --- a/roles/abrt/faf/tasks/migrate_db.yml +++ b/roles/abrt/faf/tasks/migrate_db.yml @@ -1,6 +1,6 @@ --- - name: Run database migrations - command: faf-migrate-db + ansible.builtin.command: faf-migrate-db become: yes become_user: faf changed_when: false diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml index 4d3adcaf62..4164692121 100644 --- a/roles/abrt/retrace/tasks/podman.yml +++ b/roles/abrt/retrace/tasks/podman.yml @@ -10,7 +10,7 @@ state: stopped - name: Check if subuid is set for retrace user - command: cat /etc/subuid + ansible.builtin.command: cat /etc/subuid changed_when: false register: retrace_subuid @@ -30,12 +30,12 @@ rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}" - name: Set subuid for retrace user. - command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}" + ansible.builtin.command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}" when: '"retrace" not in retrace_subuid.stdout' - name: Check if subgid is set for retrace user - command: cat /etc/subgid + ansible.builtin.command: cat /etc/subgid changed_when: false register: retrace_subgid @@ -55,7 +55,7 @@ rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}" - name: Set subgid for retrace user - command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}" + ansible.builtin.command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}" when: '"retrace" not in retrace_subgid.stdout' diff --git a/roles/abrt/retrace/tasks/usefafpkgs.yml b/roles/abrt/retrace/tasks/usefafpkgs.yml index af457a25f7..d2a34c29de 100644 --- a/roles/abrt/retrace/tasks/usefafpkgs.yml +++ b/roles/abrt/retrace/tasks/usefafpkgs.yml @@ -1,6 +1,6 @@ --- - name: Check if faf is installed - command: rpm -q faf + ansible.builtin.command: rpm -q faf changed_when: false - name: Add user retrace to faf db diff --git a/roles/ansible-server/tasks/main.yml b/roles/ansible-server/tasks/main.yml index 1f3ce0b882..1bd3747dcb 100644 --- a/roles/ansible-server/tasks/main.yml +++ b/roles/ansible-server/tasks/main.yml @@ -30,6 +30,6 @@ - ansible-server - name: Install required collections - command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml + ansible.builtin.command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml tags: - ansible-server diff --git a/roles/apache/handlers/main.yml b/roles/apache/handlers/main.yml index 629970f002..ffc1f9bdd9 100644 --- a/roles/apache/handlers/main.yml +++ b/roles/apache/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: Restart apache - command: /usr/local/bin/conditional-restart.sh httpd httpd + ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd diff --git a/roles/base/handlers/main.yml b/roles/base/handlers/main.yml index 2f3d0a0775..135e3e9bce 100644 --- a/roles/base/handlers/main.yml +++ b/roles/base/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Apply interface-changes - command: nmcli con up {{ item.split()[1] }} + ansible.builtin.command: nmcli con up {{ item.split()[1] }} async: 1 poll: 0 with_items: @@ -16,7 +16,7 @@ service: name=NetworkManager state=restarted - name: Reload NetworkManager-connections - command: nmcli c reload + ansible.builtin.command: nmcli c reload - name: Restart postfix service: name=postfix state=restarted diff --git a/roles/base/tasks/crypto-policies.yml b/roles/base/tasks/crypto-policies.yml index 79dcf0be6e..561dd8ff1b 100644 --- a/roles/base/tasks/crypto-policies.yml +++ b/roles/base/tasks/crypto-policies.yml @@ -1,6 +1,6 @@ --- - name: Check current crypto-policy - command: "update-crypto-policies --show" + ansible.builtin.command: "update-crypto-policies --show" register: currentcryptopolicy failed_when: "1 != 1" changed_when: "1 != 1" @@ -10,7 +10,7 @@ - base/crypto-policies - name: Check if policy is applied - command: "update-crypto-policies --is-applied" + ansible.builtin.command: "update-crypto-policies --is-applied" register: cryptopolicyapplied failed_when: "1 != 1" changed_when: "1 != 1" @@ -20,7 +20,7 @@ - base/crypto-policies - name: Set crypto-policy on fedora 33 and higher hosts back to default - command: "update-crypto-policies --set DEFAULT" + ansible.builtin.command: "update-crypto-policies --set DEFAULT" when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0) and not inventory_hostname.startswith('ipsilon') " check_mode: no tags: @@ -28,7 +28,7 @@ - base/crypto-policies - name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1 - command: "update-crypto-policies --set DEFAULT:SHA1" + ansible.builtin.command: "update-crypto-policies --set DEFAULT:SHA1" when: "inventory_hostname.startswith('ns') and (currentcryptopolicy.stdout.find('DEFAULT:SHA1') == -1 or cryptopolicyapplied.rc != 0)" check_mode: no tags: diff --git a/roles/base/tasks/keytab.yml b/roles/base/tasks/keytab.yml index 873040bd74..c00c884eb7 100644 --- a/roles/base/tasks/keytab.yml +++ b/roles/base/tasks/keytab.yml @@ -19,7 +19,7 @@ - name: Create host entry delegate_to: "{{ ipa_server }}" - command: ipa host-add --force {{inventory_hostname}} + ansible.builtin.command: ipa host-add --force {{inventory_hostname}} register: host_add_result changed_when: "'Added host' in host_add_result.stdout" failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)" @@ -31,7 +31,7 @@ - name: Create additional host entries delegate_to: "{{ ipa_server }}" - command: ipa host-add --force {{item}} + ansible.builtin.command: ipa host-add --force {{item}} with_items: "{{ additional_host_keytabs }}" register: hosts_add_result changed_when: "'Added host' in hosts_add_result.stdout" @@ -44,7 +44,7 @@ - name: Generate host keytab delegate_to: "{{ ipa_server }}" - command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt + ansible.builtin.command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt register: getkeytab_result changed_when: false failed_when: "'successfully retrieved' not in getkeytab_result.stderr" @@ -56,7 +56,7 @@ - name: Add additional host keytabs delegate_to: "{{ ipa_server }}" - command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt + ansible.builtin.command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt with_items: "{{ additional_host_keytabs }}" register: getkeytabs_result changed_when: false @@ -69,7 +69,7 @@ - name: Destroy kerberos ticket delegate_to: "{{ ipa_server }}" - command: kdestroy -A + ansible.builtin.command: kdestroy -A tags: - base - config @@ -78,7 +78,7 @@ - name: Get keytab delegate_to: "{{ ipa_server }}" - command: base64 /tmp/{{inventory_hostname}}.kt + ansible.builtin.command: base64 /tmp/{{inventory_hostname}}.kt register: keytab tags: - base diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 13d4e29ad0..0b34e08dc9 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -372,7 +372,7 @@ - rsyslog-audit - name: Install our custom selinux module - command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp + ansible.builtin.command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp when: selinux_module is changed and ansible_distribution_major_version|int > 6 tags: - rsyslogd @@ -398,7 +398,7 @@ - selinux - name: Install our custom selinux module - command: semodule -i /usr/local/share/mapchkpwd.pp + ansible.builtin.command: semodule -i /usr/local/share/mapchkpwd.pp when: selinux_module is changed tags: - selinux diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 76f5db5d66..44886bf558 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -60,7 +60,7 @@ - base - name: Allow alternate sshd port - command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }} + ansible.builtin.command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }} when: sshd_port in sshd_selinux_port failed_when: false tags: diff --git a/roles/batcave/tasks/main.yml b/roles/batcave/tasks/main.yml index 47e296f346..d013bf9a94 100644 --- a/roles/batcave/tasks/main.yml +++ b/roles/batcave/tasks/main.yml @@ -425,7 +425,7 @@ # - name: Check the selinux context of webdir - command: matchpathcon /srv/web + ansible.builtin.command: matchpathcon /srv/web register: webdir check_mode: no changed_when: "1 != 1" @@ -437,7 +437,7 @@ - httpd/website - name: /srv/web file contexts - command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: webdir.stdout.find('httpd_sys_content_t') == -1 tags: - config @@ -451,7 +451,7 @@ # - name: Check the selinux context of ansible - command: matchpathcon /srv/git/ansible.git + ansible.builtin.command: matchpathcon /srv/git/ansible.git register: webdir check_mode: no changed_when: "1 != 1" @@ -463,7 +463,7 @@ - httpd/website - name: /srv/git/ansible file contexts - command: semanage fcontext -a -t git_content_t "/srv/git/ansible.git(/.*)?" + ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/ansible.git(/.*)?" when: webdir.stdout.find('git_content_t') == -1 tags: - config @@ -473,7 +473,7 @@ - httpd/website - name: Check the selinux context of badges - command: matchpathcon /srv/git/badges + ansible.builtin.command: matchpathcon /srv/git/badges register: webdir check_mode: no changed_when: "1 != 1" @@ -485,7 +485,7 @@ - httpd/website - name: /srv/git/badges file contexts - command: semanage fcontext -a -t git_content_t "/srv/git/badges(/.*)?" + ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/badges(/.*)?" when: webdir.stdout.find('git_content_t') == -1 tags: - config @@ -495,7 +495,7 @@ - httpd/website - name: Check the selinux context of dns - command: matchpathcon /srv/git/dns + ansible.builtin.command: matchpathcon /srv/git/dns register: webdir check_mode: no changed_when: "1 != 1" @@ -507,7 +507,7 @@ - httpd/website - name: /srv/git/dns file contexts - command: semanage fcontext -a -t git_content_t "/srv/git/dns(/.*)?" + ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/dns(/.*)?" when: webdir.stdout.find('git_content_t') == -1 tags: - config @@ -517,7 +517,7 @@ - httpd/website - name: Check the selinux context of infra-docs - command: matchpathcon /srv/git/infra-docs + ansible.builtin.command: matchpathcon /srv/git/infra-docs register: webdir check_mode: no changed_when: "1 != 1" @@ -529,7 +529,7 @@ - httpd/website - name: /srv/git/infra-docs file contexts - command: semanage fcontext -a -t git_content_t "/srv/git/infra-docs(/.*)?" + ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/infra-docs(/.*)?" when: webdir.stdout.find('git_content_t') == -1 tags: - config @@ -584,7 +584,7 @@ - tmux - name: Let the /var/tmux folder be writable to fi-apprentice as well - command: setfacl -R -m d:g:fi-apprentice:rwx -m g:fi-apprentice:rwx /var/tmux + ansible.builtin.command: setfacl -R -m d:g:fi-apprentice:rwx -m g:fi-apprentice:rwx /var/tmux tags: - batcave - tmux @@ -599,7 +599,7 @@ - openshiftboot - name: Let the openshift dir be writeable by sysadmin-openshift - command: setfacl -R -m d:g:sysadmin-openshift:rwx -m g:sysadmin-openshift:rwx /srv/web/infra/bigfiles/{{item}} + ansible.builtin.command: setfacl -R -m d:g:sysadmin-openshift:rwx -m g:sysadmin-openshift:rwx /srv/web/infra/bigfiles/{{item}} with_items: - openshiftboot - tftpboot/rhcos diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml index e6a295e733..b3ca5241f3 100644 --- a/roles/bodhi2/backend/tasks/main.yml +++ b/roles/bodhi2/backend/tasks/main.yml @@ -125,7 +125,7 @@ - cron - name: Determine Python version - command: + ansible.builtin.command: argv: - python3 - -c @@ -376,7 +376,7 @@ - bodhi - name: Let the ftpsync user also read the fedora-messaging key - command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem + ansible.builtin.command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem tags: - config - bodhi diff --git a/roles/cgit/make_pkgs_list/tasks/main.yml b/roles/cgit/make_pkgs_list/tasks/main.yml index 4bb18b45fa..60a7ce2311 100644 --- a/roles/cgit/make_pkgs_list/tasks/main.yml +++ b/roles/cgit/make_pkgs_list/tasks/main.yml @@ -50,7 +50,7 @@ tags: cgit - name: Check the selinux context of the repo list - command: matchpathcon /srv/git/pkgs-git-repos-list + ansible.builtin.command: matchpathcon /srv/git/pkgs-git-repos-list register: gitlistcontext check_mode: no changed_when: false @@ -60,7 +60,7 @@ - selinux - name: Set the SELinux policy for the repo list - command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list" + ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list" when: gitlistcontext.stdout.find('git_content_t') == -1 tags: - config diff --git a/roles/check-compose/handlers/main.yml b/roles/check-compose/handlers/main.yml index f412296f85..6d7a3540d9 100644 --- a/roles/check-compose/handlers/main.yml +++ b/roles/check-compose/handlers/main.yml @@ -1,6 +1,6 @@ # Restart handler for our fedora-messaging consumer --- - name: Conditionally restart check-compose consumer service - command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose listen: - restart check-compose diff --git a/roles/check-compose/tasks/main.yml b/roles/check-compose/tasks/main.yml index 518b20da10..67f1f49a0e 100644 --- a/roles/check-compose/tasks/main.yml +++ b/roles/check-compose/tasks/main.yml @@ -124,14 +124,14 @@ register: gitcc - name: Check if check-compose is installed for current Python - command: "pip show check_compose" + ansible.builtin.command: "pip show check_compose" register: instcc changed_when: "1 != 1" failed_when: "1 != 1" check_mode: no - name: Install check-compose - command: "python3 -m pip install --no-deps /root/check-compose" + ansible.builtin.command: "python3 -m pip install --no-deps /root/check-compose" when: "gitcc is changed or instcc.rc != 0" notify: - restart check-compose diff --git a/roles/collectd/base/tasks/main.yml b/roles/collectd/base/tasks/main.yml index bdd6e4813d..c4b3014bf4 100644 --- a/roles/collectd/base/tasks/main.yml +++ b/roles/collectd/base/tasks/main.yml @@ -152,7 +152,7 @@ - selinux - name: Install our general collectd selinux module - command: semodule -i /usr/share/collectd/fi-collectd.pp + ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd.pp when: ficgeneral_module is changed or ficgeneral_installed_version != ficgeneral_local_version tags: - collectd @@ -175,7 +175,7 @@ - selinux - name: Install our pstorefs/collectd selinux module - command: semodule -i /usr/share/collectd/fi-pstorefs.pp + ansible.builtin.command: semodule -i /usr/share/collectd/fi-pstorefs.pp when: (ficpstorefs_module is changed or ficpstorefs_grep is changed) tags: - collectd diff --git a/roles/collectd/fcomm-queue/tasks/main.yml b/roles/collectd/fcomm-queue/tasks/main.yml index 8e4cb517d6..a23bde0a54 100644 --- a/roles/collectd/fcomm-queue/tasks/main.yml +++ b/roles/collectd/fcomm-queue/tasks/main.yml @@ -46,7 +46,7 @@ - selinux - name: Install our fcomm collectd selinux module - command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp + ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp when: ficfcomm_module is changed or ficfcomm_grep is changed tags: - collectd diff --git a/roles/copr/backend/files/provision/provision_builder_tasks.yml b/roles/copr/backend/files/provision/provision_builder_tasks.yml index 3b275db09b..5bc7163824 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml @@ -83,7 +83,7 @@ # https://fedoraproject.org/wiki/Changes/StrongCryptoSettings - name: fallback to the legacy crypto policies - command: update-crypto-policies --set DEFAULT:SHA1 + ansible.builtin.command: update-crypto-policies --set DEFAULT:SHA1 when: - preparing_image diff --git a/roles/copr/backend/handlers/main.yml b/roles/copr/backend/handlers/main.yml index c165181b3f..30aa358201 100644 --- a/roles/copr/backend/handlers/main.yml +++ b/roles/copr/backend/handlers/main.yml @@ -7,7 +7,7 @@ when: not services_disabled - name: systemctl daemon-reload - command: /usr/bin/systemctl daemon-reload + ansible.builtin.command: /usr/bin/systemctl daemon-reload - name: restart lighttpd action: service name=lighttpd state=restarted diff --git a/roles/copr/backend/tasks/install_cloud_cert.yml b/roles/copr/backend/tasks/install_cloud_cert.yml index b64d98bb94..f28bf9eff1 100644 --- a/roles/copr/backend/tasks/install_cloud_cert.yml +++ b/roles/copr/backend/tasks/install_cloud_cert.yml @@ -4,5 +4,5 @@ register: cloud_pem_copied - name: Update certificates - command: /usr/bin/update-ca-trust + ansible.builtin.command: /usr/bin/update-ca-trust when: cloud_pem_copied.changed diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml index ece3c4a178..f4c517738f 100644 --- a/roles/copr/backend/tasks/main.yml +++ b/roles/copr/backend/tasks/main.yml @@ -70,7 +70,7 @@ - provision_config - name: Check known_hosts file - command: stat /home/copr/.ssh/known_hosts + ansible.builtin.command: stat /home/copr/.ssh/known_hosts register: hostsstat check_mode: no changed_when: "1 != 1" @@ -155,7 +155,7 @@ tags: logrotate - name: Fix selinux context on helper scripts - command: restorecon -irv /usr/local/bin/copr-lighty* + ansible.builtin.command: restorecon -irv /usr/local/bin/copr-lighty* when: logrotate_scripts.changed tags: logrotate @@ -277,13 +277,13 @@ shell: "chown -R copr:copr /var/lib/copr/public_html" when: '"copr" not in copr_results_dir_st.stat.pw_name' -- command: "ls -dZ /var/lib/copr/public_html/" +- ansible.builtin.command: "ls -dZ /var/lib/copr/public_html/" register: public_html_ls check_mode: no changed_when: false - name: Update selinux context for results if root folder does not have proper type - command: "restorecon -vvRF /var/lib/copr/public_html/" + ansible.builtin.command: "restorecon -vvRF /var/lib/copr/public_html/" when: "public_html_ls is defined and 'copr_data_t' not in public_html_ls.stdout" # - name: Install cert to access fed-cloud09 @@ -364,7 +364,7 @@ register: selinux_module - name: Install our custom selinux module - command: semodule -i /usr/local/share/copr/copr_rules.pp + ansible.builtin.command: semodule -i /usr/local/share/copr/copr_rules.pp when: selinux_module is changed - name: Setup AWS access diff --git a/roles/copr/base/tasks/main.yml b/roles/copr/base/tasks/main.yml index 6d641def71..6cd01fbd12 100644 --- a/roles/copr/base/tasks/main.yml +++ b/roles/copr/base/tasks/main.yml @@ -94,7 +94,7 @@ # check_mode: no # # - name: Disable offloading -# command: ethtool -K ens5 tso off gro off gso off +# ansible.builtin.command: ethtool -K ens5 tso off gro off gso off # when: # - offloading.rc == 0 # - ansible_distribution == 'Fedora' diff --git a/roles/copr/dist_git/tasks/main.yml b/roles/copr/dist_git/tasks/main.yml index 0239d22d00..e7cc654d24 100644 --- a/roles/copr/dist_git/tasks/main.yml +++ b/roles/copr/dist_git/tasks/main.yml @@ -123,13 +123,13 @@ - selinux - name: Install our custom selinux policy for cgit - command: semodule -i /usr/local/share/selinux/git_script_t.pp + ansible.builtin.command: semodule -i /usr/local/share/selinux/git_script_t.pp when: cgit_selinux_module is changed tags: - selinux - name: Create CGIT config file if it does not exist (takes almost an hour) - command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc + ansible.builtin.command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc - name: Ensure that .config directory exists ansible.builtin.file: path=/home/copr-dist-git/.config state=directory diff --git a/roles/copr/frontend/tasks/main.yml b/roles/copr/frontend/tasks/main.yml index db366195a5..5d48d49765 100644 --- a/roles/copr/frontend/tasks/main.yml +++ b/roles/copr/frontend/tasks/main.yml @@ -2,12 +2,12 @@ - import_tasks: "mount_fs.yml" - name: Register security context for pgsql directory - command: "ls -dZ /var/lib/pgsql" + ansible.builtin.command: "ls -dZ /var/lib/pgsql" register: pgsql_ls changed_when: false # `ls' command is not changing anything - name: Update selinux context for postgress db dir if it's wrong - command: "restorecon -vvRF /var/lib/pgsql" + ansible.builtin.command: "restorecon -vvRF /var/lib/pgsql" when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in pgsql_ls.stdout - name: Install weekly custom copr-frontend-crontab @@ -103,7 +103,7 @@ - import_tasks: "psql_setup.yml" - name: Upgrade db to head - command: alembic-3 upgrade head + ansible.builtin.command: alembic-3 upgrade head become: yes become_user: copr-fe args: @@ -112,7 +112,7 @@ changed_when: alembic_result.stdout is search("Running upgrade") - name: Apply the config comments - command: copr-frontend chroots-template + ansible.builtin.command: copr-frontend chroots-template become: yes become_user: copr-fe args: @@ -160,7 +160,7 @@ - name: Register whether indexes rebuild is required - command: copr-frontend update_indexes_required + ansible.builtin.command: copr-frontend update_indexes_required become: yes become_user: copr-fe register: update_indexes_required_result @@ -168,7 +168,7 @@ failed_when: false - name: Rebuild indexes - command: ./manage.py update_indexes + ansible.builtin.command: ./manage.py update_indexes become: yes become_user: copr-fe args: diff --git a/roles/copr/keygen/tasks/main.yml b/roles/copr/keygen/tasks/main.yml index fac03883cb..5a9979eb0c 100644 --- a/roles/copr/keygen/tasks/main.yml +++ b/roles/copr/keygen/tasks/main.yml @@ -52,7 +52,7 @@ register: selinux_module - name: Install our custom selinux module - command: semodule -i /usr/local/share/copr/copr_rules.pp + ansible.builtin.command: semodule -i /usr/local/share/copr/copr_rules.pp when: selinux_module is changed - selinux: policy=targeted state=enforcing diff --git a/roles/distgit/pagure/tasks/main.yml b/roles/distgit/pagure/tasks/main.yml index 752a9efe72..9e6b6e8cfd 100644 --- a/roles/distgit/pagure/tasks/main.yml +++ b/roles/distgit/pagure/tasks/main.yml @@ -80,7 +80,7 @@ - pagure - name: Create the "git" user - command: useradd --create-home --home-dir=/srv/git/ git + ansible.builtin.command: useradd --create-home --home-dir=/srv/git/ git creates=/srv/git/ when: env == 'staging' tags: @@ -154,7 +154,7 @@ - restart apache - name: Create the database scheme - command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py + ansible.builtin.command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py changed_when: "1 != 1" environment: PAGURE_CONFIG: /etc/pagure/pagure.cfg @@ -227,13 +227,13 @@ - name: Manually fix current default ACLs since Ansible doesnt know recursive acls when: acl_updates.changed - command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git + ansible.builtin.command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git tags: - pagure - name: Manually fix current ACLs since Ansible doesnt know recursive acls when: acl_updates.changed - command: /usr/bin/setfacl -Rm user:apache:rx /srv/git + ansible.builtin.command: /usr/bin/setfacl -Rm user:apache:rx /srv/git tags: - pagure diff --git a/roles/distgit/tasks/main.yml b/roles/distgit/tasks/main.yml index d6823393b4..0f0edc9dce 100644 --- a/roles/distgit/tasks/main.yml +++ b/roles/distgit/tasks/main.yml @@ -268,7 +268,7 @@ - selinux - name: Check the selinux context of the Lookaside Cache root directory - command: matchpathcon /srv/cache + ansible.builtin.command: matchpathcon /srv/cache register: lcachecontext check_mode: no changed_when: false @@ -279,7 +279,7 @@ - distgit - name: Set the SELinux policy for the Lookaside Cache root directory - command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?" + ansible.builtin.command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?" when: lcachecontext.stdout.find('nfs_t') == -1 and env != "staging" tags: - config @@ -319,7 +319,7 @@ tags: selinux - name: Install our custom selinux policy - command: semodule -i /usr/local/share/selinux/upload_cgi.pp + ansible.builtin.command: semodule -i /usr/local/share/selinux/upload_cgi.pp when: selinux_module is changed tags: selinux @@ -329,7 +329,7 @@ tags: selinux - name: Install our custom nfs selinux policy - command: semodule -i /usr/local/share/selinux/cgi-nfs.pp + ansible.builtin.command: semodule -i /usr/local/share/selinux/cgi-nfs.pp when: nfs_selinux_module is changed tags: selinux @@ -365,7 +365,7 @@ - pkgs - name: Run initial grokmirror run - command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz + ansible.builtin.command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz when: env != "staging" tags: - grokmirror diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml index 75157ce3e2..7ddadb9c11 100644 --- a/roles/dns/tasks/main.yml +++ b/roles/dns/tasks/main.yml @@ -50,7 +50,7 @@ - dns # - name: Create GeoIP acl -# command: /var/named/GeoIP.sh +# ansible.builtin.command: /var/named/GeoIP.sh # changed_when: "1 != 1" # notify: # - restart named @@ -82,7 +82,7 @@ - dns - name: Update dns - command: /usr/local/bin/update-dns + ansible.builtin.command: /usr/local/bin/update-dns changed_when: "1 != 1" notify: - restart named @@ -96,14 +96,14 @@ - dns - name: Check configuration - command: named-checkconf -zj + ansible.builtin.command: named-checkconf -zj changed_when: false tags: - config - dns - name: Check semanage ports - command: semanage port -l + ansible.builtin.command: semanage port -l register: semanageoutput check_mode: no changed_when: "1 != 1" @@ -111,7 +111,7 @@ - dns - name: Set ports so bind statistics-channel can bind to 8053 - command: semanage port -a -t dns_port_t -p tcp 8053 + ansible.builtin.command: semanage port -a -t dns_port_t -p tcp 8053 when: semanageoutput.stdout.find("8053") == -1 notify: - restart named diff --git a/roles/download/tasks/main.yml b/roles/download/tasks/main.yml index be1fee93b1..9a57792d7c 100644 --- a/roles/download/tasks/main.yml +++ b/roles/download/tasks/main.yml @@ -18,7 +18,7 @@ seboolean: name=httpd_use_nfs state=yes persistent=yes - name: Check the selinux context rsyncd log - command: matchpathcon /var/log/rsyncd-fedora.log + ansible.builtin.command: matchpathcon /var/log/rsyncd-fedora.log register: rsyncdlog check_mode: no changed_when: "1 != 1" @@ -27,7 +27,7 @@ - selinux - name: /var/log/rsyncd-fedora.log file context - command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log + ansible.builtin.command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log when: rsyncdlog.stdout.find('rsync_log_t') == -1 tags: - config @@ -40,7 +40,7 @@ ansible.builtin.copy: src=logrotate-rsync-fedora dest=/etc/logrotate.d/rsync-fedora - name: Check the selinux context pubdir - command: matchpathcon /srv/pub + ansible.builtin.command: matchpathcon /srv/pub register: pubdir check_mode: no changed_when: "1 != 1" @@ -49,7 +49,7 @@ - selinux - name: /srv/pub file contexts - command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?" when: pubdir.stdout.find('httpd_sys_content_t') == -1 tags: - config diff --git a/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml b/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml index f93a43a7a6..27718c5738 100644 --- a/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml +++ b/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml @@ -8,4 +8,4 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml" diff --git a/roles/fas2discourse/tasks/create-keytab-secret.yml b/roles/fas2discourse/tasks/create-keytab-secret.yml index 9d9cea620a..66ac9deabe 100644 --- a/roles/fas2discourse/tasks/create-keytab-secret.yml +++ b/roles/fas2discourse/tasks/create-keytab-secret.yml @@ -21,4 +21,4 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml" diff --git a/roles/fas2discourse/tasks/create-operator-namespace.yml b/roles/fas2discourse/tasks/create-operator-namespace.yml index 35dd352f04..e928ed244b 100644 --- a/roles/fas2discourse/tasks/create-operator-namespace.yml +++ b/roles/fas2discourse/tasks/create-operator-namespace.yml @@ -8,4 +8,4 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml" diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml index c664f2d967..5bbcadb979 100644 --- a/roles/fedmsg/base/tasks/main.yml +++ b/roles/fedmsg/base/tasks/main.yml @@ -265,7 +265,7 @@ - fedmsg/base - name: Install our custom selinux module - command: semodule -i /usr/local/share/fedmsg/fedmsg.pp + ansible.builtin.command: semodule -i /usr/local/share/fedmsg/fedmsg.pp when: selinux_module is changed tags: - fedmsg/base @@ -273,7 +273,7 @@ # Also, label the ports that we commonly use for fedmsg under mod_wsgi # to be http_port_t so selinux lets apache bind there. - name: Check semanage ports - command: semanage port -l + ansible.builtin.command: semanage port -l register: semanageoutput check_mode: no changed_when: "1 != 1" @@ -281,7 +281,7 @@ - fedmsg/base - name: Set ports so httpd can bind to fedmsg endpoints - command: semanage port -a -t http_port_t -p tcp 3000-3100 + ansible.builtin.command: semanage port -a -t http_port_t -p tcp 3000-3100 when: semanageoutput.stdout.find("3000-3100") == -1 tags: - fedmsg/base diff --git a/roles/fedora_nightlies/handlers/main.yml b/roles/fedora_nightlies/handlers/main.yml index 243c67c3bf..a2fb150a9f 100644 --- a/roles/fedora_nightlies/handlers/main.yml +++ b/roles/fedora_nightlies/handlers/main.yml @@ -1,6 +1,6 @@ # Restart handler for our fedora-messaging consumers --- - name: Conditionally restart fedora_nightlies consumer service - command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_nightlies + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_nightlies listen: - restart fedora_nightlies diff --git a/roles/fedora_nightlies/tasks/main.yml b/roles/fedora_nightlies/tasks/main.yml index 8dfc2a8b96..6efe44f674 100644 --- a/roles/fedora_nightlies/tasks/main.yml +++ b/roles/fedora_nightlies/tasks/main.yml @@ -91,14 +91,14 @@ register: gitfn - name: Check if fedora_nightlies is installed for current Python - command: "pip show fedora_nightlies" + ansible.builtin.command: "pip show fedora_nightlies" register: instfn changed_when: "1 != 1" failed_when: "1 != 1" check_mode: no - name: Install fedora_nightlies - command: "python3 -m pip install --no-deps /root/fedora_nightlies" + ansible.builtin.command: "python3 -m pip install --no-deps /root/fedora_nightlies" when: "gitfn is changed or instfn.rc != 0" notify: - restart fedora_nightlies diff --git a/roles/freemedia/tasks/main.yml b/roles/freemedia/tasks/main.yml index 654ede0519..00fdfe8d3e 100644 --- a/roles/freemedia/tasks/main.yml +++ b/roles/freemedia/tasks/main.yml @@ -69,7 +69,7 @@ - config - name: Check the selinux context freemedia - command: matchpathcon /srv/web/freemedia + ansible.builtin.command: matchpathcon /srv/web/freemedia register: freemediacontext check_mode: no changed_when: "1 != 1" @@ -79,7 +79,7 @@ - selinux - name: /srv/web/freemedia file contexts - command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/freemedia(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/freemedia(/.*)?" when: freemediacontext.stdout.find('httpd_sys_content_t') == -1 tags: - config diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index c0043bfe5c..5f29eba635 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -101,7 +101,7 @@ - selinux - name: Install our general haproxy selinux module - command: semodule -i /usr/share/haproxy/fi-haproxy.pp + ansible.builtin.command: semodule -i /usr/share/haproxy/fi-haproxy.pp when: fi_haproxy_module is changed or fi_haproxy_grep is changed tags: - haproxy @@ -109,7 +109,7 @@ - name: Check haproxy cfg to make sure it is valid - command: haproxy -c -f /etc/haproxy/haproxy.cfg + ansible.builtin.command: haproxy -c -f /etc/haproxy/haproxy.cfg check_mode: no register: haproxyconfigcheck changed_when: haproxyconfigcheck.rc != 0 diff --git a/roles/ipa/client/handlers/main.yml b/roles/ipa/client/handlers/main.yml index 86b6dbb84d..c516366ce3 100644 --- a/roles/ipa/client/handlers/main.yml +++ b/roles/ipa/client/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Clean sss caches - command: sss_cache -E + ansible.builtin.command: sss_cache -E - name: Restart sssd shell: systemctl restart sssd diff --git a/roles/ipa/client/tasks/common.yml b/roles/ipa/client/tasks/common.yml index f890136fa3..8cc708215d 100644 --- a/roles/ipa/client/tasks/common.yml +++ b/roles/ipa/client/tasks/common.yml @@ -8,7 +8,7 @@ - name: Check that sysadmin-main and referenced groups exist on IPA server(s) delegate_to: "{{ item[0] }}" - command: "getent group {{ item[1] }}" + ansible.builtin.command: "getent group {{ item[1] }}" changed_when: false loop: >- {{ diff --git a/roles/ipa/client/tasks/main.yml b/roles/ipa/client/tasks/main.yml index 16df38bf19..21709576f7 100644 --- a/roles/ipa/client/tasks/main.yml +++ b/roles/ipa/client/tasks/main.yml @@ -15,7 +15,7 @@ - vpn-client-enablement - name: Enroll system as IPA client - command: + ansible.builtin.command: cmd: ipa-client-install {% if (vpn | default(false)) %}{% for node in ipa_server_nodes | default([]) %} --server={{ node }} diff --git a/roles/ipa/server/handlers/main.yml b/roles/ipa/server/handlers/main.yml index 43d6aa764f..cdcb5eb097 100644 --- a/roles/ipa/server/handlers/main.yml +++ b/roles/ipa/server/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart ipa - command: ipactl restart + ansible.builtin.command: ipactl restart diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml index 908e681138..a38ff22059 100644 --- a/roles/ipa/server/tasks/main.yml +++ b/roles/ipa/server/tasks/main.yml @@ -260,7 +260,7 @@ # can't choose to let other users see their info or not. # # - name: Disable default permissions so we don't break our privacy policy -# command: +# ansible.builtin.command: # argv: # - ipa # - permission-mod @@ -275,7 +275,7 @@ # # # Because of the previous task, we must explicitely allow users to read their own data # - name: Allow users to read their own data -# command: +# ansible.builtin.command: # argv: # - ipa # - selfservice-add diff --git a/roles/ipa/servicedelegationrule/tasks/main.yml b/roles/ipa/servicedelegationrule/tasks/main.yml index d9e5aff25c..32ce437769 100644 --- a/roles/ipa/servicedelegationrule/tasks/main.yml +++ b/roles/ipa/servicedelegationrule/tasks/main.yml @@ -11,7 +11,7 @@ - name: Create servicedelegationrule entry delegate_to: "{{ ipa_server }}" - command: ipa servicedelegationrule-add {{rulename}}-delegation + ansible.builtin.command: ipa servicedelegationrule-add {{rulename}}-delegation register: add_result check_mode: no changed_when: "'Added service delegation rule' in add_result.stdout" @@ -22,7 +22,7 @@ - name: Add servicedelegationrule members delegate_to: "{{ ipa_server }}" - command: ipa servicedelegationrule-add-member {{rulename}}-delegation --principals={{item.service}}/{{item.host}}@{{ipa_realm}} + ansible.builtin.command: ipa servicedelegationrule-add-member {{rulename}}-delegation --principals={{item.service}}/{{item.host}}@{{ipa_realm}} loop: "{{ members }}" register: add_member_result check_mode: no @@ -34,7 +34,7 @@ - name: Add servicedelegationrule targets delegate_to: "{{ ipa_server }}" - command: ipa servicedelegationrule-add-target {{rulename}}-delegation --servicedelegationtargets={{item}}-delegation-targets + ansible.builtin.command: ipa servicedelegationrule-add-target {{rulename}}-delegation --servicedelegationtargets={{item}}-delegation-targets loop: "{{ targets }}" register: add_target_result check_mode: no @@ -46,7 +46,7 @@ - name: Destroy admin ticket delegate_to: "{{ ipa_server }}" - command: kdestroy -A + ansible.builtin.command: kdestroy -A tags: - config - krb5 diff --git a/roles/ipa/servicedelegationtarget/tasks/main.yml b/roles/ipa/servicedelegationtarget/tasks/main.yml index c603158c70..15a516ce46 100644 --- a/roles/ipa/servicedelegationtarget/tasks/main.yml +++ b/roles/ipa/servicedelegationtarget/tasks/main.yml @@ -11,7 +11,7 @@ - name: Create servicedelegationtarget entry delegate_to: "{{ ipa_server }}" - command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets + ansible.builtin.command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets register: add_result check_mode: no changed_when: "'Added service delegation target' in add_result.stdout" @@ -22,7 +22,7 @@ - name: Add servicedelegationtarget members delegate_to: "{{ ipa_server }}" - command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}} + ansible.builtin.command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}} loop: "{{ members }}" register: add_member_result check_mode: no @@ -34,7 +34,7 @@ - name: Destroy admin ticket delegate_to: "{{ ipa_server }}" - command: kdestroy -A + ansible.builtin.command: kdestroy -A tags: - config - krb5 diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index abfec3510a..b83f488bc1 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -41,7 +41,7 @@ - ipsilon - name: Install Fedora-specific code if it changed - command: + ansible.builtin.command: cmd: ./install.sh chdir: /opt/ipsilon-fedora when: git_update is changed @@ -51,7 +51,7 @@ - ipsilon - name: Install Fedora-specific code on initial run - command: + ansible.builtin.command: cmd: ./install.sh chdir: /opt/ipsilon-fedora creates: "{{ ansible_facts['python3']['sitelib'] }}/ipsilon/providers/openidc/plugins/account-scopes.py" @@ -70,7 +70,7 @@ - ipsilon - name: Install ipsilon - command: + ansible.builtin.command: cmd: ipsilon-server-install --root-instance --admin-user=admin @@ -85,7 +85,7 @@ - ipsilon - name: Destroy admin ticket - command: kdestroy -A + ansible.builtin.command: kdestroy -A tags: - ipsilon @@ -209,7 +209,7 @@ - name: Generate the saml2 metadata become_user: ipsilon become: yes - command: + ansible.builtin.command: cmd: /usr/local/bin/prepare-saml2-metadata creates: /etc/ipsilon/root/saml2/metadata.xml tags: diff --git a/roles/iscsi_client/tasks/main.yml b/roles/iscsi_client/tasks/main.yml index 7fd37a6524..883302259b 100644 --- a/roles/iscsi_client/tasks/main.yml +++ b/roles/iscsi_client/tasks/main.yml @@ -54,24 +54,24 @@ - config - name: Set up iscsi interface for EL8 - command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new + ansible.builtin.command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2' tags: - config - name: Run iscsiadm command for initial connect to PHX2 vtap-fedora-iscsi01 - command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login + ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login tags: - config - name: Run iscsiadm command for initial connect to IAD2 vtap-fedora-iscsi01 - command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login + ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2' tags: - config # - name: Run iscsiadm command for initial connect to vtap-fedora-nfs01 -# command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login +# ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login # tags: # - config # when: inventory_hostname_short == "buildvmhost-10" diff --git a/roles/kerneltest/tasks/main.yml b/roles/kerneltest/tasks/main.yml index 34afcb1b15..d5ed1dec83 100644 --- a/roles/kerneltest/tasks/main.yml +++ b/roles/kerneltest/tasks/main.yml @@ -37,7 +37,7 @@ - name: Create the database scheme when: inventory_hostname.startswith('kerneltest01') - command: /usr/bin/python2 /usr/share/kerneltest/kerneltest_createdb.py + ansible.builtin.command: /usr/bin/python2 /usr/share/kerneltest/kerneltest_createdb.py environment: KERNELTEST_CONFIG: /etc/kerneltest/kerneltest.cfg tags: diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml index fe6263bf9e..98923338e7 100644 --- a/roles/keytab/service/tasks/main.yml +++ b/roles/keytab/service/tasks/main.yml @@ -40,7 +40,7 @@ - name: Grant host and admin access to keytab delegate_to: "{{ ipa_server }}" - command: ipa host-allow-retrieve-keytab {{host}} --hosts={{inventory_hostname}} --users=admin + ansible.builtin.command: ipa host-allow-retrieve-keytab {{host}} --hosts={{inventory_hostname}} --users=admin register: perm_add_result check_mode: no changed_when: "'members added 1' in perm_add_result.stdout or 'members added 2' in perm_add_result.stdout" @@ -53,7 +53,7 @@ - name: Grant host and admin access to keytab delegate_to: "{{ ipa_server }}" - command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}} --users=admin + ansible.builtin.command: ipa service-allow-retrieve-keytab {{service}}/{{host}} --hosts={{inventory_hostname}} --users=admin register: perm_add_result check_mode: no changed_when: "'members added 1' in perm_add_result.stdout or 'members added 2' in perm_add_result.stdout" @@ -66,7 +66,7 @@ - name: Retrieve keytab delegate_to: "{{ ipa_server }}" - command: ipa-getkeytab --retrieve --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}} + ansible.builtin.command: ipa-getkeytab --retrieve --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}} register: retrieve_result check_mode: no changed_when: "1 != 1" @@ -79,7 +79,7 @@ - name: Create keytab if it did not exist delegate_to: "{{ ipa_server }}" - command: ipa-getkeytab --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}} + ansible.builtin.command: ipa-getkeytab --server {{ipa_server}} --keytab /tmp/{{service}}_{{host}}.kt --principal {{service}}/{{host}} tags: - keytab - config @@ -88,7 +88,7 @@ - name: Destroy admin ticket delegate_to: "{{ ipa_server }}" - command: kdestroy -A + ansible.builtin.command: kdestroy -A tags: - keytab - config @@ -97,7 +97,7 @@ - name: Get keytab delegate_to: "{{ ipa_server }}" - command: base64 /tmp/{{service}}_{{host}}.kt + ansible.builtin.command: base64 /tmp/{{service}}_{{host}}.kt register: keytab check_mode: no tags: diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index 175d2e48cf..e8109c20b0 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -333,7 +333,7 @@ when: ansible_hostname.startswith('koji') - name: Check selinux default context for /mnt/fedora_koji in staging - command: matchpathcon /mnt/fedora_koji + ansible.builtin.command: matchpathcon /mnt/fedora_koji register: mnt_fedora_koji_context when: env == "staging" check_mode: no @@ -343,7 +343,7 @@ - selinux - name: /mnt/fedora_koji selinux file context - command: semanage fcontext -a -t httpd_sys_rw_content_t "/mnt/fedora_koji(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_rw_content_t "/mnt/fedora_koji(/.*)?" when: env == "staging" and mnt_fedora_koji_context.stdout.find('httpd_sys_rw_content_t') == -1 tags: diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index ed4fe5cfb9..a3c629d916 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -12,7 +12,7 @@ - name: Generate (or renew) the certificate delegate_to: "certgetter01.iad2.fedoraproject.org" - command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}} + ansible.builtin.command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}} run_once: true register: certbot_output check_mode: no @@ -34,7 +34,7 @@ # And once we do that, we need to copy some things. - name: Obtain the certificate delegate_to: "certgetter01.iad2.fedoraproject.org" - command: "cat {{certbot_dir.stdout}}/cert.pem" + ansible.builtin.command: "cat {{certbot_dir.stdout}}/cert.pem" register: certbot_certificate changed_when: 'false' check_mode: no @@ -43,7 +43,7 @@ - name: Obtain the intermediate certificate delegate_to: "certgetter01.iad2.fedoraproject.org" - command: cat {{certbot_dir.stdout}}/chain.pem + ansible.builtin.command: cat {{certbot_dir.stdout}}/chain.pem register: certbot_chain changed_when: 'false' check_mode: no @@ -52,7 +52,7 @@ - name: Obtain the key delegate_to: "certgetter01.iad2.fedoraproject.org" - command: cat {{certbot_dir.stdout}}/privkey.pem + ansible.builtin.command: cat {{certbot_dir.stdout}}/privkey.pem register: certbot_key changed_when: 'false' check_mode: no diff --git a/roles/login-registry/tasks/main.yml b/roles/login-registry/tasks/main.yml index a2a3767484..ad5fdee38a 100644 --- a/roles/login-registry/tasks/main.yml +++ b/roles/login-registry/tasks/main.yml @@ -9,6 +9,6 @@ state: present - name: Login into a registry - command: podman login {{candidate_registry}} -u {{candidate_registry_osbs_username}} -p {{candidate_registry_osbs_password}} --authfile .docker/config.json + ansible.builtin.command: podman login {{candidate_registry}} -u {{candidate_registry_osbs_username}} -p {{candidate_registry_osbs_password}} --authfile .docker/config.json args: creates: .docker/config.json diff --git a/roles/mediawiki/tasks/main.yml b/roles/mediawiki/tasks/main.yml index 4cd9bd0b67..2a5ef52be7 100644 --- a/roles/mediawiki/tasks/main.yml +++ b/roles/mediawiki/tasks/main.yml @@ -258,7 +258,7 @@ - name: Install the php dependencies become: yes become_user: apache - command: + ansible.builtin.command: cmd: composer install chdir: /srv/web/fp-wiki/extensions/FedoraMessaging when: result_git is changed @@ -279,7 +279,7 @@ - mediawiki - name: Install our custom selinux policy - command: semodule -i /usr/local/share/selinux/mediawiki.pp + ansible.builtin.command: semodule -i /usr/local/share/selinux/mediawiki.pp when: selinux_module is changed tags: - selinux diff --git a/roles/mirror_pagure_ansible/tasks/main.yml b/roles/mirror_pagure_ansible/tasks/main.yml index 07b19019b5..dfee6474c0 100644 --- a/roles/mirror_pagure_ansible/tasks/main.yml +++ b/roles/mirror_pagure_ansible/tasks/main.yml @@ -23,7 +23,7 @@ # Ensure the user can write to where we want to store the mirror - name: Give access to mirror_pagure_ansible to /srv - command: setfacl -m d:u:mirror_pagure_ansible:rwx /srv -m u:mirror_pagure_ansible:rwx /srv/ + ansible.builtin.command: setfacl -m d:u:mirror_pagure_ansible:rwx /srv -m u:mirror_pagure_ansible:rwx /srv/ tags: - config - mirror_pagure_ansible diff --git a/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml b/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml index 5487271589..8dfdda5a5f 100644 --- a/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml +++ b/roles/mirrormanager/mirrorlist_proxy/tasks/main.yml @@ -152,7 +152,7 @@ - mirrorlist_proxy - name: Install our custom selinux module - command: semodule -i /usr/local/share/mirrorlist-logrotate/mirrorlist-logrotate.pp + ansible.builtin.command: semodule -i /usr/local/share/mirrorlist-logrotate/mirrorlist-logrotate.pp when: selinux_module is changed tags: - selinux @@ -165,7 +165,7 @@ - mirrorlist_proxy - name: Deploy mirrorlist data files (if this is a initial install) - command: "rsync -az --delete-delay --delay-updates --delete /var/lib/mirrormanager/mirrorlist_cache.proto /usr/share/mirrormanager2/country_continent.csv /var/lib/mirrormanager/global_netblocks.txt /var/lib/mirrormanager/i2_netblocks.txt {{ inventory_hostname }}:/srv/mirrorlist/data/mirrorlist1/" + ansible.builtin.command: "rsync -az --delete-delay --delay-updates --delete /var/lib/mirrormanager/mirrorlist_cache.proto /usr/share/mirrormanager2/country_continent.csv /var/lib/mirrormanager/global_netblocks.txt /var/lib/mirrormanager/i2_netblocks.txt {{ inventory_hostname }}:/srv/mirrorlist/data/mirrorlist1/" become: yes become_user: mirrormanager delegate_to: "mm-backend01.iad2.fedoraproject.org" diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index c874c9aacc..968b84c5b9 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -97,7 +97,7 @@ - selinux - name: Install our custom selinux module - command: semodule -i /usr/share/nrpe/fi-nrpe.pp + ansible.builtin.command: semodule -i /usr/share/nrpe/fi-nrpe.pp when: ansible_distribution_major_version|int == 7 and ansible_distribution == 'RedHat' and selinux_module is changed tags: - config @@ -114,7 +114,7 @@ - selinux - name: Install our custom selinux module for mirrorlist - command: semodule -i /usr/share/nrpe/mirrormanager_container.pp + ansible.builtin.command: semodule -i /usr/share/nrpe/mirrormanager_container.pp when: "'proxy' in inventory_hostname and selinux_module is changed" tags: - config diff --git a/roles/nagios_server/tasks/main.yml b/roles/nagios_server/tasks/main.yml index c2f3d3507a..78df49d671 100644 --- a/roles/nagios_server/tasks/main.yml +++ b/roles/nagios_server/tasks/main.yml @@ -533,7 +533,7 @@ - nagios_server - name: Install our custom selinux module - command: semodule -i /usr/local/share/nagios-policy/nagios_hostname.pp + ansible.builtin.command: semodule -i /usr/local/share/nagios-policy/nagios_hostname.pp when: selinux_module is changed tags: - nagios_server @@ -545,7 +545,7 @@ - nagios_server - name: Install our custom selinux module - command: semodule -i /usr/local/share/nagios-policy/nagios_nrpe.pp + ansible.builtin.command: semodule -i /usr/local/share/nagios-policy/nagios_nrpe.pp when: selinux_module2 is changed tags: - nagios_server diff --git a/roles/nfs/client/tasks/main.yml b/roles/nfs/client/tasks/main.yml index 9b5ea80628..322a83e5d8 100644 --- a/roles/nfs/client/tasks/main.yml +++ b/roles/nfs/client/tasks/main.yml @@ -9,7 +9,7 @@ - meta: flush_handlers # on builders re-up eth0 to make sure systemd-resolved has updated info - name: Nmcli c up eth0 on buildvms - command: nmcli c up eth0 + ansible.builtin.command: nmcli c up eth0 check_mode: no changed_when: false when: inventory_hostname.startswith('buildvm') diff --git a/roles/nfs/server/tasks/main.yml b/roles/nfs/server/tasks/main.yml index fbedafca3c..77b89489eb 100644 --- a/roles/nfs/server/tasks/main.yml +++ b/roles/nfs/server/tasks/main.yml @@ -42,7 +42,7 @@ - nfs/server - name: Kick exportfs if /etc/exports changed - command: /usr/sbin/exportfs -ra + ansible.builtin.command: /usr/sbin/exportfs -ra when: exports.changed tags: - nfs/server diff --git a/roles/openqa/dispatcher/handlers/main.yml b/roles/openqa/dispatcher/handlers/main.yml index 8771a279c1..fa3329f7c2 100644 --- a/roles/openqa/dispatcher/handlers/main.yml +++ b/roles/openqa/dispatcher/handlers/main.yml @@ -1,19 +1,19 @@ # Restart handler for our fedora-messaging consumers --- - name: Conditionally restart openQA scheduler consumer - command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_openqa_scheduler + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_openqa_scheduler listen: - restart openqa consumers - restart openqa scheduler consumer - name: Conditionally restart openQA ResultsDB reporter consumer - command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_openqa_resultsdb_reporter + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_openqa_resultsdb_reporter listen: - restart openqa consumers - restart openqa resultsdb consumer - name: Conditionally restart openQA wiki reporter consumer - command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_openqa_wiki_reporter + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_openqa_wiki_reporter listen: - restart openqa consumers - restart openqa wiki consumer diff --git a/roles/openqa/dispatcher/tasks/main.yml b/roles/openqa/dispatcher/tasks/main.yml index edbe2646b2..1ec8041af3 100644 --- a/roles/openqa/dispatcher/tasks/main.yml +++ b/roles/openqa/dispatcher/tasks/main.yml @@ -197,7 +197,7 @@ # branch, as that usually means we're messing around on staging and # don't want the checkout reset to HEAD. - name: Check if tests are checked out and on a non-standard branch - command: "git status" # noqa 303 + ansible.builtin.command: "git status" # noqa 303 args: chdir: /root/fedora_openqa register: toolsbranch @@ -214,14 +214,14 @@ when: "(toolsbranch.stderr.find('ot a git repository') != -1) or (toolsbranch.stdout.find('On branch main') != -1)" - name: Check if fedora_openqa is installed for current Python - command: "pip show fedora_openqa" + ansible.builtin.command: "pip show fedora_openqa" register: insttools changed_when: "1 != 1" failed_when: "1 != 1" check_mode: no - name: Install fedora_openqa - command: "python3 -m pip install --no-deps /root/fedora_openqa" + ansible.builtin.command: "python3 -m pip install --no-deps /root/fedora_openqa" when: "gittools is changed or insttools.rc != 0" notify: - restart openqa consumers diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index cac0209799..09ad9d5342 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -157,7 +157,7 @@ # branch, as that usually means we're messing around on staging and # don't want the checkout reset to HEAD. - name: Check if tests are checked out and on a non-standard branch - command: "git status" # noqa 303 + ansible.builtin.command: "git status" # noqa 303 args: chdir: /var/lib/openqa/share/tests/fedora register: testsbranch @@ -197,7 +197,7 @@ ansible.builtin.copy: src=user-data dest=/var/tmp/user-data owner=root group=root mode=0644 - name: Create cloud-init ISO - command: genisoimage -output cloudinit.iso -volid cidata -joliet -rock /var/tmp/user-data /var/tmp/meta-data + ansible.builtin.command: genisoimage -output cloudinit.iso -volid cidata -joliet -rock /var/tmp/user-data /var/tmp/meta-data args: chdir: /var/lib/openqa/share/factory/iso/fixed creates: /var/lib/openqa/share/factory/iso/fixed/cloudinit.iso @@ -214,7 +214,7 @@ when: openqa_nfs_workers is defined - name: Refresh exports - command: exportfs -r + ansible.builtin.command: exportfs -r when: exportsfile is changed - name: Set up Apache config @@ -276,7 +276,7 @@ register: selinux_module - name: Load our custom SELinux module - command: semodule -i /usr/local/share/selinux/httpd-openqa.pp + ansible.builtin.command: semodule -i /usr/local/share/selinux/httpd-openqa.pp when: selinux_module is changed # Unfortunately still need this until port 9528 is tagged: @@ -302,7 +302,7 @@ - config - name: Create admin user - command: > + ansible.builtin.command: > /var/lib/openqa/script/create_admin --email {{ openqa_email }} --nickname {{ openqa_nickname }} --fullname '{{ openqa_fullname }}' --key {{ openqa_key }} --secret {{ openqa_secret }} {{ openqa_userid }} @@ -325,17 +325,17 @@ # the dump (above) and check (later) steps; when the templates actually # changed, the *check* step will register as changed. - name: Load main tests (upstream format) - command: "/var/lib/openqa/share/tests/fedora/templates --clean" + ansible.builtin.command: "/var/lib/openqa/share/tests/fedora/templates --clean" when: "(gittests is defined) and (gittests is changed) and (not templatesfif.stat.exists)" changed_when: "1 != 1" - name: Load update tests (upstream format) - command: "/var/lib/openqa/share/tests/fedora/templates-updates --update" + ansible.builtin.command: "/var/lib/openqa/share/tests/fedora/templates-updates --update" when: "(gittests is defined) and (gittests is changed) and (not templatesfif.stat.exists)" changed_when: "1 != 1" - name: Load all tests (FIF format) - command: "/var/lib/openqa/share/tests/fedora/fifloader.py -l --clean templates.fif.json templates-updates.fif.json" + ansible.builtin.command: "/var/lib/openqa/share/tests/fedora/fifloader.py -l --clean templates.fif.json templates-updates.fif.json" args: chdir: /var/lib/openqa/share/tests/fedora when: "(gittests is defined) and (gittests is changed) and (templatesfif.stat.exists)" @@ -352,7 +352,7 @@ delegate_to: "{{ openqa_dbhost_delegate|default(openqa_dbhost) }}" become_user: postgres become: true - command: > + ansible.builtin.command: > psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize }} WHERE name = 'fedora' AND (size_limit_gb != {{ openqa_assetsize }} OR size_limit_gb IS NULL);" when: "openqa_dbhost is defined and openqa_assetsize is defined" @@ -363,7 +363,7 @@ delegate_to: "{{ openqa_dbhost_delegate|default(openqa_dbhost) }}" become_user: postgres become: true - command: > + ansible.builtin.command: > psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_ppc }} WHERE name = 'Fedora PowerPC' AND (size_limit_gb != {{ openqa_assetsize_ppc }} OR size_limit_gb IS NULL);" @@ -375,7 +375,7 @@ delegate_to: "{{ openqa_dbhost_delegate|default(openqa_dbhost) }}" become_user: postgres become: true - command: > + ansible.builtin.command: > psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_aarch64 }} WHERE name = 'Fedora AArch64' AND (size_limit_gb != {{ openqa_assetsize_aarch64 }} OR size_limit_gb IS NULL);" @@ -387,7 +387,7 @@ delegate_to: "{{ openqa_dbhost_delegate|default(openqa_dbhost) }}" become_user: postgres become: true - command: > + ansible.builtin.command: > psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_updates }} WHERE name = 'Fedora Updates' AND (size_limit_gb != {{ openqa_assetsize_updates }} OR size_limit_gb IS NULL);" @@ -399,7 +399,7 @@ delegate_to: "{{ openqa_dbhost_delegate|default(openqa_dbhost) }}" become_user: postgres become: true - command: > + ansible.builtin.command: > psql -d {{ openqa_dbname }} -c "UPDATE job_groups SET size_limit_gb = {{ openqa_assetsize_updates_ppc }} WHERE name = 'Fedora PowerPC Updates' AND (size_limit_gb != {{ openqa_assetsize_updates_ppc }} OR size_limit_gb IS NULL);" diff --git a/roles/openqa/worker/handlers/main.yml b/roles/openqa/worker/handlers/main.yml index 2c427e89c3..76e2042e6b 100644 --- a/roles/openqa/worker/handlers/main.yml +++ b/roles/openqa/worker/handlers/main.yml @@ -1,7 +1,7 @@ # Restart handler for worker services --- - name: Conditionally restart openQA workers - command: /usr/local/bin/conditional-restart.sh openqa-worker@{{ item }} + ansible.builtin.command: /usr/local/bin/conditional-restart.sh openqa-worker@{{ item }} loop: "{{ range(1, openqa_workers + 1)|list }}" listen: - restart openqa workers diff --git a/roles/openqa/worker/tasks/createhdds.yml b/roles/openqa/worker/tasks/createhdds.yml index b0da183c6d..a5a3410fd6 100644 --- a/roles/openqa/worker/tasks/createhdds.yml +++ b/roles/openqa/worker/tasks/createhdds.yml @@ -22,7 +22,7 @@ seboolean: name=virt_use_nfs state=yes persistent=yes - name: Check if SMT setting needs changing - command: "ppc64_cpu --smt" + ansible.builtin.command: "ppc64_cpu --smt" register: smtcheck failed_when: "1 != 1" changed_when: "1 != 1" @@ -30,7 +30,7 @@ when: ansible_architecture == 'ppc64' or ansible_architecture == 'ppc64le' - name: Change SMT setting if necessary - command: "ppc64_cpu --smt=off" + ansible.builtin.command: "ppc64_cpu --smt=off" when: "smtcheck.stdout is defined and smtcheck.stdout.find('is off') == -1" - name: Check createhdds directory exists with correct ownership @@ -40,7 +40,7 @@ # branch, as that usually means we're messing around on staging and # don't want the checkout reset to HEAD. - name: Check if tests are checked out and on a non-standard branch - command: "git status" # noqa 303 + ansible.builtin.command: "git status" # noqa 303 args: chdir: /root/createhdds register: createhddsbranch @@ -62,7 +62,7 @@ ansible.builtin.copy: src=createhdds dest=/etc/cron.daily/createhdds owner=root group=root mode=0755 - name: Check if any hard disk images need (re)building - command: "/root/createhdds/createhdds.py check" + ansible.builtin.command: "/root/createhdds/createhdds.py check" args: chdir: /var/lib/openqa/share/factory/hdd/fixed register: diskcheck @@ -79,6 +79,6 @@ # outright *missing* images here in the playbook (to handle the case of # first deployment). Outdated images are handled by the daily cron run. - name: Create hard disk images (this may take a long time!) - command: "/etc/cron.daily/createhdds" + ansible.builtin.command: "/etc/cron.daily/createhdds" when: "diskcheck.rc > 1" ignore_errors: yes diff --git a/roles/openshift-apps/coreos-ci/tasks/main.yaml b/roles/openshift-apps/coreos-ci/tasks/main.yaml index ed5891b911..19f8673e04 100644 --- a/roles/openshift-apps/coreos-ci/tasks/main.yaml +++ b/roles/openshift-apps/coreos-ci/tasks/main.yaml @@ -18,11 +18,11 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{project_name}}/{{ item }}" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{project_name}}/{{ item }}" with_items: "{{ project_templates }}" # create the service account - name: Create service account - command: "/root/bin/oc create sa {{ project_service_account }} -n {{ project_name }}" + ansible.builtin.command: "/root/bin/oc create sa {{ project_service_account }} -n {{ project_name }}" register: sa_resource_create failed_when: sa_resource_create.stderr != '' and 'already exists' not in sa_resource_create.stderr diff --git a/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml b/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml index b6baa2bc18..94696dc72d 100644 --- a/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml +++ b/roles/openshift-apps/fedora-coreos-pipeline/tasks/main.yaml @@ -18,5 +18,5 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{project_name}}/{{ item }}" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{project_name}}/{{ item }}" with_items: "{{ project_templates }}" diff --git a/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml b/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml index 78f130c5e7..854e61490e 100644 --- a/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml +++ b/roles/openshift-apps/firmitas/tasks/create-buildconfig.yml @@ -8,8 +8,8 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/buildconfig.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/buildconfig.yml" # Start a build -- name: "Run oc start-build {{ firmitas_application_name }}-build" - command: "/root/bin/oc start-build {{ firmitas_application_name }}-build -n {{ firmitas_namespace }}" +- name: "oc start-build {{ firmitas_application_name }}-build" + ansible.builtin.command: "/root/bin/oc start-build {{ firmitas_application_name }}-build -n {{ firmitas_namespace }}" diff --git a/roles/openshift-apps/firmitas/tasks/create-cronjob.yml b/roles/openshift-apps/firmitas/tasks/create-cronjob.yml index 423aa81ac3..75b6a45cfa 100644 --- a/roles/openshift-apps/firmitas/tasks/create-cronjob.yml +++ b/roles/openshift-apps/firmitas/tasks/create-cronjob.yml @@ -8,7 +8,7 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/cronjob.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/cronjob.yml" retries: 3 delay: 5 register: cronjob_result diff --git a/roles/openshift-apps/firmitas/tasks/create-deployment.yml b/roles/openshift-apps/firmitas/tasks/create-deployment.yml index 1958e7eaa6..8263f04a01 100644 --- a/roles/openshift-apps/firmitas/tasks/create-deployment.yml +++ b/roles/openshift-apps/firmitas/tasks/create-deployment.yml @@ -8,7 +8,7 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/deployment.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/deployment.yml" retries: 3 delay: 5 register: deployment_result diff --git a/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml b/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml index 5c5261d23d..a69ba7dab2 100644 --- a/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml +++ b/roles/openshift-apps/firmitas/tasks/create-firmitas-configuration-secret.yml @@ -43,6 +43,6 @@ # apply the openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-configuration.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-configuration.yml" tags: - firmitas-configuration-secret diff --git a/roles/openshift-apps/firmitas/tasks/create-imagestream.yml b/roles/openshift-apps/firmitas/tasks/create-imagestream.yml index 4c59389dc8..2087d3026c 100644 --- a/roles/openshift-apps/firmitas/tasks/create-imagestream.yml +++ b/roles/openshift-apps/firmitas/tasks/create-imagestream.yml @@ -8,4 +8,4 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/imagestream.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/imagestream.yml" diff --git a/roles/openshift-apps/firmitas/tasks/create-namespace.yml b/roles/openshift-apps/firmitas/tasks/create-namespace.yml index 12788f3066..196e31bf65 100644 --- a/roles/openshift-apps/firmitas/tasks/create-namespace.yml +++ b/roles/openshift-apps/firmitas/tasks/create-namespace.yml @@ -8,4 +8,4 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/namespace.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/namespace.yml" diff --git a/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml b/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml index e2dcc83b3b..e606858925 100644 --- a/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml +++ b/roles/openshift-apps/firmitas/tasks/create-pagure-apikey-secret.yml @@ -8,4 +8,4 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-pagure-apikey.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/secret-pagure-apikey.yml" diff --git a/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml b/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml index 0eacb6a06b..d799cce6f6 100644 --- a/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml +++ b/roles/openshift-apps/firmitas/tasks/create-persistent-volume-claim.yml @@ -8,5 +8,5 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/persistent-volume-claim.yml" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/firmitas/persistent-volume-claim.yml" ignore_errors: true diff --git a/roles/openshift/project/tasks/main.yml b/roles/openshift/project/tasks/main.yml index d9b86bba89..41de2844f1 100644 --- a/roles/openshift/project/tasks/main.yml +++ b/roles/openshift/project/tasks/main.yml @@ -8,7 +8,7 @@ mode: "0750" - name: Determine if project already exists - command: oc get project {{project_app}} + ansible.builtin.command: oc get project {{project_app}} register: project_exists failed_when: false changed_when: "'not found' in project_exists.stderr" diff --git a/roles/openshift/sysadmin-openshift/tasks/resources.yaml b/roles/openshift/sysadmin-openshift/tasks/resources.yaml index 1b2ce4a346..f78787de32 100644 --- a/roles/openshift/sysadmin-openshift/tasks/resources.yaml +++ b/roles/openshift/sysadmin-openshift/tasks/resources.yaml @@ -22,7 +22,7 @@ # apply created openshift resources - name: Oc apply resources - command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{sysadmin_openshift_project_name}}/{{ item }}" + ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/{{sysadmin_openshift_project_name}}/{{ item }}" with_items: "{{ sysadmin_openshift_project_templates }}" tags: - create-resources diff --git a/roles/packages3/web/tasks/main.yml b/roles/packages3/web/tasks/main.yml index 6c9e9e8ca7..b26cad0388 100644 --- a/roles/packages3/web/tasks/main.yml +++ b/roles/packages3/web/tasks/main.yml @@ -159,7 +159,7 @@ state: present - name: Build the database the first time. This takes a while - command: /usr/bin/fcomm-index-packages --index-db-dest=/var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --mdapi-url=https://apps{{env_suffix}}.fedoraproject.org/mdapi --icons-url=https://dl.fedoraproject.org/pub/alt/screenshots creates=/var/cache/fedoracommunity/packages/xapian/search/termlist.glass + ansible.builtin.command: /usr/bin/fcomm-index-packages --index-db-dest=/var/cache/fedoracommunity/packages/xapian --icons-dest /var/cache/fedoracommunity/packages/icons --mdapi-url=https://apps{{env_suffix}}.fedoraproject.org/mdapi --icons-url=https://dl.fedoraproject.org/pub/alt/screenshots creates=/var/cache/fedoracommunity/packages/xapian/search/termlist.glass tags: - packages - packages/web diff --git a/roles/pagure/tasks/main.yml b/roles/pagure/tasks/main.yml index fc06eac5ac..c4591046c3 100644 --- a/roles/pagure/tasks/main.yml +++ b/roles/pagure/tasks/main.yml @@ -27,7 +27,7 @@ - packages - name: Initialize postgres if necessary - command: /usr/bin/postgresql-setup initdb + ansible.builtin.command: /usr/bin/postgresql-setup initdb creates=/var/lib/pgsql/data notify: - restart postgresql @@ -108,7 +108,7 @@ - pagure - name: Create the "git" user - command: useradd --create-home --home-dir=/srv/git/ git + ansible.builtin.command: useradd --create-home --home-dir=/srv/git/ git creates=/srv/git/ tags: - pagure @@ -381,7 +381,7 @@ - name: Create the database scheme - command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py + ansible.builtin.command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py changed_when: "1 != 1" environment: PAGURE_CONFIG: /etc/pagure/pagure.cfg @@ -418,7 +418,7 @@ - restart apache - name: Let paguremirroring read the pagure config - command: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg + ansible.builtin.command: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg tags: - pagure - mirror @@ -431,13 +431,13 @@ - name: Manually fix current default ACLs since Ansible doesnt know recursive acls when: acl_updates.changed - command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git + ansible.builtin.command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git tags: - pagure - name: Manually fix current ACLs since Ansible doesnt know recursive acls when: acl_updates.changed - command: /usr/bin/setfacl -Rm user:apache:rx /srv/git + ansible.builtin.command: /usr/bin/setfacl -Rm user:apache:rx /srv/git tags: - pagure diff --git a/roles/pagure/tasks/selinux.yml b/roles/pagure/tasks/selinux.yml index 3411713e72..2e71976e04 100644 --- a/roles/pagure/tasks/selinux.yml +++ b/roles/pagure/tasks/selinux.yml @@ -1,6 +1,6 @@ --- - name: Check the selinux context of the git repo directory - command: matchpathcon /srv/git + ansible.builtin.command: matchpathcon /srv/git register: distgitcontext check_mode: no changed_when: false @@ -22,7 +22,7 @@ - selinux - name: Set the SELinux policy for the distgit root directory - command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?" + ansible.builtin.command: semanage fcontext -a -t gitosis_var_lib_t "/srv/git(/.*)?" when: distgitcontext.stdout.find('gitosis_var_lib_t') == -1 tags: - config @@ -30,7 +30,7 @@ - selinux - name: Check the selinux context of the releases directory - command: matchpathcon /var/www/releases + ansible.builtin.command: matchpathcon /var/www/releases register: distgitcontext check_mode: no changed_when: false @@ -41,7 +41,7 @@ # Note: On Fedora its httpd_sys_content_rw_t - Don't we love confusions? - name: Set the SELinux policy for the releases directory - command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/releases(/.*)?" when: distgitcontext.stdout.find('httpd_sys_rw_content_t') == -1 tags: - config diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml index ee65477c69..db2bb12138 100644 --- a/roles/people/tasks/main.yml +++ b/roles/people/tasks/main.yml @@ -76,7 +76,7 @@ - people - name: Check the selinux context of the users home git dirs - command: matchpathcon "/home/fedora/someone/public_git" + ansible.builtin.command: matchpathcon "/home/fedora/someone/public_git" register: gitcontext check_mode: no changed_when: false @@ -85,14 +85,14 @@ - selinux - name: Set the SELinux policy for the users home git dirs - command: semanage fcontext -a -t git_user_content_t "/home/fedora/(.*)/public_git(.*)" + ansible.builtin.command: semanage fcontext -a -t git_user_content_t "/home/fedora/(.*)/public_git(.*)" when: gitcontext.stdout.find('git_user_content_t') == -1 tags: - config - selinux - name: Check the selinux context of the project dirs - command: matchpathcon "/project" + ansible.builtin.command: matchpathcon "/project" register: gitcontext check_mode: no changed_when: false @@ -101,14 +101,14 @@ - selinux - name: Set the SELinux policy for the project dirs - command: semanage fcontext -a -t httpd_sys_content_t "/project(.*)" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/project(.*)" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: - config - selinux - name: Check the selinux context of the web dir - command: matchpathcon "/srv/web" + ansible.builtin.command: matchpathcon "/srv/web" register: gitcontext check_mode: no changed_when: false @@ -117,14 +117,14 @@ - selinux - name: Set the SELinux policy for the web dir - command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: - config - selinux - name: Check the selinux context of the people dir - command: matchpathcon "/srv/people" + ansible.builtin.command: matchpathcon "/srv/people" register: gitcontext check_mode: no changed_when: false @@ -133,7 +133,7 @@ - selinux - name: Set the SELinux policy for the web dir - command: semanage fcontext -a -t httpd_sys_content_t "/srv/people(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/people(/.*)?" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: - config @@ -142,7 +142,7 @@ # This is a file context alias, to let ansible know that /home and /srv/home # are equal as far as contexts are concerned. - name: Check the selinux context alias of the home dir - command: matchpathcon "/srv/home" + ansible.builtin.command: matchpathcon "/srv/home" register: gitcontext check_mode: no changed_when: false @@ -151,7 +151,7 @@ - selinux - name: Set the SELinux policy alias for the home dir - command: semanage fcontext -a -e /home /srv/home + ansible.builtin.command: semanage fcontext -a -e /home /srv/home when: gitcontext.stdout.find('home_root_t') == -1 tags: - config @@ -172,7 +172,7 @@ # Default quota for users is 2gb # - name: Set default xfs quotas on /srv - command: xfs_quota -x -c 'limit bsoft=2g bhard=2g -d' /srv + ansible.builtin.command: xfs_quota -x -c 'limit bsoft=2g bhard=2g -d' /srv check_mode: no register: xfs_quotaoutput changed_when: "xfs_quotaoutput.rc != 0" @@ -185,7 +185,7 @@ # It's also safe to aways run. # - name: Set quotas for people who have more set - command: >- + ansible.builtin.command: >- xfs_quota -x -c 'limit bsoft={{ item.quota }} bhard={{ item.quota }} {{ item.user }}' /srv with_items: - {user: adamwill, quota: 8g} diff --git a/roles/planet/tasks/main.yml b/roles/planet/tasks/main.yml index b0bfbd3ffa..e6af20c07f 100644 --- a/roles/planet/tasks/main.yml +++ b/roles/planet/tasks/main.yml @@ -54,7 +54,7 @@ - /srv/planet/config - name: Check the selinux context of the planet dir - command: matchpathcon "/srv/planet" + ansible.builtin.command: matchpathcon "/srv/planet" register: gitcontext check_mode: no changed_when: false @@ -64,7 +64,7 @@ - planet_server - name: Set the SELinux policy for the planet dir - command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/planet(/.*)?" when: gitcontext.stdout.find('httpd_sys_content_t') == -1 tags: - config diff --git a/roles/postgresql_server/tasks/main.yml b/roles/postgresql_server/tasks/main.yml index 014cff5470..551629f0f1 100644 --- a/roles/postgresql_server/tasks/main.yml +++ b/roles/postgresql_server/tasks/main.yml @@ -75,7 +75,7 @@ - postgresql - name: Initialize postgres if necessary - command: /usr/bin/postgresql-setup initdb + ansible.builtin.command: /usr/bin/postgresql-setup initdb creates=/var/lib/pgsql/data/postgresql.conf notify: - restart postgresql diff --git a/roles/rabbitmq_cluster/tasks/main.yml b/roles/rabbitmq_cluster/tasks/main.yml index 6e441d9571..639ad7922a 100644 --- a/roles/rabbitmq_cluster/tasks/main.yml +++ b/roles/rabbitmq_cluster/tasks/main.yml @@ -474,11 +474,11 @@ register: selinux_module - name: Compile and install our custom selinux module - command: /etc/nagios/selinux-load.sh + ansible.builtin.command: /etc/nagios/selinux-load.sh when: selinux_module is changed - name: /var/log/rabbitmq selinux file context - command: semanage fcontext -a -t var_log_t "/var/log/rabbitmq(/.*)?" + ansible.builtin.command: semanage fcontext -a -t var_log_t "/var/log/rabbitmq(/.*)?" register: semanage_rabbit changed_when: "'already defined' not in semanage_rabbit.stdout" tags: diff --git a/roles/relvalconsumer/handlers/main.yml b/roles/relvalconsumer/handlers/main.yml index 8d57f1f1f5..8d7f24cb1b 100644 --- a/roles/relvalconsumer/handlers/main.yml +++ b/roles/relvalconsumer/handlers/main.yml @@ -1,11 +1,11 @@ # Restart handler for our fedora-messaging consumers --- - name: Conditionally restart relvalconsumer consumer service - command: /usr/local/bin/conditional-restart.sh fm-consumer@relvalconsumer + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@relvalconsumer listen: - restart relvalconsumer - name: Conditionally restart relvalamiconsumer consumer service - command: /usr/local/bin/conditional-restart.sh fm-consumer@relvalamiconsumer + ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@relvalamiconsumer listen: - restart relvalamiconsumer diff --git a/roles/relvalconsumer/tasks/main.yml b/roles/relvalconsumer/tasks/main.yml index 5b71f4cb67..a94697a161 100644 --- a/roles/relvalconsumer/tasks/main.yml +++ b/roles/relvalconsumer/tasks/main.yml @@ -142,14 +142,14 @@ register: gitrvc - name: Check if relvalconsumer is installed for current Python - command: "pip show relvalconsumer" + ansible.builtin.command: "pip show relvalconsumer" register: instrvc changed_when: "1 != 1" failed_when: "1 != 1" check_mode: no - name: Install relvalconsumer - command: "python3 -m pip install --no-deps /root/relvalconsumer" + ansible.builtin.command: "python3 -m pip install --no-deps /root/relvalconsumer" when: "gitrvc is changed or instrvc.rc != 0" notify: - restart relvalconsumer diff --git a/roles/selinux/module/tasks/main.yml b/roles/selinux/module/tasks/main.yml index 3f72f2963c..4d85f0d919 100644 --- a/roles/selinux/module/tasks/main.yml +++ b/roles/selinux/module/tasks/main.yml @@ -19,21 +19,21 @@ - selinux/module - name: Build our custom selinux module - command: checkmodule -M -m -o /usr/local/share/{{ policy_name }}.mod /usr/local/share/{{ policy_name }}.te + ansible.builtin.command: checkmodule -M -m -o /usr/local/share/{{ policy_name }}.mod /usr/local/share/{{ policy_name }}.te when: selinux_module is changed tags: - selinux - selinux/module - name: Compile our custom selinux module - command: semodule_package -o /usr/local/share/{{ policy_name }}.pp -m /usr/local/share/{{ policy_name }}.mod + ansible.builtin.command: semodule_package -o /usr/local/share/{{ policy_name }}.pp -m /usr/local/share/{{ policy_name }}.mod when: selinux_module is changed tags: - selinux - selinux/module - name: Install our custom selinux module - command: semodule -i /usr/local/share/{{ policy_name }}.pp + ansible.builtin.command: semodule -i /usr/local/share/{{ policy_name }}.pp when: selinux_module is changed tags: - selinux diff --git a/roles/serial-console/tasks/main.yml b/roles/serial-console/tasks/main.yml index 59f9ea52f4..c67bb8b35d 100644 --- a/roles/serial-console/tasks/main.yml +++ b/roles/serial-console/tasks/main.yml @@ -12,7 +12,7 @@ - serial-console - name: Set grub to use serial console - command: /sbin/grubby --update-kernel=ALL --args="console=tty0 console=ttyS0,115200 console=ttyS1,115200" + ansible.builtin.command: /sbin/grubby --update-kernel=ALL --args="console=tty0 console=ttyS0,115200 console=ttyS1,115200" when: serial is defined and serial.stdout.find("console=tty0 console=ttyS0,115200 console=ttyS1,115200") == -1 failed_when: '1 != 1' tags: diff --git a/roles/supybot/tasks/main.yml b/roles/supybot/tasks/main.yml index 9229a5e4cd..a1b87c9913 100644 --- a/roles/supybot/tasks/main.yml +++ b/roles/supybot/tasks/main.yml @@ -66,7 +66,7 @@ tags: supybot - name: Check the selinux context of the /srv/web/meetbot dir - command: matchpathcon /srv/web/meetbot + ansible.builtin.command: matchpathcon /srv/web/meetbot register: context check_mode: no changed_when: "1 != 1" @@ -77,7 +77,7 @@ - supybot - name: /srv/web/meetbot file contexts - command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/meetbot(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/meetbot(/.*)?" when: context.stdout.find('httpd_sys_content_t') == -1 tags: - config diff --git a/roles/torrent/tasks/main.yml b/roles/torrent/tasks/main.yml index 95d7cfe1e7..e30af9e4d0 100644 --- a/roles/torrent/tasks/main.yml +++ b/roles/torrent/tasks/main.yml @@ -69,7 +69,7 @@ - config - name: Check the selinux context of webdir - command: matchpathcon /srv/web + ansible.builtin.command: matchpathcon /srv/web register: webdir check_mode: no changed_when: "1 != 1" @@ -80,7 +80,7 @@ - httpd/website - name: /srv/web file contexts - command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" + ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?" when: webdir.stdout.find('httpd_sys_content_t') == -1 tags: - config diff --git a/roles/zabbix/zabbix_server/tasks/install.yml b/roles/zabbix/zabbix_server/tasks/install.yml index 9eff00c109..1ceb226745 100644 --- a/roles/zabbix/zabbix_server/tasks/install.yml +++ b/roles/zabbix/zabbix_server/tasks/install.yml @@ -16,7 +16,7 @@ - configure-dnf - name: Install the zabbix rpm - command: "rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/9/x86_64/zabbix-release-latest.el9.noarch.rpm" + ansible.builtin.command: "rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/9/x86_64/zabbix-release-latest.el9.noarch.rpm" ignore_errors: true tags: - packages diff --git a/tasks/cloud_setup_basic.yml b/tasks/cloud_setup_basic.yml index 4a4e133e17..17a4a37b63 100644 --- a/tasks/cloud_setup_basic.yml +++ b/tasks/cloud_setup_basic.yml @@ -58,21 +58,21 @@ - config - name: Update all - command: yum -y update creates=/etc/sysconfig/global-update-applied + ansible.builtin.command: yum -y update creates=/etc/sysconfig/global-update-applied register: updated when: ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat' tags: - packages - name: Update all - command: dnf -y update creates=/etc/sysconfig/global-update-applied + ansible.builtin.command: dnf -y update creates=/etc/sysconfig/global-update-applied register: updated when: ansible_distribution_major_version|int > 7 and ansible_distribution == 'RedHat' and ansible_cmdline.ostree is not defined tags: - packages - name: Update all - command: dnf -y update creates=/etc/sysconfig/global-update-applied + ansible.builtin.command: dnf -y update creates=/etc/sysconfig/global-update-applied register: updated when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' and ansible_cmdline.ostree is not defined tags: diff --git a/tasks/swap.yml b/tasks/swap.yml index cf27721450..1f64b75d34 100644 --- a/tasks/swap.yml +++ b/tasks/swap.yml @@ -23,7 +23,7 @@ - swap - name: Create swap file - command: + ansible.builtin.command: cmd: "dd if=/dev/zero of={{ swap_file_path }} bs=1024 count={{ swap_file_size_mb }}k" when: swap_touch.changed tags: @@ -40,7 +40,7 @@ - swap - name: Check swap file type - command: file {{ swap_file_path }} + ansible.builtin.command: file {{ swap_file_path }} register: swapfile changed_when: false tags: @@ -70,7 +70,7 @@ - swap - name: Mount swap - command: "swapon -a" + ansible.builtin.command: "swapon -a" # when: ansible_swaptotal_mb|int < 1 when: swap_fstab_added.changed tags: