ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command

Replaces many references to command: with ansible.builtin.command Signed-off-by: Ryan Lerch <rlerch@redhat.com>
2024-12-19 11:22:24 +10:00 · 2024-12-19 11:22:24 +10:00 · 462176464b
commit 462176464b
parent 6a3816dfdc
145 changed files with 366 additions and 366 deletions
--- a/handlers/restart_services.yml
+++ b/handlers/restart_services.yml
@ -3,10 +3,10 @@
 #
 ---
 - name: reload systemd
-  command: systemctl daemon-reload
+  ansible.builtin.command: systemctl daemon-reload
 - name: restart apache
-  command: /usr/local/bin/conditional-restart.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd
 - name: reload apache
  action: service name=httpd state=reloaded
@ -18,31 +18,31 @@
  action: service name=crond state=restarted
 - name: restart fedmsg-gateway
-  command: /usr/local/bin/conditional-restart.sh fedmsg-gateway
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-gateway
 - name: restart fedmsg-hub
-  command: /usr/local/bin/conditional-restart.sh {{ item }}
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh {{ item }}
  with_items:
  - fedmsg-hub
  - fedmsg-hub-3
 - name: restart fedmsg-hub-3
-  command: /usr/local/bin/conditional-restart.sh {{ item }}
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh {{ item }}
  with_items:
  - fedmsg-hub
  - fedmsg-hub-3
 - name: restart fedmsg-irc
-  command: /usr/local/bin/conditional-restart.sh fedmsg-irc
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-irc
 - name: restart fedmsg-relay
-  command: /usr/local/bin/conditional-restart.sh fedmsg-relay
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-relay
 - name: restart fm-consumer@koji_sync_listener
  action: service name=fm-consumer@koji_sync_listener state=restarted enabled=yes
 - name: reload httpd
-  command: /usr/local/bin/conditional-reload.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/conditional-reload.sh httpd httpd
 - name: restart iptables
  action: service name=iptables state=restarted
@ -98,22 +98,22 @@
  action: service name=network state=restarted
 - name: rebuild postfix transport
-  command: /usr/sbin/postmap /etc/postfix/transport
+  ansible.builtin.command: /usr/sbin/postmap /etc/postfix/transport
 - name: rebuild postfix bysender
-  command: /usr/sbin/postmap /etc/postfix/bysender
+  ansible.builtin.command: /usr/sbin/postmap /etc/postfix/bysender
 - name: rebuild postfix tls_policy
-  command: /usr/sbin/postmap /etc/postfix/tls_policy
+  ansible.builtin.command: /usr/sbin/postmap /etc/postfix/tls_policy
 - name: restart postfix
  service: name=postfix state=restarted
 - name: reload proxyhttpd
-  command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd
 - name: run rkhunter
-  command: rkhunter --propupd
+  ansible.builtin.command: rkhunter --propupd
 - name: restart moksha-hub
  service: name=moksha-hub state=restarted
@ -139,7 +139,7 @@
  service: name=pagure_ev state=restarted
 - name: "update ca-trust"
-  command: /usr/bin/update-ca-trust
+  ansible.builtin.command: /usr/bin/update-ca-trust
 - name: restart stunnel
  service: name=stunnel state=restarted
@ -151,20 +151,20 @@
  service: name=NetworkManager state=restarted
 - name: reload NetworkManager-connections
-  command: nmcli c reload
+  ansible.builtin.command: nmcli c reload
 - name: restart basset-worker
  service: name=basset-worker state=restarted
 - name: apply interface-changes
-  command: nmcli con up {{ item.split()[1] }}
+  ansible.builtin.command: nmcli con up {{ item.split()[1] }}
  async: 1
  poll: 0
  loop: "{{ if_uuid.stdout_lines|flatten(levels=1) }}"
  when: item.split()[1] not in ansible_ifcfg_disabled
 - name: flush journald tmpfiles to persistent store
-  command: pkill -f -USR1 systemd-journald
+  ansible.builtin.command: pkill -f -USR1 systemd-journald
 - name: restart idmapd
  service: name=nfs-idmapd state=restarted
--- a/playbooks/check-for-updates.yml
+++ b/playbooks/check-for-updates.yml
@ -33,7 +33,7 @@
 #
  - name: Make dnf recheck for new metadata from repos
-    command: dnf clean expire-cache
+    ansible.builtin.command: dnf clean expire-cache
  - name: Check for updates (dnf)
    dnf: list=updates
--- a/playbooks/check-host.yml
+++ b/playbooks/check-host.yml
@ -144,7 +144,7 @@
      - fileverify
  - name: Get locally changed files (excluding config files)
-    command: "egrep -v '  c /' {{ localchanges.stdout }}"
+    ansible.builtin.command: "egrep -v '  c /' {{ localchanges.stdout }}"
    register: rpm_va_nc
    changed_when: false
    when: localchanges is defined and localchanges.stdout != ""
@ -161,7 +161,7 @@
      - fileverify
  - name: 'Whitelist - Get locally changed files (config files)'
-    command: "egrep '  c /' {{ localchanges.stdout }}"
+    ansible.builtin.command: "egrep '  c /' {{ localchanges.stdout }}"
    register: rpm_va_c
    when: localchanges is defined and localchanges.stdout != ""
    changed_when: false
--- a/playbooks/clear_memcached.yml
+++ b/playbooks/clear_memcached.yml
@ -5,4 +5,4 @@
  tasks:
  - name: Clear memcache
-    command: echo flush_all | nc localhost 11211
+    ansible.builtin.command: echo flush_all | nc localhost 11211
--- a/playbooks/clear_varnish.yml
+++ b/playbooks/clear_varnish.yml
@ -6,4 +6,4 @@
  tasks:
  - name: Clear varnish
-    command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == .
+    ansible.builtin.command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == .
--- a/playbooks/death_to_postfix.yml
+++ b/playbooks/death_to_postfix.yml
@ -13,10 +13,10 @@
    # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there..
    - name: Really kill postfix master process
-      command: pkill -u root master removes=/var/spool/postfix/pid/master.pid
+      ansible.builtin.command: pkill -u root master removes=/var/spool/postfix/pid/master.pid
    - name: Clean up old pid lock file.
-      command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid
+      ansible.builtin.command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid
    - name: Try to start postfix cleanly
      service: name=postfix state=started
--- a/playbooks/destroy_virt_inst.yml
+++ b/playbooks/destroy_virt_inst.yml
@ -42,5 +42,5 @@
    delegate_to: "{{ vmhost }}"
  - name: Destroy the lv
-    command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}}
+    ansible.builtin.command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}}
    delegate_to: "{{ vmhost }}"
--- a/playbooks/groups/proxies.yml
+++ b/playbooks/groups/proxies.yml
@ -153,5 +153,5 @@
    ignore_errors: true
  - name: make sure selinux contexts are right on srv
-    command: restorecon -R /srv
+    ansible.builtin.command: restorecon -R /srv
    changed_when: false
--- a/playbooks/host_reboot.yml
+++ b/playbooks/host_reboot.yml
@ -14,13 +14,13 @@
    ignore_errors: true
  - name: Reboot the host
-    command: /sbin/shutdown -r 1
+    ansible.builtin.command: /sbin/shutdown -r 1
  - name: Wait for host to come back - up to 15 minutes
    local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH
 #  - name: Sync time
-#    command: ntpdate -u 1.rhel.pool.ntp.org
+#    ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org
  - name: Tell nagios to unshush
    nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }}
--- a/playbooks/host_update.yml
+++ b/playbooks/host_update.yml
@ -11,10 +11,10 @@
  tasks:
  - name: Expire-caches
-    command: yum clean expire-cache
+    ansible.builtin.command: yum clean expire-cache
  - name: Yum -y {{ yumcommand }}
-    command: yum -y {{ yumcommand }}
+    ansible.builtin.command: yum -y {{ yumcommand }}
    async: 7200
    poll: 30
@ -24,10 +24,10 @@
  tasks:
  - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true
  - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success
--- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
+++ b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml
@ -42,7 +42,7 @@
    - selinux
  - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p tcp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124
    when: '"124" not in ntp_selinux_port'
    failed_when: false
    tags:
@ -50,7 +50,7 @@
    - selinux
  - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p udp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124
    when: '"124" not in ntp_selinux_port'
    failed_when: false
    tags:
--- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
+++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml
@ -52,7 +52,7 @@
    - selinux
  - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p tcp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124
    when: '"124" not in ntp_selinux_port'
    failed_when: false
    tags:
@ -60,7 +60,7 @@
    - selinux
  - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p udp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124
    when: '"124" not in ntp_selinux_port'
    failed_when: false
    tags:
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -20,7 +20,7 @@
    - httpd/website
  - name: Check the selinux context of webdir
-    command: matchpathcon /srv/web
+    ansible.builtin.command: matchpathcon /srv/web
    register: webdir
    check_mode: no
    changed_when: "1 != 1"
@ -31,7 +31,7 @@
    - httpd/website
  - name: /srv/web file contexts
-    command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
+    ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
    when: webdir.stdout.find('httpd_sys_content_t') == -1
    tags:
    - config
--- a/playbooks/manual/gdpr/delete.yml
+++ b/playbooks/manual/gdpr/delete.yml
@ -9,7 +9,7 @@
  strategy: free
  tasks:
    # Non-huge SAR retrieval
-    - command: "{{ gdpr_delete_script }}"
+    - ansible.builtin.command: "{{ gdpr_delete_script }}"
      environment:
        SAR_USERNAME: "{{ gdpr_delete_fas_user }}"
        SAR_EMAIL: "{{ gdpr_delete_email }}"
--- a/playbooks/manual/gdpr/sar.yml
+++ b/playbooks/manual/gdpr/sar.yml
@ -9,7 +9,7 @@
    - name: "Create the archive"
      block:
        # Create a safe place to store the files.
-        - command: "mktemp -d"
+        - ansible.builtin.command: "mktemp -d"
          register: sar_tmp_dir
        # Let's make this a more conveniently expressed variable.
        - set_fact:
@ -20,7 +20,7 @@
  strategy: free
  tasks:
    # Non-huge SAR retrieval
-    - command: "{{ sar_script }}"
+    - ansible.builtin.command: "{{ sar_script }}"
      environment:
        SAR_USERNAME: "{{ sar_fas_user }}"
        SAR_EMAIL: "{{ sar_email }}"
@ -36,7 +36,7 @@
      delegate_facts: false
      when: "sar_huge is not defined or not sar_huge"
    # Remove the variable from memory
-    - command: "/bin/true"
+    - ansible.builtin.command: "/bin/true"
      register: sar_data
      when: "sar_huge is not defined or not sar_huge"
@ -61,7 +61,7 @@
          args:
            chdir: "{{ sar_tmp_dir }}"
        # Move the tarball into the desired pick up location.
-        - command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}"
+        - ansible.builtin.command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}"
      always:
        # Let's clean up our temporary directory.
-        - command: "rm -r {{ sar_tmp_dir }}"
+        - ansible.builtin.command: "rm -r {{ sar_tmp_dir }}"
--- a/playbooks/manual/gdpr/sar_openshift.yml
+++ b/playbooks/manual/gdpr/sar_openshift.yml
@ -6,7 +6,7 @@
  register: pod_id
 # Run the SAR script
 - name: Run oc exec in container to extract the data
-  command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'"
+  ansible.builtin.command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'"
  register: sar_data
 # Store the result on disk
 - name: Copy the output data locally
--- a/playbooks/manual/history_undo.yml
+++ b/playbooks/manual/history_undo.yml
@ -24,7 +24,7 @@
    when: transaction_id.stderr == ""
  - name: Get info on that transaction
-    command: yum history info {{ transaction_id.stdout }}
+    ansible.builtin.command: yum history info {{ transaction_id.stdout }}
    register: transaction_info
    when: transaction_id.stderr == ""
@ -35,5 +35,5 @@
  #  when: transaction_id.stderr == ""
  - name: Okay.. undo that transaction now
-    command: yum -y history undo {{ transaction_id.stdout }}
+    ansible.builtin.command: yum -y history undo {{ transaction_id.stdout }}
    when: transaction_id.stderr == ""
--- a/playbooks/manual/import-irc-cookies-to-matrix.yml
+++ b/playbooks/manual/import-irc-cookies-to-matrix.yml
@ -33,7 +33,7 @@
        mode: "0755"
    - name: Run the import script
-      command:
+      ansible.builtin.command:
        argv:
          - /usr/local/bin/karma-to-cookies-db
          - -i
--- a/playbooks/manual/noggin-deployment/create-full-backup.yml
+++ b/playbooks/manual/noggin-deployment/create-full-backup.yml
@ -7,7 +7,7 @@
  #  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
    - name: Create backup of FreeIPA server data
-      command: ipa-backup
+      ansible.builtin.command: ipa-backup
    - name: Make the latest backup available under a fixed name
      shell:
--- a/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml
+++ b/playbooks/manual/noggin-deployment/reenroll-ipa-client.yml
@ -32,14 +32,14 @@
  # Checks
  - name: Check if the host can obtain a Kerberos ticket
-    command: kinit -kt /etc/krb5.keytab
+    ansible.builtin.command: kinit -kt /etc/krb5.keytab
    ignore_errors: yes
    changed_when: no
    register: kinit_res
    when: ipa_server is defined
  - name: Ping the IPA server
-    command: ipa ping
+    ansible.builtin.command: ipa ping
    ignore_errors: yes
    changed_when: no
    register: ipa_ping_res
@ -56,7 +56,7 @@
  # Do the things
  - name: Unenroll IPA client
-    command: ipa-client-install --uninstall --unattended
+    ansible.builtin.command: ipa-client-install --uninstall --unattended
    when: do_the_things
  - name: Apply the ipa/client role
--- a/playbooks/manual/noggin-deployment/restore-latest-backup.yml
+++ b/playbooks/manual/noggin-deployment/restore-latest-backup.yml
@ -7,4 +7,4 @@
    # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
    - name: Restore latest backup of FreeIPA server data
-      command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }}
+      ansible.builtin.command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }}
--- a/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml
+++ b/playbooks/manual/noggin-deployment/uninstall_ipa_client.yml
@ -9,7 +9,7 @@
  tasks:
  - name: Uninstall IPA client
-    command: ipa-client-install --uninstall --unattended
+    ansible.builtin.command: ipa-client-install --uninstall --unattended
    ignore_errors: yes
 - import_playbook: "/srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml"
@ -67,7 +67,7 @@
    loop: "{{keytabs}}"
  - name: Remove keytab secret
-    command: oc -n {{item.app}} delete secret {{item.secret_name}}
+    ansible.builtin.command: oc -n {{item.app}} delete secret {{item.secret_name}}
    register: delete_out
    failed_when: "delete_out.rc != 0 and 'NotFound' not in delete_out.stderr"
    changed_when: "delete_out.rc == 0 and 'secret \"{{item.secret_name}}\" deleted' in delete_out.stdout"
--- a/playbooks/manual/oci-registry-prune.yml
+++ b/playbooks/manual/oci-registry-prune.yml
@ -29,7 +29,7 @@
  - debug: var=prod_output.stdout_lines
  - name: Run registry garbage collection to reclaim disk space
-    command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
+    ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
    when: env == "production"
  - name: Find and Delete 30 days old OCI images (stg)
@ -45,5 +45,5 @@
  - debug: var=stg_output.stdout_lines
  - name: Run registry garbage collection to reclaim disk space (stg)
-    command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
+    ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
    when: env == "staging"
--- a/playbooks/manual/ocp4-place-ignitionfiles.yml
+++ b/playbooks/manual/ocp4-place-ignitionfiles.yml
@ -100,7 +100,7 @@
          - kvm_deploy
        when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms']
      - name: == OCP KVM provisioning == Deploying the OCP Virtual Guest[s]
-        command: "{{ virt_install_command }}"
+        ansible.builtin.command: "{{ virt_install_command }}"
        delegate_to: "{{ vmhost }}"
        tags:
          - kvm_deploy
--- a/playbooks/manual/rebuild/websites.yml
+++ b/playbooks/manual/rebuild/websites.yml
@ -11,7 +11,7 @@
  tasks:
  - name: Run syncStatic (this takes a while)...
-    command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic
+    ansible.builtin.command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic
 - name: Tell the proxies to sync that freshness
  hosts: proxies:proxies_stg
@ -23,7 +23,7 @@
  tasks:
  - name: Rsync each site in to place
-    command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/
+    ansible.builtin.command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/
    with_items:
    - getfedora.org
    - fedoracommunity.org
--- a/playbooks/manual/sign-and-import.yml
+++ b/playbooks/manual/sign-and-import.yml
@ -52,7 +52,7 @@
      - "{{ rpmdir }}/*.src.rpm"
  - name: Move processed srpms out to {{ rpmdir }}-old
-    command: /bin/mv {{ item }} {{ rpmdir }}-old/
+    ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/
    when: not testing
    with_fileglob:
      - "{{ rpmdir }}/*.src.rpm"
@ -68,13 +68,13 @@
      - "{{ rpmdir }}/*.rpm"
  - name: Move processed rpms out to {{ rpmdir }}-old
-    command: /bin/mv {{ item }} {{ rpmdir }}-old/
+    ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/
    when: not testing
    with_fileglob:
      - "{{ rpmdir }}/*.rpm"
  - name: Run createrepo on each repo
-    command: createrepo --update {{ repodir }}/{{ item }}/
+    ansible.builtin.command: createrepo --update {{ repodir }}/{{ item }}/
    with_items:
    - SRPMS
    - x86_64
--- a/playbooks/manual/staging-sync/bodhi.yml
+++ b/playbooks/manual/staging-sync/bodhi.yml
@ -20,9 +20,9 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
-  - command: oc -n bodhi scale dc/bodhi-web --replicas=0
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0
-  - command: oc -n bodhi scale dc/bodhi-consumer --replicas=0
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=0
-  - command: oc -n bodhi scale dc/bodhi-celery --replicas=0
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=0
 - name: Bring staging services down (messaging)
  hosts: bodhi_backend_stg
@ -60,10 +60,10 @@
      src: /srv/web/infra/db-dumps/bodhi2.dump.xz
      dest: /var/tmp/bodhi2.dump.xz
      owner: postgres group=postgres
-  - command: unxz /var/tmp/bodhi2.dump.xz
+  - ansible.builtin.command: unxz /var/tmp/bodhi2.dump.xz
             creates=/var/tmp/bodhi2.dump
-  - command: dropdb bodhi2
+  - ansible.builtin.command: dropdb bodhi2
-  - command: createdb -O bodhi2 bodhi2
+  - ansible.builtin.command: createdb -O bodhi2 bodhi2
  - name: Import the prod db.
    shell: cat /var/tmp/bodhi2.dump | psql bodhi2
  - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent
@ -77,9 +77,9 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
-  - command: oc -n bodhi scale dc/bodhi-web --replicas=1
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=1
-  - command: oc -n bodhi scale dc/bodhi-consumer --replicas=1
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=1
-  - command: oc -n bodhi scale dc/bodhi-celery --replicas=1
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=1
 - name: Bring staging services up (httpd)
  hosts: bodhi2_stg
--- a/playbooks/manual/staging-sync/db-sync.yml
+++ b/playbooks/manual/staging-sync/db-sync.yml
@ -78,15 +78,15 @@
      dest: /var/tmp/{{ db }}.dump.xz
  - name: Unpack the archive
-    command: unxz /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.command: unxz /var/tmp/{{ db }}.dump.xz
             creates=/var/tmp/{{ db }}.dump
  - name: Drop the postgresql database in staging
-    command: dropdb {{ db }}
+    ansible.builtin.command: dropdb {{ db }}
    ignore_errors: yes
  - name: Create the postgresql database in staging
-    command: createdb {{ db }}
+    ansible.builtin.command: createdb {{ db }}
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
    shell: cat /var/tmp/{{ db }}.dump | psql {{ db }}
@ -123,7 +123,7 @@
  tasks:
  - name: Remove the db dump on the prod server
-    command: rm -f /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz
 - name: Remove the prod db dump on batcave
  hosts: batcave01.iad2.fedoraproject.org
@ -138,4 +138,4 @@
  tasks:
  - name: Remove the DB dump from batcave
-    command: rm -f /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz
--- a/playbooks/manual/staging-sync/mailman.yml
+++ b/playbooks/manual/staging-sync/mailman.yml
@ -40,12 +40,12 @@
      dest: /var/tmp/mailman.dump.xz
      owner: postgres
      group: postgres
-  - command: unxz /var/tmp/mailman.dump.xz
+  - ansible.builtin.command: unxz /var/tmp/mailman.dump.xz
             creates=/var/tmp/mailman.dump
-  - command: dropdb mailman
+  - ansible.builtin.command: dropdb mailman
-  - command: createdb -O mailmanadmin mailman
+  - ansible.builtin.command: createdb -O mailmanadmin mailman
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
-    command: psql -f /var/tmp/mailman.dump mailman
+    ansible.builtin.command: psql -f /var/tmp/mailman.dump mailman
  # - name: Fix the database
  #  shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman
@ -55,12 +55,12 @@
      dest: /var/tmp/hyperkitty.dump.xz
      owner: postgres
      group: postgres
-  - command: unxz /var/tmp/hyperkitty.dump.xz
+  - ansible.builtin.command: unxz /var/tmp/hyperkitty.dump.xz
             creates=/var/tmp/hyperkitty.dump
-  - command: dropdb hyperkitty
+  - ansible.builtin.command: dropdb hyperkitty
-  - command: createdb -O hyperkittyadmin hyperkitty
+  - ansible.builtin.command: createdb -O hyperkittyadmin hyperkitty
  - name: Import the prod db.  This will take quite a while.  Go get a snack!
-    command: psql -f /var/tmp/hyperkitty.dump hyperkitty
+    ansible.builtin.command: psql -f /var/tmp/hyperkitty.dump hyperkitty
  # - name: Fix the database
  #  shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty
@ -91,4 +91,4 @@
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
  tasks:
-  - command: /srv/webui/bin/prod-to-stg.py
+  - ansible.builtin.command: /srv/webui/bin/prod-to-stg.py
--- a/playbooks/manual/update-firmware.yml
+++ b/playbooks/manual/update-firmware.yml
@ -76,7 +76,7 @@
  # Dell updates here
  - name: Check Dell updates
    check_mode: no
-    command: /root/firmware-upgrades/{{ item.item.1}} -qc
+    ansible.builtin.command: /root/firmware-upgrades/{{ item.item.1}} -qc
    register: check_results
    failed_when: "'System(s) supported by this package' in check_results.stdout"
    changed_when: "'is the same' not in check_results.stdout"
@ -84,7 +84,7 @@
    with_items: "{{is_applied_results.results}}"
  - name: Apply Dell updates
-    command: /root/firmware-upgrades/{{ item.item.item.1}} -q
+    ansible.builtin.command: /root/firmware-upgrades/{{ item.item.item.1}} -q
    register: update_results
    failed_when: "'System(s) supported by this package:' in update_results.stdout"
    changed_when: "'should be restarted' in update_results.stdout or 'completed successfully' in update_results.stdout"
--- a/playbooks/manual/update-packages.yml
+++ b/playbooks/manual/update-packages.yml
@ -25,7 +25,7 @@
    when: testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'
  - name: Dnf clean all (since we can't do it when updating)
-    command: dnf clean all
+    ansible.builtin.command: dnf clean all
    when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora'
  - name: Dnf update {{ package }} from main repo
@ -33,7 +33,7 @@
    when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora'
  - name: Dnf clean all (since we can't do it when updating)
-    command: dnf clean all --enablerepo=infrastructure-tags-stg
+    ansible.builtin.command: dnf clean all --enablerepo=infrastructure-tags-stg
    when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora'
  - name: Dnf update {{ package }} from testing repo
--- a/playbooks/manual/upgrade/bodhi.yml
+++ b/playbooks/manual/upgrade/bodhi.yml
@ -58,7 +58,7 @@
  tasks:
  - name: Find out what the current migration version is
-    command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current
+    ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current
    register: current_migration_version
 - name: Stop the front end if there are migrations to run
@ -82,7 +82,7 @@
      # This will be a bool that indicates whether we need to run migrations or not.
      migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout"
  - name: Scale down to 0 pods
-    command: oc -n bodhi scale dc/bodhi-web --replicas=0
+    ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0
    when: migrations
 - name: Verify the backends, stop them, and then upgrade the db
@ -114,7 +114,7 @@
    - bodhi-celery
  - name: Upgrade the database
-    command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head
+    ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head
    args:
      chdir: /usr/share/bodhi/
@ -145,10 +145,10 @@
  tasks:
  - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml
  - name: Scale up pods
-    command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
+    ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
    when: env != "staging"
  - name: Scale up pods
-    command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
+    ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
    when: env == "staging"
  # Redeploy the build config as it may request a newer version in the Dockerfile
  # Only do it on prod because staging tracks a branch
--- a/playbooks/manual/upgrade/bugzilla2fedmsg.yml
+++ b/playbooks/manual/upgrade/bugzilla2fedmsg.yml
@ -13,7 +13,7 @@
  tasks:
  - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
    check_mode: no
  - name: Update bugzilla2fedmsg packages from main repo
    package: name="python-bugzilla2fedmsg" state=latest
--- a/playbooks/manual/upgrade/datagrepper.yml
+++ b/playbooks/manual/upgrade/datagrepper.yml
@ -13,7 +13,7 @@
  tasks:
  - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
    check_mode: no
  - name: Yum update datagrepper packages from main repo
    package: name="datagrepper" state=latest
--- a/playbooks/manual/upgrade/datanommer.yml
+++ b/playbooks/manual/upgrade/datanommer.yml
@ -33,7 +33,7 @@
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
  tasks:
  - name: Scale down datagrepper to 0 pods
-    command: oc -n datagrepper scale dc/datagrepper --replicas=0
+    ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=0
 - name: Stop datanommer
  hosts:
@ -48,7 +48,7 @@
  - import_tasks: "{{ handlers_path }}/restart_services.yml"
  tasks:
  - name: Scale down datanommer to 0 pods
-    command: oc -n datanommer scale dc/datanommer --replicas=0
+    ansible.builtin.command: oc -n datanommer scale dc/datanommer --replicas=0
 - name: Upgrade the database
  role: openshift/object
@ -57,7 +57,7 @@
  object_objectname: job.yml
 - name: Wait for the db-upgrade completion
-  command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}'
+  ansible.builtin.command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}'
  register: status
  until: status.stdout | int == 1
  retries: 5
@ -81,7 +81,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
  - name: Scale up datanommer pods
-    command: oc -n datanommer scale dc/db-datanommer --replicas=1
+    ansible.builtin.command: oc -n datanommer scale dc/db-datanommer --replicas=1
 - name: Start the datagrepper again
  hosts:
@ -94,7 +94,7 @@
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  tasks:
  - name: Scale up datagrepper pods
-    command: oc -n datagrepper scale dc/datagrepper --replicas=1
+    ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=1
 - name: Restart the last backend piece (badges)
  hosts:
--- a/playbooks/manual/upgrade/fedmsg.yml
+++ b/playbooks/manual/upgrade/fedmsg.yml
@ -35,7 +35,7 @@
  tasks:
  - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
    check_mode: no
  - name: Yum update fedmsg packages from the main repo
    package: name={{item}} state=latest
--- a/playbooks/manual/upgrade/mote.yml
+++ b/playbooks/manual/upgrade/mote.yml
@ -13,7 +13,7 @@
  tasks:
  - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
    check_mode: no
  - name: Update mote packages from main repo
    package: name="mote" state=latest
--- a/playbooks/manual/upgrade/packages.yml
+++ b/playbooks/manual/upgrade/packages.yml
@ -13,7 +13,7 @@
  tasks:
  - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
    check_mode: no
  - name: Update fedora-packages packages from main repo
    package: name="fedora-packages" state=latest
--- a/playbooks/manual/upgrade/pagure.yml
+++ b/playbooks/manual/upgrade/pagure.yml
@ -75,7 +75,7 @@
    when: inventory_hostname.startswith('pagure')
  - name: Upgrade the database
-    command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head
+    ansible.builtin.command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head
    args:
      chdir: /etc/pagure/
    environment:
--- a/playbooks/rkhunter_only.yml
+++ b/playbooks/rkhunter_only.yml
@ -7,10 +7,10 @@
  tasks:
  - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true
  - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success
--- a/playbooks/rkhunter_update.yml
+++ b/playbooks/rkhunter_update.yml
@ -7,18 +7,18 @@
  tasks:
  - name: Expire-caches
-    command: yum clean expire-cache
+    ansible.builtin.command: yum clean expire-cache
  - name: Yum -y {{ yumcommand }}
-    command: yum -y {{ yumcommand }}
+    ansible.builtin.command: yum -y {{ yumcommand }}
    async: 7200
    poll: 15
  - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true
  - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success
--- a/playbooks/universe_update.yml
+++ b/playbooks/universe_update.yml
@ -57,10 +57,10 @@
  tasks:
  - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true
  - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success
--- a/playbooks/update-proxy-dns.yml
+++ b/playbooks/update-proxy-dns.yml
@ -55,7 +55,7 @@
    when: nodns is not defined or not "true" in nodns
  - name: Run update-dns on each nameserver
-    command: /usr/local/bin/update-dns
+    ansible.builtin.command: /usr/local/bin/update-dns
    delegate_to: "{{item}}"
    with_items: "{{groups.dns}}"
    when: nodns is not defined or not "true" in nodns
--- a/playbooks/update_dns.yml
+++ b/playbooks/update_dns.yml
@ -6,4 +6,4 @@
  tasks:
  - name: Push dns changes out
-    command: /usr/local/bin/update-dns
+    ansible.builtin.command: /usr/local/bin/update-dns
--- a/playbooks/update_ticketkey.yml
+++ b/playbooks/update_ticketkey.yml
@ -13,10 +13,10 @@
  tasks:
  - name: create new production ticket key
-    command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod
+    ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod
  - name: create new staging ticket key
-    command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag
+    ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag
 - name: Push out new ticket key
  hosts: proxies:proxies_stg
--- a/playbooks/vhost_halt_guests.yml
+++ b/playbooks/vhost_halt_guests.yml
@ -45,7 +45,7 @@
    delegate_to: noc01.iad2.fedoraproject.org
  - name: Echo-y
-    command: /sbin/halt -p
+    ansible.builtin.command: /sbin/halt -p
    ignore_errors: true
    # if one of them is down we don't care
--- a/playbooks/vhost_poweroff.yml
+++ b/playbooks/vhost_poweroff.yml
@ -41,7 +41,7 @@
  tasks:
  - name: Halt the vm instances - to poweroff
-    command: /sbin/shutdown -h 1
+    ansible.builtin.command: /sbin/shutdown -h 1
    ignore_errors: true
    # if one of them is down we don't care
@ -61,4 +61,4 @@
  tasks:
  - name: Halt the virthost
-    command: /sbin/shutdown -h 1
+    ansible.builtin.command: /sbin/shutdown -h 1
--- a/playbooks/vhost_reboot.yml
+++ b/playbooks/vhost_reboot.yml
@ -105,7 +105,7 @@
    with_items: "{{ newvmlist.list_vms }}"
 #  - name: sync time
-#    command: ntpdate -u 1.rhel.pool.ntp.org
+#    ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org
  - name: tell nagios to unshush
    nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }}
--- a/playbooks/vhost_update.yml
+++ b/playbooks/vhost_update.yml
@ -83,10 +83,10 @@
  tasks:
  - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
    register: rkhunter
    ignore_errors: true
  - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
    when: rkhunter is success
--- a/roles/abrt/faf-post/tasks/repositories.yml
+++ b/roles/abrt/faf-post/tasks/repositories.yml
@ -11,7 +11,7 @@
 - name: Assign repositories to Fedora releases
  loop: "{{ faf_repos }}"
-  command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'"
+  ansible.builtin.command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'"
  become: yes
  become_user: faf
  tags: add_repo
@ -26,14 +26,14 @@
 - name: Remove repositories of EOL Fedora releases
  loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}"
-  command: "faf repodel '{{ item }}'"
+  ansible.builtin.command: "faf repodel '{{ item }}'"
  become: yes
  become_user: faf
  ignore_errors: yes
 - name: Clean up packages from EOL Fedora releases
  loop: "{{ rs_internal_fedora_vers_removed }}"
-  command: "faf cleanup-packages Fedora '{{ item }}'"
+  ansible.builtin.command: "faf cleanup-packages Fedora '{{ item }}'"
  become: yes
  become_user: faf
  ignore_errors: yes
--- a/roles/abrt/faf-pre/tasks/setup_db.yml
+++ b/roles/abrt/faf-pre/tasks/setup_db.yml
@ -1,6 +1,6 @@
 ---
 - name: Ensure PostgreSQL database is initialized.
-  command: "postgresql-setup --initdb --unit postgresql"
+  ansible.builtin.command: "postgresql-setup --initdb --unit postgresql"
  args:
    creates: "/var/lib/pgsql/data/PG_VERSION"
--- a/roles/abrt/faf/tasks/check.yml
+++ b/roles/abrt/faf/tasks/check.yml
@ -3,13 +3,13 @@
 # check backend functionality
 - name: Add dummy Fedora 42 release
-  command: faf releaseadd -o fedora --opsys-release 42
+  ansible.builtin.command: faf releaseadd -o fedora --opsys-release 42
  become: yes
  become_user: faf
  changed_when: false
 - name: Get releases from FAF
-  command: faf releaselist
+  ansible.builtin.command: faf releaselist
  become: yes
  become_user: faf
  register: release_list
@ -17,7 +17,7 @@
  changed_when: false
 - name: Add dummy meta_faf component to Fedora 42 release
-  command: faf compadd -o fedora --opsys-release 42 meta_faf
+  ansible.builtin.command: faf compadd -o fedora --opsys-release 42 meta_faf
  become: yes
  become_user: faf
  changed_when: false
@ -30,7 +30,7 @@
    group: faf
 - name: Faf
-  command: faf {{ item }}
+  ansible.builtin.command: faf {{ item }}
  become: yes
  become_user: faf
  loop:
--- a/roles/abrt/faf/tasks/cleanup.yml
+++ b/roles/abrt/faf/tasks/cleanup.yml
@ -1,6 +1,6 @@
 ---
 - name: Remove EOLed opsys
-  command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL
+  ansible.builtin.command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL
  loop: "{{ eol_opsys }}"
  become: yes
  become_user: faf
@ -8,7 +8,7 @@
  changed_when: false
 - name: Remove EOLed packages
-  command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}"
+  ansible.builtin.command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}"
  loop: "{{ eol_opsys }}"
  become: yes
  become_user: faf
@ -16,7 +16,7 @@
  changed_when: false
 - name: Remove unassigned packages
-  command: faf cleanup-unassigned -f
+  ansible.builtin.command: faf cleanup-unassigned -f
  become: yes
  become_user: faf
  failed_when: false
--- a/roles/abrt/faf/tasks/first_time_setup.yml
+++ b/roles/abrt/faf/tasks/first_time_setup.yml
@ -11,17 +11,17 @@
 # Skip whole block if faf owns atleast 1 table in db
 - block:
  - name: Create faf's database schema
-    command: faf-migrate-db --create-all
+    ansible.builtin.command: faf-migrate-db --create-all
    become: yes
    become_user: faf
  - name: Stamp database as migrated to latest version
-    command: faf-migrate-db --stamp-only
+    ansible.builtin.command: faf-migrate-db --stamp-only
    become: yes
    become_user: faf
  - name: Init faf
-    command: faf init
+    ansible.builtin.command: faf init
    become: yes
    become_user: faf
  when: ( count_tables.stdout_lines[2]|int ) == 0
--- a/roles/abrt/faf/tasks/migrate_db.yml
+++ b/roles/abrt/faf/tasks/migrate_db.yml
@ -1,6 +1,6 @@
 ---
 - name: Run database migrations
-  command: faf-migrate-db
+  ansible.builtin.command: faf-migrate-db
  become: yes
  become_user: faf
  changed_when: false
--- a/roles/abrt/retrace/tasks/podman.yml
+++ b/roles/abrt/retrace/tasks/podman.yml
@ -10,7 +10,7 @@
    state: stopped
 - name: Check if subuid is set for retrace user
-  command: cat /etc/subuid
+  ansible.builtin.command: cat /etc/subuid
  changed_when: false
  register: retrace_subuid
@ -30,12 +30,12 @@
      rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}"
  - name: Set subuid for retrace user.
-    command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}"
+    ansible.builtin.command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}"
  when: '"retrace" not in retrace_subuid.stdout'
 - name: Check if subgid is set for retrace user
-  command: cat /etc/subgid
+  ansible.builtin.command: cat /etc/subgid
  changed_when: false
  register: retrace_subgid
@ -55,7 +55,7 @@
      rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}"
  - name: Set subgid for retrace user
-    command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}"
+    ansible.builtin.command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}"
  when: '"retrace" not in retrace_subgid.stdout'
--- a/roles/abrt/retrace/tasks/usefafpkgs.yml
+++ b/roles/abrt/retrace/tasks/usefafpkgs.yml
@ -1,6 +1,6 @@
 ---
 - name: Check if faf is installed
-  command: rpm -q faf
+  ansible.builtin.command: rpm -q faf
  changed_when: false
 - name: Add user retrace to faf db
--- a/roles/ansible-server/tasks/main.yml
+++ b/roles/ansible-server/tasks/main.yml
@ -30,6 +30,6 @@
  - ansible-server
 - name: Install required collections
-  command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml
+  ansible.builtin.command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml
  tags:
  - ansible-server
--- a/roles/apache/handlers/main.yml
+++ b/roles/apache/handlers/main.yml
@ -1,3 +1,3 @@
 ---
 - name: Restart apache
-  command: /usr/local/bin/conditional-restart.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd
--- a/roles/base/handlers/main.yml
+++ b/roles/base/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: Apply interface-changes
-  command: nmcli con up {{ item.split()[1] }}
+  ansible.builtin.command: nmcli con up {{ item.split()[1] }}
  async: 1
  poll: 0
  with_items:
@ -16,7 +16,7 @@
  service: name=NetworkManager state=restarted
 - name: Reload NetworkManager-connections
-  command: nmcli c reload
+  ansible.builtin.command: nmcli c reload
 - name: Restart postfix
  service: name=postfix state=restarted
--- a/roles/base/tasks/crypto-policies.yml
+++ b/roles/base/tasks/crypto-policies.yml
@ -1,6 +1,6 @@
 ---
 - name: Check current crypto-policy
-  command: "update-crypto-policies --show"
+  ansible.builtin.command: "update-crypto-policies --show"
  register: currentcryptopolicy
  failed_when: "1 != 1"
  changed_when: "1 != 1"
@ -10,7 +10,7 @@
  - base/crypto-policies
 - name: Check if policy is applied
-  command: "update-crypto-policies --is-applied"
+  ansible.builtin.command: "update-crypto-policies --is-applied"
  register: cryptopolicyapplied
  failed_when: "1 != 1"
  changed_when: "1 != 1"
@ -20,7 +20,7 @@
  - base/crypto-policies
 - name: Set crypto-policy on fedora 33 and higher hosts back to default
-  command: "update-crypto-policies --set DEFAULT"
+  ansible.builtin.command: "update-crypto-policies --set DEFAULT"
  when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0) and not inventory_hostname.startswith('ipsilon') "
  check_mode: no
  tags:
@ -28,7 +28,7 @@
  - base/crypto-policies
 - name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1
-  command: "update-crypto-policies --set DEFAULT:SHA1"
+  ansible.builtin.command: "update-crypto-policies --set DEFAULT:SHA1"
  when: "inventory_hostname.startswith('ns') and (currentcryptopolicy.stdout.find('DEFAULT:SHA1') == -1 or cryptopolicyapplied.rc != 0)"
  check_mode: no
  tags:
--- a/roles/base/tasks/keytab.yml
+++ b/roles/base/tasks/keytab.yml
@ -19,7 +19,7 @@
 - name: Create host entry
  delegate_to: "{{ ipa_server }}"
-  command: ipa host-add --force {{inventory_hostname}}
+  ansible.builtin.command: ipa host-add --force {{inventory_hostname}}
  register: host_add_result
  changed_when: "'Added host' in host_add_result.stdout"
  failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
@ -31,7 +31,7 @@
 - name: Create additional host entries
  delegate_to: "{{ ipa_server }}"
-  command: ipa host-add --force {{item}}
+  ansible.builtin.command: ipa host-add --force {{item}}
  with_items: "{{ additional_host_keytabs }}"
  register: hosts_add_result
  changed_when: "'Added host' in hosts_add_result.stdout"
@ -44,7 +44,7 @@
 - name: Generate host keytab
  delegate_to: "{{ ipa_server }}"
-  command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt
+  ansible.builtin.command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt
  register: getkeytab_result
  changed_when: false
  failed_when: "'successfully retrieved' not in getkeytab_result.stderr"
@ -56,7 +56,7 @@
 - name: Add additional host keytabs
  delegate_to: "{{ ipa_server }}"
-  command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt
+  ansible.builtin.command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt
  with_items: "{{ additional_host_keytabs }}"
  register: getkeytabs_result
  changed_when: false
@ -69,7 +69,7 @@
 - name: Destroy kerberos ticket
  delegate_to: "{{ ipa_server }}"
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
  tags:
  - base
  - config
@ -78,7 +78,7 @@
 - name: Get keytab
  delegate_to: "{{ ipa_server }}"
-  command: base64 /tmp/{{inventory_hostname}}.kt
+  ansible.builtin.command: base64 /tmp/{{inventory_hostname}}.kt
  register: keytab
  tags:
  - base
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -372,7 +372,7 @@
  - rsyslog-audit
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp
+  ansible.builtin.command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp
  when: selinux_module is changed and ansible_distribution_major_version|int > 6
  tags:
  - rsyslogd
@ -398,7 +398,7 @@
  - selinux
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/mapchkpwd.pp
+  ansible.builtin.command: semodule -i /usr/local/share/mapchkpwd.pp
  when: selinux_module is changed
  tags:
  - selinux
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@ -60,7 +60,7 @@
  - base
 - name: Allow alternate sshd port
-  command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
+  ansible.builtin.command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
  when: sshd_port in sshd_selinux_port
  failed_when: false
  tags:
--- a/roles/batcave/tasks/main.yml
+++ b/roles/batcave/tasks/main.yml
@ -425,7 +425,7 @@
 #
 - name: Check the selinux context of webdir
-  command: matchpathcon /srv/web
+  ansible.builtin.command: matchpathcon /srv/web
  register: webdir
  check_mode: no
  changed_when: "1 != 1"
@ -437,7 +437,7 @@
  - httpd/website
 - name: /srv/web file contexts
-  command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
  when: webdir.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
@ -451,7 +451,7 @@
 #
 - name: Check the selinux context of ansible
-  command: matchpathcon /srv/git/ansible.git
+  ansible.builtin.command: matchpathcon /srv/git/ansible.git
  register: webdir
  check_mode: no
  changed_when: "1 != 1"
@ -463,7 +463,7 @@
  - httpd/website
 - name: /srv/git/ansible file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/ansible.git(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/ansible.git(/.*)?"
  when: webdir.stdout.find('git_content_t') == -1
  tags:
  - config
@ -473,7 +473,7 @@
  - httpd/website
 - name: Check the selinux context of badges
-  command: matchpathcon /srv/git/badges
+  ansible.builtin.command: matchpathcon /srv/git/badges
  register: webdir
  check_mode: no
  changed_when: "1 != 1"
@ -485,7 +485,7 @@
  - httpd/website
 - name: /srv/git/badges file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/badges(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/badges(/.*)?"
  when: webdir.stdout.find('git_content_t') == -1
  tags:
  - config
@ -495,7 +495,7 @@
  - httpd/website
 - name: Check the selinux context of dns
-  command: matchpathcon /srv/git/dns
+  ansible.builtin.command: matchpathcon /srv/git/dns
  register: webdir
  check_mode: no
  changed_when: "1 != 1"
@ -507,7 +507,7 @@
  - httpd/website
 - name: /srv/git/dns file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/dns(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/dns(/.*)?"
  when: webdir.stdout.find('git_content_t') == -1
  tags:
  - config
@ -517,7 +517,7 @@
  - httpd/website
 - name: Check the selinux context of infra-docs
-  command: matchpathcon /srv/git/infra-docs
+  ansible.builtin.command: matchpathcon /srv/git/infra-docs
  register: webdir
  check_mode: no
  changed_when: "1 != 1"
@ -529,7 +529,7 @@
  - httpd/website
 - name: /srv/git/infra-docs file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/infra-docs(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/infra-docs(/.*)?"
  when: webdir.stdout.find('git_content_t') == -1
  tags:
  - config
@ -584,7 +584,7 @@
  - tmux
 - name: Let the /var/tmux folder be writable to fi-apprentice as well
-  command: setfacl -R -m d:g:fi-apprentice:rwx -m g:fi-apprentice:rwx /var/tmux
+  ansible.builtin.command: setfacl -R -m d:g:fi-apprentice:rwx -m g:fi-apprentice:rwx /var/tmux
  tags:
  - batcave
  - tmux
@ -599,7 +599,7 @@
  - openshiftboot
 - name: Let the openshift dir be writeable by sysadmin-openshift
-  command: setfacl -R -m d:g:sysadmin-openshift:rwx -m g:sysadmin-openshift:rwx /srv/web/infra/bigfiles/{{item}}
+  ansible.builtin.command: setfacl -R -m d:g:sysadmin-openshift:rwx -m g:sysadmin-openshift:rwx /srv/web/infra/bigfiles/{{item}}
  with_items:
  - openshiftboot
  - tftpboot/rhcos
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@ -125,7 +125,7 @@
  - cron
 - name: Determine Python version
-  command:
+  ansible.builtin.command:
    argv:
      - python3
      - -c
@ -376,7 +376,7 @@
  - bodhi
 - name: Let the ftpsync user also read the fedora-messaging key
-  command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem
+  ansible.builtin.command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem
  tags:
  - config
  - bodhi
--- a/roles/cgit/make_pkgs_list/tasks/main.yml
+++ b/roles/cgit/make_pkgs_list/tasks/main.yml
@ -50,7 +50,7 @@
  tags: cgit
 - name: Check the selinux context of the repo list
-  command: matchpathcon /srv/git/pkgs-git-repos-list
+  ansible.builtin.command: matchpathcon /srv/git/pkgs-git-repos-list
  register: gitlistcontext
  check_mode: no
  changed_when: false
@ -60,7 +60,7 @@
  - selinux
 - name: Set the SELinux policy for the repo list
-  command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list"
  when: gitlistcontext.stdout.find('git_content_t') == -1
  tags:
  - config
--- a/roles/check-compose/handlers/main.yml
+++ b/roles/check-compose/handlers/main.yml
@ -1,6 +1,6 @@
 # Restart handler for our fedora-messaging consumer
 ---
 - name: Conditionally restart check-compose consumer service
-  command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose
  listen:
  - restart check-compose
--- a/roles/check-compose/tasks/main.yml
+++ b/roles/check-compose/tasks/main.yml
@ -124,14 +124,14 @@
  register: gitcc
 - name: Check if check-compose is installed for current Python
-  command: "pip show check_compose"
+  ansible.builtin.command: "pip show check_compose"
  register: instcc
  changed_when: "1 != 1"
  failed_when: "1 != 1"
  check_mode: no
 - name: Install check-compose
-  command: "python3 -m pip install --no-deps /root/check-compose"
+  ansible.builtin.command: "python3 -m pip install --no-deps /root/check-compose"
  when: "gitcc is changed or instcc.rc != 0"
  notify:
  - restart check-compose
--- a/roles/collectd/base/tasks/main.yml
+++ b/roles/collectd/base/tasks/main.yml
@ -152,7 +152,7 @@
  - selinux
 - name: Install our general collectd selinux module
-  command: semodule -i /usr/share/collectd/fi-collectd.pp
+  ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd.pp
  when: ficgeneral_module is changed or ficgeneral_installed_version != ficgeneral_local_version
  tags:
  - collectd
@ -175,7 +175,7 @@
  - selinux
 - name: Install our pstorefs/collectd selinux module
-  command: semodule -i /usr/share/collectd/fi-pstorefs.pp
+  ansible.builtin.command: semodule -i /usr/share/collectd/fi-pstorefs.pp
  when: (ficpstorefs_module is changed or ficpstorefs_grep is changed)
  tags:
  - collectd
--- a/roles/collectd/fcomm-queue/tasks/main.yml
+++ b/roles/collectd/fcomm-queue/tasks/main.yml
@ -46,7 +46,7 @@
  - selinux
 - name: Install our fcomm collectd selinux module
-  command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp
+  ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp
  when: ficfcomm_module is changed or ficfcomm_grep is changed
  tags:
  - collectd
--- a/roles/copr/backend/files/provision/provision_builder_tasks.yml
+++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml
@ -83,7 +83,7 @@
 # https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
 - name: fallback to the legacy crypto policies
-  command: update-crypto-policies --set DEFAULT:SHA1
+  ansible.builtin.command: update-crypto-policies --set DEFAULT:SHA1
  when:
    - preparing_image
--- a/roles/copr/backend/handlers/main.yml
+++ b/roles/copr/backend/handlers/main.yml
@ -7,7 +7,7 @@
  when: not services_disabled
 - name: systemctl daemon-reload
-  command: /usr/bin/systemctl daemon-reload
+  ansible.builtin.command: /usr/bin/systemctl daemon-reload
 - name: restart lighttpd
  action: service name=lighttpd state=restarted
--- a/roles/copr/backend/tasks/install_cloud_cert.yml
+++ b/roles/copr/backend/tasks/install_cloud_cert.yml
@ -4,5 +4,5 @@
  register: cloud_pem_copied
 - name: Update certificates
-  command: /usr/bin/update-ca-trust
+  ansible.builtin.command: /usr/bin/update-ca-trust
  when: cloud_pem_copied.changed
--- a/roles/copr/backend/tasks/main.yml
+++ b/roles/copr/backend/tasks/main.yml
@ -70,7 +70,7 @@
    - provision_config
 - name: Check known_hosts file
-  command: stat /home/copr/.ssh/known_hosts
+  ansible.builtin.command: stat /home/copr/.ssh/known_hosts
  register: hostsstat
  check_mode: no
  changed_when: "1 != 1"
@ -155,7 +155,7 @@
  tags: logrotate
 - name: Fix selinux context on helper scripts
-  command: restorecon -irv /usr/local/bin/copr-lighty*
+  ansible.builtin.command: restorecon -irv /usr/local/bin/copr-lighty*
  when: logrotate_scripts.changed
  tags: logrotate
@ -277,13 +277,13 @@
  shell: "chown -R copr:copr /var/lib/copr/public_html"
  when: '"copr" not in copr_results_dir_st.stat.pw_name'
- command: "ls -dZ /var/lib/copr/public_html/"
+- ansible.builtin.command: "ls -dZ /var/lib/copr/public_html/"
  register: public_html_ls
  check_mode: no
  changed_when: false
 - name: Update selinux context for results if root folder does not have proper type
-  command: "restorecon -vvRF /var/lib/copr/public_html/"
+  ansible.builtin.command: "restorecon -vvRF /var/lib/copr/public_html/"
  when: "public_html_ls is defined and 'copr_data_t' not in  public_html_ls.stdout"
 # - name: Install cert to access fed-cloud09
@ -364,7 +364,7 @@
  register: selinux_module
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/copr/copr_rules.pp
+  ansible.builtin.command: semodule -i /usr/local/share/copr/copr_rules.pp
  when: selinux_module is changed
 - name: Setup AWS access
--- a/roles/copr/base/tasks/main.yml
+++ b/roles/copr/base/tasks/main.yml
@ -94,7 +94,7 @@
 #   check_mode: no
 #
 # - name: Disable offloading
-#   command: ethtool -K ens5 tso off gro off gso off
+#   ansible.builtin.command: ethtool -K ens5 tso off gro off gso off
 #   when:
 #     - offloading.rc == 0
 #     - ansible_distribution == 'Fedora'
--- a/roles/copr/dist_git/tasks/main.yml
+++ b/roles/copr/dist_git/tasks/main.yml
@ -123,13 +123,13 @@
  - selinux
 - name: Install our custom selinux policy for cgit
-  command: semodule -i /usr/local/share/selinux/git_script_t.pp
+  ansible.builtin.command: semodule -i /usr/local/share/selinux/git_script_t.pp
  when: cgit_selinux_module is changed
  tags:
  - selinux
 - name: Create CGIT config file if it does not exist (takes almost an hour)
-  command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc
+  ansible.builtin.command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc
 - name: Ensure that .config directory exists
  ansible.builtin.file: path=/home/copr-dist-git/.config state=directory
--- a/roles/copr/frontend/tasks/main.yml
+++ b/roles/copr/frontend/tasks/main.yml
@ -2,12 +2,12 @@
 - import_tasks: "mount_fs.yml"
 - name: Register security context for pgsql directory
-  command: "ls -dZ /var/lib/pgsql"
+  ansible.builtin.command: "ls -dZ /var/lib/pgsql"
  register: pgsql_ls
  changed_when: false  # `ls' command is not changing anything
 - name: Update selinux context for postgress db dir if it's wrong
-  command: "restorecon -vvRF /var/lib/pgsql"
+  ansible.builtin.command: "restorecon -vvRF /var/lib/pgsql"
  when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in  pgsql_ls.stdout
 - name: Install weekly custom copr-frontend-crontab
@ -103,7 +103,7 @@
 - import_tasks: "psql_setup.yml"
 - name: Upgrade db to head
-  command: alembic-3 upgrade head
+  ansible.builtin.command: alembic-3 upgrade head
  become: yes
  become_user: copr-fe
  args:
@ -112,7 +112,7 @@
  changed_when: alembic_result.stdout is search("Running upgrade")
 - name: Apply the config comments
-  command: copr-frontend chroots-template
+  ansible.builtin.command: copr-frontend chroots-template
  become: yes
  become_user: copr-fe
  args:
@ -160,7 +160,7 @@
 - name: Register whether indexes rebuild is required
-  command: copr-frontend update_indexes_required
+  ansible.builtin.command: copr-frontend update_indexes_required
  become: yes
  become_user: copr-fe
  register: update_indexes_required_result
@ -168,7 +168,7 @@
  failed_when: false
 - name: Rebuild indexes
-  command: ./manage.py update_indexes
+  ansible.builtin.command: ./manage.py update_indexes
  become: yes
  become_user: copr-fe
  args:
--- a/roles/copr/keygen/tasks/main.yml
+++ b/roles/copr/keygen/tasks/main.yml
@ -52,7 +52,7 @@
  register: selinux_module
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/copr/copr_rules.pp
+  ansible.builtin.command: semodule -i /usr/local/share/copr/copr_rules.pp
  when: selinux_module is changed
 - selinux: policy=targeted state=enforcing
--- a/roles/distgit/pagure/tasks/main.yml
+++ b/roles/distgit/pagure/tasks/main.yml
@ -80,7 +80,7 @@
  - pagure
 - name: Create the "git" user
-  command: useradd --create-home --home-dir=/srv/git/  git
+  ansible.builtin.command: useradd --create-home --home-dir=/srv/git/  git
           creates=/srv/git/
  when: env == 'staging'
  tags:
@ -154,7 +154,7 @@
  - restart apache
 - name: Create the database scheme
-  command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
+  ansible.builtin.command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
  changed_when: "1 != 1"
  environment:
    PAGURE_CONFIG: /etc/pagure/pagure.cfg
@ -227,13 +227,13 @@
 - name: Manually fix current default ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
-  command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
+  ansible.builtin.command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
  tags:
  - pagure
 - name: Manually fix current ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
-  command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
+  ansible.builtin.command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
  tags:
  - pagure
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@ -268,7 +268,7 @@
  - selinux
 - name: Check the selinux context of the Lookaside Cache root directory
-  command: matchpathcon /srv/cache
+  ansible.builtin.command: matchpathcon /srv/cache
  register: lcachecontext
  check_mode: no
  changed_when: false
@ -279,7 +279,7 @@
  - distgit
 - name: Set the SELinux policy for the Lookaside Cache root directory
-  command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?"
  when: lcachecontext.stdout.find('nfs_t') == -1 and env != "staging"
  tags:
  - config
@ -319,7 +319,7 @@
  tags: selinux
 - name: Install our custom selinux policy
-  command: semodule -i /usr/local/share/selinux/upload_cgi.pp
+  ansible.builtin.command: semodule -i /usr/local/share/selinux/upload_cgi.pp
  when: selinux_module is changed
  tags: selinux
@ -329,7 +329,7 @@
  tags: selinux
 - name: Install our custom nfs selinux policy
-  command: semodule -i /usr/local/share/selinux/cgi-nfs.pp
+  ansible.builtin.command: semodule -i /usr/local/share/selinux/cgi-nfs.pp
  when: nfs_selinux_module is changed
  tags: selinux
@ -365,7 +365,7 @@
  - pkgs
 - name: Run initial grokmirror run
-  command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz
+  ansible.builtin.command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz
  when: env != "staging"
  tags:
  - grokmirror
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@ -50,7 +50,7 @@
  - dns
 # - name: Create GeoIP acl
-#  command: /var/named/GeoIP.sh
+#  ansible.builtin.command: /var/named/GeoIP.sh
 #  changed_when: "1 != 1"
 #  notify:
 #  - restart named
@ -82,7 +82,7 @@
  - dns
 - name: Update dns
-  command: /usr/local/bin/update-dns
+  ansible.builtin.command: /usr/local/bin/update-dns
  changed_when: "1 != 1"
  notify:
  - restart named
@ -96,14 +96,14 @@
  - dns
 - name: Check configuration
-  command: named-checkconf -zj
+  ansible.builtin.command: named-checkconf -zj
  changed_when: false
  tags:
  - config
  - dns
 - name: Check semanage ports
-  command: semanage port -l
+  ansible.builtin.command: semanage port -l
  register: semanageoutput
  check_mode: no
  changed_when: "1 != 1"
@ -111,7 +111,7 @@
  - dns
 - name: Set ports so bind statistics-channel can bind to 8053
-  command: semanage port -a -t dns_port_t -p tcp 8053
+  ansible.builtin.command: semanage port -a -t dns_port_t -p tcp 8053
  when: semanageoutput.stdout.find("8053") == -1
  notify:
  - restart named
--- a/roles/download/tasks/main.yml
+++ b/roles/download/tasks/main.yml
@ -18,7 +18,7 @@
  seboolean: name=httpd_use_nfs state=yes persistent=yes
 - name: Check the selinux context rsyncd log
-  command: matchpathcon /var/log/rsyncd-fedora.log
+  ansible.builtin.command: matchpathcon /var/log/rsyncd-fedora.log
  register: rsyncdlog
  check_mode: no
  changed_when: "1 != 1"
@ -27,7 +27,7 @@
  - selinux
 - name: /var/log/rsyncd-fedora.log file context
-  command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log
+  ansible.builtin.command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log
  when: rsyncdlog.stdout.find('rsync_log_t') == -1
  tags:
  - config
@ -40,7 +40,7 @@
  ansible.builtin.copy: src=logrotate-rsync-fedora dest=/etc/logrotate.d/rsync-fedora
 - name: Check the selinux context pubdir
-  command: matchpathcon /srv/pub
+  ansible.builtin.command: matchpathcon /srv/pub
  register: pubdir
  check_mode: no
  changed_when: "1 != 1"
@ -49,7 +49,7 @@
  - selinux
 - name: /srv/pub file contexts
-  command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?"
  when: pubdir.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
--- a/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml
+++ b/roles/fas2discourse/tasks/create-discourse-apikey-secret.yml
@ -8,4 +8,4 @@
 # apply created openshift resources
 - name: Oc apply resources
-  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml"
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml"
--- a/roles/fas2discourse/tasks/create-keytab-secret.yml
+++ b/roles/fas2discourse/tasks/create-keytab-secret.yml
@ -21,4 +21,4 @@
 # apply created openshift resources
 - name: Oc apply resources
-  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml"
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml"
--- a/roles/fas2discourse/tasks/create-operator-namespace.yml
+++ b/roles/fas2discourse/tasks/create-operator-namespace.yml
@ -8,4 +8,4 @@
 # apply created openshift resources
 - name: Oc apply resources
-  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml"
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml"
--- a/roles/fedmsg/base/tasks/main.yml
+++ b/roles/fedmsg/base/tasks/main.yml
@ -265,7 +265,7 @@
  - fedmsg/base
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
+  ansible.builtin.command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
  when: selinux_module is changed
  tags:
  - fedmsg/base
@ -273,7 +273,7 @@
 # Also, label the ports that we commonly use for fedmsg under mod_wsgi
 # to be http_port_t so selinux lets apache bind there.
 - name: Check semanage ports
-  command: semanage port -l
+  ansible.builtin.command: semanage port -l
  register: semanageoutput
  check_mode: no
  changed_when: "1 != 1"
@ -281,7 +281,7 @@
  - fedmsg/base
 - name: Set ports so httpd can bind to fedmsg endpoints
-  command: semanage port -a -t http_port_t -p tcp 3000-3100
+  ansible.builtin.command: semanage port -a -t http_port_t -p tcp 3000-3100
  when: semanageoutput.stdout.find("3000-3100") == -1
  tags:
  - fedmsg/base
--- a/roles/fedora_nightlies/handlers/main.yml
+++ b/roles/fedora_nightlies/handlers/main.yml
@ -1,6 +1,6 @@
 # Restart handler for our fedora-messaging consumers
 ---
 - name: Conditionally restart fedora_nightlies consumer service
-  command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_nightlies
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_nightlies
  listen:
  - restart fedora_nightlies
--- a/roles/fedora_nightlies/tasks/main.yml
+++ b/roles/fedora_nightlies/tasks/main.yml
@ -91,14 +91,14 @@
  register: gitfn
 - name: Check if fedora_nightlies is installed for current Python
-  command: "pip show fedora_nightlies"
+  ansible.builtin.command: "pip show fedora_nightlies"
  register: instfn
  changed_when: "1 != 1"
  failed_when: "1 != 1"
  check_mode: no
 - name: Install fedora_nightlies
-  command: "python3 -m pip install --no-deps /root/fedora_nightlies"
+  ansible.builtin.command: "python3 -m pip install --no-deps /root/fedora_nightlies"
  when: "gitfn is changed or instfn.rc != 0"
  notify:
  - restart fedora_nightlies
--- a/roles/freemedia/tasks/main.yml
+++ b/roles/freemedia/tasks/main.yml
@ -69,7 +69,7 @@
  - config
 - name: Check the selinux context freemedia
-  command: matchpathcon /srv/web/freemedia
+  ansible.builtin.command: matchpathcon /srv/web/freemedia
  register: freemediacontext
  check_mode: no
  changed_when: "1 != 1"
@ -79,7 +79,7 @@
  - selinux
 - name: /srv/web/freemedia file contexts
-  command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/freemedia(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/freemedia(/.*)?"
  when: freemediacontext.stdout.find('httpd_sys_content_t') == -1
  tags:
  - config
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@ -101,7 +101,7 @@
  - selinux
 - name: Install our general haproxy selinux module
-  command: semodule -i /usr/share/haproxy/fi-haproxy.pp
+  ansible.builtin.command: semodule -i /usr/share/haproxy/fi-haproxy.pp
  when: fi_haproxy_module is changed or fi_haproxy_grep is changed
  tags:
  - haproxy
@ -109,7 +109,7 @@
 - name: Check haproxy cfg to make sure it is valid
-  command: haproxy -c -f /etc/haproxy/haproxy.cfg
+  ansible.builtin.command: haproxy -c -f /etc/haproxy/haproxy.cfg
  check_mode: no
  register: haproxyconfigcheck
  changed_when: haproxyconfigcheck.rc != 0
--- a/roles/ipa/client/handlers/main.yml
+++ b/roles/ipa/client/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: Clean sss caches
-  command: sss_cache -E
+  ansible.builtin.command: sss_cache -E
 - name: Restart sssd
  shell: systemctl restart sssd
--- a/roles/ipa/client/tasks/common.yml
+++ b/roles/ipa/client/tasks/common.yml
@ -8,7 +8,7 @@
 - name: Check that sysadmin-main and referenced groups exist on IPA server(s)
  delegate_to: "{{ item[0] }}"
-  command: "getent group {{ item[1] }}"
+  ansible.builtin.command: "getent group {{ item[1] }}"
  changed_when: false
  loop: >-
    {{
--- a/roles/ipa/client/tasks/main.yml
+++ b/roles/ipa/client/tasks/main.yml
@ -15,7 +15,7 @@
    - vpn-client-enablement
 - name: Enroll system as IPA client
-  command:
+  ansible.builtin.command:
    cmd: ipa-client-install
         {% if (vpn | default(false)) %}{% for node in ipa_server_nodes | default([]) %}
         --server={{ node }}
--- a/roles/ipa/server/handlers/main.yml
+++ b/roles/ipa/server/handlers/main.yml
@ -1,3 +1,3 @@
 ---
 - name: restart ipa
-  command: ipactl restart
+  ansible.builtin.command: ipactl restart
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@ -260,7 +260,7 @@
 # can't choose to let other users see their info or not.
 #
 # - name: Disable default permissions so we don't break our privacy policy
-#   command:
+#   ansible.builtin.command:
 #     argv:
 #       - ipa
 #       - permission-mod
@ -275,7 +275,7 @@
 #
 # # Because of the previous task, we must explicitely allow users to read their own data
 # - name: Allow users to read their own data
-#   command:
+#   ansible.builtin.command:
 #     argv:
 #       - ipa
 #       - selfservice-add
--- a/roles/ipa/servicedelegationrule/tasks/main.yml
+++ b/roles/ipa/servicedelegationrule/tasks/main.yml
@ -11,7 +11,7 @@
 - name: Create servicedelegationrule entry
  delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationrule-add {{rulename}}-delegation
+  ansible.builtin.command: ipa servicedelegationrule-add {{rulename}}-delegation
  register: add_result
  check_mode: no
  changed_when: "'Added service delegation rule' in add_result.stdout"
@ -22,7 +22,7 @@
 - name: Add servicedelegationrule members
  delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationrule-add-member {{rulename}}-delegation --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
+  ansible.builtin.command: ipa servicedelegationrule-add-member {{rulename}}-delegation --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
  loop: "{{ members }}"
  register: add_member_result
  check_mode: no
@ -34,7 +34,7 @@
 - name: Add servicedelegationrule targets
  delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationrule-add-target {{rulename}}-delegation --servicedelegationtargets={{item}}-delegation-targets
+  ansible.builtin.command: ipa servicedelegationrule-add-target {{rulename}}-delegation --servicedelegationtargets={{item}}-delegation-targets
  loop: "{{ targets }}"
  register: add_target_result
  check_mode: no
@ -46,7 +46,7 @@
 - name: Destroy admin ticket
  delegate_to: "{{ ipa_server }}"
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
  tags:
  - config
  - krb5
--- a/roles/ipa/servicedelegationtarget/tasks/main.yml
+++ b/roles/ipa/servicedelegationtarget/tasks/main.yml
@ -11,7 +11,7 @@
 - name: Create servicedelegationtarget entry
  delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets
+  ansible.builtin.command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets
  register: add_result
  check_mode: no
  changed_when: "'Added service delegation target' in add_result.stdout"
@ -22,7 +22,7 @@
 - name: Add servicedelegationtarget members
  delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
+  ansible.builtin.command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
  loop: "{{ members }}"
  register: add_member_result
  check_mode: no
@ -34,7 +34,7 @@
 - name: Destroy admin ticket
  delegate_to: "{{ ipa_server }}"
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
  tags:
  - config
  - krb5
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@ -41,7 +41,7 @@
  - ipsilon
 - name: Install Fedora-specific code if it changed
-  command:
+  ansible.builtin.command:
    cmd: ./install.sh
    chdir: /opt/ipsilon-fedora
  when: git_update is changed
@ -51,7 +51,7 @@
  - ipsilon
 - name: Install Fedora-specific code on initial run
-  command:
+  ansible.builtin.command:
    cmd: ./install.sh
    chdir: /opt/ipsilon-fedora
    creates: "{{ ansible_facts['python3']['sitelib'] }}/ipsilon/providers/openidc/plugins/account-scopes.py"
@ -70,7 +70,7 @@
  - ipsilon
 - name: Install ipsilon
-  command:
+  ansible.builtin.command:
    cmd: ipsilon-server-install
         --root-instance
         --admin-user=admin
@ -85,7 +85,7 @@
  - ipsilon
 - name: Destroy admin ticket
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
  tags:
  - ipsilon
@ -209,7 +209,7 @@
 - name: Generate the saml2 metadata
  become_user: ipsilon
  become: yes
-  command:
+  ansible.builtin.command:
    cmd: /usr/local/bin/prepare-saml2-metadata
    creates: /etc/ipsilon/root/saml2/metadata.xml
  tags:
--- a/roles/iscsi_client/tasks/main.yml
+++ b/roles/iscsi_client/tasks/main.yml
@ -54,24 +54,24 @@
  - config
 - name: Set up iscsi interface for EL8
-  command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new
+  ansible.builtin.command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new
  when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2'
  tags:
  - config
 - name: Run iscsiadm command for initial connect to PHX2 vtap-fedora-iscsi01
-  command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login
+  ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login
  tags:
  - config
 - name: Run iscsiadm command for initial connect to IAD2 vtap-fedora-iscsi01
-  command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login
+  ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login
  when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2'
  tags:
  - config
 # - name: Run iscsiadm command for initial connect to vtap-fedora-nfs01
-#  command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login
+#  ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login
 #  tags:
 #  - config
 #  when: inventory_hostname_short == "buildvmhost-10"
--- a/Show more
+++ b/Show more