ansiblelint fixes-- fqcn[action-core] - command to ansible.builtin.command

Replaces many references to  command: with ansible.builtin.command

Signed-off-by: Ryan Lerch <rlerch@redhat.com>

handlers/restart_services.yml

@@ -3,10 +3,10 @@
 #
 ---
 - name: reload systemd
-  command: systemctl daemon-reload
+  ansible.builtin.command: systemctl daemon-reload
 
 - name: restart apache
-  command: /usr/local/bin/conditional-restart.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd
 
 - name: reload apache
   action: service name=httpd state=reloaded
@@ -18,31 +18,31 @@
   action: service name=crond state=restarted
 
 - name: restart fedmsg-gateway
-  command: /usr/local/bin/conditional-restart.sh fedmsg-gateway
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-gateway
 
 - name: restart fedmsg-hub
-  command: /usr/local/bin/conditional-restart.sh {{ item }}
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh {{ item }}
   with_items:
   - fedmsg-hub
   - fedmsg-hub-3
 
 - name: restart fedmsg-hub-3
-  command: /usr/local/bin/conditional-restart.sh {{ item }}
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh {{ item }}
   with_items:
   - fedmsg-hub
   - fedmsg-hub-3
 
 - name: restart fedmsg-irc
-  command: /usr/local/bin/conditional-restart.sh fedmsg-irc
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-irc
 
 - name: restart fedmsg-relay
-  command: /usr/local/bin/conditional-restart.sh fedmsg-relay
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fedmsg-relay
 
 - name: restart fm-consumer@koji_sync_listener
   action: service name=fm-consumer@koji_sync_listener state=restarted enabled=yes
 
 - name: reload httpd
-  command: /usr/local/bin/conditional-reload.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/conditional-reload.sh httpd httpd
 
 - name: restart iptables
   action: service name=iptables state=restarted
@@ -98,22 +98,22 @@
   action: service name=network state=restarted
 
 - name: rebuild postfix transport
-  command: /usr/sbin/postmap /etc/postfix/transport
+  ansible.builtin.command: /usr/sbin/postmap /etc/postfix/transport
 
 - name: rebuild postfix bysender
-  command: /usr/sbin/postmap /etc/postfix/bysender
+  ansible.builtin.command: /usr/sbin/postmap /etc/postfix/bysender
 
 - name: rebuild postfix tls_policy
-  command: /usr/sbin/postmap /etc/postfix/tls_policy
+  ansible.builtin.command: /usr/sbin/postmap /etc/postfix/tls_policy
 
 - name: restart postfix
   service: name=postfix state=restarted
 
 - name: reload proxyhttpd
-  command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/proxy-conditional-reload.sh httpd httpd
 
 - name: run rkhunter
-  command: rkhunter --propupd
+  ansible.builtin.command: rkhunter --propupd
 
 - name: restart moksha-hub
   service: name=moksha-hub state=restarted
@@ -139,7 +139,7 @@
   service: name=pagure_ev state=restarted
 
 - name: "update ca-trust"
-  command: /usr/bin/update-ca-trust
+  ansible.builtin.command: /usr/bin/update-ca-trust
 
 - name: restart stunnel
   service: name=stunnel state=restarted
@@ -151,20 +151,20 @@
   service: name=NetworkManager state=restarted
 
 - name: reload NetworkManager-connections
-  command: nmcli c reload
+  ansible.builtin.command: nmcli c reload
 
 - name: restart basset-worker
   service: name=basset-worker state=restarted
 
 - name: apply interface-changes
-  command: nmcli con up {{ item.split()[1] }}
+  ansible.builtin.command: nmcli con up {{ item.split()[1] }}
   async: 1
   poll: 0
   loop: "{{ if_uuid.stdout_lines|flatten(levels=1) }}"
   when: item.split()[1] not in ansible_ifcfg_disabled
 
 - name: flush journald tmpfiles to persistent store
-  command: pkill -f -USR1 systemd-journald
+  ansible.builtin.command: pkill -f -USR1 systemd-journald
 
 - name: restart idmapd
   service: name=nfs-idmapd state=restarted

playbooks/check-for-updates.yml

@@ -33,7 +33,7 @@
 #
 
   - name: Make dnf recheck for new metadata from repos
-    command: dnf clean expire-cache
+    ansible.builtin.command: dnf clean expire-cache
 
   - name: Check for updates (dnf)
     dnf: list=updates

playbooks/check-host.yml

@@ -144,7 +144,7 @@
       - fileverify
 
   - name: Get locally changed files (excluding config files)
-    command: "egrep -v '  c /' {{ localchanges.stdout }}"
+    ansible.builtin.command: "egrep -v '  c /' {{ localchanges.stdout }}"
     register: rpm_va_nc
     changed_when: false
     when: localchanges is defined and localchanges.stdout != ""
@@ -161,7 +161,7 @@
       - fileverify
 
   - name: 'Whitelist - Get locally changed files (config files)'
-    command: "egrep '  c /' {{ localchanges.stdout }}"
+    ansible.builtin.command: "egrep '  c /' {{ localchanges.stdout }}"
     register: rpm_va_c
     when: localchanges is defined and localchanges.stdout != ""
     changed_when: false

playbooks/clear_memcached.yml

@@ -5,4 +5,4 @@
 
   tasks:
   - name: Clear memcache
-    command: echo flush_all | nc localhost 11211
+    ansible.builtin.command: echo flush_all | nc localhost 11211

playbooks/clear_varnish.yml

@@ -6,4 +6,4 @@
 
   tasks:
   - name: Clear varnish
-    command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == .
+    ansible.builtin.command: varnishadm -S /etc/varnish/secret -T 127.0.0.1:6082 ban req.url == .

playbooks/death_to_postfix.yml

@@ -13,10 +13,10 @@
 
     # This doesn't really remove the pid file.. but we say it does so ansible only runs it if the pid file is there..
     - name: Really kill postfix master process
-      command: pkill -u root master removes=/var/spool/postfix/pid/master.pid
+      ansible.builtin.command: pkill -u root master removes=/var/spool/postfix/pid/master.pid
 
     - name: Clean up old pid lock file.
-      command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid
+      ansible.builtin.command: rm /var/spool/postfix/pid/master.pid removes=/var/spool/postfix/pid/master.pid
 
     - name: Try to start postfix cleanly
       service: name=postfix state=started

playbooks/destroy_virt_inst.yml

@@ -42,5 +42,5 @@
     delegate_to: "{{ vmhost }}"
 
   - name: Destroy the lv
-    command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}}
+    ansible.builtin.command: /sbin/lvremove -f {{volgroup}}/{{inventory_hostname}}
     delegate_to: "{{ vmhost }}"

playbooks/groups/proxies.yml

@@ -153,5 +153,5 @@
     ignore_errors: true
 
   - name: make sure selinux contexts are right on srv
-    command: restorecon -R /srv
+    ansible.builtin.command: restorecon -R /srv
     changed_when: false

playbooks/host_reboot.yml

@@ -14,13 +14,13 @@
     ignore_errors: true
 
   - name: Reboot the host
-    command: /sbin/shutdown -r 1
+    ansible.builtin.command: /sbin/shutdown -r 1
 
   - name: Wait for host to come back - up to 15 minutes
     local_action: wait_for host={{ target }} port=22 delay=120 timeout=900 search_regex=OpenSSH
 
 #  - name: Sync time
-#    command: ntpdate -u 1.rhel.pool.ntp.org
+#    ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org
 
   - name: Tell nagios to unshush
     nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }}

playbooks/host_update.yml

@@ -11,10 +11,10 @@
 
   tasks:
   - name: Expire-caches
-    command: yum clean expire-cache
+    ansible.builtin.command: yum clean expire-cache
 
   - name: Yum -y {{ yumcommand }}
-    command: yum -y {{ yumcommand }}
+    ansible.builtin.command: yum -y {{ yumcommand }}
     async: 7200
     poll: 30
 
@@ -24,10 +24,10 @@
 
   tasks:
   - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
 
   - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
     when: rkhunter is success

playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml

@@ -42,7 +42,7 @@
     - selinux
 
   - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p tcp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124
     when: '"124" not in ntp_selinux_port'
     failed_when: false
     tags:
@@ -50,7 +50,7 @@
     - selinux
 
   - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p udp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124
     when: '"124" not in ntp_selinux_port'
     failed_when: false
     tags:

playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml

@@ -52,7 +52,7 @@
     - selinux
 
   - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p tcp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124
     when: '"124" not in ntp_selinux_port'
     failed_when: false
     tags:
@@ -60,7 +60,7 @@
     - selinux
 
   - name: allow alternate ntpd port
-    command: semanage port -a -t ntp_port_t -p udp 124
+    ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124
     when: '"124" not in ntp_selinux_port'
     failed_when: false
     tags:

playbooks/include/proxies-websites.yml

@@ -20,7 +20,7 @@
     - httpd/website
 
   - name: Check the selinux context of webdir
-    command: matchpathcon /srv/web
+    ansible.builtin.command: matchpathcon /srv/web
     register: webdir
     check_mode: no
     changed_when: "1 != 1"
@@ -31,7 +31,7 @@
     - httpd/website
 
   - name: /srv/web file contexts
-    command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
+    ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
     when: webdir.stdout.find('httpd_sys_content_t') == -1
     tags:
     - config

playbooks/manual/gdpr/delete.yml

@@ -9,7 +9,7 @@
   strategy: free
   tasks:
     # Non-huge SAR retrieval
-    - command: "{{ gdpr_delete_script }}"
+    - ansible.builtin.command: "{{ gdpr_delete_script }}"
       environment:
         SAR_USERNAME: "{{ gdpr_delete_fas_user }}"
         SAR_EMAIL: "{{ gdpr_delete_email }}"

playbooks/manual/gdpr/sar.yml

@@ -9,7 +9,7 @@
     - name: "Create the archive"
       block:
         # Create a safe place to store the files.
-        - command: "mktemp -d"
+        - ansible.builtin.command: "mktemp -d"
           register: sar_tmp_dir
         # Let's make this a more conveniently expressed variable.
         - set_fact:
@@ -20,7 +20,7 @@
   strategy: free
   tasks:
     # Non-huge SAR retrieval
-    - command: "{{ sar_script }}"
+    - ansible.builtin.command: "{{ sar_script }}"
       environment:
         SAR_USERNAME: "{{ sar_fas_user }}"
         SAR_EMAIL: "{{ sar_email }}"
@@ -36,7 +36,7 @@
       delegate_facts: false
       when: "sar_huge is not defined or not sar_huge"
     # Remove the variable from memory
-    - command: "/bin/true"
+    - ansible.builtin.command: "/bin/true"
       register: sar_data
       when: "sar_huge is not defined or not sar_huge"
 
@@ -61,7 +61,7 @@
           args:
             chdir: "{{ sar_tmp_dir }}"
         # Move the tarball into the desired pick up location.
-        - command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}"
+        - ansible.builtin.command: "mv {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz {{ sar_tar_output_path }}"
       always:
         # Let's clean up our temporary directory.
-        - command: "rm -r {{ sar_tmp_dir }}"
+        - ansible.builtin.command: "rm -r {{ sar_tmp_dir }}"

playbooks/manual/gdpr/sar_openshift.yml

@@ -6,7 +6,7 @@
   register: pod_id
 # Run the SAR script
 - name: Run oc exec in container to extract the data
-  command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'"
+  ansible.builtin.command: "oc -n {{ item.value.openshift_namespace }} rsh {{ pod_id.stdout }} bash -c 'SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ item.value.sar_script }}'"
   register: sar_data
 # Store the result on disk
 - name: Copy the output data locally

playbooks/manual/history_undo.yml

@@ -24,7 +24,7 @@
     when: transaction_id.stderr == ""
 
   - name: Get info on that transaction
-    command: yum history info {{ transaction_id.stdout }}
+    ansible.builtin.command: yum history info {{ transaction_id.stdout }}
     register: transaction_info
     when: transaction_id.stderr == ""
 
@@ -35,5 +35,5 @@
   #  when: transaction_id.stderr == ""
 
   - name: Okay.. undo that transaction now
-    command: yum -y history undo {{ transaction_id.stdout }}
+    ansible.builtin.command: yum -y history undo {{ transaction_id.stdout }}
     when: transaction_id.stderr == ""

playbooks/manual/import-irc-cookies-to-matrix.yml

@@ -33,7 +33,7 @@
         mode: "0755"
 
     - name: Run the import script
-      command:
+      ansible.builtin.command:
         argv:
           - /usr/local/bin/karma-to-cookies-db
           - -i

playbooks/manual/noggin-deployment/create-full-backup.yml

@@ -7,7 +7,7 @@
   #  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
   tasks:
     - name: Create backup of FreeIPA server data
-      command: ipa-backup
+      ansible.builtin.command: ipa-backup
 
     - name: Make the latest backup available under a fixed name
       shell:

playbooks/manual/noggin-deployment/reenroll-ipa-client.yml

@@ -32,14 +32,14 @@
   # Checks
 
   - name: Check if the host can obtain a Kerberos ticket
-    command: kinit -kt /etc/krb5.keytab
+    ansible.builtin.command: kinit -kt /etc/krb5.keytab
     ignore_errors: yes
     changed_when: no
     register: kinit_res
     when: ipa_server is defined
 
   - name: Ping the IPA server
-    command: ipa ping
+    ansible.builtin.command: ipa ping
     ignore_errors: yes
     changed_when: no
     register: ipa_ping_res
@@ -56,7 +56,7 @@
   # Do the things
 
   - name: Unenroll IPA client
-    command: ipa-client-install --uninstall --unattended
+    ansible.builtin.command: ipa-client-install --uninstall --unattended
     when: do_the_things
 
   - name: Apply the ipa/client role

playbooks/manual/noggin-deployment/restore-latest-backup.yml

@@ -7,4 +7,4 @@
     # - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
   tasks:
     - name: Restore latest backup of FreeIPA server data
-      command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }}
+      ansible.builtin.command: ipa-restore /var/lib/ipa/backup/ipa-full-latest -p {{ ipa_admin_password }}

playbooks/manual/noggin-deployment/uninstall_ipa_client.yml

@@ -9,7 +9,7 @@
 
   tasks:
   - name: Uninstall IPA client
-    command: ipa-client-install --uninstall --unattended
+    ansible.builtin.command: ipa-client-install --uninstall --unattended
     ignore_errors: yes
 
 - import_playbook: "/srv/web/infra/ansible/playbooks/groups/bodhi-backend.yml"
@@ -67,7 +67,7 @@
     loop: "{{keytabs}}"
 
   - name: Remove keytab secret
-    command: oc -n {{item.app}} delete secret {{item.secret_name}}
+    ansible.builtin.command: oc -n {{item.app}} delete secret {{item.secret_name}}
     register: delete_out
     failed_when: "delete_out.rc != 0 and 'NotFound' not in delete_out.stderr"
     changed_when: "delete_out.rc == 0 and 'secret \"{{item.secret_name}}\" deleted' in delete_out.stdout"

playbooks/manual/oci-registry-prune.yml

@@ -29,7 +29,7 @@
   - debug: var=prod_output.stdout_lines
 
   - name: Run registry garbage collection to reclaim disk space
-    command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
+    ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
     when: env == "production"
 
   - name: Find and Delete 30 days old OCI images (stg)
@@ -45,5 +45,5 @@
   - debug: var=stg_output.stdout_lines
 
   - name: Run registry garbage collection to reclaim disk space (stg)
-    command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
+    ansible.builtin.command: "registry garbage-collect /etc/docker-distribution/registry/config.yml"
     when: env == "staging"

playbooks/manual/ocp4-place-ignitionfiles.yml

@@ -100,7 +100,7 @@
           - kvm_deploy
         when: inventory_hostname in groups['ocp_vms_stg'] or inventory_hostname in groups['ocp_vms']
       - name: == OCP KVM provisioning == Deploying the OCP Virtual Guest[s]
-        command: "{{ virt_install_command }}"
+        ansible.builtin.command: "{{ virt_install_command }}"
         delegate_to: "{{ vmhost }}"
         tags:
           - kvm_deploy

playbooks/manual/rebuild/websites.yml

@@ -11,7 +11,7 @@
 
   tasks:
   - name: Run syncStatic (this takes a while)...
-    command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic
+    ansible.builtin.command: /usr/local/bin/lock-wrapper syncStatic /usr/local/bin/syncStatic
 
 - name: Tell the proxies to sync that freshness
   hosts: proxies:proxies_stg
@@ -23,7 +23,7 @@
 
   tasks:
   - name: Rsync each site in to place
-    command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/
+    ansible.builtin.command: /usr/bin/rsync --delete -a --no-owner --no-group sundries01::{{item}}/ /srv/web/{{item}}/
     with_items:
     - getfedora.org
     - fedoracommunity.org

playbooks/manual/sign-and-import.yml

@@ -52,7 +52,7 @@
       - "{{ rpmdir }}/*.src.rpm"
 
   - name: Move processed srpms out to {{ rpmdir }}-old
-    command: /bin/mv {{ item }} {{ rpmdir }}-old/
+    ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/
     when: not testing
     with_fileglob:
       - "{{ rpmdir }}/*.src.rpm"
@@ -68,13 +68,13 @@
       - "{{ rpmdir }}/*.rpm"
 
   - name: Move processed rpms out to {{ rpmdir }}-old
-    command: /bin/mv {{ item }} {{ rpmdir }}-old/
+    ansible.builtin.command: /bin/mv {{ item }} {{ rpmdir }}-old/
     when: not testing
     with_fileglob:
       - "{{ rpmdir }}/*.rpm"
 
   - name: Run createrepo on each repo
-    command: createrepo --update {{ repodir }}/{{ item }}/
+    ansible.builtin.command: createrepo --update {{ repodir }}/{{ item }}/
     with_items:
     - SRPMS
     - x86_64

playbooks/manual/staging-sync/bodhi.yml

@@ -20,9 +20,9 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   tasks:
-  - command: oc -n bodhi scale dc/bodhi-web --replicas=0
-  - command: oc -n bodhi scale dc/bodhi-consumer --replicas=0
-  - command: oc -n bodhi scale dc/bodhi-celery --replicas=0
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=0
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=0
 
 - name: Bring staging services down (messaging)
   hosts: bodhi_backend_stg
@@ -60,10 +60,10 @@
       src: /srv/web/infra/db-dumps/bodhi2.dump.xz
       dest: /var/tmp/bodhi2.dump.xz
       owner: postgres group=postgres
-  - command: unxz /var/tmp/bodhi2.dump.xz
+  - ansible.builtin.command: unxz /var/tmp/bodhi2.dump.xz
              creates=/var/tmp/bodhi2.dump
-  - command: dropdb bodhi2
-  - command: createdb -O bodhi2 bodhi2
+  - ansible.builtin.command: dropdb bodhi2
+  - ansible.builtin.command: createdb -O bodhi2 bodhi2
   - name: Import the prod db.
     shell: cat /var/tmp/bodhi2.dump | psql bodhi2
   - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent
@@ -77,9 +77,9 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
 
   tasks:
-  - command: oc -n bodhi scale dc/bodhi-web --replicas=1
-  - command: oc -n bodhi scale dc/bodhi-consumer --replicas=1
-  - command: oc -n bodhi scale dc/bodhi-celery --replicas=1
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=1
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-consumer --replicas=1
+  - ansible.builtin.command: oc -n bodhi scale dc/bodhi-celery --replicas=1
 
 - name: Bring staging services up (httpd)
   hosts: bodhi2_stg

playbooks/manual/staging-sync/db-sync.yml

@@ -78,15 +78,15 @@
       dest: /var/tmp/{{ db }}.dump.xz
 
   - name: Unpack the archive
-    command: unxz /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.command: unxz /var/tmp/{{ db }}.dump.xz
              creates=/var/tmp/{{ db }}.dump
 
   - name: Drop the postgresql database in staging
-    command: dropdb {{ db }}
+    ansible.builtin.command: dropdb {{ db }}
     ignore_errors: yes
 
   - name: Create the postgresql database in staging
-    command: createdb {{ db }}
+    ansible.builtin.command: createdb {{ db }}
 
   - name: Import the prod db.  This will take quite a while.  Go get a snack!
     shell: cat /var/tmp/{{ db }}.dump | psql {{ db }}
@@ -123,7 +123,7 @@
 
   tasks:
   - name: Remove the db dump on the prod server
-    command: rm -f /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz
 
 - name: Remove the prod db dump on batcave
   hosts: batcave01.iad2.fedoraproject.org
@@ -138,4 +138,4 @@
 
   tasks:
   - name: Remove the DB dump from batcave
-    command: rm -f /var/tmp/{{ db }}.dump.xz
+    ansible.builtin.command: rm -f /var/tmp/{{ db }}.dump.xz

playbooks/manual/staging-sync/mailman.yml

@@ -40,12 +40,12 @@
       dest: /var/tmp/mailman.dump.xz
       owner: postgres
       group: postgres
-  - command: unxz /var/tmp/mailman.dump.xz
+  - ansible.builtin.command: unxz /var/tmp/mailman.dump.xz
              creates=/var/tmp/mailman.dump
-  - command: dropdb mailman
-  - command: createdb -O mailmanadmin mailman
+  - ansible.builtin.command: dropdb mailman
+  - ansible.builtin.command: createdb -O mailmanadmin mailman
   - name: Import the prod db.  This will take quite a while.  Go get a snack!
-    command: psql -f /var/tmp/mailman.dump mailman
+    ansible.builtin.command: psql -f /var/tmp/mailman.dump mailman
   # - name: Fix the database
   #  shell: psql -f /var/lib/pgsql/mailman-reset-staging.sql mailman
 
@@ -55,12 +55,12 @@
       dest: /var/tmp/hyperkitty.dump.xz
       owner: postgres
       group: postgres
-  - command: unxz /var/tmp/hyperkitty.dump.xz
+  - ansible.builtin.command: unxz /var/tmp/hyperkitty.dump.xz
              creates=/var/tmp/hyperkitty.dump
-  - command: dropdb hyperkitty
-  - command: createdb -O hyperkittyadmin hyperkitty
+  - ansible.builtin.command: dropdb hyperkitty
+  - ansible.builtin.command: createdb -O hyperkittyadmin hyperkitty
   - name: Import the prod db.  This will take quite a while.  Go get a snack!
-    command: psql -f /var/tmp/hyperkitty.dump hyperkitty
+    ansible.builtin.command: psql -f /var/tmp/hyperkitty.dump hyperkitty
   # - name: Fix the database
   #  shell: psql -f /var/lib/pgsql/hyperkitty-reset-staging.sql hyperkitty
 
@@ -91,4 +91,4 @@
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
 
   tasks:
-  - command: /srv/webui/bin/prod-to-stg.py
+  - ansible.builtin.command: /srv/webui/bin/prod-to-stg.py

playbooks/manual/update-firmware.yml

@@ -76,7 +76,7 @@
   # Dell updates here
   - name: Check Dell updates
     check_mode: no
-    command: /root/firmware-upgrades/{{ item.item.1}} -qc
+    ansible.builtin.command: /root/firmware-upgrades/{{ item.item.1}} -qc
     register: check_results
     failed_when: "'System(s) supported by this package' in check_results.stdout"
     changed_when: "'is the same' not in check_results.stdout"
@@ -84,7 +84,7 @@
     with_items: "{{is_applied_results.results}}"
 
   - name: Apply Dell updates
-    command: /root/firmware-upgrades/{{ item.item.item.1}} -q
+    ansible.builtin.command: /root/firmware-upgrades/{{ item.item.item.1}} -q
     register: update_results
     failed_when: "'System(s) supported by this package:' in update_results.stdout"
     changed_when: "'should be restarted' in update_results.stdout or 'completed successfully' in update_results.stdout"

playbooks/manual/update-packages.yml

@@ -25,7 +25,7 @@
     when: testing and ansible_distribution_major_version|int < 8 and ansible_distribution == 'RedHat'
 
   - name: Dnf clean all (since we can't do it when updating)
-    command: dnf clean all
+    ansible.builtin.command: dnf clean all
     when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora'
 
   - name: Dnf update {{ package }} from main repo
@@ -33,7 +33,7 @@
     when: not testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora'
 
   - name: Dnf clean all (since we can't do it when updating)
-    command: dnf clean all --enablerepo=infrastructure-tags-stg
+    ansible.builtin.command: dnf clean all --enablerepo=infrastructure-tags-stg
     when: testing and ansible_distribution_major_version|int > 21 and ansible_distribution == 'Fedora'
 
   - name: Dnf update {{ package }} from testing repo

playbooks/manual/upgrade/bodhi.yml

@@ -58,7 +58,7 @@
 
   tasks:
   - name: Find out what the current migration version is
-    command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current
+    ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini current
     register: current_migration_version
 
 - name: Stop the front end if there are migrations to run
@@ -82,7 +82,7 @@
       # This will be a bool that indicates whether we need to run migrations or not.
       migrations: "'(head)' not in hostvars['bodhi-backend01{{ env_suffix }}.iad2.fedoraproject.org']['current_migration_version'].stdout"
   - name: Scale down to 0 pods
-    command: oc -n bodhi scale dc/bodhi-web --replicas=0
+    ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas=0
     when: migrations
 
 - name: Verify the backends, stop them, and then upgrade the db
@@ -114,7 +114,7 @@
     - bodhi-celery
 
   - name: Upgrade the database
-    command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head
+    ansible.builtin.command: /usr/bin/alembic-3 -c /etc/bodhi/alembic.ini upgrade head
     args:
       chdir: /usr/share/bodhi/
 
@@ -145,10 +145,10 @@
   tasks:
   - include_vars: /srv/web/infra/ansible/vars/apps/bodhi.yml
   - name: Scale up pods
-    command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
+    ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
     when: env != "staging"
   - name: Scale up pods
-    command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
+    ansible.builtin.command: oc -n bodhi scale dc/bodhi-web --replicas={{ bodhi_openshift_pods }}
     when: env == "staging"
   # Redeploy the build config as it may request a newer version in the Dockerfile
   # Only do it on prod because staging tracks a branch

playbooks/manual/upgrade/bugzilla2fedmsg.yml

@@ -13,7 +13,7 @@
 
   tasks:
   - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
     check_mode: no
   - name: Update bugzilla2fedmsg packages from main repo
     package: name="python-bugzilla2fedmsg" state=latest

playbooks/manual/upgrade/datagrepper.yml

@@ -13,7 +13,7 @@
 
   tasks:
   - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
     check_mode: no
   - name: Yum update datagrepper packages from main repo
     package: name="datagrepper" state=latest

playbooks/manual/upgrade/datanommer.yml

@@ -33,7 +33,7 @@
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
   tasks:
   - name: Scale down datagrepper to 0 pods
-    command: oc -n datagrepper scale dc/datagrepper --replicas=0
+    ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=0
 
 - name: Stop datanommer
   hosts:
@@ -48,7 +48,7 @@
   - import_tasks: "{{ handlers_path }}/restart_services.yml"
   tasks:
   - name: Scale down datanommer to 0 pods
-    command: oc -n datanommer scale dc/datanommer --replicas=0
+    ansible.builtin.command: oc -n datanommer scale dc/datanommer --replicas=0
 
 - name: Upgrade the database
   role: openshift/object
@@ -57,7 +57,7 @@
   object_objectname: job.yml
 
 - name: Wait for the db-upgrade completion
-  command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}'
+  ansible.builtin.command: oc get jobs/db-upgrade -o jsonpath='{@.status.succeeded}'
   register: status
   until: status.stdout | int == 1
   retries: 5
@@ -81,7 +81,7 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
   tasks:
   - name: Scale up datanommer pods
-    command: oc -n datanommer scale dc/db-datanommer --replicas=1
+    ansible.builtin.command: oc -n datanommer scale dc/db-datanommer --replicas=1
 
 - name: Start the datagrepper again
   hosts:
@@ -94,7 +94,7 @@
     - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
   tasks:
   - name: Scale up datagrepper pods
-    command: oc -n datagrepper scale dc/datagrepper --replicas=1
+    ansible.builtin.command: oc -n datagrepper scale dc/datagrepper --replicas=1
 
 - name: Restart the last backend piece (badges)
   hosts:

playbooks/manual/upgrade/fedmsg.yml

@@ -35,7 +35,7 @@
 
   tasks:
   - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
     check_mode: no
   - name: Yum update fedmsg packages from the main repo
     package: name={{item}} state=latest

playbooks/manual/upgrade/mote.yml

@@ -13,7 +13,7 @@
 
   tasks:
   - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: yum clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
     check_mode: no
   - name: Update mote packages from main repo
     package: name="mote" state=latest

playbooks/manual/upgrade/packages.yml

@@ -13,7 +13,7 @@
 
   tasks:
   - name: Clean all metadata {%if testing%}(with infrastructure-testing on){%endif%}
-    command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
+    ansible.builtin.command: dnf clean all {%if testing%} --enablerepo=infrastructure-tags-stg {%endif%}
     check_mode: no
   - name: Update fedora-packages packages from main repo
     package: name="fedora-packages" state=latest

playbooks/manual/upgrade/pagure.yml

@@ -75,7 +75,7 @@
     when: inventory_hostname.startswith('pagure')
 
   - name: Upgrade the database
-    command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head
+    ansible.builtin.command: /usr/bin/alembic -c /etc/pagure/alembic.ini upgrade head
     args:
       chdir: /etc/pagure/
     environment:

playbooks/rkhunter_only.yml

@@ -7,10 +7,10 @@
 
   tasks:
   - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
 
   - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
     when: rkhunter is success

playbooks/rkhunter_update.yml

@@ -7,18 +7,18 @@
 
   tasks:
   - name: Expire-caches
-    command: yum clean expire-cache
+    ansible.builtin.command: yum clean expire-cache
 
   - name: Yum -y {{ yumcommand }}
-    command: yum -y {{ yumcommand }}
+    ansible.builtin.command: yum -y {{ yumcommand }}
     async: 7200
     poll: 15
 
   - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
 
   - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
     when: rkhunter is success

playbooks/universe_update.yml

@@ -57,10 +57,10 @@
 
   tasks:
   - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
 
   - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
     when: rkhunter is success

playbooks/update-proxy-dns.yml

@@ -55,7 +55,7 @@
     when: nodns is not defined or not "true" in nodns
 
   - name: Run update-dns on each nameserver
-    command: /usr/local/bin/update-dns
+    ansible.builtin.command: /usr/local/bin/update-dns
     delegate_to: "{{item}}"
     with_items: "{{groups.dns}}"
     when: nodns is not defined or not "true" in nodns

playbooks/update_dns.yml

@@ -6,4 +6,4 @@
   tasks:
 
   - name: Push dns changes out
-    command: /usr/local/bin/update-dns
+    ansible.builtin.command: /usr/local/bin/update-dns

playbooks/update_ticketkey.yml

@@ -13,10 +13,10 @@
 
   tasks:
   - name: create new production ticket key
-    command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod
+    ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_production.tkey fpprod
 
   - name: create new staging ticket key
-    command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag
+    ansible.builtin.command: /usr/local/bin/generate_ticketkey /root/ticketkey_staging.tkey fpstag
 
 - name: Push out new ticket key
   hosts: proxies:proxies_stg

playbooks/vhost_halt_guests.yml

@@ -45,7 +45,7 @@
     delegate_to: noc01.iad2.fedoraproject.org
 
   - name: Echo-y
-    command: /sbin/halt -p
+    ansible.builtin.command: /sbin/halt -p
     ignore_errors: true
     # if one of them is down we don't care
 

playbooks/vhost_poweroff.yml

@@ -41,7 +41,7 @@
 
   tasks:
   - name: Halt the vm instances - to poweroff
-    command: /sbin/shutdown -h 1
+    ansible.builtin.command: /sbin/shutdown -h 1
     ignore_errors: true
     # if one of them is down we don't care
 
@@ -61,4 +61,4 @@
 
   tasks:
   - name: Halt the virthost
-    command: /sbin/shutdown -h 1
+    ansible.builtin.command: /sbin/shutdown -h 1

playbooks/vhost_reboot.yml

@@ -105,7 +105,7 @@
     with_items: "{{ newvmlist.list_vms }}"
 
 #  - name: sync time
-#    command: ntpdate -u 1.rhel.pool.ntp.org
+#    ansible.builtin.command: ntpdate -u 1.rhel.pool.ntp.org
 
   - name: tell nagios to unshush
     nagios: action=unsilence service=host host={{ inventory_hostname_short }}{{ env_suffix }}

playbooks/vhost_update.yml

@@ -83,10 +83,10 @@
 
   tasks:
   - name: Check for rkhunter
-    command: /usr/bin/test -f /usr/bin/rkhunter
+    ansible.builtin.command: /usr/bin/test -f /usr/bin/rkhunter
     register: rkhunter
     ignore_errors: true
 
   - name: Run rkhunter --propupd
-    command: /usr/bin/rkhunter --propupd
+    ansible.builtin.command: /usr/bin/rkhunter --propupd
     when: rkhunter is success

roles/abrt/faf-post/tasks/repositories.yml

@@ -11,7 +11,7 @@
 
 - name: Assign repositories to Fedora releases
   loop: "{{ faf_repos }}"
-  command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'"
+  ansible.builtin.command: "faf repoassign '{{ item.name }}' '{{ item.opsys }}' '{{ item.arch }}'"
   become: yes
   become_user: faf
   tags: add_repo
@@ -26,14 +26,14 @@
 
 - name: Remove repositories of EOL Fedora releases
   loop: "{{ eol_repolist.results | map(attribute='stdout_lines') | flatten }}"
-  command: "faf repodel '{{ item }}'"
+  ansible.builtin.command: "faf repodel '{{ item }}'"
   become: yes
   become_user: faf
   ignore_errors: yes
 
 - name: Clean up packages from EOL Fedora releases
   loop: "{{ rs_internal_fedora_vers_removed }}"
-  command: "faf cleanup-packages Fedora '{{ item }}'"
+  ansible.builtin.command: "faf cleanup-packages Fedora '{{ item }}'"
   become: yes
   become_user: faf
   ignore_errors: yes

roles/abrt/faf-pre/tasks/setup_db.yml

@@ -1,6 +1,6 @@
 ---
 - name: Ensure PostgreSQL database is initialized.
-  command: "postgresql-setup --initdb --unit postgresql"
+  ansible.builtin.command: "postgresql-setup --initdb --unit postgresql"
   args:
     creates: "/var/lib/pgsql/data/PG_VERSION"
 

roles/abrt/faf/tasks/check.yml

@@ -3,13 +3,13 @@
 # check backend functionality
 
 - name: Add dummy Fedora 42 release
-  command: faf releaseadd -o fedora --opsys-release 42
+  ansible.builtin.command: faf releaseadd -o fedora --opsys-release 42
   become: yes
   become_user: faf
   changed_when: false
 
 - name: Get releases from FAF
-  command: faf releaselist
+  ansible.builtin.command: faf releaselist
   become: yes
   become_user: faf
   register: release_list
@@ -17,7 +17,7 @@
   changed_when: false
 
 - name: Add dummy meta_faf component to Fedora 42 release
-  command: faf compadd -o fedora --opsys-release 42 meta_faf
+  ansible.builtin.command: faf compadd -o fedora --opsys-release 42 meta_faf
   become: yes
   become_user: faf
   changed_when: false
@@ -30,7 +30,7 @@
     group: faf
 
 - name: Faf
-  command: faf {{ item }}
+  ansible.builtin.command: faf {{ item }}
   become: yes
   become_user: faf
   loop:

roles/abrt/faf/tasks/cleanup.yml

@@ -1,6 +1,6 @@
 ---
 - name: Remove EOLed opsys
-  command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL
+  ansible.builtin.command: faf releasemod -o "{{ item.opsys | lower }}" --opsys-release "{{ item.release }}" -s EOL
   loop: "{{ eol_opsys }}"
   become: yes
   become_user: faf
@@ -8,7 +8,7 @@
   changed_when: false
 
 - name: Remove EOLed packages
-  command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}"
+  ansible.builtin.command: faf cleanup-packages "{{ item.opsys }}" "{{ item.release }}"
   loop: "{{ eol_opsys }}"
   become: yes
   become_user: faf
@@ -16,7 +16,7 @@
   changed_when: false
 
 - name: Remove unassigned packages
-  command: faf cleanup-unassigned -f
+  ansible.builtin.command: faf cleanup-unassigned -f
   become: yes
   become_user: faf
   failed_when: false

roles/abrt/faf/tasks/first_time_setup.yml

@@ -11,17 +11,17 @@
 # Skip whole block if faf owns atleast 1 table in db
 - block:
   - name: Create faf's database schema
-    command: faf-migrate-db --create-all
+    ansible.builtin.command: faf-migrate-db --create-all
     become: yes
     become_user: faf
 
   - name: Stamp database as migrated to latest version
-    command: faf-migrate-db --stamp-only
+    ansible.builtin.command: faf-migrate-db --stamp-only
     become: yes
     become_user: faf
 
   - name: Init faf
-    command: faf init
+    ansible.builtin.command: faf init
     become: yes
     become_user: faf
   when: ( count_tables.stdout_lines[2]|int ) == 0

roles/abrt/faf/tasks/migrate_db.yml

@@ -1,6 +1,6 @@
 ---
 - name: Run database migrations
-  command: faf-migrate-db
+  ansible.builtin.command: faf-migrate-db
   become: yes
   become_user: faf
   changed_when: false

roles/abrt/retrace/tasks/podman.yml

@@ -10,7 +10,7 @@
     state: stopped
 
 - name: Check if subuid is set for retrace user
-  command: cat /etc/subuid
+  ansible.builtin.command: cat /etc/subuid
   changed_when: false
   register: retrace_subuid
 
@@ -30,12 +30,12 @@
       rs_subuid_max: "{{ t_subuid.stdout | default(100000) | int + 2 * 65536 - 1 }}"
 
   - name: Set subuid for retrace user.
-    command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}"
+    ansible.builtin.command: usermod retrace --add-subuids "{{ rs_subuid_min }}-{{ rs_subuid_max }}"
 
   when: '"retrace" not in retrace_subuid.stdout'
 
 - name: Check if subgid is set for retrace user
-  command: cat /etc/subgid
+  ansible.builtin.command: cat /etc/subgid
   changed_when: false
   register: retrace_subgid
 
@@ -55,7 +55,7 @@
       rs_subgid_max: "{{ t_subgid.stdout | default(100000) | int + 2 * 65536 - 1 }}"
 
   - name: Set subgid for retrace user
-    command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}"
+    ansible.builtin.command: usermod retrace --add-subgids "{{ rs_subgid_min }}-{{ rs_subgid_max }}"
 
   when: '"retrace" not in retrace_subgid.stdout'
 

roles/abrt/retrace/tasks/usefafpkgs.yml

@@ -1,6 +1,6 @@
 ---
 - name: Check if faf is installed
-  command: rpm -q faf
+  ansible.builtin.command: rpm -q faf
   changed_when: false
 
 - name: Add user retrace to faf db

roles/ansible-server/tasks/main.yml

@@ -30,6 +30,6 @@
   - ansible-server
 
 - name: Install required collections
-  command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml
+  ansible.builtin.command: ansible-galaxy install -r {{ ansible_base }}/ansible/roles/ansible-server/files/requirements.yml
   tags:
   - ansible-server

roles/apache/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
 - name: Restart apache
-  command: /usr/local/bin/conditional-restart.sh httpd httpd
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh httpd httpd

roles/base/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Apply interface-changes
-  command: nmcli con up {{ item.split()[1] }}
+  ansible.builtin.command: nmcli con up {{ item.split()[1] }}
   async: 1
   poll: 0
   with_items:
@@ -16,7 +16,7 @@
   service: name=NetworkManager state=restarted
 
 - name: Reload NetworkManager-connections
-  command: nmcli c reload
+  ansible.builtin.command: nmcli c reload
 
 - name: Restart postfix
   service: name=postfix state=restarted

roles/base/tasks/crypto-policies.yml

@@ -1,6 +1,6 @@
 ---
 - name: Check current crypto-policy
-  command: "update-crypto-policies --show"
+  ansible.builtin.command: "update-crypto-policies --show"
   register: currentcryptopolicy
   failed_when: "1 != 1"
   changed_when: "1 != 1"
@@ -10,7 +10,7 @@
   - base/crypto-policies
 
 - name: Check if policy is applied
-  command: "update-crypto-policies --is-applied"
+  ansible.builtin.command: "update-crypto-policies --is-applied"
   register: cryptopolicyapplied
   failed_when: "1 != 1"
   changed_when: "1 != 1"
@@ -20,7 +20,7 @@
   - base/crypto-policies
 
 - name: Set crypto-policy on fedora 33 and higher hosts back to default
-  command: "update-crypto-policies --set DEFAULT"
+  ansible.builtin.command: "update-crypto-policies --set DEFAULT"
   when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT') == -1 or cryptopolicyapplied.rc != 0) and not inventory_hostname.startswith('ipsilon') "
   check_mode: no
   tags:
@@ -28,7 +28,7 @@
   - base/crypto-policies
 
 - name: Set crypto-policy on RHEL9 dns servers to DEFAULT:SHA1
-  command: "update-crypto-policies --set DEFAULT:SHA1"
+  ansible.builtin.command: "update-crypto-policies --set DEFAULT:SHA1"
   when: "inventory_hostname.startswith('ns') and (currentcryptopolicy.stdout.find('DEFAULT:SHA1') == -1 or cryptopolicyapplied.rc != 0)"
   check_mode: no
   tags:

roles/base/tasks/keytab.yml

@@ -19,7 +19,7 @@
 
 - name: Create host entry
   delegate_to: "{{ ipa_server }}"
-  command: ipa host-add --force {{inventory_hostname}}
+  ansible.builtin.command: ipa host-add --force {{inventory_hostname}}
   register: host_add_result
   changed_when: "'Added host' in host_add_result.stdout"
   failed_when: "not ('Added host' in host_add_result.stdout or 'already exists' in host_add_result.stderr)"
@@ -31,7 +31,7 @@
 
 - name: Create additional host entries
   delegate_to: "{{ ipa_server }}"
-  command: ipa host-add --force {{item}}
+  ansible.builtin.command: ipa host-add --force {{item}}
   with_items: "{{ additional_host_keytabs }}"
   register: hosts_add_result
   changed_when: "'Added host' in hosts_add_result.stdout"
@@ -44,7 +44,7 @@
 
 - name: Generate host keytab
   delegate_to: "{{ ipa_server }}"
-  command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt
+  ansible.builtin.command: ipa-getkeytab -s {{ipa_server}} -p host/{{inventory_hostname}} -k /tmp/{{inventory_hostname}}.kt
   register: getkeytab_result
   changed_when: false
   failed_when: "'successfully retrieved' not in getkeytab_result.stderr"
@@ -56,7 +56,7 @@
 
 - name: Add additional host keytabs
   delegate_to: "{{ ipa_server }}"
-  command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt
+  ansible.builtin.command: ipa-getkeytab -s {{ipa_server}} -p host/{{item}} -k /tmp/{{inventory_hostname}}.kt
   with_items: "{{ additional_host_keytabs }}"
   register: getkeytabs_result
   changed_when: false
@@ -69,7 +69,7 @@
 
 - name: Destroy kerberos ticket
   delegate_to: "{{ ipa_server }}"
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
   tags:
   - base
   - config
@@ -78,7 +78,7 @@
 
 - name: Get keytab
   delegate_to: "{{ ipa_server }}"
-  command: base64 /tmp/{{inventory_hostname}}.kt
+  ansible.builtin.command: base64 /tmp/{{inventory_hostname}}.kt
   register: keytab
   tags:
   - base

roles/base/tasks/main.yml

@@ -372,7 +372,7 @@
   - rsyslog-audit
 
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp
+  ansible.builtin.command: semodule -i /usr/local/share/rsyslog/rsyslog-audit.pp
   when: selinux_module is changed and ansible_distribution_major_version|int > 6
   tags:
   - rsyslogd
@@ -398,7 +398,7 @@
   - selinux
 
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/mapchkpwd.pp
+  ansible.builtin.command: semodule -i /usr/local/share/mapchkpwd.pp
   when: selinux_module is changed
   tags:
   - selinux

roles/basessh/tasks/main.yml

@@ -60,7 +60,7 @@
   - base
 
 - name: Allow alternate sshd port
-  command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
+  ansible.builtin.command: semanage port -a -t ssh_port_t -p tcp {{ sshd_port }}
   when: sshd_port in sshd_selinux_port
   failed_when: false
   tags:

roles/batcave/tasks/main.yml

@@ -425,7 +425,7 @@
 #
 
 - name: Check the selinux context of webdir
-  command: matchpathcon /srv/web
+  ansible.builtin.command: matchpathcon /srv/web
   register: webdir
   check_mode: no
   changed_when: "1 != 1"
@@ -437,7 +437,7 @@
   - httpd/website
 
 - name: /srv/web file contexts
-  command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
   when: webdir.stdout.find('httpd_sys_content_t') == -1
   tags:
   - config
@@ -451,7 +451,7 @@
 #
 
 - name: Check the selinux context of ansible
-  command: matchpathcon /srv/git/ansible.git
+  ansible.builtin.command: matchpathcon /srv/git/ansible.git
   register: webdir
   check_mode: no
   changed_when: "1 != 1"
@@ -463,7 +463,7 @@
   - httpd/website
 
 - name: /srv/git/ansible file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/ansible.git(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/ansible.git(/.*)?"
   when: webdir.stdout.find('git_content_t') == -1
   tags:
   - config
@@ -473,7 +473,7 @@
   - httpd/website
 
 - name: Check the selinux context of badges
-  command: matchpathcon /srv/git/badges
+  ansible.builtin.command: matchpathcon /srv/git/badges
   register: webdir
   check_mode: no
   changed_when: "1 != 1"
@@ -485,7 +485,7 @@
   - httpd/website
 
 - name: /srv/git/badges file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/badges(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/badges(/.*)?"
   when: webdir.stdout.find('git_content_t') == -1
   tags:
   - config
@@ -495,7 +495,7 @@
   - httpd/website
 
 - name: Check the selinux context of dns
-  command: matchpathcon /srv/git/dns
+  ansible.builtin.command: matchpathcon /srv/git/dns
   register: webdir
   check_mode: no
   changed_when: "1 != 1"
@@ -507,7 +507,7 @@
   - httpd/website
 
 - name: /srv/git/dns file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/dns(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/dns(/.*)?"
   when: webdir.stdout.find('git_content_t') == -1
   tags:
   - config
@@ -517,7 +517,7 @@
   - httpd/website
 
 - name: Check the selinux context of infra-docs
-  command: matchpathcon /srv/git/infra-docs
+  ansible.builtin.command: matchpathcon /srv/git/infra-docs
   register: webdir
   check_mode: no
   changed_when: "1 != 1"
@@ -529,7 +529,7 @@
   - httpd/website
 
 - name: /srv/git/infra-docs file contexts
-  command: semanage fcontext -a -t git_content_t "/srv/git/infra-docs(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/infra-docs(/.*)?"
   when: webdir.stdout.find('git_content_t') == -1
   tags:
   - config
@@ -584,7 +584,7 @@
   - tmux
 
 - name: Let the /var/tmux folder be writable to fi-apprentice as well
-  command: setfacl -R -m d:g:fi-apprentice:rwx -m g:fi-apprentice:rwx /var/tmux
+  ansible.builtin.command: setfacl -R -m d:g:fi-apprentice:rwx -m g:fi-apprentice:rwx /var/tmux
   tags:
   - batcave
   - tmux
@@ -599,7 +599,7 @@
   - openshiftboot
 
 - name: Let the openshift dir be writeable by sysadmin-openshift
-  command: setfacl -R -m d:g:sysadmin-openshift:rwx -m g:sysadmin-openshift:rwx /srv/web/infra/bigfiles/{{item}}
+  ansible.builtin.command: setfacl -R -m d:g:sysadmin-openshift:rwx -m g:sysadmin-openshift:rwx /srv/web/infra/bigfiles/{{item}}
   with_items:
   - openshiftboot
   - tftpboot/rhcos

roles/bodhi2/backend/tasks/main.yml

@@ -125,7 +125,7 @@
   - cron
 
 - name: Determine Python version
-  command:
+  ansible.builtin.command:
     argv:
       - python3
       - -c
@@ -376,7 +376,7 @@
   - bodhi
 
 - name: Let the ftpsync user also read the fedora-messaging key
-  command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem
+  ansible.builtin.command: /usr/bin/setfacl -m user:ftpsync:rx /etc/pki/fedora-messaging/bodhi-key.pem
   tags:
   - config
   - bodhi

roles/cgit/make_pkgs_list/tasks/main.yml

@@ -50,7 +50,7 @@
   tags: cgit
 
 - name: Check the selinux context of the repo list
-  command: matchpathcon /srv/git/pkgs-git-repos-list
+  ansible.builtin.command: matchpathcon /srv/git/pkgs-git-repos-list
   register: gitlistcontext
   check_mode: no
   changed_when: false
@@ -60,7 +60,7 @@
   - selinux
 
 - name: Set the SELinux policy for the repo list
-  command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list"
+  ansible.builtin.command: semanage fcontext -a -t git_content_t "/srv/git/pkgs-git-repos-list"
   when: gitlistcontext.stdout.find('git_content_t') == -1
   tags:
   - config

roles/check-compose/handlers/main.yml

@@ -1,6 +1,6 @@
 # Restart handler for our fedora-messaging consumer
 ---
 - name: Conditionally restart check-compose consumer service
-  command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@check-compose
   listen:
   - restart check-compose

roles/check-compose/tasks/main.yml

@@ -124,14 +124,14 @@
   register: gitcc
 
 - name: Check if check-compose is installed for current Python
-  command: "pip show check_compose"
+  ansible.builtin.command: "pip show check_compose"
   register: instcc
   changed_when: "1 != 1"
   failed_when: "1 != 1"
   check_mode: no
 
 - name: Install check-compose
-  command: "python3 -m pip install --no-deps /root/check-compose"
+  ansible.builtin.command: "python3 -m pip install --no-deps /root/check-compose"
   when: "gitcc is changed or instcc.rc != 0"
   notify:
   - restart check-compose

roles/collectd/base/tasks/main.yml

@@ -152,7 +152,7 @@
   - selinux
 
 - name: Install our general collectd selinux module
-  command: semodule -i /usr/share/collectd/fi-collectd.pp
+  ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd.pp
   when: ficgeneral_module is changed or ficgeneral_installed_version != ficgeneral_local_version
   tags:
   - collectd
@@ -175,7 +175,7 @@
   - selinux
 
 - name: Install our pstorefs/collectd selinux module
-  command: semodule -i /usr/share/collectd/fi-pstorefs.pp
+  ansible.builtin.command: semodule -i /usr/share/collectd/fi-pstorefs.pp
   when: (ficpstorefs_module is changed or ficpstorefs_grep is changed)
   tags:
   - collectd

roles/collectd/fcomm-queue/tasks/main.yml

@@ -46,7 +46,7 @@
   - selinux
 
 - name: Install our fcomm collectd selinux module
-  command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp
+  ansible.builtin.command: semodule -i /usr/share/collectd/fi-collectd-fcomm.pp
   when: ficfcomm_module is changed or ficfcomm_grep is changed
   tags:
   - collectd

roles/copr/backend/files/provision/provision_builder_tasks.yml

@@ -83,7 +83,7 @@
 
 # https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
 - name: fallback to the legacy crypto policies
-  command: update-crypto-policies --set DEFAULT:SHA1
+  ansible.builtin.command: update-crypto-policies --set DEFAULT:SHA1
   when:
     - preparing_image
 

roles/copr/backend/handlers/main.yml

@@ -7,7 +7,7 @@
   when: not services_disabled
 
 - name: systemctl daemon-reload
-  command: /usr/bin/systemctl daemon-reload
+  ansible.builtin.command: /usr/bin/systemctl daemon-reload
 
 - name: restart lighttpd
   action: service name=lighttpd state=restarted

roles/copr/backend/tasks/install_cloud_cert.yml

@@ -4,5 +4,5 @@
   register: cloud_pem_copied
 
 - name: Update certificates
-  command: /usr/bin/update-ca-trust
+  ansible.builtin.command: /usr/bin/update-ca-trust
   when: cloud_pem_copied.changed

roles/copr/backend/tasks/main.yml

@@ -70,7 +70,7 @@
     - provision_config
 
 - name: Check known_hosts file
-  command: stat /home/copr/.ssh/known_hosts
+  ansible.builtin.command: stat /home/copr/.ssh/known_hosts
   register: hostsstat
   check_mode: no
   changed_when: "1 != 1"
@@ -155,7 +155,7 @@
   tags: logrotate
 
 - name: Fix selinux context on helper scripts
-  command: restorecon -irv /usr/local/bin/copr-lighty*
+  ansible.builtin.command: restorecon -irv /usr/local/bin/copr-lighty*
   when: logrotate_scripts.changed
   tags: logrotate
 
@@ -277,13 +277,13 @@
   shell: "chown -R copr:copr /var/lib/copr/public_html"
   when: '"copr" not in copr_results_dir_st.stat.pw_name'
 
-- command: "ls -dZ /var/lib/copr/public_html/"
+- ansible.builtin.command: "ls -dZ /var/lib/copr/public_html/"
   register: public_html_ls
   check_mode: no
   changed_when: false
 
 - name: Update selinux context for results if root folder does not have proper type
-  command: "restorecon -vvRF /var/lib/copr/public_html/"
+  ansible.builtin.command: "restorecon -vvRF /var/lib/copr/public_html/"
   when: "public_html_ls is defined and 'copr_data_t' not in  public_html_ls.stdout"
 
 # - name: Install cert to access fed-cloud09
@@ -364,7 +364,7 @@
   register: selinux_module
 
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/copr/copr_rules.pp
+  ansible.builtin.command: semodule -i /usr/local/share/copr/copr_rules.pp
   when: selinux_module is changed
 
 - name: Setup AWS access

roles/copr/base/tasks/main.yml

@@ -94,7 +94,7 @@
 #   check_mode: no
 #
 # - name: Disable offloading
-#   command: ethtool -K ens5 tso off gro off gso off
+#   ansible.builtin.command: ethtool -K ens5 tso off gro off gso off
 #   when:
 #     - offloading.rc == 0
 #     - ansible_distribution == 'Fedora'

roles/copr/dist_git/tasks/main.yml

@@ -123,13 +123,13 @@
   - selinux
 
 - name: Install our custom selinux policy for cgit
-  command: semodule -i /usr/local/share/selinux/git_script_t.pp
+  ansible.builtin.command: semodule -i /usr/local/share/selinux/git_script_t.pp
   when: cgit_selinux_module is changed
   tags:
   - selinux
 
 - name: Create CGIT config file if it does not exist (takes almost an hour)
-  command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc
+  ansible.builtin.command: /usr/bin/copr-dist-git-refresh-cgit creates=/var/cache/cgit/repo-configuration.rc
 
 - name: Ensure that .config directory exists
   ansible.builtin.file: path=/home/copr-dist-git/.config state=directory

roles/copr/frontend/tasks/main.yml

@@ -2,12 +2,12 @@
 - import_tasks: "mount_fs.yml"
 
 - name: Register security context for pgsql directory
-  command: "ls -dZ /var/lib/pgsql"
+  ansible.builtin.command: "ls -dZ /var/lib/pgsql"
   register: pgsql_ls
   changed_when: false  # `ls' command is not changing anything
 
 - name: Update selinux context for postgress db dir if it's wrong
-  command: "restorecon -vvRF /var/lib/pgsql"
+  ansible.builtin.command: "restorecon -vvRF /var/lib/pgsql"
   when: pgsql_ls.stdout is defined and 'postgresql_db_t' not in  pgsql_ls.stdout
 
 - name: Install weekly custom copr-frontend-crontab
@@ -103,7 +103,7 @@
 - import_tasks: "psql_setup.yml"
 
 - name: Upgrade db to head
-  command: alembic-3 upgrade head
+  ansible.builtin.command: alembic-3 upgrade head
   become: yes
   become_user: copr-fe
   args:
@@ -112,7 +112,7 @@
   changed_when: alembic_result.stdout is search("Running upgrade")
 
 - name: Apply the config comments
-  command: copr-frontend chroots-template
+  ansible.builtin.command: copr-frontend chroots-template
   become: yes
   become_user: copr-fe
   args:
@@ -160,7 +160,7 @@
 
 
 - name: Register whether indexes rebuild is required
-  command: copr-frontend update_indexes_required
+  ansible.builtin.command: copr-frontend update_indexes_required
   become: yes
   become_user: copr-fe
   register: update_indexes_required_result
@@ -168,7 +168,7 @@
   failed_when: false
 
 - name: Rebuild indexes
-  command: ./manage.py update_indexes
+  ansible.builtin.command: ./manage.py update_indexes
   become: yes
   become_user: copr-fe
   args:

roles/copr/keygen/tasks/main.yml

@@ -52,7 +52,7 @@
   register: selinux_module
 
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/copr/copr_rules.pp
+  ansible.builtin.command: semodule -i /usr/local/share/copr/copr_rules.pp
   when: selinux_module is changed
 
 - selinux: policy=targeted state=enforcing

roles/distgit/pagure/tasks/main.yml

@@ -80,7 +80,7 @@
   - pagure
 
 - name: Create the "git" user
-  command: useradd --create-home --home-dir=/srv/git/  git
+  ansible.builtin.command: useradd --create-home --home-dir=/srv/git/  git
            creates=/srv/git/
   when: env == 'staging'
   tags:
@@ -154,7 +154,7 @@
   - restart apache
 
 - name: Create the database scheme
-  command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
+  ansible.builtin.command: /usr/bin/python3 /usr/share/pagure/pagure_createdb.py
   changed_when: "1 != 1"
   environment:
     PAGURE_CONFIG: /etc/pagure/pagure.cfg
@@ -227,13 +227,13 @@
 
 - name: Manually fix current default ACLs since Ansible doesnt know recursive acls
   when: acl_updates.changed
-  command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
+  ansible.builtin.command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git
   tags:
   - pagure
 
 - name: Manually fix current ACLs since Ansible doesnt know recursive acls
   when: acl_updates.changed
-  command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
+  ansible.builtin.command: /usr/bin/setfacl -Rm user:apache:rx /srv/git
   tags:
   - pagure
 

roles/distgit/tasks/main.yml

@@ -268,7 +268,7 @@
   - selinux
 
 - name: Check the selinux context of the Lookaside Cache root directory
-  command: matchpathcon /srv/cache
+  ansible.builtin.command: matchpathcon /srv/cache
   register: lcachecontext
   check_mode: no
   changed_when: false
@@ -279,7 +279,7 @@
   - distgit
 
 - name: Set the SELinux policy for the Lookaside Cache root directory
-  command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t nfs_t "/srv/cache(/.*)?"
   when: lcachecontext.stdout.find('nfs_t') == -1 and env != "staging"
   tags:
   - config
@@ -319,7 +319,7 @@
   tags: selinux
 
 - name: Install our custom selinux policy
-  command: semodule -i /usr/local/share/selinux/upload_cgi.pp
+  ansible.builtin.command: semodule -i /usr/local/share/selinux/upload_cgi.pp
   when: selinux_module is changed
   tags: selinux
 
@@ -329,7 +329,7 @@
   tags: selinux
 
 - name: Install our custom nfs selinux policy
-  command: semodule -i /usr/local/share/selinux/cgi-nfs.pp
+  ansible.builtin.command: semodule -i /usr/local/share/selinux/cgi-nfs.pp
   when: nfs_selinux_module is changed
   tags: selinux
 
@@ -365,7 +365,7 @@
   - pkgs
 
 - name: Run initial grokmirror run
-  command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz
+  ansible.builtin.command: /usr/bin/grok-manifest -m /srv/git/grokmirror/manifest.js.gz -t /srv/git/repositories/ creates=/srv/git/grokmirror/manifest.js.gz
   when: env != "staging"
   tags:
   - grokmirror

roles/dns/tasks/main.yml

@@ -50,7 +50,7 @@
   - dns
 
 # - name: Create GeoIP acl
-#  command: /var/named/GeoIP.sh
+#  ansible.builtin.command: /var/named/GeoIP.sh
 #  changed_when: "1 != 1"
 #  notify:
 #  - restart named
@@ -82,7 +82,7 @@
   - dns
 
 - name: Update dns
-  command: /usr/local/bin/update-dns
+  ansible.builtin.command: /usr/local/bin/update-dns
   changed_when: "1 != 1"
   notify:
   - restart named
@@ -96,14 +96,14 @@
   - dns
 
 - name: Check configuration
-  command: named-checkconf -zj
+  ansible.builtin.command: named-checkconf -zj
   changed_when: false
   tags:
   - config
   - dns
 
 - name: Check semanage ports
-  command: semanage port -l
+  ansible.builtin.command: semanage port -l
   register: semanageoutput
   check_mode: no
   changed_when: "1 != 1"
@@ -111,7 +111,7 @@
   - dns
 
 - name: Set ports so bind statistics-channel can bind to 8053
-  command: semanage port -a -t dns_port_t -p tcp 8053
+  ansible.builtin.command: semanage port -a -t dns_port_t -p tcp 8053
   when: semanageoutput.stdout.find("8053") == -1
   notify:
   - restart named

roles/download/tasks/main.yml

@@ -18,7 +18,7 @@
   seboolean: name=httpd_use_nfs state=yes persistent=yes
 
 - name: Check the selinux context rsyncd log
-  command: matchpathcon /var/log/rsyncd-fedora.log
+  ansible.builtin.command: matchpathcon /var/log/rsyncd-fedora.log
   register: rsyncdlog
   check_mode: no
   changed_when: "1 != 1"
@@ -27,7 +27,7 @@
   - selinux
 
 - name: /var/log/rsyncd-fedora.log file context
-  command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log
+  ansible.builtin.command: semanage fcontext -a -t rsync_log_t /var/log/rsyncd-fedora.log
   when: rsyncdlog.stdout.find('rsync_log_t') == -1
   tags:
   - config
@@ -40,7 +40,7 @@
   ansible.builtin.copy: src=logrotate-rsync-fedora dest=/etc/logrotate.d/rsync-fedora
 
 - name: Check the selinux context pubdir
-  command: matchpathcon /srv/pub
+  ansible.builtin.command: matchpathcon /srv/pub
   register: pubdir
   check_mode: no
   changed_when: "1 != 1"
@@ -49,7 +49,7 @@
   - selinux
 
 - name: /srv/pub file contexts
-  command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/pub(/.*)?"
   when: pubdir.stdout.find('httpd_sys_content_t') == -1
   tags:
   - config

roles/fas2discourse/tasks/create-discourse-apikey-secret.yml

@@ -8,4 +8,4 @@
 
 # apply created openshift resources
 - name: Oc apply resources
-  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml"
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-discourse-apikey.yml"

roles/fas2discourse/tasks/create-keytab-secret.yml

@@ -21,4 +21,4 @@
 
 # apply created openshift resources
 - name: Oc apply resources
-  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml"
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/secret-keytab.yml"

roles/fas2discourse/tasks/create-operator-namespace.yml

@@ -8,4 +8,4 @@
 
 # apply created openshift resources
 - name: Oc apply resources
-  command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml"
+  ansible.builtin.command: "/root/bin/oc apply -f /root/ocp4/openshift-apps/fas2discourse-operator/namespace.yml"

roles/fedmsg/base/tasks/main.yml

@@ -265,7 +265,7 @@
   - fedmsg/base
 
 - name: Install our custom selinux module
-  command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
+  ansible.builtin.command: semodule -i /usr/local/share/fedmsg/fedmsg.pp
   when: selinux_module is changed
   tags:
   - fedmsg/base
@@ -273,7 +273,7 @@
 # Also, label the ports that we commonly use for fedmsg under mod_wsgi
 # to be http_port_t so selinux lets apache bind there.
 - name: Check semanage ports
-  command: semanage port -l
+  ansible.builtin.command: semanage port -l
   register: semanageoutput
   check_mode: no
   changed_when: "1 != 1"
@@ -281,7 +281,7 @@
   - fedmsg/base
 
 - name: Set ports so httpd can bind to fedmsg endpoints
-  command: semanage port -a -t http_port_t -p tcp 3000-3100
+  ansible.builtin.command: semanage port -a -t http_port_t -p tcp 3000-3100
   when: semanageoutput.stdout.find("3000-3100") == -1
   tags:
   - fedmsg/base

roles/fedora_nightlies/handlers/main.yml

@@ -1,6 +1,6 @@
 # Restart handler for our fedora-messaging consumers
 ---
 - name: Conditionally restart fedora_nightlies consumer service
-  command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_nightlies
+  ansible.builtin.command: /usr/local/bin/conditional-restart.sh fm-consumer@fedora_nightlies
   listen:
   - restart fedora_nightlies

roles/fedora_nightlies/tasks/main.yml

@@ -91,14 +91,14 @@
   register: gitfn
 
 - name: Check if fedora_nightlies is installed for current Python
-  command: "pip show fedora_nightlies"
+  ansible.builtin.command: "pip show fedora_nightlies"
   register: instfn
   changed_when: "1 != 1"
   failed_when: "1 != 1"
   check_mode: no
 
 - name: Install fedora_nightlies
-  command: "python3 -m pip install --no-deps /root/fedora_nightlies"
+  ansible.builtin.command: "python3 -m pip install --no-deps /root/fedora_nightlies"
   when: "gitfn is changed or instfn.rc != 0"
   notify:
   - restart fedora_nightlies

roles/freemedia/tasks/main.yml

@@ -69,7 +69,7 @@
   - config
 
 - name: Check the selinux context freemedia
-  command: matchpathcon /srv/web/freemedia
+  ansible.builtin.command: matchpathcon /srv/web/freemedia
   register: freemediacontext
   check_mode: no
   changed_when: "1 != 1"
@@ -79,7 +79,7 @@
   - selinux
 
 - name: /srv/web/freemedia file contexts
-  command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/freemedia(/.*)?"
+  ansible.builtin.command: semanage fcontext -a -t httpd_sys_content_t "/srv/web/freemedia(/.*)?"
   when: freemediacontext.stdout.find('httpd_sys_content_t') == -1
   tags:
   - config

roles/haproxy/tasks/main.yml

@@ -101,7 +101,7 @@
   - selinux
 
 - name: Install our general haproxy selinux module
-  command: semodule -i /usr/share/haproxy/fi-haproxy.pp
+  ansible.builtin.command: semodule -i /usr/share/haproxy/fi-haproxy.pp
   when: fi_haproxy_module is changed or fi_haproxy_grep is changed
   tags:
   - haproxy
@@ -109,7 +109,7 @@
 
 
 - name: Check haproxy cfg to make sure it is valid
-  command: haproxy -c -f /etc/haproxy/haproxy.cfg
+  ansible.builtin.command: haproxy -c -f /etc/haproxy/haproxy.cfg
   check_mode: no
   register: haproxyconfigcheck
   changed_when: haproxyconfigcheck.rc != 0

roles/ipa/client/handlers/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Clean sss caches
-  command: sss_cache -E
+  ansible.builtin.command: sss_cache -E
 
 - name: Restart sssd
   shell: systemctl restart sssd

roles/ipa/client/tasks/common.yml

@@ -8,7 +8,7 @@
 
 - name: Check that sysadmin-main and referenced groups exist on IPA server(s)
   delegate_to: "{{ item[0] }}"
-  command: "getent group {{ item[1] }}"
+  ansible.builtin.command: "getent group {{ item[1] }}"
   changed_when: false
   loop: >-
     {{

roles/ipa/client/tasks/main.yml

@@ -15,7 +15,7 @@
     - vpn-client-enablement
 
 - name: Enroll system as IPA client
-  command:
+  ansible.builtin.command:
     cmd: ipa-client-install
          {% if (vpn | default(false)) %}{% for node in ipa_server_nodes | default([]) %}
          --server={{ node }}

roles/ipa/server/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
 - name: restart ipa
-  command: ipactl restart
+  ansible.builtin.command: ipactl restart

roles/ipa/server/tasks/main.yml

@@ -260,7 +260,7 @@
 # can't choose to let other users see their info or not.
 #
 # - name: Disable default permissions so we don't break our privacy policy
-#   command:
+#   ansible.builtin.command:
 #     argv:
 #       - ipa
 #       - permission-mod
@@ -275,7 +275,7 @@
 #
 # # Because of the previous task, we must explicitely allow users to read their own data
 # - name: Allow users to read their own data
-#   command:
+#   ansible.builtin.command:
 #     argv:
 #       - ipa
 #       - selfservice-add

roles/ipa/servicedelegationrule/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: Create servicedelegationrule entry
   delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationrule-add {{rulename}}-delegation
+  ansible.builtin.command: ipa servicedelegationrule-add {{rulename}}-delegation
   register: add_result
   check_mode: no
   changed_when: "'Added service delegation rule' in add_result.stdout"
@@ -22,7 +22,7 @@
 
 - name: Add servicedelegationrule members
   delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationrule-add-member {{rulename}}-delegation --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
+  ansible.builtin.command: ipa servicedelegationrule-add-member {{rulename}}-delegation --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
   loop: "{{ members }}"
   register: add_member_result
   check_mode: no
@@ -34,7 +34,7 @@
 
 - name: Add servicedelegationrule targets
   delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationrule-add-target {{rulename}}-delegation --servicedelegationtargets={{item}}-delegation-targets
+  ansible.builtin.command: ipa servicedelegationrule-add-target {{rulename}}-delegation --servicedelegationtargets={{item}}-delegation-targets
   loop: "{{ targets }}"
   register: add_target_result
   check_mode: no
@@ -46,7 +46,7 @@
 
 - name: Destroy admin ticket
   delegate_to: "{{ ipa_server }}"
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
   tags:
   - config
   - krb5

roles/ipa/servicedelegationtarget/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: Create servicedelegationtarget entry
   delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets
+  ansible.builtin.command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets
   register: add_result
   check_mode: no
   changed_when: "'Added service delegation target' in add_result.stdout"
@@ -22,7 +22,7 @@
 
 - name: Add servicedelegationtarget members
   delegate_to: "{{ ipa_server }}"
-  command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
+  ansible.builtin.command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
   loop: "{{ members }}"
   register: add_member_result
   check_mode: no
@@ -34,7 +34,7 @@
 
 - name: Destroy admin ticket
   delegate_to: "{{ ipa_server }}"
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
   tags:
   - config
   - krb5

roles/ipsilon/tasks/main.yml

@@ -41,7 +41,7 @@
   - ipsilon
 
 - name: Install Fedora-specific code if it changed
-  command:
+  ansible.builtin.command:
     cmd: ./install.sh
     chdir: /opt/ipsilon-fedora
   when: git_update is changed
@@ -51,7 +51,7 @@
   - ipsilon
 
 - name: Install Fedora-specific code on initial run
-  command:
+  ansible.builtin.command:
     cmd: ./install.sh
     chdir: /opt/ipsilon-fedora
     creates: "{{ ansible_facts['python3']['sitelib'] }}/ipsilon/providers/openidc/plugins/account-scopes.py"
@@ -70,7 +70,7 @@
   - ipsilon
 
 - name: Install ipsilon
-  command:
+  ansible.builtin.command:
     cmd: ipsilon-server-install
          --root-instance
          --admin-user=admin
@@ -85,7 +85,7 @@
   - ipsilon
 
 - name: Destroy admin ticket
-  command: kdestroy -A
+  ansible.builtin.command: kdestroy -A
   tags:
   - ipsilon
 
@@ -209,7 +209,7 @@
 - name: Generate the saml2 metadata
   become_user: ipsilon
   become: yes
-  command:
+  ansible.builtin.command:
     cmd: /usr/local/bin/prepare-saml2-metadata
     creates: /etc/ipsilon/root/saml2/metadata.xml
   tags:

roles/iscsi_client/tasks/main.yml

@@ -54,24 +54,24 @@
   - config
 
 - name: Set up iscsi interface for EL8
-  command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new
+  ansible.builtin.command: creates=/var/lib/iscsi/ifaces/{{ netapp_iscsi_interface_iad2 }} iscsiadm -m iface -I {{ netapp_iscsi_interface_iad2 }} --op=new
   when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2'
   tags:
   - config
 
 - name: Run iscsiadm command for initial connect to PHX2 vtap-fedora-iscsi01
-  command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login
+  ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name }}/{{ netapp_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name }} --portal {{ netapp_iscsi_portal }} --login
   tags:
   - config
 
 - name: Run iscsiadm command for initial connect to IAD2 vtap-fedora-iscsi01
-  command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login
+  ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_iscsi_name_iad2 }}/{{ netapp_iscsi_portal_iad2 }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_iscsi_portal_iad2 }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_iscsi_name_iad2 }} --portal {{ netapp_iscsi_portal_iad2 }} --login
   when: ansible_distribution_major_version|int >= 8 and ansible_distribution == "RedHat" and datacenter == 'iad2'
   tags:
   - config
 
 # - name: Run iscsiadm command for initial connect to vtap-fedora-nfs01
-#  command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login
+#  ansible.builtin.command: creates=/var/lib/iscsi/nodes/{{ netapp_nfs01_iscsi_name }}/{{ netapp_nfs01_iscsi_portal }},3260 /sbin/iscsiadm --mode node --targetname  --portal {{ netapp_nfs01_iscsi_portal }} -o new ; /sbin/iscsiadm --mode node --targetname {{ netapp_nfs01_iscsi_name }} --portal {{ netapp_nfs01_iscsi_portal }} --login
 #  tags:
 #  - config
 #  when: inventory_hostname_short == "buildvmhost-10"