diff --git a/handlers/restart_services.yml b/handlers/restart_services.yml index 4fd586b2cd..7c117fee67 100644 --- a/handlers/restart_services.yml +++ b/handlers/restart_services.yml @@ -125,10 +125,10 @@ service: name=memcached state=restarted - name: restart nagios - shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios + ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios - name: restart bridge - shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge + ansible.builtin.shell: /usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge - name: reload libvirtd service: name=libvirtd state=reloaded diff --git a/playbooks/check-host.yml b/playbooks/check-host.yml index e38cbc96cb..3d08da8609 100644 --- a/playbooks/check-host.yml +++ b/playbooks/check-host.yml @@ -10,12 +10,12 @@ tasks: - name: Create temp dir for collecting info - shell: mktemp -d + ansible.builtin.shell: mktemp -d register: temp_dir changed_when: false - name: Get list of active loaded services with systemctl - shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' + ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' changed_when: false when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' register: loaded_active_services_systemctl @@ -24,7 +24,7 @@ - services - name: Get list of active loaded services with systemctl - shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' + ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep "loaded active" | tr -s " " | cut -d " " -f1' changed_when: false when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat' register: loaded_active_services_systemctl @@ -33,7 +33,7 @@ - services - name: Get list of inactive loaded services with systemctl - shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' + ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' changed_when: false when: ansible_distribution_major_version|int >= 29 and ansible_distribution == 'Fedora' register: loaded_inactive_services_systemctl @@ -42,7 +42,7 @@ - services - name: Get list of inactive loaded services with systemctl - shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' + ansible.builtin.shell: '/bin/systemctl -t service --no-legend | egrep -v "loaded active" | tr -s " " | cut -d " " -f1' changed_when: false when: ansible_distribution_major_version|int > 6 and ansible_distribution == 'RedHat' register: loaded_inactive_services_systemctl @@ -52,7 +52,7 @@ - name: Get list of enabled services with chkconfig at current runlevel - shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'" + ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:on\" | awk '{print $1}'" changed_when: false when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat' register: enabled_services_chkconfig @@ -61,7 +61,7 @@ - services - name: Get list of disabled services with chkconfig at current runlevel - shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'" + ansible.builtin.shell: "chkconfig | grep \"`runlevel | cut -d ' ' -f 2`:off\" | awk '{print $1}'" changed_when: false when: ansible_distribution_major_version|int <= 6 and ansible_distribution == 'RedHat' register: disabled_services_chkconfig @@ -71,7 +71,7 @@ - name: Output enabled service list chkconfig - shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices + ansible.builtin.shell: echo {{enabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/eservices when: enabled_services_chkconfig is defined and enabled_services_chkconfig.rc == 0 changed_when: false tags: @@ -79,7 +79,7 @@ - services - name: Output disabled loaded service list chkconfig - shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices + ansible.builtin.shell: echo {{disabled_services_chkconfig.stdout_lines}} >> {{temp_dir.stdout}}/dservices when: disabled_services_chkconfig is defined and disabled_services_chkconfig.rc == 0 changed_when: false tags: @@ -88,7 +88,7 @@ - name: Output loaded active service list systemctl - shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices + ansible.builtin.shell: echo {{loaded_active_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/laservices when: loaded_active_services_systemctl is defined and loaded_active_services_systemctl.rc == 0 changed_when: false tags: @@ -96,7 +96,7 @@ - services - name: Output loaded inactive service list systemctl - shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices + ansible.builtin.shell: echo {{loaded_inactive_services_systemctl.stdout_lines}} >> {{temp_dir.stdout}}/liservices when: loaded_inactive_services_systemctl is defined and loaded_inactive_services_systemctl.rc == 0 changed_when: false tags: @@ -114,14 +114,14 @@ - updates - name: Show pending updates - shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates + ansible.builtin.shell: echo {{list_update.stdout_lines}} >> {{temp_dir.stdout}}/pending_updates changed_when: false tags: - check - updates - name: Get processes that need restarting - shell: needs-restarting + ansible.builtin.shell: needs-restarting register: needs_restarting changed_when: false tags: @@ -129,14 +129,14 @@ - restart - name: Show processes that need restarting - shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart + ansible.builtin.shell: echo {{needs_restarting.stdout_lines}} >> {{temp_dir.stdout}}/needing_restart changed_when: false tags: - check - restart - name: Get locally changed files from the rpm package - shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no + ansible.builtin.shell: rpm_tmp_var=`mktemp` && ! rpm -Va 2>/dev/null > $rpm_tmp_var && [[ -s $rpm_tmp_var ]] && echo $rpm_tmp_var warn=no register: localchanges changed_when: false tags: @@ -153,7 +153,7 @@ - fileverify - name: Show locally changed files (excluding config files) - shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed + ansible.builtin.shell: echo {{rpm_va_nc.stdout_lines}} >> {{temp_dir.stdout}}/local_changed when: rpm_va_nc.stdout != "" changed_when: false tags: @@ -170,7 +170,7 @@ - fileverify - name: 'Whitelist - Show locally changed files (config files)' - shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed + ansible.builtin.shell: echo {{rpm_va_c.stdout_lines}} >> {{temp_dir.stdout}}/local_config_changed changed_when: false when: rpm_va_c.stdout != "" tags: @@ -178,7 +178,7 @@ - fileverify - name: Check if using iptables - shell: /sbin/iptables -S + ansible.builtin.shell: /sbin/iptables -S register: iptablesn changed_when: false tags: @@ -186,21 +186,21 @@ - iptables - name: Show iptables rules - shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables + ansible.builtin.shell: echo "{{iptablesn.stdout_lines}}" >> {{ temp_dir.stdout }}/iptables changed_when: false tags: - check - iptables - name: Show current SELinux status - shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux + ansible.builtin.shell: echo "SELinux is {{ ansible_selinux.status }} for this System" >> {{temp_dir.stdout}}/selinux changed_when: false tags: - check - selinux - name: Show Boot SELinux mode - shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux + ansible.builtin.shell: echo "SELinux boots to {{ ansible_selinux.config_mode }} mode " >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" changed_when: false tags: @@ -208,7 +208,7 @@ - selinux - name: Show Current SELinux mode - shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux + ansible.builtin.shell: echo "SELinux currently is in {{ ansible_selinux.mode }} mode" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" changed_when: false tags: @@ -216,7 +216,7 @@ - selinux - name: Match current SELinux status with boot status - shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux + ansible.builtin.shell: echo "SElinux Current and Boot modes are in sync" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode == ansible_selinux.mode changed_when: false tags: @@ -225,7 +225,7 @@ - name: MisMatch current SELinux status with boot status - shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux + ansible.builtin.shell: echo "SElinux Current and Boot modes are NOT in sync" >> {{temp_dir.stdout}}/selinux when: ansible_selinux.status != "disabled" and ansible_selinux.config_mode != ansible_selinux.mode changed_when: false tags: @@ -239,12 +239,12 @@ ignore_errors: true - name: Get file list - shell: ls -1 {{temp_dir.stdout}}/* + ansible.builtin.shell: ls -1 {{temp_dir.stdout}}/* register: file_list changed_when: false - name: Get timestamp - shell: "date +%Y-%m-%d-%H-%M-%S" + ansible.builtin.shell: "date +%Y-%m-%d-%H-%M-%S" register: timestamp changed_when: false diff --git a/playbooks/checks_log_failed_services.yml b/playbooks/checks_log_failed_services.yml index 447c6ecd59..fc3726d4cb 100644 --- a/playbooks/checks_log_failed_services.yml +++ b/playbooks/checks_log_failed_services.yml @@ -7,11 +7,11 @@ tasks: - name: Listing failed units - shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' + ansible.builtin.shell: systemctl list-units --state failed --no-legend | awk '{ print $1 }' register: listing_failed - name: Check log with journalctl - shell: journalctl -lru {{ item }} -n 50 + ansible.builtin.shell: journalctl -lru {{ item }} -n 50 register: display_log with_items: "{{ listing_failed.stdout_lines[0:] }}" diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml index befebebe64..a712edc8ea 100644 --- a/playbooks/groups/ipa.yml +++ b/playbooks/groups/ipa.yml @@ -60,7 +60,7 @@ tasks: - name: Combine IPA keytabs - shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil + ansible.builtin.shell: printf "%b" "read_kt /etc/httpd/conf/ipa.keytab\nread_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab\nwrite_kt /etc/krb5.HTTP_id{{env_suffix}}.fedoraproject.org.keytab.combined" | ktutil changed_when: false tags: - krb5 diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 681eeac974..3a81a3dced 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -49,7 +49,7 @@ user: name: pagure uid: "{{ pagure_static_uid }}" - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin comment: "Pagure User" when: env == "staging" ## The above should be deleted when we rebuild pkgs02 in future. diff --git a/playbooks/groups/proxies.yml b/playbooks/groups/proxies.yml index 28fe1be161..8502b08ead 100644 --- a/playbooks/groups/proxies.yml +++ b/playbooks/groups/proxies.yml @@ -148,7 +148,7 @@ # Do not count these as changed ever # - name: make sure docs are synced. This could take a very very very logtime to finish - shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null + ansible.builtin.shell: /usr/local/bin/lock-wrapper docs-sync "/usr/local/bin/docs-rsync" >& /dev/null changed_when: false ignore_errors: true diff --git a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml index 20b06078c2..62585ab10f 100644 --- a/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml +++ b/playbooks/hosts/cloud-noc01.fedorainfracloud.org.yml @@ -32,7 +32,7 @@ - import_tasks: "{{ tasks_path }}/motd.yml" - name: check if ntpd port is already known by selinux - shell: semanage port -l | grep ntp + ansible.builtin.shell: semanage port -l | grep ntp register: ntp_selinux_port check_mode: no changed_when: false diff --git a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml index e8a5f2164a..b7f73db05c 100644 --- a/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml +++ b/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml @@ -42,7 +42,7 @@ - dhcp-server - name: check if ntpd port is already known by selinux - shell: semanage port -l | grep ntp + ansible.builtin.shell: semanage port -l | grep ntp register: ntp_selinux_port check_mode: no changed_when: false diff --git a/playbooks/manual/copr/copr-frontend-upgrade.yml b/playbooks/manual/copr/copr-frontend-upgrade.yml index b246e16031..7362edf124 100644 --- a/playbooks/manual/copr/copr-frontend-upgrade.yml +++ b/playbooks/manual/copr/copr-frontend-upgrade.yml @@ -17,7 +17,7 @@ import_tasks: _generic_tasks.yml - name: Check for copr-frontend update - shell: dnf clean expire-cache ; dnf check-update copr-frontend + ansible.builtin.shell: dnf clean expire-cache ; dnf check-update copr-frontend register: frontend_has_update changed_when: "frontend_has_update.rc != 0" failed_when: false @@ -37,7 +37,7 @@ - python3-copr-common - name: Upgrade db to head, logs in /var/log/copr-frontend/migrations.log - shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log + ansible.builtin.shell: alembic-3 upgrade head &> /var/log/copr-frontend/migrations.log become: yes become_user: copr-fe args: diff --git a/playbooks/manual/fas-readonly/fas-readonly.yml b/playbooks/manual/fas-readonly/fas-readonly.yml index 558054ab26..b6e1ceae0f 100644 --- a/playbooks/manual/fas-readonly/fas-readonly.yml +++ b/playbooks/manual/fas-readonly/fas-readonly.yml @@ -11,7 +11,7 @@ template: src=fas-readonly.sql dest=/var/lib/pgsql/fas-readonly.sql - name: Change permissions for relevant tables in the fas db - shell: psql -1 -v ON_ERROR_STOP=1 fas2 {{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}" + - ansible.builtin.shell: "ssh {{ inventory_hostname }} sudo -u {{ sar_script_user }} SAR_USERNAME={{ sar_fas_user }} SAR_EMAIL={{ sar_email }} {{ sar_script }} >{{ hostvars['localhost']['sar_tmp_dir'] }}/{{ sar_output_file }}" delegate_to: localhost when: "sar_huge is defined and sar_huge" @@ -57,7 +57,7 @@ - name: "Create the archive" block: # Generate a private tarball of the files from each service. - - shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *" + - ansible.builtin.shell: "umask 0077 && tar --transform \"s:^:{{ sar_fas_user }}_{{ sar_email }}/:\" -czf {{ sar_tmp_dir }}/{{ sar_fas_user }}_{{ sar_email }}.tar.gz *" args: chdir: "{{ sar_tmp_dir }}" # Move the tarball into the desired pick up location. diff --git a/playbooks/manual/gdpr/sar_openshift.yml b/playbooks/manual/gdpr/sar_openshift.yml index f412e184ec..d9fbc553e6 100644 --- a/playbooks/manual/gdpr/sar_openshift.yml +++ b/playbooks/manual/gdpr/sar_openshift.yml @@ -2,7 +2,7 @@ # Get the correct pod --- - name: Retrieve the id of the running container/pod - shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'" + ansible.builtin.shell: "oc get -n {{ item.value.openshift_namespace }} -o name -l app={{ item.value.openshift_pod }} pods | cut -f 2 -d '/'" register: pod_id # Run the SAR script - name: Run oc exec in container to extract the data diff --git a/playbooks/manual/get-system-packages.yml b/playbooks/manual/get-system-packages.yml index b7bfb016d9..cf0e245b0a 100644 --- a/playbooks/manual/get-system-packages.yml +++ b/playbooks/manual/get-system-packages.yml @@ -11,7 +11,7 @@ tasks: - name: RPM_output - shell: "/usr/bin/rpm -qa" + ansible.builtin.shell: "/usr/bin/rpm -qa" register: rpm_output args: warn: false # set warn=false to prevent warning diff --git a/playbooks/manual/history_undo.yml b/playbooks/manual/history_undo.yml index b9d2f784f8..931f947c64 100644 --- a/playbooks/manual/history_undo.yml +++ b/playbooks/manual/history_undo.yml @@ -15,7 +15,7 @@ tasks: - name: Find the ID of the last yum transaction - shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' ' + ansible.builtin.shell: yum history package {{ package }} | sed -n 3p | awk -F "|" '{ print $1 }' | tr -d ' ' register: transaction_id # If transaction_id.stderr == "", then that means that the $PACKAGE we're diff --git a/playbooks/manual/noggin-deployment/create-full-backup.yml b/playbooks/manual/noggin-deployment/create-full-backup.yml index 3007ca4bb0..7195200530 100644 --- a/playbooks/manual/noggin-deployment/create-full-backup.yml +++ b/playbooks/manual/noggin-deployment/create-full-backup.yml @@ -10,6 +10,6 @@ ansible.builtin.command: ipa-backup - name: Make the latest backup available under a fixed name - shell: + ansible.builtin.shell: cmd: ln -snf $(ls -1t ipa-full* | head -n 1) ipa-full-latest chdir: /var/lib/ipa/backup diff --git a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml b/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml index ae7bdc944a..b55d22c413 100644 --- a/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml +++ b/playbooks/manual/noggin-deployment/fix-home-fedora-ownerships.yml @@ -25,7 +25,7 @@ - name: Fix ownership of home directories in /home/fedora # assumes that directory name == user name - shell: + ansible.builtin.shell: chdir: /home/fedora cmd: /usr/local/sbin/fix-home-fedora-ownerships.sh register: chown_res diff --git a/playbooks/manual/remote_delldrive.yml b/playbooks/manual/remote_delldrive.yml index d3658ed6ac..6e4961a2e8 100644 --- a/playbooks/manual/remote_delldrive.yml +++ b/playbooks/manual/remote_delldrive.yml @@ -13,7 +13,7 @@ ansible.builtin.copy: src={{private}}/scripts/drivestatus.py dest=/root/drivestatus.py - name: Run it for {{mgmt}} - shell: python /root/drivestatus.py {{mgmt}} + ansible.builtin.shell: python /root/drivestatus.py {{mgmt}} register: out - name: Remove it diff --git a/playbooks/manual/sign-and-import.yml b/playbooks/manual/sign-and-import.yml index 5906dd05c4..479d157238 100644 --- a/playbooks/manual/sign-and-import.yml +++ b/playbooks/manual/sign-and-import.yml @@ -41,7 +41,7 @@ # TODO -- I'd also like to fail if there are no *.rpm files in there. - name: Sign all the rpms with our gpg key - shell: /bin/rpm --resign {{ rpmdir }}/*.rpm + ansible.builtin.shell: /bin/rpm --resign {{ rpmdir }}/*.rpm - name: Make a directory where we store the rpms afterwards ansible.builtin.file: path={{ rpmdir }}-old state=directory diff --git a/playbooks/manual/staging-sync/bodhi.yml b/playbooks/manual/staging-sync/bodhi.yml index d407237015..b2b890ea4e 100644 --- a/playbooks/manual/staging-sync/bodhi.yml +++ b/playbooks/manual/staging-sync/bodhi.yml @@ -65,7 +65,7 @@ - ansible.builtin.command: dropdb bodhi2 - ansible.builtin.command: createdb -O bodhi2 bodhi2 - name: Import the prod db. - shell: cat /var/tmp/bodhi2.dump | psql bodhi2 + ansible.builtin.shell: cat /var/tmp/bodhi2.dump | psql bodhi2 - ansible.builtin.file: path=/var/tmp/bodhi2.dump state=absent - name: Bring staging services up (OpenShift web services) diff --git a/playbooks/manual/staging-sync/db-sync.yml b/playbooks/manual/staging-sync/db-sync.yml index 1991687fcd..f8287ad4fb 100644 --- a/playbooks/manual/staging-sync/db-sync.yml +++ b/playbooks/manual/staging-sync/db-sync.yml @@ -31,7 +31,7 @@ tasks: - name: Dumping the production db. This might take a minute. Go out to the lobby! - shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz + ansible.builtin.shell: pg_dump -C {{ db }} |xz -c > /var/tmp/{{ db }}.dump.xz # Get the dump from `from` in the batcave - name: Export the dump from the dbhost in prod to batcave @@ -89,7 +89,7 @@ ansible.builtin.command: createdb {{ db }} - name: Import the prod db. This will take quite a while. Go get a snack! - shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} + ansible.builtin.shell: cat /var/tmp/{{ db }}.dump | psql {{ db }} - name: Bring staging services up hosts: "{{ server or 'batcave01.iad2.fedoraproject.org' }}" diff --git a/playbooks/manual/staging-sync/koji.yml b/playbooks/manual/staging-sync/koji.yml index 0e53e63015..dc87359ef5 100644 --- a/playbooks/manual/staging-sync/koji.yml +++ b/playbooks/manual/staging-sync/koji.yml @@ -73,7 +73,7 @@ # buildroot_listing is excluded from the sync to save some time # TODO: install mbuffer on db-koji.stg - name: Import the prod db. This will take quite a while. Go get a snack! - shell: > + ansible.builtin.shell: > curl -s -S https://infrastructure.fedoraproject.org/infra/db-dumps/koji.dump.xz | mbuffer -q -s 8M -m 128M -l /tmp/mbuffer-curl-to-xz.log | xzcat | @@ -82,9 +82,9 @@ mbuffer -q -s 16M -m 512M -l /tmp/mbuffer-sed-to-psql.log | psql -v ON_ERROR_STOP=1 - name: Repoint all the prod rpm entries at the secondary volume (and other stuff) - shell: psql -1 -v ON_ERROR_STOP=1 koji + ansible.builtin.shell: > faf releaseadd -o centos --opsys-release {{ item }} -s ACTIVE become: yes become_user: faf @@ -10,7 +10,7 @@ - name: Add Fedora opsys releases loop: "{{ rs_internal_fedora_vers }}" - shell: > + ansible.builtin.shell: > faf releaseadd -o fedora --opsys-release {{ item }} -s ACTIVE become: yes become_user: faf diff --git a/roles/abrt/faf-post/tasks/repositories.yml b/roles/abrt/faf-post/tasks/repositories.yml index c2142cadaa..c06fbfcb5b 100644 --- a/roles/abrt/faf-post/tasks/repositories.yml +++ b/roles/abrt/faf-post/tasks/repositories.yml @@ -1,7 +1,7 @@ --- - name: Add Fedora package repositories loop: "{{ faf_repos }}" - shell: > + ansible.builtin.shell: > faf repoadd --nogpgcheck "{{ item.name }}" dnf "{{ item.url | join('" "') }}" become: yes become_user: faf @@ -18,7 +18,7 @@ - name: List repositories of EOL Fedora releases loop: "{{ rs_internal_fedora_vers_removed }}" - shell: "faf repolist | grep fedora-{{ item }} || true" + ansible.builtin.shell: "faf repolist | grep fedora-{{ item }} || true" become: yes become_user: faf register: eol_repolist diff --git a/roles/abrt/faf/tasks/first_time_setup.yml b/roles/abrt/faf/tasks/first_time_setup.yml index ffc425d803..d9a7326434 100644 --- a/roles/abrt/faf/tasks/first_time_setup.yml +++ b/roles/abrt/faf/tasks/first_time_setup.yml @@ -1,7 +1,7 @@ --- - name: Check for count of faf tables - shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables" + ansible.builtin.shell: psql -c "SELECT COUNT(*) FROM pg_stat_user_tables" register: count_tables changed_when: "( count_tables.stdout_lines[2]|int ) == 0" check_mode: no diff --git a/roles/abrt/retrace-post/tasks/retrace_setup.yml b/roles/abrt/retrace-post/tasks/retrace_setup.yml index 1714aef4cc..7820970a25 100644 --- a/roles/abrt/retrace-post/tasks/retrace_setup.yml +++ b/roles/abrt/retrace-post/tasks/retrace_setup.yml @@ -2,7 +2,7 @@ # long running tasks - run them in background - we do not actually care about the results - name: Reposync for fedora - shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} $(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) & + ansible.builtin.shell: nohup retrace-server-reposync fedora {{ item[0] }} {{ item[1] }} $(mktemp /tmp/ansible.reposync_for_fedoraXXXXXX.log) & loop: "{{ rs_internal_fedora_vers | product(rs_internal_arch_list) | list }}" become: yes become_user: retrace @@ -10,7 +10,7 @@ when: env != 'staging' - name: Reposync for centos - shell: nohup retrace-server-reposync centos {{ item }} x86_64 $(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) & + ansible.builtin.shell: nohup retrace-server-reposync centos {{ item }} x86_64 $(mktemp /tmp/ansible.reposync_for_centosXXXXXX.log) & loop: "{{ rs_internal_centos_vers }}" become: yes become_user: retrace diff --git a/roles/abrt/retrace/tasks/podman.yml b/roles/abrt/retrace/tasks/podman.yml index 56f380c8f0..246bd2dc31 100644 --- a/roles/abrt/retrace/tasks/podman.yml +++ b/roles/abrt/retrace/tasks/podman.yml @@ -16,7 +16,7 @@ - block: - name: Get last subuid entry - shell: | + ansible.builtin.shell: | set -o pipefail sort -nrt: -k2 /etc/subuid | awk -F: 'NR == 1 { print $2 }' changed_when: false @@ -41,7 +41,7 @@ - block: - name: Get last subgid entry - shell: | + ansible.builtin.shell: | set -o pipefail cut -d ':' -f2 /etc/subgid | sort | tail -1 changed_when: false diff --git a/roles/apps-fp-o/handlers/main.yml b/roles/apps-fp-o/handlers/main.yml index 9abd6c57e7..5c53c96764 100644 --- a/roles/apps-fp-o/handlers/main.yml +++ b/roles/apps-fp-o/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Rebuild apps-fp-o html - shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html + ansible.builtin.shell: /usr/bin/apps-fp-o-yaml2html.py > /srv/web/apps-fp-o/apps-yaml.html - name: Rebuild apps-fp-o json - shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js + ansible.builtin.shell: /usr/bin/apps-fp-o-yaml2json.py > /srv/web/apps-fp-o/js/data.js diff --git a/roles/awx/execution_node/tasks/main.yml b/roles/awx/execution_node/tasks/main.yml index ac20636a61..e92503401b 100644 --- a/roles/awx/execution_node/tasks/main.yml +++ b/roles/awx/execution_node/tasks/main.yml @@ -2,7 +2,7 @@ - name: Create the awx user user: name: awx - shell: /bin/bash + ansible.builtin.shell: /bin/bash - name: Enable Copr repo for Ansible Receptor (Fedora) community.general.copr: diff --git a/roles/base/tasks/keytab.yml b/roles/base/tasks/keytab.yml index c00c884eb7..6f98c6f26a 100644 --- a/roles/base/tasks/keytab.yml +++ b/roles/base/tasks/keytab.yml @@ -10,7 +10,7 @@ - name: Get admin keytab delegate_to: "{{ ipa_server }}" - shell: echo "{{ipa_admin_password}}" | kinit admin + ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin tags: - base - config @@ -106,7 +106,7 @@ when: not host_keytab_status.stat.exists - name: Base64-decode keytab - shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab" + ansible.builtin.shell: "umask 077; base64 -d /etc/krb5.keytab.b64 >/etc/krb5.keytab" tags: - base - config diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 87e03b742f..a4ede3f7ce 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -149,7 +149,7 @@ - base - name: Setup builder ipset if this is a new install - shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi" + ansible.builtin.shell: "/usr/sbin/ipset create osbuildapi hash:ip; touch /etc/sysconfig/ipset-osbuildapi" args: creates: /etc/sysconfig/ipset-osbuildapi when: "'osbuild' in group_names" diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 2ab278392d..3d188d1e7a 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -46,7 +46,7 @@ when: ( ansible_distribution == 'Fedora' and ansible_distribution_major_version|int >= 30 ) or ( ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8 ) - name: Check if sshd port is already known by selinux - shell: semanage port -l | grep ssh + ansible.builtin.shell: semanage port -l | grep ssh register: sshd_selinux_port check_mode: no changed_when: false @@ -199,7 +199,7 @@ # Currently, we use the epoch as serial. That's unique enough for now - name: Sign the certificates - shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" + ansible.builtin.shell: "ssh-keygen -s {{private}}/files/ssh/{{env}}_ca_host_key -t rsa-sha2-256 -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z `date +%s` {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub" delegate_to: localhost with_items: "{{certs_to_sign}}" check_mode: no diff --git a/roles/bkernel/tasks/main.yml b/roles/bkernel/tasks/main.yml index c8f611dcab..7732d662b2 100644 --- a/roles/bkernel/tasks/main.yml +++ b/roles/bkernel/tasks/main.yml @@ -18,7 +18,7 @@ - bkernel - name: Setup opensc in pcscd - shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so + ansible.builtin.shell: modutil -dbdir /etc/pki/pesign -list | grep -q OpenSC || modutil -force -dbdir /etc/pki/pesign -add opensc -libfile /usr/lib64/pkcs11/opensc-pkcs11.so check_mode: no changed_when: "1 != 1" tags: diff --git a/roles/blockerbugs/tasks/main.yml b/roles/blockerbugs/tasks/main.yml index 60f2239ca7..60ecacfcdb 100644 --- a/roles/blockerbugs/tasks/main.yml +++ b/roles/blockerbugs/tasks/main.yml @@ -32,7 +32,7 @@ user: name: blockerbugs group: blockerbugs - shell: /bin/nologin + ansible.builtin.shell: /bin/nologin home: /usr/share/blockerbugs tags: - blockerbugs diff --git a/roles/bodhi2/base/tasks/main.yml b/roles/bodhi2/base/tasks/main.yml index c62d67f06d..aa9a24c7a9 100644 --- a/roles/bodhi2/base/tasks/main.yml +++ b/roles/bodhi2/base/tasks/main.yml @@ -19,7 +19,7 @@ name: bodhi group: bodhi comment: Bodhi Server - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin home: /usr/share/bodhi system: yes state: present diff --git a/roles/collectd/base/tasks/main.yml b/roles/collectd/base/tasks/main.yml index 179efd70ab..778cee5d32 100644 --- a/roles/collectd/base/tasks/main.yml +++ b/roles/collectd/base/tasks/main.yml @@ -133,7 +133,7 @@ # TODO: consider using selinux_modules from https://galaxy.ansible.com/linux-system-roles/selinux instead - name: Check to see what version is installed (if any) - shell: "semodule -l -m | grep fi-collectd | cut -d: -f2" + ansible.builtin.shell: "semodule -l -m | grep fi-collectd | cut -d: -f2" register: ficgeneral_installed_version check_mode: no changed_when: false @@ -143,7 +143,7 @@ # This cmd comes from the last example of the semodule man page - name: Check to see what version we have - shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1 + ansible.builtin.shell: /usr/libexec/selinux/hll/pp /usr/share/collectd/fi-collectd.pp | sha256sum | cut -d ' ' -f1 register: ficgeneral_local_version check_mode: no changed_when: false @@ -166,7 +166,7 @@ - selinux - name: Check to see if its even installed yet - shell: semodule -l | grep fi-pstorefs | wc -l + ansible.builtin.shell: semodule -l | grep fi-pstorefs | wc -l register: ficpstorefs_grep check_mode: no changed_when: "'0' in ficpstorefs_grep.stdout" diff --git a/roles/collectd/fcomm-queue/tasks/main.yml b/roles/collectd/fcomm-queue/tasks/main.yml index a5d5e0ea0d..f72f93132b 100644 --- a/roles/collectd/fcomm-queue/tasks/main.yml +++ b/roles/collectd/fcomm-queue/tasks/main.yml @@ -37,7 +37,7 @@ - selinux - name: Check to see if its even installed yet - shell: semodule -l | grep fi-collectd-fcomm | wc -l + ansible.builtin.shell: semodule -l | grep fi-collectd-fcomm | wc -l register: ficfcomm_grep check_mode: no changed_when: "'0' in ficfcomm_grep.stdout" diff --git a/roles/communishift/tasks/retrieve-communishift-admin-data.yml b/roles/communishift/tasks/retrieve-communishift-admin-data.yml index e0a6d96e2e..29cb3fbc7e 100644 --- a/roles/communishift/tasks/retrieve-communishift-admin-data.yml +++ b/roles/communishift/tasks/retrieve-communishift-admin-data.yml @@ -1,7 +1,7 @@ --- # tasks file for CommunishiftAuthorization - name: Authorize with kinit - shell: kinit -k -t "{{ communishift_keytab_path }}" -l 3600 "{{ communishift_keytab_principal }}" + ansible.builtin.shell: kinit -k -t "{{ communishift_keytab_path }}" -l 3600 "{{ communishift_keytab_principal }}" run_once: true - name: Retrieve fasjson group/user data based on pattern supplied diff --git a/roles/copr/backend/files/provision/check_path_free_space.yml b/roles/copr/backend/files/provision/check_path_free_space.yml index c086156ccc..ffe891501b 100644 --- a/roles/copr/backend/files/provision/check_path_free_space.yml +++ b/roles/copr/backend/files/provision/check_path_free_space.yml @@ -1,6 +1,6 @@ --- - name: "call dnf on {{ path }}" - shell: "df '{{ path }}' --output=avail | tail -1" + ansible.builtin.shell: "df '{{ path }}' --output=avail | tail -1" register: df changed_when: false diff --git a/roles/copr/backend/files/provision/libdnf5.yml b/roles/copr/backend/files/provision/libdnf5.yml index 171c92557a..2e3267ebd8 100644 --- a/roles/copr/backend/files/provision/libdnf5.yml +++ b/roles/copr/backend/files/provision/libdnf5.yml @@ -1,6 +1,6 @@ --- - name: "Work-around for https://github.com/ansible/ansible/issues/84206 #1 (install python3 libdnf5)" - shell: dnf -y install python3-libdnf5 + ansible.builtin.shell: dnf -y install python3-libdnf5 - name: "Work-around for https://github.com/ansible/ansible/issues/84206 #2 (reload remote python modules)" meta: reset_connection diff --git a/roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml b/roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml index bd6c1e304f..21b5962595 100644 --- a/roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml +++ b/roles/copr/backend/files/provision/playbook-prepare-builder-to-create-images.yml @@ -46,7 +46,7 @@ register: helpers_installed - name: remount with larger TMP - shell: mount -o remount,size=20G /tmp + ansible.builtin.shell: mount -o remount,size=20G /tmp when: helpers_installed.changed - name: set direct backend for guestfish @@ -102,7 +102,7 @@ register: key_stat - name: create ssh keypair for password-less connection to nested-VMs - shell: 'ssh-keygen -b 4096 -t rsa -q -N "" -f {{ private_key_file }}' + ansible.builtin.shell: 'ssh-keygen -b 4096 -t rsa -q -N "" -f {{ private_key_file }}' when: not key_stat.stat.exists # - name: install composer packages diff --git a/roles/copr/backend/files/provision/provision_builder_tasks.yml b/roles/copr/backend/files/provision/provision_builder_tasks.yml index fd23e27a16..8a3ebbd944 100644 --- a/roles/copr/backend/files/provision/provision_builder_tasks.yml +++ b/roles/copr/backend/files/provision/provision_builder_tasks.yml @@ -72,7 +72,7 @@ # - starting_builder - name: clean dnf cache before checking for updated packages - shell: dnf clean all + ansible.builtin.shell: dnf clean all when: - preparing_image @@ -124,7 +124,7 @@ - pyp2spec - name: Activate Red Hat Subscription - shell: + ansible.builtin.shell: cmd: > echo "{{ copr_rhsm_activation_key }}" | /usr/bin/copr-builder-rhsm-subscribe-daemon @@ -137,7 +137,7 @@ when: starting_builder - name: make sure the enable-swap service has already finished - shell: "systemctl is-active enable-swap || :" + ansible.builtin.shell: "systemctl is-active enable-swap || :" register: enable_swap_active until: "'inactive' in enable_swap_active.stdout or 'failed' in enable_swap_active.stdout" retries: 20 @@ -145,7 +145,7 @@ when: starting_builder - name: debug the swap failure - shell: journalctl -u enable-swap + ansible.builtin.shell: journalctl -u enable-swap register: journalctl_output when: - starting_builder @@ -207,7 +207,7 @@ - starting_builder - name: run /bin/copr-update-builder from copr-builder package - shell: /usr/bin/copr-update-builder + ansible.builtin.shell: /usr/bin/copr-update-builder # - name: install the latest mock and mock-core-configs from updates-testing # ansible.builtin.package: state=latest name={{ packages }} @@ -218,7 +218,7 @@ # - https://kojipkgs.fedoraproject.org/packages/mock-core-configs/32.6/1.fc31/noarch/mock-core-configs-32.6-1.fc31.noarch.rpm # # - name: re-run copr-update builder when mock/mock-core-configs are updated -# shell: /usr/bin/copr-update-builder +# ansible.builtin.shell: /usr/bin/copr-update-builder # when: mock_updated.changed - name: patch from https://github.com/rpm-software-management/mock/pull/1341 @@ -327,4 +327,4 @@ - copr-rpmbuild.yml - name: Set up motd for builder - shell: "copr-builder help > /etc/motd || :" + ansible.builtin.shell: "copr-builder help > /etc/motd || :" diff --git a/roles/copr/backend/tasks/copr-ping.yml b/roles/copr/backend/tasks/copr-ping.yml index 407ea99d61..966aea7165 100644 --- a/roles/copr/backend/tasks/copr-ping.yml +++ b/roles/copr/backend/tasks/copr-ping.yml @@ -56,7 +56,7 @@ tags: copr_ping - name: Restorecon ping_log - shell: restorecon -irv "{{ ping_log }}" + ansible.builtin.shell: restorecon -irv "{{ ping_log }}" when: semanage_run.changed or ping_log_created.changed tags: copr_ping diff --git a/roles/copr/backend/tasks/main.yml b/roles/copr/backend/tasks/main.yml index f4c517738f..95712e52d0 100644 --- a/roles/copr/backend/tasks/main.yml +++ b/roles/copr/backend/tasks/main.yml @@ -274,7 +274,7 @@ register: copr_results_dir_st - name: Change owner for results dir if it isn't copr - shell: "chown -R copr:copr /var/lib/copr/public_html" + ansible.builtin.shell: "chown -R copr:copr /var/lib/copr/public_html" when: '"copr" not in copr_results_dir_st.stat.pw_name' - ansible.builtin.command: "ls -dZ /var/lib/copr/public_html/" diff --git a/roles/copr/backend/tasks/mount_fs.yml b/roles/copr/backend/tasks/mount_fs.yml index 26b5c61da2..077bcc4fb7 100644 --- a/roles/copr/backend/tasks/mount_fs.yml +++ b/roles/copr/backend/tasks/mount_fs.yml @@ -36,7 +36,7 @@ - name: Scan and assemble raid volumes and activate volume groups when: not stat_repo_fs.stat.exists - shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5 + ansible.builtin.shell: mdadm --assemble --scan && sleep 10 && vgchange -a y && sleep 5 && vgchange copr-backend-data --setautoactivation y && sleep 5 - name: Stat the ext4 filesystem stat: path=/dev/disk/by-label/copr-repo diff --git a/roles/copr/backend/tasks/resalloc.yml b/roles/copr/backend/tasks/resalloc.yml index 23c3a6a1cf..5e6c9a1a6c 100644 --- a/roles/copr/backend/tasks/resalloc.yml +++ b/roles/copr/backend/tasks/resalloc.yml @@ -56,7 +56,7 @@ register: postgres_initialized - name: Init postgresql - shell: "postgresql-setup initdb" + ansible.builtin.shell: "postgresql-setup initdb" when: not postgres_initialized.stat.exists - name: Enable PostgreSQL service diff --git a/roles/copr/base/tasks/main.yml b/roles/copr/base/tasks/main.yml index bb9935aea0..67dd81eb69 100644 --- a/roles/copr/base/tasks/main.yml +++ b/roles/copr/base/tasks/main.yml @@ -87,7 +87,7 @@ - "'pulp' not in inventory_hostname" # - name: Check offloading -# shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'" +# ansible.builtin.shell: "ethtool -k ens5 | egrep -q 'tcp-segmentation-offload: on|generic-receive-offload: on|generic-segmentation-offload: on'" # register: offloading # failed_when: offloading.rc == 2 # changed_when: "1 != 1" @@ -100,7 +100,7 @@ # - ansible_distribution == 'Fedora' # # - name: Disable offloading (persitently) -# shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off" +# ansible.builtin.shell: "nmcli con modify '{{ aws_ipv6_con }}' ethtool.feature-tso off ethtool.feature-gro off ethtool.feature-gso off" # when: # - offloading.rc == 0 # - ansible_distribution == 'Fedora' @@ -108,7 +108,7 @@ # - config # # - name: Check we have the needed ipv6 -# shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}" +# ansible.builtin.shell: "nmcli con show '{{ aws_ipv6_con }}' | grep ipv6.addresses | grep {{ aws_ipv6_addr }}" # register: ipv6_config_check # failed_when: false # changed_when: ipv6_config_check.rc == 1 @@ -117,7 +117,7 @@ # tags: ipv6_config # # - name: Setup ipv6 networking -# shell: | +# ansible.builtin.shell: | # nmcli con modify '{{ aws_ipv6_con }}' ipv6.method auto ipv6.may-fail yes ipv6.never-default no ipv6.addresses '{{ aws_ipv6_addr }}' # nmcli con up '{{ aws_ipv6_con }}' # when: diff --git a/roles/copr/certbot/tasks/letsencrypt.yml b/roles/copr/certbot/tasks/letsencrypt.yml index 4ef949eeda..4edfc1685d 100644 --- a/roles/copr/certbot/tasks/letsencrypt.yml +++ b/roles/copr/certbot/tasks/letsencrypt.yml @@ -53,7 +53,7 @@ register: some_cert_restored - name: Initialize certbot configuration - shell: | + ansible.builtin.shell: | certbot certonly --standalone \ -w {{ item.item.value.challenge_dir }} \ -d {{ item.item.value.domains | join(' -d ') }} \ @@ -87,7 +87,7 @@ - certbot - name: Post init script - shell: | + ansible.builtin.shell: | /usr/libexec/auto-certbot-deploy \ --init {{ item.item.key }} when: diff --git a/roles/copr/frontend/tasks/psql_setup.yml b/roles/copr/frontend/tasks/psql_setup.yml index 40cb231548..7c75f3bce4 100644 --- a/roles/copr/frontend/tasks/psql_setup.yml +++ b/roles/copr/frontend/tasks/psql_setup.yml @@ -11,7 +11,7 @@ register: postgres_initialized - name: Init postgresql - shell: "postgresql-setup initdb" + ansible.builtin.shell: "postgresql-setup initdb" when: not postgres_initialized.stat.exists - name: Copy pg_hba.conf diff --git a/roles/copr/hypervisor/tasks/main.yml b/roles/copr/hypervisor/tasks/main.yml index 235327c8e8..3f42b86b09 100644 --- a/roles/copr/hypervisor/tasks/main.yml +++ b/roles/copr/hypervisor/tasks/main.yml @@ -22,7 +22,7 @@ # tags: swap # - name: Mount the swap -# shell: swapon -a +# ansible.builtin.shell: swapon -a # when: fstab_swap_entry.changed # tags: swap @@ -76,12 +76,12 @@ tags: libvirtd - name: Restorecon - shell: restorecon -irv "{{ image_pool_dir }}" + ansible.builtin.shell: restorecon -irv "{{ image_pool_dir }}" when: semanage_run.changed tags: libvirtd - name: Check host-bridge in libvirt - shell: virsh net-info host-bridge + ansible.builtin.shell: virsh net-info host-bridge register: libvirt_bridge_exists failed_when: false changed_when: libvirt_bridge_exists.rc != 0 @@ -94,7 +94,7 @@ tags: libvirtd - name: Define host-bridge in libvirt - shell: | + ansible.builtin.shell: | virsh net-define /root/.tmp-ansible-file.xml virsh net-start host-bridge virsh net-autostart host-bridge @@ -103,7 +103,7 @@ tags: libvirtd - name: Check if image pool exists - shell: virsh pool-info "{{ image_pool_name }}" + ansible.builtin.shell: virsh pool-info "{{ image_pool_name }}" register: libvirt_pool_exists failed_when: false changed_when: libvirt_pool_exists.rc != 0 @@ -116,7 +116,7 @@ tags: libvirtd - name: Define image pool in libvirt - shell: | + ansible.builtin.shell: | virsh pool-define /root/.tmp-ansible-file.xml virsh pool-start "{{ image_pool_name }}" virsh pool-autostart "{{ image_pool_name }}" diff --git a/roles/copr/keygen/tasks/main.yml b/roles/copr/keygen/tasks/main.yml index 5a9979eb0c..20ce36d50f 100644 --- a/roles/copr/keygen/tasks/main.yml +++ b/roles/copr/keygen/tasks/main.yml @@ -61,4 +61,4 @@ # Sorry for writting this as `shell`. We will drop this task once it # is in stable repos. - name: Install gnupg2 with required bugfixes - shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2" + ansible.builtin.shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2" diff --git a/roles/copr/keygen/tasks/setup_backup.yml b/roles/copr/keygen/tasks/setup_backup.yml index 21ffe235eb..446e6ea948 100644 --- a/roles/copr/keygen/tasks/setup_backup.yml +++ b/roles/copr/keygen/tasks/setup_backup.yml @@ -7,7 +7,7 @@ register: pub_key_installed - name: Import pubkey for backup encryption - shell: gpg2 --import /root/backup_key.asc creates=/root/backupkeyimported + ansible.builtin.shell: gpg2 --import /root/backup_key.asc creates=/root/backupkeyimported when: pub_key_installed.changed - name: Copy backup script diff --git a/roles/fedmsg/base/tasks/main.yml b/roles/fedmsg/base/tasks/main.yml index 57212970c9..471f11c1b8 100644 --- a/roles/fedmsg/base/tasks/main.yml +++ b/roles/fedmsg/base/tasks/main.yml @@ -287,7 +287,7 @@ - fedmsg/base - name: Check if the nrpe user exists - shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' ' + ansible.builtin.shell: /usr/bin/getent passwd nrpe | /usr/bin/wc -l | tr -d ' ' register: nrpe_exists check_mode: no changed_when: "1 != 1" diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml index fe4cd6dfb0..ce4559c8c7 100644 --- a/roles/haproxy/tasks/main.yml +++ b/roles/haproxy/tasks/main.yml @@ -92,7 +92,7 @@ - selinux - name: Check to see if its even installed yet - shell: semodule -l | grep fi-haproxy | wc -l + ansible.builtin.shell: semodule -l | grep fi-haproxy | wc -l register: fi_haproxy_grep check_mode: no changed_when: "'0' in fi_haproxy_grep.stdout" diff --git a/roles/ipa/client/handlers/main.yml b/roles/ipa/client/handlers/main.yml index c516366ce3..e624c3c6b3 100644 --- a/roles/ipa/client/handlers/main.yml +++ b/roles/ipa/client/handlers/main.yml @@ -3,4 +3,4 @@ ansible.builtin.command: sss_cache -E - name: Restart sssd - shell: systemctl restart sssd + ansible.builtin.shell: systemctl restart sssd diff --git a/roles/ipa/servicedelegationrule/tasks/main.yml b/roles/ipa/servicedelegationrule/tasks/main.yml index 32ce437769..3941a29dd0 100644 --- a/roles/ipa/servicedelegationrule/tasks/main.yml +++ b/roles/ipa/servicedelegationrule/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Get admin ticket delegate_to: "{{ ipa_server }}" - shell: echo "{{ipa_admin_password}}" | kinit admin + ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin check_mode: no changed_when: "1 != 1" tags: diff --git a/roles/ipa/servicedelegationtarget/tasks/main.yml b/roles/ipa/servicedelegationtarget/tasks/main.yml index 15a516ce46..3555e40ae6 100644 --- a/roles/ipa/servicedelegationtarget/tasks/main.yml +++ b/roles/ipa/servicedelegationtarget/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Get admin ticket delegate_to: "{{ ipa_server }}" - shell: echo "{{ipa_admin_password}}" | kinit admin + ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin check_mode: no changed_when: "1 != 1" tags: diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml index 4efb6f0312..477d4e0f24 100644 --- a/roles/ipsilon/tasks/main.yml +++ b/roles/ipsilon/tasks/main.yml @@ -64,7 +64,7 @@ name: ipa/client - name: Get admin ticket - shell: echo "{{ipa_admin_password}}" | kinit admin + ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin check_mode: no tags: - ipsilon diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml index 98923338e7..da73ee1edf 100644 --- a/roles/keytab/service/tasks/main.yml +++ b/roles/keytab/service/tasks/main.yml @@ -29,7 +29,7 @@ - name: Get admin ticket delegate_to: "{{ ipa_server }}" - shell: echo "{{ipa_admin_password}}" | kinit admin + ansible.builtin.shell: echo "{{ipa_admin_password}}" | kinit admin check_mode: no changed_when: "1 != 1" tags: @@ -126,7 +126,7 @@ when: not keytab_status.stat.exists - name: Base64-decode keytab - shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}" + ansible.builtin.shell: "umask 077 && base64 -d {{kt_location}}.b64 >{{kt_location}}" tags: - keytab - config diff --git a/roles/koji_db/tasks/main.yml b/roles/koji_db/tasks/main.yml index 84b9a9fe10..7f8dc04e1c 100644 --- a/roles/koji_db/tasks/main.yml +++ b/roles/koji_db/tasks/main.yml @@ -22,7 +22,7 @@ # Load the initial schema and create a file to note that it's loaded now. # - name: Load initial schema - shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql + ansible.builtin.shell: creates=/var/lib/pgql/koji-schema psql koji koji < /usr/share/doc/koji*/docs/schema.sql tags: - db when: is_kojidb == "True" diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index a3c629d916..c843c96f6b 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -24,7 +24,7 @@ - name: Get the directory to use delegate_to: "certgetter01.iad2.fedoraproject.org" # Sometimes we get directories like site-0001, site-0002, etc. We want the latest - shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'" + ansible.builtin.shell: "file /etc/letsencrypt/live/{{site_name}}* | tail -1 | sed -e 's/: directory//' | tr -d '\n'" register: certbot_dir changed_when: 'false' check_mode: no diff --git a/roles/mirror_pagure_ansible/tasks/main.yml b/roles/mirror_pagure_ansible/tasks/main.yml index 46f340c16f..e11a340c1d 100644 --- a/roles/mirror_pagure_ansible/tasks/main.yml +++ b/roles/mirror_pagure_ansible/tasks/main.yml @@ -14,7 +14,7 @@ - name: Setup pagure user user: name: mirror_pagure_ansible - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin comment: "mirror_pagure_ansible User" tags: - mirror_pagure_ansible diff --git a/roles/nagios_client/tasks/main.yml b/roles/nagios_client/tasks/main.yml index 7f4024038f..9734e1234a 100644 --- a/roles/nagios_client/tasks/main.yml +++ b/roles/nagios_client/tasks/main.yml @@ -8,7 +8,7 @@ uid: "{{nrpe_client_uid|default(omit)}}" comment: NRPE user for the NRPE service home: /var/run/nrpe - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin system: true tags: - nagios_client @@ -323,7 +323,7 @@ - pagure - name: Check if the fedmsg group exists - shell: /usr/bin/getent group fedmsg | /usr/bin/wc -l | tr -d ' ' + ansible.builtin.shell: /usr/bin/getent group fedmsg | /usr/bin/wc -l | tr -d ' ' register: fedmsg_exists check_mode: no changed_when: "1 != 1" diff --git a/roles/openqa/server/tasks/main.yml b/roles/openqa/server/tasks/main.yml index fd6c5c9c27..7a758838e0 100644 --- a/roles/openqa/server/tasks/main.yml +++ b/roles/openqa/server/tasks/main.yml @@ -97,7 +97,7 @@ home: "/var/lib/openqa" createhome: no system: yes - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin when: "openqa_static_uid is defined" - name: Remove old scratch repo directory @@ -250,7 +250,7 @@ - config - name: Initialize database - shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305 + ansible.builtin.shell: "/usr/share/openqa/script/initdb --user geekotest --init_database" # noqa 305 register: initdb changed_when: "initdb.rc == 0" failed_when: "(initdb.rc > 0) and (initdb.stdout is not defined or initdb.stdout.find('already exists') == -1)" @@ -316,7 +316,7 @@ register: templatesfif - name: Dump existing config for checking changes - shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :" + ansible.builtin.shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-old.json || :" when: "(gittests is defined) and (gittests is changed)" changed_when: "1 != 1" @@ -342,7 +342,7 @@ changed_when: "1 != 1" - name: Check if the tests changed in previous step - shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)" + ansible.builtin.shell: "/usr/share/openqa/script/dump_templates --json > /tmp/tmpl-new.json && diff <(jq -S . /tmp/tmpl-old.json) <(jq -S . /tmp/tmpl-new.json)" when: "(gittests is defined) and (gittests is changed)" register: testsdiff changed_when: "testsdiff.rc > 0" diff --git a/roles/openqa/worker/tasks/tap-setup.yml b/roles/openqa/worker/tasks/tap-setup.yml index 1875f311a8..44a282abbb 100644 --- a/roles/openqa/worker/tasks/tap-setup.yml +++ b/roles/openqa/worker/tasks/tap-setup.yml @@ -56,13 +56,13 @@ # nmcli collection does not support tun type - name: Check whether tap device interface connection profiles exist - shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)" + ansible.builtin.shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)" register: tapsexist changed_when: "1 != 1" failed_when: "1 != 1" - name: Create openvswitch interfaces for tap devices - shell: "nmcli con add type tun mode tap owner $(id -u _openqa-worker) group $(getent group nogroup | cut -f3 -d:) con.int tap{{ item }} master tap{{ item }}" + ansible.builtin.shell: "nmcli con add type tun mode tap owner $(id -u _openqa-worker) group $(getent group nogroup | cut -f3 -d:) con.int tap{{ item }} master tap{{ item }}" with_sequence: start=0 end={{ openqa_workers | int }} when: tapsexist.rc > 0 diff --git a/roles/openshift-apps/koschei/job/tasks/main.yml b/roles/openshift-apps/koschei/job/tasks/main.yml index a1716aa6c3..6e1ba98ccf 100644 --- a/roles/openshift-apps/koschei/job/tasks/main.yml +++ b/roles/openshift-apps/koschei/job/tasks/main.yml @@ -5,10 +5,10 @@ dest: "/etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml" - name: Delete previous job (if any) - shell: oc -n {{ job_app }} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml + ansible.builtin.shell: oc -n {{ job_app }} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml - name: Start job - shell: oc -n {{ job_app }} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml + ansible.builtin.shell: oc -n {{ job_app }} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml - name: Wait for job to complete - shell: oc -n {{ job_app }} wait job/job-{{job_name}} --for condition=complete + ansible.builtin.shell: oc -n {{ job_app }} wait job/job-{{job_name}} --for condition=complete diff --git a/roles/openshift/import-image/tasks/main.yml b/roles/openshift/import-image/tasks/main.yml index cc22916561..f7a9cf7934 100644 --- a/roles/openshift/import-image/tasks/main.yml +++ b/roles/openshift/import-image/tasks/main.yml @@ -1,3 +1,3 @@ --- - name: Run `oc import-image` - shell: oc -n {{import_image_app}} import-image {{import_image_imagestreamname}} + ansible.builtin.shell: oc -n {{import_image_app}} import-image {{import_image_imagestreamname}} diff --git a/roles/openshift/ipa-client/tasks/main.yml b/roles/openshift/ipa-client/tasks/main.yml index be7a2fa74f..d4f40957fe 100644 --- a/roles/openshift/ipa-client/tasks/main.yml +++ b/roles/openshift/ipa-client/tasks/main.yml @@ -16,5 +16,5 @@ register: ipa_config_result - name: Call `oc apply` on the copied file - shell: oc -n {{ipa_client_app}} apply -f /etc/openshift_apps/{{ipa_client_app}}/configmap-ipa-client.yml + ansible.builtin.shell: oc -n {{ipa_client_app}} apply -f /etc/openshift_apps/{{ipa_client_app}}/configmap-ipa-client.yml when: ipa_config_result.changed or object_always_apply diff --git a/roles/openshift/job/tasks/main.yml b/roles/openshift/job/tasks/main.yml index 9aea2167a7..bcdbe87469 100644 --- a/roles/openshift/job/tasks/main.yml +++ b/roles/openshift/job/tasks/main.yml @@ -17,10 +17,10 @@ dest: "/etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml" - name: Delete previous job (if any) - shell: oc -n {{os_app}} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml + ansible.builtin.shell: oc -n {{os_app}} delete --ignore-not-found=true -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml - name: Start job - shell: oc -n {{os_app}} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml + ansible.builtin.shell: oc -n {{os_app}} create -f /etc/openshift_apps/{{job_app}}/job-{{job_name}}.yml - debug: msg: "Job started. You can watch the logs with: oc -n {{os_app}} logs -f job/job-{{job_name}}" @@ -28,4 +28,4 @@ msg: "You can cancel it with: oc -n {{os_app}} delete job/job-{{job_name}}" - name: Wait for job to complete - shell: oc -n {{os_app}} wait job/job-{{job_name}} --for condition=complete + ansible.builtin.shell: oc -n {{os_app}} wait job/job-{{job_name}} --for condition=complete diff --git a/roles/openshift/keytab/tasks/main.yml b/roles/openshift/keytab/tasks/main.yml index ae264fdefa..b9f33e1e7c 100644 --- a/roles/openshift/keytab/tasks/main.yml +++ b/roles/openshift/keytab/tasks/main.yml @@ -8,13 +8,13 @@ kt_location: "/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt" - name: Call `oc secrets new` on the copied file - shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt + ansible.builtin.shell: oc -n {{keytab_app}} secrets new {{keytab_secret_name}} {{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt register: create_out when: not ocp4 failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr" - name: Call `oc create secret generic` on the copied file - shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt + ansible.builtin.shell: oc -n {{keytab_app}} create secret generic {{keytab_secret_name}} --from-file={{keytab_key}}=/etc/openshift_apps/{{keytab_app}}/{{keytab_key}}.kt register: create_out when: ocp4 and not keytab_status.stat.exists failed_when: "create_out.rc != 0 and 'AlreadyExists' not in create_out.stderr" diff --git a/roles/openshift/object-delete/tasks/main.yml b/roles/openshift/object-delete/tasks/main.yml index 796645f984..ebc0f1c688 100644 --- a/roles/openshift/object-delete/tasks/main.yml +++ b/roles/openshift/object-delete/tasks/main.yml @@ -12,4 +12,4 @@ when: object_delete_objecttype == 'project' - name: Call `oc delete` on the object - shell: oc -n {{object_delete_app}} delete {{object_delete_objecttype}}/{{object_delete_objectname}} + ansible.builtin.shell: oc -n {{object_delete_app}} delete {{object_delete_objecttype}}/{{object_delete_objectname}} diff --git a/roles/openshift/object/tasks/main.yml b/roles/openshift/object/tasks/main.yml index 74c9f4a42a..4f03dee521 100644 --- a/roles/openshift/object/tasks/main.yml +++ b/roles/openshift/object/tasks/main.yml @@ -15,5 +15,5 @@ register: object_file_result - name: Call `oc apply` on the copied file - shell: oc -n {{object_os_app}} apply --validate=strict -f /etc/openshift_apps/{{object_os_app}}/{{object_objectname}} + ansible.builtin.shell: oc -n {{object_os_app}} apply --validate=strict -f /etc/openshift_apps/{{object_os_app}}/{{object_objectname}} when: object_template_result.changed or object_template_fullpath_result.changed or object_file_result.changed or object_always_apply diff --git a/roles/openshift/project/tasks/main.yml b/roles/openshift/project/tasks/main.yml index 41de2844f1..40e1069ff8 100644 --- a/roles/openshift/project/tasks/main.yml +++ b/roles/openshift/project/tasks/main.yml @@ -19,7 +19,7 @@ dest=/etc/openshift_apps/{{project_app}}/project.yml - name: Create project - shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml + ansible.builtin.shell: oc apply --validate=strict -f /etc/openshift_apps/{{project_app}}/project.yml when: "'not found' in project_exists.stderr" - name: Deployer.yml diff --git a/roles/openshift/rollout/tasks/main.yml b/roles/openshift/rollout/tasks/main.yml index c2170cf70c..630aaae2a4 100644 --- a/roles/openshift/rollout/tasks/main.yml +++ b/roles/openshift/rollout/tasks/main.yml @@ -1,3 +1,3 @@ --- - name: Run `oc rollout latest` - shell: oc -n {{rollout_app}} rollout latest {{rollout_dcname}} + ansible.builtin.shell: oc -n {{rollout_app}} rollout latest {{rollout_dcname}} diff --git a/roles/openshift/secret-file/tasks/main.yml b/roles/openshift/secret-file/tasks/main.yml index 989efa2d85..735ec0c42f 100644 --- a/roles/openshift/secret-file/tasks/main.yml +++ b/roles/openshift/secret-file/tasks/main.yml @@ -15,18 +15,18 @@ register: secret_privatefile - name: Delete existing secrets - shell: oc -n {{os_app}} delete secret/{{secret_file_secret_name}} + ansible.builtin.shell: oc -n {{os_app}} delete secret/{{secret_file_secret_name}} register: delete_out changed_when: "'NotFound' in delete_out.stderr" failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)" when: secret_template.changed or secret_file.changed or secret_privatefile.changed - name: Call `oc secrets new` on the copied file - shell: oc -n {{os_app}} secrets new {{secret_file_secret_name}} {{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}} + ansible.builtin.shell: oc -n {{os_app}} secrets new {{secret_file_secret_name}} {{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}} register: create_out when: not ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed) - name: Call `oc create secret generic` on the copied file - shell: oc -n {{os_app}} create secret generic {{secret_file_secret_name}} --from-file={{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}} + ansible.builtin.shell: oc -n {{os_app}} create secret generic {{secret_file_secret_name}} --from-file={{secret_file_key}}=/etc/openshift_apps/{{os_app}}/{{secret_file_key}} register: create_out when: ocp4 and (secret_template.changed or secret_file.changed or secret_privatefile.changed) diff --git a/roles/openshift/secret-tls/tasks/main.yml b/roles/openshift/secret-tls/tasks/main.yml index b3605066af..4a110e6854 100644 --- a/roles/openshift/secret-tls/tasks/main.yml +++ b/roles/openshift/secret-tls/tasks/main.yml @@ -8,18 +8,18 @@ register: secret_privatekey - name: Delete existing secrets - shell: oc -n {{secret_tls_app}} delete secret/{{secret_tls_secret_name}} + ansible.builtin.shell: oc -n {{secret_tls_app}} delete secret/{{secret_tls_secret_name}} register: delete_out changed_when: "'NotFound' in delete_out.stderr" failed_when: "('NotFound' not in delete_out.stderr) and (delete_out.rc != 0)" when: secret_privatecert.changed or secret_privatekey.changed - name: Call `oc create secret tls` on the copied file - shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key + ansible.builtin.shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key register: create_out when: secret_privatecert.changed or secret_privatekey.changed - name: Call `oc create secret tls` on the copied file - shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key + ansible.builtin.shell: oc -n {{secret_tls_app}} create secret tls {{secret_tls_secret_name}} --cert=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.crt --key=/etc/openshift_apps/{{secret_tls_app}}/{{secret_tls_key}}.key register: create_out when: secret_privatecert.changed or secret_privatekey.changed diff --git a/roles/openshift/start-build/tasks/main.yml b/roles/openshift/start-build/tasks/main.yml index 5b8bc86793..547a35713f 100644 --- a/roles/openshift/start-build/tasks/main.yml +++ b/roles/openshift/start-build/tasks/main.yml @@ -1,3 +1,3 @@ --- - name: Run `oc start-build` - shell: oc -n {{start_build_app}} start-build {{start_build_buildname}} + ansible.builtin.shell: oc -n {{start_build_app}} start-build {{start_build_buildname}} diff --git a/roles/pagure/tasks/main.yml b/roles/pagure/tasks/main.yml index 5208ec7b05..84cb2eee90 100644 --- a/roles/pagure/tasks/main.yml +++ b/roles/pagure/tasks/main.yml @@ -192,7 +192,7 @@ name: paguremirroring group: paguremirroring groups: paguremirroring,git - shell: /bin/nologin + ansible.builtin.shell: /bin/nologin home: /srv/mirror tags: - pagure diff --git a/roles/rabbit/queue/handlers/main.yml b/roles/rabbit/queue/handlers/main.yml index 39cf72e9e8..234d87a5e9 100644 --- a/roles/rabbit/queue/handlers/main.yml +++ b/roles/rabbit/queue/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: restart nagios on noc - shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios + ansible.builtin.shell: nagios -v /etc/nagios/nagios.cfg && systemctl restart nagios delegate_to: "{{ queue_nagios_server }}" - name: restart nrpe on rabbitmq diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml index 1691da6084..1fd9c76176 100644 --- a/roles/robosignatory/tasks/main.yml +++ b/roles/robosignatory/tasks/main.yml @@ -29,7 +29,7 @@ system: yes home: /etc/robosignatory comment: Robosignatory - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin uid: 263 tags: - config diff --git a/roles/serial-console/tasks/main.yml b/roles/serial-console/tasks/main.yml index c67bb8b35d..ecfbfd17a1 100644 --- a/roles/serial-console/tasks/main.yml +++ b/roles/serial-console/tasks/main.yml @@ -3,7 +3,7 @@ # --- - name: Check for grub serial setup - shell: grep options /boot/loader/entries/* + ansible.builtin.shell: grep options /boot/loader/entries/* register: serial check_mode: no changed_when: '1 != 1' diff --git a/roles/smtp-auth-relay/tasks/main.yml b/roles/smtp-auth-relay/tasks/main.yml index bb7693ea7f..c48cd20b60 100644 --- a/roles/smtp-auth-relay/tasks/main.yml +++ b/roles/smtp-auth-relay/tasks/main.yml @@ -18,7 +18,7 @@ - smtp_auth_relay - name: Regenerate the password db file - shell: postmap /etc/postfix/sasl_passwd + ansible.builtin.shell: postmap /etc/postfix/sasl_passwd when: smtp_relay_password_file.changed notify: restart postfix tags: diff --git a/roles/web-data-analysis/tasks/main.yml b/roles/web-data-analysis/tasks/main.yml index e2d0291d97..de24f0b201 100644 --- a/roles/web-data-analysis/tasks/main.yml +++ b/roles/web-data-analysis/tasks/main.yml @@ -108,7 +108,7 @@ user: name: countme group: countme - shell: /sbin/nologin + ansible.builtin.shell: /sbin/nologin home: /srv/countme comment: "DNF countme counter" tags: @@ -125,7 +125,7 @@ - name: Remove local mirrors-countme git repo, scripts and Python package # Using `shell` here because `file` doesn't know wild cards - shell: >- + ansible.builtin.shell: >- shopt -s nullglob; rm -rfv \ /srv/countme/mirrors-countme \ diff --git a/roles/zabbix/zabbix_agent/handlers/main.yml b/roles/zabbix/zabbix_agent/handlers/main.yml index 8276f6a9be..6b4602d19f 100644 --- a/roles/zabbix/zabbix_agent/handlers/main.yml +++ b/roles/zabbix/zabbix_agent/handlers/main.yml @@ -3,5 +3,5 @@ service: name=zabbix-agent state=restarted - name: reload custom selinux files - shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp" + ansible.builtin.shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp" when: ansible_selinux.mode == "enforcing" diff --git a/roles/zabbix/zabbix_agent/tasks/main.yml b/roles/zabbix/zabbix_agent/tasks/main.yml index 2c1e785ac6..cb4db30d83 100644 --- a/roles/zabbix/zabbix_agent/tasks/main.yml +++ b/roles/zabbix/zabbix_agent/tasks/main.yml @@ -35,7 +35,7 @@ - zabbix_agent - name: Reload custom selinux files - shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp" + ansible.builtin.shell: /usr/sbin/semodule -u "/etc/selinux/centos/centos-zabbix-agent.pp" when: ansible_distribution == "Centos" and ansible_selinux.status == "enabled" and sepolicy.changed tags: - zabbix_agent diff --git a/tasks/cloud_setup_basic.yml b/tasks/cloud_setup_basic.yml index c9ab89110d..805413c1f4 100644 --- a/tasks/cloud_setup_basic.yml +++ b/tasks/cloud_setup_basic.yml @@ -25,7 +25,7 @@ include_role: name=basessh # - name: Edit hostname to be instance name - prefix hostbase var if it exists -# shell: hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id` +# ansible.builtin.shell: hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id` # tags: # - config diff --git a/tasks/swap.yml b/tasks/swap.yml index 2fb06ce637..eabd5457dc 100644 --- a/tasks/swap.yml +++ b/tasks/swap.yml @@ -88,7 +88,7 @@ - swap - name: Disable zram0 - shell: swapoff /dev/zram0 + ansible.builtin.shell: swapoff /dev/zram0 tags: - swap - swap.file.swapoffzram diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml index b44789636c..826375a629 100644 --- a/tasks/virt_instance_create.yml +++ b/tasks/virt_instance_create.yml @@ -21,7 +21,7 @@ when: inventory_hostname not in result.list_vms - name: Run the virt-install - shell: "{{ virt_install_command }}" + ansible.builtin.shell: "{{ virt_install_command }}" delegate_to: "{{ vmhost }}" when: inventory_hostname not in result.list_vms