diff --git a/roles/pulp_client/tasks/main.yml b/roles/pulp_client/tasks/main.yml index 8765d87db..5303a9abd 100644 --- a/roles/pulp_client/tasks/main.yml +++ b/roles/pulp_client/tasks/main.yml @@ -30,7 +30,7 @@ meta: flush_handlers - name: Find all *.repo files in /etc/yum.repos.d/. - find: + ansible.builtin.find: paths: '/etc/yum.repos.d/' use_regex: false patterns: '*.repo' @@ -45,7 +45,7 @@ become: true - name: Remove RHN/SpaceWalk if it was installed. - yum: + ansible.builtin.yum: state: absent name: - rhn-client-tools diff --git a/roles/pulp_server/handlers/main.yml b/roles/pulp_server/handlers/main.yml index f9c8b656b..10320fd77 100644 --- a/roles/pulp_server/handlers/main.yml +++ b/roles/pulp_server/handlers/main.yml @@ -1,6 +1,6 @@ --- - name: Running update-ca-trust when certificates have changed. - command: + ansible.builtin.command: cmd: update-ca-trust extract become: true listen: update-ca-trust diff --git a/roles/regular_users/tasks/local_regular_users.yml b/roles/regular_users/tasks/local_regular_users.yml index 60ed20219..a2e65ebc1 100644 --- a/roles/regular_users/tasks/local_regular_users.yml +++ b/roles/regular_users/tasks/local_regular_users.yml @@ -28,7 +28,7 @@ become: true - name: 'Deploy authorized keys for local regular users.' - authorized_key: + ansible.posix.authorized_key: user: "{{ item.user }}" key: "{{ auth_users[item.user].pub_keys }}" state: present diff --git a/roles/resolver/tasks/main.yml b/roles/resolver/tasks/main.yml index e166c31ce..f258b0ba9 100644 --- a/roles/resolver/tasks/main.yml +++ b/roles/resolver/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: 'Install dnsmasq.' - yum: + ansible.builtin.yum: state: 'latest' update_cache: true name: @@ -9,7 +9,7 @@ notify: 'restart_dnsmasq' - name: 'Configure /etc/dnsmasq.conf to use nameservers as listed in group_vars for this cluster.' - template: + ansible.builtin.template: dest: '/etc/dnsmasq.conf' src: 'templates/dnsmasq.conf.j2' owner: root diff --git a/roles/rsync/tasks/main.yml b/roles/rsync/tasks/main.yml index 4cf811bbc..be581835e 100644 --- a/roles/rsync/tasks/main.yml +++ b/roles/rsync/tasks/main.yml @@ -7,7 +7,7 @@ # --- - name: Install rsync. - yum: + ansible.builtin.yum: state: 'latest' update_cache: true name: 'rsync' @@ -16,7 +16,7 @@ # Check managed hosts. # - name: Check if rsync >= 3.1.2 is installed on the managed hosts. - shell: + ansible.builtin.shell: cmd: | set -o pipefail (trap '' PIPE; rsync --version 2>/dev/null || echo 'missing') \ @@ -42,7 +42,7 @@ # Check control host. # - name: Check if rsync >= 3.1.2 is installed on the control host. - shell: + ansible.builtin.shell: cmd: | set -o pipefail (trap '' PIPE; rsync --version 2>/dev/null || echo 'missing') \ diff --git a/roles/rsyncd/tasks/main.yml b/roles/rsyncd/tasks/main.yml index fb941fdca..296d11dd4 100644 --- a/roles/rsyncd/tasks/main.yml +++ b/roles/rsyncd/tasks/main.yml @@ -10,14 +10,14 @@ # --- - name: 'Install rsync.' - yum: + ansible.builtin.yum: state: 'latest' update_cache: true name: 'rsync' become: true - name: 'Install rsyncd config files with "modules".' - template: + ansible.builtin.template: src: "templates/{{ item }}" dest: "/etc/{{ item }}" owner: 'root' diff --git a/roles/rsyslogclient/tasks/main.yml b/roles/rsyslogclient/tasks/main.yml index 2e00e6193..31ebc1b0b 100644 --- a/roles/rsyslogclient/tasks/main.yml +++ b/roles/rsyslogclient/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Install rsyslog on centos - yum: name=rsyslog state=latest update_cache=yes + ansible.builtin.yum: name=rsyslog state=latest update_cache=yes when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' become: true @@ -10,7 +10,7 @@ become: true - name: configure rsyslog server. - lineinfile: + ansible.builtin.lineinfile: dest: /etc/rsyslog.conf line: "*.* @{{ item }}:514" with_items: "{{ rsyslog_remote_servers }}" diff --git a/roles/slurm_client/tasks/main.yml b/roles/slurm_client/tasks/main.yml index 48ce72c28..d1b6453fa 100644 --- a/roles/slurm_client/tasks/main.yml +++ b/roles/slurm_client/tasks/main.yml @@ -47,7 +47,7 @@ become: true - name: 'Install the Slurm client with yum.' - yum: + ansible.builtin.yum: state: 'installed' update_cache: true allow_downgrade: true @@ -61,7 +61,7 @@ # See: https://bugs.schedmd.com/show_bug.cgi?id=8388 - name: 'Patch slurm daemon systemd service files to disable PID files.' - lineinfile: + ansible.builtin.lineinfile: path: "/usr/lib/systemd/system/{{ item }}.service" regexp: '^#?PIDFile=' line: "#PIDFile=/var/run/slurm/{{ item }}.pid" @@ -75,7 +75,7 @@ become: true - name: 'Install NHC with yum.' - yum: + ansible.builtin.yum: state: 'latest' update_cache: true name: @@ -144,7 +144,7 @@ become: true - name: 'Deploy slurm.conf.' - template: + ansible.builtin.template: src: 'roles/slurm_management/templates/slurm.conf' dest: '/etc/slurm/slurm.conf' owner: 'root' @@ -166,7 +166,7 @@ become: true - name: 'Deploy UI nhc.conf.' - template: + ansible.builtin.template: src: 'templates/user_interface_nhc.conf' dest: '/etc/nhc/nhc.conf' owner: 'root' @@ -176,7 +176,7 @@ become: true - name: 'Deploy compute_vm nhc.conf.' - template: + ansible.builtin.template: src: 'templates/compute_vm_nhc.conf' dest: '/etc/nhc/nhc.conf' owner: 'root' @@ -206,7 +206,7 @@ become: true - name: 'Allow passwordless sudo to slurm user for users in the functional_admins_group.' - template: + ansible.builtin.template: src: 'roles/slurm_management/templates/91-slurm' dest: "/etc/sudoers.d/91-slurm" owner: 'root' diff --git a/roles/slurm_exporter/tasks/main.yml b/roles/slurm_exporter/tasks/main.yml index dd1684137..0e2efcdb7 100644 --- a/roles/slurm_exporter/tasks/main.yml +++ b/roles/slurm_exporter/tasks/main.yml @@ -23,7 +23,7 @@ become: true - name: "Install {{ service_name }} service file." - template: + ansible.builtin.template: src: "templates/{{ service_name }}.service" dest: "/etc/systemd/system/{{ service_name }}.service" mode: '0644' diff --git a/roles/slurm_management/tasks/main.yml b/roles/slurm_management/tasks/main.yml index 470a913f8..5b0c14f41 100644 --- a/roles/slurm_management/tasks/main.yml +++ b/roles/slurm_management/tasks/main.yml @@ -249,7 +249,7 @@ become: true - name: 'Create Slurm accounting DB backup now.' # noqa no-changed-when - shell: | + ansible.builtin.shell: | mysqldump --all-databases \ -uroot -p{{ MYSQL_ROOT_PASSWORD | quote }} \ -h localhost --protocol=socket \ diff --git a/roles/spacewalk_client/tasks/main.yml b/roles/spacewalk_client/tasks/main.yml index 344448dd4..8bc3f657d 100644 --- a/roles/spacewalk_client/tasks/main.yml +++ b/roles/spacewalk_client/tasks/main.yml @@ -7,14 +7,14 @@ # Request failed: ' # - name: 'Install spacewalk client repo.' - yum: + ansible.builtin.yum: name: "https://copr-be.cloud.fedoraproject.org/results/@spacewalkproject/\ spacewalk-2.8-client/epel-7-x86_64/00742644-spacewalk-repo/spacewalk-client-repo-2.8-11.el7.centos.noarch.rpm" state: present become: true - name: 'Install spacewalk client packages.' - yum: + ansible.builtin.yum: name: - 'rhn-client-tools' - 'rhn-check' @@ -53,7 +53,7 @@ become: true - name: 'Disable gpgcheck for spacewalk repo.' - lineinfile: + ansible.builtin.lineinfile: path: '/etc/yum/pluginconf.d/rhnplugin.conf' regexp: '^gpgcheck = [0-9].*' line: 'gpgcheck = 0' @@ -63,7 +63,7 @@ become: true - name: 'Remove all (non-spacewalk) repo config files from /etc/yum.repos.d/.' - shell: 'rm -rfv /etc/yum.repos.d/*' + ansible.builtin.shell: 'rm -rfv /etc/yum.repos.d/*' args: warn: false register: deleted_items diff --git a/roles/ssh_host_signer/tasks/main.yml b/roles/ssh_host_signer/tasks/main.yml index e574b8b88..753e83231 100644 --- a/roles/ssh_host_signer/tasks/main.yml +++ b/roles/ssh_host_signer/tasks/main.yml @@ -5,7 +5,7 @@ become: true - name: 'Find SSH host keys.' - find: + ansible.builtin.find: path: "{{ ssh_host_signer_key_directory }}" pattern: ssh_host_*_key register: private_keys @@ -55,7 +55,7 @@ become: false - name: 'Sign SSH host keys.' - command: > + ansible.builtin.command: > ssh-keygen -h -s {{ temporary_directory.path | quote }}/{{ ssh_host_signer_ca_private_key | basename | quote }} -P {{ ssh_host_signer_ca_private_key_pass | quote }} @@ -69,7 +69,7 @@ no_log: true - name: 'Find generated certificates (== signed host keys).' - find: + ansible.builtin.find: path: "{{ temporary_directory.path }}/public_keys/{{ inventory_hostname }}{{ ssh_host_signer_key_directory }}" pattern: 'ssh_host_*_key-cert.pub' delegate_to: localhost @@ -77,7 +77,7 @@ register: certificates - name: 'Compare generated certificates to existing certificates from servers.' - shell: | + ansible.builtin.shell: | set -o pipefail diff <(ssh-keygen -L -f {{ item.path | quote }} | tail -n +2) \ <(ssh-keygen -L -f {{ existing_certificates_dir }}/{{ item.path | basename | quote }} | tail -n +2) @@ -114,7 +114,7 @@ changed_when: false - name: 'Add the signed certificates to SSH configuration file.' - lineinfile: + ansible.builtin.lineinfile: dest: "{{ ssh_host_signer_ssh_config }}" line: "HostCertificate {{ item.path }}-cert.pub" insertafter: "HostKey {{ item.path }}" @@ -128,7 +128,7 @@ become: true - name: 'Remove HostKey directives from the SSH configuration file for unused ssh host key types.' - lineinfile: + ansible.builtin.lineinfile: dest: "{{ ssh_host_signer_ssh_config }}" line: "HostCertificate {{ item.path }}-cert.pub" state: absent @@ -140,7 +140,7 @@ become: true - name: 'Remove corresponding HostCertificate directives from the SSH configuration file for unused ssh host key types.' - lineinfile: + ansible.builtin.lineinfile: dest: "{{ ssh_host_signer_ssh_config }}" line: "HostKey {{ item.path }}" state: absent diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 4f86ee67c..e89c64cf8 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Deploy sshd config. - template: + ansible.builtin.template: src: templates/sshd_config dest: /etc/ssh/sshd_config owner: root @@ -11,13 +11,13 @@ become: true - name: Check if /etc/ssh/moduli contains weak (small) values. - shell: awk '$5 < {{ sshd_moduli_minimum }}' /etc/ssh/moduli + ansible.builtin.shell: awk '$5 < {{ sshd_moduli_minimum }}' /etc/ssh/moduli register: sshd_register_moduli changed_when: false check_mode: false - name: Remove weak (small) values from /etc/ssh/moduli. - shell: awk '$5 >= {{ sshd_moduli_minimum }}' /etc/ssh/moduli > /etc/ssh/moduli.new ; + ansible.builtin.shell: awk '$5 >= {{ sshd_moduli_minimum }}' /etc/ssh/moduli > /etc/ssh/moduli.new ; [ -r /etc/ssh/moduli.new -a -s /etc/ssh/moduli.new ] && mv /etc/ssh/moduli.new /etc/ssh/moduli || true when: sshd_register_moduli.stdout notify: restart_sshd diff --git a/roles/sssd/handlers/main.yml b/roles/sssd/handlers/main.yml index 5fed6c8a6..405ff6384 100644 --- a/roles/sssd/handlers/main.yml +++ b/roles/sssd/handlers/main.yml @@ -5,7 +5,7 @@ # and not in the order in which they are listed in a "notify: handler_name" statement! # - name: Running update-ca-trust when certificates have changed. - command: + ansible.builtin.command: cmd: update-ca-trust extract become: true listen: update-ca-trust @@ -25,7 +25,7 @@ listen: restart_sshd - name: Run authconfig update to enable sssd. - command: "authconfig --enablesssd --enablesssdauth --update" + ansible.builtin.command: "authconfig --enablesssd --enablesssdauth --update" become: true listen: authconfig_enable_sssd ... diff --git a/roles/static_hostname_lookup/tasks/main.yml b/roles/static_hostname_lookup/tasks/main.yml index d7b68513c..799f61e8a 100644 --- a/roles/static_hostname_lookup/tasks/main.yml +++ b/roles/static_hostname_lookup/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: "Find all ip_addresses.yml files in {{ playbook_dir }}/group_vars/*." - find: + ansible.builtin.find: paths: "{{ playbook_dir }}/group_vars/" recurse: true patterns: 'ip_addresses.yml' @@ -17,7 +17,7 @@ connection: local - name: Deploy /etc/hosts file. - template: + ansible.builtin.template: src: templates/hosts.j2 dest: /etc/hosts mode: 0644