Configure yamllint to be compatible with ansible-lint

Current version of ansible-list pre-commit hook required changes in the ansible-freeipa yamllint configuration and these changes triggered issues in the current playbooks on roles and tests. This patch adds the required changes to yaml lint configuration and fixes the affected playbooks. Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2026-03-26 21:33:05 +00:00 · 2025-01-28 15:20:09 -03:00
parent 9195494f37
commit 91c4b83311
27 changed files with 78 additions and 85 deletions
--- a/.yamllint
+++ b/.yamllint
@@ -20,4 +20,9 @@ rules:
    max: 160
  # Disabled rules
  indentation: disable
-  comments: disable
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
--- a/playbooks/dnszone/dnszone-all-params.yml
+++ b/playbooks/dnszone/dnszone-all-params.yml
@@ -21,7 +21,7 @@
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
          port: 52
-      #serial: 1234
+      # serial: 1234
      refresh: 3600
      retry: 900
      expire: 1209600
--- a/playbooks/vault/vault-is-present-with-password-file.yml
+++ b/playbooks/vault/vault-is-present-with-password-file.yml
@@ -11,7 +11,7 @@
      dest: "{{ ansible_facts['env'].HOME }}/password.txt"
      owner: "{{ ansible_user }}"
      group: "{{ ansible_user }}"
-      mode: 0600
+      mode: "0600"
  - name: Ensure symmetric vault exists with password from file.
    ipavault:
      ipaadmin_password: SomeADMINpassword
--- a/playbooks/vault/vault-is-present-with-public-key-file.yml
+++ b/playbooks/vault/vault-is-present-with-public-key-file.yml
@@ -16,7 +16,7 @@
      dest: "{{ ansible_facts['env'].HOME }}/public.pem"
      owner: "{{ ansible_user }}"
      group: "{{ ansible_user }}"
-      mode: 0600
+      mode: "0600"
  - name: Ensure asymmetric vault exists with public key from file.
    ipavault:
      ipaadmin_password: SomeADMINpassword
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -152,7 +152,7 @@
      ansible.builtin.copy:
        src: "{{ ipaadmin_keytab }}"
        dest: "{{ keytab_temp.path }}"
-        mode: 0600
+        mode: "0600"
      delegate_to: "{{ result_ipaclient_test.servers[0] }}"
      when: ipaadmin_keytab is defined

--- a/roles/ipaclient/tasks/uninstall.yml
+++ b/roles/ipaclient/tasks/uninstall.yml
@@ -15,8 +15,3 @@
  ipaclient_configure_dns_resolver:
    state: absent
  when: ipaclient_cleanup_dns_resolver | bool
-
-#- name: Remove IPA client package
-#  ansible.builtin.package:
-#    name: "{{ ipaclient_packages }}"
-#    state: absent
--- a/roles/ipaclient/vars/Fedora-25.yml
+++ b/roles/ipaclient/vars/Fedora-25.yml
@@ -2,4 +2,4 @@
 # vars/Fedora-25.yml
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/Fedora-26.yml
+++ b/roles/ipaclient/vars/Fedora-26.yml
@@ -2,4 +2,4 @@
 # vars/Fedora-26.yml
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/RedHat-7.3.yml
+++ b/roles/ipaclient/vars/RedHat-7.3.yml
@@ -2,4 +2,4 @@
 # vars/RedHat-7.3.yml
 ---
 ipaclient_packages: [ "ipa-client", "ipa-admintools", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/RedHat-7.yml
+++ b/roles/ipaclient/vars/RedHat-7.yml
@@ -2,4 +2,3 @@
 # vars/RedHat-7
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/default.yml
+++ b/roles/ipaclient/vars/default.yml
@@ -2,4 +2,3 @@
 # vars/default.yml
 ---
 ipaclient_packages: [ "ipa-client", "python3-libselinux" ]
-#ansible_python_interpreter: '/usr/bin/python3'
--- a/roles/ipareplica/defaults/main.yml
+++ b/roles/ipareplica/defaults/main.yml
@@ -17,10 +17,10 @@ ipareplica_no_ui_redirect: no
 ipaclient_mkhomedir: no
 ipaclient_force_join: no
 ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
 ipaclient_ssh_trust_dns: no
 ### certificate system ###
 ipareplica_skip_schema_check: no
--- a/roles/ipaserver/defaults/main.yml
+++ b/roles/ipaserver/defaults/main.yml
@@ -16,10 +16,10 @@ ipaserver_random_serial_numbers: false
 ### client ###
 ipaclient_mkhomedir: no
 ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
 ### certificate system ###
 ipaserver_external_ca: no
 ### dns ###
--- a/roles/ipaserver/tasks/uninstall.yml
+++ b/roles/ipaserver/tasks/uninstall.yml
@@ -54,8 +54,3 @@
  # 1 means that uninstall failed because IPA server was not configured
  failed_when: uninstall.rc != 0 and uninstall.rc != 1
  changed_when: uninstall.rc == 0
-
-#- name: Remove IPA server packages
-#  ansible.builtin.package:
-#    name: "{{ ipaserver_packages }}"
-#    state: absent
--- a/roles/ipasmartcard_client/tasks/main.yml
+++ b/roles/ipasmartcard_client/tasks/main.yml
@@ -109,7 +109,7 @@
      ansible.builtin.file:
        path: /etc/sssd/pki
        state: directory
-        mode: 0711
+        mode: "0711"

    - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
      ansible.builtin.file:
--- a/roles/ipasmartcard_server/tasks/main.yml
+++ b/roles/ipasmartcard_server/tasks/main.yml
@@ -201,7 +201,7 @@
      ansible.builtin.file:
        path: /etc/sssd/pki
        state: directory
-        mode: 0711
+        mode: "0711"

    - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
      ansible.builtin.file:
--- a/tests/ca-less/install_replica_without_ca.yml
+++ b/tests/ca-less/install_replica_without_ca.yml
@@ -48,7 +48,7 @@
      ansible.builtin.file:
        path: "/root/ca-less-test"
        state: directory
-        mode: 0775
+        mode: "0775"

    - name: Copy CA certificate
      ansible.builtin.copy:
--- a/tests/ca-less/install_server_without_ca.yml
+++ b/tests/ca-less/install_server_without_ca.yml
@@ -48,7 +48,7 @@
      ansible.builtin.file:
        path: "/root/ca-less-test"
        state: directory
-        mode: 0775
+        mode: "0775"

    - name: Copy CA certificate
      ansible.builtin.copy:
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -47,7 +47,7 @@
    ansible.builtin.copy:
      dest: "/root/host.csr"
      content: "{{ host_req.stdout }}"
-      mode: 0644
+      mode: "0644"

  # TESTS

--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -45,7 +45,7 @@
    ansible.builtin.copy:
      dest: "/root/user.csr"
      content: "{{ user_req.stdout }}"
-      mode: 0644
+      mode: "0644"

  # TESTS

--- a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
+++ b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
@@ -28,7 +28,7 @@
  become: true
  vars:
    ipaserver_external_cert_files_from_controller: "{{ groups.ipaserver[0] + '-chain.crt' }}"
-    #ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
+    # ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"

  roles:
  - role: ipaserver
--- a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
+++ b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
@@ -34,7 +34,7 @@
  become: true
  vars:
    ipaserver_external_cert_files: "/root/chain.crt"
-    #ipaserver_external_ca_file: "cacert.asc"
+    # ipaserver_external_ca_file: "cacert.asc"

  pre_tasks:
  - name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node
--- a/tests/group/test_group.yml
+++ b/tests/group/test_group.yml
@@ -298,11 +298,11 @@
    register: result
    failed_when: result.changed or result.failed

-  #- ipagroup:
-  #    name: group1
-  #    user:
-  #    - user7
-  #    action: member
+  # - ipagroup:
+  #     name: group1
+  #     user:
+  #     - user7
+  #     action: member

  - name: Ensure user user7 is absent in group group1
    ipagroup:
--- a/tests/host/test_host.yml
+++ b/tests/host/test_host.yml
@@ -191,35 +191,35 @@

  # disabled can only be checked with enabled hosts, all hosts above are
  # not enabled.
-  #- name: Hosts host1..host6 disabled
-  #  ipahost:
-  #    ipaadmin_password: SomeADMINpassword
-  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
-  #    name:
-  #    - "{{ host1_fqdn }}"
-  #    - "{{ host2_fqdn }}"
-  #    - "{{ host3_fqdn }}"
-  #    - "{{ host4_fqdn }}"
-  #    - "{{ host5_fqdn }}"
-  #    - "{{ host6_fqdn }}"
-  #    state: disabled
-  #  register: result
-  #  failed_when: not result.changed or result.failed
+  # - name: Hosts host1..host6 disabled
+  #   ipahost:
+  #     ipaadmin_password: SomeADMINpassword
+  #     ipaapi_context: "{{ ipa_context | default(omit) }}"
+  #     name:
+  #     - "{{ host1_fqdn }}"
+  #     - "{{ host2_fqdn }}"
+  #     - "{{ host3_fqdn }}"
+  #     - "{{ host4_fqdn }}"
+  #     - "{{ host5_fqdn }}"
+  #     - "{{ host6_fqdn }}"
+  #     state: disabled
+  #   register: result
+  #   failed_when: not result.changed or result.failed
  #
-  #- name: Hosts host1..host6 disabled again
-  #  ipahost:
-  #    ipaadmin_password: SomeADMINpassword
-  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
-  #    name:
-  #    - "{{ host1_fqdn }}"
-  #    - "{{ host2_fqdn }}"
-  #    - "{{ host3_fqdn }}"
-  #    - "{{ host4_fqdn }}"
-  #    - "{{ host5_fqdn }}"
-  #    - "{{ host6_fqdn }}"
-  #    state: disabled
-  #  register: result
-  #  failed_when: result.changed or result.failed
+  # - name: Hosts host1..host6 disabled again
+  #   ipahost:
+  #     ipaadmin_password: SomeADMINpassword
+  #     ipaapi_context: "{{ ipa_context | default(omit) }}"
+  #     name:
+  #     - "{{ host1_fqdn }}"
+  #     - "{{ host2_fqdn }}"
+  #     - "{{ host3_fqdn }}"
+  #     - "{{ host4_fqdn }}"
+  #     - "{{ host5_fqdn }}"
+  #     - "{{ host6_fqdn }}"
+  #     state: disabled
+  #   register: result
+  #   failed_when: result.changed or result.failed

  - name: Hosts host1..host6 absent
    ipahost:
--- a/tests/user/test_user.yml
+++ b/tests/user/test_user.yml
@@ -56,7 +56,7 @@
      first: pinky
      last: Acme
      initials: pa
-      #password: foo2
+      # password: foo2
      principal: pa
      random: yes
      street: PinkyStreet
@@ -73,8 +73,8 @@
      # sshpubkey
      userauthtype: password,radius,otp
      userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
      departmentnumber: "1234"
      employeenumber: "0815"
      employeetype: "PinkyExmployeeType"
@@ -82,8 +82,8 @@
      # certificate
      noprivate: yes
      nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
    register: result
    failed_when: not result.changed or result.failed

--- a/tests/user/test_users.yml
+++ b/tests/user/test_users.yml
@@ -190,7 +190,7 @@
      first: pinky
      last: Acme
      initials: pa
-      #password: foo2
+      # password: foo2
      principal: pa
      random: yes
      street: PinkyStreet
@@ -207,8 +207,8 @@
      # sshpubkey
      userauthtype: password,radius,otp
      userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
      departmentnumber: "1234"
      employeenumber: "0815"
      employeetype: "PinkyExmployeeType"
@@ -216,8 +216,8 @@
      # certificate
      noprivate: yes
      nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
    register: result
    failed_when: not result.changed or result.failed

@@ -234,7 +234,7 @@
      first: pinky
      last: Acme
      initials: pa
-      #password: foo2
+      # password: foo2
      principal: pa
      random: yes
      street: PinkyStreet
@@ -251,8 +251,8 @@
      # sshpubkey
      userauthtype: password,radius,otp
      userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
      departmentnumber: "1234"
      employeenumber: "0815"
      employeetype: "PinkyExmployeeType"
@@ -260,8 +260,8 @@
      # certificate
      noprivate: yes
      nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
    register: result
    failed_when: result.changed or result.failed

--- a/tests/vault/env_setup.yml
+++ b/tests/vault/env_setup.yml
@@ -20,7 +20,7 @@
    ansible.builtin.copy:
      src: "{{ playbook_dir }}/{{ item }}"
      dest: "{{ ansible_facts['env'].HOME }}/{{ item }}"
-      mode: 0644
+      mode: "0644"
    with_items:
    - A_private.pem
    - A_public.pem