diff --git a/.yamllint b/.yamllint index 5fbcc17c..4ed8db5b 100644 --- a/.yamllint +++ b/.yamllint @@ -20,4 +20,9 @@ rules: max: 160 # Disabled rules indentation: disable - comments: disable + comments: + min-spaces-from-content: 1 + comments-indentation: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/playbooks/dnszone/dnszone-all-params.yml b/playbooks/dnszone/dnszone-all-params.yml index 5cba47f8..e8a8ffc8 100644 --- a/playbooks/dnszone/dnszone-all-params.yml +++ b/playbooks/dnszone/dnszone-all-params.yml @@ -21,7 +21,7 @@ - ip_address: 8.8.8.8 - ip_address: 8.8.4.4 port: 52 - #serial: 1234 + # serial: 1234 refresh: 3600 retry: 900 expire: 1209600 diff --git a/playbooks/vault/vault-is-present-with-password-file.yml b/playbooks/vault/vault-is-present-with-password-file.yml index aa1700ce..a3dea2bc 100644 --- a/playbooks/vault/vault-is-present-with-password-file.yml +++ b/playbooks/vault/vault-is-present-with-password-file.yml @@ -11,7 +11,7 @@ dest: "{{ ansible_facts['env'].HOME }}/password.txt" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - mode: 0600 + mode: "0600" - name: Ensure symmetric vault exists with password from file. ipavault: ipaadmin_password: SomeADMINpassword diff --git a/playbooks/vault/vault-is-present-with-public-key-file.yml b/playbooks/vault/vault-is-present-with-public-key-file.yml index fbd6d7d9..53dbcd8a 100644 --- a/playbooks/vault/vault-is-present-with-public-key-file.yml +++ b/playbooks/vault/vault-is-present-with-public-key-file.yml @@ -16,7 +16,7 @@ dest: "{{ ansible_facts['env'].HOME }}/public.pem" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - mode: 0600 + mode: "0600" - name: Ensure asymmetric vault exists with public key from file. ipavault: ipaadmin_password: SomeADMINpassword diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index b5eb7165..08d0b2e0 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -152,7 +152,7 @@ ansible.builtin.copy: src: "{{ ipaadmin_keytab }}" dest: "{{ keytab_temp.path }}" - mode: 0600 + mode: "0600" delegate_to: "{{ result_ipaclient_test.servers[0] }}" when: ipaadmin_keytab is defined diff --git a/roles/ipaclient/tasks/uninstall.yml b/roles/ipaclient/tasks/uninstall.yml index 2b2996a9..fe5ca009 100644 --- a/roles/ipaclient/tasks/uninstall.yml +++ b/roles/ipaclient/tasks/uninstall.yml @@ -15,8 +15,3 @@ ipaclient_configure_dns_resolver: state: absent when: ipaclient_cleanup_dns_resolver | bool - -#- name: Remove IPA client package -# ansible.builtin.package: -# name: "{{ ipaclient_packages }}" -# state: absent diff --git a/roles/ipaclient/vars/Fedora-25.yml b/roles/ipaclient/vars/Fedora-25.yml index 9999b331..c01176c6 100644 --- a/roles/ipaclient/vars/Fedora-25.yml +++ b/roles/ipaclient/vars/Fedora-25.yml @@ -2,4 +2,4 @@ # vars/Fedora-25.yml --- ipaclient_packages: [ "ipa-client", "libselinux-python" ] -#ansible_python_interpreter: '/usr/bin/python2' +# ansible_python_interpreter: '/usr/bin/python2' diff --git a/roles/ipaclient/vars/Fedora-26.yml b/roles/ipaclient/vars/Fedora-26.yml index 12722c8a..29fa605a 100644 --- a/roles/ipaclient/vars/Fedora-26.yml +++ b/roles/ipaclient/vars/Fedora-26.yml @@ -2,4 +2,4 @@ # vars/Fedora-26.yml --- ipaclient_packages: [ "ipa-client", "libselinux-python" ] -#ansible_python_interpreter: '/usr/bin/python2' +# ansible_python_interpreter: '/usr/bin/python2' diff --git a/roles/ipaclient/vars/RedHat-7.3.yml b/roles/ipaclient/vars/RedHat-7.3.yml index 51d2b10d..1acd1958 100644 --- a/roles/ipaclient/vars/RedHat-7.3.yml +++ b/roles/ipaclient/vars/RedHat-7.3.yml @@ -2,4 +2,4 @@ # vars/RedHat-7.3.yml --- ipaclient_packages: [ "ipa-client", "ipa-admintools", "libselinux-python" ] -#ansible_python_interpreter: '/usr/bin/python2' +# ansible_python_interpreter: '/usr/bin/python2' diff --git a/roles/ipaclient/vars/RedHat-7.yml b/roles/ipaclient/vars/RedHat-7.yml index c2ea3ca5..c154c99f 100644 --- a/roles/ipaclient/vars/RedHat-7.yml +++ b/roles/ipaclient/vars/RedHat-7.yml @@ -2,4 +2,3 @@ # vars/RedHat-7 --- ipaclient_packages: [ "ipa-client", "libselinux-python" ] -#ansible_python_interpreter: '/usr/bin/python2' diff --git a/roles/ipaclient/vars/default.yml b/roles/ipaclient/vars/default.yml index a28d81a1..2cfb3614 100644 --- a/roles/ipaclient/vars/default.yml +++ b/roles/ipaclient/vars/default.yml @@ -2,4 +2,3 @@ # vars/default.yml --- ipaclient_packages: [ "ipa-client", "python3-libselinux" ] -#ansible_python_interpreter: '/usr/bin/python3' diff --git a/roles/ipareplica/defaults/main.yml b/roles/ipareplica/defaults/main.yml index 01afc442..011647a2 100644 --- a/roles/ipareplica/defaults/main.yml +++ b/roles/ipareplica/defaults/main.yml @@ -17,10 +17,10 @@ ipareplica_no_ui_redirect: no ipaclient_mkhomedir: no ipaclient_force_join: no ipaclient_no_ntp: no -#ipaclient_ssh_trust_dns: no -#ipaclient_no_ssh: no -#ipaclient_no_sshd: no -#ipaclient_no_dns_sshfp: no +# ipaclient_ssh_trust_dns: no +# ipaclient_no_ssh: no +# ipaclient_no_sshd: no +# ipaclient_no_dns_sshfp: no ipaclient_ssh_trust_dns: no ### certificate system ### ipareplica_skip_schema_check: no diff --git a/roles/ipaserver/defaults/main.yml b/roles/ipaserver/defaults/main.yml index b8d92f60..f99a16ec 100644 --- a/roles/ipaserver/defaults/main.yml +++ b/roles/ipaserver/defaults/main.yml @@ -16,10 +16,10 @@ ipaserver_random_serial_numbers: false ### client ### ipaclient_mkhomedir: no ipaclient_no_ntp: no -#ipaclient_ssh_trust_dns: no -#ipaclient_no_ssh: no -#ipaclient_no_sshd: no -#ipaclient_no_dns_sshfp: no +# ipaclient_ssh_trust_dns: no +# ipaclient_no_ssh: no +# ipaclient_no_sshd: no +# ipaclient_no_dns_sshfp: no ### certificate system ### ipaserver_external_ca: no ### dns ### diff --git a/roles/ipaserver/tasks/uninstall.yml b/roles/ipaserver/tasks/uninstall.yml index 35ab6356..d404e2e8 100644 --- a/roles/ipaserver/tasks/uninstall.yml +++ b/roles/ipaserver/tasks/uninstall.yml @@ -54,8 +54,3 @@ # 1 means that uninstall failed because IPA server was not configured failed_when: uninstall.rc != 0 and uninstall.rc != 1 changed_when: uninstall.rc == 0 - -#- name: Remove IPA server packages -# ansible.builtin.package: -# name: "{{ ipaserver_packages }}" -# state: absent diff --git a/roles/ipasmartcard_client/tasks/main.yml b/roles/ipasmartcard_client/tasks/main.yml index 8c87a80f..232706b2 100644 --- a/roles/ipasmartcard_client/tasks/main.yml +++ b/roles/ipasmartcard_client/tasks/main.yml @@ -109,7 +109,7 @@ ansible.builtin.file: path: /etc/sssd/pki state: directory - mode: 0711 + mode: "0711" - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent ansible.builtin.file: diff --git a/roles/ipasmartcard_server/tasks/main.yml b/roles/ipasmartcard_server/tasks/main.yml index c650511e..d95db685 100644 --- a/roles/ipasmartcard_server/tasks/main.yml +++ b/roles/ipasmartcard_server/tasks/main.yml @@ -201,7 +201,7 @@ ansible.builtin.file: path: /etc/sssd/pki state: directory - mode: 0711 + mode: "0711" - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent ansible.builtin.file: diff --git a/tests/ca-less/install_replica_without_ca.yml b/tests/ca-less/install_replica_without_ca.yml index 4e6952bb..8120b533 100644 --- a/tests/ca-less/install_replica_without_ca.yml +++ b/tests/ca-less/install_replica_without_ca.yml @@ -48,7 +48,7 @@ ansible.builtin.file: path: "/root/ca-less-test" state: directory - mode: 0775 + mode: "0775" - name: Copy CA certificate ansible.builtin.copy: diff --git a/tests/ca-less/install_server_without_ca.yml b/tests/ca-less/install_server_without_ca.yml index c5206e1a..aa8eab1f 100644 --- a/tests/ca-less/install_server_without_ca.yml +++ b/tests/ca-less/install_server_without_ca.yml @@ -48,7 +48,7 @@ ansible.builtin.file: path: "/root/ca-less-test" state: directory - mode: 0775 + mode: "0775" - name: Copy CA certificate ansible.builtin.copy: diff --git a/tests/cert/test_cert_host.yml b/tests/cert/test_cert_host.yml index 1ac04efa..31cd1a27 100644 --- a/tests/cert/test_cert_host.yml +++ b/tests/cert/test_cert_host.yml @@ -47,7 +47,7 @@ ansible.builtin.copy: dest: "/root/host.csr" content: "{{ host_req.stdout }}" - mode: 0644 + mode: "0644" # TESTS diff --git a/tests/cert/test_cert_user.yml b/tests/cert/test_cert_user.yml index cba90deb..b8f80ebc 100644 --- a/tests/cert/test_cert_user.yml +++ b/tests/cert/test_cert_user.yml @@ -45,7 +45,7 @@ ansible.builtin.copy: dest: "/root/user.csr" content: "{{ user_req.stdout }}" - mode: 0644 + mode: "0644" # TESTS diff --git a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml index 08427b24..2d73a447 100644 --- a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml +++ b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml @@ -28,7 +28,7 @@ become: true vars: ipaserver_external_cert_files_from_controller: "{{ groups.ipaserver[0] + '-chain.crt' }}" - #ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}" + # ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}" roles: - role: ipaserver diff --git a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml index 39b9ac74..015e3580 100644 --- a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml +++ b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml @@ -34,7 +34,7 @@ become: true vars: ipaserver_external_cert_files: "/root/chain.crt" - #ipaserver_external_ca_file: "cacert.asc" + # ipaserver_external_ca_file: "cacert.asc" pre_tasks: - name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node diff --git a/tests/group/test_group.yml b/tests/group/test_group.yml index 8cb76946..72fe1d74 100644 --- a/tests/group/test_group.yml +++ b/tests/group/test_group.yml @@ -298,11 +298,11 @@ register: result failed_when: result.changed or result.failed - #- ipagroup: - # name: group1 - # user: - # - user7 - # action: member + # - ipagroup: + # name: group1 + # user: + # - user7 + # action: member - name: Ensure user user7 is absent in group group1 ipagroup: diff --git a/tests/host/test_host.yml b/tests/host/test_host.yml index 12a421a4..a97972b7 100644 --- a/tests/host/test_host.yml +++ b/tests/host/test_host.yml @@ -191,35 +191,35 @@ # disabled can only be checked with enabled hosts, all hosts above are # not enabled. - #- name: Hosts host1..host6 disabled - # ipahost: - # ipaadmin_password: SomeADMINpassword - # ipaapi_context: "{{ ipa_context | default(omit) }}" - # name: - # - "{{ host1_fqdn }}" - # - "{{ host2_fqdn }}" - # - "{{ host3_fqdn }}" - # - "{{ host4_fqdn }}" - # - "{{ host5_fqdn }}" - # - "{{ host6_fqdn }}" - # state: disabled - # register: result - # failed_when: not result.changed or result.failed + # - name: Hosts host1..host6 disabled + # ipahost: + # ipaadmin_password: SomeADMINpassword + # ipaapi_context: "{{ ipa_context | default(omit) }}" + # name: + # - "{{ host1_fqdn }}" + # - "{{ host2_fqdn }}" + # - "{{ host3_fqdn }}" + # - "{{ host4_fqdn }}" + # - "{{ host5_fqdn }}" + # - "{{ host6_fqdn }}" + # state: disabled + # register: result + # failed_when: not result.changed or result.failed # - #- name: Hosts host1..host6 disabled again - # ipahost: - # ipaadmin_password: SomeADMINpassword - # ipaapi_context: "{{ ipa_context | default(omit) }}" - # name: - # - "{{ host1_fqdn }}" - # - "{{ host2_fqdn }}" - # - "{{ host3_fqdn }}" - # - "{{ host4_fqdn }}" - # - "{{ host5_fqdn }}" - # - "{{ host6_fqdn }}" - # state: disabled - # register: result - # failed_when: result.changed or result.failed + # - name: Hosts host1..host6 disabled again + # ipahost: + # ipaadmin_password: SomeADMINpassword + # ipaapi_context: "{{ ipa_context | default(omit) }}" + # name: + # - "{{ host1_fqdn }}" + # - "{{ host2_fqdn }}" + # - "{{ host3_fqdn }}" + # - "{{ host4_fqdn }}" + # - "{{ host5_fqdn }}" + # - "{{ host6_fqdn }}" + # state: disabled + # register: result + # failed_when: result.changed or result.failed - name: Hosts host1..host6 absent ipahost: diff --git a/tests/user/test_user.yml b/tests/user/test_user.yml index 48e930dc..daad3e74 100644 --- a/tests/user/test_user.yml +++ b/tests/user/test_user.yml @@ -56,7 +56,7 @@ first: pinky last: Acme initials: pa - #password: foo2 + # password: foo2 principal: pa random: yes street: PinkyStreet @@ -73,8 +73,8 @@ # sshpubkey userauthtype: password,radius,otp userclass: PinkyUserClass - #radius: "http://some.link/" - #radiususer: PinkyRadiusUser + # radius: "http://some.link/" + # radiususer: PinkyRadiusUser departmentnumber: "1234" employeenumber: "0815" employeetype: "PinkyExmployeeType" @@ -82,8 +82,8 @@ # certificate noprivate: yes nomembers: false - #issuer: PinkyIssuer - #subject: PinkySubject + # issuer: PinkyIssuer + # subject: PinkySubject register: result failed_when: not result.changed or result.failed diff --git a/tests/user/test_users.yml b/tests/user/test_users.yml index 651e06d0..e583c424 100644 --- a/tests/user/test_users.yml +++ b/tests/user/test_users.yml @@ -190,7 +190,7 @@ first: pinky last: Acme initials: pa - #password: foo2 + # password: foo2 principal: pa random: yes street: PinkyStreet @@ -207,8 +207,8 @@ # sshpubkey userauthtype: password,radius,otp userclass: PinkyUserClass - #radius: "http://some.link/" - #radiususer: PinkyRadiusUser + # radius: "http://some.link/" + # radiususer: PinkyRadiusUser departmentnumber: "1234" employeenumber: "0815" employeetype: "PinkyExmployeeType" @@ -216,8 +216,8 @@ # certificate noprivate: yes nomembers: false - #issuer: PinkyIssuer - #subject: PinkySubject + # issuer: PinkyIssuer + # subject: PinkySubject register: result failed_when: not result.changed or result.failed @@ -234,7 +234,7 @@ first: pinky last: Acme initials: pa - #password: foo2 + # password: foo2 principal: pa random: yes street: PinkyStreet @@ -251,8 +251,8 @@ # sshpubkey userauthtype: password,radius,otp userclass: PinkyUserClass - #radius: "http://some.link/" - #radiususer: PinkyRadiusUser + # radius: "http://some.link/" + # radiususer: PinkyRadiusUser departmentnumber: "1234" employeenumber: "0815" employeetype: "PinkyExmployeeType" @@ -260,8 +260,8 @@ # certificate noprivate: yes nomembers: false - #issuer: PinkyIssuer - #subject: PinkySubject + # issuer: PinkyIssuer + # subject: PinkySubject register: result failed_when: result.changed or result.failed diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml index a1224549..bab0f5e0 100644 --- a/tests/vault/env_setup.yml +++ b/tests/vault/env_setup.yml @@ -20,7 +20,7 @@ ansible.builtin.copy: src: "{{ playbook_dir }}/{{ item }}" dest: "{{ ansible_facts['env'].HOME }}/{{ item }}" - mode: 0644 + mode: "0644" with_items: - A_private.pem - A_public.pem