Merge pull request #1334 from rjeffman/update_c10s_image

Update c10s image
2026-05-08 06:13:21 +00:00 · 2025-01-31 16:03:32 +01:00
parent 0da0b22ae7 8b4b22dd00
commit f27b0e3011
28 changed files with 79 additions and 86 deletions
--- a/.yamllint
+++ b/.yamllint
@@ -20,4 +20,9 @@ rules:
    max: 160
  # Disabled rules
  indentation: disable
-  comments: disable
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: disable
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
--- a/infra/image/dockerfile/c10s
+++ b/infra/image/dockerfile/c10s
@@ -1,4 +1,4 @@
-FROM quay.io/centos/centos:stream10-development
+FROM quay.io/centos/centos:stream10
 ENV container=podman

 RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
--- a/playbooks/dnszone/dnszone-all-params.yml
+++ b/playbooks/dnszone/dnszone-all-params.yml
@@ -21,7 +21,7 @@
        - ip_address: 8.8.8.8
        - ip_address: 8.8.4.4
          port: 52
-      #serial: 1234
+      # serial: 1234
      refresh: 3600
      retry: 900
      expire: 1209600
--- a/playbooks/vault/vault-is-present-with-password-file.yml
+++ b/playbooks/vault/vault-is-present-with-password-file.yml
@@ -11,7 +11,7 @@
      dest: "{{ ansible_facts['env'].HOME }}/password.txt"
      owner: "{{ ansible_user }}"
      group: "{{ ansible_user }}"
-      mode: 0600
+      mode: "0600"
  - name: Ensure symmetric vault exists with password from file.
    ipavault:
      ipaadmin_password: SomeADMINpassword
--- a/playbooks/vault/vault-is-present-with-public-key-file.yml
+++ b/playbooks/vault/vault-is-present-with-public-key-file.yml
@@ -16,7 +16,7 @@
      dest: "{{ ansible_facts['env'].HOME }}/public.pem"
      owner: "{{ ansible_user }}"
      group: "{{ ansible_user }}"
-      mode: 0600
+      mode: "0600"
  - name: Ensure asymmetric vault exists with public key from file.
    ipavault:
      ipaadmin_password: SomeADMINpassword
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -152,7 +152,7 @@
      ansible.builtin.copy:
        src: "{{ ipaadmin_keytab }}"
        dest: "{{ keytab_temp.path }}"
-        mode: 0600
+        mode: "0600"
      delegate_to: "{{ result_ipaclient_test.servers[0] }}"
      when: ipaadmin_keytab is defined

--- a/roles/ipaclient/tasks/uninstall.yml
+++ b/roles/ipaclient/tasks/uninstall.yml
@@ -15,8 +15,3 @@
  ipaclient_configure_dns_resolver:
    state: absent
  when: ipaclient_cleanup_dns_resolver | bool
-
-#- name: Remove IPA client package
-#  ansible.builtin.package:
-#    name: "{{ ipaclient_packages }}"
-#    state: absent
--- a/roles/ipaclient/vars/Fedora-25.yml
+++ b/roles/ipaclient/vars/Fedora-25.yml
@@ -2,4 +2,4 @@
 # vars/Fedora-25.yml
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/Fedora-26.yml
+++ b/roles/ipaclient/vars/Fedora-26.yml
@@ -2,4 +2,4 @@
 # vars/Fedora-26.yml
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/RedHat-7.3.yml
+++ b/roles/ipaclient/vars/RedHat-7.3.yml
@@ -2,4 +2,4 @@
 # vars/RedHat-7.3.yml
 ---
 ipaclient_packages: [ "ipa-client", "ipa-admintools", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/RedHat-7.yml
+++ b/roles/ipaclient/vars/RedHat-7.yml
@@ -2,4 +2,3 @@
 # vars/RedHat-7
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
--- a/roles/ipaclient/vars/default.yml
+++ b/roles/ipaclient/vars/default.yml
@@ -2,4 +2,3 @@
 # vars/default.yml
 ---
 ipaclient_packages: [ "ipa-client", "python3-libselinux" ]
-#ansible_python_interpreter: '/usr/bin/python3'
--- a/roles/ipareplica/defaults/main.yml
+++ b/roles/ipareplica/defaults/main.yml
@@ -17,10 +17,10 @@ ipareplica_no_ui_redirect: no
 ipaclient_mkhomedir: no
 ipaclient_force_join: no
 ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
 ipaclient_ssh_trust_dns: no
 ### certificate system ###
 ipareplica_skip_schema_check: no
--- a/roles/ipaserver/defaults/main.yml
+++ b/roles/ipaserver/defaults/main.yml
@@ -16,10 +16,10 @@ ipaserver_random_serial_numbers: false
 ### client ###
 ipaclient_mkhomedir: no
 ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
 ### certificate system ###
 ipaserver_external_ca: no
 ### dns ###
--- a/roles/ipaserver/tasks/uninstall.yml
+++ b/roles/ipaserver/tasks/uninstall.yml
@@ -54,8 +54,3 @@
  # 1 means that uninstall failed because IPA server was not configured
  failed_when: uninstall.rc != 0 and uninstall.rc != 1
  changed_when: uninstall.rc == 0
-
-#- name: Remove IPA server packages
-#  ansible.builtin.package:
-#    name: "{{ ipaserver_packages }}"
-#    state: absent
--- a/roles/ipasmartcard_client/tasks/main.yml
+++ b/roles/ipasmartcard_client/tasks/main.yml
@@ -109,7 +109,7 @@
      ansible.builtin.file:
        path: /etc/sssd/pki
        state: directory
-        mode: 0711
+        mode: "0711"

    - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
      ansible.builtin.file:
--- a/roles/ipasmartcard_server/tasks/main.yml
+++ b/roles/ipasmartcard_server/tasks/main.yml
@@ -201,7 +201,7 @@
      ansible.builtin.file:
        path: /etc/sssd/pki
        state: directory
-        mode: 0711
+        mode: "0711"

    - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
      ansible.builtin.file:
--- a/tests/ca-less/install_replica_without_ca.yml
+++ b/tests/ca-less/install_replica_without_ca.yml
@@ -48,7 +48,7 @@
      ansible.builtin.file:
        path: "/root/ca-less-test"
        state: directory
-        mode: 0775
+        mode: "0775"

    - name: Copy CA certificate
      ansible.builtin.copy:
--- a/tests/ca-less/install_server_without_ca.yml
+++ b/tests/ca-less/install_server_without_ca.yml
@@ -48,7 +48,7 @@
      ansible.builtin.file:
        path: "/root/ca-less-test"
        state: directory
-        mode: 0775
+        mode: "0775"

    - name: Copy CA certificate
      ansible.builtin.copy:
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -47,7 +47,7 @@
    ansible.builtin.copy:
      dest: "/root/host.csr"
      content: "{{ host_req.stdout }}"
-      mode: 0644
+      mode: "0644"

  # TESTS

--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -45,7 +45,7 @@
    ansible.builtin.copy:
      dest: "/root/user.csr"
      content: "{{ user_req.stdout }}"
-      mode: 0644
+      mode: "0644"

  # TESTS

--- a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
+++ b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
@@ -28,7 +28,7 @@
  become: true
  vars:
    ipaserver_external_cert_files_from_controller: "{{ groups.ipaserver[0] + '-chain.crt' }}"
-    #ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
+    # ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"

  roles:
  - role: ipaserver
--- a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
+++ b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
@@ -34,7 +34,7 @@
  become: true
  vars:
    ipaserver_external_cert_files: "/root/chain.crt"
-    #ipaserver_external_ca_file: "cacert.asc"
+    # ipaserver_external_ca_file: "cacert.asc"

  pre_tasks:
  - name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node
--- a/tests/group/test_group.yml
+++ b/tests/group/test_group.yml
@@ -298,11 +298,11 @@
    register: result
    failed_when: result.changed or result.failed

-  #- ipagroup:
-  #    name: group1
-  #    user:
-  #    - user7
-  #    action: member
+  # - ipagroup:
+  #     name: group1
+  #     user:
+  #     - user7
+  #     action: member

  - name: Ensure user user7 is absent in group group1
    ipagroup:
--- a/tests/host/test_host.yml
+++ b/tests/host/test_host.yml
@@ -191,35 +191,35 @@

  # disabled can only be checked with enabled hosts, all hosts above are
  # not enabled.
-  #- name: Hosts host1..host6 disabled
-  #  ipahost:
-  #    ipaadmin_password: SomeADMINpassword
-  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
-  #    name:
-  #    - "{{ host1_fqdn }}"
-  #    - "{{ host2_fqdn }}"
-  #    - "{{ host3_fqdn }}"
-  #    - "{{ host4_fqdn }}"
-  #    - "{{ host5_fqdn }}"
-  #    - "{{ host6_fqdn }}"
-  #    state: disabled
-  #  register: result
-  #  failed_when: not result.changed or result.failed
+  # - name: Hosts host1..host6 disabled
+  #   ipahost:
+  #     ipaadmin_password: SomeADMINpassword
+  #     ipaapi_context: "{{ ipa_context | default(omit) }}"
+  #     name:
+  #     - "{{ host1_fqdn }}"
+  #     - "{{ host2_fqdn }}"
+  #     - "{{ host3_fqdn }}"
+  #     - "{{ host4_fqdn }}"
+  #     - "{{ host5_fqdn }}"
+  #     - "{{ host6_fqdn }}"
+  #     state: disabled
+  #   register: result
+  #   failed_when: not result.changed or result.failed
  #
-  #- name: Hosts host1..host6 disabled again
-  #  ipahost:
-  #    ipaadmin_password: SomeADMINpassword
-  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
-  #    name:
-  #    - "{{ host1_fqdn }}"
-  #    - "{{ host2_fqdn }}"
-  #    - "{{ host3_fqdn }}"
-  #    - "{{ host4_fqdn }}"
-  #    - "{{ host5_fqdn }}"
-  #    - "{{ host6_fqdn }}"
-  #    state: disabled
-  #  register: result
-  #  failed_when: result.changed or result.failed
+  # - name: Hosts host1..host6 disabled again
+  #   ipahost:
+  #     ipaadmin_password: SomeADMINpassword
+  #     ipaapi_context: "{{ ipa_context | default(omit) }}"
+  #     name:
+  #     - "{{ host1_fqdn }}"
+  #     - "{{ host2_fqdn }}"
+  #     - "{{ host3_fqdn }}"
+  #     - "{{ host4_fqdn }}"
+  #     - "{{ host5_fqdn }}"
+  #     - "{{ host6_fqdn }}"
+  #     state: disabled
+  #   register: result
+  #   failed_when: result.changed or result.failed

  - name: Hosts host1..host6 absent
    ipahost:
--- a/tests/user/test_user.yml
+++ b/tests/user/test_user.yml
@@ -56,7 +56,7 @@
      first: pinky
      last: Acme
      initials: pa
-      #password: foo2
+      # password: foo2
      principal: pa
      random: yes
      street: PinkyStreet
@@ -73,8 +73,8 @@
      # sshpubkey
      userauthtype: password,radius,otp
      userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
      departmentnumber: "1234"
      employeenumber: "0815"
      employeetype: "PinkyExmployeeType"
@@ -82,8 +82,8 @@
      # certificate
      noprivate: yes
      nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
    register: result
    failed_when: not result.changed or result.failed

--- a/tests/user/test_users.yml
+++ b/tests/user/test_users.yml
@@ -190,7 +190,7 @@
      first: pinky
      last: Acme
      initials: pa
-      #password: foo2
+      # password: foo2
      principal: pa
      random: yes
      street: PinkyStreet
@@ -207,8 +207,8 @@
      # sshpubkey
      userauthtype: password,radius,otp
      userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
      departmentnumber: "1234"
      employeenumber: "0815"
      employeetype: "PinkyExmployeeType"
@@ -216,8 +216,8 @@
      # certificate
      noprivate: yes
      nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
    register: result
    failed_when: not result.changed or result.failed

@@ -234,7 +234,7 @@
      first: pinky
      last: Acme
      initials: pa
-      #password: foo2
+      # password: foo2
      principal: pa
      random: yes
      street: PinkyStreet
@@ -251,8 +251,8 @@
      # sshpubkey
      userauthtype: password,radius,otp
      userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
      departmentnumber: "1234"
      employeenumber: "0815"
      employeetype: "PinkyExmployeeType"
@@ -260,8 +260,8 @@
      # certificate
      noprivate: yes
      nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
    register: result
    failed_when: result.changed or result.failed

--- a/tests/vault/env_setup.yml
+++ b/tests/vault/env_setup.yml
@@ -20,7 +20,7 @@
    ansible.builtin.copy:
      src: "{{ playbook_dir }}/{{ item }}"
      dest: "{{ ansible_facts['env'].HOME }}/{{ item }}"
-      mode: 0644
+      mode: "0644"
    with_items:
    - A_private.pem
    - A_public.pem