Conform to linter

.ansible-lint

@@ -10,3 +10,7 @@ exclude_paths:
 skip_list:
   - role-name
   - var-naming
+warn_list:
+  - yaml[line-length]
+  - no-changed-when
+  - no-handler

.ansible-lint-ignore

@@ -4,10 +4,9 @@
 # Ignore rules in specific files as follows:
 # playbooks/transferuser.yml yaml[empty-lines]
 
+playbooks/roles/transferuser/molecule/default/verify.yml risky-shell-pipe
+playbooks/roles/stata18/molecule/default/prepare.yml command-instead-of-module
+playbooks/roles/stata18/molecule/default/prepare.yml inline-env-var # this is a bug in some versions of ansible-lint
+
 molecule/playbook-aptly/molecule.yml yaml[line-length] # molecule test parameters are long
 molecule/playbook-reverse_proxy/molecule.yml yaml[line-length] # molecule test parameters are long
-molecule/playbook-reverse_proxy/verify.yml yaml[line-length] # URL expectations are too long
-playbooks/roles/sshfs_mount/main/tasks.yml yaml[line-length] # fstab options are too long
-playbooks/roles/camunda_server/tasks/main.yml yaml[line-length] # XML too long
-playbooks/roles/sshfs_mount/tasks/mount.yml yaml[line-length] # mount options too long
-playbooks/roles/stata18/molecule/default/prepare.yml command-instead-of-module

.github/workflows/ansible_lint.yml

@@ -29,4 +29,4 @@ jobs:
       - name: Run ansible-lint
         uses: ansible/ansible-lint@main
         with:
-          args: "."
+          args: "playbooks ."

playbooks/aptly.yml

@@ -5,34 +5,34 @@
   pre_tasks:
     - name: Get Service Status
       no_log: true
-      systemd:
+      ansible.builtin.systemd:
         name: nginx
       register: nginx_status
 
     - name: Stop if nginx is not installed
-      fail:
+      ansible.builtin.fail:
         msg: The nginx service must be installed and active for this component to work.
       when: nginx_status.status.ActiveState != 'active'
 
     - name: Parse aptly packages as yaml
-      set_fact:
+      ansible.builtin.set_fact:
         packages: "{{ packages | d([]) + [item | from_yaml] }}"
       loop: "{{ aptly_packages.split('\\n') | list }}"
 
     - name: Parse aptly repositories as yaml
-      set_fact:
+      ansible.builtin.set_fact:
         repos: "{{ repos | d([]) + [item | from_yaml] }}"
       loop: "{{ aptly_repositories.split('\\n') | list }}"
 
     - name: Set aptly user vars
-      set_fact:
+      ansible.builtin.set_fact:
         aptly_user: "{{ aptly_user | default('aptly') }}"
         aptly_home: /srv/aptly
 
     # When the gpg keys were set as a component parameter, '\n' needs to be replaced by true newlines
     - name: Set gpg key variables
       when: (aptly_gpg_private_key | default('') | length > 0) and (aptly_gpg_public_key | default('') | length > 0)
-      set_fact:
+      ansible.builtin.set_fact:
         gpg_private_key: "{{ aptly_gpg_private_key.split('\\n') | join('\n') }}"
         gpg_public_key: "{{ aptly_gpg_public_key.split('\\n') | join('\n') }}"
 
@@ -41,7 +41,7 @@
       when: (aptly_gpg_private_key | default('') | length == 0) or (aptly_gpg_public_key | default('') | length == 0)
       block:
         - name: Generate keys
-          import_role:
+          ansible.builtin.import_role:
             name: ext/juju4.gpgkey_generate
           vars:
             gpg_pull: false # Don't pull the created keys to the orchestrator
@@ -55,18 +55,18 @@
             gpg_pubkeyfileexport: aptly.asc
             gpg_privkeyfile: aptly.priv
             gpg_home: /root
         - name: Cat GPG private key
-          command: cat /root/aptly.priv
+          ansible.builtin.command: cat /root/aptly.priv
           changed_when: false
           no_log: true
           register: aptly_gpg_private_cat
         - name: Cat GPG public key
-          command: cat /root/aptly.asc
+          ansible.builtin.command: cat /root/aptly.asc
           changed_when: false
           no_log: true
           register: aptly_gpg_public_cat
         - name: Set GPG key vars
-          set_fact:
+          ansible.builtin.set_fact:
             gpg_private_key: "{{ aptly_gpg_private_cat.stdout }}"
             gpg_public_key: "{{ aptly_gpg_public_cat.stdout }}"
           no_log: true
@@ -89,7 +89,7 @@
 
   tasks:
     - name: Copy pubkey to repo
-      copy:
+      ansible.builtin.copy:
         content: "{{ gpg_public_key }}"
         dest: "{{ aptly_home }}/.aptly/public/aptly_pubkey.asc"
         owner: aptly
@@ -98,7 +98,7 @@
 
     # NB: aptly homedir is hardcoded because copy does not support templating
     - name: Create nginx location block
-      copy:
+      ansible.builtin.copy:
         content: |
           location /apt {
             alias /srv/aptly/.aptly/public;
@@ -111,6 +111,6 @@
 
   handlers:
     - name: Restart nginx
-      service:
+      ansible.builtin.service:
         name: nginx
         state: restarted

playbooks/flask_app.yml

@@ -31,12 +31,12 @@
           ansible.builtin.service_facts:
 
         - name: Stop if nginx is not installed
-          fail:
+          ansible.builtin.fail:
             msg: Nginx must be installed and active for this component to work.
           when: services['nginx.service'].state != 'running'
 
     - name: Check for presence of SRC Nginx SRAM authentication config
-      lineinfile:
+      ansible.builtin.lineinfile:
         line: "{{ item }}"
         dest: /etc/nginx/app-location-conf.d/authentication.conf
       check_mode: true
@@ -46,24 +46,24 @@
         - location = /oauth2_callback {
         - location = /validate {
 
     - name: Stop if SRC nginx config is not present
-      fail:
+      ansible.builtin.fail:
         msg: The SRC-Nginx component must be run before this component
       when: src_nginx_config.changed
 
     - name: Resolve 'omit' in variables
       block:
         - name: Set uwsgi_config
-          set_fact:
+          ansible.builtin.set_fact:
             uwsgi_config: "{{ _uwsgi_config }}"
 
         - name: Set uwsgi_proxy_config
-          set_fact:
+          ansible.builtin.set_fact:
             uwsgi_proxy_config: "{{ _uwsgi_proxy_config }}"
 
     - name: Set auth info variable if auth basic is set
       when: flask_app_auth == 'basic'
-      set_fact:
+      ansible.builtin.set_fact:
         _flask_app_auth_info:
           - name: "{{ flask_app_name }}"
             username: "{{ flask_app_username | default('') }}"
@@ -72,14 +72,14 @@
 
     - name: Clone repo
       tags: molecule-idempotence-notest
-      git:
+      ansible.builtin.git:
         repo: "{{ flask_app_repo }}"
         version: "{{ flask_app_version | default(omit, true) }}"
         dest: "{{ uwsgi_app_dir }}"
         depth: 1
 
     - name: Create venv with uv
-      include_role:
+      ansible.builtin.include_role:
         name: uv
       vars:
         uv_venvs:
@@ -88,13 +88,13 @@
 
     - name: Ensure build requirements for uwsgi present
       when: ansible_os_family == 'Debian'
-      package:
+      ansible.builtin.package:
         name:
           - build-essential
           - python3-dev
 
     - name: Install uwsgi
-      pip:
+      ansible.builtin.pip:
         executable: uv_pip
         name:
           - wheel
@@ -106,7 +106,7 @@
 
     - name: Install requirements
       when: flask_app_requirements | length > 0
-      pip:
+      ansible.builtin.pip:
         executable: uv_pip
         requirements: "{{ uwsgi_app_dir }}/{{ item | trim }}"
       environment:

playbooks/irods_server.yml

@@ -1,10 +1,9 @@
 ---
-- name: install iRODS server (provider role) in researchcloud workspace
+- name: Install iRODS server (provider role) in researchcloud workspace
   hosts: localhost
   gather_facts: true
 
-    # irods server will use a local postgresql database   
-    
+  # irods server will use a local postgresql database
+
   roles:
     - irods_server
-

playbooks/keycloak.yml

@@ -5,12 +5,12 @@
   pre_tasks:
     - name: Get Service Status
       no_log: true
-      systemd:
+      ansible.builtin.systemd:
         name: nginx
       register: nginx_status
 
     - name: Stop if nginx is not installed
-      fail:
+      ansible.builtin.fail:
         msg: The SRC-Nginx component must be installed and active for this component to work.
       when: nginx_status.status.ActiveState != 'active'
 

playbooks/r-workbench.yml

@@ -16,11 +16,11 @@
   tasks:
     - name: Parse optional packages as yaml
       when: r_workbench_packages is defined and r_workbench_packages | length > 0
-      set_fact:
+      ansible.builtin.set_fact:
         _r_packages: "{{ r_workbench_packages.split('\\n') | join('\n') | from_yaml }}"
 
     - name: Include ansible-r role
-      include_role:
+      ansible.builtin.include_role:
         name: ansible-r
       vars:
         r_version: "{{ r_workbench_version | default('40', true) }}"

playbooks/reverse_proxy.yml

@@ -11,12 +11,12 @@
           ansible.builtin.service_facts:
 
         - name: Stop if nginx is not installed
-          fail:
+          ansible.builtin.fail:
             msg: Nginx must be installed and active for this component to work.
           when: services['nginx.service'].state != 'running'
 
     - name: Check for presence of SRC Nginx SRAM authentication config
-      lineinfile:
+      ansible.builtin.lineinfile:
         line: "{{ item }}"
         dest: /etc/nginx/app-location-conf.d/authentication.conf
       check_mode: true
@@ -26,18 +26,18 @@
         - location = /oauth2_callback {
         - location = /validate {
 
     - name: Stop if SRC nginx config is not present
-      fail:
+      ansible.builtin.fail:
         msg: The SRC-Nginx component must be run before this component
       when: src_nginx_config.changed
 
     - name: Parse reverse proxy locations variable as yaml
-      set_fact:
+      ansible.builtin.set_fact:
         locations: "{{ reverse_proxy_locations.split('\\n') | join('\n') | from_yaml }}"
 
     - name: Parse auth info variable as yaml
       when: reverse_proxy_auth_info is defined and reverse_proxy_auth_info | length > 0
-      set_fact:
+      ansible.builtin.set_fact:
         auth_info: "{{ reverse_proxy_auth_info.split('\\n') | join('\n') | from_yaml }}"
       no_log: true
 

playbooks/robot-server.yml

@@ -8,9 +8,8 @@
       vars:
         robotuser_generate_ssh_key: true
     - role: fact_workspace_info
-
-  tasks:
 
+  tasks:
     - name: Restrict permissions on data volumes
       ansible.builtin.file:
         path: "{{ item }}"

playbooks/roles/agisoft/tasks/main.yml

@@ -8,30 +8,32 @@
 # The get_url ansible module in the task below does not create a directory
 
 - name: Ensure download dir exists
-  file:
+  ansible.builtin.file:
     path: "{{ agisoft_download_dest }}"
     state: directory
+    mode: "0755"
 
 - name: Download agisoft installation files
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ agisoft_url }}"
     dest: "{{ agisoft_download_dest }}"
     mode: "0774"
 
 - name: Extract agisoft to opt for multiple user
-  unarchive:
+  ansible.builtin.unarchive:
     remote_src: true
     src: "{{ agisoft_download_dest }}/{{ agisoft_file }}"
     dest: /opt
     mode: "0755"
 
 - name: Create license file
-  copy:
+  ansible.builtin.copy:
     dest: "{{ agisoft_install_dir }}/license.lic"
     content: "{{ license }}"
+    mode: "0644"
 
 - name: Install desktop file menu item through role
-  include_role:
+  ansible.builtin.include_role:
     name: desktop_file
   vars:
     desktopfile_app_name: agisoft

playbooks/roles/anaconda/tasks/dependencies_apt.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install dependencies
-  apt:
+  ansible.builtin.apt:
     pkg:
       - libgl1-mesa-glx
       - libegl1-mesa

playbooks/roles/anaconda/tasks/dependencies_yum.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install dependencies
-  yum:
+  ansible.builtin.dnf:
     name:
       - libXcomposite
       - libXcursor