diff --git a/.yamllint b/.yamllint
index 5fbcc17c4d7b087cb1921ab53d39e4b52b534f89..4ed8db5b26aba3b705fbf8a21a4b2135b9db2449 100644
--- a/.yamllint
+++ b/.yamllint
@@ -20,4 +20,9 @@ rules:
max: 160
# Disabled rules
indentation: disable
- comments: disable
+ comments:
+ min-spaces-from-content: 1
+ comments-indentation: disable
+ octal-values:
+ forbid-implicit-octal: true
+ forbid-explicit-octal: true
diff --git a/infra/image/dockerfile/c10s b/infra/image/dockerfile/c10s
index 247fce17397c56df35b17d68fae12c2da781fe76..2852aab507a3068b0fe56129c7efca13dbef221b 100644
--- a/infra/image/dockerfile/c10s
+++ b/infra/image/dockerfile/c10s
@@ -1,4 +1,4 @@
-FROM quay.io/centos/centos:stream10-development
+FROM quay.io/centos/centos:stream10
ENV container=podman
RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
diff --git a/playbooks/dnszone/dnszone-all-params.yml b/playbooks/dnszone/dnszone-all-params.yml
index 5cba47f8b6aa68e5694adb62bd4cd30580e5e1c7..e8a8ffc85af8c731fc2e4b44ec12d0dd6bf0fee2 100644
--- a/playbooks/dnszone/dnszone-all-params.yml
+++ b/playbooks/dnszone/dnszone-all-params.yml
@@ -21,7 +21,7 @@
- ip_address: 8.8.8.8
- ip_address: 8.8.4.4
port: 52
- #serial: 1234
+ # serial: 1234
refresh: 3600
retry: 900
expire: 1209600
diff --git a/playbooks/vault/vault-is-present-with-password-file.yml b/playbooks/vault/vault-is-present-with-password-file.yml
index aa1700ce04806ca4a66356a515da32eb6ba5964b..a3dea2bc61c285b1d807ecea160a32eb84000f51 100644
--- a/playbooks/vault/vault-is-present-with-password-file.yml
+++ b/playbooks/vault/vault-is-present-with-password-file.yml
@@ -11,7 +11,7 @@
dest: "{{ ansible_facts['env'].HOME }}/password.txt"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- mode: 0600
+ mode: "0600"
- name: Ensure symmetric vault exists with password from file.
ipavault:
ipaadmin_password: SomeADMINpassword
diff --git a/playbooks/vault/vault-is-present-with-public-key-file.yml b/playbooks/vault/vault-is-present-with-public-key-file.yml
index fbd6d7d98ffd9266c98fbdf0ccd4bfa70ec04695..53dbcd8a5b64d94fc40ed16ed60f8fae6a4c6587 100644
--- a/playbooks/vault/vault-is-present-with-public-key-file.yml
+++ b/playbooks/vault/vault-is-present-with-public-key-file.yml
@@ -16,7 +16,7 @@
dest: "{{ ansible_facts['env'].HOME }}/public.pem"
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
- mode: 0600
+ mode: "0600"
- name: Ensure asymmetric vault exists with public key from file.
ipavault:
ipaadmin_password: SomeADMINpassword
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index b5eb71658ab35707ae0c281bd44b33731b38b44b..08d0b2e0236db7db68e7c33a9b06f864b4a4f392 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -152,7 +152,7 @@
ansible.builtin.copy:
src: "{{ ipaadmin_keytab }}"
dest: "{{ keytab_temp.path }}"
- mode: 0600
+ mode: "0600"
delegate_to: "{{ result_ipaclient_test.servers[0] }}"
when: ipaadmin_keytab is defined
diff --git a/roles/ipaclient/tasks/uninstall.yml b/roles/ipaclient/tasks/uninstall.yml
index 2b2996a99b5e914edba1e8be31df2fada06ba942..fe5ca0094340c3eb7b95cef57f7da32e6246d0f2 100644
--- a/roles/ipaclient/tasks/uninstall.yml
+++ b/roles/ipaclient/tasks/uninstall.yml
@@ -15,8 +15,3 @@
ipaclient_configure_dns_resolver:
state: absent
when: ipaclient_cleanup_dns_resolver | bool
-
-#- name: Remove IPA client package
-# ansible.builtin.package:
-# name: "{{ ipaclient_packages }}"
-# state: absent
diff --git a/roles/ipaclient/vars/Fedora-25.yml b/roles/ipaclient/vars/Fedora-25.yml
index 9999b3317a634bc9e040a62f3389c17ab5fe8e8f..c01176c6033712ce6ad687325800e88e8d6c5b14 100644
--- a/roles/ipaclient/vars/Fedora-25.yml
+++ b/roles/ipaclient/vars/Fedora-25.yml
@@ -2,4 +2,4 @@
# vars/Fedora-25.yml
---
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/Fedora-26.yml b/roles/ipaclient/vars/Fedora-26.yml
index 12722c8a829c4798c38c0b9ab43df575293c914f..29fa605aee63d8881d6129dfe15ff1e534a0db9a 100644
--- a/roles/ipaclient/vars/Fedora-26.yml
+++ b/roles/ipaclient/vars/Fedora-26.yml
@@ -2,4 +2,4 @@
# vars/Fedora-26.yml
---
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/RedHat-7.3.yml b/roles/ipaclient/vars/RedHat-7.3.yml
index 51d2b10d1f2c23a49b4779ff6df923f4135aa0f2..1acd1958e16cc323c29113dadc4949c989ebe9e9 100644
--- a/roles/ipaclient/vars/RedHat-7.3.yml
+++ b/roles/ipaclient/vars/RedHat-7.3.yml
@@ -2,4 +2,4 @@
# vars/RedHat-7.3.yml
---
ipaclient_packages: [ "ipa-client", "ipa-admintools", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/RedHat-7.yml b/roles/ipaclient/vars/RedHat-7.yml
index c2ea3ca58002b09f73bd37f41b7d5d76b0c96655..c154c99ffc54b786c089f9b0e7e7e00720d4eaac 100644
--- a/roles/ipaclient/vars/RedHat-7.yml
+++ b/roles/ipaclient/vars/RedHat-7.yml
@@ -2,4 +2,3 @@
# vars/RedHat-7
---
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
diff --git a/roles/ipaclient/vars/default.yml b/roles/ipaclient/vars/default.yml
index a28d81a133a8b32cc31ad1d5797469419c03fc34..2cfb36144c8210c33b6c7709dc747fe4cacbd5d0 100644
--- a/roles/ipaclient/vars/default.yml
+++ b/roles/ipaclient/vars/default.yml
@@ -2,4 +2,3 @@
# vars/default.yml
---
ipaclient_packages: [ "ipa-client", "python3-libselinux" ]
-#ansible_python_interpreter: '/usr/bin/python3'
diff --git a/roles/ipareplica/defaults/main.yml b/roles/ipareplica/defaults/main.yml
index 01afc4427d37f5e1eae29c39508b01b7366404b9..011647a24168f917e2910bba4c910a07ae552208 100644
--- a/roles/ipareplica/defaults/main.yml
+++ b/roles/ipareplica/defaults/main.yml
@@ -17,10 +17,10 @@ ipareplica_no_ui_redirect: no
ipaclient_mkhomedir: no
ipaclient_force_join: no
ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
ipaclient_ssh_trust_dns: no
### certificate system ###
ipareplica_skip_schema_check: no
diff --git a/roles/ipaserver/defaults/main.yml b/roles/ipaserver/defaults/main.yml
index b8d92f608e882ada075695bef25111260bda530f..f99a16ecea8b05d5c4cca815d502f73f6a5c68ad 100644
--- a/roles/ipaserver/defaults/main.yml
+++ b/roles/ipaserver/defaults/main.yml
@@ -16,10 +16,10 @@ ipaserver_random_serial_numbers: false
### client ###
ipaclient_mkhomedir: no
ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
### certificate system ###
ipaserver_external_ca: no
### dns ###
diff --git a/roles/ipaserver/tasks/uninstall.yml b/roles/ipaserver/tasks/uninstall.yml
index 35ab63567a39d7e667032925ce26f3256a6e7be0..d404e2e83265ff16c928e3be78bce97a978f3e74 100644
--- a/roles/ipaserver/tasks/uninstall.yml
+++ b/roles/ipaserver/tasks/uninstall.yml
@@ -54,8 +54,3 @@
# 1 means that uninstall failed because IPA server was not configured
failed_when: uninstall.rc != 0 and uninstall.rc != 1
changed_when: uninstall.rc == 0
-
-#- name: Remove IPA server packages
-# ansible.builtin.package:
-# name: "{{ ipaserver_packages }}"
-# state: absent
diff --git a/roles/ipasmartcard_client/tasks/main.yml b/roles/ipasmartcard_client/tasks/main.yml
index 8c87a80fec1ed3c98e7f61d97472f72947f68313..232706b2cdb9600216a8783593156ab802610997 100644
--- a/roles/ipasmartcard_client/tasks/main.yml
+++ b/roles/ipasmartcard_client/tasks/main.yml
@@ -109,7 +109,7 @@
ansible.builtin.file:
path: /etc/sssd/pki
state: directory
- mode: 0711
+ mode: "0711"
- name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
ansible.builtin.file:
diff --git a/roles/ipasmartcard_server/tasks/main.yml b/roles/ipasmartcard_server/tasks/main.yml
index c650511eb8083d7012116fee7cdb02146e708d3d..d95db68514e201dd5ac201da122501a9d04e61bc 100644
--- a/roles/ipasmartcard_server/tasks/main.yml
+++ b/roles/ipasmartcard_server/tasks/main.yml
@@ -201,7 +201,7 @@
ansible.builtin.file:
path: /etc/sssd/pki
state: directory
- mode: 0711
+ mode: "0711"
- name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
ansible.builtin.file:
diff --git a/tests/ca-less/install_replica_without_ca.yml b/tests/ca-less/install_replica_without_ca.yml
index 4e6952bb71ee0d78801123c8081485f20e3d8968..8120b53383af89eaed61d01336071d12880e1856 100644
--- a/tests/ca-less/install_replica_without_ca.yml
+++ b/tests/ca-less/install_replica_without_ca.yml
@@ -48,7 +48,7 @@
ansible.builtin.file:
path: "/root/ca-less-test"
state: directory
- mode: 0775
+ mode: "0775"
- name: Copy CA certificate
ansible.builtin.copy:
diff --git a/tests/ca-less/install_server_without_ca.yml b/tests/ca-less/install_server_without_ca.yml
index c5206e1aace429d4613d105280c364499c20a06b..aa8eab1f6dee704d1f591e837ebaea318f4f19fd 100644
--- a/tests/ca-less/install_server_without_ca.yml
+++ b/tests/ca-less/install_server_without_ca.yml
@@ -48,7 +48,7 @@
ansible.builtin.file:
path: "/root/ca-less-test"
state: directory
- mode: 0775
+ mode: "0775"
- name: Copy CA certificate
ansible.builtin.copy:
diff --git a/tests/cert/test_cert_host.yml b/tests/cert/test_cert_host.yml
index 1ac04efa55f66a01b718a964b8d5aeee57d1e9af..31cd1a27e27fa62ca978f05b95b49bd542f0e12c 100644
--- a/tests/cert/test_cert_host.yml
+++ b/tests/cert/test_cert_host.yml
@@ -47,7 +47,7 @@
ansible.builtin.copy:
dest: "/root/host.csr"
content: "{{ host_req.stdout }}"
- mode: 0644
+ mode: "0644"
# TESTS
diff --git a/tests/cert/test_cert_user.yml b/tests/cert/test_cert_user.yml
index cba90deb0f6e934594a9943d69455f16d0260177..b8f80ebccd2d7aceaf9c7e7680c7b5b787e9f959 100644
--- a/tests/cert/test_cert_user.yml
+++ b/tests/cert/test_cert_user.yml
@@ -45,7 +45,7 @@
ansible.builtin.copy:
dest: "/root/user.csr"
content: "{{ user_req.stdout }}"
- mode: 0644
+ mode: "0644"
# TESTS
diff --git a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
index 08427b2499e91a820a9eec6088f4e74953b59742..2d73a4477460e2e372452e690771dafeea54a7cd 100644
--- a/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
+++ b/tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml
@@ -28,7 +28,7 @@
become: true
vars:
ipaserver_external_cert_files_from_controller: "{{ groups.ipaserver[0] + '-chain.crt' }}"
- #ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
+ # ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
roles:
- role: ipaserver
diff --git a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
index 39b9ac74ec79bd2aa3d21701a40d7967b51b550e..015e358006439b08e4eacdbe0ccff49f0ff16ce3 100644
--- a/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
+++ b/tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml
@@ -34,7 +34,7 @@
become: true
vars:
ipaserver_external_cert_files: "/root/chain.crt"
- #ipaserver_external_ca_file: "cacert.asc"
+ # ipaserver_external_ca_file: "cacert.asc"
pre_tasks:
- name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node
diff --git a/tests/group/test_group.yml b/tests/group/test_group.yml
index 8cb76946d23393a406ec9e65958026b186c346d9..72fe1d746f1ca04ceaf54607692ec8175f5c754b 100644
--- a/tests/group/test_group.yml
+++ b/tests/group/test_group.yml
@@ -298,11 +298,11 @@
register: result
failed_when: result.changed or result.failed
- #- ipagroup:
- # name: group1
- # user:
- # - user7
- # action: member
+ # - ipagroup:
+ # name: group1
+ # user:
+ # - user7
+ # action: member
- name: Ensure user user7 is absent in group group1
ipagroup:
diff --git a/tests/host/test_host.yml b/tests/host/test_host.yml
index 12a421a4007970d0366634c338e9c4b875300034..a97972b77ee3015602e06495145ddb12b8a97478 100644
--- a/tests/host/test_host.yml
+++ b/tests/host/test_host.yml
@@ -191,35 +191,35 @@
# disabled can only be checked with enabled hosts, all hosts above are
# not enabled.
- #- name: Hosts host1..host6 disabled
- # ipahost:
- # ipaadmin_password: SomeADMINpassword
- # ipaapi_context: "{{ ipa_context | default(omit) }}"
- # name:
- # - "{{ host1_fqdn }}"
- # - "{{ host2_fqdn }}"
- # - "{{ host3_fqdn }}"
- # - "{{ host4_fqdn }}"
- # - "{{ host5_fqdn }}"
- # - "{{ host6_fqdn }}"
- # state: disabled
- # register: result
- # failed_when: not result.changed or result.failed
+ # - name: Hosts host1..host6 disabled
+ # ipahost:
+ # ipaadmin_password: SomeADMINpassword
+ # ipaapi_context: "{{ ipa_context | default(omit) }}"
+ # name:
+ # - "{{ host1_fqdn }}"
+ # - "{{ host2_fqdn }}"
+ # - "{{ host3_fqdn }}"
+ # - "{{ host4_fqdn }}"
+ # - "{{ host5_fqdn }}"
+ # - "{{ host6_fqdn }}"
+ # state: disabled
+ # register: result
+ # failed_when: not result.changed or result.failed
#
- #- name: Hosts host1..host6 disabled again
- # ipahost:
- # ipaadmin_password: SomeADMINpassword
- # ipaapi_context: "{{ ipa_context | default(omit) }}"
- # name:
- # - "{{ host1_fqdn }}"
- # - "{{ host2_fqdn }}"
- # - "{{ host3_fqdn }}"
- # - "{{ host4_fqdn }}"
- # - "{{ host5_fqdn }}"
- # - "{{ host6_fqdn }}"
- # state: disabled
- # register: result
- # failed_when: result.changed or result.failed
+ # - name: Hosts host1..host6 disabled again
+ # ipahost:
+ # ipaadmin_password: SomeADMINpassword
+ # ipaapi_context: "{{ ipa_context | default(omit) }}"
+ # name:
+ # - "{{ host1_fqdn }}"
+ # - "{{ host2_fqdn }}"
+ # - "{{ host3_fqdn }}"
+ # - "{{ host4_fqdn }}"
+ # - "{{ host5_fqdn }}"
+ # - "{{ host6_fqdn }}"
+ # state: disabled
+ # register: result
+ # failed_when: result.changed or result.failed
- name: Hosts host1..host6 absent
ipahost:
diff --git a/tests/user/test_user.yml b/tests/user/test_user.yml
index 48e930dc6feaad0fa4c280d1ad5065e34637e5a9..daad3e743ddcd8a8d8db0cc3a7c99ba092ace247 100644
--- a/tests/user/test_user.yml
+++ b/tests/user/test_user.yml
@@ -56,7 +56,7 @@
first: pinky
last: Acme
initials: pa
- #password: foo2
+ # password: foo2
principal: pa
random: yes
street: PinkyStreet
@@ -73,8 +73,8 @@
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
- #radius: "http://some.link/"
- #radiususer: PinkyRadiusUser
+ # radius: "http://some.link/"
+ # radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
@@ -82,8 +82,8 @@
# certificate
noprivate: yes
nomembers: false
- #issuer: PinkyIssuer
- #subject: PinkySubject
+ # issuer: PinkyIssuer
+ # subject: PinkySubject
register: result
failed_when: not result.changed or result.failed
diff --git a/tests/user/test_users.yml b/tests/user/test_users.yml
index 651e06d07b6f3f292c115f13eb276a8a88004382..e583c42497fab156e17847810caad69b402b69af 100644
--- a/tests/user/test_users.yml
+++ b/tests/user/test_users.yml
@@ -190,7 +190,7 @@
first: pinky
last: Acme
initials: pa
- #password: foo2
+ # password: foo2
principal: pa
random: yes
street: PinkyStreet
@@ -207,8 +207,8 @@
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
- #radius: "http://some.link/"
- #radiususer: PinkyRadiusUser
+ # radius: "http://some.link/"
+ # radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
@@ -216,8 +216,8 @@
# certificate
noprivate: yes
nomembers: false
- #issuer: PinkyIssuer
- #subject: PinkySubject
+ # issuer: PinkyIssuer
+ # subject: PinkySubject
register: result
failed_when: not result.changed or result.failed
@@ -234,7 +234,7 @@
first: pinky
last: Acme
initials: pa
- #password: foo2
+ # password: foo2
principal: pa
random: yes
street: PinkyStreet
@@ -251,8 +251,8 @@
# sshpubkey
userauthtype: password,radius,otp
userclass: PinkyUserClass
- #radius: "http://some.link/"
- #radiususer: PinkyRadiusUser
+ # radius: "http://some.link/"
+ # radiususer: PinkyRadiusUser
departmentnumber: "1234"
employeenumber: "0815"
employeetype: "PinkyExmployeeType"
@@ -260,8 +260,8 @@
# certificate
noprivate: yes
nomembers: false
- #issuer: PinkyIssuer
- #subject: PinkySubject
+ # issuer: PinkyIssuer
+ # subject: PinkySubject
register: result
failed_when: result.changed or result.failed
diff --git a/tests/vault/env_setup.yml b/tests/vault/env_setup.yml
index a122454998cf367a3d3d32ef8e5508163c43fcdd..bab0f5e002648da5e0952d7dc528a1cb6bd87fcd 100644
--- a/tests/vault/env_setup.yml
+++ b/tests/vault/env_setup.yml
@@ -20,7 +20,7 @@
ansible.builtin.copy:
src: "{{ playbook_dir }}/{{ item }}"
dest: "{{ ansible_facts['env'].HOME }}/{{ item }}"
- mode: 0644
+ mode: "0644"
with_items:
- A_private.pem
- A_public.pem