From 92b5d1475ec32ce21defa9efc9297700a2b7e6d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Thu, 27 Apr 2023 14:48:47 +0200
Subject: [PATCH] style: satisfy linter

---
 .ansible-lint                           |  1 +
 DEBUG.yml                               | 12 +++++++-----
 handlers/main.yml                       |  3 +++
 meta/main.yml                           |  2 ++
 molecule/resources/playbooks/verify.yml |  6 +++---
 site.yml                                | 12 +++++++-----
 tasks/configure_nfs_mounts.yml          |  4 ++--
 tasks/configure_ssh_publickeys.yml      |  2 +-
 tasks/install_subapp.yml                |  6 +++---
 tasks/install_ta_tools.yml              |  4 +++-
 tasks/remove_packages.yml               |  4 ++--
 11 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 2076d8d..071c3f4 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -37,6 +37,7 @@ use_default_rules: true
 skip_list:
   - skip_this_tag
   - git-latest
+  - name[casing]
 
 # Any rule that has the 'opt-in' tag will not be loaded unless its 'id' is
 # mentioned in the enable_list:
diff --git a/DEBUG.yml b/DEBUG.yml
index 55f0926..36021d2 100644
--- a/DEBUG.yml
+++ b/DEBUG.yml
@@ -1,19 +1,21 @@
 ---
-- hosts: "*"
+- name: debug tasks
+  hosts: "*"
   become: true
   gather_facts: true
   tasks:
           # - name: include vars
           #   include_vars: ../vars/stichprobe.yml
-          # - debug:
+          # - ansible.builtin.debug:
           #           msg: "{{ item.value.institute_code }} {{ stichprobe_user }}"
           #   loop: "{{ lookup('dict', stichprobe_hosts) }}"
           #   when: ansible_hostname == item.key
           #   ignore_errors: true
-          # - debug:
+          # - ansible.builtin.debug:
           #           msg: "{{ user }}"
           #           msg: "{{ systemdunits }}"
-          # - debug:
+          # - ansible.builtin.debug:
           #           msg: "{{ lookup('password', '/dev/null length=15 chars=ascii_letters') }}"
-          - debug:
+          - name: debug
+            ansible.builtin.debug:
                     msg: "{{ role_path }}/../ansible_vaults/{{ role_name }}/"
diff --git a/handlers/main.yml b/handlers/main.yml
index e8c34e8..54be91b 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -17,6 +17,7 @@
 - name: save iptables rules
   ansible.builtin.command: 'netfilter-persistent save'
   listen: "save iptables rules"
+  changed_when: false
 
 - name: restart sshd
   ansible.builtin.systemd:
@@ -40,9 +41,11 @@
 
 - name: activate kernel parameter changes
   ansible.builtin.command: sysctl -p
+  changed_when: false
 
 - name: create PIDfiles
   ansible.builtin.command: systemd-tmpfiles --create
+  changed_when: false
 
 - name: daemon-reload
   ansible.builtin.systemd:
diff --git a/meta/main.yml b/meta/main.yml
index 0ec57be..b3ff7cf 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -3,6 +3,8 @@ galaxy_info:
   author: Jörg Sachse
   company: SLUB Dresden
   description: role to install Submission Application processing server for the SLUBarchiv digital preservation repository
+  role_name: ansible_lza_ingest
+  namespace: slub
   galaxy_tags: []
     # List tags for your role here, one per line. A tag is a keyword that describes and categorizes the role. Users find roles by searching for tags. Be sure to remove the '[]' above, if you
     # add tags to this list.
diff --git a/molecule/resources/playbooks/verify.yml b/molecule/resources/playbooks/verify.yml
index e707420..a5cfa75 100644
--- a/molecule/resources/playbooks/verify.yml
+++ b/molecule/resources/playbooks/verify.yml
@@ -5,6 +5,6 @@
   hosts: all
   gather_facts: false
   tasks:
-  - name: Example assertion
-    ansible.builtin.assert:
-      that: true
+    - name: Example assertion
+      ansible.builtin.assert:
+        that: true
diff --git a/site.yml b/site.yml
index a6f2e4e..cb7d439 100644
--- a/site.yml
+++ b/site.yml
@@ -1,9 +1,10 @@
 ---
-- hosts: localhost
+- name: preparations
+  hosts: localhost
   connection: local
   post_tasks:
     - name: check for FIXMEs
-      find:
+      ansible.builtin.find:
         path: "{{ playbook_dir }}"
         pattern: "*.yml"
         recurse: true
@@ -12,12 +13,13 @@
           - "site.yml"
       register: result_fixmes
     - name: CHECK FOR UNRESOLVED ISSUES/TODOs
-      debug:
+      ansible.builtin.debug:
         msg: "Unresolved FIXME/TODO in {{ item.path }}"
       loop: "{{ result_fixmes.files }}"
       when: result_fixmes.matched > 0
 
-- hosts: lza_ingest_*
+- name: install SubApp host
+  hosts: lza_ingest_*
 
   # strategy plugin setting, default: linear, docu: https://docs.ansible.com/ansible/latest/plugins/strategy.html
   # execution strategy, possible values: debug, linear, serial, free (https://docs.ansible.com/ansible/latest/user_guide/playbooks_strategies.html)
@@ -27,7 +29,7 @@
 
   pre_tasks:
     - name: Verify that the installed version of Ansible meets this playbook's version requirements.
-      assert:
+      ansible.builtin.assert:
         that: "ansible_version.full is version_compare('2.8', '>=')"
         msg: >
           "You must update Ansible to at least 2.8 to use this playbook."
diff --git a/tasks/configure_nfs_mounts.yml b/tasks/configure_nfs_mounts.yml
index 359c4c1..37ee02d 100644
--- a/tasks/configure_nfs_mounts.yml
+++ b/tasks/configure_nfs_mounts.yml
@@ -33,7 +33,7 @@
     src: "{{ item.src | default(omit) }}"
     state: "{{ item.state | default('mounted') }}"
     fstype: "{{ item.fstype | default('nfs') }}"
-    opts: "{{ item.opts | default( nfs_opts.v3 ) }}"
+    opts: "{{ item.opts | default(nfs_opts.v3) }}"
   loop:
     # common Log  - use this once the migration to the separated dis-/subapp is finished
     - path: "/mnt/logs/"
@@ -72,7 +72,7 @@
     src: "{{ item.src }}"
     state: "{{ item.state | default('mounted') }}"
     fstype: "{{ item.fstype | default('nfs') }}"
-    opts: "{{ item.opts | default( nfs_opts.v3 ) }}"
+    opts: "{{ item.opts | default(nfs_opts.v3) }}"
   loop:
     # DisApp
     - path: "{{ paths.log_disapp.mountpoint }}"
diff --git a/tasks/configure_ssh_publickeys.yml b/tasks/configure_ssh_publickeys.yml
index 3628397..f04a802 100644
--- a/tasks/configure_ssh_publickeys.yml
+++ b/tasks/configure_ssh_publickeys.yml
@@ -1,6 +1,6 @@
 ---
 - name: deploy SSH PublicKeys for SubApp-/SFTP-Users
-  ansible.builtin.authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ item.user | default(vault_ssh_user) }}"
     comment: "{{ item.comment }}"
     key: "{{ item.key }}"
diff --git a/tasks/install_subapp.yml b/tasks/install_subapp.yml
index c675257..f6bccb4 100644
--- a/tasks/install_subapp.yml
+++ b/tasks/install_subapp.yml
@@ -92,7 +92,7 @@
   tags: [systemd]
 
 - name: Services automatisch bei jedem Booten starten
-  ansible.builtin.command: "systemctl enable /etc/systemd/user/{{ item.item }}"        # noqak 301 303
+  ansible.builtin.command: "systemctl enable /etc/systemd/user/{{ item.item }}"        # noqak no-changed-when command-instead-of-module
   loop: "{{ subapp_services_enabled.results }}"
   when: item.stdout != "enabled"
   tags: [systemd]
@@ -146,7 +146,7 @@
         owner: "{{ vault_subapp_vars.files.disapp.owner }}"
         group: "{{ vault_subapp_vars.files.disapp.group }}"
         mode: "{{ vault_subapp_vars.files.disapp.mode | default('0400') }}"
-      loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
+#      loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
     - name: write new SubApp config file
       ansible.builtin.template:
         src: "subapp.cfg.j2"
@@ -154,7 +154,7 @@
         owner: "{{ vault_subapp_vars.files.subapp.owner }}"
         group: "{{ vault_subapp_vars.files.subapp.group }}"
         mode: "{{ vault_subapp_vars.files.subapp.mode | default('0400') }}"
-      loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
+#      loop: "{{ vault_subapp_vars.hosts[ansible_hostname] | default(vault_subapp_vars.hosts['sdvlzasubappmoleculetest']) }}"
 
 - name: Quarantaeneverzeichnis & Lockverzeichnis anlegen
   ansible.builtin.file:
diff --git a/tasks/install_ta_tools.yml b/tasks/install_ta_tools.yml
index f156e94..8edd02c 100644
--- a/tasks/install_ta_tools.yml
+++ b/tasks/install_ta_tools.yml
@@ -35,8 +35,10 @@
 
 # This is THE main purpose of this task file, so we won't run this as a handler
 # but set "noqa: no-handler" instead.
+# Also, OF COURSE we want to run it every time. We just pulled a fresh copy
+# from Git and it's onyl run when that action changed.
 - name: install ta-tools
-  ansible.builtin.command:
+  ansible.builtin.command:    # noqa: no-changed-when
     cmd: "dzil install"
     chdir: "/tmp/tools-for-technical-analysts/"
   when: ta_tools_git.changed    # noqa: no-handler
diff --git a/tasks/remove_packages.yml b/tasks/remove_packages.yml
index 97d0e2b..a2176b7 100644
--- a/tasks/remove_packages.yml
+++ b/tasks/remove_packages.yml
@@ -13,6 +13,8 @@
         - ( "0 unit files listed." not in check_clamav_installed.stdout )
         - ( check_clamav_installed.rc != 0 )
     - name: clamav Deinstallation
+      when:
+        - ( "0 unit files listed." not in check_clamav_installed.stdout )
       block:
         - name: clamav systemd Services deaktivieren
           ansible.builtin.systemd:
@@ -32,5 +34,3 @@
             state: absent
             purge: true
             autoremove: true
-      when:
-        - ( "0 unit files listed." not in check_clamav_installed.stdout )
-- 
GitLab