Linting fixes for new ansible-lint version

.ansible-lint

@@ -2,3 +2,4 @@ skip_list:
   - no-changed-when  # Commands should not change things if nothing needs doing
   - no-handler  # Tasks that run when changed should likely be handlers
   - experimental  # all rules tagged as experimental
+  - schema[meta]

playbook.yml

@@ -25,4 +25,4 @@
     - solr
     - redis
     - ckan
-    - msl-api
+    - msl_api

roles/acme_certificates/meta/main.yml

@@ -5,7 +5,7 @@ galaxy_info:
   author: Lazlo Westerhof
   description: Install Let's Encrypt certificates
   license: GPLv3
-  min_ansible_version: 2.7
+  min_ansible_version: "2.7"
   platforms:
     - name: CentOS
       version: 7

roles/certificates/tasks/main.yml

@@ -41,7 +41,7 @@
     dest: '{{ openssl_certs_dir }}/{{ openssl_crt_signed_and_chain }}'
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   when: cert_mode == "static"
 
 
@@ -94,7 +94,7 @@
     content: '{{ static_cert_crt }}'
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   when: cert_mode == "static"
 
 
@@ -104,7 +104,7 @@
     content: '{{ static_cert_chain }}'
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   when: cert_mode == "static"
 
 
@@ -137,7 +137,7 @@
 - name: Ensure certificate files have correct permissions
   ansible.builtin.file:
     path: '{{ item }}'
-    mode: 0644
+    mode: "0644"
     group: 'root'
     owner: 'root'
     state: file

roles/ckan/meta/main.yml

@@ -20,7 +20,7 @@ galaxy_info:
   # - CC-BY
   license: GPLv3
 
-  min_ansible_version: 2.7
+  min_ansible_version: "2.7"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
@@ -62,8 +62,8 @@ galaxy_info:
 
 
 dependencies:
-  - common
-  - solr
-  - redis
-  - postgresql
-  - nginx
+  - role: common
+  - role: solr
+  - role: redis
+  - role: postgresql
+  - role: nginx

roles/ckan/tasks/main.yml

@@ -27,7 +27,7 @@
     state: directory
     owner: www-data
     group: www-data
-    mode: 0775
+    mode: "0775"
 
 
 - name: Install CKAN package
@@ -92,7 +92,7 @@
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    mode: "0755"
     owner: root
   with_items:
     - /usr/lib/ckan
@@ -131,7 +131,7 @@
     dest: "{{ ckan_ini_file }}"
     owner: www-data
     group: www-data
-    mode: 0644
+    mode: "0644"
   when: not ansible_check_mode
 
 
@@ -154,7 +154,7 @@
     dest: /etc/solr/conf/schema.xml
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   notify: Restart Solr
 
 
@@ -290,7 +290,7 @@
     dest: "/etc/nginx/sites-available/ckan"
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   notify: Restart Nginx webserver
 
 

roles/common/tasks/apt_update.yml

@@ -2,4 +2,7 @@
 # copyright Utrecht University
 
 - name: Update apt cache
-  ansible.builtin.apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
+  ansible.builtin.apt:
+    update_cache: true
+    force_apt_get: true
+    cache_valid_time: 3600

roles/msl-api/tasks/application.yml → roles/msl_api/tasks/application.yml

@@ -18,7 +18,7 @@
   ansible.builtin.file:
     path: /var/www/msl_api
     state: directory
-    mode: 0755
+    mode: "0755"
 
 
 - name: Ensure MSL API dir is writable for Composer
@@ -64,5 +64,5 @@
     dest: /etc/supervisor/conf.d/laravel-worker.conf
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   notify: Reload Supervisor

roles/msl-api/tasks/prerequisites.yml → roles/msl_api/tasks/prerequisites.yml

@@ -29,4 +29,4 @@
     checksum: '{{ composer_checksum }}'
     group: root
     owner: root
-    mode: 0755
+    mode: "0755"

roles/postgresql/meta/main.yml

@@ -20,7 +20,7 @@ galaxy_info:
   # - CC-BY
   license: GPLv3
 
-  min_ansible_version: 2.7
+  min_ansible_version: "2.7"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
@@ -61,5 +61,5 @@ galaxy_info:
     #       Maximum 20 tags per role.
 
 dependencies:
-  - common
-  - certificates
+  - role: common
+  - role: certificates

roles/postgresql/tasks/main.yml

@@ -56,7 +56,7 @@
 - name: Ensure PostgreSQL has access to PKI files
   ansible.builtin.file:
     path: '{{ item }}'
-    mode: 0600
+    mode: "0600"
     group: 'postgres'
     owner: 'postgres'
     state: file
@@ -71,7 +71,7 @@
     section: null
     option: '{{ item.option }}'
     value: '{{ item.value }}'
-    mode: 0644
+    mode: "0644"
   with_items:
     - option: ssl
       value: "on"

roles/redis/tasks/main.yml

@@ -11,7 +11,7 @@
   ansible.builtin.template:
     src: redis.conf.j2
     dest: /etc/redis.conf
-    mode: 0644
+    mode: "0644"
   notify: Restart Redis
 
 

roles/solr/tasks/main.yml

@@ -15,7 +15,7 @@
     dest: /etc/tomcat9/server.xml
     owner: root
     group: tomcat
-    mode: 0640
+    mode: "0640"
   register: serverxml
 
 

roles/zabbix_agent/tasks/main.yml

@@ -6,6 +6,7 @@
     url: "{{ zabbix_agent.url }}/{{ zabbix_agent.filename }}"
     dest: '{{ zabbix_agent.deb_dest_dir }}/{{ zabbix_agent.filename }}'
     checksum: '{{ zabbix_agent.checksum }}'
+    mode: "0644"
 
 
 - name: Install Zabbix repo from downloaded package
@@ -22,7 +23,7 @@
     dest: /etc/apt/preferences.d/99zabbix-agent
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
 
 
 - name: Install Zabbix agent"
@@ -50,7 +51,7 @@
     path: /etc/zabbix/zabbix_agentd.psk
     owner: zabbix
     group: zabbix
-    mode: 0600
+    mode: "0600"
 
 
 - name: Configure Zabbix agent
@@ -59,5 +60,5 @@
     dest: /etc/zabbix/zabbix_agentd.conf
     owner: zabbix
     group: zabbix
-    mode: 0600
+    mode: "0600"
   notify: Restart Zabbix agent

roles/zabbix_ckan/tasks/main.yml

@@ -7,7 +7,7 @@
     dest: '/etc/zabbix/zabbix_agentd.conf.d/{{ item }}'
     owner: zabbix
     group: zabbix
-    mode: 0500
+    mode: "0500"
   with_items:
     - 'dailyErrorLog.sh'
 
@@ -18,7 +18,7 @@
     dest: '/etc/zabbix/zabbix_agentd.conf.d/zabbix_agentd.userparams.conf'
     owner: zabbix
     group: zabbix
-    mode: 0400
+    mode: "0400"
 
 
 - name: Ensure Zabbix sudoers file is present
@@ -27,4 +27,4 @@
     dest: '/etc/sudoers.d/ckan-zabbix-sudoers'
     owner: root
     group: root
-    mode: 0440
+    mode: "0440"

roles/zabbix_postgresql/tasks/main.yml

@@ -6,6 +6,7 @@
   ansible.builtin.get_url:
     url: 'https://github.com/zabbix/zabbix/archive/refs/tags/{{ zabbix_source_version }}.tar.gz'
     dest: '/tmp/zabbix-{{ zabbix_source_version }}.tar.gz'
+    mode: "0644"
 
 
 - name: Extract Zabbix source code
@@ -20,7 +21,7 @@
     path: '{{ item }}'
     owner: zabbix
     group: zabbix
-    mode: 0755
+    mode: "0755"
     state: directory
   with_items:
     - /var/lib/zabbix
@@ -43,14 +44,14 @@
     dest: /etc/zabbix/zabbix_agentd.conf.d/template_db_postgresql.conf
     owner: zabbix
     group: zabbix
-    mode: 0640
+    mode: "0640"
   no_log: true
 
 
 - name: Create Zabbix database user
   become_user: postgres
   become: true
-  postgresql_user:
+  community.postgresql.postgresql_user:
     db: "{{ zabbix_database_name }}"
     name: "{{ zabbix_psql_monitoring_user }}"
     password: "{{ zabbix_psql_monitoring_password }}"
@@ -61,7 +62,7 @@
 - name: Grant Zabbix user select rights on postgres database
   become: true
   become_user: postgres
-  postgresql_privs:
+  community.postgresql.postgresql_privs:
     db: "{{ zabbix_psql_monitoring_db }}"
     role: "{{ zabbix_psql_monitoring_user }}"
     objs: ALL_IN_SCHEMA

zabbix.yml

@@ -2,7 +2,8 @@
 # copyright Utrecht University
 # This playbook provisions EPOS-MSL instance with the Zabbix agent, PostgreSQL monitoring and Zabbix user access to the database.
 
-- hosts: localhost
+- name: Local checks
+  hosts: localhost
   gather_facts: false
   pre_tasks:
     - name: Verify Ansible version meets requirements