Fix ansible check warnings

.ansible-lint

@@ -1,3 +1,4 @@
+---
 skip_list:
   - ANSIBLE0006
   - ANSIBLE0011

.ansible-lint-ignore

@@ -1,100 +1,41 @@
 # This file contains ignores rule violations for ansible-lint
-bootstrap/playbook.yml name[play]
 bootstrap/roles/appliance-build.bootstrap role-name
-bootstrap/roles/appliance-build.bootstrap/tasks/main.yml fqcn[action-core]
-bootstrap/roles/appliance-build.bootstrap/tasks/main.yml fqcn[action]
-bootstrap/roles/appliance-build.bootstrap/tasks/main.yml name[missing]
-bootstrap/roles/appliance-build.bootstrap/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml fqcn[action-core]
-live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml command-instead-of-module
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml fqcn[action-core]
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml fqcn[action]
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml no-changed-when
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml risky-file-permissions
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml fqcn[action-core]
-live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml fqcn[action-core]
-live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml yaml[octal-values]
-live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml fqcn[action-core]
+bootstrap/roles/appliance-build.bootstrap/tasks/main.yml syntax-check[unknown-module]
+live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml syntax-check[unknown-module]
 live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml literal-compare
 live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml yaml[octal-values]
-live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.masking-common/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.masking-common/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml name[missing]
 live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml risky-file-permissions
-live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml command-instead-of-shell
-live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml name[missing]
 live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml no-changed-when
-live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml yaml[octal-values]
-live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml yaml[octal-values]
-live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml yaml[octal-values]
-live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml name[missing]
 live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml no-changed-when
-live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml yaml[new-line-at-end-of-file]
-live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml yaml[octal-values]
-live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml name[missing]
-live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml yaml[empty-lines]
-live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml fqcn[action-core]
-live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml fqcn[action]
 live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml name[missing]
+live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml syntax-check[unknown-module]
+live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml yaml[line-length]
 live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml command-instead-of-module
-live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml fqcn[action-core]
 live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml name[missing]
 live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml no-changed-when
 live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml risky-file-permissions
-live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml fqcn[action-core]
-live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml fqcn[action]
-live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml key-order[task]
 live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml name[missing]
 live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml risky-file-permissions
-live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml fqcn[action-core]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml syntax-check[unknown-module]
+live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml yaml[line-length]
 live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml name[missing]
 live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml risky-file-permissions
-live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml yaml[truthy]
 live-build/variants/external-dct/ansible/playbook.yml name[play]
-live-build/variants/external-dct/ansible/playbook.yml yaml[truthy]
 live-build/variants/external-standard/ansible/playbook.yml name[play]
-live-build/variants/external-standard/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-buildserver/ansible/playbook.yml name[play]
-live-build/variants/internal-buildserver/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-dcenter/ansible/playbook.yml name[play]
-live-build/variants/internal-dcenter/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-dct/ansible/playbook.yml name[play]
-live-build/variants/internal-dct/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-dev/ansible/playbook.yml name[play]
-live-build/variants/internal-dev/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-minimal/ansible/playbook.yml name[play]
-live-build/variants/internal-minimal/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-package-mirror/ansible/playbook.yml name[play]
-live-build/variants/internal-package-mirror/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-qa/ansible/playbook.yml name[play]
-live-build/variants/internal-qa/ansible/playbook.yml yaml[truthy]
 live-build/variants/internal-unittest/ansible/playbook.yml name[play]
-live-build/variants/internal-unittest/ansible/playbook.yml yaml[truthy]
-live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml syntax-check[unknown-module]
-live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml syntax-check[unknown-module]
-live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml syntax-check[unknown-module]
-bootstrap/roles/appliance-build.bootstrap/tasks/main.yml syntax-check[unknown-module]

.github/workflows/main.yml

@@ -1,5 +1,5 @@
+---
 on: [push, pull_request]
-
 jobs:
   check-ansible:
     runs-on: ubuntu-24.04
@@ -11,7 +11,7 @@ jobs:
           args: ""
           setup_python: "true"
           working_directory: ""
-          requirements_file: ""
+          requirements_file: ".github/workflows/requirements.yml"
   check-shellcheck:
     runs-on: ubuntu-20.04
     steps:

.github/workflows/requirements.yml

@@ -0,0 +1,7 @@
+#
+# Copyright 2025 Delphix
+#
+---
+collections:
+  # Install a collection from Ansible Galaxy.
+  - name: community.general

bootstrap/playbook.yml

@@ -15,7 +15,8 @@
 #
 
 ---
-- hosts: localhost
+- name: Run the appliance-build.bootstrap role
+  hosts: localhost
   connection: local
   become_user: root
   become: true

bootstrap/roles/appliance-build.bootstrap/tasks/main.yml

@@ -16,14 +16,13 @@
 
 ---
 # The VSDK plugin requires python3.8. The deadsnakes PPA provides python3.8 on 24.04.
-- apt_repository:
+- name: Add deadsnakes PPA to apt sources so that python3.8 can be installed
+  ansible.builtin.apt_repository:
     repo: ppa:deadsnakes/ppa
     state: present
 
-- apt:
-    update_cache: yes
-
-- apt:
+- name: Update apt cache and install apt packages
+  ansible.builtin.apt:
     name:
       - ansible
       - aptly
@@ -51,28 +50,36 @@
       - vim
       - zfsutils-linux
     state: present
+    update_cache: true
 
-- systemd:
+- name: Stop unattended-upgrades systemd service in preparation for package removal
+  ansible.builtin.systemd:
     name: unattended-upgrades
     state: stopped
   register: result_systemd_stop
   failed_when: "result_systemd_stop is failed and 'Could not find the requested service' not in result_systemd_stop.msg"
 
-- apt:
+- name: Remove unattended-upgrades package
+  ansible.builtin.apt:
     name:
       - unattended-upgrades
     state: absent
     purge: true
 
-- snap:
+# aws-cli is distributed via snap on 24.04. While the package is not required by the product,
+# it is required by appliance-build itself.
+- name: Install aws-cli snap package
+  community.general.snap:
     name: aws-cli
-    classic: yes
+    classic: true
 
-- modprobe:
+- name: Load ZFS kernel module.
+  community.general.modprobe:
     name: zfs
     state: present
 
-- user:
+- name: Add delphix user to docker group required by the virtualization package
+  ansible.builtin.user:
     name: delphix
     groups: docker
     append: true

live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml

@@ -15,7 +15,8 @@
 #
 
 ---
-- apt:
+- name: Install apt packages
+  ansible.builtin.apt:
     name:
       - openjdk-8-jdk
       - curl
@@ -24,7 +25,8 @@
       - gnupg
     state: present
 
-- user:
+- name: Add delphix user to docker group required by the virtualization package
+  ansible.builtin.user:
     name: delphix
     groups: docker
     append: true

live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml

@@ -15,15 +15,17 @@
 #
 
 ---
-- git:
+- name: Clone the dcenter-gate repo
+  ansible.builtin.git:
     repo: "https://{{ lookup('env', 'GITHUB_TOKEN') }}@github.com/delphix/dcenter-gate.git"
     version: main
     dest: /opt/dcenter/lib/dcenter-gate
-    accept_hostkey: yes
-    update: no
+    accept_hostkey: true
+    update: false
   when: lookup('env', 'GITHUB_TOKEN') != ''
 
-- alternatives:
+- name: Set java to java-8-openjdk-amd64
+  community.general.alternatives:
     name: java
     path: /usr/lib/jvm/java-8-openjdk-amd64/bin/java
 
@@ -32,7 +34,8 @@
 # can operate. For dcenter, we maintain the dhcp configuration
 # in /tmp so we need to add those paths into the apparmor configuration.
 #
-- copy:
+- name: Create the apparmor configuration for dhcpd
+  ansible.builtin.copy:
     dest: "/etc/apparmor.d/local/usr.sbin.dhcpd"
     content: |
       /tmp/dcenter_dhcp_config/ r,
@@ -41,28 +44,38 @@
       /tmp/dcenter_dhcp_config/dhcpd{,6}_ldap.conf r,
       /tmp/dcenter_dhcp_config/dhcpd{,6}.leases* lrw,
       /tmp/dcenter_dhcp_config/dhcpd{,6}.pid rw,
+    mode: "0644"
 
-- copy:
+- name: Create the apparmor configuration for named
+  ansible.builtin.copy:
     dest: "/etc/apparmor.d/local/usr.sbin.named"
     content: |
       /tmp/dcenter_dhcp_config/named.conf r,
       /tmp/dcenter_dhcp_config/named.zone r,
       /tmp/dcenter_dhcp_config/named.pid w,
+    mode: "0644"
 
 #
 # The default setting for the number of nfs threads is too low. To
 # improve performance we reset the value to 64 which mimics what
 # we use on the delphix engine.
 #
-- lineinfile:
+- name: Update the number of nfs threads
+  ansible.builtin.lineinfile:
     path: /etc/default/nfs-kernel-server
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
   with_items:
-    - { regexp: '^RPCNFSDCOUNT=', line: 'RPCNFSDCOUNT=64' }
-    - { regexp: '^RPCMOUNTDOPTS=', line: 'RPCMOUNTDOPTS="--num-threads=5 --manage-gids"' }
+    - { regexp: "^RPCNFSDCOUNT=", line: "RPCNFSDCOUNT=64" }
+    - { regexp: "^RPCMOUNTDOPTS=", line: 'RPCMOUNTDOPTS="--num-threads=5 --manage-gids"' }
 
-- command: systemctl mask named.service isc-dhcp-server.service isc-dhcp-server6.service
+- name: Mask named and dhcp services
+  ansible.builtin.systemd_service:
+    name:
+      - named.service
+      - isc-dhcp-server.service
+      - isc-dhcp-server6.service
+    masked: true
 
 #
 # delphix-platform installs ntp in a disabled state by default.
@@ -76,4 +89,7 @@
 # We also have cleanup jobs that run on DCenter hosts that rely on filesystem
 # timestamps being accurate.
 #
-- command: systemctl enable ntp.service
+- name: Enable NTP systemd service
+  ansible.builtin.systemd_service:
+    name: ntp.service
+    enabled: true

live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml

@@ -15,6 +15,7 @@
 #
 
 ---
-- apt:
+- name: Install delphix-dct package
+  ansible.builtin.apt:
     name: delphix-dct
     state: present

live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml

@@ -15,15 +15,15 @@
 #
 
 ---
-
-- apt:
+- name: Install autofs
+  ansible.builtin.apt:
     name: autofs
     state: present
 
-# Enable automounting under /net
-- copy:
+- name: Enable automounting under /net
+  ansible.builtin.copy:
     src: etc/
     dest: /etc/
     owner: root
     group: root
-    mode: 0444
+    mode: "0444"