ansible-lint: Update to 6.14.4 with no-changed-when on excluide

.github/workflows/ansible-lint.yml

@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v2
 
       - name: Lint roles
-        uses: ansible-community/ansible-lint-action@v6.8.2
+        uses: ansible-community/ansible-lint-action@v6.14.4
         with:
           targets: |
             inventory/*

.pre-commit-config.yaml

@@ -3,7 +3,7 @@
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -17,7 +17,7 @@ repos:
       - id: no-commit-to-branch
 
   - repo: https://github.com/ansible-community/ansible-lint.git
-    rev: v6.8.2
+    rev: v6.14.4
     hooks:
       - id: ansible-lint
         entry: ansible-lint --force-color -p

changelogs/fragments/ansible-lint-6141.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - "ansible-lint: Update to 6.14.4 (oravirt#329)"

galaxy.yml

@@ -12,4 +12,6 @@ authors:
 license:
   - "MIT"
 tags:
+  - database
+  - infrastructure
   - oracle

playbooks/dev-sec.yml

@@ -4,8 +4,6 @@
   any_errors_fatal: true
   become: true
   become_user: root
-  collections:
-    - devsec.hardening
   roles:
     - devsec.hardening.os_hardening
     - devsec.hardening.ssh_hardening

playbooks/golden_images.yml

@@ -4,8 +4,6 @@
   hosts: "{{ hostgroup | default('all') }}"
   become: true
   any_errors_fatal: true
-  collections:
-    - opitzconsulting.ansible_oracle
   roles:
-    - oraswdb_golden_image
-    - oraswgi_golden_image
+    - opitzconsulting.ansible_oracle.oraswdb_golden_image
+    - opitzconsulting.ansible_oracle.oraswgi_golden_image

playbooks/manage-db.yml

@@ -3,18 +3,16 @@
   hosts: "{{ hostgroup | default('all') }}"
   become: true
   any_errors_fatal: true
-  collections:
-    - opitzconsulting.ansible_oracle
   roles:
-    - oradb_manage_db
-    - oradb_manage_pdb
-    - oradb_manage_parameters
-    - oradb_manage_tablespace
-    - oradb_manage_redo
-    - oradb_manage_profiles
-    - oradb_manage_statspack
-    - oradb_manage_roles
-    - oradb_manage_users
-    - oradb_manage_grants
-    - oradb_manage_services
-    - oradb_rman
+    - opitzconsulting.ansible_oracle.oradb_manage_db
+    - opitzconsulting.ansible_oracle.oradb_manage_pdb
+    - opitzconsulting.ansible_oracle.oradb_manage_parameters
+    - opitzconsulting.ansible_oracle.oradb_manage_tablespace
+    - opitzconsulting.ansible_oracle.oradb_manage_redo
+    - opitzconsulting.ansible_oracle.oradb_manage_profiles
+    - opitzconsulting.ansible_oracle.oradb_manage_statspack
+    - opitzconsulting.ansible_oracle.oradb_manage_roles
+    - opitzconsulting.ansible_oracle.oradb_manage_users
+    - opitzconsulting.ansible_oracle.oradb_manage_grants
+    - opitzconsulting.ansible_oracle.oradb_manage_services
+    - opitzconsulting.ansible_oracle.oradb_rman

playbooks/opatch.yml

@@ -4,8 +4,6 @@
   hosts: "{{ hostgroup | default('all') }}"
   become: true
   any_errors_fatal: true
-  collections:
-    - opitzconsulting.ansible_oracle
   roles:
-    - oraswdb_manage_patches
-    - oradb_datapatch
+    - opitzconsulting.ansible_oracle.oraswdb_manage_patches
+    - opitzconsulting.ansible_oracle.oradb_datapatch

playbooks/os.yml

@@ -4,15 +4,13 @@
   hosts: "{{ hostgroup | default('all') }}"
   become: true
   any_errors_fatal: true
-  collections:
-    - opitzconsulting.ansible_oracle
   roles:
-    - common
-    - orahost
-    - orahost_storage
-    - orahost_ssh
-    - cxoracle
-    - orahost_logrotate
+    - opitzconsulting.ansible_oracle.common
+    - opitzconsulting.ansible_oracle.orahost
+    - opitzconsulting.ansible_oracle.orahost_storage
+    - opitzconsulting.ansible_oracle.orahost_ssh
+    - opitzconsulting.ansible_oracle.cxoracle
+    - opitzconsulting.ansible_oracle.orahost_logrotate
 
   post_tasks:
     - name: Restart autofs

playbooks/swdb.yml

@@ -4,8 +4,6 @@
   hosts: "{{ hostgroup | default('all') }}"
   become: true
   any_errors_fatal: true
-  collections:
-    - opitzconsulting.ansible_oracle
   roles:
-    - oraswdb_install
-    - oraswdb_manage_patches
+    - opitzconsulting.ansible_oracle.oraswdb_install
+    - opitzconsulting.ansible_oracle.oraswdb_manage_patches

playbooks/swgi.yml

@@ -3,9 +3,7 @@
   hosts: "{{ hostgroup | default('all') }}"
   become: true
   any_errors_fatal: true
-  collections:
-    - opitzconsulting.ansible_oracle
   roles:
-    - oraswgi_install
-    - oraswgi_manage_patches
-    - oraasm_manage_diskgroups
+    - opitzconsulting.ansible_oracle.oraswgi_install
+    - opitzconsulting.ansible_oracle.oraswgi_manage_patches
+    - opitzconsulting.ansible_oracle.oraasm_manage_diskgroups

roles/oradb_datapatch/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 - name: oradb_datapatch | Start listener
   ansible.builtin.shell: "export PATH=${ORACLE_HOME}/bin:${PATH}; lsnrctl start {{ lsnrinst.listener_name }} /dev/null; exit 0"
+  # noqa no-changed-when
   environment: "{{ oracle_env_lsnrctl }}"
   become_user: "{{ oracle_user }}"
   with_items: "{{ listener_installed }}"

roles/oradb_manage_grants/tasks/main.yml

@@ -84,9 +84,9 @@
       skip_missing: true
   environment: "{{ oracle_env }}"
   when:
-   - oracle_databases is defined
-   - item.0.state | lower == 'present'
-   - (item.1.grants is defined or item.1.object_privs is defined)
+    - oracle_databases is defined
+    - item.0.state | lower == 'present'
+    - (item.1.grants is defined or item.1.object_privs is defined)
   run_once: "{{ configure_cluster }}"
   become_user: "{{ oracle_user }}"
   loop_control:

roles/oradb_rman/tasks/main.yml

@@ -175,7 +175,10 @@
 
 - name: Wallet create
   ansible.builtin.shell:
-    cmd: 'echo -e "$stdin" | {{ oracle_home_db }}/bin/mkstore -create -nologo -wrl "{{ rman_wallet_loc }}"'
+    cmd: |
+      set -eu
+      set -o pipefail
+      echo -e "$stdin" | "{{ oracle_home_db }}/bin/mkstore" -create -nologo -wrl "{{ rman_wallet_loc }}"
     creates: "{{ rman_wallet_loc }}/ewallet.p12"
   become: true
   become_user: "{{ oracle_user }}"
@@ -192,7 +195,10 @@
 
 - name: List wallet contents
   ansible.builtin.shell:
-    cmd: 'echo "$stdin" | {{ oracle_home_db }}/bin/mkstore -listCredential -nologo -wrl "{{ rman_wallet_loc }}"'
+    cmd: |
+      set -eu
+      set -o pipefail
+      echo "$stdin" | "{{ oracle_home_db }}/bin/mkstore" -listCredential -nologo -wrl "{{ rman_wallet_loc }}"
   become: true
   become_user: "{{ oracle_user }}"
   environment:
@@ -211,7 +217,11 @@
 
 - name: Wallet createCredential
   ansible.builtin.shell:
-    cmd: 'echo "$stdin" | {{ oracle_home_db }}/bin/mkstore -wrl "{{ rman_wallet_loc }}" -nologo -createCredential "$rman_tnsalias" "$rman_user" "$rman_password"'
+    cmd: |
+      set -eu
+      set -o pipefail
+      echo "$stdin" | "{{ oracle_home_db }}/bin/mkstore" -wrl "{{ rman_wallet_loc }}" -nologo -createCredential "$rman_tnsalias" "$rman_user" "$rman_password"
+  # noqa no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   environment:
@@ -233,7 +243,10 @@
 
 - name: Wallet modifyCredential to ensure password is up to date
   ansible.builtin.shell:
-    cmd: 'echo "$stdin" | {{ oracle_home_db }}/bin/mkstore -wrl "{{ rman_wallet_loc }}" -nologo -modifyCredential "$rman_tnsalias" "$rman_user" "$rman_password"'
+    cmd: |
+      set -eu
+      set -o pipefail
+      echo "$stdin" | "{{ oracle_home_db }}/bin/mkstore" -wrl "{{ rman_wallet_loc }}" -nologo -modifyCredential "$rman_tnsalias" "$rman_user" "$rman_password"
   become: true
   become_user: "{{ oracle_user }}"
   changed_when: false  # no simple way to figure out whether this changed the password or not, does not matter.
@@ -259,7 +272,7 @@
 # The task is only execute once on master_node when GI is installed!
 # no catalog connection, because setting initial parameters with catalog takes much more time
 - name: Execute RMAN-Script at playbook
-  # noqa risky-shell-pipe
+  # noqa risky-shell-pipe no-changed-when
   ansible.builtin.shell: "{{ oracle_base }}/bin/rman_backup.sh -a {{ item.1.name }} -s {{ item.0.oracle_db_instance_name | default(item.0.oracle_db_name) }} -r {{ rman_script_dir }} -l {{ rman_log_dir }} | tee -a {{ rman_cron_logdir }}/rman_{{ item.1.name }}.log"
   environment:
     PATH: /bin:/usr/bin

roles/orahost/handlers/main.yml

@@ -6,6 +6,8 @@
 
 - name: restart server
   ansible.builtin.command: reboot
+  # noqa no-changed-when
 
 - name: swapon
   ansible.builtin.command: swapon -a
+  # noqa no-changed-when

roles/orahost/tasks/main.yml

@@ -190,7 +190,7 @@
 
 - name: ssh-keys | Generate SSH keys
   local_action: shell rm -f /tmp/id_rsa*; ssh-keygen -q -N "" -f /tmp/id_rsa ; chmod +r /tmp/id_rsa; cat /tmp/id_rsa.pub > /tmp/authorized_keys  # noqa yaml deprecated-command-syntax deprecated-local-action ignore-errors
-    # noqa fqcn[action-core]
+  # noqa fqcn[action-core] no-changed-when
   ignore_errors: true
   run_once: "{{ configure_cluster }}"
   when: configure_ssh and configure_cluster and old_ssh_config
@@ -230,7 +230,7 @@
 
 - name: ssh-keys | Add short name to known_hosts
   local_action: shell ssh-keyscan -p {{ ansible_ssh_port | default(22) }} -H {{ ansible_hostname }} 2> /dev/null >> {{ keyfile }}  # noqa deprecated-local-action ignore-errors
-  # noqa fqcn[action-core]
+  # noqa fqcn[action-core] no-changed-when
   ignore_errors: true
   become: false
   when: configure_ssh and configure_cluster and old_ssh_config
@@ -239,7 +239,7 @@
 
 - name: ssh-keys | Add FQDN to known_hosts
   local_action: shell ssh-keyscan -p {{ ansible_ssh_port | default(22) }} -H {{ ansible_fqdn }} 2> /dev/null >> {{ keyfile }}  # noqa yaml ignore-errors deprecated-local-action
-  # noqa fqcn[action-core]
+  # noqa fqcn[action-core] no-changed-when
   ignore_errors: true
   become: false
   when: configure_ssh and configure_cluster and old_ssh_config
@@ -248,7 +248,7 @@
 
 - name: ssh-keys | Add IPv4 to known_hosts
   local_action: shell ssh-keyscan -p {{ ansible_ssh_port | default(22) }} -H {{ ansible_default_ipv4.address }} 2> /dev/null >> {{ keyfile }}  # noqa ignore-errors deprecated-local-action
-  # noqa fqcn[action-core]
+  # noqa fqcn[action-core] no-changed-when
   ignore_errors: true
   become: false
   when: configure_ssh and configure_cluster and old_ssh_config

roles/orahost_ssh/tasks/main.yml

@@ -13,7 +13,7 @@
 
     - name: ssh-keys | get public key for grid user
       ansible.builtin.shell: cat /home/{{ grid_user }}/.ssh/id_rsa.pub
-      # noqa command-instead-of-shell
+      # noqa command-instead-of-shell no-changed-when
       register: grid_key
       when: role_separation
       tags:

roles/orahost_storage/tasks/udev.yml

@@ -26,18 +26,19 @@
 
 - name: udev | Run script to create udev rules
   ansible.builtin.shell: "{{ oracle_rsp_stage }}/setup-udev-rules.sh"
-  # noqa command-instead-of-shell
+  # noqa command-instead-of-shell no-changed-when
   when: device_persistence == 'udev'
   tags: udev
 
 - name: udev | Reload rules
   ansible.builtin.shell: partprobe;sleep 5; udevadm control --reload-rules; udevadm trigger
+  # noqa no-changed-when
   when: device_persistence == 'udev'
   tags: udev
 
 - name: udev | List device aliases (register)
   ansible.builtin.shell: ls -l {{ oracle_asm_disk_string }}
-  # noqa command-instead-of-shell
+  # noqa command-instead-of-shell no-changed-when
   when: device_persistence == 'udev'
   tags: udev
   register: lsdevice

roles/oraswdb_golden_image/tasks/main.yml

@@ -26,6 +26,7 @@
 
     - name: Create Golden-Image
       ansible.builtin.command: "{{ oracle_home_db }}/runInstaller -silent -createGoldImage -destinationLocation {{ golden_image_dest }}/{{ dbh.home }}"
+      # noqa no-changed-when
       with_items:
         - "{{ db_homes_installed | list | unique }}"
       loop_control:

roles/oraswdb_install/tasks/11.2.0.3.yml

@@ -41,7 +41,7 @@
 
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{{ oracle_stage_install }}/{{ db_homes_config[dbh.home]['version'] }}/database/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -ignoreSysPrereqs -silent -waitforcompletion"
-  # noqa yaml command-instead-of-shell
+  # noqa yaml command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/11.2.0.4.yml

@@ -39,7 +39,7 @@
 
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{{ oracle_stage_install }}/{{ db_homes_config[dbh.home]['version'] }}/database/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -ignoreSysPrereqs -silent -waitforcompletion"
-  # noqa yaml command-instead-of-shell
+  # noqa yaml command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/12.1.0.1.yml

@@ -39,7 +39,7 @@
 
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{{ oracle_stage_install }}/{{ db_homes_config[dbh.home]['version'] }}/database/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -ignoreSysPrereqs -silent -waitforcompletion"
-  # noqa yaml command-instead-of-shell
+  # noqa yaml command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/12.1.0.2.yml

@@ -39,7 +39,7 @@
 
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{{ oracle_stage_install }}/{{ db_homes_config[dbh.home]['version'] }}/database/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -ignoreSysPrereqs -silent -waitforcompletion"
-  # noqa yaml command-instead-of-shell
+  # noqa yaml command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/12.2.0.1.yml

@@ -1,7 +1,7 @@
 ---
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{{ oracle_stage_install }}/{{ db_homes_config[dbh.home]['version'] }}/database/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -ignoreSysPrereqs -silent -waitforcompletion"
-  # noqa yaml command-instead-of-shell
+  # noqa yaml command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/18.3.0.0.yml

@@ -1,7 +1,7 @@
 ---
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{{ oracle_home_db }}/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -silent -waitforcompletion"
-  # noqa command-instead-of-shell
+  # noqa command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/19.3.0.0.yml

@@ -1,7 +1,7 @@
 ---
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.shell: "{% if ansible_os_family == 'RedHat' and ansible_distribution_major_version | int == 8 and db_homes_config[dbh.home]['imagename'] is not defined %}CV_ASSUME_DISTID=OL7 {% endif %}{{ oracle_home_db }}/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -silent -waitforcompletion {% if db_homes_config[dbh.home]['oracle_home_name'] is defined %}ORACLE_HOME_NAME={{ db_homes_config[dbh.home]['oracle_home_name'] }}{% endif %}"
-  # noqa command-instead-of-shell
+  # noqa command-instead-of-shell no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/21.3.0.0.yml

@@ -1,6 +1,7 @@
 ---
 - name: install_home_db | Install Oracle Database Server
   ansible.builtin.command: "{{ oracle_home_db }}/runInstaller -responseFile {{ oracle_rsp_stage }}/{{ oracle_db_responsefile }} -ignorePrereq -silent -waitforcompletion {% if db_homes_config[dbh.home]['oracle_home_name'] is defined %}ORACLE_HOME_NAME={{ db_homes_config[dbh.home]['oracle_home_name'] }}{% endif %}"
+  # noqa no-changed-when
   become: true
   become_user: "{{ oracle_user }}"
   run_once: "{{ configure_cluster }}"

roles/oraswdb_install/tasks/init.yml

@@ -13,7 +13,7 @@
 
 - name: install_home_db | Register dbora service (init.d)
   ansible.builtin.command: "chkconfig --add dbora"
-  # noqa command-instead-of-module
+  # noqa command-instead-of-module no-changed-when
   become: true
   when: autostartup_service and hostinitdaemon == "init"
   tags: autostartup_service

roles/oraswdb_install/tasks/install-home-db.yml

@@ -129,7 +129,7 @@
 
 - name: install_home_db | Run root script after installation
   ansible.builtin.shell: "{{ oracle_home_db }}/root.sh"
-  # noqa command-instead-of-shell no-handler
+  # noqa command-instead-of-shell no-handler no-changed-when
   run_once: "{{ configure_cluster }}"
   when: oradbinstall.changed
   tags: