From c41119f58accf003f749b6128cace6c3b8804065 Mon Sep 17 00:00:00 2001
From: bluikko <14869000+bluikko@users.noreply.github.com>
Date: Sat, 12 Dec 2020 14:57:10 +0700
Subject: [PATCH 1/2] Comment out unfinished task

---
 ansible/playbooks/role-rocky-ipa-client.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml
index 27eb198..0d22d46 100644
--- a/ansible/playbooks/role-rocky-ipa-client.yml
+++ b/ansible/playbooks/role-rocky-ipa-client.yml
@@ -19,7 +19,7 @@
           - "not no_ansible.stat.exists"
         msg: "/etc/no-ansible exists - skipping run on this node"
 
-    - name: Check if we can see LDAP srv records
+#    - name: Check if we can see LDAP srv records
 
 
   roles:

From 534c1f8a4887c0bd88cbab15b6bfdaeb96e396b8 Mon Sep 17 00:00:00 2001
From: bluikko <14869000+bluikko@users.noreply.github.com>
Date: Sat, 12 Dec 2020 15:16:44 +0700
Subject: [PATCH 2/2] Add Ansible Lint action and fix lint errors

---
 .github/workflows/ansible-lint.yml            | 31 +++++++++++++++++++
 ansible/playbooks/adhoc-ipagroups.yml         |  2 +-
 ansible/playbooks/adhoc-ipausers.yml          |  2 +-
 ansible/playbooks/import-rockygroups.yml      |  2 +-
 ansible/playbooks/import-rockysudo.yml        |  2 +-
 ansible/playbooks/import-rockyusers.yml       |  2 +-
 .../init-rocky-install-kvm-hosts.yml          |  6 ++--
 .../playbooks/init-rocky-ipa-internal-dns.yml |  2 +-
 ansible/playbooks/requirements.yml            |  5 +--
 ansible/playbooks/role-rocky-ipa.yml          |  2 +-
 10 files changed, 45 insertions(+), 11 deletions(-)
 create mode 100644 .github/workflows/ansible-lint.yml

diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
new file mode 100644
index 0000000..0147f84
--- /dev/null
+++ b/.github/workflows/ansible-lint.yml
@@ -0,0 +1,31 @@
+---
+# https://github.com/ansible/ansible-lint-action
+name: Ansible Lint
+
+on:
+  push:
+    paths:
+      - '**.yml'
+      - '**.yaml'
+
+jobs:
+  ansible-lint:
+    runs-on: ubuntu-latest
+    timeout-minutes: 7
+
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+
+      - name: Add installed collections in Ansible configuration
+        run: |
+          echo '[defaults]' > ansible.cfg
+          echo 'collections_paths = ./collections' >> ansible.cfg
+
+      - name: Install requirements
+        run: ansible-galaxy collection install -r ansible/playbooks/requirements.yml -p collections
+
+      - name: Ansible Lint
+        uses: ansible/ansible-lint-action@master
+        with:
+          args: "--exclude .github"
diff --git a/ansible/playbooks/adhoc-ipagroups.yml b/ansible/playbooks/adhoc-ipagroups.yml
index c8b48b1..37bc309 100644
--- a/ansible/playbooks/adhoc-ipagroups.yml
+++ b/ansible/playbooks/adhoc-ipagroups.yml
@@ -20,7 +20,7 @@
         fail_msg: "We are missing group information or ipa admin password"
 
     - name: "Creating Mandatory Groups"
-      ipagroup:
+      freeipa.ansible_freeipa.ipagroup:
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipaGroup }}"
         description: "{{ ipaDescription }}"
diff --git a/ansible/playbooks/adhoc-ipausers.yml b/ansible/playbooks/adhoc-ipausers.yml
index 5fa45db..8469c02 100644
--- a/ansible/playbooks/adhoc-ipausers.yml
+++ b/ansible/playbooks/adhoc-ipausers.yml
@@ -23,7 +23,7 @@
         fail_msg: "We are missing user information or ipa admin password"
 
     - name: "Creating User Account"
-      ipauser:
+      freeipa.ansible_freeipa.ipauser:
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipaName }}"
         first: "{{ ipaFirst }}"
diff --git a/ansible/playbooks/import-rockygroups.yml b/ansible/playbooks/import-rockygroups.yml
index ae87ae5..fdd9a95 100644
--- a/ansible/playbooks/import-rockygroups.yml
+++ b/ansible/playbooks/import-rockygroups.yml
@@ -1,7 +1,7 @@
 ---
 # Creates the first set of groups for the IdM Infrastructure
 - name: "Creating Mandatory Groups"
-  ipagroup:
+  freeipa.ansible_freeipa.ipagroup:
     ipaadmin_password: "{{ ipaadmin_password }}"
     name: "{{ item.group }}"
     description: "{{ item.description }}"
diff --git a/ansible/playbooks/import-rockysudo.yml b/ansible/playbooks/import-rockysudo.yml
index 4c54958..a9a3009 100644
--- a/ansible/playbooks/import-rockysudo.yml
+++ b/ansible/playbooks/import-rockysudo.yml
@@ -2,7 +2,7 @@
 # Currently only one SUDO role should be created, and that is for the
 # rocky linux admins
 - name: "Creating SUDO Role for Rocky Admins"
-  ipasudorule:
+  freeipa.ansible_freeipa.ipasudorule:
     ipaadmin_password: "{{ ipaadmin_password }}"
     name: All_RockyAdmins
     description: Rocky Linux infrastructure and operations sudo access
diff --git a/ansible/playbooks/import-rockyusers.yml b/ansible/playbooks/import-rockyusers.yml
index 1390fb7..ab5847c 100644
--- a/ansible/playbooks/import-rockyusers.yml
+++ b/ansible/playbooks/import-rockyusers.yml
@@ -3,7 +3,7 @@
 # should create both regular and admin accounts for separation of
 # privilege.
 - name: "Creating Initial Accounts"
-  ipauser:
+  freeipa.ansible_freeipa.ipauser:
     ipaadmin_password: "{{ ipaadmin_password }}"
     name: "{{ item.name }}"
     first: "{{ item.first }}"
diff --git a/ansible/playbooks/init-rocky-install-kvm-hosts.yml b/ansible/playbooks/init-rocky-install-kvm-hosts.yml
index 7df1382..06ee06e 100644
--- a/ansible/playbooks/init-rocky-install-kvm-hosts.yml
+++ b/ansible/playbooks/init-rocky-install-kvm-hosts.yml
@@ -20,8 +20,9 @@
 
   tasks:
     - name: Check for CPU Virtualization
-      shell: "lscpu | grep -i virtualization"
+      shell: "set -o pipefail; lscpu | grep -i virtualization"
       register: result
+      changed_when: false
       failed_when: "result.rc != 0"
 
     # Install KVM packages
@@ -43,8 +44,9 @@
         enabled: true
 
     - name: Verify KVM module is loaded
-      shell: "lsmod | grep -i kvm"
+      shell: "set -o pipefail; lsmod | grep -i kvm"
       register: result
+      changed_when: false
       failed_when: "result.rc != 0"
 
   post_tasks:
diff --git a/ansible/playbooks/init-rocky-ipa-internal-dns.yml b/ansible/playbooks/init-rocky-ipa-internal-dns.yml
index 69836e6..09de055 100644
--- a/ansible/playbooks/init-rocky-ipa-internal-dns.yml
+++ b/ansible/playbooks/init-rocky-ipa-internal-dns.yml
@@ -16,7 +16,7 @@
         fail_msg: "We are missing ipa admin password"
 
     - name: "Create Reverse Domains"
-      ipadnszone:
+      freeipa.ansible_freeipa.ipadnszone:
         ipaadmin_password: '{{ ipaadmin_password }}'
         name: '{{ item }}'
       with_items: '{{ rdns }}'
diff --git a/ansible/playbooks/requirements.yml b/ansible/playbooks/requirements.yml
index 5f44742..d964f74 100644
--- a/ansible/playbooks/requirements.yml
+++ b/ansible/playbooks/requirements.yml
@@ -1,3 +1,4 @@
 ---
-- src: freeipa.ansible_freeipa
-- src: community.general
+collections:
+  - freeipa.ansible_freeipa
+  - community.general
diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml
index 8dc5771..9cc9aa9 100644
--- a/ansible/playbooks/role-rocky-ipa.yml
+++ b/ansible/playbooks/role-rocky-ipa.yml
@@ -57,6 +57,6 @@
         group: root
 
     - name: "Turn on reverse zone syncing"
-      ipadnsconfig:
+      freeipa.ansible_freeipa.ipadnsconfig:
         ipaadmin_password: '{{ ipaadmin_password }}'
         allow_sync_ptr: true