Linting and Formatting

This commit appends the README.md to state that yaml files should start
with `---` and end with `...`. This also addresses some linting
warnings that were not appearing during pre-commit on local system.

ansible/README.md

@@ -156,6 +156,22 @@ When pushing to your own forked version of this repository, pre-commit must run
 
 When the linter passes, the push will complete and you will be able to open a PR.
 
+## General YAML Formatting
+
+It is recommended that each yaml file starts with `---` and ends with `...`. This can help with linting and also stating an obvious end to the file.
+
+### Plugin and Formatting Assistance
+
+The YAML format is extremely easy and can be generally followed without much to think about, the same goes with ansible's syntax. Ideally, your editor can assist with these things. If you are a vim user, the following plugins can be useful:
+
+```
+stephpy/vim-yaml
+pearofducks/ansible-vim
+vim-syntastic/syntastic
+```
+
+These can be installed using [vim-plug](https://github.com/junegunn/vim-plug).
+
 ## Initializing the Ansible Host
 
 When initializing the ansible host, you should be in `./infrastructure/ansible` so that the `ansible.cfg` is used. You will need to run the `init-rocky-ansible-host.yml` playbook and to get started, which will install all the roles and collections required for the playbooks to run.

ansible/inventories/production/group_vars/chronyservers/main.yml

@@ -2,3 +2,4 @@
 
 chrony_server: true
 chrony_allow_cidr: "10.0.0.0/16"
+...

ansible/inventories/production/group_vars/ipa/main.yml

@@ -0,0 +1,3 @@
+---
+# ipa vars
+...

ansible/inventories/production/group_vars/ipaclients/main.yml

@@ -7,3 +7,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaclient_ssh_trust_dns: true
 ipasssd_enable_dns_updates: true
+...

ansible/inventories/production/group_vars/ipareplicas/main.yml

@@ -10,3 +10,4 @@ ipareplica_setup_ca: true
 ipareplica_setup_kra: true
 ipareplica_setup_dns: true
 ipa_dns_master: 10.100.1.110
+...

ansible/inventories/production/group_vars/ipaserver/main.yml

@@ -13,3 +13,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaserver_no_hbac_allow: true
 ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
+...

ansible/inventories/production/group_vars/rabbitmq/main.yml

@@ -3,3 +3,4 @@
 rabbitmq_cluster_name: "rabbit"
 rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
 rabbitmq_env: "production"
+...

ansible/inventories/staging/group_vars/chronyservers/main.yml

@@ -2,3 +2,4 @@
 
 chrony_server: true
 chrony_allow_cidr: "10.0.0.0/16"
+...

ansible/inventories/staging/group_vars/ipa/main.yml

@@ -0,0 +1,3 @@
+---
+# ipa vars
+...

ansible/inventories/staging/group_vars/ipaclients/main.yml

@@ -7,3 +7,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaclient_ssh_trust_dns: true
 ipasssd_enable_dns_updates: true
+...

ansible/inventories/staging/group_vars/ipareplicas/main.yml

@@ -10,3 +10,4 @@ ipareplica_setup_ca: true
 ipareplica_setup_kra: true
 ipareplica_setup_dns: true
 ipa_dns_master: 10.100.1.110
+...

ansible/inventories/staging/group_vars/ipaserver/main.yml

@@ -13,3 +13,4 @@ ipaclient_no_ntp: true
 ipaclient_mkhomedir: true
 ipaserver_no_hbac_allow: true
 ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
+...

ansible/inventories/staging/group_vars/rabbitmq/main.yml

@@ -3,3 +3,4 @@
 rabbitmq_cluster_name: "rabbit"
 rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}"
 rabbitmq_env: "staging"
+...

ansible/playbooks/adhoc-facts-refresh.yml

@@ -5,3 +5,4 @@
     - name: Force a fact refresh to have those available in local cache
       setup:
         gather_timeout: 30
+...

ansible/playbooks/adhoc-gitlab-creategroup.yml

@@ -38,3 +38,4 @@
         visibility: "{{ gitlab_visibility|default('private') }}"
       delegate_to: localhost
       register: gitlab_group_return
+...

ansible/playbooks/adhoc-gitlab-createproject.yml

@@ -41,3 +41,4 @@
         validate_certs: true
         visibility: "{{ gitlab_visibility|default('private') }}"
       delegate_to: localhost
+...

ansible/playbooks/adhoc-gitlab-deletegroup.yml

@@ -35,3 +35,4 @@
         state: absent
         validate_certs: true
       delegate_to: localhost
+...

ansible/playbooks/adhoc-gitlab-deleteproject.yml

@@ -35,3 +35,4 @@
         state: absent
         validate_certs: true
       delegate_to: localhost
+...

ansible/playbooks/adhoc-ipabinder.yml

@@ -39,3 +39,4 @@
       file:
         path: "/tmp/binder.update"
         state: absent
+...

ansible/playbooks/adhoc-ipadnsrecord.yml

@@ -55,3 +55,4 @@
         managedby:
           - "{{ ipa_name_value[:-1] }}"
       ignore_errors: true
+...

ansible/playbooks/adhoc-ipadnszone.yml

@@ -27,3 +27,4 @@
         name: "{{ ipa_zone }}"
       tags:
         - dns
+...

ansible/playbooks/adhoc-ipagetcert.yml

@@ -32,3 +32,4 @@
   roles:
     - role: rockylinux.ipagetcert
       state: present
+...

ansible/playbooks/adhoc-ipagetkeytab.yml

@@ -135,3 +135,4 @@
         state: file
       tags:
         - keytab
+...

ansible/playbooks/adhoc-ipagroup.yml

@@ -47,3 +47,4 @@
       check_mode: false
       changed_when: "1 != 1"
       when: ipa_fas
+...

ansible/playbooks/adhoc-ipaservice.yml

@@ -28,3 +28,4 @@
         force: "{{ ipa_force | default(false) }}"
       tags:
         - services
+...

ansible/playbooks/adhoc-ipauser-disable-pdr.yml

@@ -82,3 +82,4 @@
         server_uri: ldap://localhost/
         bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org"
         bind_pw: "{{ ipaadmin_password }}"
+...

ansible/playbooks/adhoc-ipauser-disable.yml

@@ -27,3 +27,4 @@
         state: disabled
       tags:
         - users
+...

ansible/playbooks/adhoc-ipauser-enable.yml

@@ -27,3 +27,4 @@
         state: enabled
       tags:
         - users
+...

ansible/playbooks/adhoc-ipauser.yml

@@ -38,3 +38,4 @@
         update_password: on_create
       tags:
         - users
+...

ansible/playbooks/adhoc-rabbitmqqueue.yml

@@ -85,3 +85,4 @@
         loop_var: routing_item
       tags:
         - rabbitmq
+...

ansible/playbooks/adhoc-rabbitmquser.yml

@@ -33,3 +33,4 @@
         state: present
       tags:
         - rabbitmq
+...

ansible/playbooks/handlers/main.yml

@@ -45,3 +45,4 @@
   service:
     name: postfix
     state: restarted
+...

ansible/playbooks/import-rockygroups.yml

@@ -12,3 +12,4 @@
   loop: "{{ ipagroups }}"
   tags:
     - groups
+...

ansible/playbooks/import-rockyipaprivs.yml

@@ -42,3 +42,4 @@
   when: iparoles is defined
   tags:
     - rbac
+...

ansible/playbooks/import-rockypwpolicy.yml

@@ -14,3 +14,4 @@
   loop: "{{ ipapwpolicies }}"
   tags:
     - groups
+...

ansible/playbooks/import-rockysudo.yml

@@ -10,3 +10,4 @@
       - rockyadm
     hostcat: all
     cmdcat: all
+...

ansible/playbooks/import-rockyusers.yml

@@ -68,3 +68,4 @@
   file:
     path: "/tmp/binder.update"
     state: absent
+...

ansible/playbooks/init-rocky-account-services.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-ansible-host.yml

@@ -8,16 +8,16 @@
     collection_installation_dir: collections
     installation_prefix: ../
   pre_tasks:
-# example prepare ansible box for execution
+    # example prepare ansible box for execution
-#    - name: install required pip modules on the host running ansible
+    #  - name: install required pip modules on the host running ansible
-#      pip:
+    #    pip:
-#        name:
+    #      name:
-#          - jmespath
+    #        - jmespath
-#          - netaddr
+    #        - netaddr
-#          - python-consul
+    #        - python-consul
-#          - pyvmomi
+    #        - pyvmomi
-#          - python-ldap
+    #        - python-ldap
-#          - twine
+    #        - twine
 
     - name: Remove existing public roles
       file:
@@ -54,3 +54,4 @@
         path: "../tmp/known_hosts"
         state: touch
         mode: "0644"
+...

ansible/playbooks/init-rocky-bugzilla.yml

@@ -57,3 +57,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-builder-postfix.yml

@@ -34,3 +34,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-chrony.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-install-kvm-hosts.yml

@@ -57,3 +57,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-ipa-internal-dns.yml

@@ -30,3 +30,4 @@
         name: '{{ item }}'
         dynamic_update: true
       with_items: '{{ fdns }}'
+...

ansible/playbooks/init-rocky-ipa-team.yml

@@ -33,3 +33,4 @@
 
     - name: "Start privileges for services"
       import_tasks: import-rockyipaprivs.yml
+...

ansible/playbooks/init-rocky-koji-ecosystem.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-mantisbt.yml

@@ -57,3 +57,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-noggin-theme.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-noggin.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-repo-servers.yml

@@ -32,3 +32,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/init-rocky-system-config.yml

@@ -54,3 +54,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-bootstrap_staging.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-gitlab-ee.yml

@@ -56,3 +56,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-gitlab-runner.yml

@@ -46,3 +46,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-graylog.yml

@@ -63,3 +63,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-ipa-client.yml

@@ -39,3 +39,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-ipa-replica.yml

@@ -51,3 +51,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-ipa.yml

@@ -61,3 +61,4 @@
       freeipa.ansible_freeipa.ipadnsconfig:
         ipaadmin_password: '{{ ipaadmin_password }}'
         allow_sync_ptr: true
+...

ansible/playbooks/role-rocky-ipsilon.yml

@@ -75,3 +75,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojid-staging.yml

@@ -88,3 +88,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojid.yml

@@ -88,3 +88,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojihub-staging.yml

@@ -121,3 +121,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-kojihub.yml

@@ -121,3 +121,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-monitoring.yml

@@ -37,8 +37,8 @@
         state: present
 
   roles:
-    #- role: rockylinux.ipagetcert
+    # - role: rockylinux.ipagetcert
-    #  state: present
+    #   state: present
     - role: cloudalchemy.prometheus
       state: present
     - role: cloudalchemy.alertmanager
@@ -61,3 +61,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-mqtt.yml

@@ -59,3 +59,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-node_exporter.yml

@@ -19,3 +19,4 @@
         port: 9100/tcp
         permanent: true
         state: enabled
+...

ansible/playbooks/role-rocky-pinnwand.yml

@@ -31,8 +31,8 @@
         state: present
 
   tasks:
-      #- include_tasks: tasks/pinnwand.yml
+      # - include_tasks: tasks/pinnwand.yml
-      #  tags: ['includetasks']
+      #   tags: ['includetasks']
 
   roles:
     - role: rockylinux.ipagetcert
@@ -46,8 +46,8 @@
     # Define variables in vars/matomo/nginx.yml
     - role: nginxinc.nginx_core.nginx
       tags: ['nginx']
-      #- role: nginxinc.nginx_core.nginx_config
+      # - role: nginxinc.nginx_core.nginx_config
-      #  tags: ['nginx']
+      #   tags: ['nginx']
 
   post_tasks:
     - name: Open firewalld ports
@@ -64,3 +64,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-rabbitmq.yml

@@ -75,3 +75,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-repopool.yml

@@ -39,3 +39,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-sigul-bridge.yml

@@ -89,3 +89,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-sigul-server.yml

@@ -76,3 +76,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-srpmproc.yml

@@ -38,3 +38,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/role-rocky-wikijs.yml

@@ -56,7 +56,7 @@
         port: "{{ item.port }}"
         permanent: "{{ item.permanent }}"
         state: "{{ item.state }}"
-        immediate: yes
+        immediate: true
       loop: "{{ firewall_rules }}"
 
     - name: Touching run file that ansible has ran here
@@ -67,3 +67,4 @@
         mode: '0644'
         owner: root
         group: root
+...

ansible/playbooks/tasks/account_services.yml

@@ -24,3 +24,4 @@
     name: httpd
     state: running
     enabled: true
+...

ansible/playbooks/tasks/auditd.yml

@@ -33,3 +33,4 @@
     - regenerate_auditd_rules
   tags:
     - harden
+...

ansible/playbooks/tasks/authentication.yml

@@ -66,3 +66,4 @@
   when:
     - ansible_facts['os_family'] == 'RedHat'
     - ansible_facts['distribution_major_version'] == '8'
+...

ansible/playbooks/tasks/bugzilla.yml

@@ -52,3 +52,4 @@
 
 - name: Install necessary pieces
   import_tasks: bugzilla_install.yml
+...

ansible/playbooks/tasks/bugzilla_install.yml

@@ -57,3 +57,4 @@
   file:
     path: "{{ bugzilla_dir }}/answer"
     state: absent
+...

ansible/playbooks/tasks/chrony.yml

@@ -30,3 +30,4 @@
     name: "{{ chrony_service_name }}"
     state: "{{ chrony_service_state }}"
     enabled: "{{ chrony_service_enabled }}"
+...

ansible/playbooks/tasks/efs_mount.yml

@@ -3,19 +3,18 @@
 #
 
 - name: "Installing amazon-efs-utils"
-  become: yes
+  become: true
   become_user: root
   yum:
     name: 'https://git.rockylinux.org/neil/efs-utils/-/jobs/5/artifacts/raw/build/amazon-efs-utils-1.30.1-1.el8.noarch.rpm?inline=false'
-    disable_gpg_check: yes
+    disable_gpg_check: true
-    validate_certs: yes
+    validate_certs: true
     state: present
   tags:
     - amazon_efs_utils
     - packages
     - mounts
 
-
 - name: "Gathering ec2 facts"
   amazon.aws.ec2_metadata_facts:
   tags:
@@ -23,18 +22,17 @@
 
 # "you can use /etc/hosts" https://github.com/aws/efs-utils/issues/1
 - name: "Install custom hosts file because fmlC-w amazon said so."
-  become: yes
+  become: true
   become_user: root
   ansible.builtin.lineinfile:
     path: /etc/hosts
     line: "{{ item.ip_map[ansible_ec2_placement_availability_zone] }} {{ item.fsid }}.efs.{{ ansible_ec2_placement_region }}.amazonaws.com"
-    create: yes
+    create: true
   tags:
     - mounts
 
-
 - name: "Creating and mounting {{ item.fsid }} at {{ item.mount_point }}"
-  become: yes
+  become: true
   become_user: root
   ansible.posix.mount:
     path: "{{ item.mount_point }}"
@@ -44,3 +42,4 @@
     state: "{{ item.state | default('mounted') }}"
   tags:
     - mounts
+...

ansible/playbooks/tasks/gitlab-reconfigure.yml

@@ -62,3 +62,4 @@
     owner: root
     group: root
     mode: '0750'
+...

ansible/playbooks/tasks/gitlab-runner.yml

@@ -23,8 +23,9 @@
   become: true
 
 - name: Create gitlab-runner user
-  become: yes
+  become: true
   user:
     name: gitlab-runner
     shell: /bin/bash
-    system: yes
+    system: true
+...

ansible/playbooks/tasks/grub.yml

@@ -2,3 +2,4 @@
 - name: Add kernel boot options to all kernels and default config
   command: /usr/sbin/grubby --update-kernel=ALL --args "{{ grub_boot_options }}"
   changed_when: "1 != 1"
+...

ansible/playbooks/tasks/harden.yml

@@ -214,3 +214,4 @@
     state: absent
   tags:
     - harden
+...

ansible/playbooks/tasks/init-koji.yml

@@ -4,7 +4,7 @@
   shell: "set -o pipefail && echo \"{{ rockykoji_password }}\" | kinit rockykoji@ROCKYLINUX.ORG"
   check_mode: false
   changed_when: "1 != 1"
-  become: yes
+  become: true
   become_user: koji
   when: rockykoji_has_password | bool
 
@@ -12,14 +12,14 @@
   shell: "set -o pipefail && kinit -kt /home/koji/.koji/keytab koji/rockykoji@ROCKYLINUX.ORG"
   check_mode: false
   changed_when: "1 != 1"
-  become: yes
+  become: true
   become_user: koji
   when: not rockykoji_has_password | bool
 
 - name: Import current necessary tags
   shell: "set -o pipefail && koji add-tag {{ item }}"
   changed_when: "1 != 1"
-  become: yes
+  become: true
   become_user: koji
   loop:
     - build-modules
@@ -60,3 +60,4 @@
     - module-rocky-8.4.0-build
     - trash
     - trashcan
+...

ansible/playbooks/tasks/koji_efs.yml

@@ -20,7 +20,7 @@
   ansible.builtin.lineinfile:
     path: /etc/hosts
     line: "{{ koji_efs_fs_ip_map[ansible_ec2_placement_availability_zone] }} {{ koji_efs_fsid }}"
-    create: yes
+    create: true
   tags:
     - mounts
 
@@ -33,3 +33,4 @@
     state: "{{ koji_efs_fs_state | default('mounted') }}"
   tags:
     - mounts
+...

ansible/playbooks/tasks/main.yml

@@ -1 +1,2 @@
 ---
+...

ansible/playbooks/tasks/mantis.yml

@@ -90,3 +90,4 @@
 
 - name: Patch up some pages
   import_tasks: mantispatch.yml
+...

ansible/playbooks/tasks/mantispatch.yml

@@ -23,3 +23,4 @@
     path: "/var/www/mantisbt-{{ mantis_version }}/login_page.php"
     state: absent
     regex: 'LDAP != config_get_global'
+...

ansible/playbooks/tasks/noggin.yml

@@ -86,3 +86,4 @@
   lineinfile:
     path: "/opt/noggin/noggin/noggin/app.py"
     line: "app = create_app()"
+...

ansible/playbooks/tasks/postfix_relay.yml

@@ -35,3 +35,4 @@
     name: postfix
     state: restarted
     enabled: true
+...

ansible/playbooks/tasks/rabbitmq-reconfigure.yml

@@ -1,2 +1,3 @@
 ---
 # RabbitMQ Additional Changes
+...

ansible/playbooks/tasks/repository.yml

@@ -1,2 +1,3 @@
 ---
 # no tasks yet
+...

ansible/playbooks/tasks/scripts.yml

@@ -7,3 +7,4 @@
     owner: root
     group: root
     mode: '0755'
+...

ansible/playbooks/tasks/srpmproc.yml

@@ -7,3 +7,4 @@
   with_items:
     - httpd_can_network_connect_db
     - httpd_can_network_connect
+...

ansible/playbooks/tasks/ssh_config.yml

@@ -43,3 +43,4 @@
   with_items:
     - /etc/ssh/ssh_host_dsa_key.pub
     - /etc/ssh/ssh_host_dsa_key
+...

ansible/playbooks/tasks/variable_loader_common.yml

@@ -19,3 +19,4 @@
 
   always:
     - debug: msg="Variables are now loaded"
+...

ansible/playbooks/vars/RedHat.yml

@@ -159,3 +159,4 @@ enable_svc:
 
 syslog_packages:
   - rsyslog
+...

ansible/playbooks/vars/bugzilla.yml

@@ -50,3 +50,4 @@ ipa_getcert_requested_hostnames:
     postcmd: "/bin/systemctl reload httpd"
     cnames:
       - "bugs.rockylinux.org"
+...

ansible/playbooks/vars/buildsys.yml

@@ -3,3 +3,4 @@
 smtp_user_name: "username"
 smtp_user_pass: "password"
 smtp_relayhost: "smtp.rockylinux.org"
+...