chore: fix ansible lint findings

.ansible-lint

@@ -1,9 +1,8 @@
-# .ansible-lint
-# exclude_paths included in this file are parsed relative to this file's location
-# and not relative to the CWD of execution. CLI arguments passed to the --exclude
-# option will be parsed relative to the CWD of execution.
 exclude_paths:
-- .cache/  # implicit unless exclude_paths is defined in config
-- .github/
-- templates/
-- tests/
+  - tests/*
+  - .github/**
+skip_list:
+  - name[template]
+  - command-instead-of-shell  # Use shell only when shell functionality is required.
+  - no-changed-when  # Commands should not change things if nothing needs doing.
+  - package-latest  # Package installs should not use latest.

defaults/main.yml

@@ -14,7 +14,7 @@ cs_bouncers_official:
     base_url: https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/
     tarball: cs-firewall-bouncer.tgz
     deb: crowdsec-firewall-bouncer-nftables
-    dnf: crowdsec-firewall-bouncer-nftables
+    ansible.builtin.dnf: crowdsec-firewall-bouncer-nftables
   cs-nginx-bouncer:
     base_url: https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/
     tarball: cs-nginx-bouncer.tgz
@@ -23,4 +23,4 @@ cs_bouncers_official:
     base_url: https://github.com/crowdsecurity/cs-custom-bouncer/releases/download/
     tarball: cs-custom-bouncer.tgz
     deb: crowdsec-custom-bouncer
-    dnf: crowdsec-custom-bouncer
+    ansible.builtin.dnf: crowdsec-custom-bouncer

handlers/main.yml

@@ -1,5 +1,5 @@
 ---
 - name: Reload crowdsec
-  service:
+  ansible.builtin.service:
     name: crowdsec
     state: reloaded

meta/main.yml

@@ -6,19 +6,20 @@ galaxy_info:
   company: wyssmann.com
   license: Apache
   issue_tracker_url: https://github.com/papanito/ansible-role-crowdsec/issues
+  github_branch: main
 
   min_ansible_version: 2.0
 
   platforms:
-  - name: EL
-    versions:
-    - all
-  - name: Ubuntu
-    versions:
-    - all
-  - name: Debian
-    versions:
-    - all
+    - name: EL
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
 
   galaxy_tags:
     - security

tasks/install_agent_debian.yml

@@ -1,18 +1,18 @@
-- name: add crowdsec apt-key
-  apt_key: 
+- name: Add crowdsec apt-key
+  ansible.builtin.apt_key:
     url: https://packagecloud.io/crowdsec/crowdsec/gpgkey
     state: present
 
 # https://packagecloud.io/crowdsec/crowdsec/install#manual-deb
-- name: add crowdsec apt repository
-  apt_repository: 
-    repo: deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} main
-    state: present 
+- name: Add crowdsec apt repository
+  ansible.builtin.apt_repository:
+    repo: deb https://packagecloud.io/crowdsec/crowdsec/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} main
+    state: present
     filename: crowdsec
-    update_cache: yes
+    update_cache: true
 
-- name: install crowdsec
-  apt: 
+- name: Install crowdsec
+  ansible.builtin.apt:
     name: crowdsec
     state: present
-    update_cache: yes
+    update_cache: true

tasks/install_agent_rhel.yml

@@ -1,24 +1,24 @@
 # - name: Enable EPEL Repository on CentOS 8
-#   dnf:
+#   ansible.builtin.dnf:
 #     name: epel-release
 #     state: latest
 #   when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '8'
 # - name: Enable EPEL Repository on CentOS 7
-#   yum:
+#   ansible.builtin.yum:
 #     name: epel-release
 #     state: latest
 #   when: ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '7'
 
-- name: install required packages
-  yum:
+- name: Install required packages
+  ansible.builtin.yum:
     name:
-    #- pygpgme
-    - yum-utils
+    # - pygpgme
+      - yum-utils
     state: present
 
 # https://packagecloud.io/crowdsec/crowdsec/install#manual-deb
-- name: add crowdsec apt repository
-  yum_repository:
+- name: Add crowdsec apt repository
+  ansible.builtin.yum_repository:
     name: crowdsec
     description: crowdsec repository
     gpgkey:
@@ -28,8 +28,8 @@
     state: present
     file: crowdsec
 
-- name: install crowdsec
-  dnf: 
+- name: Install crowdsec
+  ansible.builtin.dnf:
     name: crowdsec
     state: present
-    update_cache: yes
+    update_cache: true

tasks/install_agent_tarball.yml

@@ -16,8 +16,8 @@
   ansible.builtin.unarchive:
     src: "{{ cs_download_baseurl }}/{{ cs_agent_version }}/{{ cs_tarball }}"
     dest: "{{ cs_install_target_dir }}"
-    keep_newer: yes
-    remote_src: yes
+    keep_newer: true
+    remote_src: true
   when: not crowdsec_stat.stat.exists # or version differs
 
 - name: Install crowdsec in unattended mode

tasks/install_bouncers_debian.yml

@@ -1,5 +1,5 @@
-- name: install bouncer {{ cs_bouncer.key }}
-  apt: 
+- name: Install bouncer {{ cs_bouncer.key }}
+  ansible.builtin.apt:
     name: "{{ cs_bouncers_official[cs_bouncer.key].deb }}"
     state: present
-    update_cache: yes
+    update_cache: true

tasks/install_bouncers_rhel.yml

@@ -1,5 +1,5 @@
-- name: install bouncer {{ cs_bouncer.key }}
-  yum: 
+- name: Install bouncer {{ cs_bouncer.key }}
+  ansible.builtin.yum:
     name: "{{ cs_bouncers_official[cs_bouncer.key].deb }}"
     state: present
-    update_cache: yes
+    update_cache: true

tasks/install_bouncers_tarball.yml

@@ -13,5 +13,5 @@
 #   when: bouncer_stat.stat.exists
 
 - name: Install bouncer {{ cs_bouncer }} (tarball)
-  debug:
-    msg: "TBD"
+  ansible.builtin.debug:
+    msg: "TBD"

tasks/main.yml

@@ -2,20 +2,20 @@
 # tasks file for papanito.crowdsec
 
 - name: Install crowdsec agent (Debian)
-  import_tasks: install_agent_debian.yml
-  when: cs_install_agent|bool == true and ansible_os_family == 'Debian'
+  ansible.builtin.import_tasks: install_agent_debian.yml
+  when: cs_install_agent|bool and ansible_os_family == 'Debian'
   tags:
     - agent
 
 - name: Install crowdsec agent (Enterprise Linux)
-  import_tasks: install_agent_rhel.yml
-  when: cs_install_agent|bool == true and ansible_os_family == 'RedHat'
+  ansible.builtin.import_tasks: install_agent_rhel.yml
+  when: cs_install_agent|bool and ansible_os_family == 'RedHat'
   tags:
     - agent
 
 - name: Install crowdsec agent (tarball)
-  import_tasks: install_agent_tarball.yml
-  when: cs_install_agent|bool == true and ansible_os_family != 'Debian' and ansible_os_family != 'RedHat'
+  ansible.builtin.import_tasks: install_agent_tarball.yml
+  when: cs_install_agent|bool and ansible_os_family != 'Debian' and ansible_os_family != 'RedHat'
   tags:
     - agent
 
@@ -26,7 +26,7 @@
     - console
 
 - name: Install bouncers (Debian)
-  include_tasks: install_bouncers_debian.yml
+  ansible.builtin.include_tasks: install_bouncers_debian.yml
   loop: "{{ cs_bouncers | dict2items }}"
   loop_control:
     loop_var: cs_bouncer
@@ -35,7 +35,7 @@
     - bouncers
 
 - name: Install bouncers (RedHat)
-  include_tasks: install_bouncers_rhel.yml
+  ansible.builtin.include_tasks: install_bouncers_rhel.yml
   loop: "{{ cs_bouncers | dict2items }}"
   loop_control:
     loop_var: cs_bouncer
@@ -44,7 +44,7 @@
     - bouncers
 
 - name: Install bouncers (tarball)
-  include_tasks: install_bouncers_tarball.yml
+  ansible.builtin.include_tasks: install_bouncers_tarball.yml
   loop: "{{ cs_bouncers | dict2items }}"
   loop_control:
     loop_var: cs_bouncer

tests/inventory.hcloud.yml

@@ -12,7 +12,7 @@ compose:
   server_ipv4: ipv4
   server_ipv6: ipv6
 
-cache: yes
+cache: true
 cache_plugin: ansible.builtin.jsonfile
 cache_timeout: 7200
 cache_connection: /tmp/ansible/hcloud_inventory

tests/test.install.both.yml

@@ -1,6 +1,6 @@
 ---
 - hosts: localhost
-  gather_facts: no
+  gather_facts: false
 
   pre_tasks:
   - name: Create a basic test server
@@ -66,7 +66,7 @@
     - role
 
 - hosts: localhost
-  gather_facts: no
+  gather_facts: false
   vars:
     stop_server: false