From 2c7889852c7e8c6e8ecd14e4ce5304f01792cc01 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 30 Jun 2023 15:05:50 +0200 Subject: [PATCH] Remove warn argument for command/shell Since ansible-core 2.14 you can't use warn as module argument. Instead, noqa should be used to instruct ansible-lint to supress alerts. Change-Id: Ie448fa182db8c1c9f64744ea72f27f285aa64366 --- handlers/main.yml | 4 +--- tasks/rhel7stig/async_tasks.yml | 4 +--- tasks/rhel7stig/dnf.yml | 4 +--- tasks/rhel7stig/file_perms.yml | 14 +++----------- 4 files changed, 6 insertions(+), 20 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 70052892..2dd5f16a 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -18,9 +18,7 @@ # NOTE(mhayden): It's not possible to use systemd to restart auditd on CentOS # since it's a special service. Using the old service scripts is required. - name: restart auditd - command: service auditd restart - args: - warn: no + command: service auditd restart # noqa: command-instead-of-module - name: restart chrony service: diff --git a/tasks/rhel7stig/async_tasks.yml b/tasks/rhel7stig/async_tasks.yml index e16987d7..8930bc16 100644 --- a/tasks/rhel7stig/async_tasks.yml +++ b/tasks/rhel7stig/async_tasks.yml @@ -16,9 +16,7 @@ # Multiple tasks will need the output of RPM verification, so let's do the # lookup one time and then grep over the output in subsequent tasks. - name: Verify all installed RPM packages - shell: "rpm -Va > {{ temp_dir }}/rpmverify.txt" - args: - warn: no + shell: "rpm -Va > {{ temp_dir }}/rpmverify.txt" # noqa: command-instead-of-module failed_when: False changed_when: False register: rpmverify_task diff --git a/tasks/rhel7stig/dnf.yml b/tasks/rhel7stig/dnf.yml index 9485b0d4..e58073d8 100644 --- a/tasks/rhel7stig/dnf.yml +++ b/tasks/rhel7stig/dnf.yml @@ -46,9 +46,7 @@ # Fedora >= 26 has dnf-automatic-install.timer. We need to check for which one # exists on the system. - name: Check to see which dnf automatic timers are available - shell: "rpm -ql dnf-automatic | grep timer || true" - args: - warn: no + shell: "rpm -ql dnf-automatic | grep timer || true" # noqa: command-instead-of-module register: dnf_automatic_timers check_mode: no changed_when: False diff --git a/tasks/rhel7stig/file_perms.yml b/tasks/rhel7stig/file_perms.yml index 6dc9f160..11a06917 100644 --- a/tasks/rhel7stig/file_perms.yml +++ b/tasks/rhel7stig/file_perms.yml @@ -15,8 +15,6 @@ - name: V-71849 - Get packages with incorrect file permissions or ownership shell: "grep '^.M' {{ temp_dir }}/rpmverify.txt | awk '{ print $NF }'" # noqa risky-shell-pipe - args: - warn: no register: rpmverify_package_list changed_when: False when: @@ -29,9 +27,7 @@ - V-71849 - name: V-71849 - Reset file permissions/ownership to vendor values - shell: "rpm {{ item[0] }} `rpm -qf {{ item[1] }}`" - args: - warn: no + shell: "rpm {{ item[0] }} `rpm -qf {{ item[1] }}`" # noqa: command-instead-of-shell command-instead-of-module risky-shell-pipe changed_when: false with_nested: - ['--setperms', '--setugids'] @@ -51,9 +47,7 @@ - skip_ansible_lint - name: Search for files/directories with an invalid owner - command: find / -xdev -nouser -fstype local - args: - warn: no + command: find / -xdev -nouser -fstype local # noqa: command-instead-of-module register: invalid_owner_files changed_when: false when: @@ -76,9 +70,7 @@ - V-72007 - name: Search for files/directories with an invalid group owner - command: find / -xdev -nogroup -fstype local - args: - warn: no + command: find / -xdev -nogroup -fstype local # noqa: command-instead-of-module register: invalid_group_owner_files changed_when: false when: