Resolve linting issues for install/connmon.yml

Resolves linting issues:
* [ANSIBLE0012] Commands should not change things if nothing needs doing
* [ANSIBLE0010] Package installs should not use latest
* [ANSIBLE0013] Use shell only when shell functionality is required

Executed via: ansible-lint ansible/install/connmon.yml

Change-Id: Ibe52c904c1ebc083e4aa0db10034c1a628b215b8

ansible/install/roles/cinder/tasks/main.yml

@@ -4,14 +4,14 @@
 #
 
 - name: Check for connmon in cinder.conf
-  shell: grep -Eq 'connection\s?=\s?mysql:' /etc/cinder/cinder.conf
+  command: grep -Eq 'connection\s?=\s?mysql:' /etc/cinder/cinder.conf
   register: cinder_mysql
   become: true
   ignore_errors: true
   changed_when: false
 
 - name: Enable Connmon in cinder.conf
-  shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/cinder/cinder.conf
+  command: sed -i 's/mysql:/mysql+connmon:/g' /etc/cinder/cinder.conf
   when: cinder_mysql.rc == 0
   become: true
   notify:

ansible/install/roles/common/tasks/main.yml

@@ -3,9 +3,13 @@
 # Browbeat Install Common
 #
 - name: Check external connectivity
-  shell: ping google.com -c 1 -q
+  command: ping google.com -c 1 -q
   register: ping
   ignore_errors: true
+  tags:
+    # Skip ANSIBLE0012 Commands should not change things if nothing needs doing
+    # Need to check external activity every time
+    - skip_ansible_lint
 
 - name: Add DNS record
   become: true

ansible/install/roles/connmon/tasks/main.yml

@@ -25,7 +25,7 @@
   become: true
 
 - name: Install Screen for connmon
-  yum: name=screen state=latest
+  yum: name=screen state=present
   become: true
   when: undercloud
 
@@ -47,18 +47,30 @@
   ignore_errors: true
   register: firewalld_in_use
   no_log: true
+  tags:
+    # Skip ANSIBLE0012 Commands should not change things if nothing needs doing
+    # Need to check if firewall is in use
+    - skip_ansible_lint
 
 - name: (connmon) Determine if firewalld is active
   shell: systemctl is-active firewalld.service | grep -vq inactive
   ignore_errors: true
   register: firewalld_is_active
   no_log: true
+  tags:
+    # Skip ANSIBLE0012 Commands should not change things if nothing needs doing
+    # Need to check if firewall is active
+    - skip_ansible_lint
 
 - name: (connmon) Determine if TCP/{{connmon_port}} is already active
   shell: firewall-cmd --list-ports | egrep -q "^{{connmon_port}}/tcp"
   ignore_errors: true
   register: firewalld_tcp{{connmon_port}}_exists
   no_log: true
+  tags:
+    # Skip ANSIBLE0012 Commands should not change things if nothing needs doing
+    # Need to check if port is already active
+    - skip_ansible_lint
 
 # add firewall rule via firewall-cmd
 - name: (connmon) Add firewall rule for TCP/{{connmon_port}} (firewalld)
@@ -78,6 +90,10 @@
   register: iptables_tcp5800_exists
   failed_when: iptables_tcp{{connmon_port}}_exists == 127i
   no_log: true
+  tags:
+    # Skip ANSIBLE0012 Commands should not change things if nothing needs doing
+    # Need to check if port is already active
+    - skip_ansible_lint
 
 - name: (connmon) Add firewall rule for TCP/{{connmon_port}} (iptables-services)
   lineinfile:
@@ -91,7 +107,7 @@
   register: iptables_needs_restart
 
 - name: (connmon) Restart iptables-services for TCP/{{connmon_port}} (iptables-services)
-  shell: systemctl restart iptables.service
+  command: systemctl restart iptables.service
   ignore_errors: true
   become: true
   when: iptables_needs_restart != 0 and firewalld_in_use.rc != 0 and firewalld_is_active.rc != 0

ansible/install/roles/heat/tasks/main.yml

@@ -3,14 +3,14 @@
 ##
 #
 - name: Check for connmon in heat.conf
-  shell: grep -Eq 'connection\s?=\s?mysql:' /etc/heat/heat.conf
+  command: grep -Eq 'connection\s?=\s?mysql:' /etc/heat/heat.conf
   register: heat_mysql
   become: true
   ignore_errors: true
   changed_when: false
 
 - name: Enable Connmon in heat.conf
-  shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/heat/heat.conf
+  command: sed -i 's/mysql:/mysql+connmon:/g' /etc/heat/heat.conf
   when: heat_mysql.rc == 0
   become: true
   notify:

ansible/install/roles/keystone/tasks/main.yml

@@ -4,7 +4,7 @@
 #
 
 - name: Determine if keystone is deployed in eventlet
-  shell: ps afx | grep "[Kk]eystone-all" -c
+  command: ps afx | grep "[Kk]eystone-all" -c
   register: deployed
   ignore_errors: true
   changed_when: false
@@ -22,14 +22,14 @@
 #
 
 - name: Check for connmon in keystone.conf
-  shell: grep -Eq 'connection\s?=\s?mysql:' /etc/keystone/keystone.conf
+  command: grep -Eq 'connection\s?=\s?mysql:' /etc/keystone/keystone.conf
   register: keystone_mysql
   become: true
   ignore_errors: true
   changed_when: false
 
 - name: Enable connmon in keystone.conf
-  shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/keystone/keystone.conf
+  command: sed -i 's/mysql:/mysql+connmon:/g' /etc/keystone/keystone.conf
   when: keystone_mysql.rc == 0
   become: true
   notify:

ansible/install/roles/neutron/tasks/main.yml

@@ -4,14 +4,14 @@
 #
 
 - name: Check for connmon in neutron.conf
-  shell: grep -Eq 'connection\s?=\s?mysql:' /etc/neutron/neutron.conf
+  command: grep -Eq 'connection\s?=\s?mysql:' /etc/neutron/neutron.conf
   register: neutron_mysql
   become: true
   ignore_errors: true
   changed_when: false
 
 - name: Enable Connmon in neutron.conf
-  shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/neutron/neutron.conf
+  command: sed -i 's/mysql:/mysql+connmon:/g' /etc/neutron/neutron.conf
   when: neutron_mysql.rc == 0
   become: true
   notify:

ansible/install/roles/nova/tasks/main.yml

@@ -4,14 +4,14 @@
 #
 
 - name: Check for connmon in nova.conf
-  shell: grep -Eq 'connection\s?=\s?mysql:' /etc/nova/nova.conf
+  command: grep -Eq 'connection\s?=\s?mysql:' /etc/nova/nova.conf
   register: nova_mysql
   become: true
   ignore_errors: true
   changed_when: false
 
 - name: Enable Connmon in nova.conf
-  shell: sed -i 's/mysql:/mysql+connmon:/g' /etc/nova/nova.conf
+  command: sed -i 's/mysql:/mysql+connmon:/g' /etc/nova/nova.conf
   when: nova_mysql.rc == 0
   become: true
   notify: