From ecac1474b708e2d4b22b6a48610e062c28c70b51 Mon Sep 17 00:00:00 2001
From: Jay Patel <78554593+jarpat@users.noreply.github.com>
Date: Mon, 24 Jul 2023 10:26:31 -0400
Subject: [PATCH] feat: (IAC-1088) Additional Ansible Lint Code Updates (#81)

---
 .github/workflows/linter-analysis.yaml        |  2 +-
 linting-configs/.ansible-lint                 |  4 +--
 roles/kubernetes/common/tasks/main.yaml       | 31 ++++++++-----------
 .../init/secondary/tasks/main.yaml            |  4 +--
 roles/kubernetes/node/init/tasks/main.yaml    |  4 +--
 .../node/labels_taints/tasks/main.yaml        | 10 +++---
 roles/systems/common/tasks/main.yaml          | 12 -------
 roles/systems/control_plane/tasks/main.yaml   |  9 +++---
 roles/systems/jump_server/tasks/main.yaml     |  4 +--
 roles/systems/nfs_server/tasks/main.yaml      |  2 +-
 roles/systems/vsphere/init/tasks/main.yaml    |  4 +--
 11 files changed, 35 insertions(+), 51 deletions(-)

diff --git a/.github/workflows/linter-analysis.yaml b/.github/workflows/linter-analysis.yaml
index 06ba91f..f3851bb 100644
--- a/.github/workflows/linter-analysis.yaml
+++ b/.github/workflows/linter-analysis.yaml
@@ -88,6 +88,6 @@ jobs:
         run: ansible-galaxy install -r ./requirements.yaml
 
       - name: Run ansible-lint Action
-        uses: ansible/ansible-lint-action@v6.16.0
+        uses: ansible/ansible-lint-action@v6.17.0
         env:
           ANSIBLE_ROLES_PATH: "./roles"
diff --git a/linting-configs/.ansible-lint b/linting-configs/.ansible-lint
index fe4c436..4ed06b0 100644
--- a/linting-configs/.ansible-lint
+++ b/linting-configs/.ansible-lint
@@ -20,9 +20,6 @@ skip_list:
   - role-name # roles are dynamically selected based on user's choice so we do need to use paths
   - yaml[line-length] # it's easier to understand/debug the underlying command when it's not broken up, excessively long lines that make sense to split up should be caught during code review,
   - name[template] # task name is being templated, this can be ignored
-  - command-instead-of-shell # shell should only be used when necessary, swap to command TODO future update requires functionality change
-  - command-instead-of-module # there are some cases where command calls could be replaced with modules TODO future update requires functionality change
-  - deprecated-module # In future look for suitable replacement TODO future update requires functionality change
 
 # Ansible-lint does not automatically load rules that have the 'opt-in' tag.
 # You must enable opt-in rules by listing each rule 'id' below.
@@ -38,6 +35,7 @@ enable_list:
 # option are parsed relative to the CWD of execution.
 exclude_paths:
   - examples/bare-metal/sample-ansible-vars.yaml # ignore this file, spacing is done for doc purposes
+  - .github/workflows # non ansible files
 
 # Offline mode disables installation of requirements.yml and schema refreshing
 offline: false
diff --git a/roles/kubernetes/common/tasks/main.yaml b/roles/kubernetes/common/tasks/main.yaml
index 26974fd..91992f8 100644
--- a/roles/kubernetes/common/tasks/main.yaml
+++ b/roles/kubernetes/common/tasks/main.yaml
@@ -46,7 +46,7 @@
     - install
   block:
     - name: Retrieve contents of /etc/default/grub
-      ansible.builtin.shell: cat /etc/default/grub
+      ansible.builtin.command: cat /etc/default/grub
       register: grub_content
       changed_when: false
 
@@ -116,18 +116,6 @@
 #   tags:
 #     - install
 
-- name: Adding SAS certs
-  become: true
-  ansible.builtin.shell: |
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot.crt -o /etc/ssl/certs/sasroot.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot2.crt -o /etc/ssl/certs/sasroot2.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasinter.crt -o /etc/ssl/certs/sasinter.crt
-    update-ca-certificates
-  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
-  tags:
-    - install
-    - update
-
 - name: Install required packages for every machine
   ansible.builtin.package:
     name: "{{ packages }}"
@@ -139,11 +127,18 @@
     - install
     - update
 
-- name: Installing helm
-  ansible.builtin.shell: |
-    curl -ksLO https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
-    chmod 755 get-helm-3
-    ./get-helm-3 --version v{{ helm_version }} --no-sudo
+- name: Download helm installation script
+  ansible.builtin.get_url:
+    url: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+    dest: /tmp/get-helm-3
+    validate_certs: false
+    mode: "0755"
+  tags:
+    - install
+    - update
+
+- name: Execute helm installation script
+  ansible.builtin.command: /tmp/get-helm-3 --version v{{ helm_version }} --no-sudo
   tags:
     - install
     - update
diff --git a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml
index cbceb0d..06dad81 100644
--- a/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml
+++ b/roles/kubernetes/control_plane/init/secondary/tasks/main.yaml
@@ -34,13 +34,13 @@
     - install
 
 - name: Generate control plane join command
-  ansible.builtin.shell: kubeadm token create --print-join-command
+  ansible.builtin.command: kubeadm token create --print-join-command
   register: kubeadm_join_cmd
   delegate_to: "{{ groups['k8s_control_plane'][0] }}"
   tags:
     - install
 
 - name: Join secondary control plane nodes to the cluster
-  ansible.builtin.shell: "{{ kubeadm_join_cmd.stdout }} --control-plane"
+  ansible.builtin.command: "{{ kubeadm_join_cmd.stdout }} --control-plane"
   tags:
     - install
diff --git a/roles/kubernetes/node/init/tasks/main.yaml b/roles/kubernetes/node/init/tasks/main.yaml
index 64927dd..f523c5e 100644
--- a/roles/kubernetes/node/init/tasks/main.yaml
+++ b/roles/kubernetes/node/init/tasks/main.yaml
@@ -3,13 +3,13 @@
 
 ---
 - name: Generate compute node join command
-  ansible.builtin.shell: kubeadm token create --print-join-command
+  ansible.builtin.command: kubeadm token create --print-join-command
   register: kubeadm_join_cmd
   delegate_to: "{{ groups['k8s_control_plane'][0] }}"
   tags:
     - install
 
 - name: Join compute nodes to the cluster
-  ansible.builtin.shell: "{{ kubeadm_join_cmd.stdout }}"
+  ansible.builtin.command: "{{ kubeadm_join_cmd.stdout }}"
   tags:
     - install
diff --git a/roles/kubernetes/node/labels_taints/tasks/main.yaml b/roles/kubernetes/node/labels_taints/tasks/main.yaml
index d405fa1..02be973 100644
--- a/roles/kubernetes/node/labels_taints/tasks/main.yaml
+++ b/roles/kubernetes/node/labels_taints/tasks/main.yaml
@@ -4,8 +4,9 @@
 ---
 # Apply labels to all kubernetes nodes
 - name: Adding labels to cluster Nodes
-  include: labels.yaml
-    labels={{ item.value }}
+  include_tasks: labels.yaml
+  vars:
+    labels: "{{ item.value }}"
   with_dict: "{{ node_labels }}"
   when: ansible_nodename.find(item.key) != -1
   tags:
@@ -14,8 +15,9 @@
 
 # Apply taints to all kubernetes nodes
 - name: Adding taints to cluster Nodes
-  include: taints.yaml
-    taints={{ item.value }}
+  include_tasks: taints.yaml
+  vars:
+    taints: "{{ item.value }}"
   with_dict: "{{ node_taints }}"
   when: ansible_nodename.find(item.key) != -1
   tags:
diff --git a/roles/systems/common/tasks/main.yaml b/roles/systems/common/tasks/main.yaml
index 4066c0f..16da3d7 100644
--- a/roles/systems/common/tasks/main.yaml
+++ b/roles/systems/common/tasks/main.yaml
@@ -89,18 +89,6 @@
 #   tags:
 #     - install
 
-# Add SAS Certificates to support SAS Viya
-- name: Adding SAS certs
-  ansible.builtin.shell: |
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot.crt -o /etc/ssl/certs/sasroot.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasroot2.crt -o /etc/ssl/certs/sasroot2.crt
-    curl -skf http://delphi.unx.sas.com/dumpster/smitty2/certs/sasinter.crt -o /etc/ssl/certs/sasinter.crt
-    update-ca-certificates
-  when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
-  tags:
-    - install
-    - update
-
 - name: Install Python and PIP packages
   ansible.builtin.package:
     name: "{{ item }}"
diff --git a/roles/systems/control_plane/tasks/main.yaml b/roles/systems/control_plane/tasks/main.yaml
index 0c71cc3..ff67f80 100644
--- a/roles/systems/control_plane/tasks/main.yaml
+++ b/roles/systems/control_plane/tasks/main.yaml
@@ -3,15 +3,16 @@
 
 ---
 - name: Generate control plane shared ssh key pair
-  ansible.builtin.shell: |
-    rm -rf ~/.ssh/{{ control_plane_ssh_key_name }}
-    ssh-keygen -t rsa -q -N '' -b 4096 -f ~/.ssh/{{ control_plane_ssh_key_name }}
+  ansible.builtin.command: "{{ item }}"
+  with_items:
+    - rm -rf ~/.ssh/{{ control_plane_ssh_key_name }}
+    - ssh-keygen -t rsa -q -N '' -b 4096 -f ~/.ssh/{{ control_plane_ssh_key_name }}
   tags:
     - install
     - update
 
 - name: Get the ssh key file content
-  ansible.builtin.shell:
+  ansible.builtin.command:
     cat ~/.ssh/{{ control_plane_ssh_key_name }}.pub
   register: ssh_key
   tags:
diff --git a/roles/systems/jump_server/tasks/main.yaml b/roles/systems/jump_server/tasks/main.yaml
index 86e4720..4409dfc 100644
--- a/roles/systems/jump_server/tasks/main.yaml
+++ b/roles/systems/jump_server/tasks/main.yaml
@@ -81,8 +81,8 @@
 #     - install
 #     - update
 
-- name: Mount /viya-share
-  ansible.builtin.shell: mount -a
+- name: Mount /viya-share # noqa: command-instead-of-module
+  ansible.builtin.command: mount -a
   tags:
     - install
     - update
diff --git a/roles/systems/nfs_server/tasks/main.yaml b/roles/systems/nfs_server/tasks/main.yaml
index 5d63d60..140042c 100644
--- a/roles/systems/nfs_server/tasks/main.yaml
+++ b/roles/systems/nfs_server/tasks/main.yaml
@@ -81,7 +81,7 @@
       when: kubernetes_sc_default_file_rc.stdout != "0"
 
 - name: Export file system
-  ansible.builtin.shell: exportfs -a
+  ansible.builtin.command: exportfs -a
   when: ansible_distribution == "Ubuntu" and (ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04")
   tags:
     - install
diff --git a/roles/systems/vsphere/init/tasks/main.yaml b/roles/systems/vsphere/init/tasks/main.yaml
index 56ce12d..c8f84ea 100644
--- a/roles/systems/vsphere/init/tasks/main.yaml
+++ b/roles/systems/vsphere/init/tasks/main.yaml
@@ -18,7 +18,7 @@
     - update
 
 - name: Expand Root Partition - growpart
-  ansible.builtin.shell: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2
+  ansible.builtin.command: "growpart /dev/sda {{ partition_number }}" # CentOS - 1 # Ubuntu - 2
   register: grow_result
   failed_when: grow_result.rc >= 2
   tags:
@@ -29,7 +29,7 @@
 #       using vSphere or any virtual vm's
 #
 - name: Expand Root File System - xfs_grow
-  ansible.builtin.shell: "xfs_growfs -d /"
+  ansible.builtin.command: "xfs_growfs -d /"
   tags:
     - install