lint yaml files

8e070350 · Lars Beckers · 74b4658d · 8e070350 · 8e070350 · 8e070350
Commit 8e070350 authored 6 years ago by Lars Beckers
--- a/.yamllint
+++ b/.yamllint
+---
+extends: default
+rules:
+  comments-indentation:
+    level: warning
+  document-start:
+    level: error
+  empty-lines:
+    max: 1
+  empty-values:
+    forbid-in-flow-mappings: true
+    forbid-in-block-mappings: true
+  line-length:
+    level: warning
+  octal-values:
+    forbid-implicit-octal: true
+    level: warning
--- a/ad-auth/tasks/kerberos.yml
+++ b/ad-auth/tasks/kerberos.yml
@@ -2,14 +2,18 @@
 # file: roles/ad-auth/tasks/kerberos.yml
 - name: ensure kerberos is installed
-  apt: name=krb5-user state=present
+  apt:
+    name: krb5-user
+    state: present
  tags:
    - kerberos
-    - packages
 - name: ensure kerberos is configured
-  template: src=krb5.conf.j2 dest=/etc/krb5.conf owner=root group=root mode=0644
+  template:
+    src: krb5.conf.j2
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: '0644'
  tags:
    - kerberos
-    - config
--- a/ad-auth/tasks/ldap.yml
+++ b/ad-auth/tasks/ldap.yml
@@ -2,14 +2,18 @@
 # file: roles/ad-auth/tasks/ldap.yml
 - name: ensure ldap-utils is installed
-  apt: name=ldap-utils state=present
+  apt:
+    name: ldap-utils
+    state: present
  tags:
    - ldap
-    - packages
 - name: ensure proper global ldap configuration
-  template: src=ldap.conf.j2 dest=/etc/ldap/ldap.conf owner=root group=root mode=0644
+  template:
+    src: ldap.conf.j2
+    dest: /etc/ldap/ldap.conf
+    owner: root
+    group: root
+    mode: '0644'
  tags:
    - ldap
-    - config
--- a/ad-auth/tasks/main.yml
+++ b/ad-auth/tasks/main.yml
@@ -18,8 +18,10 @@
 - meta: flush_handlers
 - name: ensure there is no local users group
-  lineinfile: path=/etc/group state=absent regexp="^users:"
+  lineinfile:
+    path: /etc/group
+    state: absent
+    regexp: "^users:"
  tags:
    - groups
-    - config
    - ad-auth
--- a/ad-auth/tasks/pam.yml
+++ b/ad-auth/tasks/pam.yml
@@ -2,9 +2,13 @@
 # file: roles/ad-auth/tasks/pam.yml
 - name: ensure pam applies a general umask
-  copy: src=pam/umask dest=/usr/share/pam-configs/umask owner=root group=root mode=0644
+  copy:
+    src: pam/umask
+    dest: /usr/share/pam-configs/umask
+    owner: root
+    group: root
+    mode: '0644'
  notify:
    - regenerate pam config
  tags:
    - pam
-    - config
--- a/ad-auth/tasks/sssd.yml
+++ b/ad-auth/tasks/sssd.yml
@@ -9,41 +9,60 @@
      - libnss-sss
      - sssd-tools
      - realmd
+      # yamllint disable rule:line-length
      - policykit-1  # this is required for realm to discover realms...
      - adcli  # this is required for realm to join realms...
      - packagekit  # this is required for realm to i don't know and don't even care anymore...
+      # yamllint enable rule:line-length
      - cracklib-runtime
    state: present
-    install_recommends: no
+    install_recommends: false
  notify:
    - clear sssd cache
  tags:
    - sssd
-    - packages
 - name: check if our realm is configured
  shell: realm list | grep "{{ domain }}"
  register: current_realms
  changed_when: "current_realms.rc != 0"
  failed_when: "current_realms.rc != 0 and current_realms.rc != 1"
+  tags:
+    - sssd
 - block:
    - name: discover our realm
      command: realm discover -v "{{ domain }}"
+      tags:
+        - sssd
    - name: get a kerberos ticket
+      # yamllint disable-line rule:line-length
      shell: echo "{{ lookup('passwordstore', ad_admin_password) }}" | kinit Administrator
      when: debian_version == "jessie"
-      no_log: True
+      no_log: true
+      tags:
+        - sssd
    - name: ensure pexpect is installed
-      apt: name=python-pexpect state=present
+      apt:
+        name: python-pexpect
+        state: present
      when: debian_version == "stretch"
+      tags:
+        - sssd
    - name: get a kerberos ticket
      expect:
        command: kinit Administrator
        responses:
+          # yamllint disable-line rule:line-length
          "Passwor(d|t) for Administrator.*": "{{ lookup('passwordstore', ad_admin_password) }}"
      when: debian_version == "stretch"
-      no_log: True
+      no_log: true
+      tags:
+        - sssd
    - name: leave any other realm
      command: realm leave
      register: result
@@ -51,38 +70,50 @@
      retries: 9001
      delay: 0
      failed_when: "result.rc != 0 and result.rc != 1"
+      tags:
+        - sssd
    - name: join our realm
      command: realm join -v "{{ domain }}"
      notify:
        - clear sssd cache
        - restart sssd
+      tags:
+        - sssd
    - name: destroy kerberos ticket
      command: kdestroy
+      tags:
+        - sssd
  when: "current_realms.rc != 0"
 - name: ensure sssd is configured
-  template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
+  template:
+    src: sssd.conf.j2
+    dest: /etc/sssd/sssd.conf
+    owner: root
+    group: root
+    mode: '0600'
  notify:
    - restart sssd
    - clear sssd cache
  tags:
    - sssd
-    - config
 - name: ensure sssd is enabled and running
-  service: name=sssd state=started enabled=yes
+  service:
+    name: sssd
+    state: started
+    enabled: true
  tags:
    - sssd
-    - service
 - name: ensure we have a cronjob which renews krb credenitials once a day
  template:
    src: templates/renew_krb5.j2
    dest: /etc/cron.daily/renew_krb5
-    mode: 0755
+    mode: '0755'
    owner: root
    group: root
  tags:
    - sssd
--- a/ad-auth/tasks/sudo.yml
+++ b/ad-auth/tasks/sudo.yml
@@ -2,10 +2,13 @@
 # file: roles/ad-auth/tasks/sudo.yml
 - name: ensure users of group admin are in the sudoers
-  template: src=sudo.j2 dest=/etc/sudoers.d/admin owner=root group=root mode=0440
+  template:
+    src: sudo.j2
+    dest: /etc/sudoers.d/admin
+    owner: root
+    group: root
+    mode: '0440'
  notify:
    - check sudo config
  tags:
    - sudo
-    - config
--- a/ad-server-replication/defaults/main.yml
+++ b/ad-server-replication/defaults/main.yml
+---
+ad_admin_password: samba-admin
--- a/ad-server-replication/handlers/main.yml
+++ b/ad-server-replication/handlers/main.yml
@@ -3,4 +3,3 @@
 - name: restart samba-ad-dc server
  service: name=samba-ad-dc state=restarted
--- a/ad-server-replication/tasks/kerberos.yml
+++ b/ad-server-replication/tasks/kerberos.yml
@@ -2,14 +2,18 @@
 # file: roles/ad-auth/tasks/kerberos.yml
 - name: ensure kerberos is installed
-  apt: name=krb5-user state=present
+  apt:
+    name: krb5-user
+    state: present
  tags:
    - kerberos
-    - packages
 - name: ensure kerberos is configured
-  template: src=krb5.conf.j2 dest=/etc/krb5.conf owner=root group=root mode=0644
+  template:
+    src: krb5.conf.j2
+    dest: /etc/krb5.conf
+    owner: root
+    group: root
+    mode: '0644'
  tags:
    - kerberos
-    - config
--- a/ad-server-replication/tasks/main.yml
+++ b/ad-server-replication/tasks/main.yml
@@ -4,34 +4,33 @@
 - import_tasks: kerberos.yml
 - name: ensure ad-server is installed
-  apt: name=samba state=latest
+  apt:
+    name: samba
+    state: present
  tags:
-    - packages
    - ad-server
-    #- name: ensure winbind is for some reasons installed
-    #  apt: name=winbind state=latest
-    #  tags: 
-    #    - packages
-    #    - ad-server
 - name: figure out if domain is provisioned
-  stat: path=/var/lib/samba/sysvol/{{ domain }}
+  stat:
+    path: "/var/lib/samba/sysvol/{{ domain }}"
  register: domain_provisioned
  tags:
    - ad-server
    - domain-provision
 - block:
    - name: ensure smb.conf is absent for provision
-    file: path=/etc/samba/smb.conf state=absent
+      file:
+        path: /etc/samba/smb.conf
+        state: absent
      tags:
        - ad-server
        - domain-provision
    - name: ensure pexpect is installed
-    apt: name=python-pexpect state=present
+      apt:
+        name: python-pexpect
+        state: present
      tags:
        - ad-server
        - domain-provision
@@ -39,10 +38,11 @@
    - name: ensure domain is provisioned
      expect:
-      shell: samba-tool domain join "{{ domain }}" DC -U"{{ domain }}/Administrator" --dns-backend=NONE --option='idmap_ldb:use rfc2307=yes' 2> /root/provision.log
+        # yamllint disable-line rule:line-length
+        shell: samba-tool domain join "{{ domain }}" DC -U"{{ domain }}/Administrator" --dns-backend=NONE --option="idmap_ldb:use rfc2307=yes" 2> /root/provision.log
        responses:
-        "Password for.*": "{{ lookup('passwordstore', 'samba-admin') }}"
+          "Password for.*": "{{ lookup('passwordstore', ad_admin_password) }}"
-    no_log: True
+      no_log: true
      tags:
        - ad-server
        - domain-provision
@@ -53,7 +53,6 @@
      tags:
        - ad-server
        - domain-provision
-      #  when: domain_provisioned.stat.exists == False
    - name: ensure the idmap library is copied to secondary
      synchronize:
@@ -63,50 +62,56 @@
      tags:
        - ad-server
        - domain-provision
  when: domain_provisioned.stat.exists == False
-#- name: ensure the id library is rted to secondary
-#  shell: samba-tool ntacl sysvolreset
-#  tags: 
-#    - ad-server
-#    - domain-provision
-#    #when: domain_provisioned.stat.exists == False
 - name: ensure smb.conf is correct
-  template: src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+    mode: '0644'
  notify: restart samba-ad-dc server
  tags:
    - ad-server
-    - config
 - name: ensure smbd is stopped and disabled
-  service: name=smbd state=stopped enabled=no
+  service:
+    name: smbd
+    state: stopped
+    enabled: false
  tags:
    - ad-server
-    - service
 - name: ensure nmbd is stopped and disabled
-  service: name=nmbd state=stopped enabled=no
+  service:
+    name: nmbd
+    state: stopped
+    enabled: false
  tags:
    - ad-server
-    - service
 - name: ensure samba-ad-dc unit is running, enabled and not masked
-  systemd: name=samba-ad-dc masked=no 
+  systemd:
+    name: samba-ad-dc
+    masked: false
+    state: started
+    enabled: true
  tags:
    - ad-server
-    - service
 - name: ensure samba-ad-dc is running and enabled
-  service: name=samba-ad-dc state=started enabled=yes
+  service:
+    name: samba-ad-dc
+    state: started
+    enabled: true
  tags:
    - ad-server
-    - service
 - name: ensure we have a replication cronjob for sysvol
-  template: src=templates/replication-cron dest=/etc/cron.d/samba-replication-cron
+  template:
+    src: replication-cron
+    dest: /etc/cron.d/samba-replication-cron
  delegate_to: "{{ ad_primary }}"
  tags:
    - ad-server

--- a/ad-server/defaults/main.yml
+++ b/ad-server/defaults/main.yml
+---
+ad_admin_password: samba-admin
--- a/ad-server/handlers/main.yml
+++ b/ad-server/handlers/main.yml
@@ -3,4 +3,3 @@
 - name: restart samba-ad-dc server
  service: name=samba-ad-dc state=restarted
--- a/ad-server/tasks/main.yml
+++ b/ad-server/tasks/main.yml
@@ -2,81 +2,88 @@
 # file: roles/ad-server/tasks/main.yml
 - name: ensure ad-server is installed
-  apt: name=samba state=latest
+  apt:
+    name: samba
+    state: present
  tags:
-    - packages
    - ad-server
 - name: ensure winbind is for some reasons installed
-  apt: name=winbind state=latest
+  apt:
+    name: winbind
+    state: present
  tags:
-    - packages
    - ad-server
 - name: figure out if domain is provisioned
-  stat: path=/var/lib/samba/sysvol/{{ domain }}
+  stat:
+    path: "/var/lib/samba/sysvol/{{ domain }}"
  register: domain_provisioned
  tags:
    - ad-server
    - domain-provision
 - name: ensure smb.conf is absent for provision
-  file: path=/etc/samba/smb.conf state=absent
+  file:
+    path: /etc/samba/smb.conf
+    state: absent
  when: domain_provisioned.stat.exists == False
  tags:
    - ad-server
    - domain-provision
- name: get admin password for SAMBA
+# passwords will be selected at random and safed to /root/smb-provision.log)
-  local_action: pass name="samba-admin" state=present generate=20 store=FSMPI_PASSWORD_STORE_DIR limit=yes
-  register: adminpass
-  when: domain_provisioned.stat.exists == False
-  no_log: True
-  tags:
-    - ad-server
-    - domain-provision
-    - password
-# provision smb-domain. passwords will be selected at random and safed to /root/smb-provision.log)
 - name: ensure domain is provisioned
-  shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ adminpass.password }}  2> /root/smb-provision.log
+  # yamllint disable-line rule:line-length
+  shell: samba-tool domain provision --use-rfc2307 --domain={{ smb_domain }} --server-role=dc --host-name={{ ansible_hostname }} --realm={{ REALM }} --dns-backend=NONE --adminpass={{ lookup('passwordstore', ad_admin_password) }} 2>/root/smb-provision.log
  when: domain_provisioned.stat.exists == False
-  no_log: True
+  no_log: true
  tags:
    - ad-server
    - domain-provision
 - name: ensure smb.conf is correct
-  template: src=smb.conf.j2 dest=/etc/samba/smb.conf owner=root group=root mode=0644
+  template:
+    src: smb.conf.j2
+    dest: /etc/samba/smb.conf
+    owner: root
+    group: root
+    mode: '0644'
  notify: restart samba-ad-dc server
  tags:
    - ad-server
-    - config
 - name: ensure smbd is stopped and disabled
-  service: name=smbd state=stopped enabled=no
+  service:
+    name: smbd
+    state: stopped
+    enabled: false
  tags:
    - ad-server
-    - service
 - name: ensure nmbd is stopped and disabled
-  service: name=nmbd state=stopped enabled=no
+  service:
+    name: nmbd
+    state: stopped
+    enabled: false
  tags:
    - ad-server
-    - service
 - name: ensure samba-ad-dc unit is running, enabled and not masked
-  systemd: name=samba-ad-dc masked=no state=started enabled=yes
+  systemd:
+    name: samba-ad-dc
+    masked: false
+    state: started
+    enabled: true
  tags:
    - ad-server
-    - service
 - name: ensure samba-ad-dc is running and enabled
-  service: name=samba-ad-dc state=started enabled=yes
+  service:
+    name: samba-ad-dc
+    state: started
+    enabled: true
  tags:
    - ad-server
-    - service
 - meta: flush_handlers
--- a/lvm-snapshots/tasks/main.yml
+++ b/lvm-snapshots/tasks/main.yml
@@ -2,10 +2,14 @@
 # file: roles/lvm-snapshots/tasks/main.yml
 - name: ensure we have the target folder
-  file: path="{{program_dir}}" state=directory owner=root group=root mode=0755
+  file:
+    path: "{{program_dir}}"
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
  tags:
    - lvm-snapshots
-    - directory
 - name: ensure our deploy key is present
  copy:
@@ -13,11 +17,10 @@
    dest: /root/.ssh/lvm-snapshots.key
    owner: root
    group: root
-    mode: 0600
+    mode: '0600'
-  no_log: True
+  no_log: true
  tags:
    - lvm-snapshots
-    - ssh
 - name: ensure our public deploy key is present
  copy:
@@ -25,11 +28,10 @@
    dest: /root/.ssh/lvm-snapshots.pub
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
-  no_log: True
+  no_log: true
  tags:
    - lvm-snapshots
-    - ssh
 - name: ensure we have our lvm-snapshots ssh config
  copy:
@@ -37,31 +39,26 @@
    dest: /root/.ssh/config.lvm-snapshots
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  tags:
    - lvm-snapshots
-    - ssh
-    - config
 - name: ensure our lvm-snapshots ssh config is included
  lineinfile:
    dest: /root/.ssh/config
    line: "Include config.lvm-snapshots"
-    create: yes
+    create: true
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  tags:
    - lvm-snapshots
-    - ssh
-    - config
 - name: ensure we have the program
  git:
    repo: git@git.fsmpi.rwth-aachen.de:infra/lvm-snapshots.git
    dest: "{{program_dir}}"
  tags:
-    - git
    - lvm-snapshots
 - name: ensure the necessary programs are installed
@@ -71,7 +68,6 @@
      - virtualenv
    state: present
  tags:
-    - packages
    - lvm-snapshots
 - name: ensure we have a virtualenv
@@ -80,8 +76,6 @@
    virtualenv: "{{program_dir}}"
    virtualenv_python: python3
  tags:
-    - pip
-    - python
    - lvm-snapshots
 - name: ensure we have a frontend script
@@ -90,10 +84,9 @@
    dest: /usr/local/sbin/lvm-snapshots
    owner: root
    group: root
-    mode: 0755
+    mode: '0755'
  tags:
    - lvm-snapshots
-    - config
 - name: ensure we have our config
  template:
@@ -101,10 +94,9 @@
    dest: /etc/lvm-snapshots.toml
    owner: root
    group: root
-    mode: 0644
+    mode: '0644'
  tags:
    - lvm-snapshots
-    - config
 - name: ensure we have a cron job
  cron:
@@ -113,4 +105,3 @@
    job: "/usr/local/sbin/lvm-snapshots update"
  tags:
    - lvm-snapshots
-    - cron
--- a/nfs-client/defaults/main.yml
+++ b/nfs-client/defaults/main.yml
 ---
-nfs_enable_cifs: False
+nfs_enable_cifs: false
-nfs_enable_quota: False
+nfs_enable_quota: false
--- a/nfs-client/tasks/main.yml
+++ b/nfs-client/tasks/main.yml
@@ -11,7 +11,6 @@
    state: present
  tags:
    - nfs-client
-    - packages
 - name: ensure cifs client utils are installed
  apt:
@@ -22,35 +21,41 @@
  when: nfs_enable_cifs
  tags:
    - nfs-client
-    - packages
 - name: ensure quota tools are installed
-  apt: name=quota state=present
+  apt:
+    name: quota
+    state: present
  when: nfs_enable_quota
  tags:
    - nfs-client
-    - packages
 - name: ensure the nfs-client service is configured for nfs4
-  copy: src=nfs-common dest=/etc/default/nfs-common owner=root group=root mode=0644
+  copy:
+    src: nfs-common
+    dest: /etc/default/nfs-common
+    owner: root
+    group: root
+    mode: '0644'
  notify:
    - restart nfs-client
    - restart autofs
  tags:
    - nfs-client
-    - config
 - name: ensure nfs module is loaded
-  modprobe: name=nfs state=present
+  modprobe:
+    name: nfs
+    state: present
  tags:
    - nfs-client
-    - config
 - name: ensure nfs module is loaded after a reboot
-  copy: content="nfs" dest=/etc/modules-load.d/nfs.conf
+  copy:
+    content: "nfs"
+    dest: /etc/modules-load.d/nfs.conf
  tags:
    - nfs-client
-    - config
 - name: ensure we use the idmapper
  shell: echo "N" > /sys/module/nfs/parameters/nfs4_disable_idmapping
@@ -59,74 +64,101 @@
    - restart autofs
  tags:
    - nfs-client
-    - config
 - name: ensure we use the idmapper after a reboot
-  copy: src=modprobe-nfs.conf dest=/etc/modprobe.d/nfs.conf owner=root group=root mode=0644
+  copy:
+    src: modprobe-nfs.conf
+    dest: /etc/modprobe.d/nfs.conf
+    owner: root
+    group: root
+    mode: '0644'
  tags:
    - nfs-client
-    - config
- name: ensure the kernel key storage quote used for idmapping is sufficiently high
+- name: ensure the kernel key storage used for idmapping is sufficiently high
-  sysctl: name=kernel.keys.root_maxkeys state=present value=1000 # default is 200, this quote was reached
+  sysctl:
+    name: kernel.keys.root_maxkeys
+    state: present
+    value: 1000  # default is 200, this quote was reached
  when: debian_version == "jessie"
  notify:
    - reload sysctl
  tags:
    - nfs-client
    - sysctl
-    - config
 - name: stretch has a reasonable default value for the kernel key storage size
-  sysctl: name=kernel.keys.root_maxkeys state=absent
+  sysctl:
+    name: kernel.keys.root_maxkeys
+    state: absent
  when: debian_version == "stretch"
  notify:
    - reload sysctl
  tags:
    - nfs-client
    - sysctl
-    - config
 - name: ensure nfs-common is enabled
-  service: name=nfs-client.target state=started enabled=yes
+  service:
+    name: nfs-client.target
+    state: started
+    enabled: true
  tags:
    - nfs-client
-    - service
 - name: Configure automount
  when: automount
  block:
    - name: ensure there is a base directory for automount
-      file: state=directory path=/net owner=root group=root mode=0755
+      file:
+        state: directory
+        path: /net
+        owner: root
+        group: root
+        mode: '0755'
      notify:
        - restart autofs
      tags:
        - nfs-client
    - name: ensure automounter is configured
-      copy: src=auto.master dest=/etc/auto.master owner=root group=root mode=0644
+      copy:
+        src: auto.master
+        dest: /etc/auto.master
+        owner: root
+        group: root
+        mode: '0644'
      notify:
        - restart autofs
      tags:
        - nfs-client
-        - config
    - name: ensure mounts from central storage are available
-      template: src=auto.nfs.j2 dest=/etc/auto.nfs owner=root group=root mode=0644
+      template:
+        src: auto.nfs.j2
+        dest: /etc/auto.nfs
+        owner: root
+        group: root
+        mode: '0644'
      notify:
        - restart autofs
      tags:
        - nfs-client
-        - config
    - name: ensure automounter is enabled
-      service: name=autofs state=started enabled=yes
+      service:
+        name: autofs
+        state: started
+        enabled: true
      tags:
        - nfs-client
-        - service
    - name: ensure linking of netdirs
-      file: src="/net/{{ item.netdir }}" dest="/{{ item.dest }}" state=link force=yes
+      file:
+        src: "/net/{{ item.netdir }}"
+        dest: "/{{ item.dest }}"
+        state: link
+        force: true
      with_items: "{{ nfs_shares }}"
      tags:
        - nfs-client
@@ -138,10 +170,9 @@
      service:
        name: autofs
        state: stopped
-        enabled: no
+        enabled: false
      tags:
        - nfs-client
-        - service
    - name: Ensure mountpoints are directories
      file:
@@ -163,10 +194,14 @@
        - nfs-client
 - name: configure default umask and other user related stuff
-  copy: src=login.defs dest=/etc/login.defs owner=root group=root mode=0644
+  copy:
+    src: login.defs
+    dest: /etc/login.defs
+    owner: root
+    group: root
+    mode: '0644'
  tags:
    - nfs-client
    - umask
-    - config
 - meta: flush_handlers
--- a/nfs-server/handlers/main.yml
+++ b/nfs-server/handlers/main.yml
@@ -3,4 +3,3 @@
 - name: restart nfs-server
  service: name=nfs-server state=restarted
--- a/nfs-server/tasks/main.yml
+++ b/nfs-server/tasks/main.yml
@@ -12,47 +12,66 @@
    state: present
  tags:
    - nfs-server
-    - packages
 - name: ensure default umask and other user related stuff
-  copy: src=login.defs dest=/etc/login.defs owner=root group=root mode=0644
+  copy:
+    src: login.defs
+    dest: /etc/login.defs
+    owner: root
+    group: root
+    mode: '0644'
  tags:
    - nfs-server
    - umask
-    - config
 - name: ensure exports configuration is in place
-  template: src=exports.j2 dest=/etc/exports owner=root group=root mode=0644
+  template:
+    src: exports.j2
+    dest: /etc/exports
+    owner: root
+    group: root
+    mode: '0644'
  notify:
    - restart nfs-server
  tags:
    - nfs-server
-    - config
 - name: ensure nfs-common is configured
-  copy: src=nfs-common dest=/etc/default/nfs-common owner=root group=root mode=0644
+  copy:
+    src: nfs-common
+    dest: /etc/default/nfs-common
+    owner: root
+    group: root
+    mode: '0644'
  notify:
    - restart nfs-server
  tags:
    - nfs-server
-    - config
 - name: ensure nfs-kernel-server is configured
-  copy: src=nfs-kernel-server dest=/etc/default/nfs-kernel-server owner=root group=root mode=0644
+  copy:
+    src: nfs-kernel-server
+    dest: /etc/default/nfs-kernel-server
+    owner: root
+    group: root
+    mode: '0644'
  notify:
    - restart nfs-server
  tags:
    - nfs-server
-    - config
 - name: ensure nfs-server is enabled and running
-  service: name=nfs-server state=started enabled=yes
+  service:
+    name: nfs-server
+    state: started
+    enabled: true
  tags:
    - nfs-server
-    - service
 - name: ensure that there is a keytab available
-  file: path=/etc/krb5.keytab state=file
+  file:
+    path: /etc/krb5.keytab
+    state: file
  tags:
    - nfs-server
    - service-principal
@@ -61,7 +80,7 @@
 - name: check that we have a valid service principal
  shell: klist -k /etc/krb5.keytab | grep "nfs/{{ ansible_fqdn }}"
  register: principal
-  failed_when: False
+  failed_when: false
  tags:
    - nfs-server
    - service-principal
@@ -69,6 +88,7 @@
 - block:
    - name: create service principal
+      # yamllint disable-line rule:line-length
      command: samba-tool spn add "nfs/{{ ansible_fqdn }}" "{{ ansible_hostname | upper }}$"
      delegate_to: "{{ hostvars[groups['ad-server'][0]]['ansible_host'] }}"
      tags:
@@ -76,6 +96,7 @@
        - service-principal
    - name: export keytab
+      # yamllint disable-line rule:line-length
      command: samba-tool domain exportkeytab "/root/{{ ansible_fqdn }}.keytab" --principal "nfs/{{ ansible_fqdn }}"
      args:
        creates: "/root/{{ ansible_fqdn }}.keytab"
@@ -94,7 +115,9 @@
        - service-principal
    - name: ensure pexpect is installed
-      apt: name=python-pexpect state=present
+      apt:
+        name: python-pexpect
+        state: present
      tags:
        - nfs-server
        - service-principal
@@ -115,14 +138,18 @@
        - service-principal
    - name: remove keytab at kdc
-      file: path="/root/{{ ansible_fqdn }}.keytab" state=absent
+      file:
+        path: "/root/{{ ansible_fqdn }}.keytab"
+        state: absent
      delegate_to: "{{ hostvars[groups['ad-server'][0]]['ansible_host'] }}"
      tags:
        - nfs-server
        - service-principal
    - name: remove keytab at host
-      file: path="/root/{{ ansible_fqdn }}.keytab" state=absent
+      file:
+        path: "/root/{{ ansible_fqdn }}.keytab"
+        state: absent
      tags:
        - nfs-server
        - service-principal