lint yaml files

.yamllint

+---
+
+extends: default
+
+rules:
+  comments-indentation:
+    level: warning
+  document-start:
+    level: error
+  empty-lines:
+    max: 1
+  empty-values:
+    forbid-in-flow-mappings: true
+    forbid-in-block-mappings: true
+  line-length:
+    level: warning
+  octal-values:
+    forbid-implicit-octal: true
+    level: warning

apcupsd/handlers/main.yml

@@ -2,4 +2,3 @@
 
 - name: restart apcupsd
   service: name=apcupsd state=restarted
-

apcupsd/tasks/main.yml

@@ -2,59 +2,75 @@
 # file: roles/baremetal/tasks/apcupsd.yml
 
 - name: ensure apcupsd is installed
-  apt: state=present name=apcupsd
+  apt:
+    state: present
+    name: apcupsd
   notify:
     - restart apcupsd
   tags:
     - usv
-    - packages
 
 - name: ensure apcupsd is configured
-  template: src=apcupsd.conf.j2 dest=/etc/apcupsd/apcupsd.conf owner=root group=root mode=0644
+  template:
+    src: apcupsd.conf.j2
+    dest: /etc/apcupsd/apcupsd.conf
+    owner: root
+    group: root
+    mode: '0644'
   notify:
     - restart apcupsd
   tags:
     - usv
-    - config
 
 - name: gather apcupsd killpower files
   local_action: stat path=apcupsd/killpower/{{ ansible_hostname }}
   register: killpower
   tags:
     - usv
-    - config
 
 - name: ensure apcupsd killpower is configured
-  copy: src=apcupsd/killpower/{{ ansible_hostname }} dest=/etc/apcupsd/killpower owner=root group=root mode=0755
+  copy:
+    src: apcupsd/killpower/{{ ansible_hostname }}
+    dest: /etc/apcupsd/killpower
+    owner: root
+    group: root
+    mode: '0755'
   when: killpower.stat.exists
   tags:
     - usv
-    - config
 
 - name: gather apcupsd onbattery files
   local_action: stat path=apcupsd/onbattery/{{ ansible_hostname }}
   register: onbattery
   tags:
     - usv
-    - config
 
 - name: ensure apcupsd onbattery is configured
-  copy: src=apcupsd/onbattery/{{ ansible_hostname }} dest=/etc/apcupsd/onbattery owner=root group=root mode=0755
+  copy:
+    src: apcupsd/onbattery/{{ ansible_hostname }}
+    dest: /etc/apcupsd/onbattery
+    owner: root
+    group: root
+    mode: '0755'
   when: onbattery.stat.exists
   tags:
     - usv
-    - config
 
 - name: ensure on vm hosts there is our fancy onbattery script
-  copy: src=apcupsd/vm-onbattery.py dest=/etc/apcupsd/onbattery.py owner=root group=root mode=0755
+  copy:
+    src: apcupsd/vm-onbattery.py
+    dest: /etc/apcupsd/onbattery.py
+    owner: root
+    group: root
+    mode: '0755'
   when: "'vm' in ansible_hostname"
   tags:
     - usv
-    - config
 
 - name: ensure apcupsd is enabled and running
-  service: name=apcupsd state=started enabled=yes
+  service:
+    name: apcupsd
+    state: started
+    enabled: true
   tags:
     - usv
-    - service
-

apticron/tasks/main.yml

@@ -2,15 +2,18 @@
 # file: roles/server/tasks/apticron.yml
 
 - name: ensure apticron is installed
-  apt: name=apticron state=latest
+  apt:
+    name: apticron
+    state: present
   tags:
-    - packages
-    - server
     - apticron
 
 - name: ensure our apticron config is deployed
-  template: src=apticron.conf.j2 dest=/etc/apticron/apticron.conf owner=root group=root mode=0644
+  template:
+    src: apticron.conf.j2
+    dest: /etc/apticron/apticron.conf
+    owner: root
+    group: root
+    mode: '0644'
   tags:
-    - config
-    - server
     - apticron

baremetal/handlers/main.yml

@@ -5,4 +5,3 @@
   service:
     name: lldpd
     state: restarted
-

baremetal/tasks/main.yml

@@ -20,7 +20,7 @@
     dest: /etc/default/lldpd
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify:
     - restart lldpd
   tags:
@@ -30,7 +30,7 @@
   service:
     name: lldpd
     state: started
-    enabled: yes
+    enabled: true
   tags:
     - baremetal
 

branding/handlers/main.yml

@@ -2,4 +2,3 @@
 
 - name: update apt cache
   apt: update_cache=yes
-

branding/tasks/main.yml

@@ -7,7 +7,7 @@
     dest: /etc/motd
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   when:
     - branding_motd is defined
     - branding_motd != ""
@@ -21,7 +21,7 @@
     dest: /etc/issue.net
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   when:
     - branding_issuenet is defined
     - branding_issuenet != ""
@@ -35,7 +35,7 @@
     dest: /root/.gitconfig
     owner: root
     group: root
-    mode: 0640
+    mode: '0640'
   tags:
     - branding
     - shell
@@ -47,8 +47,8 @@
     state: directory
     owner: root
     group: root
-    mode: 0755
-    recurse: yes
+    mode: '0755'
+    recurse: true
   tags:
     - branding
     - tls
@@ -59,7 +59,7 @@
     dest: "/etc/ssl/certs/{{ item|basename }}"
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   with_items: "{{ branding_cacerts }}"
   when: branding_cacerts is defined
   tags:
@@ -101,4 +101,3 @@
   tags:
     - branding
     - repos
-

cups-client/tasks/main.yml

@@ -9,27 +9,35 @@
     state: latest
   tags:
     - cups-client
-    - packages
 
 - name: ensure there is a cups folder
-  file: path=/etc/cups state=directory
+  file:
+    path: /etc/cups
+    state: directory
   tags:
     - cups-client
-    - packages
 
 - name: ensure cups-client is properly configured
-  template: src=cups-client.conf.j2 dest=/etc/cups/client.conf owner=root group=root mode=0644
+  template:
+    src: cups-client.conf.j2
+    dest: /etc/cups/client.conf
+    owner: root
+    group: root
+    mode: '0644'
   tags:
     - cups-client
-    - config
 
 # currently this is fsmpi-only
 - name: ensure we got a usable shell printing interface
-  copy: src=drucken.py dest=/usr/local/bin/drucken owner=root group=root mode=0755
+  copy:
+    src: drucken.py
+    dest: /usr/local/bin/drucken
+    owner: root
+    group: root
+    mode: '0755'
   when: domain == "fsmpi.rwth-aachen.de"
   tags:
     - cups-client
     - fsmpi
-    - software
 
 - meta: flush_handlers

custom-sudoers/tasks/main.yml

@@ -2,14 +2,16 @@
 # file: roles/custom-sudoers/tasks/main.yml
 
 - name: ensure deployment of customized sudoers
-  template: src=sudoers.j2 dest=/etc/sudoers.d/custom owner=root group=root mode=0440
+  template:
+    src: sudoers.j2
+    dest: /etc/sudoers.d/custom
+    owner: root
+    group: root
+    mode: '0440'
   tags:
     - sudo
-    - config
 
 - name: check whole sudo config
   command: visudo -q -c -f /etc/sudoers
   tags:
     - sudo
-    - test
-

debian-updates/tasks/main.yml

@@ -26,17 +26,17 @@
     dest: /root/.ssh/debian_updates
     owner: root
     group: root
-    mode: 0600
+    mode: '0600'
   tags:
     - debian-updates
 
 # https://github.com/ansible/ansible/issues/27699
-- name: ensure fucking git module is able to clone
+- name: ensure git module is able to clone
   command: mount -o remount,exec /tmp
   tags:
     - debian-updates
 
-- name: ensure the git is at the current revision
+- name: ensure git is at the current revision
   git:
     repo: git@git.fsmpi.rwth-aachen.de:larsb/debian-updates.git
     dest: /opt/debian-updates
@@ -45,7 +45,7 @@
   tags:
     - debian-updates
 
-- name: ensure fucking git module is not able to clone anymore
+- name: ensure git module is not able to clone anymore
   command: mount -o remount,noexec /tmp
   tags:
     - debian-updates
@@ -54,11 +54,11 @@
   copy:
     src: /opt/debian-updates/apticron.json.example
     dest: /opt/debian-updates/apticron.json
-    mode: 0666 # mail is delivered by nobody
+    mode: '0666'  # mail is delivered by nobody
     owner: root
     group: root
-    remote_src: True
-    force: False
+    remote_src: true
+    force: false
   tags:
     - debian-updates
 
@@ -68,8 +68,8 @@
     dest: /opt/debian-updates/.json-sync.lock
     owner: root
     group: root
-    mode: 0666 # mail is delivered by nobody
-    force: False
+    mode: '0666'  # mail is delivered by nobody
+    force: false
   tags:
     - debian-updates
 
@@ -77,7 +77,7 @@
   template:
     src: config.py.j2
     dest: /opt/debian-updates/config.py
-    mode: 0644
+    mode: '0644'
     owner: root
     group: root
   tags:
@@ -93,6 +93,7 @@
 
 - name: ensure apticron messages are retrieved
   lineinfile:
+    # yamllint disable-line rule:line-length
     line: '{{ apticron_to|regex_replace("@.*$") }}:"|/opt/debian-updates/receive.py"'
     path: /etc/aliases
     state: present
@@ -100,4 +101,3 @@
     - rebuild alias database
   tags:
     - debian-updates
-

management/handlers/main.yml

@@ -9,4 +9,3 @@
   command: python setup.py egg_info
   args:
     chdir: /opt/ansible
-

management/tasks/main.yml

@@ -19,7 +19,7 @@
 - name: ensure ansible is up to date
   git:
     dest: /opt/ansible
-    recursive: yes
+    recursive: true
     repo: https://github.com/ansible/ansible.git
     version: "{{ mgmt_ansible_version }}"
   notify:
@@ -35,7 +35,7 @@
     dest: /etc/profile.d/ansible.sh
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   tags:
     - management
     - ansible

nullmailer/tasks/main.yml

@@ -2,17 +2,18 @@
 # file: roles/nullmailer/tasks/main.yml
 
 - name: ensure nullmailer is installed
-  apt: name=nullmailer state=latest
+  apt:
+    name: nullmailer
+    state: present
   notify:
     - restart nullmailer
   tags:
-    - packages
     - nullmailer
 
 - name: ensure other smtp daemons are uninstalled
   apt:
     state: absent
-    purge: yes
+    purge: true
     name:
       - exim4
       - postfix
@@ -30,67 +31,62 @@
       - exim4-daemon-heavy
       - exim4-daemon-light
   tags:
-    - packages
     - nullmailer
 
 - name: ensure nullmailer got a hostname
-  template: src=me.j2 dest=/etc/nullmailer/me owner=root group=root mode=0644
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/nullmailer/{{ item }}"
+    owner: root
+    group: root
+    mode: '0644'
+  with_items:
+    - me
+    - defaultdomain
+    - defaulthost
+    - remotes
   notify:
     - restart nullmailer
   tags:
-    - config
-    - nullmailer
-
-- name: ensure nullmailer got a default domain
-  template: src=defaultdomain.j2 dest=/etc/nullmailer/defaultdomain owner=root group=root mode=0644
-  notify:
-    - restart nullmailer
-  tags:
-    - config
     - nullmailer
 
 - name: ensure the system got a default domain
-  template: src=defaultdomain.j2 dest=/etc/mailname owner=root group=root mode=0644
+  template:
+    src: defaultdomain.j2
+    dest: /etc/mailname
+    owner: root
+    group: root
+    mode: '0644'
   notify:
     - restart nullmailer
   tags:
-    - config
-    - nullmailer
-
-- name: ensure nullmailer got a default mailhost suffix
-  template: src=defaulthost.j2 dest=/etc/nullmailer/defaulthost owner=root group=root mode=0644
-  notify:
-    - restart nullmailer
-  tags:
-    - config
     - nullmailer
 
 - name: ensure nullmailer has no admin address
-  file: state=absent path=/etc/nullmailer/adminaddr
+  file:
+    state: absent
+    path: /etc/nullmailer/adminaddr
   notify:
     - restart nullmailer
   tags:
-    - config
     - nullmailer
 
 - name: ensure we got some aliases in case they are needed
-  template: src=aliases.j2 dest=/etc/aliases owner=root group=root mode=0644
-  tags:
-    - config
-    - nullmailer
-
-- name: ensure nullmailer got some remotes to send mail to
-  template: src=remotes.j2 dest=/etc/nullmailer/remotes owner=root group=root mode=0644
-  notify:
-    - restart nullmailer
+  template:
+    src: aliases.j2
+    dest: /etc/aliases
+    owner: root
+    group: root
+    mode: '0644'
   tags:
-    - config
     - nullmailer
 
 - name: ensure nullmailer is enabled and running
-  service: name=nullmailer state=started enabled=yes
+  service:
+    name: nullmailer
+    state: started
+    enabled: true
   tags:
-    - service
     - nullmailer
 
 - meta: flush_handlers

texlive/tasks/main.yml

 ---
 # file: roles/texlive/tasks/main.yml
 
-
 # this should be a real subset of texlive-full but not more than necessary
 - name: ensure texlive is installed
   apt:
@@ -20,12 +19,11 @@
       - texlive-bibtex-extra
       - biber
     state: present
-    install_recommends: no
+    install_recommends: false
   tags:
     - texlive
-    - packages
 
-- name: ensure some texlive recommandations are installed
+- name: ensure some texlive recommendations are installed
   apt:
     name:
       - ghostscript
@@ -52,44 +50,24 @@
       - texlive-fonts-extra
       - texlive-generic-extra
     state: present
-    install_recommends: no
+    install_recommends: false
   tags:
     - texlive
-    - packages
 
-- name: ensure some texlive recommandations are installed for jessie
-  apt: name=fonts-droid state=latest install_recommends=no
+- name: ensure some texlive recommendations are installed for jessie
+  apt:
+    name: fonts-droid
+    state: present
+    install_recommends: false
   when: ansible_distribution_release == "jessie"
   tags:
     - texlive
-    - packages
 
-- name: ensure some texlive recommandations are installed for stretch
-  apt: name=fonts-droid-fallback state=latest install_recommends=no
+- name: ensure some texlive recommendations are installed for stretch
+  apt:
+    name: fonts-droid-fallback
+    state: present
+    install_recommends: false
   when: ansible_distribution_release == "stretch"
   tags:
     - texlive
-    - packages
-
-#- name: figure out if texlive is installed
-#  command: dpkg -L texlive-full
-#  failed_when: False
-#  changed_when: False
-#  register: texlive_installed
-#  tags:
-#    - texlive
-#    - packages
-
-# we do not check here for unmet dependencies because apt and dpkg do not let
-# us know about stuff easily for a single package, also apt wants to correct,
-# if any. because install actions fail with apt when there are broken deps and
-# we got some update everything tasks, this should be handled anyway.
-
-#- name: ensure texlive is installed
-#  apt: name=texlive-full state=latest
-#  when: texlive_installed.rc == 1
-#  tags:
-#    - texlive
-#    - packages
-
-#- meta: flush_handlers