Use FQCN for modules and fix YAML issues

With migration to FQCN in roles it's time to adjust our integrated
repo content to match the same pattern and pass modern ansible-lint
checks.

Change-Id: Ieb58c77a8b36b9a508f9b726b688898d83092031

scripts/get-ansible-collection-requirements.yml

@@ -20,15 +20,15 @@
   gather_facts: false
   tasks:
     - name: Ensure the default collections directory exists
-      file:
+      ansible.builtin.file:
         path: "{{ collection_path_default }}/ansible_collections"
         state: directory
-        recurse: yes
+        recurse: true
 
     - name: Installing required Ansible collections
       block:
         - name: Create temporary file for galaxy collection requirements
-          tempfile:
+          ansible.builtin.tempfile:
           register: collection_requirements_tmpfile
 
         - name: Copy content into galaxy collection requirements temporary file
@@ -38,13 +38,13 @@
             _user_collections: "{{ user_collections.collections | default([]) | selectattr('source', 'defined') }}"
             content_var:
               collections: "{{ _default_collections + _user_collections }}"
-          copy:
+          ansible.builtin.copy:
             content: "{{ content_var | to_nice_yaml }}"
             dest: "{{ collection_requirements_tmpfile.path }}"
             mode: "0644"
 
         - name: Install collection requirements with ansible galaxy # noqa: no-changed-when
-          command: >
+          ansible.builtin.command: >
             /opt/ansible-runtime/bin/ansible-galaxy collection install --force
             -r "{{ collection_requirements_tmpfile.path }}"
             -p "{{ collection_path_default }}"
@@ -54,12 +54,12 @@
           delay: 2
 
         - name: Show collection install output
-          debug:
+          ansible.builtin.debug:
             msg: "{{ collection_install.stdout_lines }}"
 
       always:
         - name: Clean up temporary file
-          file:
+          ansible.builtin.file:
             path: "{{ collection_requirements_tmpfile.path }}"
             state: absent
 

scripts/get-ansible-role-requirements.yml

@@ -20,11 +20,11 @@
   gather_facts: false
   tasks:
     - name: Gather minimal facts
-      setup:
+      ansible.builtin.setup:
         gather_subset: '!all'
 
     - name: Find the git version
-      command:
+      ansible.builtin.command:
         cmd: "git --version"
       register: _git_version
       changed_when: false
@@ -32,7 +32,7 @@
         - skip_ansible_lint
 
     - name: Set the git user agent for the deploy host
-      git_config:
+      community.general.git_config:
         scope: system
         name: http.https://opendev.org/.userAgent
         value: "{{ 'git/' ~ _git_version.stdout.split(' ')[2] ~ ' (osa/' ~ lookup('env', 'CURRENT_OSA_VERSION') ~ '/deploy)' }}"
@@ -42,11 +42,11 @@
         _default_roles: "{{ required_roles | rejectattr('name', 'in', user_roles | map(attribute='name')) }}"
         _user_roles_filtered: "{{ user_roles | rejectattr('src', 'undefined') }}"
         _role_list: "{{ _default_roles + _user_roles_filtered }}"
-      set_fact:
+      ansible.builtin.set_fact:
         clone_roles: "{{ _role_list | selectattr('scm', 'undefined') + _role_list | selectattr('scm', 'eq', 'git') }}"
 
     - name: Remove target directory if required
-      file:
+      ansible.builtin.file:
         path: "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}"
         state: absent
       when:
@@ -55,7 +55,7 @@
       with_items: "{{ clone_roles }}"
 
     - name: Ensure the default roles directory exists
-      file:
+      ansible.builtin.file:
         path: "{{ role_path_default }}"
         state: directory
         mode: "0755"
@@ -74,7 +74,7 @@
             core_multiplier: 4
       rescue:
         - name: Clone git repos (with git)
-          git:
+          ansible.builtin.git:
             repo: "{{ item.src }}"
             dest: "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}"
             version: "{{ item.version | default('master') }}"

tests/bootstrap-aio.yml

@@ -15,20 +15,20 @@
 
 - name: Bootstrap the All-In-One (AIO)
   hosts: localhost
-  gather_facts: True
+  gather_facts: true
   user: root
   roles:
     - role: "bootstrap-host"
   environment: "{{ deployment_environment_variables | default({}) }}"
   pre_tasks:
     - name: Run setup module
-      setup:
+      ansible.builtin.setup:
         gather_subset:
           - network
           - hardware
           - virtual
     - name: Ensure sshd is installed
-      package:
+      ansible.builtin.package:
         name: openssh-server
         state: present
     - name: Ensure sshd is running
@@ -36,16 +36,16 @@
         _ssh_service_name:
           redhat: sshd
           debian: ssh
-      service:
+      ansible.builtin.service:
         name: "{{ _ssh_service_name[ansible_facts['os_family'] | lower] }}"
         state: started
-        enabled: yes
+        enabled: true
   post_tasks:
     - name: Check that new network interfaces are up
-      assert:
+      ansible.builtin.assert:
         that:
           - ansible_facts['eth12']['active'] | bool
           - ansible_facts['eth13']['active'] | bool
           - ansible_facts['eth14']['active'] | bool
     - name: Clear facts
-      meta: clear_facts
+      ansible.builtin.meta: clear_facts

tests/roles/bootstrap-host/defaults/main.yml

@@ -15,14 +15,14 @@
 
 ## AIO user-space configuration options
 # Scenario used to bootstrap the host
-bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio_lxc', true) }}"
+bootstrap_host_scenario: "{{ lookup('env', 'SCENARIO') | default('aio_lxc', true) }}"
 #
 # Action used (deploy, upgrade, ...)
 bootstrap_host_action: "{{ lookup('env', 'ACTION') | default('deploy', true) }}"
 #
 # Boolean option to implement OpenStack-Ansible configuration for an AIO
 # Switch to no for a multi-node configuration
-bootstrap_host_aio_config: yes
+bootstrap_host_aio_config: true
 #
 # Path to the location of the bootstrapping configuration files
 bootstrap_host_aio_config_path: "{{ playbook_dir }}/../etc/openstack_deploy"
@@ -50,42 +50,42 @@ bootstrap_user_variables_template: user_variables.aio.yml.j2
 # The size of the loopback volumes can be customized here (in gigabytes).
 #
 # Boolean option to deploy the loopback disk for Swap
-bootstrap_host_loopback_swap: no
+bootstrap_host_loopback_swap: false
 # Size of the Swap loopback disk in gigabytes (GB).
 bootstrap_host_loopback_swap_size: 4096
 #
 # Boolean option to deploy the loopback disk for Cinder
-bootstrap_host_loopback_cinder: yes
+bootstrap_host_loopback_cinder: true
 # Size of the Cinder loopback disk in gigabytes (GB).
 bootstrap_host_loopback_cinder_size: 1024
 #
 # Boolean option to deploy the loopback disk for Swift
-bootstrap_host_loopback_swift: yes
+bootstrap_host_loopback_swift: true
 # Size of the Swift loopback disk in gigabytes (GB).
 bootstrap_host_loopback_swift_size: 1024
 #
 # Boolean option to deploy the loopback disk for Nova
-bootstrap_host_loopback_nova: yes
+bootstrap_host_loopback_nova: true
 # Size of the Nova loopback disk in gigabytes (GB).
 bootstrap_host_loopback_nova_size: 1024
 #
 # Boolean option to deploy the loopback disk for Manila
-bootstrap_host_loopback_manila: yes
+bootstrap_host_loopback_manila: true
 # Size of the Manila loopback disk in gigabytes (GB).
 bootstrap_host_loopback_manila_size: 1024
 #
 # Boolean option to deploy the loopback disk for machines
-bootstrap_host_loopback_machines: yes
+bootstrap_host_loopback_machines: true
 # Size of the machines loopback disk in gigabytes (GB).
 bootstrap_host_loopback_machines_size: 128
 #
 # Boolean option to deploy the loopback disk for btrfs
-bootstrap_host_loopback_btrfs: yes
+bootstrap_host_loopback_btrfs: true
 # Size of the btrfs loopback disk in gigabytes (GB).
 bootstrap_host_loopback_btrfs_size: 1024
 #
 # Boolean option to deploy the loopback disk for zfs
-bootstrap_host_loopback_zfs: yes
+bootstrap_host_loopback_zfs: true
 # Size of the zfs loopback disk in gigabytes (GB).
 bootstrap_host_loopback_zfs_size: 1024
 #
@@ -153,12 +153,12 @@ bootstrap_host_data_disk_device: null
 bootstrap_host_data_disk_fs_type: ext4
 #
 # Boolean value to force the repartitioning of the secondary device.
-bootstrap_host_data_disk_device_force: no
+bootstrap_host_data_disk_device_force: false
 #
 # If the storage capacity on this device is greater than or equal to this
 # size (in GB), the bootstrap process will use it.
 # If metal, we don't need that much storage space.
-bootstrap_host_data_disk_min_size: "{{ (bootstrap_host_scenario is search('metal')) | ternary(10,50) }}"
+bootstrap_host_data_disk_min_size: "{{ (bootstrap_host_scenario is search('metal')) | ternary(10, 50) }}"
 #
 # Set the data disk formats table. If the backing store is set to lvm the option
 # the partition will not actually be formatted however for parted, ext2 is used.
@@ -195,10 +195,10 @@ bootstrap_host_data_disk2_path: '/var/lib/lxc'
 # Specify the public IP address for the host.
 # By default the address will be set to the ipv4 address of the
 # host's network interface that has the default route on it.
-#bootstrap_host_public_address: 0.0.0.0
+# bootstrap_host_public_address: 0.0.0.0
 
 # Set the install method for the deployment. Options are ['source', 'distro']
-bootstrap_host_install_method: "{{ lookup('env', 'INSTALL_METHOD') | default('source', true)  }}"
+bootstrap_host_install_method: "{{ lookup('env', 'INSTALL_METHOD') | default('source', true) }}"
 
 # step-ca
 step_ca_user: step

tests/roles/bootstrap-host/handlers/main.yml

@@ -14,6 +14,6 @@
 # limitations under the License.
 
 - name: Restart squid
-  service:
+  ansible.builtin.service:
     name: squid
     state: restarted

tests/roles/bootstrap-host/tasks/check-requirements.yml

@@ -14,22 +14,22 @@
 # limitations under the License.
 
 - name: Check for a supported Operating System
-  assert:
+  ansible.builtin.assert:
     that:
-        (ansible_facts['distribution'] == 'Debian' and ansible_facts['distribution_release'] == 'bookworm') or
+      (ansible_facts['distribution'] == 'Debian' and ansible_facts['distribution_release'] == 'bookworm') or
-        (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'jammy') or
+      (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'jammy') or
-        (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'noble') or
+      (ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'noble') or
-        (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '9')
+      (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '9')
     msg: >-
-          The only supported platforms for this release are Debian 12 (Bookworm),
+      The only supported platforms for this release are Debian 12 (Bookworm),
-          Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble), CentOS Stream 9,
+      Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble), CentOS Stream 9,
-          and derivatives such as Rocky Linux.
+      and derivatives such as Rocky Linux.
   when: (check_operating_system | default(True))| bool
   tags:
     - check-operating-system
 
 - name: Check that bootstrap_host_scenario is not set with mutually exclusive options
-  assert:
+  ansible.builtin.assert:
     that:
       - not item.conditional
     msg: "{{ item.msg }}"
@@ -44,7 +44,7 @@
   # https://btrfs.wiki.kernel.org/index.php/FAQ#How_much_free_space_do_I_have.3F
   # As such, use the btrfs tools to determine the real available size on the
   # disk
-  shell: |
+  ansible.builtin.shell: |
     set -o pipefail
     if [[ $(df -T / | tail -n 1 | awk '{print $2}') == "btrfs" ]]; then
         btrfs fi du -s --raw / 2>/dev/null | awk '/[0-9]/ {print $2*1024}'
@@ -64,15 +64,15 @@
 
 # Convert root_space_available to bytes.
 - name: Set root disk facts
-  set_fact:
+  ansible.builtin.set_fact:
-    host_root_space_available_bytes: "{{ ( root_space_available.stdout | int) * 1024 | int }}"
+    host_root_space_available_bytes: "{{ (root_space_available.stdout | int) * 1024 | int }}"
   when:
     - bootstrap_host_data_disk_device == None
   tags:
     - check-disk-size
 
 - name: Fail when disk can not be found
-  fail:
+  ansible.builtin.fail:
     msg: |
       Can not find disk {{ bootstrap_host_data_disk_device }}
   when:
@@ -83,7 +83,7 @@
     - check-disk-size
 
 - name: Set data disk facts
-  set_fact:
+  ansible.builtin.set_fact:
     host_data_disk_sectors: "{{ (ansible_facts['devices'][bootstrap_host_data_disk_device]['sectors'] | int) }}"
     host_data_disk_sectorsize: "{{ (ansible_facts['devices'][bootstrap_host_data_disk_device]['sectorsize'] | int) }}"
   when:
@@ -93,7 +93,7 @@
 
 # Calculate the size of the bootstrap_host_data_disk_device by muliplying sectors with sectorsize.
 - name: Calculate data disk size
-  set_fact:
+  ansible.builtin.set_fact:
     host_data_disk_size_bytes: "{{ ((host_data_disk_sectors | int) * (host_data_disk_sectorsize | int)) | int }}"
   when:
     - bootstrap_host_data_disk_device != None
@@ -102,27 +102,27 @@
 
 # Convert bootstrap_host_data_disk_min_size to bytes.
 - name: Set min size fact
-  set_fact:
+  ansible.builtin.set_fact:
     host_data_disk_min_size_bytes: "{{ ((bootstrap_host_data_disk_min_size | int) * 1024**3) | int }}"
   tags:
     - check-disk-size
 
 - name: Set size facts
-  set_fact:
+  ansible.builtin.set_fact:
-    root_gb_available: "{{ ((host_root_space_available_bytes | int ) / 1024**3) | round(2, 'floor') }}"
+    root_gb_available: "{{ ((host_root_space_available_bytes | int) / 1024**3) | round(2, 'floor') }}"
   when: bootstrap_host_data_disk_device == None
   tags:
     - check-disk-size
 
 - name: Set disk size facts
-  set_fact:
+  ansible.builtin.set_fact:
-    disk_gb_available: "{{ ((host_data_disk_size_bytes | int ) / 1024**3) | round(2, 'floor') }}"
+    disk_gb_available: "{{ ((host_data_disk_size_bytes | int) / 1024**3) | round(2, 'floor') }}"
   when: bootstrap_host_data_disk_device != None
   tags:
     - check-disk-size
 
 - name: Fail if there is not enough space available in /
-  fail:
+  ansible.builtin.fail:
     msg: |
       Not enough space available in /.
       Found {{ root_gb_available }} GB, required {{ bootstrap_host_data_disk_min_size }} GB)
@@ -133,7 +133,7 @@
     - check-disk-size
 
 - name: Fail if there is not enough disk space available (disk specified)
-  fail:
+  ansible.builtin.fail:
     msg: |
       Not enough disk space available.
       Found {{ disk_gb_available }} GB, required {{ bootstrap_host_data_disk_min_size }} GB)
@@ -144,7 +144,7 @@
     - check-disk-size
 
 - name: Ensure that the kernel has VXLAN, VLAN, and bonding support
-  modprobe:
+  community.general.modprobe:
     name: "{{ item }}"
     state: present
   with_items:

tests/roles/bootstrap-host/tasks/detect_data_disk_device.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Locate data disk candidates
-  shell: >
+  ansible.builtin.shell: >
     set -o pipefail;
     lsblk -brndo NAME,TYPE,RO,SIZE |
     awk '/d[b-z]+ disk 0/{ if ($4>m && $4>={{ bootstrap_host_data_disk_min_size }}){m=$4; d=$1} }; END{print d}'
@@ -24,7 +24,7 @@
   register: _data_disk
 
 - name: Set the data disk device
-  set_fact:
+  ansible.builtin.set_fact:
     bootstrap_host_data_disk_device: "{{ _data_disk.stdout }}"
   when:
     - _data_disk.stdout | length > 0

tests/roles/bootstrap-host/tasks/gather_nodepool_vars.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Detect whether the host is an OpenStack-CI host
-  stat:
+  ansible.builtin.stat:
     path: /etc/nodepool
   register: nodepool_dir
 
@@ -22,14 +22,15 @@
   when:
     - nodepool_dir.stat.exists
   block:
-    - name: Read nodepool environment variables
+    - name: Read nodepool environment variables # noqa: risky-shell-pipe
-      shell: |
+      ansible.builtin.shell: |
         source /etc/ci/mirror_info.sh
         env | grep NODEPOOL | sed 's/=/: /g'
       args:
         executable: /bin/bash
+      changed_when: false
       register: nodepool_env
 
     - name: Set nodepool environment variables fact
-      set_fact:
+      ansible.builtin.set_fact:
         nodepool_vars: "{{ nodepool_env.stdout | from_yaml }}"

tests/roles/bootstrap-host/tasks/install_packages.yml

@@ -14,17 +14,16 @@
 # limitations under the License.
 
 - name: Remove known problem packages
-  package:
+  ansible.builtin.package:
     name: "{{ packages_remove }}"
     state: absent
   tags:
     - remove-packages
 
 - name: Install packages
-  package:
+  ansible.builtin.package:
     name: "{{ packages_install }}"
     state: present
     update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
   tags:
     - install-packages
-

tests/roles/bootstrap-host/tasks/main.yml

@@ -14,23 +14,26 @@
 # limitations under the License.
 
 # Identify AIO builds in the git user-agent
-- include_tasks: prepare_git_useragent.yml
+- name: Include prepare_git_useragent tasks
+  ansible.builtin.include_tasks: prepare_git_useragent.yml
 
 # Attempt data device detection if enabled
-- include_tasks: detect_data_disk_device.yml
+- name: Include detect_data_disk_device tasks
+  ansible.builtin.include_tasks: detect_data_disk_device.yml
   when:
     - bootstrap_host_data_disk_device is none
     - bootstrap_host_data_disk_device_detect | bool
 
 # Before we do anything, check the minimum requirements
-- import_tasks: check-requirements.yml
+- name: Import check-requirements tasks
+  ansible.builtin.import_tasks: check-requirements.yml
   tags:
     - check-requirements
 
 # We will look for the most specific variable files first and eventually
 # end up with the least-specific files.
 - name: Gather variables for each operating system
-  include_vars: "{{ item }}"
+  ansible.builtin.include_vars: "{{ item }}"
   with_first_found:
     - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
     - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
@@ -41,25 +44,28 @@
     - always
 
 - name: Gather nodepool variables
-  import_tasks: gather_nodepool_vars.yml
+  ansible.builtin.import_tasks: gather_nodepool_vars.yml
   tags:
     - always
 
 - name: Create the required directories
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
+    mode: "0755"
   with_items:
     - "/openstack"
   tags:
     - create-directories
 
-- import_tasks: install_packages.yml
+- name: Import install_packages tasks
+  ansible.builtin.import_tasks: install_packages.yml
   tags:
     - install-packages
 
 # Prepare the data disk, if one is provided
-- include_tasks: prepare_data_disk.yml
+- name: Include prepare_data_disk tasks
+  ansible.builtin.include_tasks: prepare_data_disk.yml
   when:
     - bootstrap_host_data_disk_device != None
   args:
@@ -74,23 +80,25 @@
 - name: Use on-disk repos for openstack services in CI
   block:
     - name: Symlink /openstack/src to /home/zuul/src
-      file:
+      ansible.builtin.file:
         src: "{{ lookup('env', 'ZUUL_SRC_PATH') }}"
         dest: '/openstack/src'
         state: link
 
     - name: Create override for zuul git server to local repos
-      copy:
+      ansible.builtin.copy:
         content: |
           openstack_opendev_base_url: "file:///openstack/src/opendev.org"
         dest: "/etc/openstack_deploy/user_variables_zuulrepos.yml"
+        mode: "0644"
 
   when:
     - "lookup('env', 'ZUUL_SRC_PATH') | length > 0"
 
 # Prepare the swap space loopback disk
 # This is only necessary if there isn't swap already
-- include_tasks: prepare_loopback_swap.yml
+- name: Include prepare_loopback_swap
+  ansible.builtin.include_tasks: prepare_loopback_swap.yml
   when:
     - bootstrap_host_loopback_swap | bool
     - ansible_facts['swaptotal_mb'] < 1
@@ -102,7 +110,8 @@
     - always
 
 # Prepare the zfs storage loopback disk
-- include_tasks: prepare_loopback_zfs.yml
+- name: Include prepare_loopback_zfs tasks
+  ansible.builtin.include_tasks: prepare_loopback_zfs.yml
   when:
     - bootstrap_host_loopback_zfs | bool
     - bootstrap_host_data_disk_device == None
@@ -115,7 +124,8 @@
     - always
 
 # Prepare the btrfs storage loopback disk
-- include_tasks: prepare_loopback_btrfs.yml
+- name: Include prepare_loopback_btrfs tasks
+  ansible.builtin.include_tasks: prepare_loopback_btrfs.yml
   when:
     - bootstrap_host_loopback_btrfs | bool
     - bootstrap_host_data_disk_device == None
@@ -129,7 +139,8 @@
 
 # Prepare the Cinder LVM VG loopback disk
 # This is only necessary if bootstrap_host_loopback_cinder is set to yes
-- include_tasks: prepare_loopback_cinder.yml
+- name: Include prepare_loopback_cinder tasks
+  ansible.builtin.include_tasks: prepare_loopback_cinder.yml
   when:
     - bootstrap_host_loopback_cinder | bool
   args:
@@ -140,7 +151,8 @@
     - always
 
 # Prepare the Nova instance storage loopback disk
-- include_tasks: prepare_loopback_nova.yml
+- name: Include prepare_loopback_nova tasks
+  ansible.builtin.include_tasks: prepare_loopback_nova.yml
   when:
     - bootstrap_host_loopback_nova | bool
   args:
@@ -151,7 +163,8 @@
     - always
 
 # Prepare the Swift data storage loopback disks
-- include_tasks: prepare_loopback_swift.yml
+- name: Include prepare_loopback_swift tasks
+  ansible.builtin.include_tasks: prepare_loopback_swift.yml
   when:
     - bootstrap_host_loopback_swift | bool
   args:
@@ -162,7 +175,8 @@
     - always
 
 # Prepare the Manila data storage loopback disks
-- include_tasks: prepare_loopback_manila.yml
+- name: Include prepare_loopback_manila tasks
+  ansible.builtin.include_tasks: prepare_loopback_manila.yml
   when:
     - bootstrap_host_loopback_manila | bool
   args:
@@ -173,7 +187,8 @@
     - always
 
 # Prepare the Ceph cluster UUID and loopback disks
-- include_tasks: prepare_ceph.yml
+- name: Include prepare_ceph tasks
+  ansible.builtin.include_tasks: prepare_ceph.yml
   when:
     - bootstrap_host_ceph | bool
   args:
@@ -184,7 +199,8 @@
     - always
 
 # Prepare the NFS server and loopback disks
-- include_tasks: prepare_nfs.yml
+- name: Include prepare_nfs tasks
+  ansible.builtin.include_tasks: prepare_nfs.yml
   when:
     - bootstrap_host_nfs | bool
   args:
@@ -195,22 +211,26 @@
     - always
 
 # Ensure hostname/ip is consistent with inventory
-- import_tasks: prepare_hostname.yml
+- name: Import prepare_hostname tasks
+  ansible.builtin.import_tasks: prepare_hostname.yml
   tags:
     - prepare-hostname
 
 # Prepare the network interfaces
-- import_tasks: prepare_networking.yml
+- name: Import prepare_networking tasks
+  ansible.builtin.import_tasks: prepare_networking.yml
   tags:
     - prepare-networking
 
 # Ensure that there are both private and public ssh keys for root
-- import_tasks: prepare_ssh_keys.yml
+- name: Import prepare_ssh_keys tasks
+  ansible.builtin.import_tasks: prepare_ssh_keys.yml
   tags:
     - prepare-ssh-keys
 
 # Prepare local squid proxy
-- include_tasks: prepare_squid.yml
+- name: Include prepare_squid tasks
+  ansible.builtin.include_tasks: prepare_squid.yml
   when:
     - "'proxy' in bootstrap_host_scenarios_expanded"
   args:
@@ -221,7 +241,8 @@
     - always
 
 # Prepare local step-ca certificate authority
-- include_tasks: prepare_step_ca.yml
+- name: Include prepare_step_ca tasks
+  ansible.builtin.include_tasks: prepare_step_ca.yml
   when:
     - "'stepca' in bootstrap_host_scenarios_expanded"
   args:
@@ -231,10 +252,9 @@
   tags:
     - always
 
-
-
 # Put the OpenStack-Ansible configuration for an All-In-One on the host
-- include_tasks: prepare_aio_config.yml
+- name: Include prepare_aio_config tasks
+  ansible.builtin.include_tasks: prepare_aio_config.yml
   when:
     - bootstrap_host_aio_config | bool
   args:

tests/roles/bootstrap-host/tasks/prepare_aio_config.yml

@@ -14,15 +14,16 @@
 # limitations under the License.
 
 - name: Create the required deployment directories
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
+    mode: "0755"
   with_items: "{{ bootstrap_host_target_config_paths }}"
   tags:
     - create-directories
 
 - name: Find user conf.d configurations to deploy
-  stat:
+  ansible.builtin.stat:
     path: "{{ bootstrap_host_aio_config_path }}/conf.d/{{ item }}.yml.aio"
   register: conf_d_stat
   with_items: "{{ bootstrap_host_scenarios_expanded }}"
@@ -62,7 +63,7 @@
     - deploy-user-secrets
 
 - name: Generate any missing values in user_secrets
-  command: >
+  ansible.builtin.command: >
     /opt/ansible-runtime/bin/python
     {{ bootstrap_host_aio_script_path }}/pw-token-gen.py
     --file /etc/openstack_deploy/{{ bootstrap_host_user_secrets_filename }}
@@ -88,18 +89,19 @@
           # we only run ceph jobs on ubuntu in CI so this is sufficient
           # NOTE(jrosser)
           # re-enable these local CI repos when the reef release is mirrored
-          #ceph_stable_repo: "http://{{ nodepool_vars.NODEPOOL_MIRROR_HOST }}/ceph-deb-reef"
+          # ceph_stable_repo: "http://{{ nodepool_vars.NODEPOOL_MIRROR_HOST }}/ceph-deb-reef"
           # we must set the ceph repo seperatley for the ceph_client role
-          #ceph_apt_repos:
+          # ceph_apt_repos:
           #  ceph:
           #    state: "present"
           #    repo: "deb http://{{ nodepool_vars.NODEPOOL_MIRROR_HOST }}/ceph-deb-reef {{ ansible_facts['distribution_release'] }} main"
-      copy:
+      ansible.builtin.copy:
         dest: /etc/openstack_deploy/user_openstackci.yml
         content: "{{ (nodepool_overrides | combine(_ubuntu_conditional_vars)) | to_nice_yaml }}"
+        mode: "0644"
 
     - name: Set the package cache timeout to 60 mins in OpenStack-CI
-      set_fact:
+      ansible.builtin.set_fact:
         cache_timeout: 3600
       when:
         - cache_timeout is not defined
@@ -108,14 +110,14 @@
 # Enforcing mode by default. While I am normally a supporter of this change,
 # the SELinux policy work for CentOS is not done yet.
 - name: Set SELinux to permissive mode in OpenStack-CI
-  selinux:
+  ansible.posix.selinux:
     policy: targeted
     state: permissive
   when:
     - ansible_facts['selinux']['status'] == "enabled"
 
 - name: Get systemd version
-  command: "rpm -q systemd" # noqa command-instead-of-module
+  ansible.builtin.command: "rpm -q systemd" # noqa command-instead-of-module
   changed_when: false
   register: systemd_version
   when: ansible_facts['os_family'] | lower == 'redhat'
@@ -128,9 +130,10 @@
     config_type: yaml
 
 - name: Set http proxy user variables
-  copy:
+  ansible.builtin.copy:
     src: "user_variables_proxy.yml"
     dest: "/etc/openstack_deploy/user_variables_proxy.yml"
+    mode: "0644"
   when:
     - "lookup('env', 'http_proxy')|length > 0"
 
@@ -193,27 +196,30 @@
       condition: "{{ 'tls' in bootstrap_host_scenarios_expanded }}"
 
 - name: Copy modified cinder-volume env.d file for ceph scenario
-  copy:
+  ansible.builtin.copy:
     src: "{{ playbook_dir }}/../etc/openstack_deploy/env.d/cinder-volume.yml.container.example"
     dest: "/etc/openstack_deploy/env.d/cinder-volume.yml"
+    mode: "0644"
   when:
     - "'ceph' in bootstrap_host_scenarios_expanded"
 
 - name: Create vars override folders if we need to test them
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
+    mode: "0755"
   with_items:
     - /etc/openstack_deploy/group_vars
     - /etc/openstack_deploy/host_vars
   when: "(lookup('env','ACTION') | default(false,true)) == 'varstest'"
 
 - name: Create user-space overrides
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ item.path }}"
     state: present
-    line:  "{{ item.line }}"
+    line: "{{ item.line }}"
-    create: yes
+    create: true
+    mode: "0644"
   with_items:
     - path: /etc/openstack_deploy/group_vars/hosts.yml
       line: 'babar: "elephant"'

tests/roles/bootstrap-host/tasks/prepare_ceph.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Create sparse ceph OSD files
-  command: truncate -s {{ bootstrap_host_loopback_ceph_size }}G /openstack/{{ item }}.img
+  ansible.builtin.command: truncate -s {{ bootstrap_host_loopback_ceph_size }}G /openstack/{{ item }}.img
   args:
     creates: "/openstack/{{ item }}.img"
   with_items: "{{ ceph_osd_images }}"
@@ -23,23 +23,23 @@
     - ceph-file-create
 
 - name: Run the systemd service role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_service
   vars:
     systemd_services:
       - service_name: "loop-{{ loopback_var }}"
         config_overrides:
           Unit:
-            Description: no
+            Description: false
             After: systemd-udev-settle.service
           Service:
-            RemainAfterExit: yes
+            RemainAfterExit: true
         service_type: oneshot
         execstarts:
           - /bin/bash -c "/sbin/losetup $(/sbin/losetup -f) /openstack/{{ loopback_var }}.img"
         execstops:
           - /bin/bash -c "losetup -d $(losetup -l | awk '/{{ loopback_var }}.img/ {print $1}')"
-        enabled: yes
+        enabled: true
         state: started
     systemd_tempd_prefix: openstack
   with_items: "{{ ceph_osd_images }}"
@@ -57,7 +57,7 @@
     - skip_ansible_lint
 
 - name: Set permissions on loopback devices
-  file:
+  ansible.builtin.file:
     path: "{{ item.stdout }}"
     mode: "0777"
   with_items: "{{ ceph_create_loopback.results }}"
@@ -67,13 +67,13 @@
 # Work around this with manual LVM creation and the advanced lvm OSD
 # scenario
 - name: Create LVM VG
-  lvg:
+  community.general.lvg:
     vg: "vg-{{ item.stdout | basename }}"
     pvs: "{{ item.stdout }}"
   loop: "{{ ceph_create_loopback.results }}"
 
 - name: Create LVM LV
-  lvol:
+  community.general.lvol:
     lv: "lv-{{ item.stdout | basename }}"
     vg: "vg-{{ item.stdout | basename }}"
     size: 100%FREE
@@ -82,7 +82,7 @@
 # TODO(logan): Move these vars to user_variables.ceph.yml.j2 once LP #1649381
 # is fixed and eliminate this task.
 - name: Write ceph cluster config
-  copy:
+  ansible.builtin.copy:
     content: |
       ---
       lvm_volumes:
@@ -106,7 +106,7 @@
             - high-iops
             - ultra-high-iops
     dest: /etc/openstack_deploy/user_ceph_aio.yml
-    force: no
+    force: false
   become: false
   when: not ceph_create_loopback is skipped
   tags:

tests/roles/bootstrap-host/tasks/prepare_data_disk.yml

@@ -19,7 +19,7 @@
 #  formatted as ext4. This is an attempt to achieve idempotency just
 #  in case these tasks are executed multiple times.
 - name: Determine whether partitions labeled openstack-data{1,2} are present
-  shell: |
+  ansible.builtin.shell: |
     set -o pipefail;
     parted --script -l -m | egrep -q ':{{ bootstrap_host_data_disk_fs_type }}:openstack-data[12]:;$'
   args:
@@ -31,14 +31,14 @@
     - check-data-disk-partitions
 
 - name: Set bootstrap host data disk fact
-  set_fact:
+  ansible.builtin.set_fact:
     bootstrap_host_data_disk_device_force: true
-    _bootstrap_host_data_disk_device: "{{ (bootstrap_host_data_disk_device | regex_replace('!','/')).strip() }}"
+    _bootstrap_host_data_disk_device: "{{ (bootstrap_host_data_disk_device | regex_replace('!', '/')).strip() }}"
   when:
     - data_disk_partitions.rc == 1
 
 - name: Dismount and remove fstab entries for anything on the data disk device
-  mount:
+  ansible.posix.mount:
     name: "{{ item.mount }}"
     src: "{{ item.device }}"
     fstype: "{{ bootstrap_host_data_disk_fs_type }}"
@@ -49,8 +49,8 @@
   with_items:
     - "{{ ansible_facts['mounts'] }}"
 
-- name: Partition the whole data disk for our usage
+- name: Partition the whole data disk for our usage # noqa: no-changed-when
-  command: "{{ item }}"
+  ansible.builtin.command: "{{ item }}"
   when:
     - bootstrap_host_data_disk_device_force | bool
   with_items:
@@ -61,7 +61,7 @@
     - create-data-disk-partitions
 
 - name: Determine partition names
-  command: "lsblk /dev/{{ _bootstrap_host_data_disk_device }} -o NAME --noheadings --list"
+  ansible.builtin.command: "lsblk /dev/{{ _bootstrap_host_data_disk_device }} -o NAME --noheadings --list"
   register: data_disk_partitions
   when:
     - bootstrap_host_data_disk_device_force | bool
@@ -70,13 +70,13 @@
     - create-data-disk-partitions
 
 - name: Set bootstrap host data disk partitions fact
-  set_fact:
+  ansible.builtin.set_fact:
     _bootstrap_host_data_partition_devices: "{{ data_disk_partitions.stdout_lines[1:] | list }}"
   when:
     - bootstrap_host_data_disk_device_force | bool
 
 - name: Format the partition 1
-  filesystem:
+  community.general.filesystem:
     fstype: "{{ bootstrap_host_data_disk_fs_type }}"
     dev: "/dev/{{ _bootstrap_host_data_partition_devices[0] }}"
     opts: "{{ bootstrap_host_format_options[bootstrap_host_data_disk_fs_type] | default(omit) }}"
@@ -86,7 +86,7 @@
     - format-data-partitions
 
 - name: Format the partition 2
-  filesystem:
+  community.general.filesystem:
     fstype: "{{ bootstrap_host_data_disk2_fs }}"
     dev: "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
     opts: "{{ bootstrap_host_format_options[bootstrap_host_data_disk2_fs] | default(omit) }}"
@@ -98,7 +98,7 @@
     - format-data-partitions
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:
@@ -112,7 +112,7 @@
     - data-config
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:
@@ -132,7 +132,7 @@
   when: _lxc_container_backing_store == 'zfs'
   block:
     - name: Install zfs packages
-      package:
+      ansible.builtin.package:
         name: "{{ packages_install_zfs }}"
         state: present
         update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
@@ -140,14 +140,14 @@
         - install-packages
 
     - name: Create the ZFS pool
-      command: zpool create osa-test-pool "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
+      ansible.builtin.command: zpool create osa-test-pool "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
       args:
         creates: /osa-test-pool
       when:
         - bootstrap_host_data_disk_device_force | bool
 
     - name: Create the ZFS osa-test-pool/lxc volume
-      shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
+      ansible.builtin.shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
       when:
         - bootstrap_host_data_disk_device_force | bool
       tags:
@@ -157,7 +157,7 @@
   when: _lxc_container_backing_store == 'lvm'
   block:
     - name: Make LVM physical volume on the cinder device
-      shell: "pvcreate /dev/{{ _bootstrap_host_data_partition_devices[1] }} && touch /openstack/lxc.pvcreate"
+      ansible.builtin.shell: "pvcreate /dev/{{ _bootstrap_host_data_partition_devices[1] }} && touch /openstack/lxc.pvcreate"
       args:
         creates: "/openstack/lxc.pvcreate"
       tags:
@@ -165,13 +165,13 @@
         - data-config
 
     - name: Run pvscan
-      command: "pvscan"
+      ansible.builtin.command: "pvscan"
       changed_when: false
       tags:
         - cinder-lvm-pv
 
     - name: Add cinder-volumes volume group
-      lvg:
+      community.general.lvg:
         vg: lxc
         pvs: "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
       tags:

tests/roles/bootstrap-host/tasks/prepare_git_useragent.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Find the git version
-  command:
+  ansible.builtin.command:
     cmd: "git --version"
   register: _git_version
   changed_when: false
@@ -22,7 +22,7 @@
     - skip_ansible_lint
 
 - name: Set the git user agent for the AIO
-  git_config:
+  community.general.git_config:
     scope: system
     name: http.https://opendev.org/.userAgent
     value: "{{ 'git/' ~ _git_version.stdout.split(' ')[2] ~ ' (osa/' ~ lookup('env', 'OSA_VERSION') ~ '/aio)' }}"

tests/roles/bootstrap-host/tasks/prepare_hostname.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Ensure the hosts file is templated appropriately
-  copy:
+  ansible.builtin.copy:
     content: |
       127.0.0.1 localhost
 
@@ -32,8 +32,9 @@
       ff02::2 ip6-allrouters
       ff02::3 ip6-allhosts
     dest: /etc/hosts
-    backup: yes
+    backup: true
+    mode: "0644"
 
 - name: Ensure hostname is set
-  hostname:
+  ansible.builtin.hostname:
     name: aio1

tests/roles/bootstrap-host/tasks/prepare_loopback_btrfs.yml

@@ -14,18 +14,18 @@
 # limitations under the License.
 
 - name: Create sparse lxc-btrfs file
-  command: "truncate -s {{ bootstrap_host_loopback_btrfs_size }}G /openstack/lxc-btrfs.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_btrfs_size }}G /openstack/lxc-btrfs.img"
   args:
     creates: /openstack/lxc-btrfs.img
 
 - name: Format the lxc-btrfs file
-  filesystem:
+  community.general.filesystem:
     fstype: btrfs
     opts: "{{ bootstrap_host_format_options['btrfs'] | default(omit) }}"
     dev: /openstack/lxc-btrfs.img
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:

tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Create sparse Cinder file
-  command: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img"
   args:
     creates: /openstack/cinder.img
   register: cinder_create
@@ -22,40 +22,40 @@
     - cinder-file-create
 
 - name: Run the systemd service role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_service
   vars:
     systemd_services:
       - service_name: "loop-cinder"
         config_overrides:
           Unit:
-            Description: no
+            Description: false
             After: systemd-udev-settle.service
             Before: lvm2-activation-early.service
             Wants: systemd-udev-settle.service
           Service:
-            RemainAfterExit: yes
+            RemainAfterExit: true
         service_type: oneshot
         execstarts:
           - /bin/bash -c "/sbin/losetup $(/sbin/losetup -f) /openstack/cinder.img"
           - /sbin/pvscan
         execstops:
           - /bin/bash -c "losetup -d $(losetup -l | awk '/cinder.img/ {print $1}')"
-        enabled: yes
+        enabled: true
         state: started
     systemd_tempd_prefix: openstack
   tags:
     - cinder-config
 
 - name: Get loopback device
-  shell: "losetup -l | awk '/cinder.img/ {print $1}'"
+  ansible.builtin.shell: "losetup -l | awk '/cinder.img/ {print $1}'"
   changed_when: false
   register: cinder_losetup
   tags:
     - skip_ansible_lint
 
 - name: Make LVM physical volume on the cinder device
-  shell: "pvcreate {{ cinder_losetup.stdout }} && touch /openstack/cinder.pvcreate"
+  ansible.builtin.shell: "pvcreate {{ cinder_losetup.stdout }} && touch /openstack/cinder.pvcreate"
   args:
     creates: "/openstack/cinder.pvcreate"
   tags:
@@ -63,13 +63,13 @@
     - cinder-lvm-pv
 
 - name: Run pvscan
-  command: "pvscan"
+  ansible.builtin.command: "pvscan"
   changed_when: false
   tags:
     - cinder-lvm-pv
 
 - name: Add cinder-volumes volume group
-  lvg:
+  community.general.lvg:
     vg: cinder-volumes
     pvs: "{{ cinder_losetup.stdout }}"
   tags:

tests/roles/bootstrap-host/tasks/prepare_loopback_manila.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Create sparse manila file
-  command: "truncate -s {{ bootstrap_host_loopback_manila_size }}G /openstack/manila.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_manila_size }}G /openstack/manila.img"
   args:
     creates: /openstack/manila.img
   register: manila_create
@@ -22,26 +22,26 @@
     - manila-file-create
 
 - name: Run the systemd service role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_service
   vars:
     systemd_services:
       - service_name: "loop-manila"
         config_overrides:
           Unit:
-            Description: no
+            Description: false
             After: systemd-udev-settle.service
             Before: lvm2-activation-early.service
             Wants: systemd-udev-settle.service
           Service:
-            RemainAfterExit: yes
+            RemainAfterExit: true
         service_type: oneshot
         execstarts:
           - /bin/bash -c "/sbin/losetup $(/sbin/losetup -f) /openstack/manila.img"
           - /sbin/pvscan
         execstops:
           - /bin/bash -c "losetup -d $(losetup -l | awk '/manila.img/ {print $1}')"
-        enabled: yes
+        enabled: true
         state: started
     systemd_tempd_prefix: openstack
   tags:
@@ -63,13 +63,13 @@
     - manila-lvm-pv
 
 - name: Run pvscan
-  command: "pvscan"
+  ansible.builtin.command: "pvscan"
   changed_when: false
   tags:
     - manila-lvm-pv
 
 - name: Add manila-shares volume group
-  lvg:
+  community.general.lvg:
     vg: manila-shares
     pvs: "{{ manila_losetup.stdout }}"
   tags:

tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml

@@ -14,14 +14,14 @@
 # limitations under the License.
 
 - name: Create sparse Nova file
-  command: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img"
   args:
     creates: /openstack/nova.img
   tags:
     - nova-file-create
 
 - name: Format the Nova file
-  filesystem:
+  community.general.filesystem:
     fstype: xfs
     dev: /openstack/nova.img
     opts: "{{ bootstrap_host_format_options['xfs'] | default(omit) }}"
@@ -29,7 +29,7 @@
     - nova-format-file
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:

tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Create swap file
-  command: "dd if=/dev/zero of=/openstack/swap.img bs=1M count={{ bootstrap_host_loopback_swap_size }}"
+  ansible.builtin.command: "dd if=/dev/zero of=/openstack/swap.img bs=1M count={{ bootstrap_host_loopback_swap_size }}"
   args:
     creates: /openstack/swap.img
   register: swap_create
@@ -22,7 +22,7 @@
     - swap-file-create
 
 - name: Format the swap file
-  command: mkswap /openstack/swap.img
+  ansible.builtin.command: mkswap /openstack/swap.img
   when:
     - swap_create  is changed
   tags:
@@ -30,7 +30,7 @@
     - skip_ansible_lint
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:
@@ -44,7 +44,7 @@
     - swap-config
 
 - name: Set system swappiness
-  sysctl:
+  ansible.posix.sysctl:
     name: vm.swappiness
     value: 10
     state: present

tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Create sparse Swift files
-  command: "truncate -s {{ bootstrap_host_loopback_swift_size }}G /openstack/{{ item }}.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_swift_size }}G /openstack/{{ item }}.img"
   args:
     creates: "/openstack/{{ item }}.img"
   with_items:
@@ -25,7 +25,7 @@
     - swift-file-create
 
 - name: Format the Swift files
-  filesystem:
+  community.general.filesystem:
     fstype: xfs
     opts: "{{ bootstrap_host_format_options['xfs'] | default(omit) }}"
     dev: "/openstack/{{ item }}.img"
@@ -37,7 +37,7 @@
     - swift-format-file
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:

tests/roles/bootstrap-host/tasks/prepare_loopback_zfs.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Install zfs packages
-  package:
+  ansible.builtin.package:
     name: "{{ packages_install_zfs }}"
     state: present
     update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
@@ -22,16 +22,16 @@
     - install-packages
 
 - name: Create sparse ZFS backing file
-  command: "truncate -s {{ bootstrap_host_loopback_zfs_size }}G /openstack/lxc-zfs.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_zfs_size }}G /openstack/lxc-zfs.img"
   args:
     creates: /openstack/lxc-zfs.img
 
 - name: Create the ZFS pool
-  command: zpool create osa-test-pool /openstack/lxc-zfs.img
+  ansible.builtin.command: zpool create osa-test-pool /openstack/lxc-zfs.img
   args:
     creates: /osa-test-pool
 
 - name: Create the ZFS pool/lxc volume
-  shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
+  ansible.builtin.shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
   tags:
     - skip_ansible_lint

tests/roles/bootstrap-host/tasks/prepare_networking.yml

@@ -14,15 +14,15 @@
 # limitations under the License.
 
 - name: Check if firewalld is installed
-  command: rpm -q firewalld
+  ansible.builtin.command: rpm -q firewalld # noqa: command-instead-of-module
   register: firewalld_check
   changed_when: false
   failed_when: firewalld_check.rc > 1
   when: ansible_facts['os_family'] == 'RedHat'
 
 - name: Disable firewalld
-  become: True
+  become: true
-  service:
+  ansible.builtin.service:
     name: "{{ item }}"
     enabled: false
     state: stopped
@@ -33,17 +33,17 @@
     - firewalld_check.rc == 0
 
 - name: Disable NetworkManager
-  become: True
+  become: true
-  service:
+  ansible.builtin.service:
     name: NetworkManager
     state: stopped
-    enabled: no
+    enabled: false
-    masked: yes
+    masked: true
   when:
     - ansible_facts['os_family'] == 'RedHat'
 
 - name: Run the systemd-networkd role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_networkd
   vars:
     systemd_networkd_prefix: "osa_testing"
@@ -192,13 +192,13 @@
 # NOTE(jrosser) The systemd_networkd role uses a handler to restart the networking service
 # This will normally not run until the end of the play, so we must force it here
 - name: Force systemd_networkd hander to run
-  meta: flush_handlers
+  ansible.builtin.meta: flush_handlers
 
 # NOTE(jrosser) The intention here is not to proceed further until the network bridges are up
 # This ensures there will be no race between the bridges coming up and subsequent tasks which
 # require functional network interfaces
 - name: Check that network bridges are up
-  wait_for:
+  ansible.builtin.wait_for:
     port: 22
     timeout: 30
     host: "{{ item }}"
@@ -211,7 +211,7 @@
     - 172.29.228.100  # br-bmaas
 
 - name: Run the systemd service role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_service
   vars:
     systemd_services:
@@ -222,7 +222,7 @@
             After: network-online.target
             Wants: network-online.target
           Service:
-            RemainAfterExit: yes
+            RemainAfterExit: true
         service_type: oneshot
         execstarts:
           - "-{{ bootstrap_host_iptables_path }} -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
@@ -247,14 +247,14 @@
           - "-{{ bootstrap_host_ethtool_path }} -K eth15 gso off sg off tso off tx off"
         execstops:
           - "{{ bootstrap_host_iptables_path }} -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
-        enabled: yes
+        enabled: true
         state: started
     systemd_tempd_prefix: openstack
   tags:
     - network-config
 
 - name: Updating the facts due to net changes
-  setup:
+  ansible.builtin.setup:
     gather_subset: network
   tags:
     - networking

tests/roles/bootstrap-host/tasks/prepare_nfs.yml

@@ -14,14 +14,14 @@
 # limitations under the License.
 
 - name: Create sparse NFS volume
-  command: "truncate -s {{ bootstrap_host_loopback_nfs_size }}G /openstack/nfs.img"
+  ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_nfs_size }}G /openstack/nfs.img"
   args:
     creates: /openstack/nfs.img
   tags:
     - nfs-file-create
 
 - name: Format the NFS file
-  filesystem:
+  community.general.filesystem:
     fstype: xfs
     dev: /openstack/nfs.img
     opts: "{{ bootstrap_host_format_options['xfs'] | default(omit) }}"
@@ -29,7 +29,7 @@
     - nfs-format-file
 
 - name: Run the systemd mount role
-  include_role:
+  ansible.builtin.include_role:
     name: systemd_mount
   vars:
     systemd_mounts:
@@ -43,19 +43,19 @@
     - nfs-config
 
 - name: Install NFS packages
-  package:
+  ansible.builtin.package:
     name: "{{ nfs_package }}"
     state: present
 
-- name: create the system group for nfs
+- name: Create the system group for nfs
-  group:
+  ansible.builtin.group:
     name: "nfs-user"
     gid: "10000"
     state: "present"
     system: "yes"
 
 - name: Create the system user for nfs
-  user:
+  ansible.builtin.user:
     name: "nfs-user"
     uid: "10000"
     group: "nfs-user"
@@ -66,36 +66,38 @@
     home: "/srv/nfs"
 
 - name: Create base directories
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: "directory"
     owner: "nfs-user"
     group: "nfs-user"
+    mode: "0755"
   with_items:
     - "/srv/nfs/glance"
     - "/srv/nfs/cinder"
 
 - name: Create exports file
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/exports
     line: '{{ item }} {{ storage_range }}.0/{{ netmask }}(rw,sync,no_subtree_check,insecure,all_squash,anonuid=10000,anongid=10000)'
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
-    create: yes
+    create: true
   with_items:
     - "/srv/nfs/glance"
     - "/srv/nfs/cinder"
   register: nfs_exportfs
 
-- name: Restart nfs-server
+- name: Restart nfs-server # noqa: no-handler
-  systemd:
+  ansible.builtin.systemd:
-    daemon_reload: yes
+    daemon_reload: true
     name: "nfs-server"
-    enabled: "yes"
+    enabled: true
     state: "restarted"
   when:
     - nfs_exportfs  is changed
 
 - name: Export NFS
-  command: exportfs -rav
+  ansible.builtin.command: exportfs -rav
+  changed_when: false

tests/roles/bootstrap-host/tasks/prepare_squid.yml

@@ -14,7 +14,7 @@
 # limitations under the License.
 
 - name: Install squid packages
-  package:
+  ansible.builtin.package:
     name: squid
     state: present
     update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
@@ -23,6 +23,7 @@
     - install-packages
 
 - name: Install squid config
-  copy:
+  ansible.builtin.copy:
     src: "squid.conf"
     dest: "/etc/squid/squid.conf"
+    mode: "0644"

tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml

@@ -14,31 +14,31 @@
 # limitations under the License.
 
 - name: Ensure root has a .ssh directory
-  file:
+  ansible.builtin.file:
     path: /root/.ssh
     state: directory
     owner: root
     group: root
-    mode: 0700
+    mode: "0700"
   tags:
     - ssh-key-dir
 
 - name: Check for existing ssh private key file
-  stat:
+  ansible.builtin.stat:
     path: /root/.ssh/id_rsa
   register: ssh_key_private
   tags:
     - ssh-key-check
 
 - name: Check for existing ssh public key file
-  stat:
+  ansible.builtin.stat:
     path: /root/.ssh/id_rsa.pub
   register: ssh_key_public
   tags:
     - ssh-key-check
 
 - name: Remove an existing private/public ssh keys if one is missing
-  file:
+  ansible.builtin.file:
     path: "/root/.ssh/{{ item }}"
     state: absent
   when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists
@@ -49,27 +49,27 @@
     - ssh-key-clean
 
 - name: Create ssh key pair for root
-  user:
+  ansible.builtin.user:
     name: root
-    generate_ssh_key: yes
+    generate_ssh_key: true
     ssh_key_bits: 2048
     ssh_key_file: /root/.ssh/id_rsa
   tags:
     - ssh-key-generate
 
 - name: Fetch the generated public ssh key
-  fetch:
+  ansible.builtin.fetch:
     src: "/root/.ssh/id_rsa.pub"
     dest: "/tmp/id_rsa.pub"
-    flat: yes
+    flat: true
   when: inventory_hostname == groups['all'][0]
   tags:
     - ssh-key-authorized
 
 - name: Ensure root's new public ssh key is in authorized_keys
-  authorized_key:
+  ansible.posix.authorized_key:
     user: root
-    key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
+    key: "{{ lookup('file', '/tmp/id_rsa.pub') }}"
-    manage_dir: no
+    manage_dir: false
   tags:
-    - ssh-key-authorized
+    - ssh-key-authorized

tests/roles/bootstrap-host/tasks/prepare_step_ca.yml

@@ -15,105 +15,110 @@
 
 # This is packaged in ubuntu for Kinetic and later
 - name: Install step-ca packages
-  package:
+  ansible.builtin.package:
     deb: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(item, omit) }}"
     name: "{{ (ansible_facts['pkg_mgr'] == 'dnf') | ternary(item, omit) }}"
   with_items: "{{ step_ca_package_urls }}"
 
 - name: Ensure user is present
-  user:
+  ansible.builtin.user:
     name: "{{ step_ca_user }}"
     state: present
-    create_home: yes
+    create_home: true
     home: "{{ step_ca_config_dir }}"
-    system: yes
+    system: true
     shell: /bin/bash
 
 - name: Ensure group is present
-  group:
+  ansible.builtin.group:
     name: "{{ step_ca_group }}"
     state: present
-    system: yes
+    system: true
 
 - name: Set STEPPATH variable to point to config directory to allow CLI commands to work
-  lineinfile:
+  ansible.builtin.lineinfile:
     dest: /etc/environment
     line: 'STEPPATH="{{ step_ca_config_dir }}"'
     state: present
+    mode: "0644"
 
 - name: Ensure that the config and db directories exists
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: "{{ step_ca_user }}"
     group: "{{ step_ca_group }}"
     recurse: true
+    mode: "0755"
   with_items:
     - "{{ step_ca_config_dir }}"
     - "{{ step_ca_config_dir }}/config"
     - "{{ step_ca_config_dir }}/db"
 
 - name: Ensure that the intermediate key password file is created
-  copy:
+  ansible.builtin.copy:
     content: "{{ step_ca_intermediate_password }}"
-    dest: "{{ step_ca_config_dir}}/config/password.txt"
+    dest: "{{ step_ca_config_dir }}/config/password.txt"
-    mode: 0600
+    mode: "0600"
     owner: "{{ step_ca_user }}"
 
 - name: Intialise Step-CA, only if config file doesn't exist
-  become: yes
+  become: true
   become_user: "{{ step_ca_user }}"
-  command: >
+  ansible.builtin.command: >
     step ca init
       --name="{{ step_ca_name }}"
       --dns="{{ step_ca_dns_name | join(',') }}"
       --provisioner=delete-me
-      --password-file="{{ step_ca_config_dir}}/config/password.txt"
+      --password-file="{{ step_ca_config_dir }}/config/password.txt"
       --address="{{ step_ca_listen_address }}"
   args:
     creates: "{{ step_ca_config_dir }}/config/ca.json"
 
 - name: Create systemd unit file
-  template:
+  ansible.builtin.template:
     src: step-ca.service.j2
     dest: /etc/systemd/system/step-ca.service
+    mode: "0644"
 
 - name: Restart step-ca to use initial configuration
-  systemd:
+  ansible.builtin.systemd:
     name: step-ca
     state: restarted
     daemon_reload: true
 
 - name: Create Go Template for x509 Certificate
-  copy:
+  ansible.builtin.copy:
     src: step_ca_x509_template.tpl
     dest: "{{ step_ca_config_dir }}/templates/x509_template.tpl"
     owner: "{{ step_ca_user }}"
     group: "{{ step_ca_group }}"
-    mode: 0600
+    mode: "0600"
 
 - name: Check for ACME provisioner
-  become: yes
+  become: true
   become_user: "{{ step_ca_user }}"
-  shell: 'step ca provisioner list | grep acme-osa'
+  ansible.builtin.shell: 'step ca provisioner list | grep acme-osa'
   failed_when: false
+  changed_when: false
   register: step_ca_find_provisioner
 
-- name: Create ACME provisioner
+- name: Create ACME provisioner # noqa: no-changed-when
-  become: yes
+  become: true
   become_user: "{{ step_ca_user }}"
-  command: >
+  ansible.builtin.command: >
     step ca provisioner add acme-osa --type ACME
   when: step_ca_find_provisioner.rc != 0
 
 - name: Restart step-ca to use the ACME provisioner
-  systemd:
+  ansible.builtin.systemd:
     name: step-ca
     state: restarted
   when: step_ca_find_provisioner.rc != 0
 
 - name: Retrieve the Root CA bundle from the CA server
-  get_url:
+  ansible.builtin.get_url:
     url: https://127.0.0.1:8889/roots.pem
     validate_certs: false
     dest: /opt/step_ca_roots.pem
+    mode: "0644"

tests/test-upstream-shas.yml

@@ -15,32 +15,35 @@
 
 - name: Ensuring upstream SHAs validity
   hosts: "localhost"
-  gather_facts: no
+  gather_facts: false
   connection: local
   user: root
   tasks:
     - name: Include repo_packages variables
-      include_vars:
+      ansible.builtin.include_vars:
         dir: "{{ playbook_dir }}/../inventory/group_vars"
         files_matching: source_git.yml
-        ignore_unknown_extensions: True
+        ignore_unknown_extensions: true
         extensions:
           - 'yml'
 
     - name: Define list of services tracked
-      set_fact:
+      ansible.builtin.set_fact:
-        service_projects: "{{ hostvars[inventory_hostname] | select('match', '^([a-z_]*)_git_track_branch') | map('regex_replace', '^([a-z_]*)_git_track_branch', '\\1') | list }}"
+        service_projects: >-
+          {{
+            hostvars[inventory_hostname] | select('match', '^([a-z_]*)_git_track_branch') | map('regex_replace', '^([a-z_]*)_git_track_branch', '\\1') | list
+          }}
 
     - name: Clone git repos
-      git:
+      ansible.builtin.git:
         repo: "{{ hostvars[inventory_hostname][item ~ '_git_repo'] }}"
         dest: "/tmp/opendev/{{ hostvars[inventory_hostname][item ~ '_git_repo'] | basename }}"
         version: "{{ hostvars[inventory_hostname][item ~ '_git_install_branch'] }}"
-        depth: "10"
+        depth: 10
         update: true
         force: true
       with_items: "{{ service_projects }}"
       register: git_clone
       until: git_clone is success
-      retries: "2"
+      retries: 2
-      delay: "10"
+      delay: 10

tests/test-vars-overrides.yml

@@ -15,34 +15,34 @@
 
 - name: Ensuring group vars
   hosts: "hosts"
-  gather_facts: no
+  gather_facts: false
   connection: local
   user: root
   tasks:
     - name: Ensuring existing group vars are well applied
-      assert:
+      ansible.builtin.assert:
         that:
           - "openstack_release is defined"
     - name: Ensuring babar is well defined
-      assert:
+      ansible.builtin.assert:
         that:
           - "babar == 'elephant'"
     - name: Ensuring lxc_hosts_package_state is well overridden
-      assert:
+      ansible.builtin.assert:
         that:
           - "lxc_hosts_package_state == 'present'"
 
 - name: Ensuring host vars
   hosts: localhost
-  gather_facts: no
+  gather_facts: false
   connection: local
   user: root
   tasks:
     - name: Ensuring tintin has milou
-      assert:
+      ansible.builtin.assert:
         that:
           - "tintin == 'milou'"
     - name: Ensuring security_package_state is overridden
-      assert:
+      ansible.builtin.assert:
         that:
           - "security_package_state == 'present'"

zuul.d/playbooks/post.yml

@@ -13,12 +13,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- hosts: all
+- name: Post-run tasks
+  hosts: all
   tasks:
     - name: Run log collection script
-      command: scripts/log-collect.sh
+      ansible.builtin.command: scripts/log-collect.sh
-      become: yes
+      become: true
       become_user: root
+      changed_when: false
       args:
         chdir: "src/opendev.org/openstack/openstack-ansible"
       environment:
@@ -32,15 +34,15 @@
         WORKING_DIR: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible"
 
     - name: Check whether a logs folder exists
-      stat:
+      ansible.builtin.stat:
         path: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible/logs"
-        get_attributes: no
+        get_attributes: false
-        get_checksum: no
+        get_checksum: false
-        get_mime: no
+        get_mime: false
       register: logs_folder
 
     - name: Copy logs back to the executor
-      synchronize:
+      ansible.posix.synchronize:
         src: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible/logs"
         dest: "{{ zuul.executor.log_root }}/"
         mode: pull

zuul.d/playbooks/pre-gate-cleanup.yml

@@ -15,11 +15,11 @@
 
 - name: Cleanup gate images
   hosts: all
-  become: yes
+  become: true
   become_user: root
   tasks:
     - name: Switch apt source from https to http
-      replace:
+      ansible.builtin.replace:
         path: /etc/apt/sources.list
         regexp: 'https'
         replace: "http"
@@ -27,7 +27,7 @@
         - ansible_facts['distribution_release'] in ['jammy']
 
     - name: Remove package excludes for yum/dnf
-      lineinfile:
+      ansible.builtin.lineinfile:
         dest: '/etc/dnf/dnf.conf'
         regexp: "^exclude="
         state: absent
@@ -38,7 +38,7 @@
         - ansible_facts['distribution'] | lower == 'rocky'
       block:
         - name: Comment out mirrorlist for Rocky
-          replace:
+          ansible.builtin.replace:
             path: "/etc/yum.repos.d/{{ item }}"
             regexp: "^(mirrorlist=.*)$"
             replace: "#\\1"
@@ -49,7 +49,7 @@
             - rocky-addons.repo
 
         - name: Uncomment baseurl for Rocky
-          replace:
+          ansible.builtin.replace:
             path: "/etc/yum.repos.d/{{ item }}"
             regexp: "^#(baseurl=.*)$"
             replace: "\\1"
@@ -68,7 +68,7 @@
             value: "no"
           - name: PasswordAuthentication
             value: "no"
-      blockinfile:
+      ansible.builtin.blockinfile:
         dest: /etc/ssh/sshd_config
         state: present
         marker: "# {mark} MANAGED BY PRE-OSA step"
@@ -82,14 +82,14 @@
         - Restart ssh
 
     - name: Remove motd from pam.d
-      lineinfile:
+      ansible.builtin.lineinfile:
         path: /etc/pam.d/sshd
         regexp: '^(session\s*optional\s*pam_motd.so.*)$'
         line: '# \1'
-        backrefs: yes
+        backrefs: true
 
   handlers:
     - name: Restart ssh
-      service:
+      ansible.builtin.service:
         name: "sshd"
         state: restarted

zuul.d/playbooks/pre-gate-scenario.yml

@@ -22,7 +22,7 @@
     zuul_user_vars_file: "{{ ansible_env.HOME }}/osa-job-vars.yml"
   tasks:
     - name: Dynamically create scenario if not set
-      set_fact:
+      ansible.builtin.set_fact:
         scenario: |-
           {% set _scenario = [] %}
           {# Add the scenarios based on the job name #}
@@ -76,26 +76,26 @@
         - scenario is not defined
 
     - name: Dynamically set action if not set
-      set_fact:
+      ansible.builtin.set_fact:
-        action: "{{ zuul.job | regex_replace('^openstack-ansible-([^-]+)-.*$', '\\1') }}"
+        action: "{{ zuul.job | regex_replace('^openstack-ansible-([^-]+)-.*$', '\\1') }}" # noqa: var-naming[no-reserved]
       when:
         - action is not defined
 
     - name: Dynamically set install method if not set
-      set_fact:
+      ansible.builtin.set_fact:
         install_method: "{{ (scenario.split('_') | intersect(install_methods))[0] }}"
       when:
         - install_method is not defined
         - scenario.split('_') | intersect(install_methods) | length > 0
 
     - name: Set install method to source as a baseline default
-      set_fact:
+      ansible.builtin.set_fact:
         install_method: source
       when:
         - install_method is not defined
 
     - name: Print gate check configuration
-      debug:
+      ansible.builtin.debug:
         msg: |-
           Running gate-check-commit with the following arguments:
           Scenario: {{ scenario }}
@@ -106,9 +106,10 @@
     # Other playbooks can consume this vars file as shown in run.yml
     # This file is stored in work/osa-gate-scenario.yml on the Zuul executor
     - name: Log the gate check configuration to a vars file
-      template:
+      ansible.builtin.template:
         src: osa-gate-scenario.yml.j2
         dest: "{{ zuul.executor.work_root }}/osa-gate-scenario.yml"
+        mode: "0644"
       delegate_to: localhost
 
     # Other playbooks can consume this vars file to access the
@@ -119,6 +120,7 @@
           zuul: "{{ zuul }}"
         zuul_site_mirror_info_helper_var:
           zuul_site_mirror_info: "{{ zuul_site_mirror_info | default({}) }}"
-      template:
+      ansible.builtin.template:
         src: osa-job-vars.yml.j2
         dest: "{{ zuul_user_vars_file }}"
+        mode: "0644"

zuul.d/playbooks/pre-osa-aio.yml

@@ -21,17 +21,17 @@
     _zuul_src_path: "{{ ansible_user_dir }}/src"
   tasks:
     - name: Mark OSA repository as safe
-      become: yes
+      become: true
       become_user: root
-      git_config:
+      community.general.git_config:
         name: safe.directory
         scope: global
         value: "{{ _zuul_src_path }}/opendev.org/openstack/openstack-ansible"
 
-    - name: Run bootstrap-ansible script
+    - name: Run bootstrap-ansible script # noqa: no-changed-when
-      become: yes
+      become: true
       become_user: root
-      shell: scripts/bootstrap-ansible.sh
+      ansible.builtin.shell: scripts/bootstrap-ansible.sh
       args:
         chdir: "src/opendev.org/openstack/openstack-ansible"
         executable: /bin/bash
@@ -45,10 +45,10 @@
         - "'upgrade' not in action"
         - osa_pre_run_bootstrap | default(True)
 
-    - name: Run bootstrap-aio script
+    - name: Run bootstrap-aio script # noqa: no-changed-when
-      become: yes
+      become: true
       become_user: root
-      shell: scripts/bootstrap-aio.sh
+      ansible.builtin.shell: scripts/bootstrap-aio.sh
       args:
         chdir: "src/opendev.org/openstack/openstack-ansible"
         executable: /bin/bash

zuul.d/playbooks/pre-osa-requirements.yml

@@ -19,13 +19,13 @@
     _zuul_src_path: "{{ lookup('env', 'ZUUL_SRC_PATH') | default(lookup('env', 'HOME') ~ '/src') }}"
   tasks:
     - name: Loading osa-gate-scenario vars
-      include_vars:
+      ansible.builtin.include_vars:
         file: "{{ zuul.executor.work_root | default('') }}/osa-gate-scenario.yml"
       when: load_zuul_vars | default(true) | bool
 
     - name: Ensure required directory exists
       become: true
-      file:
+      ansible.builtin.file:
         path: "{{ item }}"
         state: directory
         mode: '0755'
@@ -39,25 +39,25 @@
         - "'upgrade' not in action"
       block:
         - name: Check the Zuul src dir for cloned roles
-          stat:
+          ansible.builtin.stat:
             path: "{{ _zuul_src_path }}/{{ item.src.split('/')[-3:] | join('/') }}"
-            get_attributes: no
+            get_attributes: false
-            get_checksum: no
+            get_checksum: false
-            get_mime: no
+            get_mime: false
           register: zuul_roles
           when:
             - item.scm == "git" or item.scm is undefined
           with_items: "{{ lookup('file', playbook_dir | dirname | dirname ~ '/ansible-role-requirements.yml') | from_yaml }}"
 
         - name: Remove target directory if required
-          file:
+          ansible.builtin.file:
             path: "/etc/ansible/roles/{{ item.item.name | default(item.item.src | basename) }}"
             state: absent
           with_items: "{{ (lookup('env', 'DROP_ROLE_DIRS') | bool is true) | ternary(zuul_roles.results | selectattr('stat.exists'), []) }}"
 
         - name: Link the Zuul provided roles
           become: true
-          file:
+          ansible.builtin.file:
             src: "{{ _zuul_src_path }}/{{ item.item.src.split('/')[-3:] | join('/') }}"
             dest: "/etc/ansible/roles/{{ item.item.name | default(item.item.src | basename) }}"
             state: link
@@ -69,7 +69,7 @@
         #               are checked out by Zuul so we hard fail
         #               if any roles are not.
         - name: Fail if any roles were not cloned
-          fail:
+          ansible.builtin.fail:
             msg: |
               The following roles were not cloned automatically by Zuul,
               make sure that they're included in required-projects {{ uncloned_roles | join(',') }}
@@ -84,7 +84,7 @@
 
         - name: Prevent prepared roles from being cloned
           become: true
-          copy:
+          ansible.builtin.copy:
             content: |-
               {% set ignored_roles = [] %}
               {% for role in zuul_roles.results | selectattr('stat.exists') | map(attribute='item') %}
@@ -101,11 +101,11 @@
         - "'upgrade' not in action"
       block:
         - name: Check the Zuul src dir for cloned collections
-          stat:
+          ansible.builtin.stat:
             path: "{{ _zuul_src_path }}/{{ item.source.split('/')[2:] | join('/') | split('#') | first }}"
-            get_attributes: no
+            get_attributes: false
-            get_checksum: no
+            get_checksum: false
-            get_mime: no
+            get_mime: false
           register: zuul_collections
           with_items: "{{ (lookup('file', playbook_dir | dirname | dirname ~ '/ansible-collection-requirements.yml') | from_yaml).collections }}"
 
@@ -126,7 +126,7 @@
                 {%   endif %}
                 {% endfor %}
                 {{ collections }}
-          copy:
+          ansible.builtin.copy:
             content: "{{ content_var | to_nice_yaml }}"
             dest: "/etc/openstack_deploy/user-collection-requirements.yml"
             mode: "0644"

zuul.d/playbooks/run.yml

@@ -1,11 +1,12 @@
-- hosts: all[0]
+- name: Run tests
+  hosts: all[0]
   vars_files:
     - "{{ zuul.executor.work_root }}/osa-gate-scenario.yml"
   tasks:
-    - name: Run gate-check-commit.sh script
+    - name: Run gate-check-commit.sh script # noqa: no-changed-when
-      become: yes
+      become: true
       become_user: root
-      shell: >-
+      ansible.builtin.shell: >-
         scripts/gate-check-commit.sh
         {{ scenario | quote }}
         {{ action | quote }}
@@ -17,7 +18,7 @@
         skip_bootstrap:
           # NOTE(logan): ARA is already installed in the gate environment by the
           # pre-osa-aio pre-run playbook
-          SETUP_ARA: False
+          SETUP_ARA: False # noqa: yaml[truthy]
           # NOTE(logan): The project is bootstrapped in the pre playbook so the
           # bootstrapping can be skipped here
           SKIP_OSA_RUNTIME_VENV_BUILD: 1