yamllint: Fix YAML files according to new ansible-core rules.

As per new requirements, spaces must include a space after '#' and octal
values must be either a string (when possible) or use 0o0000.

As this is required for YAML spec version 1.2, and we still may have
some setups where the YAML library does not fully support the new octal
integer '0o' prefix, all octal values were set as strings.

molecule/resources/playbooks/prepare.yml

@@ -2,7 +2,8 @@
 - name: Converge
   hosts: all
   tasks:
-  - include_tasks: prepare-common.yml
+  - name: Include common tasks to prepare environment
+    ansible.builtin.include_tasks: prepare-common.yml
 
   # In some distros DS won't start up after reboot
   #   This is due to a problem in 389-ds. See tickets:
@@ -16,7 +17,7 @@
       owner: dirsrv
       group: dirsrv
       path: "{{ item }}"
-      mode: 0770
+      mode: "0770"
     loop:
       - /var/lock/dirsrv/
       - /var/lock/dirsrv/slapd-TEST-LOCAL/

playbooks/dnszone/dnszone-all-params.yml

@@ -21,7 +21,7 @@
         - ip_address: 8.8.8.8
         - ip_address: 8.8.4.4
           port: 52
-      #serial: 1234
+      # serial: 1234
       refresh: 3600
       retry: 900
       expire: 1209600

playbooks/vault/vault-is-present-with-password-file.yml

@@ -11,7 +11,7 @@
       dest: "{{ ansible_facts['env'].HOME }}/password.txt"
       owner: "{{ ansible_user }}"
       group: "{{ ansible_user }}"
-      mode: 0600
+      mode: "0600"
   - name: Ensure symmetric vault exists with password from file.
     ipavault:
       ipaadmin_password: SomeADMINpassword

playbooks/vault/vault-is-present-with-public-key-file.yml

@@ -16,7 +16,7 @@
       dest: "{{ ansible_facts['env'].HOME }}/public.pem"
       owner: "{{ ansible_user }}"
       group: "{{ ansible_user }}"
-      mode: 0600
+      mode: "0600"
   - name: Ensure asymmetric vault exists with public key from file.
     ipavault:
       ipaadmin_password: SomeADMINpassword

roles/ipaclient/tasks/install.yml

@@ -152,7 +152,7 @@
       ansible.builtin.copy:
         src: "{{ ipaadmin_keytab }}"
         dest: "{{ keytab_temp.path }}"
-        mode: 0600
+        mode: "0600"
       delegate_to: "{{ result_ipaclient_test.servers[0] }}"
       when: ipaadmin_keytab is defined
 

roles/ipaclient/tasks/uninstall.yml

@@ -16,7 +16,7 @@
     state: absent
   when: ipaclient_cleanup_dns_resolver | bool
 
-#- name: Remove IPA client package
-#  ansible.builtin.package:
-#    name: "{{ ipaclient_packages }}"
-#    state: absent
+# - name: Remove IPA client package
+#   ansible.builtin.package:
+#     name: "{{ ipaclient_packages }}"
+#     state: absent

roles/ipaclient/vars/Fedora-25.yml

@@ -2,4 +2,4 @@
 # vars/Fedora-25.yml
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'

roles/ipaclient/vars/Fedora-26.yml

@@ -2,4 +2,4 @@
 # vars/Fedora-26.yml
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'

roles/ipaclient/vars/RedHat-7.3.yml

@@ -2,4 +2,4 @@
 # vars/RedHat-7.3.yml
 ---
 ipaclient_packages: [ "ipa-client", "ipa-admintools", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'

roles/ipaclient/vars/RedHat-7.yml

@@ -2,4 +2,4 @@
 # vars/RedHat-7
 ---
 ipaclient_packages: [ "ipa-client", "libselinux-python" ]
-#ansible_python_interpreter: '/usr/bin/python2'
+# ansible_python_interpreter: '/usr/bin/python2'

roles/ipaclient/vars/default.yml

@@ -2,4 +2,4 @@
 # vars/default.yml
 ---
 ipaclient_packages: [ "ipa-client", "python3-libselinux" ]
-#ansible_python_interpreter: '/usr/bin/python3'
+# ansible_python_interpreter: '/usr/bin/python3'

roles/ipareplica/defaults/main.yml

@@ -17,10 +17,10 @@ ipareplica_no_ui_redirect: no
 ipaclient_mkhomedir: no
 ipaclient_force_join: no
 ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
 ipaclient_ssh_trust_dns: no
 ### certificate system ###
 ipareplica_skip_schema_check: no

roles/ipaserver/defaults/main.yml

@@ -16,10 +16,10 @@ ipaserver_random_serial_numbers: false
 ### client ###
 ipaclient_mkhomedir: no
 ipaclient_no_ntp: no
-#ipaclient_ssh_trust_dns: no
-#ipaclient_no_ssh: no
-#ipaclient_no_sshd: no
-#ipaclient_no_dns_sshfp: no
+# ipaclient_ssh_trust_dns: no
+# ipaclient_no_ssh: no
+# ipaclient_no_sshd: no
+# ipaclient_no_dns_sshfp: no
 ### certificate system ###
 ipaserver_external_ca: no
 ### dns ###

roles/ipaserver/tasks/uninstall.yml

@@ -55,7 +55,7 @@
   failed_when: uninstall.rc != 0 and uninstall.rc != 1
   changed_when: uninstall.rc == 0
 
-#- name: Remove IPA server packages
-#  ansible.builtin.package:
-#    name: "{{ ipaserver_packages }}"
-#    state: absent
+# - name: Remove IPA server packages
+#   ansible.builtin.package:
+#     name: "{{ ipaserver_packages }}"
+#     state: absent

roles/ipasmartcard_client/tasks/main.yml

@@ -109,7 +109,7 @@
       ansible.builtin.file:
         path: /etc/sssd/pki
         state: directory
-        mode: 0711
+        mode: "0711"
 
     - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
       ansible.builtin.file:

roles/ipasmartcard_server/tasks/main.yml

@@ -201,7 +201,7 @@
       ansible.builtin.file:
         path: /etc/sssd/pki
         state: directory
-        mode: 0711
+        mode: "0711"
 
     - name: Ensure /etc/sssd/pki/sssd_auth_ca_db.pem is absent
       ansible.builtin.file:

tests/azure/templates/galaxy_tests.yml

@@ -38,9 +38,9 @@ jobs:
     python_version: '< 3.12'
 
 # Temporarily disable due to issues with ansible docker plugin.
-#- template: galaxy_pytest_script.yml
-#  parameters:
-#    build_number: ${{ parameters.build_number }}
-#    scenario: ${{ parameters.scenario }}
-#    ansible_version: ${{ parameters.ansible_version }}
-#    python_version: '< 3.12'
+# - template: galaxy_pytest_script.yml
+#   parameters:
+#     build_number: ${{ parameters.build_number }}
+#     scenario: ${{ parameters.scenario }}
+#     ansible_version: ${{ parameters.ansible_version }}
+#     python_version: '< 3.12'

tests/azure/templates/group_tests.yml

@@ -38,9 +38,9 @@ jobs:
     python_version: '< 3.12'
 
 # Temporarily disabled due to ansible docker plugin issue.
-#- template: pytest_tests.yml
-#  parameters:
-#    build_number: ${{ parameters.build_number }}
-#    scenario: ${{ parameters.scenario }}
-#    ansible_version: ${{ parameters.ansible_version }}
-#    python_version: '< 3.12'
+# - template: pytest_tests.yml
+#   parameters:
+#     build_number: ${{ parameters.build_number }}
+#     scenario: ${{ parameters.scenario }}
+#     ansible_version: ${{ parameters.ansible_version }}
+#     python_version: '< 3.12'

tests/ca-less/install_replica_without_ca.yml

@@ -48,7 +48,7 @@
       ansible.builtin.file:
         path: "/root/ca-less-test"
         state: directory
-        mode: 0775
+        mode: "0775"
 
     - name: Copy CA certificate
       ansible.builtin.copy:

tests/ca-less/install_server_without_ca.yml

@@ -48,7 +48,7 @@
       ansible.builtin.file:
         path: "/root/ca-less-test"
         state: directory
-        mode: 0775
+        mode: "0775"
 
     - name: Copy CA certificate
       ansible.builtin.copy:

tests/cert/test_cert_host.yml

@@ -47,7 +47,7 @@
     ansible.builtin.copy:
       dest: "/root/host.csr"
       content: "{{ host_req.stdout }}"
-      mode: 0644
+      mode: "0644"
 
   # TESTS
 

tests/cert/test_cert_user.yml

@@ -45,7 +45,7 @@
     ansible.builtin.copy:
       dest: "/root/user.csr"
       content: "{{ user_req.stdout }}"
-      mode: 0644
+      mode: "0644"
 
   # TESTS
 

tests/external-signed-ca-with-automatic-copy/install-server-with-external-ca-with-automatic-copy.yml

@@ -28,7 +28,7 @@
   become: true
   vars:
     ipaserver_external_cert_files_from_controller: "{{ groups.ipaserver[0] + '-chain.crt' }}"
-    #ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
+    # ipaserver_external_ca_file: "{{ groups.ipaserver[0] + '-cacert.asc' }}"
 
   roles:
   - role: ipaserver

tests/external-signed-ca-with-manual-copy/install-server-with-external-ca-with-manual-copy.yml

@@ -34,7 +34,7 @@
   become: true
   vars:
     ipaserver_external_cert_files: "/root/chain.crt"
-    #ipaserver_external_ca_file: "cacert.asc"
+    # ipaserver_external_ca_file: "cacert.asc"
 
   pre_tasks:
   - name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node

tests/group/test_group.yml

@@ -298,11 +298,11 @@
     register: result
     failed_when: result.changed or result.failed
 
-  #- ipagroup:
-  #    name: group1
-  #    user:
-  #    - user7
-  #    action: member
+  # - ipagroup:
+  #     name: group1
+  #     user:
+  #     - user7
+  #     action: member
 
   - name: Ensure user user7 is absent in group group1
     ipagroup:

tests/host/test_host.yml

@@ -191,35 +191,35 @@
 
   # disabled can only be checked with enabled hosts, all hosts above are
   # not enabled.
-  #- name: Hosts host1..host6 disabled
-  #  ipahost:
-  #    ipaadmin_password: SomeADMINpassword
-  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
-  #    name:
-  #    - "{{ host1_fqdn }}"
-  #    - "{{ host2_fqdn }}"
-  #    - "{{ host3_fqdn }}"
-  #    - "{{ host4_fqdn }}"
-  #    - "{{ host5_fqdn }}"
-  #    - "{{ host6_fqdn }}"
-  #    state: disabled
-  #  register: result
-  #  failed_when: not result.changed or result.failed
+  # - name: Hosts host1..host6 disabled
+  #   ipahost:
+  #     ipaadmin_password: SomeADMINpassword
+  #     ipaapi_context: "{{ ipa_context | default(omit) }}"
+  #     name:
+  #     - "{{ host1_fqdn }}"
+  #     - "{{ host2_fqdn }}"
+  #     - "{{ host3_fqdn }}"
+  #     - "{{ host4_fqdn }}"
+  #     - "{{ host5_fqdn }}"
+  #     - "{{ host6_fqdn }}"
+  #     state: disabled
+  #   register: result
+  #   failed_when: not result.changed or result.failed
   #
-  #- name: Hosts host1..host6 disabled again
-  #  ipahost:
-  #    ipaadmin_password: SomeADMINpassword
-  #    ipaapi_context: "{{ ipa_context | default(omit) }}"
-  #    name:
-  #    - "{{ host1_fqdn }}"
-  #    - "{{ host2_fqdn }}"
-  #    - "{{ host3_fqdn }}"
-  #    - "{{ host4_fqdn }}"
-  #    - "{{ host5_fqdn }}"
-  #    - "{{ host6_fqdn }}"
-  #    state: disabled
-  #  register: result
-  #  failed_when: result.changed or result.failed
+  # - name: Hosts host1..host6 disabled again
+  #   ipahost:
+  #     ipaadmin_password: SomeADMINpassword
+  #     ipaapi_context: "{{ ipa_context | default(omit) }}"
+  #     name:
+  #     - "{{ host1_fqdn }}"
+  #     - "{{ host2_fqdn }}"
+  #     - "{{ host3_fqdn }}"
+  #     - "{{ host4_fqdn }}"
+  #     - "{{ host5_fqdn }}"
+  #     - "{{ host6_fqdn }}"
+  #     state: disabled
+  #   register: result
+  #   failed_when: result.changed or result.failed
 
   - name: Hosts host1..host6 absent
     ipahost:

tests/user/test_user.yml

@@ -56,7 +56,7 @@
       first: pinky
       last: Acme
       initials: pa
-      #password: foo2
+      # password: foo2
       principal: pa
       random: yes
       street: PinkyStreet
@@ -73,17 +73,17 @@
       # sshpubkey
       userauthtype: password,radius,otp
       userclass: PinkyUserClass
-      #radius: "http://some.link/"
-      #radiususer: PinkyRadiusUser
+      # radius: "http://some.link/"
+      # radiususer: PinkyRadiusUser
       departmentnumber: "1234"
       employeenumber: "0815"
       employeetype: "PinkyExmployeeType"
       preferredlanguage: "en"
       # certificate
       noprivate: yes
       nomembers: false
-      #issuer: PinkyIssuer
-      #subject: PinkySubject
+      # issuer: PinkyIssuer
+      # subject: PinkySubject
     register: result
     failed_when: not result.changed or result.failed