Ansible 2.15 causes OCP deployment to break

[winkabob]

From freshly deployed Bastion VM:

./run_cluster_install.sh
<<SNIP>>
module.network.null_resource.update_bastion_files (local-exec): TASK [Copy Mirror Cert for trust] **********************************************
module.network.null_resource.update_bastion_files (local-exec): fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.legacy.command) module: warn. Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends."}

module.network.null_resource.update_bastion_files (local-exec): PLAY RECAP *********************************************************************
module.network.null_resource.update_bastion_files (local-exec): localhost                  : ok=2    changed=2    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

module.network.vcd_nsxv_firewall_rule.mirror_allow[0]: Creation complete after 8s [id=133267]
module.network.vcd_nsxv_firewall_rule.ocp_console_allow: Still creating... [10s elapsed]
module.network.vcd_nsxv_firewall_rule.lb_allow[0]: Still creating... [10s elapsed]
module.network.vcd_nsxv_dnat.dnat: Still creating... [10s elapsed]
module.network.vcd_nsxv_firewall_rule.lb_allow[0]: Creation complete after 16s [id=133268]
module.network.vcd_nsxv_firewall_rule.ocp_console_allow: Still creating... [20s elapsed]
module.network.vcd_nsxv_dnat.dnat: Still creating... [20s elapsed]
module.network.vcd_nsxv_dnat.dnat: Creation complete after 26s [id=196686]
module.network.vcd_nsxv_firewall_rule.ocp_console_allow: Still creating... [30s elapsed]
module.network.vcd_nsxv_firewall_rule.ocp_console_allow: Creation complete after 33s [id=133269]
╷
│ Error: local-exec provisioner error
│
│   with module.network.null_resource.update_bastion_files,
│   on network/network.tf line 243, in resource "null_resource" "update_bastion_files":
│  243:     provisioner "local-exec" {
│
│ Error running command ' ansible-playbook -i /tmp/inventory /tmp/add_entries.yaml': exit status 2. Output:
│ PLAY [localhost] ***************************************************************
│
│ TASK [update /etc/hosts] *******************************************************
│ changed: [localhost]
│
│ TASK [update dnsmasq] **********************************************************
│ changed: [localhost]
│
│ TASK [Copy Mirror Cert for trust] **********************************************
│ fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.legacy.command) module: warn. Supported parameters
│ include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends."}
│
│ PLAY RECAP *********************************************************************
│ localhost                  : ok=2    changed=2    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
│
│
╵
[root@bastion-cp4waiops-svt2-svt-airgap-2 ~]# ansible --version
ansible [core 2.15.3]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.11/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.5 (main, Sep 22 2023, 15:34:29) [GCC 8.5.0 20210514 (Red Hat 8.5.0-20)] (/usr/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True

Backleveling ansible to good old 2.13.5 worms around this

[winkabob]

FYI - this is the stanza in add_entries.yaml that it hates on:

    - name: Copy Mirror Cert for trust
      shell: "cp /root/svt-shared-registry-cert/bastion-cp4waiops-registry-cp4waiops-shared-registry-cluster.crt /etc/pki/ca-trust/source/anchors/."
      args:
        warn: no
    - name: Update trust cert store for mirror ca
      shell: "update-ca-trust"
      args:
        warn: no

Presumably the warn: no is the culprit