From 0f512a5bf7e2b0c98aceff289a9a98e8f7329d29 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Thu, 26 Apr 2018 16:58:35 +0300 Subject: [PATCH] roles/common: Use blocks to tag children of dynamic tasks When using dynamic includes, child tasks do not inherit tags from their parents. You must tag the parent and each child task separately, or use a block to group children and then apply a tag to a block. See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html --- roles/common/tasks/firewall_Debian.yml | 32 +++++----- roles/common/tasks/firewall_Ubuntu.yml | 32 +++++----- roles/common/tasks/packages_Debian.yml | 54 ++++++++-------- roles/common/tasks/packages_Ubuntu.yml | 87 +++++++++++++------------- 4 files changed, 101 insertions(+), 104 deletions(-) diff --git a/roles/common/tasks/firewall_Debian.yml b/roles/common/tasks/firewall_Debian.yml index b42a65f..d69651c 100644 --- a/roles/common/tasks/firewall_Debian.yml +++ b/roles/common/tasks/firewall_Debian.yml @@ -1,22 +1,22 @@ --- -- name: Install firewalld and deps - when: ansible_distribution_major_version is version_compare('8', '>=') - apt: pkg={{ item }} state=present - loop: - - firewalld - - tidy - tags: firewall -- name: Copy firewalld public zone file - when: ansible_distribution_major_version is version_compare('8', '>=') - template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 - tags: firewall +- block: + - name: Install firewalld and deps + when: ansible_distribution_major_version is version_compare('8', '>=') + apt: pkg={{ item }} state=present + loop: + - firewalld + - tidy -- name: Format public.xml firewalld zone file - when: ansible_distribution_major_version is version_compare('8', '>=') - command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml - notify: - - reload firewalld + - name: Copy firewalld public zone file + when: ansible_distribution_major_version is version_compare('8', '>=') + template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 + + - name: Format public.xml firewalld zone file + when: ansible_distribution_major_version is version_compare('8', '>=') + command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml + notify: + - reload firewalld tags: firewall # vim: set sw=2 ts=2: diff --git a/roles/common/tasks/firewall_Ubuntu.yml b/roles/common/tasks/firewall_Ubuntu.yml index 7a468eb..9394493 100644 --- a/roles/common/tasks/firewall_Ubuntu.yml +++ b/roles/common/tasks/firewall_Ubuntu.yml @@ -1,22 +1,22 @@ --- -- name: Install firewalld and deps - when: ansible_distribution_version is version_compare('15.04', '>=') - apt: pkg={{ item }} state=present - loop: - - firewalld - - tidy - tags: firewall -- name: Copy firewalld public zone file - when: ansible_distribution_version is version_compare('15.04', '>=') - template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 - tags: firewall +- block: + - name: Install firewalld and deps + when: ansible_distribution_version is version_compare('15.04', '>=') + apt: pkg={{ item }} state=present + loop: + - firewalld + - tidy -- name: Format public.xml firewalld zone file - when: ansible_distribution_version is version_compare('15.04', '>=') - command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml - notify: - - reload firewalld + - name: Copy firewalld public zone file + when: ansible_distribution_version is version_compare('15.04', '>=') + template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 + + - name: Format public.xml firewalld zone file + when: ansible_distribution_version is version_compare('15.04', '>=') + command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml + notify: + - reload firewalld tags: firewall # vim: set sw=2 ts=2: diff --git a/roles/common/tasks/packages_Debian.yml b/roles/common/tasks/packages_Debian.yml index fcc3539..257ebd5 100644 --- a/roles/common/tasks/packages_Debian.yml +++ b/roles/common/tasks/packages_Debian.yml @@ -1,34 +1,34 @@ --- -- name: Configure apt mirror - template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 - tags: packages -- name: Install base packages - apt: name={{ item }} update_cache=yes - loop: - - git - - tmux - - iotop - - htop - - strace - - cron-apt #how does this work with systemd? - - safe-rm - - debian-goodies - - mosh - - python-pycurl # for ansible's apt_repository - - lzop - - vim - - lrzip - - unzip - - apt-transport-https # for https support in apt - tags: packages +- block: + - name: Configure apt mirror + template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 -- name: Configure cron-apt - import_tasks: cron-apt.yml - tags: cron-apt + - name: Install base packages + apt: name={{ item }} update_cache=yes + loop: + - git + - tmux + - iotop + - htop + - strace + - cron-apt #how does this work with systemd? + - safe-rm + - debian-goodies + - mosh + - python-pycurl # for ansible's apt_repository + - lzop + - vim + - lrzip + - unzip + - apt-transport-https # for https support in apt -- name: Install tarsnap - import_tasks: tarsnap.yml + - name: Configure cron-apt + import_tasks: cron-apt.yml + tags: cron-apt + + - name: Install tarsnap + import_tasks: tarsnap.yml tags: packages # vim: set sw=2 ts=2: diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml index 456bd53..3e68798 100644 --- a/roles/common/tasks/packages_Ubuntu.yml +++ b/roles/common/tasks/packages_Ubuntu.yml @@ -1,55 +1,52 @@ --- -- name: Configure apt mirror - template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 - when: ansible_architecture != 'armv7l' - tags: packages -- name: Upgrade base OS - apt: upgrade=dist update_cache=yes - tags: packages +- block: + - name: Configure apt mirror + template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 + when: ansible_architecture != 'armv7l' -- name: Install base packages - apt: pkg={{ item }} - loop: - - git - - tmux - - iotop - - htop - - strace - - s3cmd - - cron-apt - - safe-rm - - debian-goodies - - mosh - - python-pycurl # for ansible's apt_repository - - lzop - - vim - - lrzip - - unzip - - apt-transport-https # for https support in apt - tags: packages + - name: Upgrade base OS + apt: upgrade=dist update_cache=yes -- name: Security hardening (CIS Benchmark 1.0) - apt: pkg={{ item }} state=absent purge=yes - loop: - - whoopsie # CIS 4.1 - - apport # CIS 4.1 - tags: packages + - name: Install base packages + apt: pkg={{ item }} + loop: + - git + - tmux + - iotop + - htop + - strace + - s3cmd + - cron-apt + - safe-rm + - debian-goodies + - mosh + - python-pycurl # for ansible's apt_repository + - lzop + - vim + - lrzip + - unzip + - apt-transport-https # for https support in apt -- name: Remove annoying packages - apt: pkg={{ item }} state=absent purge=yes - loop: - - command-not-found - - command-not-found-data - - python3-commandnotfound - tags: packages + - name: Security hardening (CIS Benchmark 1.0) + apt: pkg={{ item }} state=absent purge=yes + loop: + - whoopsie # CIS 4.1 + - apport # CIS 4.1 -- name: Configure cron-apt - import_tasks: cron-apt.yml - tags: cron-apt + - name: Remove annoying packages + apt: pkg={{ item }} state=absent purge=yes + loop: + - command-not-found + - command-not-found-data + - python3-commandnotfound -- name: Install tarsnap - import_tasks: tarsnap.yml + - name: Configure cron-apt + import_tasks: cron-apt.yml + tags: cron-apt + + - name: Install tarsnap + import_tasks: tarsnap.yml tags: packages # vim: set sw=2 ts=2: