roles/common: Use blocks to tag children of dynamic tasks

When using dynamic includes, child tasks do not inherit tags from their
parents. You must tag the parent and each child task separately, or use
a block to group children and then apply a tag to a block.

See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
This commit is contained in:
Alan Orth 2018-04-26 16:58:35 +03:00
parent 7d950ade99
commit 0f512a5bf7
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
4 changed files with 101 additions and 104 deletions

View File

@ -1,18 +1,18 @@
--- ---
- name: Install firewalld and deps
- block:
- name: Install firewalld and deps
when: ansible_distribution_major_version is version_compare('8', '>=') when: ansible_distribution_major_version is version_compare('8', '>=')
apt: pkg={{ item }} state=present apt: pkg={{ item }} state=present
loop: loop:
- firewalld - firewalld
- tidy - tidy
tags: firewall
- name: Copy firewalld public zone file - name: Copy firewalld public zone file
when: ansible_distribution_major_version is version_compare('8', '>=') when: ansible_distribution_major_version is version_compare('8', '>=')
template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
tags: firewall
- name: Format public.xml firewalld zone file - name: Format public.xml firewalld zone file
when: ansible_distribution_major_version is version_compare('8', '>=') when: ansible_distribution_major_version is version_compare('8', '>=')
command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
notify: notify:

View File

@ -1,18 +1,18 @@
--- ---
- name: Install firewalld and deps
- block:
- name: Install firewalld and deps
when: ansible_distribution_version is version_compare('15.04', '>=') when: ansible_distribution_version is version_compare('15.04', '>=')
apt: pkg={{ item }} state=present apt: pkg={{ item }} state=present
loop: loop:
- firewalld - firewalld
- tidy - tidy
tags: firewall
- name: Copy firewalld public zone file - name: Copy firewalld public zone file
when: ansible_distribution_version is version_compare('15.04', '>=') when: ansible_distribution_version is version_compare('15.04', '>=')
template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600 template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
tags: firewall
- name: Format public.xml firewalld zone file - name: Format public.xml firewalld zone file
when: ansible_distribution_version is version_compare('15.04', '>=') when: ansible_distribution_version is version_compare('15.04', '>=')
command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
notify: notify:

View File

@ -1,9 +1,10 @@
--- ---
- name: Configure apt mirror
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
tags: packages
- name: Install base packages - block:
- name: Configure apt mirror
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
- name: Install base packages
apt: name={{ item }} update_cache=yes apt: name={{ item }} update_cache=yes
loop: loop:
- git - git
@ -21,13 +22,12 @@
- lrzip - lrzip
- unzip - unzip
- apt-transport-https # for https support in apt - apt-transport-https # for https support in apt
tags: packages
- name: Configure cron-apt - name: Configure cron-apt
import_tasks: cron-apt.yml import_tasks: cron-apt.yml
tags: cron-apt tags: cron-apt
- name: Install tarsnap - name: Install tarsnap
import_tasks: tarsnap.yml import_tasks: tarsnap.yml
tags: packages tags: packages

View File

@ -1,14 +1,14 @@
--- ---
- name: Configure apt mirror
- block:
- name: Configure apt mirror
template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
when: ansible_architecture != 'armv7l' when: ansible_architecture != 'armv7l'
tags: packages
- name: Upgrade base OS - name: Upgrade base OS
apt: upgrade=dist update_cache=yes apt: upgrade=dist update_cache=yes
tags: packages
- name: Install base packages - name: Install base packages
apt: pkg={{ item }} apt: pkg={{ item }}
loop: loop:
- git - git
@ -27,28 +27,25 @@
- lrzip - lrzip
- unzip - unzip
- apt-transport-https # for https support in apt - apt-transport-https # for https support in apt
tags: packages
- name: Security hardening (CIS Benchmark 1.0) - name: Security hardening (CIS Benchmark 1.0)
apt: pkg={{ item }} state=absent purge=yes apt: pkg={{ item }} state=absent purge=yes
loop: loop:
- whoopsie # CIS 4.1 - whoopsie # CIS 4.1
- apport # CIS 4.1 - apport # CIS 4.1
tags: packages
- name: Remove annoying packages - name: Remove annoying packages
apt: pkg={{ item }} state=absent purge=yes apt: pkg={{ item }} state=absent purge=yes
loop: loop:
- command-not-found - command-not-found
- command-not-found-data - command-not-found-data
- python3-commandnotfound - python3-commandnotfound
tags: packages
- name: Configure cron-apt - name: Configure cron-apt
import_tasks: cron-apt.yml import_tasks: cron-apt.yml
tags: cron-apt tags: cron-apt
- name: Install tarsnap - name: Install tarsnap
import_tasks: tarsnap.yml import_tasks: tarsnap.yml
tags: packages tags: packages