roles/common: Use blocks to tag children of dynamic tasks

When using dynamic includes, child tasks do not inherit tags from their parents. You must tag the parent and each child task separately, or use a block to group children and then apply a tag to a block. See: https://docs.ansible.com/ansible/devel/porting_guides/porting_guide_2.5.html
2018-04-26 16:58:35 +03:00 · 2018-04-26 16:58:35 +03:00 · 0f512a5bf7
parent 7d950ade99
commit 0f512a5bf7
4 changed files with 101 additions and 104 deletions
--- a/roles/common/tasks/firewall_Debian.yml
+++ b/roles/common/tasks/firewall_Debian.yml
@ -1,16 +1,16 @@
 ---
+
+- block:
  - name: Install firewalld and deps
    when: ansible_distribution_major_version is version_compare('8', '>=')
    apt: pkg={{ item }} state=present
    loop:
      - firewalld
      - tidy
-  tags: firewall

  - name: Copy firewalld public zone file
    when: ansible_distribution_major_version is version_compare('8', '>=')
    template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-  tags: firewall

  - name: Format public.xml firewalld zone file
    when: ansible_distribution_major_version is version_compare('8', '>=')
--- a/roles/common/tasks/firewall_Ubuntu.yml
+++ b/roles/common/tasks/firewall_Ubuntu.yml
@ -1,16 +1,16 @@
 ---
+
+- block:
  - name: Install firewalld and deps
    when: ansible_distribution_version is version_compare('15.04', '>=')
    apt: pkg={{ item }} state=present
    loop:
      - firewalld
      - tidy
-  tags: firewall

  - name: Copy firewalld public zone file
    when: ansible_distribution_version is version_compare('15.04', '>=')
    template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-  tags: firewall

  - name: Format public.xml firewalld zone file
    when: ansible_distribution_version is version_compare('15.04', '>=')
--- a/roles/common/tasks/packages_Debian.yml
+++ b/roles/common/tasks/packages_Debian.yml
@ -1,7 +1,8 @@
 ---
+
+- block:
  - name: Configure apt mirror
    template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
-  tags: packages

  - name: Install base packages
    apt: name={{ item }} update_cache=yes
@ -21,7 +22,6 @@
      - lrzip
      - unzip
      - apt-transport-https # for https support in apt
-  tags: packages

  - name: Configure cron-apt
    import_tasks: cron-apt.yml
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@ -1,12 +1,12 @@
 ---
+
+- block:
  - name: Configure apt mirror
    template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
    when: ansible_architecture != 'armv7l'
-  tags: packages

  - name: Upgrade base OS
    apt: upgrade=dist update_cache=yes
-  tags: packages

  - name: Install base packages
    apt: pkg={{ item }}
@ -27,14 +27,12 @@
      - lrzip
      - unzip
      - apt-transport-https # for https support in apt
-  tags: packages

  - name: Security hardening (CIS Benchmark 1.0)
    apt: pkg={{ item }} state=absent purge=yes
    loop:
      - whoopsie # CIS 4.1
      - apport   # CIS 4.1
-  tags: packages

  - name: Remove annoying packages
    apt: pkg={{ item }} state=absent purge=yes
@ -42,7 +40,6 @@
      - command-not-found
      - command-not-found-data
      - python3-commandnotfound
-  tags: packages

  - name: Configure cron-apt
    import_tasks: cron-apt.yml