From 8b660dcfbeb14e34290fa36ea5362a16f0786ab1 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Wed, 25 Apr 2018 18:46:28 +0300 Subject: [PATCH] roles/common: Use dynamic include_tasks for packages Basically, when using conditionals or variables in your tasks you should use include_tasks instead of import_tasks. The down side is that you now need to tag all included tasks individually or with a block, unlike when using static imports (tags are applied to all imported child tasks). I would actually like to reduce this task to a single one that uses the host's ansible_distribution variable, but Ansible 2.5.1 currently gives the following error: ansible_distribution is undefined. --- roles/common/tasks/main.yml | 4 ++-- roles/common/tasks/packages_Debian.yml | 3 +++ roles/common/tasks/packages_Ubuntu.yml | 6 ++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 1ae21ab..1cc39c3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -8,12 +8,12 @@ tags: ntp - name: Install common packages - import_tasks: packages_Debian.yml + include_tasks: packages_Debian.yml when: ansible_distribution == 'Debian' tags: packages - name: Install common packages - import_tasks: packages_Ubuntu.yml + include_tasks: packages_Ubuntu.yml when: ansible_distribution == 'Ubuntu' tags: packages diff --git a/roles/common/tasks/packages_Debian.yml b/roles/common/tasks/packages_Debian.yml index d24e64a..fcc3539 100644 --- a/roles/common/tasks/packages_Debian.yml +++ b/roles/common/tasks/packages_Debian.yml @@ -1,6 +1,7 @@ --- - name: Configure apt mirror template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 + tags: packages - name: Install base packages apt: name={{ item }} update_cache=yes @@ -20,6 +21,7 @@ - lrzip - unzip - apt-transport-https # for https support in apt + tags: packages - name: Configure cron-apt import_tasks: cron-apt.yml @@ -27,5 +29,6 @@ - name: Install tarsnap import_tasks: tarsnap.yml + tags: packages # vim: set sw=2 ts=2: diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml index d737456..456bd53 100644 --- a/roles/common/tasks/packages_Ubuntu.yml +++ b/roles/common/tasks/packages_Ubuntu.yml @@ -2,9 +2,11 @@ - name: Configure apt mirror template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644 when: ansible_architecture != 'armv7l' + tags: packages - name: Upgrade base OS apt: upgrade=dist update_cache=yes + tags: packages - name: Install base packages apt: pkg={{ item }} @@ -25,12 +27,14 @@ - lrzip - unzip - apt-transport-https # for https support in apt + tags: packages - name: Security hardening (CIS Benchmark 1.0) apt: pkg={{ item }} state=absent purge=yes loop: - whoopsie # CIS 4.1 - apport # CIS 4.1 + tags: packages - name: Remove annoying packages apt: pkg={{ item }} state=absent purge=yes @@ -38,6 +42,7 @@ - command-not-found - command-not-found-data - python3-commandnotfound + tags: packages - name: Configure cron-apt import_tasks: cron-apt.yml @@ -45,5 +50,6 @@ - name: Install tarsnap import_tasks: tarsnap.yml + tags: packages # vim: set sw=2 ts=2: