roles/common: Use dynamic include_tasks for firewall

Use dynamic includes instead of static imports when you are running
tasks conditionally or using variable interpolation. The down side
is that you need to then tag the parent task as well as all child
tasks, as tags only apply to children of statically imported tasks.

roles/common/tasks/firewall_Debian.yml

@@ -5,16 +5,20 @@
   loop:
     - firewalld
     - tidy
-  tags: packages
+  tags:
+    - packages
+    - firewall
 
 - name: Copy firewalld public zone file
   when: ansible_distribution_major_version is version_compare('8', '>=')
   template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+  tags: firewall
 
 - name: Format public.xml firewalld zone file
   when: ansible_distribution_major_version is version_compare('8', '>=')
   command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
   notify:
     - reload firewalld
+  tags: firewall
 
 # vim: set sw=2 ts=2:

roles/common/tasks/firewall_Ubuntu.yml

@@ -5,16 +5,20 @@
   loop:
     - firewalld
     - tidy
-  tags: packages
+  tags:
+    - packages
+    - firewall
 
 - name: Copy firewalld public zone file
   when: ansible_distribution_version is version_compare('15.04', '>=')
   template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
+  tags: firewall
 
 - name: Format public.xml firewalld zone file
   when: ansible_distribution_version is version_compare('15.04', '>=')
   command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
   notify:
     - reload firewalld
+  tags: firewall
 
 # vim: set sw=2 ts=2:

roles/common/tasks/main.yml

@@ -18,12 +18,12 @@
   tags: packages
 
 - name: Configure firewall
-  import_tasks: firewall_Debian.yml
+  include_tasks: firewall_Debian.yml
   when: ansible_distribution == 'Debian'
   tags: firewall
 
 - name: Configure firewall
-  import_tasks: firewall_Ubuntu.yml
+  include_tasks: firewall_Ubuntu.yml
   when: ansible_distribution == 'Ubuntu'
   tags: firewall