Improve Ansible syntax

replace « x | changed » by « x is changed »
add explicit « bool » filter
use « length » filter instead of string comparison

apache/tasks/main.yml

@@ -21,9 +21,9 @@
   tags:
     - apache
     - packages
-  when: 
+  when:
     - ansible_distribution_major_version is version('9', '>=')
-    - apache_mpm == "itk" 
+    - apache_mpm == "itk"
 
 - name: packages are installed (jessie)
   apt:

apache/tasks/server_status.yml

@@ -14,7 +14,7 @@
     # The last character "\u000A" is a line feed (LF), it's better to keep it
     content: "{{ apache_serverstatus_suffix }}\u000A"
     force: yes
-  when: apache_serverstatus_suffix != ""
+  when: apache_serverstatus_suffix | length > 0
 
 - name: generate random string for server-status suffix
   shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"

apt/tasks/basics.yml

@@ -20,7 +20,7 @@
     - /etc/apt/sources.list.d/debian-stretch.list
     - /etc/apt/sources.list.d/debian-buster.list
     - /etc/apt/sources.list.d/debian-update.list
-  when: apt_clean_gandi_sourceslist
+  when: apt_clean_gandi_sourceslist | bool
   tags:
     - apt
 

apt/tasks/config.yml

@@ -12,7 +12,7 @@
     - { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
     - { line: "APT::Install-Suggests \"false\";",   regexp: 'APT::Install-Suggests' }
     - { line: "APT::Periodic::Enable \"0\";",   regexp: 'APT::Periodic::Enable' }
-  when: apt_evolinux_config
+  when: apt_evolinux_config | bool
   tags:
     - apt
 
@@ -28,7 +28,7 @@
     - "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
     - "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
     - "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
-  when: apt_hooks
+  when: apt_hooks | bool
   tags:
     - apt
 
@@ -36,7 +36,7 @@
   apt:
     name: aptitude
     state: absent
-  when: apt_remove_aptitude
+  when: apt_remove_aptitude | bool
   tags:
     - apt
 
@@ -50,6 +50,6 @@
 - name: Upgrading system
   apt:
     upgrade: dist
-  when: apt_upgrade
+  when: apt_upgrade | bool
   tags:
     - apt

apt/tasks/hold_packages.yml

@@ -4,7 +4,9 @@
   shell: "(dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
   register: apt_mark
   changed_when: "item + ' set on hold.' in apt_mark.stdout"
-  failed_when: apt_mark.rc != 0 and not apt_mark.stdout == ''
+  failed_when:
+    - apt_mark.rc != 0
+    - apt_mark.stdout | length > 0
   loop: "{{ apt_hold_packages }}"
   tags:
     - apt

apt/tasks/main.yml

@@ -10,30 +10,30 @@
 
 - name: Custom configuration
   include: config.yml
-  when: apt_config
+  when: apt_config | bool
   tags:
     - apt
 
 - name: Install basics repositories
   include: basics.yml
-  when: apt_install_basics
+  when: apt_install_basics | bool
   tags:
     - apt
 
 - name: Install APT Backports repository
   include: backports.yml
-  when: apt_install_backports
+  when: apt_install_backports | bool
   tags:
     - apt
 
 - name: Install Evolix Public APT repository
   include: evolix_public.yml
-  when: apt_install_evolix_public
+  when: apt_install_evolix_public | bool
   tags:
     - apt
 
 - name: Install check for packages marked hold
   include: hold_packages.yml
-  when: apt_install_hold_packages
+  when: apt_install_hold_packages | bool
   tags:
     - apt

bind/tasks/main.yml

@@ -6,7 +6,7 @@
      bind_cache_dir: /var/cache/bind
      bind_statistics_file: /var/run/named.stats
      bind_chroot_path: /var/chroot-bind
-  when: bind_chroot_set
+  when: bind_chroot_set | bool
 
 - name: configure apparmor
   template:
@@ -34,7 +34,7 @@
     mode: "0644"
     force: yes
   notify: restart bind
-  when: bind_recursive_server
+  when: bind_recursive_server | bool
 
 - name: enable zones.rfc1918 for recursive server
   lineinfile:
@@ -42,7 +42,7 @@
     line: 'include "/etc/bind/zones.rfc1918";'
     regexp: "zones.rfc1918"
   notify: restart bind
-  when: bind_recursive_server
+  when: bind_recursive_server | bool
 
 - name: Set bind configuration for authoritative server
   template:
@@ -53,7 +53,7 @@
     mode: "0644"
     force: yes
   notify: restart bind
-  when: bind_authoritative_server
+  when: bind_authoritative_server | bool
 
 - name: Create systemd service
   template:
@@ -75,7 +75,7 @@
     group: adm
     mode: "0640"
     state: touch
-  when: not bind_chroot_set
+  when: not (bind_chroot_set | bool)
 
 - name: "touch {{ bind_query_file }} if non chroot"
   file:
@@ -84,7 +84,7 @@
     group: adm
     mode: "0640"
     state: touch
-  when: not bind_chroot_set
+  when: not (bind_chroot_set | bool)
 
 - name: send chroot-bind.sh in /root
   copy:
@@ -94,17 +94,19 @@
     owner: root
     force: yes
     backup: yes
-  when: bind_chroot_set
+  when: bind_chroot_set | bool
 
 - name: exec chroot-bind.sh
   command: "/root/chroot-bind.sh"
   register: chrootbind_run
   changed_when: False
-  when: bind_chroot_set
+  when: bind_chroot_set | bool
 
 - debug:
     var: chrootbind_run.stdout_lines
-  when: bind_chroot_set and chrootbind_run.stdout != ""
+  when: 
+    - bind_chroot_set | bool
+    - chrootbind_run.stdout | length > 0
 
 - name: Modify OPTIONS in /etc/default/bind9 for chroot
   replace:
@@ -112,7 +114,7 @@
     regexp: '^OPTIONS=.*'
     replace: 'OPTIONS="-u bind -t {{ bind_chroot_path }}"'
   notify: restart bind
-  when: bind_chroot_set
+  when: bind_chroot_set | bool
 
 - name: logrotate for bind
   template:

certbot/tasks/install-legacy.yml

@@ -48,7 +48,7 @@
     src: cron_jessie
     dest: /etc/cron.d/certbot
     force: yes
-  when: certbot_custom_crontab
+  when: certbot_custom_crontab | bool
 
 - name: disable self-upgrade
   ini_file:

docker-host/tasks/main.yml

@@ -73,7 +73,7 @@
     state: directory
     mode: "0644"
     owner: root
-  when: docker_tls_enabled
+  when: docker_tls_enabled | bool
 
 - name: Copy shellpki utility to Docker TLS directory
   template:
@@ -83,7 +83,7 @@
   loop:
     - shellpki.sh
     - openssl.cnf
-  when: docker_tls_enabled
+  when: docker_tls_enabled | bool
 
 - name: Check if certs are already created
   stat:
@@ -92,4 +92,6 @@
 
 - name: Creating a CA, server key
   command: "{{ docker_tls_path }}/shellpki.sh init"
-  when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined
+  when:
+    - docker_tls_enabled | bool
+    - not tls_certs_stat.stat.isdir

elasticsearch/tasks/configuration.yml

@@ -6,7 +6,7 @@
     line: "cluster.name: {{ elasticsearch_cluster_name }}"
     regexp: "^cluster.name:"
     insertafter: "^# *cluster.name:"
-  when: elasticsearch_cluster_name|default("", True)
+  when: elasticsearch_cluster_name | default("", True) | length > 0
   tags:
     - config
 
@@ -25,7 +25,7 @@
     line: "network.host: {{ elasticsearch_network_host  }}"
     regexp: "^network.host:"
     insertafter: "^# *network.host:"
-  when: elasticsearch_network_host|default("", True)
+  when: elasticsearch_network_host | default("", True) | length > 0
   tags:
     - config
 
@@ -35,7 +35,7 @@
     line: "network.publish_host: {{ elasticsearch_network_publish_host  }}"
     regexp: "^network.publish_host:"
     insertafter: "^network.host:"
-  when: elasticsearch_network_publish_host|default("", True)
+  when: elasticsearch_network_publish_host | default("", True) | length > 0
   tags:
     - config
 
@@ -45,7 +45,7 @@
     line: "http.publish_host: {{ elasticsearch_http_publish_host  }}"
     regexp: "^http.publish_host:"
     insertafter: "^http.port:"
-  when: elasticsearch_http_publish_host|default("", True)
+  when: elasticsearch_http_publish_host | default("", True) | length > 0
   tags:
     - config
 
@@ -54,7 +54,7 @@
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "discovery.seed_hosts: {{ elasticsearch_discovery_seed_hosts | to_yaml }}"
     regexp: "^discovery.seed_hosts:"
-  when: elasticsearch_discovery_seed_hosts
+  when: elasticsearch_discovery_seed_hosts | length > 0
   tags:
     - config
 
@@ -63,7 +63,7 @@
     dest: /etc/elasticsearch/elasticsearch.yml
     line: "cluster.initial_master_nodes: {{ elasticsearch_cluster_initial_master_nodes | to_yaml }}"
     regexp: "^cluster.initial_master_nodes:"
-  when: elasticsearch_cluster_initial_master_nodes
+  when: elasticsearch_cluster_initial_master_nodes | length > 0
   tags:
     - config
 
@@ -98,7 +98,7 @@
     line: "discovery.zen.ping.unicast.hosts: {{ elasticsearch_cluster_members }}"
     regexp: "^discovery.zen.ping.unicast.hosts:"
     insertafter: "^#discovery.zen.ping.unicast.hosts"
-  when: elasticsearch_cluster_members|default("", True)
+  when: elasticsearch_cluster_members | default("", True) | length > 0
   tags:
     - config
 
@@ -108,6 +108,6 @@
     line: "discovery.zen.minimum_master_nodes: {{ elasticsearch_minimum_master_nodes }}"
     regexp: "^discovery.zen.minimum_master_nodes:"
     insertafter: "^#discovery.zen.minimum_master_nodes"
-  when: elasticsearch_minimum_master_nodes|default("", True)
+  when: elasticsearch_minimum_master_nodes | default("", True) | length > 0
   tags:
     - config

elasticsearch/tasks/datadir.yml

@@ -16,8 +16,8 @@
   tags:
     - elasticsearch
   when:
-    - elasticsearch_custom_datadir != ''
-    - elasticsearch_custom_datadir != None
+    - elasticsearch_custom_datadir is not none
+    - elasticsearch_custom_datadir | length > 0
 
 - name: Datadir is moved to custom path
   block:
@@ -44,7 +44,7 @@
   tags:
     - elasticsearch
   when:
-    - elasticsearch_custom_datadir != ''
-    - elasticsearch_custom_datadir != None
+    - elasticsearch_custom_datadir is not none
+    - elasticsearch_custom_datadir | length > 0
     - elasticsearch_custom_datadir != elasticsearch_current_real_datadir_test.stdout
     - not elasticsearch_custom_datadir_test.stat.exists

elasticsearch/tasks/main.yml

@@ -15,7 +15,7 @@
 - include: additional_scripts.yml
 
 - include: plugin_head.yml
-  when: elasticsearch_plugin_head
+  when: elasticsearch_plugin_head | bool
 
 - include: curator.yml
-  when: elasticsearch_curator
+  when: elasticsearch_curator | bool

elasticsearch/tasks/tmpdir.yml

@@ -9,9 +9,14 @@
 
 - name: Tmpdir is moved to custom path
   block:
-    - name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
+    - set_fact:
+        _elasticsearch_custom_tmpdir: "{{ elasticsearch_custom_tmpdir | default(elasticsearch_default_tmpdir, True) | mandatory }}"
+      tags:
+        - elasticsearch
+
+    - name: "Create {{ _elasticsearch_custom_tmpdir }}"
       file:
-        path: "{{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
+        path: "{{ _elasticsearch_custom_tmpdir }}"
         owner: elasticsearch
         group: elasticsearch
         mode: "0755"
@@ -22,7 +27,7 @@
     - name: change JVM tmpdir (< 6.x)
       lineinfile:
         dest: /etc/elasticsearch/jvm.options
-        line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
+        line: "-Djava.io.tmpdir={{ _elasticsearch_custom_tmpdir }}"
         regexp: "^-Djava.io.tmpdir="
         insertafter: "## JVM configuration"
       notify:
@@ -34,7 +39,7 @@
     - name: check if ES_TMPDIR is available (>= 6.x)
       lineinfile:
         dest: /etc/default/elasticsearch
-        line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"
+        line: "ES_TMPDIR={{ _elasticsearch_custom_tmpdir }}"
         regexp: "^ES_TMPDIR="
         insertafter: "JAVA_HOME"
       notify:
@@ -54,4 +59,4 @@
       tags:
         - elasticsearch
       when: elastic_stack_version is version('6', '>=')
-  when: (elasticsearch_custom_tmpdir != '' and elasticsearch_custom_tmpdir != None) or fstab_tmp_noexec.rc == 0
+  when: (elasticsearch_custom_tmpdir is not none and elasticsearch_custom_tmpdir | length > 0) or fstab_tmp_noexec.rc == 0

etc-git/tasks/do_commit.yml

@@ -50,7 +50,7 @@
   register: commit_end_run
   when:
     - not ansible_check_mode
-    - git_status.stdout
+    - git_status.stdout | length > 0
   ignore_errors: yes
   tags:
     - etc-git

etc-git/tasks/repository.yml

@@ -68,6 +68,6 @@
     chdir: "{{ repository_path }}"
     warn: no
   register: git_commit
-  when: git_log.rc != 0 or (git_init is defined and git_init.changed)
+  when: git_log.rc != 0 or (git_init is defined and git_init is changed)
   tags:
     - etc-git

evoacme/tasks/evoacme_hook.yml

@@ -16,4 +16,4 @@
     src: "hooks/{{ hook_name }}"
     dest: "{{ evoacme_hooks_dir }}/{{ hook_name }}"
     mode: "0750"
-  when: _find_hook.stdout == ""
+  when: _find_hook.stdout | length == 0

evoacme/tasks/main.yml

@@ -6,7 +6,7 @@
       - ansible_distribution == "Debian"
       - ansible_distribution_major_version is version('9', '>=')
     msg: only compatible with Debian >= 9
-  when: not evoacme_disable_debian_check
+  when: not (evoacme_disable_debian_check | bool)
 
 - include: certbot.yml
 

evobackup-client/handlers/main.yml

@@ -13,4 +13,4 @@
   command: "bkctld restart {{ evolinux_hostname }}"
 #    - "bkctld sync {{ evolinux_hostname }}"
   delegate_to: "{{ evobackup_client__hosts[0].ip }}"
-  when: evobackup_client__hosts|length > 1
+  when: evobackup_client__hosts | length > 1

evocheck/tasks/exec.yml

@@ -10,6 +10,6 @@
 
 - debug:
     var: evocheck_run.stdout_lines
-  when: evocheck_run.stdout != ""
+  when: evocheck_run.stdout | length > 0
   tags:
   - evocheck-exec

evocheck/tasks/main.yml

@@ -7,4 +7,4 @@
   when: evocheck_force_install == "package"
 
 - include: cron.yml
-  when: evocheck_update_crontab
+  when: evocheck_update_crontab | bool

evolinux-base/tasks/default_www.yml

@@ -4,7 +4,7 @@
     path: /var/www
     state: directory
     mode: "0755"
-  when: evolinux_default_www_files
+  when: evolinux_default_www_files | bool
 
 - name: images are copied
   copy:
@@ -13,7 +13,7 @@
     mode: "0644"
     directory_mode: "0755"
     follow: yes
-  when: evolinux_default_www_files
+  when: evolinux_default_www_files | bool
 
 - name: index is copied
   template:
@@ -21,7 +21,7 @@
     dest: /var/www/index.html
     mode: "0644"
     force: no
-  when: evolinux_default_www_files
+  when: evolinux_default_www_files | bool
 
 # SSL cert
 
@@ -43,6 +43,6 @@
       command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt
       args:
         creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
-  when: evolinux_default_www_ssl_cert
+  when: evolinux_default_www_ssl_cert | bool
 
 - meta: flush_handlers

evolinux-base/tasks/fstab.yml

@@ -17,7 +17,7 @@
   notify: remount /home
   when:
   - fstab_content.stdout | regex_search('\s/home\s')
-  - evolinux_fstab_home
+  - evolinux_fstab_home | bool
 
 - name: /tmp partition is customized
   replace:
@@ -26,7 +26,7 @@
     replace: '\1{{ evolinux_fstab_tmp_options | mandatory }}\3'
   when:
   - fstab_content.stdout | regex_search('\s/tmp\s')
-  - evolinux_fstab_tmp
+  - evolinux_fstab_tmp | bool
 
 - name: /usr partition is customized
   replace:
@@ -35,7 +35,7 @@
     replace: '\1{{ evolinux_fstab_usr_options | mandatory }}\3'
   when:
   - fstab_content.stdout | regex_search('\s/usr\s')
-  - evolinux_fstab_usr
+  - evolinux_fstab_usr | bool
 
 - name: /var partition is customized
   replace:
@@ -45,7 +45,7 @@
   notify: remount /var
   when:
   - fstab_content.stdout | regex_search('\s/var\s')
-  - evolinux_fstab_var
+  - evolinux_fstab_var | bool
 
 - name: /var/tmp is created
   mount:
@@ -55,7 +55,7 @@
     opts: "{{ evolinux_fstab_var_tmp_options | mandatory }}"
     state: mounted
   when:
-  - evolinux_fstab_var_tmp
+  - evolinux_fstab_var_tmp | bool
 
 - name: /dev/shm is created (Debian 10 and later)
   mount:
@@ -65,7 +65,7 @@
     opts: "{{ evolinux_fstab_dev_shm_options | mandatory }}"
     state: mounted
   when:
-  - evolinux_fstab_dev_shm
+  - evolinux_fstab_dev_shm | bool
   - ansible_distribution_major_version is version('10', '>=')
 
 - meta: flush_handlers

evolinux-base/tasks/hostname.yml

@@ -7,14 +7,14 @@
 - name: Set hostname "{{ evolinux_hostname }}"
   hostname:
     name: "{{ evolinux_hostname }}"
-  when: evolinux_hostname_hosts
+  when: evolinux_hostname_hosts | bool
 
 - name: Set right localhost line in /etc/hosts
   replace:
     dest: /etc/hosts
     regexp: '^127.0.0.1(\s+)localhost.*$'
     replace: '127.0.0.1\1localhost.localdomain localhost'
-  when: evolinux_hostname_hosts
+  when: evolinux_hostname_hosts | bool
 
 - name: Set ip+fqdn+hostname in /etc/hosts
   lineinfile:
@@ -22,21 +22,21 @@
     regexp: '^{{ ansible_default_ipv4.address }}\s+'
     line: "{{ ansible_default_ipv4.address }}    {{ [evolinux_fqdn, evolinux_internal_fqdn] | unique | join(' ') }} {{ [evolinux_hostname, evolinux_internal_hostname] | unique | join(' ') }}"
     insertafter: '127.0.0.1\s+localhost.localdomain'
-  when: evolinux_hostname_hosts
+  when: evolinux_hostname_hosts | bool
 
 - name: 127.0.1.1 is removed
   lineinfile:
     dest: /etc/hosts
     regexp: '^127.0.1.1\s+'
     state: absent
-  when: evolinux_hostname_hosts
+  when: evolinux_hostname_hosts | bool
 
 - name: /etc/mailname is up-to-date
   copy:
     dest: /etc/mailname
     content: "{{ evolinux_fqdn }}\n"
     force: yes
-  when: evolinux_hostname_mailname
+  when: evolinux_hostname_mailname | bool
 
 # Override facts
 

evolinux-base/tasks/kernel.yml

@@ -10,7 +10,7 @@
   loop:
   - { name: kernel.panic_on_oops, value: 1 }
   - { name: kernel.panic, value: 60 }
-  when: evolinux_kernel_reboot_after_panic
+  when: evolinux_kernel_reboot_after_panic | bool
 
 - name: Don't reboot after panic
   sysctl:
@@ -21,7 +21,7 @@
   loop:
   - kernel.panic_on_oops
   - kernel.panic
-  when: not evolinux_kernel_reboot_after_panic
+  when: not evolinux_kernel_reboot_after_panic | bool
 
 - name: Disable net.ipv4.tcp_timestamps
   sysctl:
@@ -30,7 +30,7 @@
     sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
-  when: evolinux_kernel_disable_tcp_timestamps
+  when: evolinux_kernel_disable_tcp_timestamps | bool
 
 - name: Customize the swappiness
   sysctl:
@@ -39,7 +39,7 @@
     sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
-  when: evolinux_kernel_customize_swappiness
+  when: evolinux_kernel_customize_swappiness | bool
 
 - name: Patch for TCP stack vulnerability CVE-2016-5696
   sysctl:
@@ -48,7 +48,7 @@
     sysctl_file: "{{ evolinux_kernel_sysctl_path }}"
     state: present
     reload: yes
-  when: evolinux_kernel_cve20165696
+  when: evolinux_kernel_cve20165696 | bool
 
 - name: Patch for TCP stack vulnerability CVE-2018-5391 (FragmentSmack)
   sysctl:

evolinux-base/tasks/logs.yml

@@ -8,7 +8,7 @@
     dest: /etc/rsyslog.conf
     mode: "0644"
   notify: restart rsyslog
-  when: evolinux_logs_rsyslog_conf
+  when: evolinux_logs_rsyslog_conf | bool
 
 - name: Disable logrotate default conf
   command: mv /etc/logrotate.d/rsyslog /etc/logrotate.d/rsyslog.disabled
@@ -16,25 +16,25 @@
     removes: /etc/logrotate.d/rsyslog
     creates: /etc/logrotate.d/rsyslog.disabled
   notify: restart rsyslog
-  when: evolinux_logs_disable_logrotate_rsyslog
+  when: evolinux_logs_disable_logrotate_rsyslog | bool
 
 - name: Copy many logrotate files
   copy:
     src: logs/logrotate.d/
     dest: /etc/logrotate.d/
-  when: evolinux_logs_logrotate_confs
+  when: evolinux_logs_logrotate_confs | bool
 
 - name: Copy rsyslog logrotate file
   template:
     src: logs/zsyslog.j2
     dest: /etc/logrotate.d/zsyslog
-  when: evolinux_logs_logrotate_confs
+  when: evolinux_logs_logrotate_confs | bool
 
 - name: Configure logrotate.conf
   replace:
     dest: /etc/logrotate.conf
     regexp: "rotate [0-9]+"
     replace: "rotate 12"
-  when: evolinux_logs_default_rotate
+  when: evolinux_logs_default_rotate | bool
 
 - meta: flush_handlers

evolinux-base/tasks/main.yml

@@ -13,51 +13,51 @@
   vars:
     apt_install_basics: "{{ evolinux_apt_replace_default_sources }}"
     apt_install_evolix_public: "{{ evolinux_apt_public_sources }}"
-  when: evolinux_apt_include
+  when: evolinux_apt_include | bool
 
 - name: /etc versioning with Git
   include_role:
     name: evolix/etc-git
-  when: evolinux_etcgit_include
+  when: evolinux_etcgit_include | bool
 
 - name: /etc/evolinux base
   include: etc-evolinux.yml
-  when: evolinux_etcevolinux_include
+  when: evolinux_etcevolinux_include | bool
 
 - name: Hostname
   include: hostname.yml
-  when: evolinux_hostname_include
+  when: evolinux_hostname_include | bool
 
 - name: Kernel tuning
   include: kernel.yml
-  when: evolinux_kernel_include
+  when: evolinux_kernel_include | bool
 
 - name: Fstab configuration
   include: fstab.yml
-  when: evolinux_fstab_include
+  when: evolinux_fstab_include | bool
 
 - name: Packages
   include: packages.yml
-  when: evolinux_packages_include
+  when: evolinux_packages_include | bool
 
 - name: System settings
   include: system.yml
-  when: evolinux_system_include
+  when: evolinux_system_include | bool
 
 - name: Minifirewall
   include_role:
     name: evolix/minifirewall
-  when: evolinux_minifirewall_include
+  when: evolinux_minifirewall_include | bool
 
 - name: Evomaintenance
   include_role:
     name: evolix/evomaintenance
-  when: evolinux_evomaintenance_include
+  when: evolinux_evomaintenance_include | bool
 
 - name: SSH configuration
   include: ssh.yml
   when: evolinux_ssh_include
-
+    
 ### disabled because of a memory leak
 # - name: Create evolinux users
 #   include_role:
@@ -66,66 +66,66 @@
 
 - name: Root user configuration
   include: root.yml
-  when: evolinux_root_include
+  when: evolinux_root_include | bool
 
 - name: Postfix
   include: postfix.yml
-  when: evolinux_postfix_include
+  when: evolinux_postfix_include | bool
 
 - name: Logs management
   include: logs.yml
-  when: evolinux_logs_include
+  when: evolinux_logs_include | bool
 
 - name: Default index page
   include: default_www.yml
-  when: evolinux_default_www_include
+  when: evolinux_default_www_include | bool
 
 - name: Hardware drivers and tools
   include: hardware.yml
-  when: evolinux_hardware_include
+  when: evolinux_hardware_include | bool
 
 - name: Customize for Online.net
   include: provider_online.yml
-  when: evolinux_provider_online_include
+  when: evolinux_provider_online_include | bool
 
 - name: Customize for Orange FCE
   include: provider_orange_fce.yml
-  when: evolinux_provider_orange_fce_include
+  when: evolinux_provider_orange_fce_include | bool
 
 - name: Override Log2mail service
   include: log2mail.yml
-  when: evolinux_log2mail_include
+  when: evolinux_log2mail_include | bool
 
 - include: motd.yml
 
 - name: Munin
   include_role:
     name: evolix/munin
-  when: evolinux_munin_include
+  when: evolinux_munin_include | bool
 
 - name: Nagios/NRPE
   include_role:
     name: evolix/nagios-nrpe
-  when: evolinux_nagios_nrpe_include
+  when: evolinux_nagios_nrpe_include | bool
 
 - name: fail2ban
   include_role:
     name: evolix/fail2ban
-  when: evolinux_fail2ban_include
+  when: evolinux_fail2ban_include | bool
 
 - name: Evocheck
   include_role:
     name: evolix/evocheck
   vars:
     evocheck_force_install: "{{ evolinux_evocheck_force_install }}"
-  when: evolinux_evocheck_include
+  when: evolinux_evocheck_include | bool
 
 - name: Listupgrade
   include_role:
     name: evolix/listupgrade
-  when: evolinux_listupgrade_include
+  when: evolinux_listupgrade_include | bool
 
 - name: Generate ldif script
   include_role:
     name: evolix/generate-ldif
-  when: evolinux_generateldif_include
+  when: evolinux_generateldif_include | bool

evolinux-base/tasks/packages.yml

@@ -16,7 +16,7 @@
       - ssl-cert
       - ca-certificates
       - rename
-  when: evolinux_packages_system
+  when: evolinux_packages_system | bool
 
 - name: Install/Update diagnostic tools
   apt:
@@ -34,7 +34,7 @@
       - telnet
       - traceroute
       - man
-  when: evolinux_packages_diagnostic
+  when: evolinux_packages_diagnostic | bool
 
 - name: Install/Update hardware tools
   apt:
@@ -42,7 +42,7 @@
       - hdparm
       - smartmontools
       - lm-sensors
-  when: evolinux_packages_hardware
+  when: evolinux_packages_hardware | bool
 
 - name: Install/Update common tools
   apt:
@@ -58,21 +58,21 @@
       - bc
       - pinentry-curses
       - ncurses-term
-  when: evolinux_packages_common
+  when: evolinux_packages_common | bool
 
 - name: Be sure that openntpd package is absent/purged
   apt:
     name: openntpd
     state: absent
     purge: True
-  when: evolinux_packages_purge_openntpd
+  when: evolinux_packages_purge_openntpd | bool
 
 - name: the chrony package is absent
   apt:
     name: chrony
     purge: True
     state: absent
-  when: evolinux_packages_purge_chrony
+  when: evolinux_packages_purge_chrony | bool
 
 - name: Be sure locate/mlocate is absent/purged
   apt:
@@ -81,19 +81,19 @@
       - mlocate
     state: absent
     purge: yes
-  when: evolinux_packages_purge_locate
+  when: evolinux_packages_purge_locate | bool
 
 - name: Install/Update serveur-base meta-package
   apt:
     name: serveur-base
     allow_unauthenticated: yes
-  when: evolinux_packages_serveur_base
+  when: evolinux_packages_serveur_base | bool
 
 - name: Install/Update packages for Stretch and later
   apt:
     name: net-tools
   when:
-    - evolinux_packages_stretch
+    - evolinux_packages_stretch | bool
     - ansible_distribution_major_version is version('9', '>=')
 
 - name: Install/Update packages for Buster and later
@@ -102,7 +102,7 @@
       - spectre-meltdown-checker
       - binutils
   when:
-    - evolinux_packages_buster
+    - evolinux_packages_buster | bool
     - ansible_distribution_major_version is version('10', '>=')
 
 - name: Customize logcheck recipient
@@ -110,7 +110,7 @@
     dest: /etc/logcheck/logcheck.conf
     regexp: '^SENDMAILTO=".*"$'
     line: 'SENDMAILTO="{{ logcheck_alert_email or general_alert_email | mandatory }}"'
-  when: evolinux_packages_logcheck_recipient
+  when: evolinux_packages_logcheck_recipient | bool
 
 - name: Deleting rpcbind and nfs-common
   apt:
@@ -118,7 +118,7 @@
       - rpcbind
       - nfs-common
     state: absent
-  when: evolinux_packages_delete_nfs
+  when: evolinux_packages_delete_nfs | bool
 
 
 # TODO: use ini_file when Ansible > 2.1 (no_extra_spaces: yes)
@@ -132,7 +132,7 @@
     - { option: "confirm", value: "1" }
     - { option: "which",   value: "both" }
   when:
-    - evolinux_packages_listchanges
+    - evolinux_packages_listchanges | bool
     - ansible_distribution == "Debian"
     - ansible_distribution_release == "jessie"
 

evolinux-base/tasks/postfix.yml

@@ -6,7 +6,7 @@
       - postfix
       - mailgraph
     state: present
-  when: evolinux_postfix_packages
+  when: evolinux_postfix_packages | bool
   tags:
     - packages
     - postfix
@@ -47,7 +47,7 @@
     line: "{{ item }}: root"
   loop: "{{ non_root_users_list.stdout_lines }}"
   notify: newaliases
-  when: evolinux_postfix_users_alias_root
+  when: evolinux_postfix_users_alias_root | bool
   tags:
     - postfix
 
@@ -64,7 +64,7 @@
     - error
     - bounce
   notify: newaliases
-  when: evolinux_postfix_mailer_alias_root
+  when: evolinux_postfix_mailer_alias_root | bool
   tags:
     - postfix
 
@@ -74,7 +74,7 @@
     regexp: "^root:"
     line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
   notify: newaliases
-  when: evolinux_postfix_root_alias
+  when: evolinux_postfix_root_alias | bool
   tags:
     - postfix
 
@@ -89,7 +89,7 @@
       - exim4-daemon-light
     purge: yes
     state: absent
-  when: evolinux_postfix_purge_exim
+  when: evolinux_postfix_purge_exim | bool
   tags:
     - packages
     - postfix

evolinux-base/tasks/root.yml

@@ -5,7 +5,7 @@
     path: /root
     state: directory
     mode: "0700"
-  when: evolinux_root_chmod
+  when: evolinux_root_chmod | bool
 
 - name: "Customize root's bashrc..."
   lineinfile:
@@ -19,7 +19,7 @@
     - "export HISTTIMEFORMAT=\"%c : \""
     - "shopt -s histappend"
     - "PROMPT_COMMAND=\"history -a;${PROMPT_COMMAND}\""
-  when: evolinux_root_bashrc
+  when: evolinux_root_bashrc | bool
 
 ## .bash_history should be append-only
 
@@ -28,14 +28,14 @@
     content: ""
     dest: "/root/.bash_history"
     force: no
-  when: evolinux_root_bash_history
+  when: evolinux_root_bash_history | bool
 
 - name: Set umask in /root/.profile
   lineinfile:
     dest: "/root/.profile"
     line: "umask 0077"
     regexp: "umask [0-9]+"
-  when: evolinux_root_umask
+  when: evolinux_root_umask | bool
 
 - name: "/usr/share/scripts is present in root's PATH"
   lineinfile:
@@ -48,7 +48,7 @@
     src: root/gitconfig
     dest: "/root/.gitconfig"
     force: no
-  when: evolinux_root_gitconfig
+  when: evolinux_root_gitconfig | bool
 
 - name: Is .bash_history append-only
   shell: lsattr /root/.bash_history | grep -E "^.*a.* "
@@ -61,7 +61,7 @@
 - name: Set .bash_history append-only
   command: chattr +a /root/.bash_history
   when:
-  - evolinux_root_bash_history_appendonly
+  - evolinux_root_bash_history_appendonly | bool
   - bash_history_append_only.rc != 0
   - "'Inappropriate ioctl' not in bash_history_append_only.stderr"
 
@@ -71,7 +71,7 @@
     regexp: '^SELECTED_EDITOR='
     line: "SELECTED_EDITOR=\"/usr/bin/vim.basic\""
     create: yes
-  when: evolinux_root_vim_default
+  when: evolinux_root_vim_default | bool
 
 - name: Setting vim root configuration
   lineinfile:
@@ -86,7 +86,7 @@
     - "set tabstop=4"
     - "set softtabstop=4"
     - "set shiftwidth=4"
-  when: evolinux_root_vim_conf
+  when: evolinux_root_vim_conf | bool
 
 - name: disable SSH access for root
   replace:
@@ -95,7 +95,7 @@
     replace: "PermitRootLogin no"
     validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
-  when: evolinux_root_disable_ssh
+  when: evolinux_root_disable_ssh | bool
 
 ### Disabled : it seems useless and too dangerous for now
 # - name: remove root from AllowUsers directive

evolinux-base/tasks/system.yml

@@ -5,7 +5,7 @@
     path: /tmp
     state: directory
     mode: "u=rwx,g=rwx,o=rwxt"
-  when: evolinux_system_chmod_tmp
+  when: evolinux_system_chmod_tmp | bool
 
 - name: Setting default locales
   lineinfile:
@@ -18,7 +18,7 @@
     - "fr_FR ISO-8859-1"
     - "fr_FR.UTF-8 UTF-8"
   register: default_locales
-  when: evolinux_system_locales
+  when: evolinux_system_locales | bool
 
 - name: Reconfigure locales
   command: /usr/sbin/locale-gen
@@ -28,7 +28,7 @@
   timezone:
     name: "{{ evolinux_system_timezone | mandatory }}"
   notify: restart cron
-  when: evolinux_system_set_timezone
+  when: evolinux_system_set_timezone | bool
 
 # TODO : find a way to force the console-data configuration
 # non-interactively (like tzdata ↑)
@@ -41,13 +41,13 @@
     dest: /etc/vim/vimrc
     regexp: 'let g:skip_defaults_vim ='
     line: 'let g:skip_defaults_vim = 1'
-  when: evolinux_system_vim_skip_defaults
+  when: evolinux_system_vim_skip_defaults | bool
 
 - name: Setting vim as default editor
   alternatives:
     name: editor
     path: /usr/bin/vim.basic
-  when: evolinux_system_vim_default_editor
+  when: evolinux_system_vim_default_editor | bool
 
 - name: Add "umask 027" to /etc/profile.d/evolinux.sh
   lineinfile:
@@ -55,14 +55,14 @@
     line: "umask 027"
     create: yes
     state: present
-  when: evolinux_system_profile
+  when: evolinux_system_profile | bool
 
 - name: Set /etc/adduser.conf DIR_MODE to 0700
   replace:
     dest: /etc/adduser.conf
     regexp: "^DIR_MODE=0755$"
     replace: "DIR_MODE=0700"
-  when: evolinux_system_dirmode_adduser
+  when: evolinux_system_dirmode_adduser | bool
 
 # TODO: trouver comment ne pas faire ça sur Xen Dom-U
 
@@ -72,7 +72,7 @@
     line: "tty2"
     create: yes
     state: present
-  when: evolinux_system_restrict_securetty
+  when: evolinux_system_restrict_securetty | bool
 
 - name: Setting TMOUT to disconnect inactive users
   lineinfile:
@@ -80,7 +80,7 @@
     line: "export TMOUT=36000"
     create: yes
     state: present
-  when: evolinux_system_set_timeout
+  when: evolinux_system_set_timeout | bool
 
 #- name: Customizing /etc/fstab
 
@@ -97,7 +97,9 @@
     line: "EXTRA_OPTS='-L 15'"
     create: yes
     state: present
-  when: is_cron_installed.rc == 0 and evolinux_system_cron_verboselog
+  when:
+    - is_cron_installed.rc == 0
+    - evolinux_system_cron_verboselog | bool
 
 - name: Modify default umask for cron deamon
   lineinfile:
@@ -105,7 +107,9 @@
     line: "umask 022"
     create: yes
     state: present
-  when: is_cron_installed.rc == 0 and evolinux_system_cron_umask
+  when:
+    - is_cron_installed.rc == 0
+    - evolinux_system_cron_umask | bool
 
 - name: Randomize periodic crontabs
   replace:
@@ -117,7 +121,9 @@
   - { regexp: '^25\s*6((\s*\*){3})',     replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
   - { regexp: '^47\s*6((\s*\*){2}\s*7)', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
   - { regexp: '^52\s*6(\s*1(\s*\*){2})', replace: '{{ 59|random(start=1) }} {{ [0,1,3,4,5,6,7]|random }}\1' }
-  when: is_cron_installed.rc == 0 and evolinux_system_cron_random
+  when:
+    - is_cron_installed.rc == 0
+    - evolinux_system_cron_random | bool
 
 - include_role:
     name: evolix/ntpd
@@ -131,7 +137,7 @@
     force: no
     mode: "0755"
   when:
-    - evolinux_system_alert5_init
+    - evolinux_system_alert5_init | bool
     - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
 
 - name: Enable alert5 init script (jessie/stretch)
@@ -139,8 +145,8 @@
     name: alert5
     enabled: yes
   when:
-    - evolinux_system_alert5_init
-    - evolinux_system_alert5_enable
+    - evolinux_system_alert5_init | bool
+    - evolinux_system_alert5_enable | bool
     - ansible_distribution_release == "jessie" or ansible_distribution_release == "stretch"
 
 
@@ -152,7 +158,7 @@
     force: no
     mode: "0755"
   when:
-    - evolinux_system_alert5_init
+    - evolinux_system_alert5_init | bool
     - ansible_distribution_major_version is version('10', '>=')
 
 - name: Install alert5 service (buster)
@@ -162,7 +168,7 @@
     force: yes
     mode: "0644"
   when:
-    - evolinux_system_alert5_init
+    - evolinux_system_alert5_init | bool
     - ansible_distribution_major_version is version('10', '>=')
 
 - name: Enable alert5 init script (buster)
@@ -171,8 +177,8 @@
     daemon_reload: yes
     enabled: yes
   when:
-    - evolinux_system_alert5_init
-    - evolinux_system_alert5_enable
+    - evolinux_system_alert5_init | bool
+    - evolinux_system_alert5_enable | bool
     - ansible_distribution_major_version is version('10', '>=')
 
 ## network interfaces
@@ -189,7 +195,9 @@
     dest: /etc/network/interfaces
     regexp: "allow-hotplug"
     replace: "auto"
-  when: evolinux_system_eni_auto and grep_hotplug_eni.rc == 0
+  when:
+    - evolinux_system_eni_auto | bool
+    - grep_hotplug_eni.rc == 0
 
 ## /sbin/deny
 

evolinux-todo/tasks/cat.yml

@@ -10,4 +10,4 @@
 - name: "Content of /etc/evolinux/todo.txt"
   debug:
     var: evolinux_todo.stdout_lines
-  when: evolinux_todo.stdout != ""
+  when: evolinux_todo.stdout | length > 0

evolinux-users/tasks/main.yml

@@ -9,22 +9,22 @@
 
 - debug:
     msg: "Warning: empty 'evolinux_users' variable, tasks will be skipped!"
-  when: evolinux_users == {}
+  when: evolinux_users | length == 0
 
 - name: Create user accounts
   include: user.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
-  when: evolinux_users != {}
+  when: evolinux_users | length > 0
 
 - name: Configure sudo
   include: sudo.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
-  when: evolinux_users != {}
+  when: evolinux_users | length > 0
 
 - name: Configure SSH
   include: ssh.yml
-  when: evolinux_users != {}
+  when: evolinux_users | length > 0

evolinux-users/tasks/ssh.yml

@@ -59,6 +59,6 @@
     regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
     replace: "PermitRootLogin no"
   notify: reload sshd
-  when: evolinux_root_disable_ssh
+  when: evolinux_root_disable_ssh | bool
 
 - meta: flush_handlers

evolinux-users/tasks/sudo.yml

@@ -4,6 +4,8 @@
   when: ansible_distribution_release == "jessie"
 
 - include: sudo_stretch.yml
-  when: ansible_distribution_major_version is defined and ansible_distribution_major_version is version('9', '>=')
+  when:
+    - ansible_distribution_major_version is defined
+    - ansible_distribution_major_version is version('9', '>=')
 
 - meta: flush_handlers

evolinux-users/tasks/sudo_jessie.yml

@@ -15,4 +15,4 @@
     regexp: '^(User_Alias\s+ADMINS\s+=((?!{{ user.name }}).)*)$'
     replace: '\1,{{ user.name }}'
     validate: '/usr/sbin/visudo -cf %s'
-  when: not copy_sudoers_evolinux.changed
+  when: copy_sudoers_evolinux is not changed