diff --git a/apt/tasks/hold_packages.yml b/apt/tasks/hold_packages.yml index 1db3429e..10f5b358 100644 --- a/apt/tasks/hold_packages.yml +++ b/apt/tasks/hold_packages.yml @@ -79,8 +79,8 @@ - name: Check if Cron is installed shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'" register: is_cron - changed_when: false - failed_when: false + changed_when: False + failed_when: False check_mode: no tags: - apt diff --git a/elasticsearch/tasks/datadir.yml b/elasticsearch/tasks/datadir.yml index c0c20f05..ef91cf1d 100644 --- a/elasticsearch/tasks/datadir.yml +++ b/elasticsearch/tasks/datadir.yml @@ -10,7 +10,7 @@ - name: "read the real datadir" command: readlink -f /var/lib/elasticsearch - changed_when: false + changed_when: False register: elasticsearch_current_real_datadir_test check_mode: no tags: diff --git a/fail2ban/tasks/fix-dbpurgeage.yml b/fail2ban/tasks/fix-dbpurgeage.yml index 1246e601..dbf9c0d9 100644 --- a/fail2ban/tasks/fix-dbpurgeage.yml +++ b/fail2ban/tasks/fix-dbpurgeage.yml @@ -8,7 +8,7 @@ - name: Register bantime from default config from package shell: "grep -R -E 'dbpurgeage[[:blank:]]*=[[:blank:]]*[0-9]+' /etc/fail2ban/fail2ban.conf |awk '{print $3}'|head -n1" register: dbpurgeage - changed_when: false + changed_when: False check_mode: false - name: diff --git a/filebeat/tasks/main.yml b/filebeat/tasks/main.yml index fa24a893..20858669 100644 --- a/filebeat/tasks/main.yml +++ b/filebeat/tasks/main.yml @@ -84,8 +84,8 @@ command: grep logstash-input-beats /usr/share/logstash/Gemfile check_mode: no register: logstash_plugin_installed - failed_when: false - changed_when: false + failed_when: False + changed_when: False when: - filebeat_logstash_plugin | bool - logstash_plugin.stat.exists diff --git a/kvm-host/tasks/ssh.yml b/kvm-host/tasks/ssh.yml index 3c097abc..d954bc06 100644 --- a/kvm-host/tasks/ssh.yml +++ b/kvm-host/tasks/ssh.yml @@ -9,7 +9,7 @@ command: cat /root/.ssh/id_rsa.pub register: ssh_keys check_mode: no - changed_when: false + changed_when: False - name: Print ssh public keys debug: diff --git a/lxc/tasks/create-container.yml b/lxc/tasks/create-container.yml index eb4ecd3b..edeca2ec 100644 --- a/lxc/tasks/create-container.yml +++ b/lxc/tasks/create-container.yml @@ -1,7 +1,7 @@ --- - name: "Check if container {{ name }} exists" command: "lxc-ls {{ name }}" - changed_when: false + changed_when: False check_mode: no register: container_exists diff --git a/lxc/tasks/main.yml b/lxc/tasks/main.yml index 3ec586bd..8236b9f1 100644 --- a/lxc/tasks/main.yml +++ b/lxc/tasks/main.yml @@ -32,8 +32,8 @@ - name: Check if root has subuids command: grep '^root:100000:10000$' /etc/subuid - failed_when: false - changed_when: false + failed_when: False + changed_when: False register: root_subuids when: lxc_unprivilegied_containers | bool @@ -45,7 +45,7 @@ - name: Get filesystem options command: findmnt --noheadings --target /var/lib/lxc --output OPTIONS - changed_when: false + changed_when: False check_mode: no register: check_fs_options diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml index bc56b7dc..e0dbcaf0 100644 --- a/minifirewall/tasks/main.yml +++ b/minifirewall/tasks/main.yml @@ -6,6 +6,8 @@ stat: path: /etc/init.d/minifirewall register: _minifirewall_check + tags: + - always # Legacy versions of minifirewall don't define the VERSION variable - name: Look for minifirewall version @@ -14,6 +16,8 @@ changed_when: False check_mode: False register: _minifirewall_version_check + tags: + - always - name: Set install mode to legacy if needed set_fact: @@ -24,21 +28,30 @@ - minifirewall_install_mode != 'modern' - not (minifirewall_force_upgrade_script | bool) - _minifirewall_version_check.rc == 1 # grep didn't find but the file exists + tags: + - always - name: Set install mode to modern if not legacy set_fact: minifirewall_install_mode: modern when: minifirewall_install_mode != 'legacy' + tags: + - always - name: Debug install mode debug: var: minifirewall_install_mode verbosity: 1 + tags: + - always - name: 'Set minifirewall_restart_handler_name to "noop"' set_fact: minifirewall_restart_handler_name: "restart minifirewall (noop)" - when: not (minifirewall_restart_if_needed | bool) + when: + - not (minifirewall_restart_if_needed | bool) + tags: + - always - name: 'Set minifirewall_restart_handler_name to "legacy"' set_fact: @@ -46,6 +59,8 @@ when: - minifirewall_restart_if_needed | bool - minifirewall_install_mode == 'legacy' + tags: + - always - name: 'Set minifirewall_restart_handler_name to "modern"' set_fact: @@ -53,6 +68,8 @@ when: - minifirewall_restart_if_needed | bool - minifirewall_install_mode != 'legacy' + tags: + - always ####################################################################### @@ -62,54 +79,74 @@ when: - minifirewall_install_mode != 'legacy' - minifirewall_main_file is defined + tags: + - always - name: Install tasks (modern mode) - include: install.yml + import_tasks: install.yml when: minifirewall_install_mode != 'legacy' - name: Install tasks (legacy mode) - include: install.legacy.yml + import_tasks: install.legacy.yml when: minifirewall_install_mode == 'legacy' - name: Debug minifirewall_update_config debug: var: minifirewall_update_config | bool verbosity: 1 + tags: + - always - name: Config tasks (modern mode) - include: config.yml + include_tasks: config.yml when: - minifirewall_install_mode != 'legacy' - minifirewall_update_config | bool + tags: + - manage - name: Config tasks (legacy mode) - include: config.legacy.yml + include_tasks: config.legacy.yml + args: + apply: + tags: + - manage when: - minifirewall_install_mode == 'legacy' - minifirewall_update_config | bool - name: Utils tasks - include: utils.yml + include_tasks: utils.yml - name: NRPE tasks - include: nrpe.yml + include_tasks: nrpe.yml - name: Activation tasks - include: activate.yml + include_tasks: activate.yml - name: Debug minifirewall_tail_included debug: var: minifirewall_tail_included | bool verbosity: 1 + tags: + - always - name: Tail tasks (modern mode) - include: tail.yml + include_tasks: tail.yml + args: + apply: + tags: + - manage when: - minifirewall_install_mode != 'legacy' - minifirewall_tail_included | bool - name: Tail tasks (legacy mode) - include: tail.legacy.yml + include_tasks: tail.legacy.yml + args: + apply: + tags: + - manage when: - minifirewall_install_mode == 'legacy' - minifirewall_tail_included | bool @@ -120,10 +157,14 @@ debug: var: minifirewall_restart_force | bool verbosity: 1 + tags: + - always - name: Force restart minifirewall (legacy) command: /bin/true notify: "restart minifirewall (legacy)" + tags: + - always when: - minifirewall_install_mode == 'legacy' - minifirewall_restart_force | bool @@ -131,6 +172,8 @@ - name: Force restart minifirewall (modern) command: /bin/true notify: "restart minifirewall (modern)" + tags: + - always when: - minifirewall_install_mode != 'legacy' - minifirewall_restart_force | bool \ No newline at end of file diff --git a/mysql/defaults/main.yml b/mysql/defaults/main.yml index 59f46667..af43f495 100644 --- a/mysql/defaults/main.yml +++ b/mysql/defaults/main.yml @@ -50,10 +50,10 @@ mysql_restart_if_needed: True mysql_performance_schema: True -mysql_skip_enabled: false +mysql_skip_enabled: False # replication variables: -mysql_replication: false +mysql_replication: False mysql_log_bin: null mysql_binlog_format: mixed mysql_server_id: null diff --git a/nameserver/tasks/main.yml b/nameserver/tasks/main.yml index 420e65af..83ba2a34 100644 --- a/nameserver/tasks/main.yml +++ b/nameserver/tasks/main.yml @@ -3,7 +3,7 @@ shell: grep nameserver /etc/resolv.conf | awk '{ print $2 }' register: grep_nameserver check_mode: no - changed_when: false + changed_when: False tags: - nameserver diff --git a/newrelic/tasks/php.yml b/newrelic/tasks/php.yml index c41dbac9..3bd4d809 100644 --- a/newrelic/tasks/php.yml +++ b/newrelic/tasks/php.yml @@ -18,7 +18,7 @@ - name: list newrelic config files shell: "find /etc/php* -type f -name newrelic.ini" - changed_when: false + changed_when: False check_mode: no register: find_newrelic_ini diff --git a/openvpn/tasks/debian.yml b/openvpn/tasks/debian.yml index 2fa0a647..bee05d9e 100644 --- a/openvpn/tasks/debian.yml +++ b/openvpn/tasks/debian.yml @@ -89,13 +89,13 @@ stat: path: "/etc/default/minifirewall" check_mode: no - changed_when: false + changed_when: False register: minifirewall_config - name: Retrieve the default interface shell: "grep '^INT=' /etc/default/minifirewall | cut -d\\' -f 2" check_mode: no - changed_when: false + changed_when: False register: minifirewall_int when: minifirewall_config.stat.exists @@ -176,7 +176,7 @@ stat: path: "/etc/nagios/nrpe.d/evolix.cfg" check_mode: no - changed_when: false + changed_when: False register: nrpe_evolix_config - name: Install NRPE check dependencies diff --git a/postfix/tasks/packmail.yml b/postfix/tasks/packmail.yml index 869113b0..0407a72b 100644 --- a/postfix/tasks/packmail.yml +++ b/postfix/tasks/packmail.yml @@ -133,6 +133,6 @@ - name: update antispam list command: /usr/share/scripts/spam.sh - changed_when: false + changed_when: False tags: - postfix diff --git a/postgresql/tests/test.yml b/postgresql/tests/test.yml index 438eddee..88714dd1 100644 --- a/postgresql/tests/test.yml +++ b/postgresql/tests/test.yml @@ -6,7 +6,7 @@ apt: name: locales state: present - changed_when: false + changed_when: False - name: Setting default locales lineinfile: @@ -14,7 +14,7 @@ line: "{{ item }}" create: yes state: present - changed_when: false + changed_when: False loop: - "en_US.UTF-8 UTF-8" - "fr_FR ISO-8859-1" @@ -23,7 +23,7 @@ - name: Reconfigure locales command: /usr/sbin/locale-gen - changed_when: false + changed_when: False when: test_locales is changed roles: diff --git a/proftpd/tasks/account.yml b/proftpd/tasks/account.yml index a03fd1f1..cfe82156 100644 --- a/proftpd/tasks/account.yml +++ b/proftpd/tasks/account.yml @@ -1,7 +1,7 @@ --- - name: Check if FTP account exist command: grep "^{{ proftpd_name }}:" /etc/proftpd/vpasswd - failed_when: false + failed_when: False check_mode: no changed_when: check_ftp_account.rc != 0 register: check_ftp_account @@ -36,7 +36,7 @@ register: hashed_ftp_password check_mode: no when: check_ftp_account.rc == 0 - changed_when: false + changed_when: False tags: - proftpd @@ -45,7 +45,7 @@ proftpd_password: "{{ hashed_ftp_password.stdout }}" check_mode: no when: check_ftp_account.rc == 0 - changed_when: false + changed_when: False tags: - proftpd diff --git a/proftpd/tasks/accounts_password.yml b/proftpd/tasks/accounts_password.yml index 01517083..3ae37c88 100644 --- a/proftpd/tasks/accounts_password.yml +++ b/proftpd/tasks/accounts_password.yml @@ -1,7 +1,7 @@ --- - name: Check if FTP account exist command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd - failed_when: false + failed_when: False check_mode: no changed_when: check_ftp_account.rc != 0 register: check_ftp_account @@ -12,7 +12,7 @@ shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2 register: protftpd_cur_password check_mode: no - changed_when: false + changed_when: False - name: Set password for this account set_fact: diff --git a/redis/tasks/main.yml b/redis/tasks/main.yml index d9a57bb2..24315b42 100644 --- a/redis/tasks/main.yml +++ b/redis/tasks/main.yml @@ -36,7 +36,7 @@ - name: Get Redis version shell: "redis-server -v | grep -Eo '(v=\\S+)' | cut -d'=' -f 2 | grep -E '^([0-9]|\\.)+$'" - changed_when: false + changed_when: False check_mode: no register: _redis_installed_version tags: diff --git a/redmine/tasks/mysql.yml b/redmine/tasks/mysql.yml index 6c40a338..5f1f6631 100644 --- a/redmine/tasks/mysql.yml +++ b/redmine/tasks/mysql.yml @@ -4,7 +4,7 @@ register: redmine_get_mysql_password check_mode: no changed_when: False - failed_when: false + failed_when: False tags: - redmine diff --git a/redmine/tasks/user.yml b/redmine/tasks/user.yml index 932e049c..dc959db1 100644 --- a/redmine/tasks/user.yml +++ b/redmine/tasks/user.yml @@ -41,4 +41,4 @@ - name: Enable systemd user mode command: "loginctl enable-linger {{ redmine_user }}" - changed_when: false + changed_when: False diff --git a/remount-usr/handlers/main.yml b/remount-usr/handlers/main.yml index f13f3ed6..854a8883 100644 --- a/remount-usr/handlers/main.yml +++ b/remount-usr/handlers/main.yml @@ -1,4 +1,4 @@ --- - name: remount usr command: "mount -o remount /usr" - failed_when: false \ No newline at end of file + failed_when: False \ No newline at end of file diff --git a/spamassasin/tasks/main.yml b/spamassasin/tasks/main.yml index a7568391..a2cbaf9a 100644 --- a/spamassasin/tasks/main.yml +++ b/spamassasin/tasks/main.yml @@ -87,7 +87,7 @@ - name: update SpamAssasin's rules command: "/usr/share/scripts/sa-update.sh" - changed_when: false + changed_when: False tags: - spamassassin diff --git a/tomcat-instance/tasks/check.yml b/tomcat-instance/tasks/check.yml index eff9d236..b9426a33 100644 --- a/tomcat-instance/tasks/check.yml +++ b/tomcat-instance/tasks/check.yml @@ -6,7 +6,7 @@ - name: Check use of gid command: id -ng "{{ tomcat_instance_port }}" register: check_port_gid - changed_when: false + changed_when: False failed_when: - check_port_gid | success - check_port_gid.stdout != "{{ tomcat_instance_name }}" @@ -14,7 +14,7 @@ - name: Check use of uid command: id -nu "{{ tomcat_instance_port }}" register: check_port_uid - changed_when: false + changed_when: False failed_when: - check_port_uid | success - check_port_uid.stdout != "{{ tomcat_instance_name }}" diff --git a/tomcat-instance/tasks/systemd.yml b/tomcat-instance/tasks/systemd.yml index 7558bbaa..c3a6a877 100644 --- a/tomcat-instance/tasks/systemd.yml +++ b/tomcat-instance/tasks/systemd.yml @@ -1,7 +1,7 @@ --- - name: Enable systemd user mode command: "loginctl enable-linger {{ tomcat_instance_name }}" - changed_when: false + changed_when: False - name: Set systemd conf var lineinfile: diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml index e1f442c0..32eda170 100644 --- a/webapps/wordpress/tasks/main.yml +++ b/webapps/wordpress/tasks/main.yml @@ -25,7 +25,7 @@ - name: Generate random password command: apg -n1 -m 12 -M LCN register: shell_password - changed_when: false + changed_when: False - name: Read mysql config from .my.cnf set_fact: @@ -48,13 +48,13 @@ - name: Configure site shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' - changed_when: false + changed_when: False - name: Check if Wordpress is up to date shell: '{{ wordpress_wpcli }} core check-update | grep -q Success' register: check_version check_mode: no - failed_when: false + failed_when: False changed_when: check_version.rc == 1 - name: Update Wordpress @@ -65,17 +65,17 @@ - name: Install default plugin shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} || {{ wordpress_wpcli }} plugin install {{ item }}' - changed_when: false + changed_when: False loop: "{{ wordpress_plugins }}" - name: Update default plugins shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin update {{ item }}' - changed_when: false + changed_when: False loop: "{{ wordpress_plugins }}" - name: Activate default plugins shell: '{{ wordpress_wpcli }} plugin is-installed {{ item }} && {{ wordpress_wpcli }} plugin activate {{ item }}' - changed_when: false + changed_when: False loop: "{{ wordpress_plugins }}" - name: Send a summary mail