Replace the `include` module with `include_tasks` or `import_tasks`

The behaviour of the `include` module is badly defined (it try to choose
between statically importing the tasks and dynamically including them)
and can cause problems depending on any number of constraints (mostly if
it choose the wrong behaviour).

Replace it with the `import_tasks` (always statically import tasks) unless
the `include` is in a loop in which case we replace it with
`include_tasks` (always dynamically include tasks).

CHANGELOG.md

@@ -24,6 +24,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * Proper jinja spacing
 * evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
 * elasticsearch : use logrotate for garbage collector logs instead of breaking compression cron
+* Replace use of the `include` module with the `import_tasks` or `include_tasks` module to prevent bug due to faulty behaviour choice on the part of ansible
 
 ### Removed
 

apache/tasks/auth.yml

@@ -12,7 +12,7 @@
     - apache
 
 - name: Load IP whitelist task
-  include: ip_whitelist.yml
+  import_tasks: ip_whitelist.yml
 
 - name: include private IP whitelist for server-status
   lineinfile:

apache/tasks/main.yml

@@ -109,7 +109,7 @@
   tags:
     - apache
 
-- include: auth.yml
+- import_tasks: auth.yml
   tags:
   - apache
 
@@ -134,7 +134,7 @@
   tags:
     - apache
 
-- include: server_status.yml
+- import_tasks: server_status.yml
   tags:
     - apache
 
@@ -199,12 +199,12 @@
   tags:
     - apache
 
-- include: log2mail.yml
+- import_tasks: log2mail.yml
   when: apache_log2mail_include
   tags:
     - apache
 
-- include: munin.yml
+- import_tasks: munin.yml
   when: apache_munin_include | bool
   tags:
     - apache

apt/tasks/main.yml

@@ -9,31 +9,31 @@
     - apt
 
 - name: Custom configuration
-  include: config.yml
+  import_tasks: config.yml
   when: apt_config | bool
   tags:
     - apt
 
 - name: Install basics repositories
-  include: basics.yml
+  import_tasks: basics.yml
   when: apt_install_basics | bool
   tags:
     - apt
 
 - name: Install APT Backports repository
-  include: backports.yml
+  import_tasks: backports.yml
   when: apt_install_backports | bool
   tags:
     - apt
 
 - name: Install Evolix Public APT repository
-  include: evolix_public.yml
+  import_tasks: evolix_public.yml
   when: apt_install_evolix_public | bool
   tags:
     - apt
 
 - name: Install check for packages marked hold
-  include: hold_packages.yml
+  import_tasks: hold_packages.yml
   when: apt_install_hold_packages | bool
   tags:
     - apt
@@ -50,4 +50,4 @@
     upgrade: dist
   when: apt_upgrade | bool
   tags:
-    - apt
+    - apt

bind/tasks/main.yml

@@ -126,4 +126,4 @@
     force: yes
   notify: restart bind
 
-- include: munin.yml
+- import_tasks: munin.yml

certbot/tasks/main.yml

@@ -8,18 +8,18 @@
     msg: only compatible with Debian 9+
 
 - name: Install legacy script on Debian 8
-  include: install-legacy.yml
+  import_tasks: install-legacy.yml
   when:
     - ansible_distribution == "Debian"
     - ansible_distribution_major_version is version('9', '<')
 
 - name: Install package on Debian 9+
-  include: install-package.yml
+  import_tasks: install-package.yml
   when:
     - ansible_distribution == "Debian"
     - ansible_distribution_major_version is version('9', '>=')
 
-- include: acme-challenge.yml
+- import_tasks: acme-challenge.yml
 
 - name: Deploy hooks are present
   copy:

dovecot/tasks/main.yml

@@ -78,7 +78,7 @@
   tags:
   - dovecot
 
-- include: munin.yml
+- import_tasks: munin.yml
   tags:
   - dovecot
 

drbd/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: munin.yml
+- import_tasks: munin.yml
 
-- include: nagios.yml
+- import_tasks: nagios.yml

elasticsearch/tasks/main.yml

@@ -1,21 +1,21 @@
 ---
 
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: configuration.yml
+- import_tasks: configuration.yml
 
-- include: bootstrap_checks.yml
+- import_tasks: bootstrap_checks.yml
 
-- include: tmpdir.yml
+- import_tasks: tmpdir.yml
 
-- include: datadir.yml
+- import_tasks: datadir.yml
 
-- include: logs.yml
+- import_tasks: logs.yml
 
-- include: additional_scripts.yml
+- import_tasks: additional_scripts.yml
 
-- include: plugin_head.yml
+- import_tasks: plugin_head.yml
   when: elasticsearch_plugin_head | bool
 
-- include: curator.yml
+- import_tasks: curator.yml
   when: elasticsearch_curator | bool

etc-git/tasks/main.yml

@@ -10,12 +10,12 @@
     - ansible_distribution == "Debian"
 
 - name: Install and configure utilities
-  include: utils.yml
+  import_tasks: utils.yml
   tags:
     - etc-git
 
 - name: Configure repositories
-  include: repositories.yml
+  import_tasks: repositories.yml
   tags:
     - etc-git
-  when: etc_git_config_repositories | bool
+  when: etc_git_config_repositories | bool

etc-git/tasks/repositories.yml

@@ -1,6 +1,6 @@
 ---
 
-- include: repository.yml
+- import_tasks: repository.yml
   vars:
     repository_path: "/etc"
     gitignore_items:
@@ -21,12 +21,12 @@
   tags:
     - etc-git
 
-- include_role:
+- import_role:
     name: evolix/remount-usr
   when:
     - _usr_share_scripts.stat.isdir
 
-- include: repository.yml
+- import_tasks: repository.yml
   vars:
     repository_path: "/usr/share/scripts"
     gitignore_items: []
@@ -34,4 +34,4 @@
     - _usr_share_scripts.stat.isdir
     - ansible_distribution_major_version is version('10', '>=')
   tags:
-    - etc-git
+    - etc-git

etc-git/tasks/repository.yml

@@ -67,4 +67,4 @@
   register: git_commit
   when: git_log.rc != 0 or (git_init is defined and git_init is changed)
   tags:
-    - etc-git
+    - etc-git

evoacme/tasks/main.yml

@@ -8,16 +8,16 @@
     msg: only compatible with Debian >= 9
   when: not (evoacme_disable_debian_check | bool)
 
-- include: certbot.yml
+- import_tasks: certbot.yml
 
-- include: permissions.yml
+- import_tasks: permissions.yml
 
 # Enable this task if you want to deploy hooks
-# - include: evoacme_hook.yml
+# - include_tasks: evoacme_hook.yml
 #   vars:
 #     hook_name: "{{ item }}"
 #   loop: []
 
-- include: conf.yml
+- import_tasks: conf.yml
 
-- include: scripts.yml
+- import_tasks: scripts.yml

evobackup-client/tasks/main.yml

@@ -1,26 +1,26 @@
 ---
 
-- include: "ssh_key.yml"
+- import_tasks: "ssh_key.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_ssh_key
 
-- include: "jail.yml"
+- import_tasks: "jail.yml"
   tags:
     - evobackup_client
     - evobackup_client_jail
 
-- include: "upload_scripts.yml"
+- import_tasks: "upload_scripts.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_scripts
 
-- include: "open_ssh_ports.yml"
+- import_tasks: "open_ssh_ports.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_firewall
 
-- include: "verify_ssh.yml"
+- import_tasks: "verify_ssh.yml"
   tags:
     - evobackup_client
     - evobackup_client_backup_hosts

evocheck/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 
-- include: install.yml
+- import_tasks: install.yml
 
-- include: cron.yml
+- import_tasks: cron.yml
   when: evocheck_update_crontab | bool

evolinux-base/tasks/main.yml

@@ -23,27 +23,27 @@
   when: evolinux_etcgit_include | bool
 
 - name: /etc/evolinux base
-  include: etc-evolinux.yml
+  import_tasks: etc-evolinux.yml
   when: evolinux_etcevolinux_include | bool
 
 - name: Hostname
-  include: hostname.yml
+  import_tasks: hostname.yml
   when: evolinux_hostname_include | bool
 
 - name: Kernel tuning
-  include: kernel.yml
+  import_tasks: kernel.yml
   when: evolinux_kernel_include | bool
 
 - name: Fstab configuration
-  include: fstab.yml
+  import_tasks: fstab.yml
   when: evolinux_fstab_include | bool
 
 - name: Packages
-  include: packages.yml
+  import_tasks: packages.yml
   when: evolinux_packages_include | bool
 
 - name: System settings
-  include: system.yml
+  import_tasks: system.yml
   when: evolinux_system_include | bool
 
 - name: Minifirewall
@@ -57,7 +57,7 @@
   when: evolinux_evomaintenance_include | bool
 
 - name: SSH configuration
-  include: ssh.yml
+  import_tasks: ssh.yml
   when: evolinux_ssh_include | bool
 
 ### disabled because of a memory leak
@@ -67,41 +67,41 @@
 #   when: evolinux_users_include
 
 - name: Root user configuration
-  include: root.yml
+  import_tasks: root.yml
   when: evolinux_root_include | bool
 
 - name: Postfix
-  include: postfix.yml
+  import_tasks: postfix.yml
   when: evolinux_postfix_include | bool
 
 - name: Logs management
-  include: logs.yml
+  import_tasks: logs.yml
   when: evolinux_logs_include | bool
 
 - name: Default index page
-  include: default_www.yml
+  import_tasks: default_www.yml
   when: evolinux_default_www_include | bool
 
 - name: Hardware drivers and tools
-  include: hardware.yml
+  import_tasks: hardware.yml
   when: evolinux_hardware_include | bool
 
 - name: Customize for Online.net
-  include: provider_online.yml
+  import_tasks: provider_online.yml
   when: evolinux_provider_online_include | bool
 
 - name: Customize for Orange FCE
-  include: provider_orange_fce.yml
+  import_tasks: provider_orange_fce.yml
   when: evolinux_provider_orange_fce_include | bool
 
 - name: Override Log2mail service
-  include: log2mail.yml
+  import_tasks: log2mail.yml
   when: evolinux_log2mail_include | bool
 
-- include: motd.yml
+- import_tasks: motd.yml
   when: evolinux_motd_include | bool
 
-- include: utils.yml
+- import_tasks: utils.yml
   when: evolinux_utils_include | bool
 
 - name: Munin

evolinux-base/tasks/utils.yml

@@ -1,9 +1,9 @@
 ---
 
-- include_role:
+- import_role:
     name: evolix/remount-usr
 
-- include_tasks:
+- import_tasks:
     file: dump-server-state.yml
 
 - name: "/sbin/deny script is present"

evolinux-users/tasks/main.yml

@@ -12,7 +12,7 @@
   when: evolinux_users | length == 0
 
 - name: Create user accounts
-  include: user.yml
+  include_tasks: user.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
@@ -21,8 +21,8 @@
     - evolinux_users | length > 0
 
 - name: Configure sudo
-  include: sudo.yml
+  import_tasks: sudo.yml
 
 - name: Configure SSH
-  include: ssh.yml
+  import_tasks: ssh.yml
   when: evolinux_users | length > 0

evolinux-users/tasks/ssh.yml

@@ -40,12 +40,12 @@
     var: ssh_allowusers
     verbosity: 1
 
-- include: ssh_allowgroups.yml
+- import_tasks: ssh_allowgroups.yml
   when:
     - ssh_allowgroups
     - not ssh_allowusers
 
-- include: ssh_allowusers.yml
+- include_tasks: ssh_allowusers.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"

evolinux-users/tasks/sudo.yml

@@ -1,6 +1,6 @@
 ---
 
-- include: sudo_jessie.yml
+- include_tasks: sudo_jessie.yml
   vars:
     user: "{{ item.value }}"
   loop: "{{ evolinux_users | dict2items }}"
@@ -11,9 +11,9 @@
 
 
 - block:
-  - include: sudo_stretch_common.yml
+  - import_tasks: sudo_stretch_common.yml
 
-  - include: sudo_stretch_user.yml
+  - include_tasks: sudo_stretch_user.yml
     vars:
       user: "{{ item.value }}"
     loop: "{{ evolinux_users | dict2items }}"

evomaintenance/tasks/install_package_debian.yml

@@ -12,4 +12,4 @@
     name: evomaintenance
     allow_unauthenticated: yes
   tags:
-    - evomaintenance
+    - evomaintenance

evomaintenance/tasks/install_vendor_debian.yml

@@ -46,4 +46,4 @@
     - { src: 'evomaintenance.sh', dest: '/usr/share/scripts/', mode: '0700' }
     - { src: 'evomaintenance.tpl', dest: '/usr/share/scripts/', mode: '0600' }
   tags:
-    - evomaintenance
+    - evomaintenance

evomaintenance/tasks/main.yml

@@ -1,24 +1,24 @@
 ---
 
-- include: install_package_debian.yml
+- import_tasks: install_package_debian.yml
   when:
     - not (evomaintenance_install_vendor | bool)
     - ansible_distribution == "Debian"
 
-- include: install_vendor_debian.yml
+- import_tasks: install_vendor_debian.yml
   when:
     - evomaintenance_install_vendor | bool
     - ansible_distribution == "Debian"
 
-- include: install_vendor_other.yml
+- import_tasks: install_vendor_other.yml
   when:
     - evomaintenance_install_vendor | bool
     - ansible_distribution != "Debian"
 
 
-- include: config.yml
+- import_tasks: config.yml
 
-- include: minifirewall.yml
+- import_tasks: minifirewall.yml
   when:
     - evomaintenance_hook_db | bool
     - ansible_distribution == "Debian"

fail2ban/handlers/main.yml

@@ -3,8 +3,11 @@
   service:
     name: fail2ban
     state: restarted
+  tags:
+    - fail2ban
 
 - name: restart munin-node
   service:
     name: munin-node
     state: restarted
+  tags: fail2ban

fail2ban/tasks/main.yml

@@ -32,7 +32,7 @@
     - fail2ban
 
 - name: Include ignoredips update task
-  include: ip_whitelist.yml
+  import_tasks: ip_whitelist.yml
   when: fail2ban_force_update_ignore_ips | bool
   tags:
     - fail2ban
@@ -106,7 +106,7 @@
     - fail2ban_recidive
 
 - name: Fix dbpurgeage for stretch and buster
-  include: fix-dbpurgeage.yml
+  import_tasks: fix-dbpurgeage.yml
   when:
     - ansible_distribution_release == "stretch" or ansible_distribution_release == "buster"
   tags:

haproxy/tasks/main.yml

@@ -83,7 +83,7 @@
     - config
     - update-config
 
-- include: packages_backports.yml
+- import_tasks: packages_backports.yml
   when: haproxy_backports | bool
 
 - name: Install HAProxy package
@@ -147,4 +147,4 @@
     - haproxy_allow_ip_nonlocal_bind is defined
     - haproxy_allow_ip_nonlocal_bind is not none
 
-- include: munin.yml
+- import_tasks: munin.yml

java/tasks/main.yml

@@ -3,8 +3,8 @@
 #     msg: "This role support only java 8 for now !"
 #   when: java_version != 8
 
-- include: openjdk.yml
+- import_tasks: openjdk.yml
   when: java_alternative == 'openjdk'
 
-- include: oracle.yml
+- import_tasks: oracle.yml
   when: java_alternative == 'oracle'

kibana/tasks/main.yml

@@ -144,7 +144,7 @@
 #       - optimize
 #       - data
 
-- include: proxy_nginx.yml
+- import_tasks: proxy_nginx.yml
   when: kibana_proxy_nginx | bool
   tags:
     - kibana

kvm-host/tasks/main.yml

@@ -5,12 +5,12 @@
   when: kvm_install_drbd
 
 ## TODO: check why it's disabled
-- include: ssh.yml
+- import_tasks: ssh.yml
 
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: munin.yml
+- import_tasks: munin.yml
 
-- include: images.yml
+- import_tasks: images.yml
 
-- include: tools.yml
+- import_tasks: tools.yml

kvm-host/tasks/tools.yml

@@ -64,4 +64,4 @@
   file:
     path: /usr/share/scripts/kvmstats
     state: absent
-  when: "'/usr/share/scripts' not in kvm_scripts_dir"
+  when: "'/usr/share/scripts' not in kvm_scripts_dir"

ldap/tasks/main.yml

@@ -16,11 +16,11 @@
   notify: restart slapd
 
 - name: ldapvirc file
-  include: ldapvirc.yml
+  import_tasks: ldapvirc.yml
 
 - name: nagios config file for LDAP
-  include: nagios.yml
+  import_tasks: nagios.yml
 
 - name: initialize database
-  include: init.yml
-  when: not root_ldapvirc_path.stat.exists
+  import_tasks: init.yml
+  when: not root_ldapvirc_path.stat.exists

logstash/tasks/main.yml

@@ -115,6 +115,6 @@
     var: logstash_template
     verbosity: 1
 
-- include: logs.yml
+- import_tasks: logs.yml
 
-- include: tmpdir.yml
+- import_tasks: tmpdir.yml

lxc-php/tasks/main.yml

@@ -9,24 +9,24 @@
     name: "{{ lxc_php_version }}"
     container_command: "apt-get update"
 
-- include: "php56.yml"
+- import_tasks: "php56.yml"
   when: lxc_php_version == "php56"
 
-- include: "php70.yml"
+- import_tasks: "php70.yml"
   when: lxc_php_version == "php70"
 
-- include: "php73.yml"
+- import_tasks: "php73.yml"
   when: lxc_php_version == "php73"
 
-- include: "php74.yml"
+- import_tasks: "php74.yml"
   when: lxc_php_version == "php74"
 
-- include: "php80.yml"
+- import_tasks: "php80.yml"
   when: lxc_php_version == "php80"
 
-- include: "php81.yml"
+- import_tasks: "php81.yml"
   when: lxc_php_version == "php81"
 
-- include: "umask.yml"
+- import_tasks: "umask.yml"
 
-- include: "misc.yml"
+- import_tasks: "misc.yml"

lxc-php/tasks/php56.yml

@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_ssmtp.yml"
+- import_tasks: "mail_ssmtp.yml"

lxc-php/tasks/php70.yml

@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- import_tasks: "mail_opensmtpd.yml"

lxc-php/tasks/php73.yml

@@ -17,4 +17,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- import_tasks: "mail_opensmtpd.yml"

lxc-php/tasks/php74.yml

@@ -23,4 +23,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- import_tasks: "mail_opensmtpd.yml"

lxc-php/tasks/php80.yml

@@ -60,4 +60,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- import_tasks: "mail_opensmtpd.yml"

lxc-php/tasks/php81.yml

@@ -60,4 +60,4 @@
   loop_control:
     loop_var: line_item
 
-- include: "mail_opensmtpd.yml"
+- import_tasks: "mail_opensmtpd.yml"

lxc-solr/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: LXC configuration
-  include_role:
+  import_role:
     name: evolix/lxc
 
 - name: Ensure containers root directory is 755
@@ -10,7 +10,7 @@
     mode: '0755'
   loop: "{{ lxc_containers }}"
 
-- include: solr.yml
+- import_tasks: solr.yml
   args:
     name: "{{ item.name }}"
     solr_version: "{{ item.solr_version }}"

lxc/tasks/main.yml

@@ -58,7 +58,7 @@
     msg: "LXC directory is in a filesystem with incompatible options"
 
 - name: Create containers
-  include: create-container.yml
+  include_tasks: create-container.yml
   vars:
     name: "{{ item.name }}"
     release: "{{ item.release }}"

memcached/tasks/main.yml

@@ -5,12 +5,12 @@
   tags:
     - memcached
 
-- include: instance-default.yml
+- import_tasks: instance-default.yml
   when: memcached_instance_name is undefined
 
-- include: instance-multi.yml
+- import_tasks: instance-multi.yml
   when: memcached_instance_name is defined
 
-- include: munin.yml
+- import_tasks: munin.yml
 
-- include: nrpe.yml
+- import_tasks: nrpe.yml

minifirewall/tasks/main.yml

@@ -64,11 +64,11 @@
     - minifirewall_main_file is defined
 
 - name: Install tasks (modern mode)
-  include: install.yml
+  import_tasks: install.yml
   when: minifirewall_install_mode != 'legacy'
 
 - name: Install tasks (legacy mode)
-  include: install.legacy.yml
+  import_tasks: install.legacy.yml
   when: minifirewall_install_mode == 'legacy'
 
 - name: Debug minifirewall_update_config
@@ -77,25 +77,25 @@
     verbosity: 1
 
 - name: Config tasks (modern mode)
-  include: config.yml
+  import_tasks: config.yml
   when:
     - minifirewall_install_mode != 'legacy'
     - minifirewall_update_config | bool
 
 - name: Config tasks (legacy mode)
-  include: config.legacy.yml
+  import_tasks: config.legacy.yml
   when:
     - minifirewall_install_mode == 'legacy'
     - minifirewall_update_config | bool
 
 - name: Utils tasks
-  include: utils.yml
+  import_tasks: utils.yml
 
 - name: NRPE tasks
-  include: nrpe.yml
+  import_tasks: nrpe.yml
 
 - name: Activation tasks
-  include: activate.yml
+  import_tasks: activate.yml
 
 - name: Debug minifirewall_tail_included
   debug:
@@ -103,13 +103,13 @@
     verbosity: 1
 
 - name: Tail tasks (modern mode)
-  include: tail.yml
+  import_tasks: tail.yml
   when:
     - minifirewall_install_mode != 'legacy'
     - minifirewall_tail_included | bool
 
 - name: Tail tasks (legacy mode)
-  include: tail.legacy.yml
+  import_tasks: tail.legacy.yml
   when:
     - minifirewall_install_mode == 'legacy'
     - minifirewall_tail_included | bool
@@ -133,4 +133,4 @@
   notify: "restart minifirewall (modern)"
   when:
     - minifirewall_install_mode != 'legacy'
-    - minifirewall_restart_force | bool
+    - minifirewall_restart_force | bool

mongodb/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
 
-- include: main_jessie.yml
+- import_tasks: main_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: main_stretch.yml
+- import_tasks: main_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include: main_buster.yml
+- import_tasks: main_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include: main_bullseye.yml
+- import_tasks: main_bullseye.yml
   when: ansible_distribution_major_version is version('11', '>=')

mysql-oracle/tasks/main.yml

@@ -3,20 +3,20 @@
 - set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: users.yml
+- import_tasks: users.yml
 
-- include: config.yml
+- import_tasks: config.yml
 
-- include: datadir.yml
+- import_tasks: datadir.yml
 
-- include: tmpdir.yml
+- import_tasks: tmpdir.yml
 
-- include: nrpe.yml
+- import_tasks: nrpe.yml
 
-- include: munin.yml
+- import_tasks: munin.yml
 
-- include: log2mail.yml
+- import_tasks: log2mail.yml
 
-- include: utils.yml
+- import_tasks: utils.yml

mysql/tasks/main.yml

@@ -4,46 +4,46 @@
   set_fact:
     mysql_restart_handler_name: "{{ mysql_restart_if_needed | bool | ternary('restart mysql', 'restart mysql (noop)') }}"
 
-- include_tasks: packages_stretch.yml
+- import_tasks: packages_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include_tasks: packages_jessie.yml
+- import_tasks: packages_jessie.yml
   when: ansible_distribution_release == "jessie"
 
 ## There is nothing to do with users on Debian 11+ - yet we need a /root/.my.cnf for compatibility
-- include_tasks: users_bullseye.yml
+- import_tasks: users_bullseye.yml
   when: ansible_distribution_major_version is version('11', '>=')
 
-- include_tasks: users_buster.yml
+- import_tasks: users_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include_tasks: users_stretch.yml
+- import_tasks: users_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include_tasks: users_jessie.yml
+- import_tasks: users_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include_tasks: config_stretch.yml
+- import_tasks: config_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include_tasks: config_jessie.yml
+- import_tasks: config_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include_tasks: replication.yml
+- import_tasks: replication.yml
   when: mysql_replication | bool
 
-- include_tasks: datadir.yml
+- import_tasks: datadir.yml
 
-- include_tasks: logdir.yml
+- import_tasks: logdir.yml
 
-- include_tasks: tmpdir.yml
+- import_tasks: tmpdir.yml
 
-- include_tasks: nrpe.yml
+- import_tasks: nrpe.yml
 
-- include_tasks: munin.yml
+- import_tasks: munin.yml
 
-- include_tasks: log2mail.yml
+- import_tasks: log2mail.yml
 
-- include_tasks: utils.yml
+- import_tasks: utils.yml
 
-- include_tasks: mysql_skip.yml
+- import_tasks: mysql_skip.yml

mysql/tasks/utils.yml

@@ -248,4 +248,4 @@
     mode: "0755"
     force: no
   tags:
-    - mysql
+    - mysql

networkd-to-ifconfig/tasks/main.yml

@@ -21,10 +21,10 @@
     set_fact:
       eni_interface_name: "{{ ansible_default_ipv4.interface }}"
 
-  - include: set_facts_from_systemd.yml
+  - import_tasks: set_facts_from_systemd.yml
     when: systemd_network_file.stat.exists
 
-  - include: set_facts_from_ansible.yml
+  - import_tasks: set_facts_from_ansible.yml
     when: not systemd_network_file.stat.exists
 
   - name: Check config (IPv4)

newrelic/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
 
-- include: sources.yml
+- import_tasks: sources.yml
 
-- include: php.yml
+- import_tasks: php.yml
   when: newrelic_php | bool
 
-- include: sysmond.yml
+- import_tasks: sysmond.yml
   when: newrelic_sysmond | bool

nginx/tasks/main.yml

@@ -8,9 +8,9 @@
     msg: "Nginx minimal mode has been set, using minimal mode."
   when: nginx_minimal | bool
 
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: server_status_read.yml
+- import_tasks: server_status_read.yml
   tags:
     - nginx
 
@@ -64,7 +64,7 @@
     - ips
 
 - name: Include IP address whitelist task
-  include: ip_whitelist.yml
+  import_tasks: ip_whitelist.yml
 
 - name: Copy evolinux_server_custom 
   copy:
@@ -134,7 +134,7 @@
   tags:
     - nginx
 
-- include: server_status_write.yml
+- import_tasks: server_status_write.yml
   tags:
     - nginx
 
@@ -155,16 +155,16 @@
     - nginx
     - munin
 
-- include: munin_vhost.yml
+- import_tasks: munin_vhost.yml
   when: stat_munin_node.stat.exists
   tags:
     - nginx
     - munin
 
-- include: munin_graphs.yml
+- import_tasks: munin_graphs.yml
   when: stat_munin_node.stat.exists
   tags:
     - nginx
     - munin
 
-- include: logrotate.yml
+- import_tasks: logrotate.yml

nginx/tasks/packages.yml

@@ -4,7 +4,7 @@
     nginx_default_package_name: nginx-light
   when: nginx_minimal | bool
 
-- include: packages_backports.yml
+- import_tasks: packages_backports.yml
   when: nginx_backports | bool
 
 # TODO: install "nginx" + only necessary modules, instead of "nginx-full"

nodejs/tasks/main.yml

@@ -72,5 +72,5 @@
     - packages
     - nodejs
 
-- include: yarn.yml
+- import_tasks: yarn.yml
   when: nodejs_install_yarn | bool

openvpn/tasks/main.yml

@@ -6,10 +6,10 @@
     msg: "Only compatible with Debian and OpenBSD"
 
 - name: Include Debian version
-  include: debian.yml
+  import_tasks: debian.yml
   when: ansible_distribution == "Debian"
 
 - name: Include OpenBSD version
-  include: openbsd.yml
+  import_tasks: openbsd.yml
   when: ansible_distribution == "OpenBSD"
 

packweb-apache/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Dependencies are satisfied
-  include_tasks: dependencies.yml
+  import_tasks: dependencies.yml
 
 - fail:
     msg: only compatible with Debian >= 8
@@ -85,13 +85,13 @@
     regexp: '^DIR_MODE='
     line: 'DIR_MODE=0750'
 
-- include: apache.yml
+- import_tasks: apache.yml
 
-- include: phpmyadmin.yml
+- import_tasks: phpmyadmin.yml
 
-- include: awstats.yml
+- import_tasks: awstats.yml
 
-- include: fhs_retrictions.yml
+- import_tasks: fhs_retrictions.yml
   when: packweb_fhs_retrictions | bool
 
 - name: Periodically cache ftp directory sizes for ftpadmin.sh
@@ -100,5 +100,5 @@
     special_time: daily
     job: "/usr/share/scripts/evoadmin/stats.sh"
 
-- include: multiphp.yml
+- import_tasks: multiphp.yml
   when: packweb_multiphp_versions | length > 0

percona/tasks/main.yml

@@ -61,5 +61,5 @@
     update_cache: yes
   when: percona__apt_config_deb is changed
 
-- include: xtrabackup.yml
+- import_tasks: xtrabackup.yml
   when: percona__install_xtrabackup | bool

php/tasks/main.yml

@@ -7,17 +7,17 @@
       - ansible_distribution_major_version is version('12', '<=')
     msg: This is only compatible with Debian 8 → 12
 
-- include_tasks: main_jessie.yml
+- import_tasks: main_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include_tasks: main_stretch.yml
+- import_tasks: main_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include_tasks: main_buster.yml
+- import_tasks: main_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include_tasks: main_bullseye.yml
+- import_tasks: main_bullseye.yml
   when: ansible_distribution_release == "bullseye"
 
-- include_tasks: main_bookworm.yml
+- import_tasks: main_bookworm.yml
   when: ansible_distribution_release == "bookworm"

php/tasks/main_bookworm.yml

@@ -46,7 +46,7 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- import_tasks: sury_pre.yml
   when: php_sury_enable
 
 - name: "Install PHP packages (Debian 12)"
@@ -80,13 +80,13 @@
     - /etc/php
     - /etc/php/{{ php_version }}
 
-- include: config_cli.yml
+- import_tasks: config_cli.yml
 - name: "Enforce permissions on PHP cli directory (Debian 12)"
   file:
     dest: /etc/php/{{ php_version }}/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- import_tasks: config_fpm.yml
   when: php_fpm_enable
 
 - name: "Enforce permissions on PHP fpm directory (Debian 12)"
@@ -95,7 +95,7 @@
     mode: "0755"
   when: php_fpm_enable
 
-- include: config_apache.yml
+- import_tasks: config_apache.yml
   when: php_apache_enable
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 12)"
@@ -104,5 +104,5 @@
     mode: "0755"
   when: php_apache_enable
 
-- include: sury_post.yml
+- import_tasks: sury_post.yml
   when: php_sury_enable

php/tasks/main_bullseye.yml

@@ -35,7 +35,7 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- import_tasks: sury_pre.yml
   when: php_sury_enable
 
 - name: "Install PHP packages (Debian 11)"
@@ -69,13 +69,13 @@
     - /etc/php
     - /etc/php/7.4
 
-- include: config_cli.yml
+- import_tasks: config_cli.yml
 - name: "Enforce permissions on PHP cli directory (Debian 11)"
   file:
     dest: /etc/php/7.4/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- import_tasks: config_fpm.yml
   when: php_fpm_enable
 
 - name: "Enforce permissions on PHP fpm directory (Debian 11)"
@@ -84,7 +84,7 @@
     mode: "0755"
   when: php_fpm_enable
 
-- include: config_apache.yml
+- import_tasks: config_apache.yml
   when: php_apache_enable
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 11)"
@@ -93,5 +93,5 @@
     mode: "0755"
   when: php_apache_enable
 
-- include: sury_post.yml
+- import_tasks: sury_post.yml
   when: php_sury_enable

php/tasks/main_buster.yml

@@ -35,7 +35,7 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- import_tasks: sury_pre.yml
   when: php_sury_enable | bool
 
 - name: "Install PHP packages (Debian 10)"
@@ -69,13 +69,13 @@
     - /etc/php
     - /etc/php/7.3
 
-- include: config_cli.yml
+- import_tasks: config_cli.yml
 - name: "Enforce permissions on PHP cli directory (Debian 10)"
   file:
     dest: /etc/php/7.3/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- import_tasks: config_fpm.yml
   when: php_fpm_enable | bool
 
 - name: "Enforce permissions on PHP fpm directory (Debian 10)"
@@ -84,7 +84,7 @@
     mode: "0755"
   when: php_fpm_enable | bool
 
-- include: config_apache.yml
+- import_tasks: config_apache.yml
   when: php_apache_enable | bool
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 10)"
@@ -93,5 +93,5 @@
     mode: "0755"
   when: php_apache_enable | bool
 
-- include: sury_post.yml
+- import_tasks: sury_post.yml
   when: php_sury_enable | bool

php/tasks/main_jessie.yml

@@ -57,14 +57,14 @@
     dest: /etc/php5
     mode: "0755"
 
-- include: config_cli.yml
+- import_tasks: config_cli.yml
 
 - name: Enforce permissions on PHP cli directory (Debian 8)
   file:
     dest: /etc/php5/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- import_tasks: config_fpm.yml
   when: php_fpm_enable | bool
 
 - name: Enforce permissions on PHP fpm directory (Debian 8)
@@ -73,7 +73,7 @@
     mode: "0755"
   when: php_fpm_enable | bool
 
-- include: config_apache.yml
+- import_tasks: config_apache.yml
   when: php_apache_enable | bool
 
 - name: Enforce permissions on PHP apache2 directory (Debian 8)

php/tasks/main_stretch.yml

@@ -35,7 +35,7 @@
       - composer
       - libphp-phpmailer
 
-- include: sury_pre.yml
+- import_tasks: sury_pre.yml
   when: php_sury_enable | bool
 
 - name: "Install PHP packages (Debian 9)"
@@ -69,14 +69,14 @@
     - /etc/php
     - /etc/php/7.0
 
-- include: config_cli.yml
+- import_tasks: config_cli.yml
 
 - name: "Enforce permissions on PHP cli directory (Debian 9)"
   file:
     dest: /etc/php/7.0/cli
     mode: "0755"
 
-- include: config_fpm.yml
+- import_tasks: config_fpm.yml
   when: php_fpm_enable | bool
 
 - name: "Enforce permissions on PHP fpm directory (Debian 9)"
@@ -85,7 +85,7 @@
     mode: "0755"
   when: php_fpm_enable | bool
 
-- include: config_apache.yml
+- import_tasks: config_apache.yml
   when: php_apache_enable | bool
 
 - name: "Enforce permissions on PHP apache2 directory (Debian 9)"
@@ -94,5 +94,5 @@
     mode: "0755"
   when: php_apache_enable | bool
 
-- include: sury_post.yml
+- import_tasks: sury_post.yml
   when: php_sury_enable | bool

postfix/tasks/main.yml

@@ -1,12 +1,12 @@
 ---
 
-- include: common.yml
+- import_tasks: common.yml
 
-- include: minimal.yml
+- import_tasks: minimal.yml
   when: not (postfix_packmail | bool)
 
-- include: packmail.yml
+- import_tasks: packmail.yml
   when: postfix_packmail | bool
 
-- include: slow_transport.yml
+- import_tasks: slow_transport.yml
   when: postfix_slow_transport_include | bool

postgresql/tasks/main.yml

@@ -1,25 +1,25 @@
 ---
-- include: locales.yml
+- import_tasks: locales.yml
 
-- include: packages_jessie.yml
+- import_tasks: packages_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: packages_stretch.yml
+- import_tasks: packages_stretch.yml
   when: ansible_distribution_release == "stretch"
 
-- include: packages_buster.yml
+- import_tasks: packages_buster.yml
   when: ansible_distribution_release == "buster"
 
-- include: packages_bullseye.yml
+- import_tasks: packages_bullseye.yml
   when: ansible_distribution_major_version is version('11', '>=')
 
-- include: config.yml
+- import_tasks: config.yml
 
-- include: nrpe.yml
+- import_tasks: nrpe.yml
 
-- include: munin.yml
+- import_tasks: munin.yml
 
-- include: logrotate.yml
+- import_tasks: logrotate.yml
 
-- include: postgis.yml
+- import_tasks: postgis.yml
   when: postgresql_install_postgis | bool

postgresql/tasks/packages_bookworm.yml

@@ -5,7 +5,7 @@
     postgresql_version: '15'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- import_tasks: pgdg-repo.yml
   when: postgresql_version != '15'
 
 - name: Install postgresql package

postgresql/tasks/packages_bullseye.yml

@@ -5,7 +5,7 @@
     postgresql_version: '13'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- import_tasks: pgdg-repo.yml
   when: postgresql_version != '13'
 
 - name: Install postgresql package

postgresql/tasks/packages_buster.yml

@@ -5,7 +5,7 @@
     postgresql_version: '11'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- import_tasks: pgdg-repo.yml
   when: postgresql_version != '11'
 
 - name: Install postgresql package

postgresql/tasks/packages_jessie.yml

@@ -5,7 +5,7 @@
     postgresql_version: '9.4'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- import_tasks: pgdg-repo.yml
   when: postgresql_version != '9.4'
 
 - name: Install postgresql package

postgresql/tasks/packages_stretch.yml

@@ -5,7 +5,7 @@
     postgresql_version: '9.6'
   when: postgresql_version is none or postgresql_version | length == 0
 
-- include: pgdg-repo.yml
+- import_tasks: pgdg-repo.yml
   when: postgresql_version != '9.6'
 
 - name: Install postgresql package

proftpd/tasks/accounts.yml

@@ -1,5 +1,5 @@
 ---
-- include: accounts_password.yml
+- import_tasks: accounts_password.yml
   when: item.password is undefined
   loop: "{{ proftpd_accounts }}"
   tags:

proftpd/tasks/main.yml

@@ -93,5 +93,5 @@
   tags:
     - proftpd
 
-- include: accounts.yml
+- import_tasks: accounts.yml
   when: proftpd_accounts | length > 0

rabbitmq/tasks/main.yml

@@ -34,7 +34,7 @@
   tags:
     - nrpe
 
-- include: nrpe.yml
+- import_tasks: nrpe.yml
   when: nrpe_evolix_config.stat.exists
 
 - name: is Munin present ?
@@ -45,7 +45,7 @@
   tags:
     - nrpe
 
-- include: munin.yml
+- import_tasks: munin.yml
   when: etc_munin_directory.stat.exists
 
 - name: entry for RabbitMQ in web page is present

redis/tasks/main.yml

@@ -12,7 +12,7 @@
     reload: yes
 
 - name: Customize Kernel Transparent Huge Page
-  include: thp.yml
+  import_tasks: thp.yml
   when: redis_sysctl_transparent_hugepage_enabled is not none
 
 - name: Redis is installed
@@ -76,11 +76,11 @@
     - redis_bind_interface | length > 0
 
 - name: configure Redis for default mode
-  include: default-server.yml
+  import_tasks: default-server.yml
   when: redis_instance_name is not defined
 
 - name: configure Redis for instance mode
-  include: instance-server.yml
+  import_tasks: instance-server.yml
   when: redis_instance_name is defined
 
 - name: Is Munin installed
@@ -92,7 +92,7 @@
     - munin
 
 - name: configure Munin for default mode
-  include: default-munin.yml
+  import_tasks: default-munin.yml
   when:
     - _munin_installed.stat.exists
     - _munin_installed.stat.isdir
@@ -102,7 +102,7 @@
     - munin
 
 - name: configure Munin for instance mode
-  include: instance-munin.yml
+  import_tasks: instance-munin.yml
   when:
     - _munin_installed.stat.exists
     - _munin_installed.stat.isdir
@@ -120,7 +120,7 @@
     - log2mail
 
 - name: configure log2mail for default mode
-  include: default-log2mail.yml
+  import_tasks: default-log2mail.yml
   when:
     - _log2mail_installed.stat.exists
     - _log2mail_installed.stat.isdir
@@ -130,7 +130,7 @@
     - log2mail
 
 - name: configure log2mail for instance mode
-  include: instance-log2mail.yml
+  import_tasks: instance-log2mail.yml
   when:
     - _log2mail_installed.stat.exists
     - _log2mail_installed.stat.isdir
@@ -148,7 +148,7 @@
     - redis
     - nrpe
 
-- include: nrpe.yml
+- import_tasks: nrpe.yml
   when: nrpe_evolix_config.stat.exists
   tags:
     - redis

redmine/tasks/main.yml

@@ -1,13 +1,13 @@
 ---
-- include: packages.yml
-- include: syslog.yml
-- include: user.yml
+- import_tasks: packages.yml
+- import_tasks: syslog.yml
+- import_tasks: user.yml
 - include_role:
     name: evolix/rbenv
   vars:
     - username: "{{ redmine_user }}"
-- include: config.yml
-- include: mysql.yml
-- include: source.yml
-- include: release.yml
-- include: nginx.yml
+- import_tasks: config.yml
+- import_tasks: mysql.yml
+- import_tasks: source.yml
+- import_tasks: release.yml
+- import_tasks: nginx.yml

squid/tasks/main.yml

@@ -152,15 +152,15 @@
   notify: "reload squid"
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include: systemd.yml
+- import_tasks: systemd.yml
   when: ansible_distribution_major_version is version('10', '>=')
 
-- include: logrotate_jessie.yml
+- import_tasks: logrotate_jessie.yml
   when: ansible_distribution_release == "jessie"
 
-- include: logrotate_stretch.yml
+- import_tasks: logrotate_stretch.yml
   when: ansible_distribution_major_version is version('9', '>=')
 
-- include: minifirewall.yml
+- import_tasks: minifirewall.yml
 
-- include: log2mail.yml
+- import_tasks: log2mail.yml

ssl/tasks/main.yml

@@ -39,5 +39,5 @@
   tags:
     - ssl
 
-- include: haproxy.yml
+- import_tasks: haproxy.yml
   when: haproxy_check.rc == 0

tomcat-instance/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
-- include: check.yml
-- include: user.yml
-- include: systemd.yml
-- include: alias.yml
-- include: bootstrap.yml
+- import_tasks: check.yml
+- import_tasks: user.yml
+- import_tasks: systemd.yml
+- import_tasks: alias.yml
+- import_tasks: bootstrap.yml

tomcat/tasks/main.yml

@@ -1,4 +1,4 @@
 ---
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: nagios.yml
+- import_tasks: nagios.yml

varnish/tasks/main.yml

@@ -189,4 +189,4 @@
     group: varnish
     mode: "0750"
 
-- include: munin.yml
+- import_tasks: munin.yml

vrrpd/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 - name: Install Evolix public repositry
-  include_role:
+  import_role:
     name: evolix/apt
     tasks_from: evolix_public.yml
   tags:
@@ -58,7 +58,7 @@
     - vrrpd
 
 - name: Create VRRP address
-  include: ip.yml
+  include_tasks: ip.yml
   loop: "{{ vrrp_addresses }}"
   loop_control:
-    loop_var: "vrrp_address"
+    loop_var: "vrrp_address"

webapps/evoadmin-mail/tasks/main.yml

@@ -20,12 +20,12 @@
   tags:
     - evoadmin-mail
 
-- include: ssl.yml
+- import_tasks: ssl.yml
 
-- include: apache.yml
+- import_tasks: apache.yml
   when: evoadminmail_webserver == "apache"
 
-- include: nginx.yml
+- import_tasks: nginx.yml
   when: evoadminmail_webserver == "nginx"
 
 - name: enable evoadmin-mail link in default site index

webapps/evoadmin-web/tasks/main.yml

@@ -5,17 +5,17 @@
     msg: Please configure var evoadmin_contact_email
   when: evoadmin_contact_email is none or evoadmin_contact_email | length == 0
 
-- include: packages.yml
+- import_tasks: packages.yml
 
-- include: user.yml
+- import_tasks: user.yml
 
-- include: config.yml
+- import_tasks: config.yml
 
-- include: ssl.yml
+- import_tasks: ssl.yml
 
-- include: web.yml
+- import_tasks: web.yml
 
-- include: ftp.yml
+- import_tasks: ftp.yml
 
 - name: enable evoadmin-web link in default site index
   blockinfile:

webapps/nextcloud/tasks/main.yml

@@ -43,14 +43,14 @@
     - nextcloud
   when: ansible_python_version is version('3', '>=')
 
-- include: apache-system.yml
+- import_tasks: apache-system.yml
 
-- include: user.yml
+- import_tasks: user.yml
 
-- include: archive.yml
+- import_tasks: archive.yml
 
-- include: apache-vhost.yml
+- import_tasks: apache-vhost.yml
 
-- include: mysql-user.yml
+- import_tasks: mysql-user.yml
 
-- include: config.yml
+- import_tasks: config.yml