Add "always_run: yes" where it's pertinent

There is also the "check_mode: no", but commented,
for when we switch to Ansible 2.2

admin-users/tasks/adduser_debian.yml

@@ -5,6 +5,8 @@
   register: uidisbusy
   failed_when: False
   changed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Add Unix account with classical uid for '{{ user.name }}'
   user:
@@ -37,6 +39,8 @@
   stat:
     path: "/usr/share/scripts/evomaintenance.sh"
   register: evomaintenance_script
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Add evomaintenance trap for '{{ user.name }}'
   lineinfile:
@@ -65,6 +69,8 @@
   changed_when: False
   failed_when: False
   register: grep_allowusers_ssh
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Add AllowUsers sshd directive for '{{ user.name }}'
   lineinfile:
@@ -89,6 +95,8 @@
   changed_when: False
   failed_when: False
   register: grep_matchuser_ssh
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Add Match User sshd directive for '{{ user.name }}'
   lineinfile:

apache/tasks/main.yml

@@ -123,6 +123,8 @@
   failed_when: False
   changed_when: False
   register: envvar_grep_umask
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   tags:
     - apache
 

drbd-utils/tasks/munin.yml

@@ -4,6 +4,8 @@
   stat:
     path: /etc/munin/plugins/
   register: munin_plugins_dir
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 # https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/drbd/drbd
 - name: Get Munin plugin

drbd-utils/tasks/nagios.yml

@@ -4,6 +4,8 @@
   stat:
     path: /usr/local/lib/nagios/plugins/
   register: nagios_plugins_dir
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Check if /usr is a partition
   shell: "mount | grep 'on /usr type'"
@@ -12,6 +14,8 @@
   changed_when: False
   failed_when: False
   register: usr_partition
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Mount /usr in rw
   command: mount -o remount,rw /usr

elasticsearch/tasks/datadir.yml

@@ -5,11 +5,15 @@
     stat:
       path: "{{ elasticsearch_custom_datadir }}"
     register: elasticsearch_custom_datadir_test
+    #check_mode: no (for migration to Ansible 2.2)
+    always_run: yes
 
   - name: "read the real datadir"
     command: readlink -f /var/lib/elasticsearch
     changed_when: false
     register: elasticsearch_current_real_datadir_test
+    #check_mode: no (for migration to Ansible 2.2)
+    always_run: yes
   tags:
     - elasticsearch
   when: elasticsearch_custom_datadir

elasticsearch/tasks/tmpdir.yml

@@ -5,6 +5,8 @@
   register: fstab_tmp_noexec
   failed_when: False
   changed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - block:
   - name: "Create {{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}"

etc-git/tasks/main.yml

@@ -42,6 +42,8 @@
   changed_when: False
   failed_when: False
   register: git_log
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: initial commit is present?
   shell: "git add -A . && git commit -m \"Initial commit via Ansible\""

evoacme/tasks/certbot.yml

@@ -45,6 +45,8 @@
       warn: no
     changed_when: False
     failed_when: False
+    #check_mode: no (for migration to Ansible 2.2)
+    always_run: yes
     register: usr_partition
 
   - name: Mount /usr in rw

evoacme/tasks/webserver.yml

@@ -2,9 +2,13 @@
 - name: Determine Nginx presence
   stat:
     path: /etc/nginx/nginx.conf
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: stn
 
 - name: Determine Apache presence
   stat:
     path: /etc/apache2/apache2.conf
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: sta

evolinux-base/tasks/default_www.yml

@@ -53,6 +53,8 @@
 - name: is Nginx installed?
   stat:
     path: /etc/nginx/sites-available
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: nginx_sites_available
 
 - block:
@@ -84,6 +86,8 @@
 - name: is Apache installed?
   stat:
     path: /etc/apache2/sites-available
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: apache_sites_available
 
 - block:

evolinux-base/tasks/fstab.yml

@@ -4,6 +4,8 @@
 
 - name: Fetch fstab content
   command: "grep -v '^#' /etc/fstab"
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: fstab_content
   failed_when: False
   changed_when: False

evolinux-base/tasks/hardware.yml

@@ -8,6 +8,8 @@
 
 - name: Check if Broadcom NetXtreme II device is present
   shell: "lspci | grep -q 'NetXtreme II'"
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: broadcom
   failed_when: False
   changed_when: False
@@ -25,6 +27,8 @@
 
 - name: Detect if RAID is installed
   shell: lspci | grep "RAID bus controller" | grep -v Intel
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: raidmodel
   changed_when: "'FAILED' in raidmodel.stdout"
   failed_when: "'FAILED' in raidmodel.stdout"

evolinux-base/tasks/packages.yml

@@ -62,6 +62,8 @@
 
 - name: is an MTA installed?
   command: "dpkg -S /usr/sbin/sendmail"
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: mta_installed
   failed_when: False
   changed_when: False

evolinux-base/tasks/postfix.yml

@@ -14,6 +14,8 @@
 
 - name: fetch users list
   shell: getent passwd | cut -d":" -f 1 | grep -v root
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: non_root_users_list
   changed_when: False
   tags:

evolinux-base/tasks/root.yml

@@ -44,6 +44,8 @@
 
 - name: Is .bash_history append-only
   shell: lsattr /root/.bash_history | grep -E "^.*a.* "
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: bash_history_append_only
   failed_when: False
   changed_when: False

evolinux-base/tasks/ssh.yml

@@ -3,6 +3,8 @@
   command: "grep 'Match Address' /etc/ssh/sshd_config"
   changed_when: False
   failed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: grep_matchaddress_ssh
 
 - name: Add Match Address sshd directive

evomaintenance/tasks/main.yml

@@ -13,6 +13,8 @@
 - name: list users with a shell
   shell: "cat /etc/passwd | grep -vE \"^root:\"  | grep -E \":/[^:]+sh$\" | cut -d: -f6"
   changed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: home_of_shell_users
 
 - include: trap.yml home={{ item }}

evomaintenance/tasks/trap.yml

@@ -1,6 +1,8 @@
 - name: is {{ home }}/.bash_profile present?
   stat:
     path: "{{ home }}/.bash_profile"
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: bash_profile
 
 - name: install shell trap in {{ home }}/.bash_profile
@@ -14,6 +16,8 @@
 - name: is {{ home }}/.profile present?
   stat:
     path: "{{ home }}/.profile"
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: profile
   when: not bash_profile.stat.exists
 

filebeat/tasks/main.yml

@@ -20,10 +20,14 @@
 - name: is logstash-plugin available?
   stat:
     path: /usr/share/logstash/bin/logstash-plugin
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: logstash_plugin
 
 - name: is logstash-input-beats installed?
   shell: grep logstash-input-beats /usr/share/logstash/Gemfile
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: logstash_plugin_installed
   failed_when: false
   changed_when: false
@@ -36,6 +40,8 @@
       warn: no
     changed_when: False
     failed_when: False
+    #check_mode: no (for migration to Ansible 2.2)
+    always_run: yes
     register: usr_partition
 
   - name: Mount /usr in rw

kvm-host/tasks/main.yml

@@ -7,6 +7,8 @@
     warn: no
   changed_when: False
   failed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: usr_partition
 
 - name: Mount /usr in rw

minifirewall/tasks/config.yml

@@ -4,8 +4,11 @@
   command: /sbin/iptables -L -n | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$"
   changed_when: False
   failed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: minifirewall_is_running
-  check_mode: no
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
 
 - name: Begin marker for IP addresses
   lineinfile:

minifirewall/tasks/install.yml

@@ -12,6 +12,8 @@
 - name: is init script present?
   stat:
     path: /etc/init.d/minifirewall
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: init_minifirewall
 
 - name: init script is copied
@@ -22,6 +24,8 @@
 - name: is configuration present?
   stat:
     path: /etc/default/minifirewall
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: default_minifirewall
 
 - name: configuration is copied

mysql/tasks/datadir.yml

@@ -4,11 +4,15 @@
   - name: "Is {{ mysql_custom_datadir }} present ?"
     stat:
       path: "{{ mysql_custom_datadir }}"
+    #check_mode: no (for migration to Ansible 2.2)
+    always_run: yes
     register: mysql_custom_datadir_test
 
   - name: "read the real datadir"
     command: readlink -f /var/lib/mysql
     changed_when: False
+    #check_mode: no (for migration to Ansible 2.2)
+    always_run: yes
     register: mysql_current_real_datadir_test
   tags:
     - mysql

mysql/tasks/log2mail.yml

@@ -3,6 +3,8 @@
 - name: Is log2mail present ?
   stat:
     path: /etc/log2mail/config
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: log2mail_config_dir
   tags:
     - mysql

mysql/tasks/munin.yml

@@ -3,6 +3,8 @@
 - name: is Munin present ?
   stat:
     path: /etc/munin/plugin-conf.d/munin-node
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: munin_node_plugins_config
   tags:
     - mysql

mysql/tasks/nrpe.yml

@@ -3,6 +3,8 @@
 - name: is NRPE present ?
   stat:
     path: /etc/nagios/nrpe.d/evolix.cfg
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: nrpe_evolix_config
   tags:
     - mysql

nginx/tasks/main.yml

@@ -120,6 +120,8 @@
 - name: Check if Munin is installed
   stat:
     path: /etc/munin/plugin-conf.d/munin-node
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: stat_munin_node
   tags:
   - nginx

rbenv/tasks/main.yml

@@ -80,8 +80,8 @@
   become_user: "{{ username }}"
   failed_when: False
   changed_when: False
-  register: ruby_installed
   always_run: yes
+  register: ruby_installed
   tags:
   - rbenv
 
@@ -95,9 +95,9 @@
 - name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ?
   shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'"
   become_user: "{{ username }}"
+  always_run: yes
   register: ruby_selected
   changed_when: False
-  always_run: yes
   tags:
   - rbenv
 

squid/tasks/log2mail.yml

@@ -3,6 +3,8 @@
 - name: is log2mail installed?
   stat:
     path: /etc/log2mail/config/
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: log2mail_config
 
 - block:

squid/tasks/minifirewall.yml

@@ -2,6 +2,8 @@
 - name: Check if Minifirewall is present
   stat:
     path: /etc/default/minifirewall
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: minifirewall_test
 
 - name: configure Minifirewall for Squid

tomcat-instance/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - stat:
     path: "{{ tomcat_instance_root | mandatory }}/{{ tomcat_instance_name | mandatory }}"
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: tomcat_instance_stat
 
 - include: tomcat.yml

tomcat-instance/tasks/nagios.yml

@@ -10,6 +10,8 @@
     warn: no
   changed_when: False
   failed_when: False
+  #check_mode: no (for migration to Ansible 2.2)
+  always_run: yes
   register: usr_partition
 
 - name: Mount /usr in rw