Use “when: not ansible_check_mode” or “when <file>.stat.exists or not
ansible_check_mode” in order to provide a meaningful diff if possible.
This is an improvement from the previously reverted commit
1728eaee68.
Now the list of whitelisted ip addresses can be updated simply by
including the specific tasks in an external playbook without polluting
our role list.
This change takes effect for nginx, apache and fail2ban.