Update to 2022-03-07 15:00

roles/fusioninventory_agent/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Deploy FusionInventory Agent config
   template: src=agent.cfg.j2 dest=/etc/fusioninventory/agent.cfg mode=640

roles/g2cs/tasks/main.yml

@@ -1,7 +1,14 @@
 ---
 
-- include: user.yml
-- include: install.yml
-- include: iptables.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: service.yml
+  tags: always
+
+- include_tasks: service.yml
+  tags: always

roles/gitea/tasks/iptables.yml

@@ -5,8 +5,7 @@
     name: "{{ item.name }}"
     state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
     rules: "-A INPUT -m state --state NEW -p tcp --dport {{ item.port }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
-  when: iptables_manage | default(True)
-  with_items:
+  loop:
     - port: "{{ gitea_web_port }}"
       name: gitea_web_port
       src_ip: "{{ gitea_web_src_ip }}"

roles/gitea/tasks/main.yml

@@ -1,16 +1,40 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: gitea_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
-- include: service.yml
-- include: admin_user.yml
-- include: archive_post.yml
-  when: gitea_install_mode == 'upgrade'
-- include: write_version.yml
-- include: cleanup.yml
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: gitea_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: admin_user.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: gitea_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always

roles/graylog/tasks/main.yml

@@ -1,16 +1,40 @@
 ---
 
-- include: facts.yml
-- include: user.yml
-- include: directories.yml
-- include: archive_pre.yml
-  when: graylog_install_mode == 'upgrade'
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
-- include: service.yml
-- include: write_version.yml
-- include: cleanup.yml
-- include: archive_post.yml
-  when: graylog_install_mode == 'upgrade'
-- include: filebeat.yml
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: user.yml
+  tags: always
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: graylog_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
+  when: iptables_manage | default(True)
+  tags: always
+
+- include_tasks: service.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: graylog_install_mode | default('none') == 'upgrade'
+  tags: always
+
+- include_tasks: filebeat.yml
+  tags: always

roles/rabbitmq_server/tasks/main.yml

@@ -1,8 +1,17 @@
 ---
 
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: iptables.yml
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: conf.yml
+  tags: always
+
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
+  tags: always
+
+- include_tasks: services.yml
+  tags: always

roles/repo_base/tasks/AlmaLinux-8.yml

@@ -24,7 +24,17 @@
       dir: PowerTools
   tags: repo
 
-- include: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
-- include: fws_{{ ansible_os_family }}.yml
-- include: dbd_{{ ansible_os_family }}.yml
-- include: postgres_client_{{ ansible_os_family }}.yml
+- name: Remove obsolete repo
+  file: path=/etc/yum.repos.d/{{ item }}.repo state=absent
+  loop:
+    - fws
+  tags: repo
+
+- include_tasks: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+  tags: always
+
+- include_tasks: dbd_{{ ansible_os_family }}.yml
+  tags: always
+
+- include_tasks: postgres_client_{{ ansible_os_family }}.yml
+  tags: always

roles/repo_base/tasks/CentOS-7.yml

@@ -44,9 +44,14 @@
     - redis
     - fws-extra-nginx
     - CentOS-Linux-BaseOS
+    - fws
   tags: repo
 
-- include: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
-- include: fws_{{ ansible_os_family }}.yml
-- include: dbd_{{ ansible_os_family }}.yml
-- include: postgres_client_{{ ansible_os_family }}.yml
+- include_tasks: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+  tags: always
+
+- include_tasks: dbd_{{ ansible_os_family }}.yml
+  tags: always
+
+- include_tasks: postgres_client_{{ ansible_os_family }}.yml
+  tags: always

roles/repo_base/tasks/CentOS-8.yml

@@ -118,9 +118,14 @@
     - CentOS-cr
     - CentOS-extras
     - CentOS-fasttrack
+    - fws
   tags: repo
 
-- include: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
-- include: fws_{{ ansible_os_family }}.yml
-- include: dbd_{{ ansible_os_family }}.yml
-- include: postgres_client_{{ ansible_os_family }}.yml
+- include_tasks: epel_{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+  tags: always
+
+- include_tasks: dbd_{{ ansible_os_family }}.yml
+  tags: always
+
+- include_tasks: postgres_client_{{ ansible_os_family }}.yml
+  tags: always

roles/repo_base/tasks/main.yml

@@ -1,6 +1,6 @@
 ---
 
-- include: '{{ repo_item }}'
+- include_tasks: '{{ repo_item }}'
   with_first_found:
     - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml'
     - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml'
@@ -8,5 +8,5 @@
     - '{{ ansible_os_family }}.yml'
   loop_control:
     loop_var: repo_item
-  tags: repo
+  tags: always
 

roles/repo_docker/tasks/main.yml

@@ -1,3 +1,4 @@
 ---
 
-- include: "{{ ansible_os_family }}.yml"
+- include_tasks: "{{ ansible_os_family }}.yml"
+  tags: always

roles/repo_elasticsearch/tasks/main.yml

@@ -1,3 +1,4 @@
 ---
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always

roles/repo_filebeat/tasks/main.yml

@@ -1,3 +1,4 @@
 ---
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always

roles/repo_zabbix/tasks/main.yml

@@ -1,3 +1,4 @@
 ---
 
-- include: "{{ ansible_os_family }}.yml"
+- include_tasks: "{{ ansible_os_family }}.yml"
+  tags: always

roles/rpm_build_server/tasks/main.yml

@@ -1,9 +1,16 @@
 ---
 
-- include: facts.yml
-- include: requirements.yml
-- include: user.yml
-- include: directories.yml
-- include: install.yml
-- include: conf.yml
-- include: services.yml
+- include_tasks: facts.yml
+  tags: always
+- include_tasks: requirements.yml
+  tags: always
+- include_tasks: user.yml
+  tags: always
+- include_tasks: directories.yml
+  tags: always
+- include_tasks: install.yml
+  tags: always
+- include_tasks: conf.yml
+  tags: always
+- include_tasks: services.yml
+  tags: always

roles/rust/tasks/main.yml

@@ -1,6 +1,10 @@
 ---
 
-- include: facts.yml
-- include: directories.yml
-- include: install.yml
-- include: cleanup.yml
+- include_tasks: facts.yml
+  tags: always
+- include_tasks: directories.yml
+  tags: always
+- include_tasks: install.yml
+  tags: always
+- include_tasks: cleanup.yml
+  tags: always

roles/samba/tasks/main.yml

@@ -1,11 +1,18 @@
 ---
 
-- include: facts.yml
-- include: directory.yml
-- include: install.yml
-- include: conf.yml
-- include: selinux.yml
+- include_tasks: facts.yml
+  tags: always
+- include_tasks: directory.yml
+  tags: always
+- include_tasks: install.yml
+  tags: always
+- include_tasks: conf.yml
+  tags: always
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: iptables.yml
+  tags: always
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: filebeat.yml
+  tags: always
+- include_tasks: filebeat.yml
+  tags: always

roles/seadrive/tasks/main.yml

@@ -69,8 +69,9 @@
   loop: "{{ seadrive_remove_instances }}"
   tags: seadrive
 
-- include: selinux.yml
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
+  tags: always
 
 - name: Obtain API Tokens
   uri:

roles/sftpgo/tasks/main.yml

@@ -1,18 +1,30 @@
 ---
 
-- include: user.yml
-- include: directories.yml
-- include: facts.yml
-- include: archive_pre.yml
-  when: sftpgo_install_mode == 'upgrade'
-- include: install.yml
-- include: selinux.yml
+- include_tasks: user.yml
+  tags: always
+- include_tasks: directories.yml
+  tags: always
+- include_tasks: facts.yml
+  tags: always
+- include_tasks: archive_pre.yml
+  when: sftpgo_install_mode | default('none') == 'upgrade'
+  tags: always
+- include_tasks: install.yml
+  tags: always
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: conf.yml
-- include: iptables.yml
+  tags: always
+- include_tasks: conf.yml
+  tags: always
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: services.yml
-- include: write_version.yml
-- include: archive_post.yml
-  when: sftpgo_install_mode == 'upgrade'
-- include: cleanup.yml
+  tags: always
+- include_tasks: services.yml
+  tags: always
+- include_tasks: write_version.yml
+  tags: always
+- include_tasks: archive_post.yml
+  when: sftpgo_install_mode | default('none') == 'upgrade'
+  tags: always
+- include_tasks: cleanup.yml
+  tags: always

roles/squid/tasks/main.yml

@@ -12,23 +12,23 @@
 
 - name: Identify intercept HTTP ports (if any)
   set_fact: squid_intercept_http_ports={{ squid_http_ports | selectattr('port','defined') | selectattr('mode','defined') | selectattr('mode','equalto','intercept') | map(attribute='port') | list }}
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: Identify intercept HTTPS ports (if any)
   set_fact: squid_intercept_https_ports={{ squid_https_ports | selectattr('port','defined') | selectattr('mode','defined') | selectattr('mode','equalto','intercept') | map(attribute='port') | list }}
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: List HTTP ports
   set_fact: squid_http_ports_list={{ squid_http_ports | selectattr('port','defined') | map(attribute='port') | list }}
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: List HTTPS ports
   set_fact: squid_https_ports_list={{ squid_https_ports | selectattr('port','defined') | map(attribute='port') | list }}
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: List TCP port to handle
   set_fact: squid_ports={{ squid_http_ports_list + squid_https_ports_list }}
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: Add a NAT rule for transparent proxying of clear HTTP
   iptables_raw:
@@ -37,7 +37,7 @@
     table: nat
     rules: "-A PREROUTING -p tcp -m multiport --dports {{ squid_nat_http_ports | join(',') }} ! -d {{ ansible_default_ipv4.address }} -j DNAT --to {{ ansible_default_ipv4.address }}:{{ squid_intercept_http_ports | first }}"
   when: iptables_manage | default(True)
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: Add a NAT rule for transparent proxying of HTTPS
   iptables_raw:
@@ -46,7 +46,7 @@
     table: nat
     rules: "-A PREROUTING -p tcp -m multiport --dports {{ squid_nat_https_ports | join(',') }} ! -d {{ ansible_default_ipv4.address }} -j DNAT --to {{ ansible_default_ipv4.address }}:{{ squid_intercept_https_ports | first }}"
   when: iptables_manage | default(True)
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: Handle squid ports
   iptables_raw:
@@ -54,7 +54,7 @@
     state: "{{ (squid_src_ip | length > 0) | ternary('present','absent') }}"
     rules: "-A INPUT -m state --state NEW -p tcp -m multiport --dports {{ squid_ports | join(',') }} -s {{ squid_src_ip | join(',') }} -j ACCEPT"
   when: iptables_manage | default(True)
-  tags: [firewall,proxy]
+  tags: firewall,proxy
 
 - name: Create TLS directory
   file: path=/etc/squid/tls state=directory group=squid mode=750
@@ -182,8 +182,9 @@
   when: squid_clam_unit.changed or squid_c_icap_unit.changed or squid_unit.changed
   tags: proxy
 
-- include: selinux.yml
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
+  tags: always
 
 - name: Create ufdbGuard log directory
   file: path=/var/log/ufdbguard state=directory owner=ufdb group=ufdb mode=750
@@ -255,4 +256,5 @@
   service: name={{ squid_ufdb_unit.stat.exists | ternary('ufdbGuard','ufdb') }} state={{ squid_filter_url | ternary('started','stopped') }} enabled={{ squid_filter_url | ternary(True,False) }}
   tags: proxy
 
-- include: filebeat.yml
+- include_tasks: filebeat.yml
+  tags: always

roles/ssh/tasks/main.yml

@@ -1,12 +1,19 @@
 ---
 
-- include: facts.yml
-- include: install.yml
-- include: conf.yml
-- include: selinux.yml
+- include_tasks: facts.yml
+  tags: always
+- include_tasks: install.yml
+  tags: always
+- include_tasks: conf.yml
+  tags: always
+- include_tasks: selinux.yml
   when: ansible_selinux.status == 'enabled'
-- include: iptables.yml
+  tags: always
+- include_tasks: iptables.yml
   when: iptables_manage | default(True)
-- include: service.yml
-- include: cleanup.yml
+  tags: always
+- include_tasks: service.yml
+  tags: always
+- include_tasks: cleanup.yml
+  tags: always
 

roles/sssd_ad_auth/tasks/main.yml

@@ -7,13 +7,15 @@
 - set_fact: ad_trusted_domains={{ ad_trusted_domains_conf | default([]) }}
   tags: auth
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Set LDAP base
   set_fact: ad_ldap_base=DC={{ ad_realm | regex_replace('\.',',DC=') }}
   tags: auth
 
 - include_tasks: pam_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Check if there's a secrets.tdb DB
   stat: path=/var/lib/samba/private/secrets.tdb
@@ -39,7 +41,7 @@
   register: ad_keytab
   tags: auth
 
-  # We need to have our correct hostname before joining the domain !!
+# We need to have our correct hostname before joining the domain !!
 - name: Set system hostname
   hostname: name={{ system_hostname | default(inventory_hostname | regex_replace('^([^\.]+)\..*','\\1')) }}
   tags: auth
@@ -91,9 +93,8 @@
     - oddjobd
   tags: auth
 
-  # On el8 for example, sssd is already installed and running on a default setup
-  # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
-  # We can't rely on the handler, because it would only run at the end of the playbook
+# On el8 for example, sssd is already installed and running on a default setup
+# so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
 - name: Restart sssd if needed
   service: name=sssd state=restarted
   when: ad_join.changed or ad_trusted_join.results | selectattr('changed','equalto',True) | list | length > 0

roles/sssd_ldap_auth/tasks/main.yml

@@ -1,6 +1,7 @@
 ---
 
-- include: install_{{ ansible_os_family }}.yml
+- include_tasks: install_{{ ansible_os_family }}.yml
+  tags: always
 
 - name: Deploy sssd config
   template: src=sssd.conf.j2 dest=/etc/sssd/sssd.conf owner=root group=root mode=0600
@@ -8,9 +9,8 @@
   notify: restart sssd
   tags: auth
 
-  # On el8 for example, sssd is already installed and running on a default setup
-  # so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
-  # We can't rely on the handler, because it would only run at the end of the playbook
+# On el8 for example, sssd is already installed and running on a default setup
+# so we need to restart it now, so users are available (for eg, ssh authorized_keys setup)
 - name: Restart sssd if needed
   service: name=sssd state=restarted
   when: sssd_config.changed
@@ -39,4 +39,5 @@
   when: ansible_distribution != 'Debian' or ansible_distribution_major_version is version('9', '>=')
   tags: auth
 
-- include: pam_{{ ansible_os_family }}.yml
+- include_tasks: pam_{{ ansible_os_family }}.yml
+  tags: always

roles/timers/tasks/facts.yml

@@ -4,6 +4,7 @@
   set_fact: system_timers_conf={{ system_timers_conf | default([]) + [ system_timer_defaults | combine(item, recursive=True) ] }}
   loop: "{{ system_timers }}"
   tags: system,cron
+
 - set_fact: system_timers={{ system_timers_conf | default([]) }}
   tags: system,cron
 

roles/timers/tasks/main.yml

@@ -1,4 +1,6 @@
 ---
 
-- include: facts.yml
-- include: install.yml
+- include_tasks: facts.yml
+  tags: always
+- include_tasks: install.yml
+  tags: always