From deb53caee5725cad7c2c29b72d9c89acb70345fc Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sun, 25 Mar 2018 15:55:51 +0200
Subject: [PATCH] ansible-playbooks/general#72 Always use import_tasks or
 include_tasks instead of just include

---
 tasks/admin_keys.yml | 26 ++++++++------
 tasks/main.yml       |  6 ++--
 tasks/user_keys.yml  | 80 +++++++++++++++++++++++---------------------
 3 files changed, 60 insertions(+), 52 deletions(-)

diff --git a/tasks/admin_keys.yml b/tasks/admin_keys.yml
index 301cae5..637662e 100644
--- a/tasks/admin_keys.yml
+++ b/tasks/admin_keys.yml
@@ -1,14 +1,18 @@
 ---
 # file: roles/commonkeys/tasks/admin_keys.yml
 
-- name: "Read public key of admin user"
-  shell: cat /home/{{ username }}/.ssh/id_rsa.pub
-  register: pubkey
-
-- name: "Distribute public key of admin user"
-  authorized_key:
-    user='{{ username }}'
-    key="{{ hostvars[item].pubkey.stdout }} {{ item }}"
-    path='/home/{{ username }}/.ssh/fresh_auth_keys_tunnel_{{ item }}'
-  with_items: '{{ groups.all }}'
-  when: item != "localhost" and inventory_hostname != "localhost" and hostvars[item].pubkey is defined
+- block:
+
+  - name: "Read public key of admin user"
+    shell: cat /home/{{ username }}/.ssh/id_rsa.pub
+    register: pubkey
+
+  - name: "Distribute public key of admin user"
+    authorized_key:
+      user='{{ username }}'
+      key="{{ hostvars[item].pubkey.stdout }} {{ item }}"
+      path='/home/{{ username }}/.ssh/fresh_auth_keys_tunnel_{{ item }}'
+    with_items: '{{ groups.all }}'
+    when: item != "localhost" and inventory_hostname != "localhost" and hostvars[item].pubkey is defined
+
+  tags: 'Keys'
diff --git a/tasks/main.yml b/tasks/main.yml
index 0757924..00cc362 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,21 +8,21 @@
 - block:
 
   - name: "Reset all hosts"
-    include: reset.yml
+    include_tasks: reset.yml
     with_items: '{{ groups.all }}'
     loop_control:
       loop_var: hostname
     when: hostname != "localhost" and inventory_hostname != "localhost"
 
   - name: "Admin keys"
-    include: admin_keys.yml
+    include_tasks: admin_keys.yml
     loop_control:
       loop_var: username
     with_items: '{{ admins }}'
     tags: 'Keys'
 
   - name: "User keys"
-    include: user_keys.yml
+    include_tasks: user_keys.yml
     with_flattened:
       - '{{ admins }}'
       - '{{ jailusers }}'
diff --git a/tasks/user_keys.yml b/tasks/user_keys.yml
index edea41d..f3b68c0 100644
--- a/tasks/user_keys.yml
+++ b/tasks/user_keys.yml
@@ -1,41 +1,45 @@
 ---
 # file: roles/commonkeys/tasks/user_keys.yml
 
-- name: "Keys | Remove the fresh auth file in case it does already exist"
-  file:
-    path=/home/{{ username }}/.ssh/auth_keys_fresh
-    state=absent
-
-- name: "Keys | Install Public Keys For Desktop-To-Server Communication in a fresh file"
-  authorized_key:
-    user={{ username }}
-    key="{{ lookup('file', inventory_dir + '/files/keys/' + username + '.d2s.pub') }}"
-    path=/home/{{ username }}/.ssh/fresh_auth_keys_{{ username }}
-    key_options={{ users[username]['ssh_key_options']|default(omit) }}
-
-- name: "Keys | Merge all public keys"
-  shell: cat /home/{{ username }}/.ssh/fresh_auth_keys* > /home/{{ username }}/.ssh/auth_keys_fresh
-
-- name: "Keys | Remove temp files"
-  shell: rm /home/{{ username }}/.ssh/fresh_auth_keys_*
-
-- name: "Keys | Set ownership of authorized key file"
-  file:
-    path="/home/{{ username }}/.ssh/auth_keys_fresh"
-    owner="{{ username }}"
-    group="root"
-
-- name: "Keys | Set permission for authorized key file"
-  file:
-    path="/home/{{ username }}/.ssh/auth_keys_fresh"
-    mode='600'
-
-- name: "Keys | Make sure the authorized_keys file exists"
-  file:
-    name=/home/{{ username }}/.ssh/authorized_keys
-    state=touch
-
-- name: "Keys | Move the fresh auth file to replace the old one"
-  shell: rm /home/{{ username }}/.ssh/authorized_keys && mv /home/{{ username }}/.ssh/auth_keys_fresh /home/{{ username }}/.ssh/authorized_keys
-  args:
-    executable: /bin/bash
+- block:
+
+  - name: "Keys | Remove the fresh auth file in case it does already exist"
+    file:
+      path=/home/{{ username }}/.ssh/auth_keys_fresh
+      state=absent
+
+  - name: "Keys | Install Public Keys For Desktop-To-Server Communication in a fresh file"
+    authorized_key:
+      user={{ username }}
+      key="{{ lookup('file', inventory_dir + '/files/keys/' + username + '.d2s.pub') }}"
+      path=/home/{{ username }}/.ssh/fresh_auth_keys_{{ username }}
+      key_options={{ users[username]['ssh_key_options']|default(omit) }}
+
+  - name: "Keys | Merge all public keys"
+    shell: cat /home/{{ username }}/.ssh/fresh_auth_keys* > /home/{{ username }}/.ssh/auth_keys_fresh
+
+  - name: "Keys | Remove temp files"
+    shell: rm /home/{{ username }}/.ssh/fresh_auth_keys_*
+
+  - name: "Keys | Set ownership of authorized key file"
+    file:
+      path="/home/{{ username }}/.ssh/auth_keys_fresh"
+      owner="{{ username }}"
+      group="root"
+
+  - name: "Keys | Set permission for authorized key file"
+    file:
+      path="/home/{{ username }}/.ssh/auth_keys_fresh"
+      mode='600'
+
+  - name: "Keys | Make sure the authorized_keys file exists"
+    file:
+      name=/home/{{ username }}/.ssh/authorized_keys
+      state=touch
+
+  - name: "Keys | Move the fresh auth file to replace the old one"
+    shell: rm /home/{{ username }}/.ssh/authorized_keys && mv /home/{{ username }}/.ssh/auth_keys_fresh /home/{{ username }}/.ssh/authorized_keys
+    args:
+      executable: /bin/bash
+
+  tags: 'Keys'
-- 
GitLab