ansible-playbooks/general#72 Always use import_tasks or include_tasks instead of just include

deb53cae · jurgenhaas · e533402c · deb53cae · deb53cae · deb53cae
Commit deb53cae authored 7 years ago by jurgenhaas
--- a/tasks/admin_keys.yml
+++ b/tasks/admin_keys.yml
 ---
 # file: roles/commonkeys/tasks/admin_keys.yml
- name: "Read public key of admin user"
+- block:
-  shell: cat /home/{{ username }}/.ssh/id_rsa.pub
-  register: pubkey
+  - name: "Read public key of admin user"
+    shell: cat /home/{{ username }}/.ssh/id_rsa.pub
- name: "Distribute public key of admin user"
+    register: pubkey
-  authorized_key:
-    user='{{ username }}'
+  - name: "Distribute public key of admin user"
-    key="{{ hostvars[item].pubkey.stdout }} {{ item }}"
+    authorized_key:
-    path='/home/{{ username }}/.ssh/fresh_auth_keys_tunnel_{{ item }}'
+      user='{{ username }}'
-  with_items: '{{ groups.all }}'
+      key="{{ hostvars[item].pubkey.stdout }} {{ item }}"
-  when: item != "localhost" and inventory_hostname != "localhost" and hostvars[item].pubkey is defined
+      path='/home/{{ username }}/.ssh/fresh_auth_keys_tunnel_{{ item }}'
+    with_items: '{{ groups.all }}'
+    when: item != "localhost" and inventory_hostname != "localhost" and hostvars[item].pubkey is defined
+  tags: 'Keys'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,21 +8,21 @@
 - block:
  - name: "Reset all hosts"
-    include: reset.yml
+    include_tasks: reset.yml
    with_items: '{{ groups.all }}'
    loop_control:
      loop_var: hostname
    when: hostname != "localhost" and inventory_hostname != "localhost"
  - name: "Admin keys"
-    include: admin_keys.yml
+    include_tasks: admin_keys.yml
    loop_control:
      loop_var: username
    with_items: '{{ admins }}'
    tags: 'Keys'
  - name: "User keys"
-    include: user_keys.yml
+    include_tasks: user_keys.yml
    with_flattened:
      - '{{ admins }}'
      - '{{ jailusers }}'

--- a/tasks/user_keys.yml
+++ b/tasks/user_keys.yml
 ---
 # file: roles/commonkeys/tasks/user_keys.yml
- name: "Keys | Remove the fresh auth file in case it does already exist"
+- block:
-  file:
-    path=/home/{{ username }}/.ssh/auth_keys_fresh
+  - name: "Keys | Remove the fresh auth file in case it does already exist"
-    state=absent
+    file:
+      path=/home/{{ username }}/.ssh/auth_keys_fresh
- name: "Keys | Install Public Keys For Desktop-To-Server Communication in a fresh file"
+      state=absent
-  authorized_key:
-    user={{ username }}
+  - name: "Keys | Install Public Keys For Desktop-To-Server Communication in a fresh file"
-    key="{{ lookup('file', inventory_dir + '/files/keys/' + username + '.d2s.pub') }}"
+    authorized_key:
-    path=/home/{{ username }}/.ssh/fresh_auth_keys_{{ username }}
+      user={{ username }}
-    key_options={{ users[username]['ssh_key_options']|default(omit) }}
+      key="{{ lookup('file', inventory_dir + '/files/keys/' + username + '.d2s.pub') }}"
+      path=/home/{{ username }}/.ssh/fresh_auth_keys_{{ username }}
- name: "Keys | Merge all public keys"
+      key_options={{ users[username]['ssh_key_options']|default(omit) }}
-  shell: cat /home/{{ username }}/.ssh/fresh_auth_keys* > /home/{{ username }}/.ssh/auth_keys_fresh
+  - name: "Keys | Merge all public keys"
- name: "Keys | Remove temp files"
+    shell: cat /home/{{ username }}/.ssh/fresh_auth_keys* > /home/{{ username }}/.ssh/auth_keys_fresh
-  shell: rm /home/{{ username }}/.ssh/fresh_auth_keys_*
+  - name: "Keys | Remove temp files"
- name: "Keys | Set ownership of authorized key file"
+    shell: rm /home/{{ username }}/.ssh/fresh_auth_keys_*
-  file:
-    path="/home/{{ username }}/.ssh/auth_keys_fresh"
+  - name: "Keys | Set ownership of authorized key file"
-    owner="{{ username }}"
+    file:
-    group="root"
+      path="/home/{{ username }}/.ssh/auth_keys_fresh"
+      owner="{{ username }}"
- name: "Keys | Set permission for authorized key file"
+      group="root"
-  file:
-    path="/home/{{ username }}/.ssh/auth_keys_fresh"
+  - name: "Keys | Set permission for authorized key file"
-    mode='600'
+    file:
+      path="/home/{{ username }}/.ssh/auth_keys_fresh"
- name: "Keys | Make sure the authorized_keys file exists"
+      mode='600'
-  file:
-    name=/home/{{ username }}/.ssh/authorized_keys
+  - name: "Keys | Make sure the authorized_keys file exists"
-    state=touch
+    file:
+      name=/home/{{ username }}/.ssh/authorized_keys
- name: "Keys | Move the fresh auth file to replace the old one"
+      state=touch
-  shell: rm /home/{{ username }}/.ssh/authorized_keys && mv /home/{{ username }}/.ssh/auth_keys_fresh /home/{{ username }}/.ssh/authorized_keys
-  args:
+  - name: "Keys | Move the fresh auth file to replace the old one"
-    executable: /bin/bash
+    shell: rm /home/{{ username }}/.ssh/authorized_keys && mv /home/{{ username }}/.ssh/auth_keys_fresh /home/{{ username }}/.ssh/authorized_keys
+    args:
+      executable: /bin/bash
+  tags: 'Keys'