ansible-playbooks/general#72 Always use import_tasks or include_tasks instead of just include

handlers/main.yml

 ---
 # file: roles/letsencrypt/handler/main.yml
 
-- include: '../../haproxy/handlers/main.yml'
+- import_tasks: '../../haproxy/handlers/main.yml'

tasks/cert.yml

 ---
 # file: roles/letsencrypt/tasks/cert.yml
 
-- set_fact: cert={{ domain.1|default(domain) }}
-- set_fact: port={{ ('proxyserver' in groups)|ternary(54321,80) }}
-
-- name: "Write Config"
-  template:
-    src: 'letsencrypt.ini'
-    dest: '/etc/letsencrypt/{{ cert.domain }}.ini'
-    owner: 'root'
-    group: 'root'
-    mode: '644'
-  register: cert_definition
-
 - block:
 
-  - name: "Stop services"
-    service:
-      name: '{{ item }}'
-      state: 'stopped'
-    with_items: '{{ letsencrypt_pause_services|default([]) }}'
-
-  - name: "Open Port"
-    iptables:
-      chain: 'INPUT'
-      source: '0.0.0.0'
-      destination_port: 54321
-      protocol: 'tcp'
-      jump: 'ACCEPT'
-      state: 'present'
-
-  - name: "Install New Cert"
-    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
-    ignore_errors: true
+  - set_fact: cert={{ domain.1|default(domain) }}
+  - set_fact: port={{ ('proxyserver' in groups)|ternary(54321,80) }}
 
-  - name: "Close Port"
-    iptables:
-      chain: 'INPUT'
-      source: '0.0.0.0'
-      destination_port: 54321
-      protocol: 'tcp'
-      jump: 'ACCEPT'
-      state: 'absent'
+  - name: "Write Config"
+    template:
+      src: 'letsencrypt.ini'
+      dest: '/etc/letsencrypt/{{ cert.domain }}.ini'
+      owner: 'root'
+      group: 'root'
+      mode: '644'
+    register: cert_definition
 
-  - name: "Start services"
-    service:
-      name: '{{ item }}'
-      state: 'started'
-    with_items: '{{ letsencrypt_pause_services|default([]) }}'
-    ignore_errors: true
+  - import_tasks: cert_generate.yml
+    when: cert_definition.changed
 
-  when: cert_definition.changed
+  tags: 'ApacheConfig'

tasks/cert_generate.yml

+---
+# file: roles/letsencrypt/tasks/cert_generate.yml
+
+- name: "Stop services"
+  service:
+    name: '{{ item }}'
+    state: 'stopped'
+  with_items: '{{ letsencrypt_pause_services|default([]) }}'
+
+- name: "Open Port"
+  iptables:
+    chain: 'INPUT'
+    source: '0.0.0.0'
+    destination_port: 54321
+    protocol: 'tcp'
+    jump: 'ACCEPT'
+    state: 'present'
+
+- name: "Install New Cert"
+  shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
+  ignore_errors: true
+
+- name: "Close Port"
+  iptables:
+    chain: 'INPUT'
+    source: '0.0.0.0'
+    destination_port: 54321
+    protocol: 'tcp'
+    jump: 'ACCEPT'
+    state: 'absent'
+
+- name: "Start services"
+  service:
+    name: '{{ item }}'
+    state: 'started'
+  with_items: '{{ letsencrypt_pause_services|default([]) }}'
+  ignore_errors: true

tasks/main.yml

@@ -20,18 +20,18 @@
     changed_when: false
     tags: 'always'
 
-  - include: install.yml
+  - import_tasks: install.yml
 
-  - include: cert.yml
+  - include_tasks: cert.yml
     with_items: '{{ letsencrypt_certificates|default([]) }}'
     loop_control:
       loop_var: domain
 
-  - include: renew.yml
+  - import_tasks: renew.yml
     when: letsencrypt_certs_available is defined and letsencrypt_certs_available.stat.exists and (proxy_active is not defined or proxy_active)
     tags: 'renew'
 
-  - include_tasks: '../../haproxy/tasks/proxypool.yml'
+  - import_tasks: '../../haproxy/tasks/proxypool.yml'
     tags: 'renew'
 
   when: '"letsencrypt" not in excluded_roles'

tasks/renew.yml

@@ -34,7 +34,7 @@
     state: 'absent'
 
 - name: "Build HaProxy Certs"
-  include_tasks: '../../haproxy/tasks/buildcerts.yml'
+  import_tasks: '../../haproxy/tasks/buildcerts.yml'
   tags: 'always'
 
 - name: "Start services"