From 6bae6b211fa02784c9cc641229c4a8b30091a8b9 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Sun, 25 Mar 2018 15:55:51 +0200
Subject: [PATCH] ansible-playbooks/general#72 Always use import_tasks or
 include_tasks instead of just include

---
 handlers/main.yml       |  2 +-
 tasks/cert.yml          | 58 +++++++++--------------------------------
 tasks/cert_generate.yml | 37 ++++++++++++++++++++++++++
 tasks/main.yml          |  8 +++---
 tasks/renew.yml         |  2 +-
 5 files changed, 56 insertions(+), 51 deletions(-)
 create mode 100644 tasks/cert_generate.yml

diff --git a/handlers/main.yml b/handlers/main.yml
index cafbeb4..236af4c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,4 +1,4 @@
 ---
 # file: roles/letsencrypt/handler/main.yml
 
-- include: '../../haproxy/handlers/main.yml'
+- import_tasks: '../../haproxy/handlers/main.yml'
diff --git a/tasks/cert.yml b/tasks/cert.yml
index 7d2a1a6..bc93e78 100644
--- a/tasks/cert.yml
+++ b/tasks/cert.yml
@@ -1,53 +1,21 @@
 ---
 # file: roles/letsencrypt/tasks/cert.yml
 
-- set_fact: cert={{ domain.1|default(domain) }}
-- set_fact: port={{ ('proxyserver' in groups)|ternary(54321,80) }}
-
-- name: "Write Config"
-  template:
-    src: 'letsencrypt.ini'
-    dest: '/etc/letsencrypt/{{ cert.domain }}.ini'
-    owner: 'root'
-    group: 'root'
-    mode: '644'
-  register: cert_definition
-
 - block:
 
-  - name: "Stop services"
-    service:
-      name: '{{ item }}'
-      state: 'stopped'
-    with_items: '{{ letsencrypt_pause_services|default([]) }}'
-
-  - name: "Open Port"
-    iptables:
-      chain: 'INPUT'
-      source: '0.0.0.0'
-      destination_port: 54321
-      protocol: 'tcp'
-      jump: 'ACCEPT'
-      state: 'present'
-
-  - name: "Install New Cert"
-    shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
-    ignore_errors: true
+  - set_fact: cert={{ domain.1|default(domain) }}
+  - set_fact: port={{ ('proxyserver' in groups)|ternary(54321,80) }}
 
-  - name: "Close Port"
-    iptables:
-      chain: 'INPUT'
-      source: '0.0.0.0'
-      destination_port: 54321
-      protocol: 'tcp'
-      jump: 'ACCEPT'
-      state: 'absent'
+  - name: "Write Config"
+    template:
+      src: 'letsencrypt.ini'
+      dest: '/etc/letsencrypt/{{ cert.domain }}.ini'
+      owner: 'root'
+      group: 'root'
+      mode: '644'
+    register: cert_definition
 
-  - name: "Start services"
-    service:
-      name: '{{ item }}'
-      state: 'started'
-    with_items: '{{ letsencrypt_pause_services|default([]) }}'
-    ignore_errors: true
+  - import_tasks: cert_generate.yml
+    when: cert_definition.changed
 
-  when: cert_definition.changed
+  tags: 'ApacheConfig'
diff --git a/tasks/cert_generate.yml b/tasks/cert_generate.yml
new file mode 100644
index 0000000..8710151
--- /dev/null
+++ b/tasks/cert_generate.yml
@@ -0,0 +1,37 @@
+---
+# file: roles/letsencrypt/tasks/cert_generate.yml
+
+- name: "Stop services"
+  service:
+    name: '{{ item }}'
+    state: 'stopped'
+  with_items: '{{ letsencrypt_pause_services|default([]) }}'
+
+- name: "Open Port"
+  iptables:
+    chain: 'INPUT'
+    source: '0.0.0.0'
+    destination_port: 54321
+    protocol: 'tcp'
+    jump: 'ACCEPT'
+    state: 'present'
+
+- name: "Install New Cert"
+  shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --http-01-port {{ port }} --preferred-challenges http-01
+  ignore_errors: true
+
+- name: "Close Port"
+  iptables:
+    chain: 'INPUT'
+    source: '0.0.0.0'
+    destination_port: 54321
+    protocol: 'tcp'
+    jump: 'ACCEPT'
+    state: 'absent'
+
+- name: "Start services"
+  service:
+    name: '{{ item }}'
+    state: 'started'
+  with_items: '{{ letsencrypt_pause_services|default([]) }}'
+  ignore_errors: true
diff --git a/tasks/main.yml b/tasks/main.yml
index 8a0d38e..fe2e625 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -20,18 +20,18 @@
     changed_when: false
     tags: 'always'
 
-  - include: install.yml
+  - import_tasks: install.yml
 
-  - include: cert.yml
+  - include_tasks: cert.yml
     with_items: '{{ letsencrypt_certificates|default([]) }}'
     loop_control:
       loop_var: domain
 
-  - include: renew.yml
+  - import_tasks: renew.yml
     when: letsencrypt_certs_available is defined and letsencrypt_certs_available.stat.exists and (proxy_active is not defined or proxy_active)
     tags: 'renew'
 
-  - include_tasks: '../../haproxy/tasks/proxypool.yml'
+  - import_tasks: '../../haproxy/tasks/proxypool.yml'
     tags: 'renew'
 
   when: '"letsencrypt" not in excluded_roles'
diff --git a/tasks/renew.yml b/tasks/renew.yml
index fac4aef..1436860 100644
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -34,7 +34,7 @@
     state: 'absent'
 
 - name: "Build HaProxy Certs"
-  include_tasks: '../../haproxy/tasks/buildcerts.yml'
+  import_tasks: '../../haproxy/tasks/buildcerts.yml'
   tags: 'always'
 
 - name: "Start services"
-- 
GitLab