openstack/ansible-hardening
Code Issues Proposed changes

Use import/include_tasks

Browse Source 
This patch uses the new import_tasks/include_tasks modules from
Ansible 2.1+ and removes some deprecation warnings from the
beginning of playbook runs.

Change-Id: I17d0a9bcb9964d666e140b832b6f2a26ff948d41
This commit is contained in:
Major Hayden 2018-01-18 10:03:25 -06:00
parent 65dce4045a
commit 74c904247f
No known key found for this signature in database
GPG Key ID: 737051E0C1011FB1
4 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tasks/main.yml
View File

@ -52,8 +52,8 @@
tags: tags:
- always - always
- include: "{{ stig_version }}stig/main.yml" - include_tasks: "{{ stig_version }}stig/main.yml"
- include: contrib/main.yml - include_tasks: contrib/main.yml
when: when:
- security_contrib_enabled | bool - security_contrib_enabled | bool

2
tasks/rhel7stig/dnf.yml
View File

@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- include: rpm.yml - include_tasks: rpm.yml
- name: Check if /etc/dnf/automatic.conf exists - name: Check if /etc/dnf/automatic.conf exists
stat: stat:

26
tasks/rhel7stig/main.yml
View File

@ -33,7 +33,7 @@
# Some of the tasks in the role may take a long time to run. Let's start them # Some of the tasks in the role may take a long time to run. Let's start them
# as early as possible so they have time to finish. # as early as possible so they have time to finish.
- include: async_tasks.yml - include_tasks: async_tasks.yml
- name: Get user data for all users on the system - name: Get user data for all users on the system
get_users: get_users:
@ -66,28 +66,28 @@
# Package installations and removals must come first so that configuration # Package installations and removals must come first so that configuration
# changes can be made later. # changes can be made later.
- include: packages.yml - include_tasks: packages.yml
tags: tags:
- always - always
# Package managers are managed first since the changes in these tasks will # Package managers are managed first since the changes in these tasks will
# affect the remainder of the tasks in the role. # affect the remainder of the tasks in the role.
- include: "{{ ansible_pkg_mgr }}.yml" - include_tasks: "{{ ansible_pkg_mgr }}.yml"
# The bulk of the security changes are applied in these tasks. The tasks in # The bulk of the security changes are applied in these tasks. The tasks in
# each file are tagged with the same name (for example, tasks in `auth.yml` # each file are tagged with the same name (for example, tasks in `auth.yml`
# are tagged with `auth`). Also, the tag name matches up with the "STIG # are tagged with `auth`). Also, the tag name matches up with the "STIG
# Controls by Tag" section of the role documentation. # Controls by Tag" section of the role documentation.
- include: accounts.yml - include_tasks: accounts.yml
- include: aide.yml - include_tasks: aide.yml
- include: auditd.yml - include_tasks: auditd.yml
- include: auth.yml - include_tasks: auth.yml
- include: file_perms.yml - include_tasks: file_perms.yml
- include: graphical.yml - include_tasks: graphical.yml
- include: kernel.yml - include_tasks: kernel.yml
- include: lsm.yml - include_tasks: lsm.yml
- include: misc.yml - include_tasks: misc.yml
- include: sshd.yml - include_tasks: sshd.yml
- name: Remove the temporary directory - name: Remove the temporary directory
file: file:

2
tasks/rhel7stig/yum.yml
View File

@ -13,7 +13,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- include: rpm.yml - include_tasks: rpm.yml
- name: Check if /etc/yum/yum-cron.conf exists - name: Check if /etc/yum/yum-cron.conf exists
stat: stat: