diff --git a/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml b/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml
new file mode 100644
index 00000000..ee8e78d2
--- /dev/null
+++ b/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    When the security role was run in Ansible's check mode and a tag was
+    provided, the ``check_mode`` variable was not being set. Any tasks which
+    depend on that variable would fail. This `bug is fixed <https://bugs.launchpad.net/openstack-ansible/+bug/1590086>`_
+    and the ``check_mode`` variable is now set properly on every playbook run.
diff --git a/tasks/main.yml b/tasks/main.yml
index 582a843a..45e5c831 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,18 +27,23 @@
   - name: Check if we're in check/audit mode
     command: /bin/true
     register: noop_result
+    tags:
+      - always
 
   - name: Check to see if systemd is in use
     command: systemctl status
     register: systemd_check
     failed_when: False
-    always_run: True
+    tags:
+      - always
 
   - name: Set facts
     set_fact:
       check_mode: "{{ noop_result | skipped }}"
       systemd_running: "{{ systemd_check | success }}"
       linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}"
+    tags:
+      - always
 
   - include: apt.yml
     when: ansible_pkg_mgr == 'apt'