From 041650c2875db41df8ff77400f5bb4c862866aa0 Mon Sep 17 00:00:00 2001 From: Sandwich Date: Fri, 20 Feb 2026 23:00:53 +0100 Subject: [PATCH] refactor: add loop_control labels to dict-based loops across all roles --- roles/bootstrap/tasks/main.yml | 2 ++ roles/cis/tasks/permissions.yml | 4 ++++ roles/cis/tasks/security_lines.yml | 2 ++ roles/cis/tasks/sshd.yml | 2 ++ roles/configuration/tasks/fstab.yml | 1 + roles/configuration/tasks/grub.yml | 2 ++ roles/configuration/tasks/locales.yml | 2 ++ roles/configuration/tasks/services.yml | 4 ++++ roles/environment/tasks/main.yml | 4 ++++ roles/partitioning/tasks/btrfs.yml | 4 ++++ roles/partitioning/tasks/ext4.yml | 4 ++++ roles/partitioning/tasks/main.yml | 8 ++++++++ roles/partitioning/tasks/xfs.yml | 2 ++ 13 files changed, 41 insertions(+) diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index ab241fd..9908667 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -23,6 +23,8 @@ - { src: sysfs, path: sys, fstype: sysfs } - { src: /dev, path: dev, fstype: none, opts: bind } - { src: devpts, path: dev/pts, fstype: devpts, opts: "gid=5,mode=620" } + loop_control: + label: "{{ item.path }}" - name: Run OS-specific bootstrap process vars: diff --git a/roles/cis/tasks/permissions.yml b/roles/cis/tasks/permissions.yml index 1acf70d..b2645ed 100644 --- a/roles/cis/tasks/permissions.yml +++ b/roles/cis/tasks/permissions.yml @@ -3,6 +3,8 @@ ansible.builtin.stat: path: "{{ item.path }}" loop: "{{ cis_permission_targets }}" + loop_control: + label: "{{ item.path }}" register: cis_permission_stats changed_when: false @@ -13,4 +15,6 @@ group: "{{ item.item.group | default(omit) }}" mode: "{{ item.item.mode }}" loop: "{{ cis_permission_stats.results }}" + loop_control: + label: "{{ item.item.path }}" when: item.stat.exists diff --git a/roles/cis/tasks/security_lines.yml b/roles/cis/tasks/security_lines.yml index f634c88..1735344 100644 --- a/roles/cis/tasks/security_lines.yml +++ b/roles/cis/tasks/security_lines.yml @@ -44,3 +44,5 @@ password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5 - { path: /mnt/etc/hosts.deny, content: "ALL: ALL" } - { path: /mnt/etc/hosts.allow, content: "sshd: ALL" } + loop_control: + label: "{{ item.content }}" diff --git a/roles/cis/tasks/sshd.yml b/roles/cis/tasks/sshd.yml index e22807e..e608b62 100644 --- a/roles/cis/tasks/sshd.yml +++ b/roles/cis/tasks/sshd.yml @@ -29,6 +29,8 @@ - { option: ClientAliveCountMax, value: "1" } - { option: PermitTunnel, value: "no" } - { option: Banner, value: /etc/issue.net } + loop_control: + label: "{{ item.option }}" - name: Detect target OpenSSH version ansible.builtin.shell: >- diff --git a/roles/configuration/tasks/fstab.yml b/roles/configuration/tasks/fstab.yml index da82670..bdddaa8 100644 --- a/roles/configuration/tasks/fstab.yml +++ b/roles/configuration/tasks/fstab.yml @@ -77,3 +77,4 @@ - { regexp: "^tmpfs\\s+/dev/shm\\s+", line: "tmpfs /dev/shm tmpfs defaults,nosuid,nodev,noexec 0 0" } loop_control: loop_var: fstab_entry + label: "{{ fstab_entry.regexp }}" diff --git a/roles/configuration/tasks/grub.yml b/roles/configuration/tasks/grub.yml index cd5f2e9..32ad966 100644 --- a/roles/configuration/tasks/grub.yml +++ b/roles/configuration/tasks/grub.yml @@ -10,6 +10,8 @@ line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3" - regexp: ^GRUB_TIMEOUT= line: GRUB_TIMEOUT=1 + loop_control: + label: "{{ item.line }}" - name: Ensure grub defaults file exists for RHEL-based systems when: is_rhel | bool diff --git a/roles/configuration/tasks/locales.yml b/roles/configuration/tasks/locales.yml index 95556a6..c3096ff 100644 --- a/roles/configuration/tasks/locales.yml +++ b/roles/configuration/tasks/locales.yml @@ -21,6 +21,8 @@ line: "{{ item.line }}" loop: - { regex: "{{ system_cfg.locale }} UTF-8", line: "{{ system_cfg.locale }} UTF-8" } + loop_control: + label: "{{ item.line }}" - name: Generate locales when: not is_rhel | bool diff --git a/roles/configuration/tasks/services.yml b/roles/configuration/tasks/services.yml index 1c9753a..1888d13 100644 --- a/roles/configuration/tasks/services.yml +++ b/roles/configuration/tasks/services.yml @@ -43,6 +43,8 @@ dest: "/mnt/etc/runlevels/default/{{ item.item }}" state: link loop: "{{ configuration_openrc_service_stats.results }}" + loop_control: + label: "{{ item.item }}" when: item.stat.exists - name: Enable runit services @@ -73,4 +75,6 @@ dest: "/mnt/var/service/{{ item.item }}" state: link loop: "{{ configuration_runit_service_stats.results }}" + loop_control: + label: "{{ item.item }}" when: item.stat.exists diff --git a/roles/environment/tasks/main.yml b/roles/environment/tasks/main.yml index 6266cd2..5f7d78f 100644 --- a/roles/environment/tasks/main.yml +++ b/roles/environment/tasks/main.yml @@ -132,6 +132,8 @@ replace: "PermitEmptyPasswords yes" - regexp: "^#?PermitRootLogin.*" replace: "PermitRootLogin yes" + loop_control: + label: "{{ item.replace }}" - name: Reload SSH service to apply changes ansible.builtin.service: @@ -175,6 +177,8 @@ - { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] } - { name: debian-archive-keyring, os: [debian] } - { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] } + loop_control: + label: "{{ item.name }}" retries: 4 delay: 15 diff --git a/roles/partitioning/tasks/btrfs.yml b/roles/partitioning/tasks/btrfs.yml index d779d99..66fec26 100644 --- a/roles/partitioning/tasks/btrfs.yml +++ b/roles/partitioning/tasks/btrfs.yml @@ -54,6 +54,8 @@ - { subvol: pkg } - { subvol: var_log } - { subvol: var_log_audit } + loop_control: + label: "{{ item.subvol }}" register: partitioning_btrfs_subvol_result - name: Set quotas for subvolumes @@ -61,6 +63,8 @@ ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} loop: - { subvol: home, quota: "{{ partitioning_btrfs_home_quota }}" } + loop_control: + label: "{{ item.subvol }}" register: partitioning_btrfs_qgroup_result changed_when: false diff --git a/roles/partitioning/tasks/ext4.yml b/roles/partitioning/tasks/ext4.yml index 6cd568d..1a13ca0 100644 --- a/roles/partitioning/tasks/ext4.yml +++ b/roles/partitioning/tasks/ext4.yml @@ -11,6 +11,8 @@ - { lv: var } - { lv: var_log } - { lv: var_log_audit } + loop_control: + label: "{{ item.lv }}" - name: Remove Unsupported features for older Systems when: > @@ -23,5 +25,7 @@ - { lv: var } - { lv: var_log } - { lv: var_log_audit } + loop_control: + label: "{{ item.lv }}" register: partitioning_ext4_tune_result changed_when: partitioning_ext4_tune_result.rc == 0 diff --git a/roles/partitioning/tasks/main.yml b/roles/partitioning/tasks/main.yml index 33c30c0..867caee 100644 --- a/roles/partitioning/tasks/main.yml +++ b/roles/partitioning/tasks/main.yml @@ -122,6 +122,8 @@ flags: "{{ item.flags | default(omit) }}" state: present loop: "{{ partitioning_layout }}" + loop_control: + label: "{{ item.name }}" rescue: - name: Refresh kernel partition table after failure ansible.builtin.command: "{{ item }}" @@ -144,6 +146,8 @@ flags: "{{ item.flags | default(omit) }}" state: present loop: "{{ partitioning_layout }}" + loop_control: + label: "{{ item.name }}" - name: Settle partition table ansible.builtin.command: "{{ item }}" @@ -415,6 +419,8 @@ - { lv: var, size: "{{ partitioning_lvm_var_gb }}G" } - { lv: var_log, size: "{{ partitioning_lvm_var_log_gb }}G" } - { lv: var_log_audit, size: "{{ partitioning_lvm_var_log_audit_gb }}G" } + loop_control: + label: "{{ item.lv }}" - name: Create filesystems block: @@ -658,6 +664,8 @@ 'ssd', 'space_cache=v2', 'discard=async', 'subvol=@var_log_audit' ] | reject('equalto', '') | join(',') }} + loop_control: + label: "{{ item.path }}" - name: Mount /boot filesystem when: partitioning_separate_boot | bool diff --git a/roles/partitioning/tasks/xfs.yml b/roles/partitioning/tasks/xfs.yml index e315251..0025a55 100644 --- a/roles/partitioning/tasks/xfs.yml +++ b/roles/partitioning/tasks/xfs.yml @@ -12,3 +12,5 @@ - { lv: var } - { lv: var_log } - { lv: var_log_audit } + loop_control: + label: "{{ item.lv }}"