refactor: add loop_control labels to dict-based loops across all roles
This commit is contained in:
@@ -23,6 +23,8 @@
|
|||||||
- { src: sysfs, path: sys, fstype: sysfs }
|
- { src: sysfs, path: sys, fstype: sysfs }
|
||||||
- { src: /dev, path: dev, fstype: none, opts: bind }
|
- { src: /dev, path: dev, fstype: none, opts: bind }
|
||||||
- { src: devpts, path: dev/pts, fstype: devpts, opts: "gid=5,mode=620" }
|
- { src: devpts, path: dev/pts, fstype: devpts, opts: "gid=5,mode=620" }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.path }}"
|
||||||
|
|
||||||
- name: Run OS-specific bootstrap process
|
- name: Run OS-specific bootstrap process
|
||||||
vars:
|
vars:
|
||||||
|
|||||||
@@ -3,6 +3,8 @@
|
|||||||
ansible.builtin.stat:
|
ansible.builtin.stat:
|
||||||
path: "{{ item.path }}"
|
path: "{{ item.path }}"
|
||||||
loop: "{{ cis_permission_targets }}"
|
loop: "{{ cis_permission_targets }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.path }}"
|
||||||
register: cis_permission_stats
|
register: cis_permission_stats
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
@@ -13,4 +15,6 @@
|
|||||||
group: "{{ item.item.group | default(omit) }}"
|
group: "{{ item.item.group | default(omit) }}"
|
||||||
mode: "{{ item.item.mode }}"
|
mode: "{{ item.item.mode }}"
|
||||||
loop: "{{ cis_permission_stats.results }}"
|
loop: "{{ cis_permission_stats.results }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.item.path }}"
|
||||||
when: item.stat.exists
|
when: item.stat.exists
|
||||||
|
|||||||
@@ -44,3 +44,5 @@
|
|||||||
password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5
|
password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5
|
||||||
- { path: /mnt/etc/hosts.deny, content: "ALL: ALL" }
|
- { path: /mnt/etc/hosts.deny, content: "ALL: ALL" }
|
||||||
- { path: /mnt/etc/hosts.allow, content: "sshd: ALL" }
|
- { path: /mnt/etc/hosts.allow, content: "sshd: ALL" }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.content }}"
|
||||||
|
|||||||
@@ -29,6 +29,8 @@
|
|||||||
- { option: ClientAliveCountMax, value: "1" }
|
- { option: ClientAliveCountMax, value: "1" }
|
||||||
- { option: PermitTunnel, value: "no" }
|
- { option: PermitTunnel, value: "no" }
|
||||||
- { option: Banner, value: /etc/issue.net }
|
- { option: Banner, value: /etc/issue.net }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.option }}"
|
||||||
|
|
||||||
- name: Detect target OpenSSH version
|
- name: Detect target OpenSSH version
|
||||||
ansible.builtin.shell: >-
|
ansible.builtin.shell: >-
|
||||||
|
|||||||
@@ -77,3 +77,4 @@
|
|||||||
- { regexp: "^tmpfs\\s+/dev/shm\\s+", line: "tmpfs /dev/shm tmpfs defaults,nosuid,nodev,noexec 0 0" }
|
- { regexp: "^tmpfs\\s+/dev/shm\\s+", line: "tmpfs /dev/shm tmpfs defaults,nosuid,nodev,noexec 0 0" }
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: fstab_entry
|
loop_var: fstab_entry
|
||||||
|
label: "{{ fstab_entry.regexp }}"
|
||||||
|
|||||||
@@ -10,6 +10,8 @@
|
|||||||
line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
|
line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
|
||||||
- regexp: ^GRUB_TIMEOUT=
|
- regexp: ^GRUB_TIMEOUT=
|
||||||
line: GRUB_TIMEOUT=1
|
line: GRUB_TIMEOUT=1
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.line }}"
|
||||||
|
|
||||||
- name: Ensure grub defaults file exists for RHEL-based systems
|
- name: Ensure grub defaults file exists for RHEL-based systems
|
||||||
when: is_rhel | bool
|
when: is_rhel | bool
|
||||||
|
|||||||
@@ -21,6 +21,8 @@
|
|||||||
line: "{{ item.line }}"
|
line: "{{ item.line }}"
|
||||||
loop:
|
loop:
|
||||||
- { regex: "{{ system_cfg.locale }} UTF-8", line: "{{ system_cfg.locale }} UTF-8" }
|
- { regex: "{{ system_cfg.locale }} UTF-8", line: "{{ system_cfg.locale }} UTF-8" }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.line }}"
|
||||||
|
|
||||||
- name: Generate locales
|
- name: Generate locales
|
||||||
when: not is_rhel | bool
|
when: not is_rhel | bool
|
||||||
|
|||||||
@@ -43,6 +43,8 @@
|
|||||||
dest: "/mnt/etc/runlevels/default/{{ item.item }}"
|
dest: "/mnt/etc/runlevels/default/{{ item.item }}"
|
||||||
state: link
|
state: link
|
||||||
loop: "{{ configuration_openrc_service_stats.results }}"
|
loop: "{{ configuration_openrc_service_stats.results }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.item }}"
|
||||||
when: item.stat.exists
|
when: item.stat.exists
|
||||||
|
|
||||||
- name: Enable runit services
|
- name: Enable runit services
|
||||||
@@ -73,4 +75,6 @@
|
|||||||
dest: "/mnt/var/service/{{ item.item }}"
|
dest: "/mnt/var/service/{{ item.item }}"
|
||||||
state: link
|
state: link
|
||||||
loop: "{{ configuration_runit_service_stats.results }}"
|
loop: "{{ configuration_runit_service_stats.results }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.item }}"
|
||||||
when: item.stat.exists
|
when: item.stat.exists
|
||||||
|
|||||||
@@ -132,6 +132,8 @@
|
|||||||
replace: "PermitEmptyPasswords yes"
|
replace: "PermitEmptyPasswords yes"
|
||||||
- regexp: "^#?PermitRootLogin.*"
|
- regexp: "^#?PermitRootLogin.*"
|
||||||
replace: "PermitRootLogin yes"
|
replace: "PermitRootLogin yes"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.replace }}"
|
||||||
|
|
||||||
- name: Reload SSH service to apply changes
|
- name: Reload SSH service to apply changes
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
@@ -175,6 +177,8 @@
|
|||||||
- { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] }
|
- { name: debootstrap, os: [debian, ubuntu, ubuntu-lts] }
|
||||||
- { name: debian-archive-keyring, os: [debian] }
|
- { name: debian-archive-keyring, os: [debian] }
|
||||||
- { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] }
|
- { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
retries: 4
|
retries: 4
|
||||||
delay: 15
|
delay: 15
|
||||||
|
|
||||||
|
|||||||
@@ -54,6 +54,8 @@
|
|||||||
- { subvol: pkg }
|
- { subvol: pkg }
|
||||||
- { subvol: var_log }
|
- { subvol: var_log }
|
||||||
- { subvol: var_log_audit }
|
- { subvol: var_log_audit }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.subvol }}"
|
||||||
register: partitioning_btrfs_subvol_result
|
register: partitioning_btrfs_subvol_result
|
||||||
|
|
||||||
- name: Set quotas for subvolumes
|
- name: Set quotas for subvolumes
|
||||||
@@ -61,6 +63,8 @@
|
|||||||
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
|
||||||
loop:
|
loop:
|
||||||
- { subvol: home, quota: "{{ partitioning_btrfs_home_quota }}" }
|
- { subvol: home, quota: "{{ partitioning_btrfs_home_quota }}" }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.subvol }}"
|
||||||
register: partitioning_btrfs_qgroup_result
|
register: partitioning_btrfs_qgroup_result
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
|
|||||||
@@ -11,6 +11,8 @@
|
|||||||
- { lv: var }
|
- { lv: var }
|
||||||
- { lv: var_log }
|
- { lv: var_log }
|
||||||
- { lv: var_log_audit }
|
- { lv: var_log_audit }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.lv }}"
|
||||||
|
|
||||||
- name: Remove Unsupported features for older Systems
|
- name: Remove Unsupported features for older Systems
|
||||||
when: >
|
when: >
|
||||||
@@ -23,5 +25,7 @@
|
|||||||
- { lv: var }
|
- { lv: var }
|
||||||
- { lv: var_log }
|
- { lv: var_log }
|
||||||
- { lv: var_log_audit }
|
- { lv: var_log_audit }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.lv }}"
|
||||||
register: partitioning_ext4_tune_result
|
register: partitioning_ext4_tune_result
|
||||||
changed_when: partitioning_ext4_tune_result.rc == 0
|
changed_when: partitioning_ext4_tune_result.rc == 0
|
||||||
|
|||||||
@@ -122,6 +122,8 @@
|
|||||||
flags: "{{ item.flags | default(omit) }}"
|
flags: "{{ item.flags | default(omit) }}"
|
||||||
state: present
|
state: present
|
||||||
loop: "{{ partitioning_layout }}"
|
loop: "{{ partitioning_layout }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
rescue:
|
rescue:
|
||||||
- name: Refresh kernel partition table after failure
|
- name: Refresh kernel partition table after failure
|
||||||
ansible.builtin.command: "{{ item }}"
|
ansible.builtin.command: "{{ item }}"
|
||||||
@@ -144,6 +146,8 @@
|
|||||||
flags: "{{ item.flags | default(omit) }}"
|
flags: "{{ item.flags | default(omit) }}"
|
||||||
state: present
|
state: present
|
||||||
loop: "{{ partitioning_layout }}"
|
loop: "{{ partitioning_layout }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
|
||||||
- name: Settle partition table
|
- name: Settle partition table
|
||||||
ansible.builtin.command: "{{ item }}"
|
ansible.builtin.command: "{{ item }}"
|
||||||
@@ -415,6 +419,8 @@
|
|||||||
- { lv: var, size: "{{ partitioning_lvm_var_gb }}G" }
|
- { lv: var, size: "{{ partitioning_lvm_var_gb }}G" }
|
||||||
- { lv: var_log, size: "{{ partitioning_lvm_var_log_gb }}G" }
|
- { lv: var_log, size: "{{ partitioning_lvm_var_log_gb }}G" }
|
||||||
- { lv: var_log_audit, size: "{{ partitioning_lvm_var_log_audit_gb }}G" }
|
- { lv: var_log_audit, size: "{{ partitioning_lvm_var_log_audit_gb }}G" }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.lv }}"
|
||||||
|
|
||||||
- name: Create filesystems
|
- name: Create filesystems
|
||||||
block:
|
block:
|
||||||
@@ -658,6 +664,8 @@
|
|||||||
'ssd', 'space_cache=v2', 'discard=async', 'subvol=@var_log_audit'
|
'ssd', 'space_cache=v2', 'discard=async', 'subvol=@var_log_audit'
|
||||||
] | reject('equalto', '') | join(',')
|
] | reject('equalto', '') | join(',')
|
||||||
}}
|
}}
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.path }}"
|
||||||
|
|
||||||
- name: Mount /boot filesystem
|
- name: Mount /boot filesystem
|
||||||
when: partitioning_separate_boot | bool
|
when: partitioning_separate_boot | bool
|
||||||
|
|||||||
@@ -12,3 +12,5 @@
|
|||||||
- { lv: var }
|
- { lv: var }
|
||||||
- { lv: var_log }
|
- { lv: var_log }
|
||||||
- { lv: var_log_audit }
|
- { lv: var_log_audit }
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.lv }}"
|
||||||
|
|||||||
Reference in New Issue
Block a user