Use include_role in task to avoid lack of access to vars

This patch updates the security hardening playbook to use include_role within a task versus using 'roles' directly to fix cases where apply_security_hardening is set to False. Some change to Ansible appears to limit access to vars when the role is skipped, resulting in failures. The side effect of this change is the role is skipped entirely (when applicable) versus the individual tasks being skipped, which speeds up deployment times. Change-Id: Iaf81f778ffd9fcf6572e03e8ce73ffef46bd98aa
2023-06-27 16:18:44 +00:00 · 2023-06-27 16:18:44 +00:00 · 9690b34193
commit 9690b34193
parent aa558cc368
2 changed files with 8 additions and 4 deletions
--- a/playbooks/infra-journal-remote.yml
+++ b/playbooks/infra-journal-remote.yml
@ -22,7 +22,9 @@
 - name: Install Journal-Remote
  hosts: hosts
  gather_facts: false
-  roles:
-    - openstack.osa.journald_remote
+  tasks:
+    - name: Include journald-remote role
+      include_role:
+        name: openstack.osa.journald_remote
  tags:
    - journal-remote
--- a/playbooks/security-hardening.yml
+++ b/playbooks/security-hardening.yml
@ -35,8 +35,10 @@
  gather_facts: false
  user: root
  pre_tasks:
-  roles:
-    - role: "ansible-hardening"
+  tasks:
+    - name: Include security hardening role
+      include_role:
+        name: "ansible-hardening"
      when: apply_security_hardening | bool
  environment: "{{ deployment_environment_variables | default({}) }}"
  tags: