change default handling for all roles

dev-sec · Dec 19, 2020 · 5e9f9d9 · 5e9f9d9
1 parent 831383b
commit 5e9f9d9
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 20 deletions.
diff --git a/roles/mysql_hardening/tasks/main.yml b/roles/mysql_hardening/tasks/main.yml
@@ -1,13 +1,23 @@
 ---
-- name: set OS dependent variables
-  include_vars: '{{ item }}'
+- name: Fetch OS dependent variables
+  include_vars:
+    file: '{{ item }}'
+    name: 'os_vars'
   with_first_found:
-    - '{{ ansible_facts.distribution }}_{{ ansible_facts.distribution_major_version }}.yml'
-    - '{{ ansible_facts.distribution }}.yml'
-    - '{{ ansible_facts.os_family }}_{{ ansible_facts.distribution_major_version }}.yml'
-    - '{{ ansible_facts.os_family }}.yml'
+    - files:
+        - '{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml'
+        - '{{ ansible_facts.distribution }}.yml'
+        - '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
+        - '{{ ansible_facts.os_family }}.yml'
+      skip: true
   tags: always
 
+- name: Set OS dependent variables, if not already defined by user
+  set_fact:
+    '{{ item.key }}': '{{ item.value }}'
+  when: "not lookup('varnames', item.key)"
+  with_dict: '{{ os_vars }}'
+
 - include: configure.yml
   when: mysql_hardening_enabled | bool
   tags:

diff --git a/roles/os_hardening/tasks/hardening.yml b/roles/os_hardening/tasks/hardening.yml
@@ -1,27 +1,22 @@
 ---
-- name: Fetch OS family dependent variables
-  include_vars:
-    file: '{{ ansible_facts.os_family }}.yml'
-    name: 'os_family_vars'
-  tags: always
-
 - name: Fetch OS dependent variables
   include_vars:
     file: '{{ item }}'
-    name: 'os_distribution_vars'
+    name: 'os_vars'
   with_first_found:
     - files:
         - '{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml'
         - '{{ ansible_facts.distribution }}.yml'
         - '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
+        - '{{ ansible_facts.os_family }}.yml'
       skip: true
   tags: always
 
 - name: Set OS dependent variables, if not already defined by user
   set_fact:
     '{{ item.key }}': '{{ item.value }}'
   when: "not lookup('varnames', item.key)"
-  with_dict: '{{ os_family_vars | combine(os_distribution_vars | default([])) }}'
+  with_dict: '{{ os_vars }}'
 
 - import_tasks: auditd.yml
   tags: auditd

diff --git a/roles/ssh_hardening/tasks/hardening.yml b/roles/ssh_hardening/tasks/hardening.yml
@@ -1,11 +1,22 @@
 ---
-- name: set OS dependent variables
-  include_vars: '{{ item }}'
+- name: Fetch OS dependent variables
+  include_vars:
+    file: '{{ item }}'
+    name: 'os_vars'
   with_first_found:
-    - '{{ ansible_facts.distribution }}_{{ ansible_facts.distribution_major_version }}.yml'
-    - '{{ ansible_facts.distribution }}.yml'
-    - '{{ ansible_facts.os_family }}_{{ ansible_facts.distribution_major_version }}.yml'
-    - '{{ ansible_facts.os_family }}.yml'
+    - files:
+        - '{{ ansible_facts.distribution }}-{{ ansible_facts.distribution_major_version }}.yml'
+        - '{{ ansible_facts.distribution }}.yml'
+        - '{{ ansible_facts.os_family }}-{{ ansible_facts.distribution_major_version }}.yml'
+        - '{{ ansible_facts.os_family }}.yml'
+      skip: true
+  tags: always
+
+- name: Set OS dependent variables, if not already defined by user
+  set_fact:
+    '{{ item.key }}': '{{ item.value }}'
+  when: "not lookup('varnames', item.key)"
+  with_dict: '{{ os_vars }}'
 
 - name: get openssh-version
   command: ssh -V