From 0975e3c3eba757078467d01c1ac0d2222382d9a4 Mon Sep 17 00:00:00 2001
From: Martin Schurz <Martin.Schurz@t-systems.com>
Date: Tue, 29 Jun 2021 12:42:42 +0200
Subject: [PATCH] add tag always to os dependent vars task

when our collection is used with tags, the os dependent variables are
not resolved. This task should run every time, so the behaviour is
correct.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
---
 roles/mysql_hardening/tasks/main.yml    | 1 +
 roles/os_hardening/tasks/hardening.yml  | 1 +
 roles/ssh_hardening/tasks/hardening.yml | 1 +
 3 files changed, 3 insertions(+)

diff --git a/roles/mysql_hardening/tasks/main.yml b/roles/mysql_hardening/tasks/main.yml
index 6f7f0b809..09f4a0fc5 100644
--- a/roles/mysql_hardening/tasks/main.yml
+++ b/roles/mysql_hardening/tasks/main.yml
@@ -20,6 +20,7 @@
     '{{ item.key }}': '{{ item.value }}'
   when: "not lookup('varnames', '^' + item.key + '$')"
   with_dict: '{{ os_vars }}'
+  tags: always
 
 - name: Gather package facts to check for mysql/mariadb version
   ansible.builtin.package_facts:
diff --git a/roles/os_hardening/tasks/hardening.yml b/roles/os_hardening/tasks/hardening.yml
index b4010095b..e7158f881 100644
--- a/roles/os_hardening/tasks/hardening.yml
+++ b/roles/os_hardening/tasks/hardening.yml
@@ -20,6 +20,7 @@
     '{{ item.key }}': '{{ item.value }}'
   when: "not lookup('varnames', '^' + item.key + '$')"
   with_dict: '{{ os_vars }}'
+  tags: always
 
 - import_tasks: auditd.yml
   tags: auditd
diff --git a/roles/ssh_hardening/tasks/hardening.yml b/roles/ssh_hardening/tasks/hardening.yml
index 28d64ed06..2d86081d3 100644
--- a/roles/ssh_hardening/tasks/hardening.yml
+++ b/roles/ssh_hardening/tasks/hardening.yml
@@ -20,6 +20,7 @@
     '{{ item.key }}': '{{ item.value }}'
   when: "not lookup('varnames', '^' + item.key + '$')"
   with_dict: '{{ os_vars }}'
+  tags: always
 
 - name: Get openssh-version
   command: ssh -V