roles: Fix when, block and always key order.

ansible-lint warns if 'warn' key is used before block and always keys.
2026-05-14 13:32:10 +00:00 · 2023-01-03 18:21:07 -03:00
parent 292e2eb60e
commit 5062ac2b09
8 changed files with 58 additions and 88 deletions
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -2,6 +2,7 @@
 # tasks file for ipaserver

 - name: Install - Package installation
+  when: ipaserver_install_packages | bool
  block:
  - name: Install - Ensure that IPA server packages are installed
    ansible.builtin.package:
@@ -26,9 +27,9 @@
      state: present
    when: ipaserver_setup_firewalld | bool

-  when: ipaserver_install_packages | bool

 - name: Install - Firewall configuration
+  when: ipaserver_setup_firewalld | bool
  block:
  - name: Firewalld service - Ensure that firewalld is running
    ansible.builtin.systemd:
@@ -51,9 +52,7 @@
      >/dev/null
    when: ipaserver_firewalld_zone is defined

-  when: ipaserver_setup_firewalld | bool
-
- name: Include tasks "{{ role_path }}/tasks/copy_external_cert.yml"
+- name: Copy external cert
  ansible.builtin.include_tasks: "{{ role_path }}/tasks/copy_external_cert.yml"
  with_items: "{{ ipaserver_external_cert_files_from_controller }}"
  when: ipaserver_external_cert_files_from_controller is defined and
@@ -131,14 +130,13 @@
  register: result_ipaserver_test

 - name: Install - Deploy server
+  when: not ansible_check_mode and not
+        (not result_ipaserver_test.changed and
+         (result_ipaserver_test.client_already_configured is defined or
+          result_ipaserver_test.server_already_configured is defined))
  block:
-  # This block is executed only when
-  # not ansible_check_mode and
-  # not (not result_ipaserver_test.changed and
-  #      (result_ipaserver_test.client_already_configured is defined or
-  #       result_ipaserver_test.server_already_configured is defined)
-
  - name: Install - Obtain master password
+    when: ipaserver_master_password is undefined
    block:
    - name: Install - Master password creation
      no_log: yes
@@ -153,8 +151,6 @@
        ipaserver_master_password:
          "{{ result_ipaserver_master_password.password }}"

-    when: ipaserver_master_password is undefined
-
  - name: Install - Server preparation
    ipaserver_prepare:
      ### basic ###
@@ -321,6 +317,7 @@
          ipaserver_copy_csr_to_controller | bool

  - name: Install - Configure services
+    when: not result_ipaserver_setup_ca.csr_generated | bool
    block:
    - name: Install - Setup otpd
      ipaserver_setup_otpd:
@@ -476,8 +473,6 @@
        {{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
      when: ipaserver_setup_firewalld | bool

-    when: not result_ipaserver_setup_ca.csr_generated | bool
-
  always:
  - name: Cleanup temporary files
    ansible.builtin.file:
@@ -487,8 +482,3 @@
    - "/etc/ipa/.tmp_pkcs12_dirsrv"
    - "/etc/ipa/.tmp_pkcs12_http"
    - "/etc/ipa/.tmp_pkcs12_pkinit"
-
-  when: not ansible_check_mode and not
-        (not result_ipaserver_test.changed and
-         (result_ipaserver_test.client_already_configured is defined or
-          result_ipaserver_test.server_already_configured is defined))