Consistently access facts via the ansible_facts.* namespace

Signed-off-by: Norman Ziegner <[email protected]>

Author: Normo

molecule/mysql_hardening/converge.yml

@@ -12,22 +12,22 @@
         mysql_python_package_debian: python3-pymysql
       when:
         - mysql_python_package_debian is not defined
-        - ansible_distribution == "Ubuntu"
-        - ansible_distribution_major_version|int > 19
+        - ansible_facts.distribution == "Ubuntu"
+        - ansible_facts.distribution_major_version|int > 19
 
     - name: Determine required MySQL Python libraries.
       ansible.builtin.set_fact:
         mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter | default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
       when:
         - mysql_python_package_debian is not defined
-        - ansible_distribution != "Ubuntu"
-        - ansible_distribution_major_version|int < 20
+        - ansible_facts.distribution != "Ubuntu"
+        - ansible_facts.distribution_major_version|int < 20
 
     - name: Use Python 3 on Suse
       ansible.builtin.set_fact:
         ansible_python_interpreter: /usr/bin/python3
       when:
-        - ansible_os_family == 'Suse'
+        - ansible_facts.os_family == 'Suse'
 
     - name: Include mysql_hardening role
       ansible.builtin.include_role:

molecule/mysql_hardening/prepare.yml

@@ -17,25 +17,25 @@
       ansible.builtin.set_fact:
         ansible_python_interpreter: /usr/bin/python3
       when:
-        - ansible_distribution == 'Debian'
-        - ansible_distribution_major_version|int >= 11
+        - ansible_facts.distribution == 'Debian'
+        - ansible_facts.distribution_major_version|int >= 11
 
     - name: Use Python 3 on Suse
       ansible.builtin.set_fact:
         ansible_python_interpreter: /usr/bin/python3
       when:
-        - ansible_os_family == 'Suse'
+        - ansible_facts.os_family == 'Suse'
 
     - name: Run the equivalent of "apt-get update && apt-get upgrade"
       ansible.builtin.apt:
         upgrade: safe
         update_cache: true
-      when: ansible_os_family == 'Debian'
+      when: ansible_facts.os_family == 'Debian'
 
     - name: Install required python packages on Suse
       ansible.builtin.command: zypper -n install python311-rpm python311-PyMySQL
       changed_when: false
-      when: ansible_os_family == 'Suse'
+      when: ansible_facts.os_family == 'Suse'
 
     - name: Create missing directory
       ansible.builtin.file:
@@ -48,23 +48,23 @@
         mysql_python_package_debian: python3-pymysql
       when:
         - mysql_python_package_debian is not defined
-        - ansible_distribution == "Ubuntu"
-        - ansible_distribution_major_version|int > 19
+        - ansible_facts.distribution == "Ubuntu"
+        - ansible_facts.distribution_major_version|int > 19
 
     - name: Determine required MySQL Python libraries.
       ansible.builtin.set_fact:
         mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter | default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
       when:
         - mysql_python_package_debian is not defined
-        - ansible_distribution != "Ubuntu"
-        - ansible_distribution_major_version|int < 20
+        - ansible_facts.distribution != "Ubuntu"
+        - ansible_facts.distribution_major_version|int < 20
 
     - name: Install required MySQL Python libraries on RHEL
       ansible.builtin.dnf:
         name: "{% if 'python3' in ansible_python_interpreter | default('') %}python36-PyMySQL{% else %}python2-PyMySQL{% endif %}"
       when:
-        - ansible_os_family == "RedHat"
-        - ansible_distribution_major_version == "7"
+        - ansible_facts.os_family == "RedHat"
+        - ansible_facts.distribution_major_version == "7"
 
     - name: Install mysql with a generic Ansible role
       ansible.builtin.include_role:

molecule/mysql_hardening/verify.yml

@@ -11,14 +11,14 @@
       ansible.builtin.set_fact:
         ansible_python_interpreter: /usr/bin/python3
       when:
-        - ansible_os_family == 'Suse'
+        - ansible_facts.os_family == 'Suse'
 
     - name: Install procps for debian systems
       ansible.builtin.apt:
         name: procps
         state: present
         update_cache: true
-      when: ansible_distribution == 'Debian'
+      when: ansible_facts.distribution == 'Debian'
 
     - name: Include tests for the service
       ansible.builtin.include_tasks: verify_tasks/service.yml

molecule/nginx_hardening/molecule.yml

@@ -22,7 +22,8 @@ provisioner:
     defaults:
       interpreter_python: auto_silent
       callbacks_enabled: profile_tasks, timer
-      inject_facts_as_vars: false
+      # Currently not supported by geerlingguy.nginx role
+      # inject_facts_as_vars: false
 verifier:
   name: ansible
 

molecule/nginx_hardening/prepare.yml

@@ -16,7 +16,7 @@
     - name: Set correct distribution Version for Amazon Linux
       ansible.builtin.set_fact:
         ansible_distribution_major_version: 7
-      when: ansible_distribution == 'Amazon'
+      when: ansible_facts.distribution == 'Amazon'
 
     - name: Install nginx with a generic Ansible role
       ansible.builtin.include_role:

molecule/nginx_hardening/verify.yml

@@ -12,7 +12,7 @@
         name: procps
         state: present
         update_cache: true
-      when: ansible_distribution == 'Debian'
+      when: ansible_facts.distribution == 'Debian'
 
 - name: Verify
   hosts: localhost

molecule/os_hardening/prepare.yml

@@ -16,7 +16,7 @@
       ansible.builtin.apt:
         upgrade: safe
         update_cache: true
-      when: ansible_os_family == 'Debian'
+      when: ansible_facts.os_family == 'Debian'
 
     - name: Install required tools on SuSE
       # cannot use zypper module, since it depends on python-xml

molecule/os_hardening/verify_tasks/pw_ageing.yml

@@ -19,7 +19,7 @@
     # this uses the date from the expire_date variable and subtracts the current date.
     # it should be bigger that the password_expire_min of the user "pw_no_ageing"
     that:
-      - ( expiry_date.stdout | trim | to_datetime('%b %d, %Y') - ansible_date_time.date | to_datetime('%Y-%m-%d')).days == 60
+      - ( expiry_date.stdout | trim | to_datetime('%b %d, %Y') - ansible_facts.date_time.date | to_datetime('%Y-%m-%d')).days == 60
 
 - name: Get Password Expiry warning days for pw_ageing
   ansible.builtin.shell: chage -l pw_ageing | grep "warning before password expires" | cut -d ":" -f 2

molecule/os_hardening_vm/converge.yml

@@ -30,7 +30,7 @@
         os_mnt_var_options: rw,nosuid,nodev,compress=zstd:1,subvol=var
       when:
         - ansible_facts.distribution == 'Fedora'
-        - ansible_distribution_major_version|int == 40
+        - ansible_facts.distribution_major_version|int == 40
 
     - name: Include os_hardening role
       ansible.builtin.include_role:

molecule/os_hardening_vm/prepare.yml

@@ -26,7 +26,7 @@
       ansible.builtin.dpkg_selections:
         name: grub-pc
         selection: hold
-      when: ansible_os_family == 'Debian'
+      when: ansible_facts.os_family == 'Debian'
 
     # we need to free up space, since the /boot partition in some Vagrant images is
     # pretty small and system updates might fail
@@ -35,20 +35,20 @@
         paths: /boot
         patterns: "initrd.img*"
       register: find_results
-      when: ansible_os_family == 'Debian'
+      when: ansible_facts.os_family == 'Debian'
 
     - name: Delete all initrd.img to free space on /boot
       ansible.builtin.file:
         path: "{{ item['path'] }}"
         state: absent
       with_items: "{{ find_results['files'] }}"
-      when: ansible_os_family == 'Debian'
+      when: ansible_facts.os_family == 'Debian'
 
     - name: Run the equivalent of "apt-get update && apt-get upgrade"
       ansible.builtin.apt:
         upgrade: safe
         update_cache: true
-      when: ansible_os_family == 'Debian'
+      when: ansible_facts.os_family == 'Debian'
 
     - name: Install required tools on fedora
       ansible.builtin.dnf: