tb3088/gist:4ea9324ce6c3d10ea7ef08559797c5c9

## gistfile1.txt
# use '--skip-tags=grub,bootloader,rescue,sudoers' to skip DANGEROUS items
---
- hosts: all
  become: yes

  vars:
    update_all_packages: no
    do_cat1: yes
    do_cat2: yes
    do_cat3: no
    bootloader_password:
    login_banner: |
      !! NOTICE - This is a PRIVATE computing system !!
      All activity is monitored and any unauthorized access will be reported
      to the authorities. Disconnect now if you do not agree to these terms.

  tasks:
  - group_by: key={{ansible_facts['os_family']}}{{ansible_facts['distribution_major_version']}}

- hosts: RedHat6
  tasks:
    - import_role:
        name: RedHat-6-STIG
  vars:
    rhel6stig_cat1: "{{ do_cat1 }}"
    rhel6stig_cat2: "{{ do_cat2 }}"
    rhel6stig_cat3: "{{ do_cat3 }}"
    rhel6stig_login_banner: "{{ login_banner }}"
    rhel6stig_update_all_packages: "{{ update_all_packages }}"
    rhel6stig_bootloader_password: "{{ bootloader_password }}"

    # preempt assert to preserve RC=0 during Packer run
    # when:
      # - ansible_facts['os_family'] == 'RedHat'
      # - ansible_facts['distribution_major_version']|int == 6

- hosts: RedHat7
  tasks:
    - import_role:
        name: RedHat-7-STIG

  # - include_role: RedHat-7-STIG
  vars:
    rhel7stig_cat1: "{{ do_cat1 }}"
    rhel7stig_cat2: "{{ do_cat2 }}"
    rhel7stig_cat3: "{{ do_cat3 }}"
    rhel7stig_logon_banner: "{{ login_banner }}"
    rhel7stig_update_all_packages: "{{ update_all_packages }}"
    rhel7stig_bootloader_password: "{{ bootloader_password }}"
    rhel_07_021021: false       # !disable 'exec' on NFS

    # preempt assert to preserve RC=0 during Packer run
    # when:
      # - ansible_facts.os_family == 'RedHat'
      # - ansible_facts.distribution_major_version == '7'       #alt: | version_compare('7', '==')
	# use '--skip-tags=grub,bootloader,rescue,sudoers' to skip DANGEROUS items
	---
	- hosts: all
	become: yes

	vars:
	update_all_packages: no
	do_cat1: yes
	do_cat2: yes
	do_cat3: no
	bootloader_password:
	login_banner: \|
	!! NOTICE - This is a PRIVATE computing system !!
	All activity is monitored and any unauthorized access will be reported
	to the authorities. Disconnect now if you do not agree to these terms.

	tasks:
	- group_by: key={{ansible_facts['os_family']}}{{ansible_facts['distribution_major_version']}}

	- hosts: RedHat6
	tasks:
	- import_role:
	name: RedHat-6-STIG
	vars:
	rhel6stig_cat1: "{{ do_cat1 }}"
	rhel6stig_cat2: "{{ do_cat2 }}"
	rhel6stig_cat3: "{{ do_cat3 }}"
	rhel6stig_login_banner: "{{ login_banner }}"
	rhel6stig_update_all_packages: "{{ update_all_packages }}"
	rhel6stig_bootloader_password: "{{ bootloader_password }}"

	# preempt assert to preserve RC=0 during Packer run
	# when:
	# - ansible_facts['os_family'] == 'RedHat'
	# - ansible_facts['distribution_major_version']\|int == 6

	- hosts: RedHat7
	tasks:
	- import_role:
	name: RedHat-7-STIG

	# - include_role: RedHat-7-STIG
	vars:
	rhel7stig_cat1: "{{ do_cat1 }}"
	rhel7stig_cat2: "{{ do_cat2 }}"
	rhel7stig_cat3: "{{ do_cat3 }}"
	rhel7stig_logon_banner: "{{ login_banner }}"
	rhel7stig_update_all_packages: "{{ update_all_packages }}"
	rhel7stig_bootloader_password: "{{ bootloader_password }}"
	rhel_07_021021: false # !disable 'exec' on NFS

	# preempt assert to preserve RC=0 during Packer run
	# when:
	# - ansible_facts.os_family == 'RedHat'
	# - ansible_facts.distribution_major_version == '7' #alt: \| version_compare('7', '==')