use ansible_facts to reference facts

By default, Ansible injects a variable for every fact, prefixed with
ansible_. This can result in a large number of variables for each host,
which at scale can incur a performance penalty. Ansible provides a
configuration option [0] that can be set to False to prevent this
injection of facts. In this case, facts should be referenced via
ansible_facts..

This change updates all references to Ansible facts from using
individual fact variables to using the items in the
ansible_facts dictionary. This allows users to disable fact variable
injection in their Ansible configuration, which may provide some
performance improvement.

[0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars

Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>

tasks/section_1/cis_1.1.2.x.yml

@@ -33,7 +33,7 @@
       state: present
       opts: defaults,{% if rhel9cis_rule_1_1_2_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_2_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_2_4 %}nosuid{% endif %}
   notify: Remount tmp
-  loop: "{{ ansible_mounts }}"
+  loop: "{{ ansible_facts.mounts }}"
   loop_control:
       label: "{{ item.device }}"
   when:

tasks/section_1/cis_1.1.3.x.yml

@@ -31,7 +31,7 @@
       fstype: "{{ item.fstype }}"
       state: present
       opts: defaults,{% if rhel9cis_rule_1_1_3_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_3_3 %}nosuid,{% endif %}
-  loop: "{{ ansible_mounts }}"
+  loop: "{{ ansible_facts.mounts }}"
   loop_control:
       label: "{{ item.device }}"
   notify: Change_requires_reboot

tasks/section_1/cis_1.1.4.x.yml

@@ -33,7 +33,7 @@
       fstype: "{{ item.fstype }}"
       state: present
       opts: defaults,{% if rhel9cis_rule_1_1_4_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_4_3 %}nosuid,{% endif %}{% if rhel9cis_rule_1_1_4_4 %}nodev{% endif %}
-  loop: "{{ ansible_mounts }}"
+  loop: "{{ ansible_facts.mounts }}"
   loop_control:
       label: "{{ item.device }}"
   notify: Change_requires_reboot

tasks/section_1/cis_1.1.5.x.yml

@@ -33,7 +33,7 @@
       fstype: "{{ item.fstype }}"
       state: present
       opts: defaults,{% if rhel9cis_rule_1_1_5_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_5_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_5_4 %}nosuid{% endif %}
-  loop: "{{ ansible_mounts }}"
+  loop: "{{ ansible_facts.mounts }}"
   loop_control:
       label: "{{ item.device }}"
   notify: Change_requires_reboot

tasks/section_1/cis_1.1.6.x.yml

@@ -32,7 +32,7 @@
       fstype: "{{ item.fstype }}"
       state: present
       opts: defaults,{% if rhel9cis_rule_1_1_6_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_6_3 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_6_4 %}nosuid{% endif %}
-  loop: "{{ ansible_mounts }}"
+  loop: "{{ ansible_facts.mounts }}"
   loop_control:
       label: "{{ item.device }}"
   notify: Change_requires_reboot

tasks/section_1/cis_1.1.7.x.yml

@@ -32,7 +32,7 @@
       fstype: "{{ item.fstype }}"
       state: present
       opts: defaults,{% if rhel9cis_rule_1_1_7_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_7_3 %}nosuid,{% endif %}
-  loop: "{{ ansible_mounts }}"
+  loop: "{{ ansible_facts.mounts }}"
   loop_control:
       label: "{{ item.device }}"
   notify: Change_requires_reboot

tasks/section_1/cis_1.2.x.yml

@@ -23,9 +23,9 @@
               os_gpg_key_check.rc == 1
   when:
       - rhel9cis_rule_1_2_1
-      - ansible_distribution == "RedHat" or
-        ansible_distribution == "Rocky" or
-        ansible_distribution == "AlmaLinux"
+      - ansible_facts.distribution == "RedHat" or
+        ansible_facts.distribution == "Rocky" or
+        ansible_facts.distribution == "AlmaLinux"
   tags:
       - level1-server
       - level1-workstation
@@ -111,8 +111,8 @@
 
   when:
       - rhel9cis_rule_1_2_4
-      - not rhel9cis_rhel_default_repo or ansible_distribution != 'RedHat'
-      - ansible_distribution != 'OracleLinux'
+      - not rhel9cis_rhel_default_repo or ansible_facts.distribution != 'RedHat'
+      - ansible_facts.distribution != 'OracleLinux'
   tags:
       - level1-server
       - level1-workstation