with_items to loop

Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
2025-12-24 22:23:06 +00:00 · 2023-01-25 10:01:14 +00:00 · 2023-01-25 10:01:14 +00:00 · 7760f35161
commit 7760f35161
parent 674e0fab16
4 changed files with 5 additions and 8 deletions
--- a/tasks/section_3/cis_3.1.x.yml
+++ b/tasks/section_3/cis_3.1.x.yml
@ -62,8 +62,7 @@
            mode: "0600"
            owner: root
            group: root
-        with_items:
-            - tipc
+        loop: tipc  # note the item used in the template

      - name: "3.1.3 | PATCH | Ensure TIPC is disabled | blacklist"
        ansible.builtin.lineinfile:
--- a/tasks/section_3/cis_3.4.1.x.yml
+++ b/tasks/section_3/cis_3.4.1.x.yml
@ -21,8 +21,7 @@
        ansible.builtin.systemd:
            name: "{{ item }}"
            masked: true
-        with_items:
-            - firewalld
+        loop: firewalld
        when:
            - item in ansible_facts.packages
            - rhel9cis_firewall == 'nftables'
@ -31,8 +30,7 @@
        ansible.builtin.systemd:
            name: "{{ item }}"
            masked: true
-        with_items:
-            - nftables
+        loop: nftables
        when:
            - item in ansible_facts.packages
            - rhel9cis_firewall == 'firewalld'
--- a/tasks/section_3/cis_3.4.2.x.yml
+++ b/tasks/section_3/cis_3.4.2.x.yml
@ -102,7 +102,7 @@
      - name: "3.4.2.3 | PATCH | Ensure nftables base chains exist | Create chains if needed"
        ansible.builtin.shell: "{{ item }}"
        failed_when: false
-        with_items:
+        loop:
            - nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" input { type filter hook input priority 0 \; }
            - nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" forward { type filter hook forward priority 0 \; }
            - nft create chain inet "{{ rhel9cis_nft_tables_tablename }}" output { type filter hook output priority 0 \; }