Fixing the "dry-run" errors.

When deploying using the standard procedure, with apply_security_hardening
set to False, the tasks are skipped but still parsed.

This causes the playbook to fail because some folders are not created, etc.

This should fix it.

Change-Id: I00fca48b2fe1cc2756bd283ebd220cad441a9cf4
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>

tasks/auditd.yml

@@ -255,6 +255,7 @@
   shell: ls /var/log/audit/
   register: v38498_result
   changed_when: false
+  when: auditd_log_dir.stat.exists | bool
   tags:
     - auditd
     - cat2
@@ -266,8 +267,8 @@
   file:
     dest: "/var/log/audit/{{ item }}"
     mode: 0400
-  with_items: "{{ v38498_result.stdout_lines }}"
-  when: v_38498_result is defined
+  with_items: "{{ v38498_result.stdout_lines | default([]) }}"
+  when: auditd_log_dir.stat.exists | bool
   tags:
     - auditd
     - cat2

tasks/auth.yml

@@ -70,7 +70,7 @@
   shell: "awk -F: '$1 ~ /^{{ item }}$/ && $2 !~ /^[!*]/ {print $1}' /etc/shadow"
   register: v38496_unlocked_system_users
   always_run: True
-  with_items: "{{ v38496_system_users.stdout_lines }}"
+  with_items: "{{ v38496_system_users.stdout_lines | default([])}}"
   tags:
     - auth
     - cat2
@@ -429,7 +429,7 @@
 # multiple lines.
 - name: Comment out sudoers lines with NOPASSWD present (for V-58901)
   shell: "sed -e '/NOPASSWD/ s/^#*/#/' -i {{ item }}"
-  with_items: "{{ v58901_result.stdout_lines }}"
+  with_items: "{{ v58901_result.stdout_lines | default([]) }}"
   when: security_sudoers_remove_nopasswd | bool
   tags:
     - auth
@@ -440,7 +440,7 @@
 # multiple lines.
 - name: Comment out sudoers lines with !authenticate present (for V-58901)
   shell: "sed -e '/!authenticate/ s/^#*/#/' -i {{ item }}"
-  with_items: "{{ v58901_result.stdout_lines }}"
+  with_items: "{{ v58901_result.stdout_lines | default([]) }}"
   when: security_sudoers_remove_authenticate | bool
   tags:
     - auth