Tiny templates changes related to the latest release of Ansible

ansible.cfg

@@ -1,492 +0,0 @@
-# config file for ansible -- https://ansible.com/
-# ===============================================
-
-# nearly all parameters can be overridden in ansible-playbook
-# or with command line flags. ansible will read ANSIBLE_CONFIG,
-# ansible.cfg in the current working directory, .ansible.cfg in
-# the home directory or /etc/ansible/ansible.cfg, whichever it
-# finds first
-
-[defaults]
-
-# some basic default values...
-
-#inventory      = /etc/ansible/hosts
-#library        = /usr/share/my_modules/
-#module_utils   = /usr/share/my_module_utils/
-#remote_tmp     = ~/.ansible/tmp
-#local_tmp      = ~/.ansible/tmp
-#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
-#forks          = 5
-#poll_interval  = 15
-#sudo_user      = root
-#ask_sudo_pass = True
-#ask_pass      = True
-#transport      = smart
-#remote_port    = 22
-#module_lang    = C
-#module_set_locale = False
-
-# plays will gather facts by default, which contain information about
-# the remote system.
-#
-# smart - gather by default, but don't regather if already gathered
-# implicit - gather by default, turn off with gather_facts: False
-# explicit - do not gather by default, must say gather_facts: True
-gathering = smart
-
-# This only affects the gathering done by a play's gather_facts directive,
-# by default gathering retrieves all facts subsets
-# all - gather all subsets
-# network - gather min and network facts
-# hardware - gather hardware facts (longest facts to retrieve)
-# virtual - gather min and virtual facts
-# facter - import facts from facter
-# ohai - import facts from ohai
-# You can combine them using comma (ex: network,virtual)
-# You can negate them using ! (ex: !hardware,!facter,!ohai)
-# A minimal set of facts is always gathered.
-#gather_subset = all
-
-# some hardware related facts are collected
-# with a maximum timeout of 10 seconds. This
-# option lets you increase or decrease that
-# timeout to something more suitable for the
-# environment.
-# gather_timeout = 10
-
-# Ansible facts are available inside the ansible_facts.* dictionary
-# namespace. This setting maintains the behaviour which was the default prior
-# to 2.5, duplicating these variables into the main namespace, each with a
-# prefix of 'ansible_'.
-# This variable is set to True by default for backwards compatibility. It
-# will be changed to a default of 'False' in a future release.
-# ansible_facts.
-# inject_facts_as_vars = True
-
-# additional paths to search for roles in, colon separated
-#roles_path    = /etc/ansible/roles
-
-# uncomment this to disable SSH key host checking
-#host_key_checking = False
-
-# change the default callback, you can only have one 'stdout' type  enabled at a time.
-stdout_callback = condensed
-
-
-## Ansible ships with some plugins that require whitelisting,
-## this is done to avoid running all of a type by default.
-## These setting lists those that you want enabled for your system.
-## Custom plugins should not need this unless plugin author specifies it.
-
-# enable callback plugins, they can output to stdout but cannot be 'stdout' type.
-#callback_whitelist = timer, mail
-
-# Determine whether includes in tasks and handlers are "static" by
-# default. As of 2.0, includes are dynamic by default. Setting these
-# values to True will make includes behave more like they did in the
-# 1.x versions.
-#task_includes_static = False
-#handler_includes_static = False
-
-# Controls if a missing handler for a notification event is an error or a warning
-#error_on_missing_handler = True
-
-# change this for alternative sudo implementations
-#sudo_exe = sudo
-
-# What flags to pass to sudo
-# WARNING: leaving out the defaults might create unexpected behaviours
-#sudo_flags = -H -S -n
-
-# SSH timeout
-#timeout = 10
-
-# default user to use for playbooks if user is not specified
-# (/usr/bin/ansible will use current user as default)
-#remote_user = root
-
-# logging is off by default unless this path is defined
-# if so defined, consider logrotate
-#log_path = /var/log/ansible.log
-
-# default module name for /usr/bin/ansible
-#module_name = command
-
-# use this shell for commands executed under sudo
-# you may need to change this to bin/bash in rare instances
-# if sudo is constrained
-#executable = /bin/sh
-
-# if inventory variables overlap, does the higher precedence one win
-# or are hash values merged together?  The default is 'replace' but
-# this can also be set to 'merge'.
-#hash_behaviour = replace
-
-# by default, variables from roles will be visible in the global variable
-# scope. To prevent this, the following option can be enabled, and only
-# tasks and handlers within the role will see the variables there
-#private_role_vars = yes
-
-# list any Jinja2 extensions to enable here:
-#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
-
-# if set, always use this private key file for authentication, same as
-# if passing --private-key to ansible or ansible-playbook
-#private_key_file = /path/to/file
-
-# If set, configures the path to the Vault password file as an alternative to
-# specifying --vault-password-file on the command line.
-#vault_password_file = /path/to/vault_password_file
-
-# format of string {{ ansible_managed }} available within Jinja2
-# templates indicates to users editing templates files will be replaced.
-# replacing {file}, {host} and {uid} and strftime codes with proper values.
-#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
-# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
-# in some situations so the default is a static string:
-#ansible_managed = Ansible managed
-
-# by default, ansible-playbook will display "Skipping [host]" if it determines a task
-# should not be run on a host.  Set this to "False" if you don't want to see these "Skipping"
-# messages. NOTE: the task header will still be shown regardless of whether or not the
-# task is skipped.
-display_skipped_hosts = False
-
-# by default, if a task in a playbook does not include a name: field then
-# ansible-playbook will construct a header that includes the task's action but
-# not the task's args.  This is a security feature because ansible cannot know
-# if the *module* considers an argument to be no_log at the time that the
-# header is printed.  If your environment doesn't have a problem securing
-# stdout from ansible-playbook (or you have manually specified no_log in your
-# playbook on all of the tasks where you have secret information) then you can
-# safely set this to True to get more informative messages.
-#display_args_to_stdout = False
-
-# by default (as of 1.3), Ansible will raise errors when attempting to dereference
-# Jinja2 variables that are not set in templates or action lines. Uncomment this line
-# to revert the behavior to pre-1.3.
-#error_on_undefined_vars = False
-
-# by default (as of 1.6), Ansible may display warnings based on the configuration of the
-# system running ansible itself. This may include warnings about 3rd party packages or
-# other conditions that should be resolved if possible.
-# to disable these warnings, set the following value to False:
-#system_warnings = True
-
-# by default (as of 1.4), Ansible may display deprecation warnings for language
-# features that should no longer be used and will be removed in future versions.
-# to disable these warnings, set the following value to False:
-#deprecation_warnings = True
-
-# (as of 1.8), Ansible can optionally warn when usage of the shell and
-# command module appear to be simplified by using a default Ansible module
-# instead.  These warnings can be silenced by adjusting the following
-# setting or adding warn=yes or warn=no to the end of the command line
-# parameter string.  This will for example suggest using the git module
-# instead of shelling out to the git command.
-# command_warnings = False
-
-
-# set plugin path directories here, separate with colons
-#action_plugins     = /usr/share/ansible/plugins/action
-#become_plugins     = /usr/share/ansible/plugins/become
-#cache_plugins      = /usr/share/ansible/plugins/cache
-#callback_plugins   = /usr/share/ansible/plugins/callback
-#connection_plugins = /usr/share/ansible/plugins/connection
-#lookup_plugins     = /usr/share/ansible/plugins/lookup
-#inventory_plugins  = /usr/share/ansible/plugins/inventory
-#vars_plugins       = /usr/share/ansible/plugins/vars
-#filter_plugins     = /usr/share/ansible/plugins/filter
-#test_plugins       = /usr/share/ansible/plugins/test
-#terminal_plugins   = /usr/share/ansible/plugins/terminal
-#strategy_plugins   = /usr/share/ansible/plugins/strategy
-
-callback_plugins   = 3rdparty/kolter-playbooks/3rdparty/ansible-callback-condensed/
-
-# by default, ansible will use the 'linear' strategy but you may want to try
-# another one
-#strategy = free
-
-# by default callbacks are not loaded for /bin/ansible, enable this if you
-# want, for example, a notification or logging callback to also apply to
-# /bin/ansible runs
-#bin_ansible_callbacks = False
-
-
-# don't like cows?  that's unfortunate.
-# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
-nocows = 1
-
-# set which cowsay stencil you'd like to use by default. When set to 'random',
-# a random stencil will be selected for each task. The selection will be filtered
-# against the `cow_whitelist` option below.
-#cow_selection = default
-#cow_selection = random
-
-# when using the 'random' option for cowsay, stencils will be restricted to this list.
-# it should be formatted as a comma-separated list with no spaces between names.
-# NOTE: line continuations here are for formatting purposes only, as the INI parser
-#       in python does not support them.
-#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
-#              hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
-#              stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
-
-# don't like colors either?
-# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
-#nocolor = 1
-
-# if set to a persistent type (not 'memory', for example 'redis') fact values
-# from previous runs in Ansible will be stored.  This may be useful when
-# wanting to use, for example, IP information from one group of servers
-# without having to talk to them in the same playbook run to get their
-# current IP information.
-#fact_caching = memory
-
-#This option tells Ansible where to cache facts. The value is plugin dependent.
-#For the jsonfile plugin, it should be a path to a local directory.
-#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
-
-#fact_caching_connection=/tmp
-
-
-
-# retry files
-# When a playbook fails a .retry file can be created that will be placed in ~/
-# You can enable this feature by setting retry_files_enabled to True
-# and you can change the location of the files by setting retry_files_save_path
-
-#retry_files_enabled = False
-#retry_files_save_path = ~/.ansible-retry
-
-# squash actions
-# Ansible can optimise actions that call modules with list parameters
-# when looping. Instead of calling the module once per with_ item, the
-# module is called once with all items at once. Currently this only works
-# under limited circumstances, and only with parameters named 'name'.
-#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper
-
-# prevents logging of task data, off by default
-#no_log = False
-
-# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
-no_target_syslog = True
-
-# controls whether Ansible will raise an error or warning if a task has no
-# choice but to create world readable temporary files to execute a module on
-# the remote machine.  This option is False by default for security.  Users may
-# turn this on to have behaviour more like Ansible prior to 2.1.x.  See
-# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
-# for more secure ways to fix this than enabling this option.
-#allow_world_readable_tmpfiles = False
-
-# controls the compression level of variables sent to
-# worker processes. At the default of 0, no compression
-# is used. This value must be an integer from 0 to 9.
-var_compression_level = 9
-
-# controls what compression method is used for new-style ansible modules when
-# they are sent to the remote system.  The compression types depend on having
-# support compiled into both the controller's python and the client's python.
-# The names should match with the python Zipfile compression types:
-# * ZIP_STORED (no compression. available everywhere)
-# * ZIP_DEFLATED (uses zlib, the default)
-# These values may be set per host via the ansible_module_compression inventory
-# variable
-module_compression = 'ZIP_DEFLATED'
-
-# This controls the cutoff point (in bytes) on --diff for files
-# set to 0 for unlimited (RAM may suffer!).
-#max_diff_size = 1048576
-
-# This controls how ansible handles multiple --tags and --skip-tags arguments
-# on the CLI.  If this is True then multiple arguments are merged together.  If
-# it is False, then the last specified argument is used and the others are ignored.
-# This option will be removed in 2.8.
-#merge_multiple_cli_flags = True
-
-# Controls showing custom stats at the end, off by default
-#show_custom_stats = True
-
-# Controls which files to ignore when using a directory as inventory with
-# possibly multiple sources (both static and dynamic)
-#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo
-
-# This family of modules use an alternative execution path optimized for network appliances
-# only update this setting if you know how this works, otherwise it can break module execution
-#network_group_modules=eos, nxos, ios, iosxr, junos, vyos
-
-# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as
-# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain
-# jinja2 templating language which will be run through the templating engine.
-# ENABLING THIS COULD BE A SECURITY RISK
-#allow_unsafe_lookups = False
-
-# set default errors for all plays
-#any_errors_fatal = False
-
-[inventory]
-# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
-#enable_plugins = host_list, virtualbox, yaml, constructed
-
-# ignore these extensions when parsing a directory as inventory source
-#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
-
-# ignore files matching these patterns when parsing a directory as inventory source
-#ignore_patterns=
-
-# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
-#unparsed_is_failed=False
-
-[privilege_escalation]
-#become=True
-#become_method=sudo
-#become_user=root
-#become_ask_pass=False
-
-[paramiko_connection]
-
-# uncomment this line to cause the paramiko connection plugin to not record new host
-# keys encountered.  Increases performance on new host additions.  Setting works independently of the
-# host key checking setting above.
-#record_host_keys=False
-
-# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
-# line to disable this behaviour.
-#pty=False
-
-# paramiko will default to looking for SSH keys initially when trying to
-# authenticate to remote devices.  This is a problem for some network devices
-# that close the connection after a key failure.  Uncomment this line to
-# disable the Paramiko look for keys function
-#look_for_keys = False
-
-# When using persistent connections with Paramiko, the connection runs in a
-# background process.  If the host doesn't already have a valid SSH key, by
-# default Ansible will prompt to add the host key.  This will cause connections
-# running in background processes to fail.  Uncomment this line to have
-# Paramiko automatically add host keys.
-#host_key_auto_add = True
-
-[ssh_connection]
-
-# ssh arguments to use
-# Leaving off ControlPersist will result in poor performance, so use
-# paramiko on older platforms rather than removing it, -C controls compression use
-#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
-ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes
-
-# The base directory for the ControlPath sockets.
-# This is the "%(directory)s" in the control_path option
-#
-# Example:
-# control_path_dir = /tmp/.ansible/cp
-#control_path_dir = ~/.ansible/cp
-
-# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
-# port and username (empty string in the config). The hash mitigates a common problem users
-# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
-# In those cases, a "too long for Unix domain socket" ssh error would occur.
-#
-# Example:
-# control_path = %(directory)s/%%h-%%r
-#control_path =
-
-# Enabling pipelining reduces the number of SSH operations required to
-# execute a module on the remote server. This can result in a significant
-# performance improvement when enabled, however when using "sudo:" you must
-# first disable 'requiretty' in /etc/sudoers
-#
-# By default, this option is disabled to preserve compatibility with
-# sudoers configurations that have requiretty (the default on many distros).
-#
-pipelining = True
-
-# Control the mechanism for transferring files (old)
-#   * smart = try sftp and then try scp [default]
-#   * True = use scp only
-#   * False = use sftp only
-#scp_if_ssh = smart
-
-# Control the mechanism for transferring files (new)
-# If set, this will override the scp_if_ssh option
-#   * sftp  = use sftp to transfer files
-#   * scp   = use scp to transfer files
-#   * piped = use 'dd' over SSH to transfer files
-#   * smart = try sftp, scp, and piped, in that order [default]
-#transfer_method = smart
-
-# if False, sftp will not use batch mode to transfer files. This may cause some
-# types of file transfer failures impossible to catch however, and should
-# only be disabled if your sftp version has problems with batch mode
-#sftp_batch_mode = False
-
-# The -tt argument is passed to ssh when pipelining is not enabled because sudo 
-# requires a tty by default. 
-#usetty = True
-
-# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
-# For each retry attempt, there is an exponential backoff,
-# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).
-#retries = 3
-
-[persistent_connection]
-
-# Configures the persistent connection timeout value in seconds.  This value is
-# how long the persistent connection will remain idle before it is destroyed.
-# If the connection doesn't receive a request before the timeout value
-# expires, the connection is shutdown. The default value is 30 seconds.
-connect_timeout = 30
-
-# The command timeout value defines the amount of time to wait for a command
-# or RPC call before timing out. The value for the command timeout must
-# be less than the value of the persistent connection idle timeout (connect_timeout)
-# The default value is 10 second.
-command_timeout = 1
-
-[accelerate]
-#accelerate_port = 5099
-#accelerate_timeout = 30
-#accelerate_connect_timeout = 5.0
-
-# The daemon timeout is measured in minutes. This time is measured
-# from the last activity to the accelerate daemon.
-#accelerate_daemon_timeout = 30
-
-# If set to yes, accelerate_multi_key will allow multiple
-# private keys to be uploaded to it, though each user must
-# have access to the system via SSH to add a new key. The default
-# is "no".
-#accelerate_multi_key = yes
-
-[selinux]
-# file systems that require special treatment when dealing with security context
-# the default behaviour that copies the existing context or uses the user default
-# needs to be changed to use the file system dependent context.
-#special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p
-
-# Set this to yes to allow libvirt_lxc connections to work without SELinux.
-#libvirt_lxc_noseclabel = yes
-
-[colors]
-#highlight = white
-#verbose = blue
-#warn = bright purple
-#error = red
-#debug = dark gray
-#deprecate = purple
-#skip = cyan
-#unreachable = red
-#ok = green
-changed = bright yellow
-diff_add = bright green
-diff_remove = bright red
-#diff_lines = cyan
-
-
-[diff]
-# Always print diff when running ( same as always running with -D/--diff )
-always = yes
-
-# Set how many context lines to show in diff
-# context = 3

roles/common/templates/aliases.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 #
 # Common aliases

roles/common/templates/apt/apt-nopdiffs.j2

@@ -1,5 +1,6 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 Acquire::Pdiffs "false";

roles/common/templates/apt/apt-norecommends.j2

@@ -1,6 +1,7 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 APT::Install-Recommends "false";
 APT::Install-Suggests "false";

roles/common/templates/apt/apt-progressbar.j2

@@ -1,5 +1,6 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 Dpkg::Progress-Fancy "1";

roles/common/templates/apt/auto-upgrades.buster.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";
@@ -24,4 +25,3 @@ Unattended-Upgrade::Origins-Pattern {
 {% endfor %}
 {% endif %}
 };
-

roles/common/templates/apt/auto-upgrades.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";

roles/common/templates/apt/auto-upgrades.jessie.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";

roles/common/templates/apt/auto-upgrades.sid.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";

roles/common/templates/apt/auto-upgrades.squeeze.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";

roles/common/templates/apt/auto-upgrades.stretch.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";

roles/common/templates/apt/auto-upgrades.wheezy.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Unattended-Upgrade "1";

roles/common/templates/apt/sources.buster.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb {{ debian_mirror }}/debian buster main contrib non-free
 #deb-src {{ debian_mirror }}/debian buster main contrib non-free
 

roles/common/templates/apt/sources.jessie.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb {{ debian_mirror }}/debian jessie main contrib non-free
 #deb-src {{ debian_mirror }}/debian jessie main contrib non-free
 

roles/common/templates/apt/sources.lenny.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb http://archive.debian.org/debian lenny main contrib non-free
 #deb-src http://archive.debian.org/debian lenny main contrib non-free
 

roles/common/templates/apt/sources.sid.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb {{ debian_mirror }}/debian sid main contrib non-free
 deb-src {{ debian_mirror }}/debian sid main contrib non-free
 

roles/common/templates/apt/sources.squeeze.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb http://archive.debian.org/debian squeeze main contrib non-free
 #deb-src http://archive.debian.org/debian squeeze main contrib non-free
 

roles/common/templates/apt/sources.stretch.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb {{ debian_mirror }}/debian stretch main contrib non-free
 #deb-src {{ debian_mirror }}/debian stretch main contrib non-free
 

roles/common/templates/apt/sources.wheezy.list.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 deb http://archive.debian.org/debian wheezy main contrib non-free
 #deb-src http://archive.debian.org/debian wheezy main contrib non-free
 

roles/common/templates/chkrootkit/chkrootkit.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 RUN_DAILY="false"
 RUN_DAILY_OPTS="-q"
 DIFF_MODE="false"

roles/common/templates/cron/letsencrypt.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # /etc/cron.d/letsencrypt-local:
 # Sign/renew non-existant/changed/expiring certificates generated with Let's
 # Encrypt

roles/common/templates/cron/logcheck.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # /etc/cron.d/logcheck: crontab entries for the logcheck package
 
 PATH=/bin:/sbin:/usr/bin:/usr/sbin

roles/common/templates/dehydrated/config_hooks.sh.j2

@@ -1,6 +1,7 @@
-{% if ansible_prolog %}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
 {% endif %}
 
 #

roles/common/templates/dehydrated/domains.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if ssl_certs_auto|length > 0 %}
 {% for d in ssl_certs_auto %}
 {{ d }}

roles/common/templates/dehydrated/hook.sh.j2

@@ -1,7 +1,8 @@
 #!/bin/sh
-{% if ansible_prolog %}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
 {% endif %}
 
 hooks_dir="$(dirname "$(readlink -f "${0}")")/hooks"

roles/common/templates/dehydrated/hooks/apache2.sh.j2

@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
-{% if ansible_prolog %}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
 {% endif %}
 
 deploy_challenge() {

roles/common/templates/dehydrated/hooks/nginx.sh.j2

@@ -1,7 +1,8 @@
 #!/usr/bin/env bash
-{% if ansible_prolog %}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
 {% endif %}
 
 deploy_challenge() {

roles/common/templates/dns/resolv.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if with_dnscache|bool %}
 nameserver 127.0.0.1
 {% endif %}

roles/common/templates/ferm/ferm.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 #  Configuration file for ferm(1).
 #

roles/common/templates/hosts.deny.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
 #                  See the manual pages hosts_access(5) and hosts_options(5).
 #

roles/common/templates/hosts.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 127.0.0.1 localhost.localdomain localhost
 {% if hosts_fqdn and ansible_default_ipv4.address is defined %}

roles/common/templates/kernel/sysfs.d/00-sysfs-prolog.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # /etc/sysfs.conf - Configuration file for setting sysfs attributes.
 #

roles/common/templates/kernel/sysfs.d/10-disks.conf.j2

@@ -7,7 +7,7 @@ block/{{ disk }}/queue/scheduler = none
 {% endfor %}
 {% endif %}
 {% if sysfs_disk_settings %}
-{% for disk in ansible_devices -%}
+{% for disk in ansible_devices %}
 {% for key in sysfs_disk_settings %}
 block/{{ disk }}/{{ key }} = {{ sysfs_disk_settings[key] }}
 {% endfor %}

roles/common/templates/logrotate/rsyslog.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 /var/log/syslog
 /var/log/daemon.log

roles/common/templates/opendkim/InternalHosts.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 127.0.0.1
 ::1
 {% if dkim_internal_hosts is defined %}

roles/common/templates/opendkim/KeyTable.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% for domain in dkim_domains %}
 {{ dkim_selector }}._domainkey.{{ domain }} {{ domain }}:{{ dkim_selector }}:/etc/opendkim/{{ domain }}_{{ dkim_selector }}.pem
 {% endfor %}

roles/common/templates/opendkim/SigningTable.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% for domain in dkim_domains %}
 *@{{ domain }} {{ dkim_selector }}._domainkey.{{ domain }}
 {% endfor %}

roles/common/templates/opendkim/opendkim.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 ##
 ## opendkim.conf -- configuration file for OpenDKIM filter
 ##

roles/common/templates/opendkim/opendkim.service.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 [Unit]
 Description=OpenDKIM DomainKeys Identified Mail (DKIM) Milter
 Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testadsp(8) man:opendkim-testkey http://www.opendkim.org/docs.html

roles/common/templates/postfix/main.cf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
 

roles/common/templates/postfix/sasl_credentials.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if postfix_external_smtp_credentials %}
 {% for credential in postfix_external_smtp_credentials %}
 {{ credential.email }} {{ credential.username }}:{{ credential.password }}

roles/common/templates/postfix/sasl_sender_relay.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if postfix_external_smtp_relays %}
 {% for relay in postfix_external_smtp_relays %}
 {{ relay.email }} [{{ relay.hostname }}]:{{ relay.port }}

roles/common/templates/postfix/sasl_sender_rewrite.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if postfix_external_sender_rewrites %}
 {% for rewrite in postfix_external_sender_rewrites %}
 {{ rewrite.regexp }} {{ rewrite.email }}

roles/common/templates/postfix/transport_slowsmtp.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 wanadoo.fr      slowsmtp:
 wanadoo.com     slowsmtp:
 orange.fr       slowsmtp:

roles/common/templates/rkhunter/jessie.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # This is the main configuration file for Rootkit Hunter.
 #
@@ -362,10 +363,10 @@ ALLOW_SSH_ROOT_USER=without-password
 #
 ENABLE_TESTS=ALL
 {% set disable_tests = [] %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' %}
   {% if disable_tests.append('os_specific') %}{% endif %}
 {%- endif %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' %}
     {% if disable_tests.append('promisc') %}{% endif %}
 {%- endif %}
 DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}

roles/common/templates/rkhunter/lenny.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # This is the configuration file for Rootkit Hunter.
 #
@@ -201,10 +202,10 @@ ALLOW_SSH_PROT_V1=0
 # package in Debian.
 ENABLE_TESTS="all"
 {% set disable_tests = [] %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' %}
   {% if disable_tests.append('os_specific') %}{% endif %}
 {%- endif %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' %}
     {% if disable_tests.append('promisc') %}{% endif %}
 {%- endif %}
 DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}"

roles/common/templates/rkhunter/sid.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # This is the main configuration file for Rootkit Hunter.
 #
@@ -268,10 +269,10 @@ ALLOW_SSH_PROT_V1=0
 #
 ENABLE_TESTS="all"
 {% set disable_tests = [] %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' %}
   {% if disable_tests.append('os_specific') %}{% endif %}
 {%- endif %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' %}
     {% if disable_tests.append('promisc') %}{% endif %}
 {%- endif %}
 DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}"

roles/common/templates/rkhunter/squeeze.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # This is the main configuration file for Rootkit Hunter.
 #
@@ -248,10 +249,10 @@ ALLOW_SSH_PROT_V1=0
 #
 ENABLE_TESTS="all"
 {% set disable_tests = [] %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' %}
   {% if disable_tests.append('os_specific') %}{% endif %}
 {%- endif %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' %}
     {% if disable_tests.append('promisc') %}{% endif %}
 {%- endif %}
 DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}"

roles/common/templates/rkhunter/stretch.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # This is the main configuration file for Rootkit Hunter.
 #
@@ -362,10 +363,10 @@ ALLOW_SSH_ROOT_USER=without-password
 #
 ENABLE_TESTS=all
 {% set disable_tests = [] %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' %}
   {% if disable_tests.append('os_specific') %}{% endif %}
 {%- endif %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' %}
     {% if disable_tests.append('promisc') %}{% endif %}
 {%- endif %}
 DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}

roles/common/templates/rkhunter/wheezy.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # This is the main configuration file for Rootkit Hunter.
 #
@@ -268,10 +269,10 @@ ALLOW_SSH_PROT_V1=0
 #
 ENABLE_TESTS="all"
 {% set disable_tests = [] %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'guest' %}
   {% if disable_tests.append('os_specific') %}{% endif %}
 {%- endif %}
-{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' -%}
+{% if not ansible_virtualization_role is defined or ansible_virtualization_role != 'host' %}
     {% if disable_tests.append('promisc') %}{% endif %}
 {%- endif %}
 DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps {{ disable_tests|join(' ') }}"

roles/common/templates/smartd/default.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Defaults for smartmontools initscript (/etc/init.d/smartmontools)
 # This is a POSIX shell fragment
 

roles/common/templates/smartd/smartd.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # /etc/smartd.conf
 # Configuration file for smartd. Use "man smartd.conf" for more information.
 

roles/common/templates/ssh/sshd_config.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
 
 # This is the sshd server system-wide configuration file.  See

roles/common/templates/ssh/sshd_config.legacy.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Package generated configuration file
 # See the sshd_config(5) manpage for details
 

roles/common/templates/sudo/local-admin.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # sudo configuration for local admins
 #

roles/hypervisor/templates/ganeti/instance-debootstrap/buster.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Ganeti deboostrap instance for Debian Jessie 8
 #

roles/hypervisor/templates/ganeti/instance-debootstrap/jessie.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Ganeti deboostrap instance for Debian Jessie 8
 #

roles/hypervisor/templates/ganeti/instance-debootstrap/stretch.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Ganeti deboostrap instance for Debian Jessie 8
 #

roles/hypervisor/templates/ganeti/kernel/modprobe.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 #
 # Options kernel modules while using ganeti

roles/hypervisor/templates/ganeti/kernel/modules.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 #
 # Kernel modules to load while using ganeti

roles/monitoring/templates/mon/default.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Defaults for mon initscript
 # Created by Dario Minnucci <midget@debian.org>
 

roles/monitoring/templates/mon/slave.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Mon config file
 #

roles/monitoring/templates/zabbix/agent.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # This is a config file for the Zabbix agent daemon (Unix)
 # To get more information about Zabbix, visit http://www.zabbix.com
 

roles/monitoring/templates/zabbix/plugins/ssl-discovery.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if zabbix_plugins_config.discovery.ssl is defined %}
 {% for key in zabbix_plugins_config.discovery.ssl %}
 {{ key }}:

roles/monitoring/templates/zabbix/plugins/web-availability-discovery.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 {% if zabbix_plugins_config.discovery.web is defined %}
 {% for key in zabbix_plugins_config.discovery.web.availability %}
 {{ key }}:

roles/rsyncserver/templates/rsyncd.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 uid = {{ rsyncd_uid }}
 gid = {{ rsyncd_gid }}
 use chroot = yes

roles/webserver/tasks/php.yml

@@ -362,6 +362,7 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
+    trim_blocks: 'no'
   notify:
       - 'Reload FPM for PHP'
   when: with_fpm|bool and not (fpm_pools is defined and fpm_pools) and ansible_lsb.major_release|int >= 9
@@ -376,6 +377,7 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
+    trim_blocks: 'no'
   notify:
       - 'Reload FPM for PHP'
   when: with_fpm|bool and fpm_pools is defined and fpm_pools and ansible_lsb.major_release|int >= 9

roles/webserver/templates/apache2/conf.d/security.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Disable access to the entire file system except for the directories that
 # are explicitly allowed later.

roles/webserver/templates/apache2/letsencrypt.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 <IfModule proxy_module>
     # Do not proxy ACME challenge responses
     ProxyPass /.well-known/acme-challenge/ !

roles/webserver/templates/apache2/pga_vhost.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Apache vhost for phppgadmin
 
 <VirtualHost {%if phppgadmin_vhostip %}{{ phppgadmin_vhostip }}{% else %}*{% endif %}:{{ phppgadmin_vhostport }}>

roles/webserver/templates/apache2/php5/security-local.ini.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog(';') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+;
+; {{ ansible_controlled }}
+;
+{% endif %}
 short_open_tag  =   Off
 open_basedir    =   /var/www:/tmp
 upload_tmp_dir  =   /tmp

roles/webserver/templates/apache2/php5/security-local.rmll1.ini.j2

@@ -1,7 +1,9 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog(';') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+;
+; {{ ansible_controlled }}
+;
+{% endif %}
+{% endif %}
 display_errors  =   Off
 log_errors      =   On
 error_log       =   syslog

roles/webserver/templates/apache2/pma_vhost.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Apache vhost for phpmyadmin
 
 <VirtualHost {%if phpmyadmin_vhostip %}{{ phpmyadmin_vhostip }}{% else %}*{% endif %}:{%if phpmyadmin_vhostport %}{{ phpmyadmin_vhostport }}{% else %}80{% endif %}>

roles/webserver/templates/apache2/sys_vhost.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Apache vhost for PHP system checks
 
 <VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}80{% endif %}>

roles/webserver/templates/fpm/apache2/fpm-pool.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 <IfModule proxy_fcgi_module>
     <FilesMatch ".+\.ph(p[3457]?|t|tml)$">
     {% if ansible_lsb.major_release|int >= 9 %}

roles/webserver/templates/fpm/default.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # fpm default file for php5-fpm init script
 #

roles/webserver/templates/fpm/nginx/fastcgi_pass_fpm.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # fastcgi configuration for Nginx and PHP-FPM
 #

roles/webserver/templates/fpm/nginx/fpm-pool.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 {% if fpm_pools is defined and fpm_pools %}
 {% for pool in fpm_pools %}

roles/webserver/templates/fpm/php-fpm-pools-legacy.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog(';') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+;
+; {{ ansible_controlled }}
+;
+{% endif %}
 ;;;;;;;;;;;;;;;;;;;;;;;;
 ; FPM Pool Definitions ;·
 ;;;;;;;;;;;;;;;;;;;;;;;;

roles/webserver/templates/fpm/php-fpm-pools.conf.j2

@@ -1,8 +1,8 @@
-#jinja2: trim_blocks:False
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog(';') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+;
+; {{ ansible_controlled }}
+;
+{% endif %}
 ;;;;;;;;;;;;;;;;;;;;;;;;
 ; FPM Pool Definitions ;·
 ;;;;;;;;;;;;;;;;;;;;;;;;

roles/webserver/templates/fpm/php5-fpm-pools.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+;
+; {{ ansible_controlled }}
+;
+{% endif %}
 ;;;;;;;;;;;;;;;;;;;;;;;;
 ; FPM Pool Definitions ;·
 ;;;;;;;;;;;;;;;;;;;;;;;;

roles/webserver/templates/logrotate/apache2.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 /var/log/apache2/*.log {
     daily
     missingok

roles/webserver/templates/logrotate/nginx.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 /var/log/nginx/*.log {
     daily
     missingok

roles/webserver/templates/logrotate/php-errors.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 /var/log/php/*.log
 {

roles/webserver/templates/nginx/cloudflare.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 set_real_ip_from 103.21.244.0/22;
 set_real_ip_from 103.22.200.0/22;

roles/webserver/templates/nginx/conf.d/status.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 server {
     server_name localhost;
     location /nginx_status {

roles/webserver/templates/nginx/default.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Note: You may want to look at the following page before setting the ULIMIT.
 # #  http://wiki.nginx.org/CoreModule#worker_rlimit_nofile
 # # Set the ulimit variable if you need defaults to change.

roles/webserver/templates/nginx/letsencrypt.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 location /.well-known/acme-challenge/ {
     auth_basic off;
     default_type text/plain;

roles/webserver/templates/nginx/mime.types.custom.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 types {
     application/font-woff2              woff2;

roles/webserver/templates/nginx/nginx.conf.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # nginx Configuration File
 # http://wiki.nginx.org/Configuration
 

roles/webserver/templates/nginx/pga_vhost.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Nginx vhost for phppgadmin
 
 server {

roles/webserver/templates/nginx/pma_vhost.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Nginx vhost for phpmyadmin
 
 server {

roles/webserver/templates/nginx/sys_vhost.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 # Nginx vhost for PHP system checks
 
 server {

roles/webserver/templates/nginx/vhost_all.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 
 include /etc/nginx/vhost_expires;
 include /etc/nginx/vhost_cache-fd;

roles/webserver/templates/nginx/vhost_cache-fd.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Add some cache on file descriptors
 #

roles/webserver/templates/nginx/vhost_expires.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Expirerules for static content
 #

roles/webserver/templates/nginx/vhost_protect-files.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Protect hidden files and directories
 #

roles/webserver/templates/nginx/vhost_security.j2

@@ -1,7 +1,8 @@
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog() }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+#
+# {{ ansible_controlled }}
+#
+{% endif %}
 #
 # Various security rules
 #

roles/webserver/templates/php/apc.php

@@ -1,8 +1,9 @@
 <?php
-{% if ansible_prolog -%}
-{% from 'templates/ansible/prolog.j2' import prolog with context %}
-{{ prolog('//') }}
-{% endif -%}
+{% if ansible_controlled is defined and ansible_controlled != "" %}
+//
+// {{ ansible_controlled }}
+//
+{% endif %}
 /*
   +----------------------------------------------------------------------+
   | APC                                                                  |