Remove set_facts tasks not to polute global namespace

The usage of set_facts inside of roles is not recommended if
it is used for internal variables used only inside of the role.
It is recommended to use variables with smaller scope to avoid
inter-dependencies between different invocations of the same
role as demonstrated in the tests_alternative_file.yml later
in the patch series

ttps://github.com/oasis-roles/meta_standards#ansible-best-practices

defaults/main.yml

@@ -41,21 +41,17 @@ sshd: {}
 
 ### VARS DEFAULTS
 ### The following are defaults for OS specific configuration in var files in
-### this role. They should not be set directly by role users. If you really
+### this role. They should not be set directly by role users.
-### need to override them, use the corresponding, unprefixed variables (eg
+sshd_packages: []
-### `sshd_packages` to override __sshd_packages).
+sshd_config_owner: root
-__sshd_packages: []
+sshd_config_group: root
-__sshd_config_owner: root
+sshd_config_mode: "0600"
-__sshd_config_group: root
+sshd_binary: /usr/sbin/sshd
-__sshd_config_mode: "0600"
+sshd_service: sshd
-__sshd_config_file: /etc/ssh/sshd_config
+sshd_sftp_server: /usr/lib/openssh/sftp-server
-__sshd_binary: /usr/sbin/sshd
-__sshd_service: sshd
 
 ### These variables are used by role internals and should not be used.
-__sshd_sftp_server: /usr/lib/openssh/sftp-server
 __sshd_defaults: {}
 __sshd_os_supported: no
-__sshd_sysconfig: false
 __sshd_sysconfig_supports_crypto_policy: false
 __sshd_sysconfig_supports_use_strong_rng: false

tasks/variables.yml

@@ -23,44 +23,5 @@
         - "{{ ansible_os_family }}.yml"
         - default.yml
       paths:
-        - '{{ role_path }}/vars'
+        - "{{ role_path }}/vars"
-        - '{{ playbook_dir }}/vars'
+        - "{{ playbook_dir }}/vars"
-
-- name: Override OS defaults
-  block:
-    - name: Define sshd_packages
-      set_fact:
-        sshd_packages: "{{ __sshd_packages }}"
-      when: sshd_packages is not defined
-    - name: Define sshd_config_owner
-      set_fact:
-        sshd_config_owner: "{{ __sshd_config_owner }}"
-      when: sshd_config_owner is not defined
-    - name: Define sshd_config_group
-      set_fact:
-        sshd_config_group: "{{ __sshd_config_group }}"
-      when: sshd_config_group is not defined
-    - name: Define sshd_config_mode
-      set_fact:
-        sshd_config_mode: "{{ __sshd_config_mode }}"
-      when: sshd_config_mode is not defined
-    - name: Define sshd_config_file
-      set_fact:
-        sshd_config_file: "{{ __sshd_config_file }}"
-      when: sshd_config_file is not defined
-    - name: Define sshd_binary
-      set_fact:
-        sshd_binary: "{{ __sshd_binary }}"
-      when: sshd_binary is not defined
-    - name: Define sshd_service
-      set_fact:
-        sshd_service: "{{ __sshd_service }}"
-      when: sshd_service is not defined
-    - name: Define sshd_sftp_server
-      set_fact:
-        sshd_sftp_server: "{{ __sshd_sftp_server }}"
-      when: sshd_sftp_server is not defined
-    - name: Define sshd_sysconfig
-      set_fact:
-        sshd_sysconfig: "{{ __sshd_sysconfig }}"
-      when: sshd_sysconfig is not defined

vars/AIX.yml

@@ -1,10 +1,10 @@
 ---
-__sshd_config_mode: '0644'
+sshd_config_mode: '0644'
 # sshd is not installed by yum / AIX toolbox for Linux.
 # You'll need to manually install them using AIX Web Download Packs.
-__sshd_packages: []
+sshd_packages: []
-__sshd_sftp_server: /usr/sbin/sftp-server
+sshd_sftp_server: /usr/sbin/sftp-server
-__sshd_config_group: system
+sshd_config_group: system
 __sshd_defaults:
   Subsystem: "sftp {{ sshd_sftp_server }}"
 __sshd_os_supported: yes

vars/Amazon.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_config_mode: '0644'
+sshd_config_mode: '0644'
-__sshd_packages:
+sshd_packages:
   - openssh
   - openssh-server
-__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   SyslogFacility: AUTHPRIV
   PermitRootLogin: forced-commands-only

vars/Archlinux.yml

@@ -1,7 +1,7 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
-__sshd_sftp_server: /usr/lib/ssh/sftp-server
+sshd_sftp_server: /usr/lib/ssh/sftp-server
 __sshd_defaults:
   AuthorizedKeysFile: .ssh/authorized_keys
   ChallengeResponseAuthentication: no

vars/Container Linux by CoreOS.yml

@@ -1,8 +1,8 @@
 ---
 # There is no package manager in CoreOS
-__sshd_packages: []
+sshd_packages: []
-__sshd_service: sshd
+sshd_service: sshd
-__sshd_sftp_server: internal-sftp
+sshd_sftp_server: internal-sftp
 __sshd_defaults:
   Subsystem: "sftp {{ sshd_sftp_server }}"
   ClientAliveInterval: 180

vars/Debian.yml

@@ -1,8 +1,8 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Debian_10.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Debian_8.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Debian_9.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Fedora.yml

@@ -1,11 +1,11 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
   - openssh-server
-__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+sshd_sftp_server: /usr/libexec/openssh/sftp-server
 # Fedora 32 ships with drop-in directory support so we touch
 # just included file with highest priority by default and have
 # empty defaults
-__sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
+sshd_config_file: /etc/ssh/sshd_config.d/00-ansible_system_role.conf
 __sshd_defaults:
 __sshd_os_supported: yes

vars/Fedora_31.yml

@@ -1,8 +1,8 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
   - openssh-server
-__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key

vars/FreeBSD.yml

@@ -1,5 +1,5 @@
 ---
-__sshd_config_group: wheel
+sshd_config_group: wheel
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
-__sshd_sftp_server: /usr/libexec/sftp-server
+sshd_sftp_server: /usr/libexec/sftp-server
 __sshd_os_supported: yes

vars/Gentoo.yml

@@ -1,7 +1,7 @@
 ---
-__sshd_packages:
+sshd_packages:
   - net-misc/openssh
-__sshd_sftp_server: /usr/lib64/misc/sftp-server
+sshd_sftp_server: /usr/lib64/misc/sftp-server
 __sshd_defaults:
   Subsystem: "sftp {{ sshd_sftp_server }}"
   # Replace tcp keepalive with unspoofable keepalive

vars/OpenBSD.yml

@@ -1,7 +1,7 @@
 ---
-__sshd_config_group: wheel
+sshd_config_group: wheel
-__sshd_config_mode: "0600"
+sshd_config_mode: "0600"
-__sshd_sftp_server: /usr/libexec/sftp-server
+sshd_sftp_server: /usr/libexec/sftp-server
 __sshd_defaults:
   AuthorizedKeysFile: .ssh/authorized_keys
   Subsystem: "sftp {{ sshd_sftp_server }}"

vars/RedHat_6.yml

@@ -1,8 +1,8 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
   - openssh-server
-__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   Protocol: 2
   SyslogFacility: AUTHPRIV

vars/RedHat_7.yml

@@ -1,8 +1,8 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
   - openssh-server
-__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key

vars/RedHat_8.yml

@@ -1,8 +1,8 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
   - openssh-server
-__sshd_sftp_server: /usr/libexec/openssh/sftp-server
+sshd_sftp_server: /usr/libexec/openssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key

vars/Suse.yml

@@ -1,7 +1,7 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
-__sshd_sftp_server: /usr/lib/ssh/sftp-server
+sshd_sftp_server: /usr/lib/ssh/sftp-server
 __sshd_defaults:
   HostKey:
     - /etc/ssh/ssh_host_rsa_key

vars/Ubuntu_12.yml

@@ -1,8 +1,8 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Ubuntu_14.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Ubuntu_16.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   Port: 22
   Protocol: 2

vars/Ubuntu_18.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   PasswordAuthentication: no
   ChallengeResponseAuthentication: no

vars/Ubuntu_20.yml

@@ -1,9 +1,9 @@
 ---
-__sshd_service: ssh
+sshd_service: ssh
-__sshd_packages:
+sshd_packages:
   - openssh-server
   - openssh-sftp-server
-__sshd_config_mode: "0644"
+sshd_config_mode: "0644"
 __sshd_defaults:
   ChallengeResponseAuthentication: no
   UsePAM: yes

vars/openSUSE Leap_15.yml

@@ -1,7 +1,7 @@
 ---
-__sshd_packages:
+sshd_packages:
   - openssh
-__sshd_sftp_server: /usr/lib/ssh/sftp-server
+sshd_sftp_server: /usr/lib/ssh/sftp-server
 __sshd_defaults:
   AuthorizedKeysFile: .ssh/authorized_keys
   UsePAM: yes