Fix old variable usage. Patch from janeznemanic. Thanks!

2014-01-01 19:15:11 +00:00 · 2014-01-01 19:15:11 +00:00 · f7d56ff2b1
commit f7d56ff2b1
parent d011bbde2c
98 changed files with 886 additions and 889 deletions
--- a/playbooks/cloud_prep.yml
+++ b/playbooks/cloud_prep.yml
@ -3,12 +3,12 @@
  user: root
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - $private/vars.yml
+   - "{{ private }}/vars.yml"
-   - $vars/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/destroy_cloud_inst.yml
+++ b/playbooks/destroy_cloud_inst.yml
@ -1,22 +1,21 @@
-DIE DIE DIE
+#DIE DIE DIE
-there is no way this could work so fail
+# there is no way this could work so fail
-
+#
 # only works with -e target=
 # requires --extra-vars="target=hostspec"
 - name: destroy the cloud instance
-  hosts: $target
+  hosts: "{{ target }}"
  user: root
  gather_facts: false
  tasks:
  - name: fail if the host/ip is not up
-    local_action: wait_for host=${inventory_hostname} port=22 delay=0 timeout=10
+    local_action: wait_for host={{ inventory_hostname }} port=22 delay=0 timeout=10
-    when_string: inventory_hostname not in result.list_vms
+    when: inventory_hostname not in result.list_vms
  - name: pause for 30s before doing it
-    pause: seconds=30 prompt="Destroying vm now $target, abort if this is wrong"
+    pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
  - name: find the instance id from the builder
    action: command curl -s http://169.254.169.254/latest/meta-data/instance-id
--- a/playbooks/destroy_virt_inst.yml
+++ b/playbooks/destroy_virt_inst.yml
@ -10,29 +10,29 @@
 # requires --extra-vars="target=hostspec"
 - name: destroy and undefine vm
-  hosts: $target
+  hosts: "{{ target }}"
  user: root
  gather_facts: false
  tasks:
  - name: get vm list on the vmhost
-    delegate_to: $vmhost
+    delegate_to: "{{ vmhost }}"
    virt: command=list_vms
    register: result
  - name: fail if the host is not already defined/existent
-    local_action: fail msg="host does not exist on $vmhost"
+    local_action: fail msg="host does not exist on {{ vmhost }}"
    when: inventory_hostname not in result.list_vms
  - name: pause for 30s before doing it
-    pause: seconds=30 prompt="Destroying vm now $target, abort if this is wrong"
+    pause: seconds=30 prompt="Destroying vm now {{ target }}, abort if this is wrong"
  - name: destroy the vm
-    action: virt name=${inventory_hostname} command=destroy
+    action: virt name={{ inventory_hostname }} command=destroy
-    delegate_to: $vmhost
+    delegate_to: "{{ vmhost }}"
  - name: undefine the vm
-    action: virt name=${inventory_hostname} command=undefine
+    action: virt name={{ inventory_hostname }} command=undefine
-    delegate_to: $vmhost
+    delegate_to: "{{ vmhost }}"
--- a/playbooks/el6_temp_instance.yml
+++ b/playbooks/el6_temp_instance.yml
@ -8,16 +8,16 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  vars:
  - keypair: fedora-admin-20130801
-  - image: $el6_qcow_id
+  - image: "{{ el6_qcow_id }}"
  - instance_type: m1.small
  - security_group: default
  tasks:
-  - include: $tasks/transient_cloud.yml
+  - include: "{{ tasks }}/transient_cloud.yml"
 - name: provision instance
  hosts: tmp_just_created
@ -26,13 +26,13 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/f19_temp_instance.yml
+++ b/playbooks/f19_temp_instance.yml
@ -8,15 +8,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  vars:
  - keypair: fedora-admin-20130801
-  - image: $f19_qcow_id
+  - image: "{{ f19_qcow_id }}"
  - instance_type: m1.small
  - security_group: default
  tasks:
-  - include: $tasks/transient_cloud.yml
+  - include: "{{ tasks }}/transient_cloud.yml"
 - name: provision instance
  hosts: tmp_just_created
@ -25,8 +25,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
  - name: growpart /dev/vda1 partition (/) to full size
@ -36,14 +36,14 @@
  - name: resize the /dev/vda 1 fs
    action: command resize2fs /dev/vda1
-    when: ${growpart.rc} == 0
+    when: "{{ growpart.rc }} == 0"
  - name: put the mbr back - b/c the resize breaks booting otherwise
    action: shell cat /usr/share/syslinux/mbr.bin > /dev/vda
-    when: ${growpart.rc} == 0
+    when: "{{ growpart.rc }} == 0"
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/fedora_temp_instance.yml
+++ b/playbooks/fedora_temp_instance.yml
@ -8,15 +8,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  vars:
  - keypair: fedora-admin-20130801
-  - image: $f18_qcow_id
+  - image: "{{ f18_qcow_id }}"
  - instance_type: m1.small
  - security_group: default
  tasks:
-  - include: $tasks/transient_cloud.yml
+  - include: "{{ tasks }}/transient_cloud.yml"
 - name: provision instance
  hosts: tmp_just_created
@ -25,12 +25,12 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/fedorahosted_fedmsg_git.yml
+++ b/playbooks/fedorahosted_fedmsg_git.yml
@ -1,6 +1,6 @@
 # requires --extra-vars "{'repos': ['yokan.git', 'yumex.git']}"
- name: Install the fedmsg hook into a number of fedrahosted git repos
+- name: Install the fedmsg hook into a number of fedorahosted git repos
  hosts: hosted03.fedoraproject.org
  user: root
@ -18,32 +18,32 @@
  # the command *if* that creates= file is already present.  Its a hackaround to
  # make this task idempotent.
  - name: make sure the git repos exist in the first place
-    command: /bin/ls ${prefix}${item} creates=${prefix}${item}
+    command: /bin/ls {{ prefix }}{{ item }} creates={{ prefix }}{{ item }}
-    with_items: ${repos}
+    with_items: "{{ repos }}"
  - name: ensure there is a post-receive-chained.d/ directory
    file: >
        state=directory
-        path=${prefix}${item}${chained}/
+        path="{{ prefix }}{{ item }}{{ chained }}/"
-    with_items: ${repos}
+    with_items: "{{ repos }}"
  - name: move the old post-receive email hook into the chained dir
    command: >
-        /bin/mv ${prefix}${item}/hooks/post-receive ${prefix}${item}${chained}/post-receive-email
+        /bin/mv "{{ prefix }}{{ item }}/hooks/post-receive" "{{ prefix }}{{ item }}{{ chained }}/post-receive-email"
-        removes=${prefix}${item}/hooks/post-receive
+        removes="{{ prefix }}{{ item }}/hooks/post-receive"
-        creates=${prefix}${item}${chained}/post-receive-email
+        creates="{{ prefix }}{{ item }}{{ chained }}/post-receive-email"
-    with_items: ${repos}
+    with_items: "{{ repos }}"
  - name: symlink the fedmsg hook into the chained dir
    file: >
-        path=${prefix}${item}${chained}/post-receive-fedmsg
+        path="{{ prefix }}{{ item }}{{ chained }}/post-receive-fedmsg"
-        src=${fedmsg_hook}
+        src={{ fedmsg_hook }}
        state=link
-    with_items: ${repos}
+    with_items: "{{ repos }}"
  - name: symlink in the chained hook redirector
    file: >
-        path=${prefix}${item}/hooks/post-receive
+        path="{{ prefix }}{{ item }}/hooks/post-receive"
-        src=${chained_hook}
+        src={{ chained_hook }}
        state=link
-    with_items: ${repos}
+    with_items: "{{ repos }}"
--- a/playbooks/groups/arm-packager.yml
+++ b/playbooks/groups/arm-packager.yml
@ -8,8 +8,8 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -19,11 +19,11 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/arm-qa.yml
+++ b/playbooks/groups/arm-qa.yml
@ -8,8 +8,8 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -19,11 +19,11 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/arm-releng.yml
+++ b/playbooks/groups/arm-releng.yml
@ -8,8 +8,8 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -20,12 +20,12 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/common_scripts.yml
+  - include: "{{ tasks }}/common_scripts.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/koji/releng_config.yml
+  - include: "{{ tasks }}/koji/releng_config.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/backup-server.yml
+++ b/playbooks/groups/backup-server.yml
@ -11,8 +11,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -22,13 +22,13 @@
  - /srv/web/infra/ansible/roles/fas_client
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/mysql_server.yml
+  - include: "{{ tasks }}/mysql_server.yml"
-  - include: $tasks/rdiff_backup_server.yml
+  - include: "{{ tasks }}/rdiff_backup_server.yml"
  - name: Create GNOME backup user
    user: name=gnomebackup state=present home=/fedora_backups/gnome/ createhome=yes shell=/sbin/nologin
@ -40,10 +40,10 @@
    copy: src=$files/gnome/ssh_config dest=/usr/local/etc/gnome_ssh_config mode=0600 owner=gnomebackup
  - name: Install GNOME backup key
-    copy: src=${private}/files/gnome/backup_id.rsa dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup
+    copy: src="{{ private }}/files/gnome/backup_id.rsa" dest=/usr/local/etc/gnome_backup_id.rsa mode=0600 owner=gnomebackup
  - name: Install GNOME backup script
-    copy: src=$files/gnome/backup.sh dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup
+    copy: src="{{ files }}/gnome/backup.sh" dest=/usr/local/bin/gnome_backup mode=0700 owner=gnomebackup
  - name: Schedule the GNOME backup script
    cron: name="Backup" hour=5 minute=0 job="(cd /fedora_backups/gnome/; /usr/local/bin/lock-wrapper gnomebackup /usr/local/bin/gnome_backup)" user=gnomebackup
@ -77,4 +77,4 @@
    - expander.gnome.org
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/badges-backend.yml
+++ b/playbooks/groups/badges-backend.yml
@ -10,15 +10,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: dole out the generic configuration
  hosts: badges-backend;badges-backend-stg
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -40,16 +40,16 @@
  - /srv/web/infra/ansible/roles/fedmsg_base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
    when: env != "staging"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: dole out the service-specific config
  hosts: badges-backend;badges-backend-stg
@ -63,5 +63,5 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
--- a/playbooks/groups/badges-web.yml
+++ b/playbooks/groups/badges-web.yml
@ -10,15 +10,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: badges-web;badges-web-stg
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -41,15 +41,15 @@
  - /srv/web/infra/ansible/roles/fedmsg_base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
    when: env != "staging"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/mod_wsgi.yml
+  - include: "{{ tasks }}/mod_wsgi.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/beaker.yml
+++ b/playbooks/groups/beaker.yml
@ -9,14 +9,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: beaker
@ -25,8 +25,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -37,12 +37,12 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/bkernel.yml
+++ b/playbooks/groups/bkernel.yml
@ -9,19 +9,19 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
  tasks:
-  - include: $tasks/koji/base_builder.yml
+  - include: "{{ tasks }}/koji/base_builder.yml"
-  - include: $tasks/koji/builder_kernel_config.yml
+  - include: "{{ tasks }}/koji/builder_kernel_config.yml"
-  - include: $tasks/koji/bkernel-setup.yml
+  - include: "{{ tasks }}/koji/bkernel-setup.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
  - name: restart kojid
    action: service name=kojid state=restarted
--- a/playbooks/groups/buildhw.yml
+++ b/playbooks/groups/buildhw.yml
@ -9,19 +9,19 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
  tasks:
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/koji/base_builder.yml
+  - include: "{{ tasks }}/koji/base_builder.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
  - name: restart kojid
    action: service name=kojid state=restarted
@ -35,18 +35,18 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/koji/builder_kernel_config.yml
+  - include: "{{ tasks }}/koji/builder_kernel_config.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
  - name: restart kojid
    action: service name=kojid state=restarted
--- a/playbooks/groups/buildvm.yml
+++ b/playbooks/groups/buildvm.yml
@ -11,14 +11,14 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make koji builder(s)
  hosts: buildvm
@ -28,19 +28,19 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/koji/base_builder.yml
+  - include: "{{ tasks }}/koji/base_builder.yml"
-  - include: $tasks/koji/builder_kernel_config.yml
+  - include: "{{ tasks }}/koji/builder_kernel_config.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
  - name: restart kojid
    action: service name=kojid state=restarted
--- a/playbooks/groups/docs-backend.yml
+++ b/playbooks/groups/docs-backend.yml
@ -5,14 +5,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: docs-backend
@ -21,8 +21,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -34,12 +34,12 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/fedocal.yml
+++ b/playbooks/groups/fedocal.yml
@ -10,15 +10,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: fedocal-stg;fedocal
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -39,18 +39,18 @@
  - /srv/web/infra/ansible/roles/fas_client
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
    when: env != "staging"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/mod_wsgi.yml
+  - include: "{{ tasks }}/mod_wsgi.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: set up fedmsg
  hosts: fedocal-stg;fedocal
@ -60,14 +60,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/fedmsg_base
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: deploy fedocal itself
  hosts: fedocal-stg;fedocal
@ -77,11 +77,11 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/fedocal
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/gallery.yml
+++ b/playbooks/groups/gallery.yml
@ -11,14 +11,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: gallery-stg
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -40,15 +40,15 @@
  - /srv/web/infra/ansible/roles/fedmsg_base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: deploy gallery itself
  hosts: gallery-stg
@ -58,11 +58,11 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/gallery
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/jenkins-cloud.yml
+++ b/playbooks/groups/jenkins-cloud.yml
@ -7,11 +7,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision master
  hosts: 209.132.184.153
@ -22,8 +22,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  vars:
   - resolvconf: resolv.conf/jenkins-cloud
@ -31,7 +31,7 @@
   - /srv/web/infra/ansible/roles/base
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  - name: make the jenkins path
    action: file state=directory path=/var/lib/jenkins
@ -40,14 +40,14 @@
    action: mount name=/var/lib/jenkins src='LABEL=jenkins' fstype=ext4 state=mounted
  - name: poke firewall holes
-    action: command lokkit $item
+    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
    - --service=http
  - name: install pkgs for jenkins
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    with_items:
    - vim
    - dejavu-s\*
@ -60,7 +60,7 @@
    - packages
  - name: add jenkins proxy config file for apache
-    action: copy src=$files/jenkins/master/jenkins-apache.conf dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
+    action: copy src="{{ files }}/jenkins/master/jenkins-apache.conf" dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
    notify:
    - restart httpd
    tags:
@ -70,24 +70,24 @@
    action: service name=httpd state=running enabled=true
  - name: add jenkins upstream repo 
-    action: copy src=$files/jenkins/master/jenkins.repo dest=/etc/yum.repos.d/jenkins.repo  owner=root group=root
+    action: copy src="{{ files }}/jenkins/master/jenkins.repo" dest=/etc/yum.repos.d/jenkins.repo  owner=root group=root
    tags:
     - config
  - name: import jenkins upstream gpg key
-    action: copy src=$files/jenkins/master/jenkins-ci.org.key dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
+    action: copy src="{{ files }}/jenkins/master/jenkins-ci.org.key" dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
    tags:
     - config
  - name: install pkgs for jenkins
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    with_items:
    - jenkins
    tags:
    - packages
  - name: set the hostname to jenkins-osversion
-    action: command hostname jenkins-master-${dist_tag}
+    action: command hostname jenkins-master-{{ dist_tag }}
    tags:
    - config
@ -101,19 +101,19 @@
    action: file state=directory path=/var/lib/jenkins/plugins/ owner=jenkins group=jenkins
  - name: import jenkins plugins
-    action: copy src=$item owner=jenkins group=jenkins dest=/var/lib/jenkins/plugins/
+    action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/plugins/
-    with_fileglob: $files/jenkins/master/plugins/*.hpi
+    with_fileglob: "{{ files }}/jenkins/master/plugins/*.hpi"
    tags:
     - config
  - name: import jenkins configuration files
-    action: copy src=$item owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
+    action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
-    with_fileglob: $files/jenkins/master/*.xml
+    with_fileglob: "{{ files }}/jenkins/master/*.xml"
    tags:
     - config
  - name: add jenkins ssh priv key so it can connect to clients
-    action: copy src=$private/files/jenkins/ssh/jenkins_master dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
+    action: copy src="{{ private }}/files/jenkins/ssh/jenkins_master" dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
    tags:
    - config
@ -126,13 +126,13 @@
    poll: 20
  - name: jenkins hotfix big file
-    copy: src=$item dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
+    copy: src={{ item }} dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
-    with_fileglob: $bigfiles/hotfixes/jenkins/openid/*.jar
+    with_fileglob: "{{ bigfiles }}/hotfixes/jenkins/openid/*.jar"
    notify: 
      - restart jenkins
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 ###################################################
 # jenkins slaves
@ -146,14 +146,14 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  vars:
   - keypair: fedora-admin-20130801
   - security_group: default
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision workers
  hosts: jenkins-slaves
@ -164,21 +164,21 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  - name: add jenkins repos
-    action: copy src=$item dest=/etc/yum.repos.d/ owner=root group=root
+    action: copy src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root
-    with_fileglob: $files/jenkins/slaves/*.repo
+    with_fileglob: "{{ files }}/jenkins/slaves/*.repo"
    tags:
    - config
    - packages
  - name: install pkgs for jenkins
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    with_items:
    - vim
    - java-1.7.0-openjdk
@ -219,7 +219,7 @@
    - packages
  - name: install pkgs for jenkins for fedora systems
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    #when: is_fedora == 'True'
    with_items:
    - python3
@ -303,7 +303,7 @@
  - name: copy android SDK
    when: is_fedora == 'True'
-    action: copy src=$bigfiles/jenkins/android-sdk-with-platform-17.tar.gz dest=/var/android/ owner=jenkins_slave group=jenkins_slave
+    action: copy src="{{ bigfiles }}/jenkins/android-sdk-with-platform-17.tar.gz" dest=/var/android/ owner=jenkins_slave group=jenkins_slave
  - name: extract android SDK
    when: is_fedora == 'True'
@ -314,7 +314,7 @@
    action: file state=absent path=/var/android/android-sdk-with-platform-17.tar.gz
  - name: set the hostname to jenkins-osversion
-    action: command hostname jenkins-${dist_tag}
+    action: command hostname jenkins-{{ dist_tag }}
    tags:
    - config
@ -326,21 +326,21 @@
  - name: setup jenkins_slave ssh key
    action: authorized_key user=jenkins_slave key="{{ item }}"
    with_file:
-    - $private/files/jenkins/ssh/jenkins_master.pub
+    - "{{ private }}/files/jenkins/ssh/jenkins_master.pub"
  - name: jenkins_slave to mock group
    action: user name=jenkins_slave groups=mock
  - name: add .gitconfig for jenkins_slave user
-    action: copy src=$files/jenkins/gitconfig dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
+    action: copy src="{{ files }}/jenkins/gitconfig" dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
    tags:
     - config
  - name: template sshd_config
-    action: copy src=$item dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
+    action: copy src={{ item }} dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
    first_available_file:
-      - $files/jenkins/sshd_config_slave.$ansible_distribution
+      - "{{ files }}/jenkins/sshd_config_slave.{{ ansible_distribution }}"
-      - $files/jenkins/sshd_config_slave
+      - "{{ files }}/jenkins/sshd_config_slave"
    notify:
    - restart sshd
    tags:
@ -350,5 +350,5 @@
    action: file state=directory path=/mnt/jenkins owner=jenkins_slave group=jenkins_slave
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/kernel-qa.yml
+++ b/playbooks/groups/kernel-qa.yml
@ -9,8 +9,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -21,15 +21,15 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/keyserver.yml
+++ b/playbooks/groups/keyserver.yml
@ -11,14 +11,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: keys01.fedoraproject.org
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -40,14 +40,14 @@
  - /srv/web/infra/ansible/roles/fedmsg_base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/keyserver.yml
+  - include: "{{ tasks }}/keyserver.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/koji-hub.yml
+++ b/playbooks/groups/koji-hub.yml
@ -9,14 +9,14 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 # Once the instance exists, configure it. 
@ -27,8 +27,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -39,12 +39,12 @@
  - /srv/web/infra/ansible/roles/koji_hub
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@ -10,15 +10,15 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: mailman-stg
@ -28,8 +28,8 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -41,17 +41,17 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/mod_wsgi.yml
+  - include: "{{ tasks }}/mod_wsgi.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 # Database setup
@ -62,23 +62,23 @@
  sudo_user: postgres
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
    # mailman auto-updates its schema, there can only be one admin user
    - name: mailman DB user
-      postgresql_user: name=mailmanadmin password=$mailman_mm_db_pass
+      postgresql_user: name=mailmanadmin password={{ mailman_mm_db_pass }}
    - name: hyperkitty DB admin user
-      postgresql_user: name=hyperkittyadmin password=$mailman_hk_admin_db_pass
+      postgresql_user: name=hyperkittyadmin password={{ mailman_hk_admin_db_pass }}
    - name: hyperkitty DB user
-      postgresql_user: name=hyperkittyapp password=$mailman_hk_db_pass
+      postgresql_user: name=hyperkittyapp password={{ mailman_hk_db_pass }}
    - name: kittystore DB admin user
-      postgresql_user: name=kittystoreadmin password=$mailman_ks_admin_db_pass
+      postgresql_user: name=kittystoreadmin password={{ mailman_ks_admin_db_pass }}
    - name: kittystore DB user
-      postgresql_user: name=kittystoreapp password=$mailman_ks_db_pass
+      postgresql_user: name=kittystoreapp password={{ mailman_ks_db_pass }}
    - name: databases creation
-      postgresql_db: name=$item owner=${item}admin encoding=UTF-8
+      postgresql_db: name={{ item }} owner="{{ item }}admin" encoding=UTF-8
      with_items:
        - mailman
        - hyperkitty
@ -93,8 +93,8 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/mailman
@ -102,7 +102,7 @@
  tasks:
  - name: install more needed packages
-    yum: pkg=$item state=installed
+    yum: pkg={{ item }} state=installed
    with_items:
    - tar
    - mailman # transition from mailman2.1
@ -114,11 +114,11 @@
  #            owner=root group=root mode=0600
  - name: start services
-    service: state=started enabled=yes name=$item
+    service: state=started enabled=yes name={{ item }}
    with_items:
    - httpd
    - mailman3
    - postfix
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/mirrorlist.yml
+++ b/playbooks/groups/mirrorlist.yml
@ -11,14 +11,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: mirrorlist
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -42,16 +42,16 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/mod_wsgi.yml
+  - include: "{{ tasks }}/mod_wsgi.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/notifs-backend.yml
+++ b/playbooks/groups/notifs-backend.yml
@ -10,15 +10,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: dole out the generic configuration
  hosts: notifs-backend;notifs-backend-stg
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -40,16 +40,16 @@
  - /srv/web/infra/ansible/roles/fedmsg_base
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
    when: env != "staging"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: dole out the service-specific config
  hosts: notifs-backend;notifs-backend-stg
@ -63,5 +63,5 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
--- a/playbooks/groups/notifs-web.yml
+++ b/playbooks/groups/notifs-web.yml
@ -10,15 +10,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: notifs-web;notifs-web-stg
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -41,15 +41,15 @@
  - /srv/web/infra/ansible/roles/notifs-frontend
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
    when: env != "staging"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/mod_wsgi.yml
+  - include: "{{ tasks }}/mod_wsgi.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/nuancier.yml
+++ b/playbooks/groups/nuancier.yml
@ -10,15 +10,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
-  - include: $tasks/accelerate_prep.yml
+  - include: "{{ tasks }}/accelerate_prep.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: nuancier;nuancier-stg
@ -28,8 +28,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -39,18 +39,18 @@
  - /srv/web/infra/ansible/roles/fas_client
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/openvpn_client.yml
+  - include: "{{ tasks }}/openvpn_client.yml"
    when: env != "staging"
-  - include: $tasks/apache.yml
+  - include: "{{ tasks }}/apache.yml"
-  - include: $tasks/mod_wsgi.yml
+  - include: "{{ tasks }}/mod_wsgi.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: set up fedmsg
  hosts: nuancier;nuancier-stg
--- a/playbooks/groups/postgresl-server.yml
+++ b/playbooks/groups/postgresl-server.yml
@ -9,14 +9,14 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 # Once the instance exists, configure it. 
@ -27,8 +27,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -39,12 +39,12 @@
  - /srv/web/infra/ansible/roles/postgresql_server
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
 - name: make koji db
  hosts: dbserver-secondary
@ -54,8 +54,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/koji_db
@ -63,4 +63,4 @@
 # TODO: add iscsi task
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/releng.yml
+++ b/playbooks/groups/releng.yml
@ -11,14 +11,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 # Once the instance exists, configure it. 
@ -30,18 +30,18 @@
  vars_files:
  - /srv/web/infra/ansible/vars/global.yml
-  - ${private}/vars.yml
+  - "{{ private }}/vars.yml"
-  - ${vars}/${ansible_distribution}.yml
+  - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
  - /srv/web/infra/ansible/roles/nagios_client
  tasks:
-  - include: $tasks/koji/releng_config.yml
+  - include: "{{ tasks }}/koji/releng_config.yml"
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/sign.yml
+++ b/playbooks/groups/sign.yml
@ -13,17 +13,17 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
  - /srv/web/infra/ansible/roles/rkhunter
  tasks:
-  - include: $tasks/serialgetty.yml
+  - include: "{{ tasks }}/serialgetty.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sign_setup.yml
+  - include: "{{ tasks }}/sign_setup.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/taskbot.yml
+++ b/playbooks/groups/taskbot.yml
@ -9,14 +9,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/virt_instance_create.yml
+  - include: "{{ tasks }}/virt_instance_create.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: make the box be real
  hosts: taskbot
@ -25,8 +25,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -38,12 +38,12 @@
  tasks:
  # this is how you include other task lists
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/groups/virthost.yml
+++ b/playbooks/groups/virthost.yml
@ -10,8 +10,8 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  roles:
  - /srv/web/infra/ansible/roles/base
@ -22,13 +22,13 @@
  - /srv/web/infra/ansible/roles/iscsi_client
  tasks:
-  - include: $tasks/hosts.yml
+  - include: "{{ tasks }}/hosts.yml"
-  - include: $tasks/yumrepos.yml
+  - include: "{{ tasks }}/yumrepos.yml"
-  - include: $tasks/2fa_client.yml
+  - include: "{{ tasks }}/2fa_client.yml"
-  - include: $tasks/motd.yml
+  - include: "{{ tasks }}/motd.yml"
-  - include: $tasks/sudo.yml
+  - include: "{{ tasks }}/sudo.yml"
-  - include: $tasks/collectd/client.yml
+  - include: "{{ tasks }}/collectd/client.yml"
-  - include: $tasks/virthost.yml
+  - include: "{{ tasks }}/virthost.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/artboard.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/artboard.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.143
@ -18,19 +18,19 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/postfix_basic.yml
+  - include: "{{ tasks }}/postfix_basic.yml"
  - name: mount up disk of persistent storage
    action: mount name=/srv/persist src='LABEL=artboard' fstype=ext4 state=mounted
  # open up ports (22, 80, 443)
  - name: poke holes in the firewall
-    action: command lokkit $item
+    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
@ -38,7 +38,7 @@
  # packages needed
  - name: add packages
-    action: yum state=present name=$item
+    action: yum state=present name={{ item }}
    with_items:
    - rsync
    - openssh-clients
@ -51,12 +51,12 @@
  # packages needed to be gone
  - name: erase packages
-    action: yum state=absent name=$item
+    action: yum state=absent name={{ item }}
    with_items:
    - cronie-anacron
  - name: artboard backup thing
-    action: copy src=$files/artboard/artboard-backup dest=/etc/cron.daily/artboard-backup mode=0755
+    action: copy src="{{ files }}/artboard/artboard-backup" dest=/etc/cron.daily/artboard-backup mode=0755
  - name: make artboard subdir 
    action: file path=/srv/persist/artboard mode=0755 state=directory
@ -65,7 +65,7 @@
    action: file state=link src=/srv/persist/artboard path=/var/www/html/artboard
  - name: add apache confs
-    action: copy src=$files/artboard/$item dest=/etc/httpd/conf.d/$item  backup=true
+    action: copy src="{{ files }}/artboard/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"  backup=true
    with_items:
    - artboard.conf
    - redirect.conf
@ -75,4 +75,4 @@
    action: service name=httpd state=started
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/blockerbugs-dev.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: blockerbugs-dev.cloud.fedoraproject.org
@ -21,14 +21,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/iptables.yml
+  - include: "{{ tasks }}/iptables.yml"
  - name: mount up blockerbugs-dev to /srv/persistent
    mount: name=/srv/persistent src='LABEL=blockerbugs-dev' fstype=ext4 state=mounted
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/copr-be-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be-dev.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: copr-be-dev.cloud.fedoraproject.org
@ -18,19 +18,19 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/iptables.yml
+  - include: "{{ tasks }}/iptables.yml"
  - name: copy copr.repo
-    action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
+    action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
  # packages needed
  - name: add packages for copr-be
-    action: yum state=present name=$item
+    action: yum state=present name= {{ item }}
    with_items:
    - copr-selinux
    - copr-backend
@ -39,7 +39,7 @@
  - name: make copr dirs
-    file: state=directory path=$item
+    file: state=directory path= {{ item }}
    with_items:
    - /var/lib/copr/jobs
    - /var/lib/copr/public_html/results
@ -49,44 +49,44 @@
    chdir: /var/lib/copr/public_html/results 
  - name: setup dirs there
-    action: file state=directory path=/home/copr/$item owner=copr group=copr mode=0700
+    action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
    with_items: 
    - cloud
    - .ssh
  - name: add copr-buildsys keys to copr user path
-    action: copy src=$item dest=/home/copr/cloud/ owner=copr group=copr mode=0600
+    action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
-    with_fileglob: $private/files/openstack/copr-copr/*
+    with_fileglob: "{{ private }}/files/openstack/copr-copr/*"
  - name: setup privkey for copr user
-    action: copy src=$private/files/copr/buildsys.priv dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
+    action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
  - name: setup copr user ssh config file
-    action: copy src=$files/copr/ssh_config dest=/home/copr/.ssh/config  owner=copr group=copr mode=600
+    action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config  owner=copr group=copr mode=600
  - name: create empty known_hosts
    action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
  - name: replace bashrc for copr user
-    action: copy src=$files/copr/copr_bashrc dest=/home/copr/.bashrc owner=copr group=copr mode=600
+    action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
  - name: auth_key so we can login to localhost as the copr user from the copr user
    action: authorized_key user=copr key="{{ item }}"
    with_file:
-    - ${files}/copr/provision/files/buildsys.pub
+    - "{{ files }}/copr/provision/files/buildsys.pub"
  - name: copy .boto file
-    action: copy src=$files/copr/boto dest=/home/copr/.boto owner=copr group=copr
+    action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
  # setup webserver
  - name: add config for copr-repo path
-    action: copy src=$files/copr/lighttpd/lighttpd.conf dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
+    action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
    notify: 
    - restart lighttpd
  # mime default to text/plain and enable dirlisting for indexes
  - name: update lighttpd configs
-    action: copy src=$files/copr/lighttpd/$item dest=/etc/lighttpd/conf.d/$item owner=root group=root mode=0644
+    action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
    with_items:
    - dirlisting.conf
    - mime.conf
@ -98,7 +98,7 @@
  # setup dirs for the ansible execution off of provisioning
  - name: dirs from provision
-    action: file state=directory path=/home/copr/provision/$item owner=copr group=copr
+    action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
    with_items:
    - action_plugins
    - library
@ -108,13 +108,12 @@
    - provision_config
  - name: put ansible.cfg for all this into /etc/ansible/ on the system
-    action: copy src=$files/copr/provision/ansible.cfg dest=/etc/ansible/ansible.cfg
+    action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
    tags:
    - provision_config
  - name: put some files into the provision subdir
-    action: copy src=$files/copr/provision/$item dest=/home/copr/provision/$item
+    action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
    with_items:
    - inventory
    - builderpb.yml
@ -123,21 +122,21 @@
    - provision_config
  - name: put files into the files subdir off of provisioning
-    action: copy src=$item dest=/home/copr/provision/files/
+    action: copy src={{ item }} dest=/home/copr/provision/files/
-    with_fileglob: $files/copr/provision/files/*
+    with_fileglob: "{{ files }}/copr/provision/files/*"
    tags:
    - provision_config
  # ansible lacks a recurse - so we need this until then
  - name: put files into the files/mock subdir off of provisioning
-    action: copy src=$item dest=/home/copr/provision/files/mock
+    action: copy src={{ item }} dest=/home/copr/provision/files/mock
-    with_fileglob: $files/copr/provision/files/mock/*
+    with_fileglob: "{{ files }}/copr/provision/files/mock/*"
    tags:
    - provision_config
  - name: copy copr-be.conf
-    action: copy src=$files/copr/copr-be.conf-dev dest=/etc/copr/copr-be.conf
+    action: copy src="{{ files }}/copr/copr-be.conf-dev" dest=/etc/copr/copr-be.conf
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.142
@ -18,16 +18,16 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  # Roles are run first, before tasks, regardless of where you place them here.
  roles:
  - /srv/web/infra/ansible/roles/fedmsg_base
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/iptables.yml
+  - include: "{{ tasks }}/iptables.yml"
  - name: prepare mount point
    action: file state=directory path=/var/lib/copr/public_html
@ -39,15 +39,15 @@
  #- name: copy copr.repo
  #  action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
-  - Set the hostname
+  - name: set the hostname
    shell: hostname copr-be.cloud.fedoraproject.org
  - name: copy .forward file
-    action: copy src=$files/copr/forward dest=/root/.forward owner=root group=root
+    action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
  # packages needed
  - name: add packages for copr-be
-    action: yum state=present name=$item
+    action: yum state=present name={{ item }}
    with_items:
    - copr-selinux
    - copr-backend
@ -57,7 +57,7 @@
  - name: make copr dirs
-    file: state=directory path=$item
+    file: state=directory path={{ item }}
    with_items:
    - /var/lib/copr/jobs
    - /var/lib/copr/public_html/results
@ -66,44 +66,44 @@
    action: command /usr/bin/umask 0000 chdir=/var/lib/copr/public_html/results
  - name: setup dirs there
-    action: file state=directory path=/home/copr/$item owner=copr group=copr mode=0700
+    action: file state=directory path="/home/copr/{{ item }}" owner=copr group=copr mode=0700
    with_items: 
    - cloud
    - .ssh
  - name: add copr-buildsys keys to copr user path
-    action: copy src=$item dest=/home/copr/cloud/ owner=copr group=copr mode=0600
+    action: copy src={{ item }} dest=/home/copr/cloud/ owner=copr group=copr mode=0600
-    with_fileglob: $private/files/openstack/copr-copr/*
+    with_fileglob: "{{ private }}/files/openstack/copr-copr/*"
  - name: setup privkey for copr user
-    action: copy src=$private/files/copr/buildsys.priv dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
+    action: copy src="{{ private }}/files/copr/buildsys.priv" dest=/home/copr/.ssh/id_rsa owner=copr group=copr mode=600
  - name: setup copr user ssh config file
-    action: copy src=$files/copr/ssh_config dest=/home/copr/.ssh/config  owner=copr group=copr mode=600
+    action: copy src="{{ files }}/copr/ssh_config" dest=/home/copr/.ssh/config  owner=copr group=copr mode=600
  - name: create empty known_hosts
    action: copy src=/dev/null dest=/home/copr/.ssh/known_hosts owner=copr group=copr mode=600
  - name: replace bashrc for copr user
-    action: copy src=$files/copr/copr_bashrc dest=/home/copr/.bashrc owner=copr group=copr mode=600
+    action: copy src="{{ files }}/copr/copr_bashrc" dest=/home/copr/.bashrc owner=copr group=copr mode=600
  - name: auth_key so we can login to localhost as the copr user from the copr user
    action: authorized_key user=copr key="{{ item }}"
    with_file:
-    - ${files}/copr/provision/files/buildsys.pub
+    - "{{ files }}/copr/provision/files/buildsys.pub"
  - name: copy .boto file
-    action: copy src=$files/copr/boto dest=/home/copr/.boto owner=copr group=copr
+    action: copy src="{{ files }}/copr/boto" dest=/home/copr/.boto owner=copr group=copr
  # setup webserver
  - name: add config for copr-repo path
-    action: copy src=$files/copr/lighttpd/lighttpd.conf dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
+    action: copy src="{{ files }}/copr/lighttpd/lighttpd.conf" dest=/etc/lighttpd/lighttpd.conf owner=root group=root mode=0644
    notify: 
    - restart lighttpd
  # mime default to text/plain and enable dirlisting for indexes
  - name: update lighttpd configs
-    action: copy src=$files/copr/lighttpd/$item dest=/etc/lighttpd/conf.d/$item owner=root group=root mode=0644
+    action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644
    with_items:
    - dirlisting.conf
    - mime.conf
@ -118,7 +118,7 @@
  # setup dirs for the ansible execution off of provisioning
  - name: dirs from provision
-    action: file state=directory path=/home/copr/provision/$item owner=copr group=copr
+    action: file state=directory path="/home/copr/provision/{{ item }}" owner=copr group=copr
    with_items:
    - action_plugins
    - library
@ -128,13 +128,13 @@
    - provision_config
  - name: put ansible.cfg for all this into /etc/ansible/ on the system
-    action: copy src=$files/copr/provision/ansible.cfg dest=/etc/ansible/ansible.cfg
+    action: copy src="{{ files }}/copr/provision/ansible.cfg" dest=/etc/ansible/ansible.cfg
    tags:
    - provision_config
  - name: put some files into the provision subdir
-    action: copy src=$files/copr/provision/$item dest=/home/copr/provision/$item
+    action: copy src="{{ files }}/copr/provision/{{ item }}" dest="/home/copr/provision/{{ item }}"
    with_items:
    - inventory
    - builderpb.yml
@ -143,20 +143,20 @@
    - provision_config
  - name: put files into the files subdir off of provisioning
-    action: copy src=$item dest=/home/copr/provision/files/
+    action: copy src={{ item }} dest=/home/copr/provision/files/
-    with_fileglob: $files/copr/provision/files/*
+    with_fileglob: "{{ files }}/copr/provision/files/*"
    tags:
    - provision_config
  # ansible lacks a recurse - so we need this until then
  - name: put files into the files/mock subdir off of provisioning
-    action: copy src=$item dest=/home/copr/provision/files/mock
+    action: copy src={{ item }} dest=/home/copr/provision/files/mock
-    with_fileglob: $files/copr/provision/files/mock/*
+    with_fileglob: "{{ files }}/copr/provision/files/mock/*"
    tags:
    - provision_config
  - name: copy copr-be.conf
-    template: src=$files/copr/copr-be.conf dest=/etc/copr/copr-be.conf  mode=640
+    template: src="{{ files }}/copr/copr-be.conf" dest=/etc/copr/copr-be.conf  mode=640
    notify:
    - restart copr-backend
    tags:
@ -164,7 +164,7 @@
  - name: fedmsg certs
    copy: >
-      src=$private/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt
+      src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.crt"
      dest=/etc/pki/fedmsg/
      mode=644
      owner=root
@ -172,7 +172,7 @@
  - name: fedmsg keys
    copy: >
-      src=$private/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key
+      src="{{ private }}/files/fedmsg-certs/keys/copr-copr-be.cloud.fedoraproject.org.key"
      dest=/etc/pki/fedmsg/
      mode=0640
      owner=root
@ -180,11 +180,11 @@
  # open up ports (22, 80, 443)
  - name: poke holes in the firewall
-    action: command lokkit $item
+    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
    - --service=http
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-fe-dev.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: copr-fe-dev.cloud.fedoraproject.org
@ -18,18 +18,18 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/iptables.yml
+  - include: "{{ tasks }}/iptables.yml"
  - name: copy copr.repo
-    action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
+    action: copy src="{{ files }}/copr/fe/yum/copr.repo" dest=/etc/yum.repos.d/copr.repo
  - name: install copr-fe pkgs
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    with_items:
    - copr-frontend
    - copr-selinux
@ -39,19 +39,19 @@
    - packages
  - name: copy apache files to conf.d
-    action: copy src=$files/copr/fe/httpd/$item dest=/etc/httpd/conf.d/$item
+    action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
    with_items:
    - coprs.conf
    - welcome.conf
  - name: copy pg_hba.conf
-    action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
+    action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
  - name: enable services
-    action: service state=running enabled=yes name=$item
+    action: service state=running enabled=yes name={{ item }}
    with_items:
    - httpd
    - postgresql
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-fe.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.144
@ -18,14 +18,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  - name: mount up disk of copr fe
    action: mount name=/srv/copr-fe src='LABEL=copr-fe' fstype=ext4 state=mounted
-  - include: $tasks/iptables.yml
+  - include: "{{ tasks }}/iptables.yml"
  - name: mount up bind mount for postgres
    action: mount src=/srv/copr-fe/pgsqldb name=/var/lib/pgsql fstype=auto opts=bind state=mounted
@ -33,14 +33,14 @@
  #- name: copy copr.repo
  #  action: copy src=$files/copr/fe/yum/copr.repo dest=/etc/yum.repos.d/copr.repo
-  - Set the hostname
+  - name: set the hostname
    shell: hostname copr-fe.cloud.fedoraproject.org
  - name: copy .forward file
-    action: copy src=$files/copr/forward dest=/root/.forward owner=root group=root
+    action: copy src="{{ files }}/copr/forward" dest=/root/.forward owner=root group=root
  - name: install copr-fe pkgs
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    with_items:
    - copr-frontend
    - copr-selinux
@ -51,35 +51,35 @@
    - packages
  - name: install copr configs
-    template: src=$files/copr/copr.conf dest=/etc/copr/copr.conf mode=600
+    template: src="{{ files }}/copr/copr.conf" dest=/etc/copr/copr.conf mode=600
    notify:
    - restart httpd
    tags:
    - config
  - name: copy apache files to conf.d
-    action: copy src=$files/copr/fe/httpd/$item dest=/etc/httpd/conf.d/$item
+    action: copy src="{{ files }}/copr/fe/httpd/{{ item }}" dest="/etc/httpd/conf.d/{{ item }}"
    with_items:
    - coprs.conf
    - welcome.conf
  - name: copy pg_hba.conf
-    action: copy src=$files/copr/fe/pg/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
+    action: copy src="{{ files }}/copr/fe/pg/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf owner=postgres group=postgres mode=0600
  # open up ports (22, 80, 443)
  - name: poke holes in the firewall
-    action: command lokkit $item
+    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
    - --service=http
  - name: enable services
-    action: service state=running enabled=yes name=$item
+    action: service state=running enabled=yes name={{ item }}
    with_items:
    - httpd
    - postgresql
    - fail2ban
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/elections-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/elections-dev.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.162
@ -18,18 +18,18 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  - name: mount up disk of persistent storage
    action: mount name=/srv/persist src='LABEL=elections' fstype=ext4 state=mounted
  # open up ports (22, 80, 443)
  - name: poke holes in the firewall
-    action: command lokkit $item
+    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
@ -37,7 +37,7 @@
  # packages needed
  - name: add packages for repo
-    action: yum state=present name=$item
+    action: yum state=present name={{ item }}
    with_items:
    - rsync
    - openssh-clients
@ -53,4 +53,4 @@
    action: service name=httpd state=started
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/fedocal.dev.fedoraproject.org.yml
+++ b/playbooks/hosts/fedocal.dev.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.147
@ -21,16 +21,16 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/postfix_basic.yml
+  - include: "{{ tasks }}/postfix_basic.yml"
  # packages needed
  - name: add packages for repo
-    action: yum state=present name=$item
+    action: yum state=present name={{ item }}
    with_items:
    - euca2ools
    - rsync
@ -38,7 +38,7 @@
    - system-config-firewall-base
  - name: install dependencies of fedocal
-    action: yum state=installed pkg=$item
+    action: yum state=installed pkg={{ item }}
    with_items:
    - mod_wsgi
    - mod_ssl
@ -61,9 +61,9 @@
  # open up tcp ports 
  - name: poke holes in the firewall
-    action: command lokkit -p '${item}:tcp'
+    action: command lokkit -p '{{ item }}:tcp'
-    with_items: $tcp_ports
+    with_items: "{{ tcp_ports }}"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/hrf.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/hrf.cloud.fedoraproject.org.yml
@ -5,10 +5,10 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
 - name: provision instance
  hosts: hrf.cloud.fedoraproject.org
@ -17,14 +17,14 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
 - name: deploy hrf
  hosts: hrf.cloud.fedoraproject.org
@ -33,12 +33,12 @@
  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
    - name: install deps
-      yum: state=present name=$item
+      yum: state=present name={{ item }}
      with_items:
        - httpd
        - python-flask
--- a/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/lists-dev.cloud.fedoraproject.org.yml
@ -5,10 +5,10 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
 - name: provisions basics onto system/setup paths
  hosts: lists-dev.cloud.fedoraproject.org
@ -17,14 +17,14 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  vars:
   - mailman_vardir: /srv/persist/mailman
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/postfix_basic.yml
+  - include: "{{ tasks }}/postfix_basic.yml"
  - name: mount up disk of persistent storage
    action: mount name=/srv/persist src='LABEL=lists-dev' fstype=ext4 state=mounted
@ -43,7 +43,7 @@
             dest=/etc/yum.repos.d/fedora-hyperkitty.repo mode=0444
  - name: install packages
-    yum: state=installed name=$item
+    yum: state=installed name={{ item }}
    with_items:
      - httpd
      - mod_ssl
@ -72,7 +72,7 @@
    command: /usr/bin/postgresql-setup initdb
             creates=/var/lib/pgsql/data/postgresql.conf
  - name: copy pg_hba.conf
-    copy: src=$files/lists-dev/pg_hba.conf dest=/var/lib/pgsql/data/pg_hba.conf
+    copy: src="{{ files }}/lists-dev/pg_hba.conf" dest=/var/lib/pgsql/data/pg_hba.conf
    notify:
      - restart postgresql
  - name: start postgresql
@ -80,7 +80,7 @@
  # open up ports (22, 80, 443, 25)
  - name: poke holes in the firewall
-    command: lokkit $item
+    command: lokkit {{ item }}
    with_items:
      - --service=ssh
      - --service=https
@ -89,12 +89,12 @@
  # packages needed to be gone
  - name: erase packages
-    action: yum state=absent name=$item
+    action: yum state=absent name={{ item }}
    with_items:
    - cronie-anacron
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
@ -105,23 +105,23 @@
  sudo_user: postgres
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  vars:
   - mailman_vardir: /srv/persist/mailman
  tasks:
    - name: mailman DB user
-      postgresql_user: name=mailman password=$lists_dev_mm_db_pass
+      postgresql_user: name=mailman password={{ lists_dev_mm_db_pass }}
    - name: hyperkitty DB user
-      postgresql_user: name=hyperkitty password=$lists_dev_hk_db_pass
+      postgresql_user: name=hyperkitty password={{ lists_dev_hk_db_pass }}
    - name: kittystore DB user
-      postgresql_user: name=kittystore password=$lists_dev_ks_db_pass
+      postgresql_user: name=kittystore password={{ lists_dev_ks_db_pass }}
    - name: postorius DB user
-      postgresql_user: name=postorius password=$lists_dev_ps_db_pass
+      postgresql_user: name=postorius password={{ lists_dev_ps_db_pass }}
    - name: databases creation
-      postgresql_db: name=$item owner=$item encoding=UTF-8
+      postgresql_db: name={{ item }} owner={{ item }} encoding=UTF-8
      with_items:
        - mailman
        - hyperkitty
@ -133,8 +133,8 @@
  gather_facts: no
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  vars:
   - mailman_vardir: /srv/persist/mailman
@ -147,12 +147,12 @@
        - restart mailman
    - name: set the mailman conffile
-      template: src=$files/lists-dev/mailman.cfg.j2 dest=/etc/mailman.cfg
+      template: src="{{ files }}/lists-dev/mailman.cfg.j2" dest=/etc/mailman.cfg
      notify:
        - restart mailman
    - name: install kittystore and hyperkitty
-      yum: state=installed name=$item
+      yum: state=installed name={{ item }}
      with_items:
        - kittystore
        - hyperkitty
@ -169,13 +169,13 @@
      file: path=/var/log/hyperkitty/hyperkitty.log state=file
            owner=root group=apache mode=664
    - name: hyperkitty logging -- rotation
-      copy: src=$files/lists-dev/hyperkitty.logrotate.conf
+      copy: src="{{ files }}/lists-dev/hyperkitty.logrotate.conf"
            dest=/etc/logrotate.d/hyperkitty
    # settings / conf
    - name: install the hyperkitty/postorius settings file
-      template: src=$files/lists-dev/$item.settings_local.py.j2
+      template: src="{{ files }}/lists-dev/{{ item.settings_local.py.j2 }}"
-                dest=/etc/$item/sites/default/settings_local.py
+                dest="/etc/{{ item }}/sites/default/settings_local.py"
                owner=root group=apache mode=0640
      with_items:
        - hyperkitty
@ -185,8 +185,8 @@
        - restart mailman
    - name: install the hyperkitty/postorius urls file
-      copy: src=$files/lists-dev/$item.urls.py
+      copy: src="files/lists-dev/{{ item }}.urls.py"
-            dest=/etc/$item/sites/default/urls.py
+            dest="/etc/{{ item }}/sites/default/urls.py"
            owner=root group=root mode=0644
      with_items:
        - hyperkitty
@ -196,8 +196,8 @@
        - restart mailman
    - name: install the hyperkitty/postorius httpd conf file
-      copy: src=$files/lists-dev/$item.apache.conf
+      copy: src="{{ files }}/lists-dev/{{ item }}.apache.conf"
-            dest=/etc/httpd/conf.d/$item.conf
+            dest="/etc/httpd/conf.d/{{ item }}.conf"
      with_items:
        - hyperkitty
        - postorius
@ -205,22 +205,22 @@
        - reload apache
    - name: set the hyperkitty conffile in mailman
-      copy: src=$files/lists-dev/hyperkitty.cfg dest=/etc/mailman.d/hyperkitty.cfg
+      copy: src="{{ files }}/lists-dev/hyperkitty.cfg" dest=/etc/mailman.d/hyperkitty.cfg
      notify:
        - restart mailman
    - name: set the postfix conffile
-      template: src=$files/lists-dev/postfix-main.cf.j2 dest=/etc/postfix/main.cf
+      template: src="{{ files }}/lists-dev/postfix-main.cf.j2" dest=/etc/postfix/main.cf
      notify:
        - restart postfix
    - name: set the mail aliases
-      copy: src=$files/lists-dev/aliases dest=/etc/aliases
+      copy: src="{{ files }}/lists-dev/aliases" dest=/etc/aliases
      notify:
        - reload aliases
    - name: easy access to the postgresql databases
-      template: src=$files/lists-dev/pgpass.j2 dest=/root/.pgpass
+      template: src="{{ files }}/lists-dev/pgpass.j2" dest=/root/.pgpass
                owner=root group=root mode=0600
@ -231,17 +231,17 @@
    # so no matter when it is run the right thing happens
    - name: run django syncdb
-      command: /usr/bin/django-admin syncdb --pythonpath=/etc/$item/sites/default --settings=settings
+      command: /usr/bin/django-admin syncdb --pythonpath="/etc/{{ item }}/sites/default" --settings=settings
      with_items:
        - hyperkitty
        - postorius
    - name: run django migrate
      command: /usr/bin/django-admin migrate --pythonpath=/etc/hyperkitty/sites/default --settings=settings hyperkitty
    - name: kittystore schema update
-      command: /usr/bin/kittystore-updatedb -s postgres://kittystore:${lists_dev_ks_db_pass}@localhost/kittystore
+      command: /usr/bin/kittystore-updatedb -s postgres://kittystore:{{ lists_dev_ks_db_pass }}@localhost/kittystore
    - name: copy the initial user fixture
-      copy: src=$files/lists-dev/postorius.initial-user.json
+      copy: src="{{ files }}/lists-dev/postorius.initial-user.json"
            dest=/etc/postorius/sites/default/initial-user.json
            owner=root group=apache mode=0640
@ -249,11 +249,11 @@
      command: /usr/bin/django-admin loaddata --pythonpath=/etc/postorius/sites/default --settings=settings /etc/postorius/sites/default/initial-user.json
    - name: html index
-      copy: src=$files/lists-dev/index.html dest=/var/www/html/index.html
+      copy: src="{{ files }}/lists-dev/index.html" dest=/var/www/html/index.html
    # Start services
    - name: start services
-      service: state=started enabled=yes name=$item
+      service: state=started enabled=yes name={{ item }}
      with_items:
        - httpd
        - postgresql
@ -262,6 +262,6 @@
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
  - name: reload aliases
    command: newaliases 
--- a/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/logstash-dev.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.146
@ -18,15 +18,15 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  # packages needed
  - name: add packages for repo
-    action: yum state=present name=$item
+    action: yum state=present name={{ item }}
    with_items:
    - rsync
    - openssh-clients
@ -41,4 +41,4 @@
    - mount_disk
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/shogun-ca.cloud.fedoraproject.org.yml
@ -5,11 +5,11 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
  tasks:
-  - include: $tasks/persistent_cloud.yml
+  - include: "{{ tasks }}/persistent_cloud.yml"
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
 - name: provision instance
  hosts: 209.132.184.157
@ -18,12 +18,12 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
-  - include: $tasks/postfix_basic.yml
+  - include: "{{ tasks }}/postfix_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/rdiff-backup.yml
+++ b/playbooks/rdiff-backup.yml
@ -20,11 +20,11 @@
  tasks:
  - name: run rdiff-backup hitting all the global targets
-    local_action: "shell rdiff-backup --create-full-path --print-statistics ${inventory_hostname}::${item} /fedora_backups/${inventory_hostname}/`basename ${item}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: ${inventory_hostname}:${item}' sysadmin-backup-members@fedoraproject.org"
+    local_action: "shell rdiff-backup --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org"
-    with_items: $global_backup_targets
+    with_items: global_backup_targets
    when: global_backup_targets is defined
  - name: run rdiff-backup hitting all the host targets
-    local_action: "shell rdiff-backup --exclude='**.snapshot' --create-full-path --print-statistics ${inventory_hostname}::${item} /fedora_backups/${inventory_hostname}/`basename ${item}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: ${inventory_hostname}:${item}' sysadmin-backup-members@fedoraproject.org"
+    local_action: "shell rdiff-backup --exclude='**.snapshot' --create-full-path --print-statistics {{ inventory_hostname }}::{{ item }} /fedora_backups/{{ inventory_hostname }}/`basename {{ item }}` | mail -r sysadmin-backup-members@fedoraproject.org -s 'rdiff-backup: {{ inventory_hostname }}:{{ item }}' sysadmin-backup-members@fedoraproject.org"
-    with_items: $host_backup_targets
+    with_items: host_backup_targets
    when: host_backup_targets is defined
--- a/playbooks/rkhunter_update.yml
+++ b/playbooks/rkhunter_update.yml
@ -1,15 +1,15 @@
 # requires --extra-vars="target='host1;host2;group etc' yumcommand=update'"
 - name: update all run rkhunter if installed
-  hosts: $target
+  hosts: "{{ target }}"
  user: root
  tasks:
  - name: expire-caches
    command: yum clean expire-cache
-  - name: yum -y ${yumcommand}
+  - name: yum -y {{ yumcommand }}
-    command: yum -y ${yumcommand}
+    command: yum -y {{ yumcommand }}
    async: 7200
    poll: 15
--- a/playbooks/set_root_auth_keys.yml
+++ b/playbooks/set_root_auth_keys.yml
@ -1,13 +1,13 @@
 # optionally can take --extra-vars="hostbase=hostnamebase root_auth_users='user1 user2 user3'"
 - name: set auth keys
-  hosts: $target
+  hosts: "{{ target }}"
  user: root
  gather_facts: False
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  vars:
   - root_auth_users: ''
@ -15,6 +15,6 @@
   - name: add root keys for sysadmin-main and other allowed users
     action: authorized_key user=root key="{{ item }}"
     with_pipe:
-     - "${auth_keys_from_fas} @sysadmin-main ${root_auth_users}"
+     - "{{ auth_keys_from_fas }} @sysadmin-main {{ root_auth_users }}"
--- a/playbooks/sign_and_import.yml
+++ b/playbooks/sign_and_import.yml
@ -27,10 +27,10 @@
  # TODO -- I'd also like to fail if there are no *.rpm files in there.
  - name: sign all the rpms with our gpg key
-    shell: /bin/rpm --resign ${rpmdir}/*.rpm
+    shell: /bin/rpm --resign "{{ rpmdir }}/*.rpm"
  - name: make a directory where we store the rpms afterwards
-    file: path=${rpmdir}-old state=directory
+    file: path={{ rpmdir }}-old state=directory
--- a/playbooks/transient_post_provision.yml
+++ b/playbooks/transient_post_provision.yml
@ -5,7 +5,7 @@
  tasks:
  - name: add it to the special group
-    local_action: add_host hostname=$target groupname=tmp_just_created
+    local_action: add_host hostname={{ target }} groupname=tmp_just_created
 - name: provision instance
  hosts: tmp_just_created
@ -14,12 +14,12 @@
  vars_files: 
   - /srv/web/infra/ansible/vars/global.yml
-   - ${private}/vars.yml
+   - "{{ private }}/vars.yml"
-   - ${vars}/${ansible_distribution}.yml
+   - "{{ vars }}/{{ ansible_distribution }}.yml"
  tasks:
-  - include: $tasks/growroot_cloud.yml
+  - include: "{{ tasks }}/growroot_cloud.yml"
-  - include: $tasks/cloud_setup_basic.yml
+  - include: "{{ tasks }}/cloud_setup_basic.yml"
  handlers:
-  - include: $handlers/restart_services.yml
+  - include: "{{ handlers }}/restart_services.yml"
--- a/playbooks/update_packages.yml
+++ b/playbooks/update_packages.yml
@ -6,7 +6,7 @@
 # TODO -- how do make it easy to select the infra-testing repo?
 - name: push packages out
-  hosts: $target
+  hosts: "{{ target }}"
  user: root
  tasks:
@ -14,5 +14,5 @@
  - name: expire-caches
    command: yum clean expire-cache
-  - name: yum update ${package}
+  - name: yum update {{ package }}
-    yum: name=${package} state=latest
+    yum: name={{ package }} state=latest
--- a/playbooks/vhost_halt_guests.yml
+++ b/playbooks/vhost_halt_guests.yml
@ -20,7 +20,7 @@
 - name: find instances
-  hosts: $vhost
+  hosts: "{{ vhost }}"
  user: root
  tasks:
@ -29,8 +29,8 @@
    register: vmlist
  - name: add them to myvms_new group
-    local_action: add_host hostname=$item groupname=myvms_new
+    local_action: add_host hostname={{ item }} groupname=myvms_new
-    with_items: ${vmlist.list_vms}
+    with_items: "{{ vmlist.list_vms }}"
 - name: halt instances
@ -40,7 +40,7 @@
  tasks:
  - name: tell nagios to shush
-    action: nagios action=silence host=${inventory_hostname_short}
+    action: nagios action=silence host={{ inventory_hostname_short }}
    delegate_to: noc01.phx2.fedoraproject.org
  - name: echo-y
@ -49,4 +49,4 @@
    # if one of them is down we don't care
  - name: wait for them to die
-    local_action: wait_for port=22 delay=30 timeout=300 state=stopped host=${inventory_hostname}
+    local_action: wait_for port=22 delay=30 timeout=300 state=stopped host={{ inventory_hostname }}
--- a/roles/badges-backend/tasks/main.yml
+++ b/roles/badges-backend/tasks/main.yml
@ -2,7 +2,7 @@
 # Configuration for the fedbadges consumer
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - python-fedbadges
  - python-psycopg2
@ -12,7 +12,7 @@
 - name: copy database configuration
  template: >
-    src=$item dest=/etc/fedmsg.d/$item
+    src={{ item }} dest="/etc/fedmsg.d/{{ item }}"
    owner=fedmsg group=fedmsg mode=0600
  with_items:
  - datanommer.py
@ -45,7 +45,7 @@
 - name: copy over all our badge definitions
  copy: >
-    src=$item
+    src={{ item }}
    dest=/usr/share/badges/rules/
    owner=fedmsg group=fedmsg mode=0644
  with_fileglob:
@ -71,7 +71,7 @@
 - name: ensure badges cron directories exist
  file: >
    state=directory
-    path=$item
+    path={{ item }}
    mode=755
    owner=root
  when: env != "staging"
@ -84,8 +84,8 @@
 - name: oldschool badge award scripts
  copy: >
-    src=cron/$item
+    src="cron/{{ item }}"
-    dest=/usr/share/badges/cronjobs/$item
+    dest="/usr/share/badges/cronjobs/{{ item }}"
    owner=fedmsg
    mode=744
  when: env != "staging"
@ -100,8 +100,8 @@
 - name: oldschool badge award cronjobs
  copy: >
-    src=cron/$item.cron
+    src="cron/{{ item }}.cron"
-    dest=/etc/cron.d/$item
+    dest="/etc/cron.d/{{ item }}"
    owner=root
    mode=644
  when: env != "staging"
@ -135,8 +135,8 @@
 - name: copy over the badge-admin one-off scripts
  copy: >
-    src=$item
+    src={{ item }}
-    dest=/usr/local/bin/$item
+    dest="/usr/local/bin/{{ item }}"
    owner=root
    group=sysadmin-badges
    mode=750
--- a/roles/badges-frontend/tasks/main.yml
+++ b/roles/badges-frontend/tasks/main.yml
@ -2,7 +2,7 @@
 # Configuration for the tahrir webapp
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - python-tahrir
  - python-psycopg2
@ -15,7 +15,7 @@
 - name: copy tahrir app configuration
  template: >
-    src=$item dest=/etc/tahrir/$item
+    src={{ item }} dest="/etc/tahrir/{{ item }}"
    owner=tahrir group=tahrir mode=0600
  with_items:
  - tahrir.ini
@ -26,7 +26,7 @@
 - name: copy tahrir wsgi script
  copy: >
-    src=$item dest=/usr/share/tahrir/$item
+    src={{ item }} dest="/usr/share/tahrir/{{ item }}"
    owner=apache group=apache mode=0644
  with_items:
  - tahrir.wsgi
@ -37,7 +37,7 @@
 - name: copy tahrir httpd config
  copy: >
-    src=$item dest=/etc/httpd/conf.d/$item
+    src={{ item }} dest="/etc/httpd/conf.d/{{ item }}"
    owner=apache group=apache mode=0644
  with_items:
  - tahrir.conf
@ -67,7 +67,7 @@
 - name: copy over all our .rst site docs
  copy: >
-    src=$item
+    src={{ item }}
    dest=/usr/share/badges/sitedocs
    owner=root group=root mode=0644
  with_fileglob:
@ -86,7 +86,7 @@
 - name: copy over all our badge images
  copy: >
-    src=$item
+    src={{ item }}
    dest=/usr/share/badges/pngs/
    owner=root group=root mode=0644
  with_fileglob:
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@ -13,7 +13,7 @@
 - name: sshd_config 
  copy: src={{ item }} dest=/etc/ssh/sshd_config mode=600
  first_available_file:
-    - ${sshd_config}
+    - "{{ sshd_config }}"
    - ssh/sshd_config.{{ ansible_fqdn }}
    - ssh/sshd_config.{{ host_group }}
    - ssh/sshd_config.{{ dist_tag }}
@ -73,7 +73,7 @@
 - name: iptables
  template: src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
  first_available_file:
-    - $iptables
+    - "{{  iptables }}"
    - iptables/iptables.{{ ansible_fqdn }}
    - iptables/iptables.{{ host_group }}
    - iptables/iptables.{{ env }}
@ -88,7 +88,7 @@
 - name: /etc/resolv.conf
  copy: src={{ item }} dest=/etc/resolv.conf
  first_available_file:
-  - ${resolvconf}
+  - "{{ resolvconf }}"
  - resolv.conf/{{ ansible_fqdn }}
  - resolv.conf/{{ host_group }}
  - resolv.conf/{{ datacenter }}
@ -100,7 +100,7 @@
 - name: rsyslog.conf
  copy: src={{ item }} dest=/etc/rsyslog.conf mode=644
  first_available_file:
-    - $rsyslogconf
+    - "{{ rsyslogconf }}"
    - rsyslog/rsyslog.conf.{{ ansible_fqdn }}
    - rsyslog/rsyslog.conf.{{ host_group }}
    - rsyslog/rsyslog.conf.{{ datacenter }}
@ -115,7 +115,7 @@
 - name: /etc/postfix/main.cf
  copy: src={{ item }} dest=/etc/postfix/main.cf
  first_available_file:
-    - $postfix_maincf
+    - "{{ postfix_maincf }}"
    - postfix/main.cf.{{ ansible_fqdn }}
    - postfix/main.cf.{{ host_group }}
    - postfix/main.cf.{{ postfix_group }}
@ -137,7 +137,7 @@
 #
 - name: Install common scripts
-  copy: src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
+  copy: src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
  with_fileglob: common-scripts/*
  tags:
  - config
--- a/roles/fas_client/tasks/main.yml
+++ b/roles/fas_client/tasks/main.yml
@ -9,7 +9,7 @@
 # nss_db is needed to store user/group info.
 #
 - name: install package needed for fas-client
-  yum: state=installed name=$item
+  yum: state=installed name={{ item }}
  with_items:
  - fas-clients
  - cronie
@ -18,7 +18,7 @@
 - name: hotfix - python-fedora proxyclient.py 
  copy: >
-    src=$files/hotfix/python-fedora/proxyclient.py
+    src="{{ files }}/hotfix/python-fedora/proxyclient.py"
    dest=/usr/lib/python2.6/site-packages/fedora/client/proxyclient.py
    owner=root mode=644
  when: is_rhel == 'True'
@ -54,11 +54,11 @@
 # Currently the default template is used, but could be modified on a host basis. 
 #
 - name: setup /etc/fas.conf for client use
-  template: src=$item dest=/etc/fas.conf owner=root mode=600
+  template: src={{ item }} dest=/etc/fas.conf owner=root mode=600
  first_available_file:
-  - ${ansible_fqdn}.fas.conf.j2 
+  - "{{ ansible_fqdn }}.fas.conf.j2"
-  - ${ansible_hostname}.fas.conf.j2 
+  - "{{ ansible_hostname }}.fas.conf.j2"
-  - ${ansible_hostname}.fas.conf.j2 
+  - "{{ ansible_hostname }}.fas.conf.j2" 
  - fas.conf.j2
  tags:
  - config
--- a/roles/fedmsg-hub/tasks/main.yml
+++ b/roles/fedmsg-hub/tasks/main.yml
@ -2,7 +2,7 @@
 # Setup a fedmsg-hub
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - fedmsg-hub
  tags:
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@ -3,7 +3,7 @@
 # This is the base set of files needed for fedmsg
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - fedmsg
  tags:
@ -15,7 +15,7 @@
  - config
 - name: setup basic /etc/fedmsg.d/ contents
-  template: src=$item.j2 dest=/etc/fedmsg.d/$item owner=root group=root mode=644
+  template: src="{{ item }}.j2" dest="/etc/fedmsg.d/{{ item }}" owner=root group=root mode=644
  with_items:
  - ssl.py
  - endpoints.py
@ -36,7 +36,7 @@
 - name: install fedmsg ca.cert
  copy: >
-    src=$puppet_private/fedmsg-certs/keys/ca.crt
+    src="{{ puppet_private }}/fedmsg-certs/keys/ca.crt"
    dest=/etc/pki/fedmsg/ca.crt
    owner=root
    group=root
@ -46,24 +46,24 @@
 - name: fedmsg certs
  copy: >
-    src=$private/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.crt
+    src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.crt"
    dest=/etc/pki/fedmsg/
    mode=644
    owner={{item['owner']}}
    group={{item['group']}}
-  with_items: ${fedmsg_certs}
+  with_items: "{{ fedmsg_certs }}"
  when: fedmsg_certs != []
  tags:
  - config
 - name: fedmsg keys
  copy: >
-    src=$private/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.key
+    src="{{ private }}/files/fedmsg-certs/keys/{{item['service']}}-{{ansible_fqdn}}.key"
    dest=/etc/pki/fedmsg/
    mode=0640
    owner={{item['owner']}}
    group={{item['group']}}
-  with_items: ${fedmsg_certs}
+  with_items: "{{ fedmsg_certs }}"
  when: fedmsg_certs != []
  tags:
  - config
--- a/roles/fedocal/tasks/main.yml
+++ b/roles/fedocal/tasks/main.yml
@ -7,7 +7,7 @@
  - packages
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - fedocal
  - python-psycopg2
--- a/roles/gallery/tasks/main.yml
+++ b/roles/gallery/tasks/main.yml
@ -7,7 +7,7 @@
  - packages
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - gallery3
  - gallery3-openid
--- a/roles/geoip/tasks/main.yml
+++ b/roles/geoip/tasks/main.yml
@ -6,8 +6,8 @@
  - packages
 - name: push over the geoip db once
-  copy: src=$item dest=/usr/share/GeoIP/
+  copy: src={{ item }} dest=/usr/share/GeoIP/
-  with_fileglob: $bigfiles/geoip/*.dat
+  with_fileglob: "{{ bigfiles }}/geoip/*.dat"
 - name: geoip syncing script via cron
  copy: src=geoip_sync dest=/etc/cron.d/geoip_sync mode=0644
--- a/roles/iscsi_client/tasks/main.yml
+++ b/roles/iscsi_client/tasks/main.yml
@ -2,10 +2,9 @@
 #
 # This task sets up iscsid and mpathd on a machine. 
 #
 #
 - name: install packages needed for iscsi_client
-  yum: state=installed name=$item
+  yum: state=installed name={{ item }}
  with_items:
  - iscsi-initiator-utils
  - device-mapper-multipath
--- a/roles/koji_db/tasks/main.yml
+++ b/roles/koji_db/tasks/main.yml
@ -6,7 +6,7 @@
 # create a koji db user to own the db with the kojidatabasepassword from private
 #
 - name: koji db user
-  postgresql_user: name=koji password=$aarch64kojidatabasepassword
+  postgresql_user: name=koji password={{ aarch64kojidatabasepassword }}
  tags:
  - db
  when: is_kojidb == "True"
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@ -3,7 +3,7 @@
 # Setup koji hub server. 
 #
 - name: install koji hub server packages
-  yum: name=$item state=installed
+  yum: name={{ item }} state=installed
  with_items:
  - koji-hub
  - koji-web
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@ -35,7 +35,7 @@
 # Packages
 #
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - mailman3
  - mailman3-selinux
@ -93,11 +93,11 @@
 #
 - name: create the configuration directory
-  file: path=${mailman_webui_confdir} state=directory
+  file: path={{ mailman_webui_confdir }} state=directory
 - name: install the hyperkitty settings file
  template: src=settings.py.j2
-            dest=${mailman_webui_confdir}/settings.py
+            dest="{{ mailman_webui_confdir }}/settings.py"
            owner=root group=apache mode=0640
  tags:
  - config
@ -107,14 +107,14 @@
 - name: install the hyperkitty settings admin file
  template: src=settings_admin.py.j2
-            dest=${mailman_webui_confdir}/settings_admin.py
+            dest="{{ mailman_webui_confdir }}/settings_admin.py"
            owner=root group=root mode=0600
  tags:
  - config
 - name: install the hyperkitty urls file
  copy: src=urls.py
-        dest=${mailman_webui_confdir}/urls.py
+        dest="{{ mailman_webui_confdir }}/urls.py"
        owner=root group=root mode=0644
  tags:
  - config
@ -124,7 +124,7 @@
 - name: install the hyperkitty wsgi file
  copy: src=webui.wsgi
-        dest=${mailman_webui_confdir}/webui.wsgi
+        dest="{{ mailman_webui_confdir }/webui.wsgi"
        owner=root group=root mode=0644
  tags:
  - config
@ -133,7 +133,7 @@
 - name: install the hyperkitty/postorius dummy httpd conf file
  template: src=apache-dummy.conf.j2
-            dest=/etc/httpd/conf.d/$item.conf
+            dest=/etc/httpd/conf.d/{{ item }}.conf
  with_items:
    - hyperkitty
    - postorius
@ -151,15 +151,15 @@
    - reload apache
 - name: copy the manage.py script
-  command: /bin/cp /etc/hyperkitty/sites/default/manage.py ${mailman_webui_confdir}/manage.py
+  command: /bin/cp /etc/hyperkitty/sites/default/manage.py "{{ mailman_webui_confdir }}/manage.py"
-           creates=${mailman_webui_confdir}/manage.py
+           creates="{{ mailman_webui_confdir }}/manage.py"
 - name: create the kittystore plain text index dir
-  file: path=${mailman_webui_basedir}/kittystore_search_index
+  file: path="{{ mailman_webui_basedir }}/kittystore_search_index"
        state=directory owner=mailman group=mailman mode=0755
 - name: create the hyperkitty static files dir
-  file: path=${mailman_webui_basedir}/static
+  file: path="{{ mailman_webui_basedir }}/static"
        state=directory owner=root group=root mode=0755
 - name: install the kittystore cache cronjob
@ -172,14 +172,14 @@
 #
 - name: copy the mailman-hyperkitty conffile
  template: src=mailman-hyperkitty.cfg.j2
-            dest=${mailman_webui_confdir}/mailman-hyperkitty.cfg
+            dest="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg"
  tags:
  - config
  notify:
    - restart mailman3
 - name: symlink the hyperkitty conffile in mailman directory
-  file: src=${mailman_webui_confdir}/mailman-hyperkitty.cfg
+  file: src="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg"
        dest=/etc/mailman3.d/hyperkitty.cfg state=link
  tags:
  - config
@ -196,7 +196,7 @@
            owner=root group=root mode=0644
 - name: create the scripts dir
-  file: path=${mailman_webui_basedir}/bin
+  file: path="{{ mailman_webui_basedir }}/bin"
        state=directory owner=root group=root mode=0755
 - name: install the migration environment
@ -205,7 +205,7 @@
            owner=root group=root mode=0644
 - name: install the scripts
-  copy: src=${item} dest=${mailman_webui_basedir}/bin/${item}
+  copy: src={{ item }} dest="{{ mailman_webui_basedir }}/bin/{{ item }}"
        owner=root group=root mode=0755
  with_items:
  - yamlget
@ -224,7 +224,7 @@
  template: src=post-transaction.action.j2
            dest=/etc/yum/post-actions/hyperkitty.action
 - name: run the post-update script
-  command: ${mailman_webui_basedir}/bin/post-update.sh
+  command: "{{ mailman_webui_basedir }}/bin/post-update.sh"
 # Postfix
--- a/roles/mirrorlist/tasks/main.yml
+++ b/roles/mirrorlist/tasks/main.yml
@ -5,7 +5,7 @@
  user: name=mirrormanager uid=441 state=present home=/home/mirrormanager createhome=yes
 - name: install supervisor and mirrormanager
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - supervisor
  - mirrormanager
--- a/roles/nagios_client/tasks/main.yml
+++ b/roles/nagios_client/tasks/main.yml
@ -3,7 +3,7 @@
 ---
 # install pkgs:
 - name: install nagios client pkgs
-  yum: name=$item state=installed
+  yum: name={{ item }} state=installed
  with_items:
  - nrpe
  - nagios-plugins
@ -18,7 +18,7 @@
  - packages
 - name: install local nrpe check scripts that are not packaged
-  copy: src=scripts/$item dest={{ libdir }}/nagios/plugins/$item mode=0755 owner=nagios group=nagios
+  copy: src="scripts/{{ item }}" dest="{{ libdir }}/nagios/plugins/{{ item }}" mode=0755 owner=nagios group=nagios
  with_items:
  - check_postfix_queue
  - check_raid.py
--- a/roles/notifs-backend/tasks/main.yml
+++ b/roles/notifs-backend/tasks/main.yml
@ -2,7 +2,7 @@
 # Configuration for the notifications consumer
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - python-fmn-consumer
  - python-psycopg2
@ -10,7 +10,7 @@
 - name: copy database configuration
  template: >
-    src=$item dest=/etc/fedmsg.d/$item
+    src={{ item }} dest=/etc/fedmsg.d/{{ item }}
    owner=fedmsg group=fedmsg mode=0600
  with_items:
  - fmn.consumer.py
--- a/roles/notifs-frontend/tasks/main.yml
+++ b/roles/notifs-frontend/tasks/main.yml
@ -42,7 +42,7 @@
    state=directory
 - name: copy live docs
-  copy: src=$item dest=/usr/lib/python2.6/site-packages/fmn/web/docs
+  copy: src={{ item }} dest=/usr/lib/python2.6/site-packages/fmn/web/docs
  with_fileglob: fedora-sitedocs/*.rst
 - name: apply selinux type to static files
--- a/roles/nuancier/tasks/main.yml
+++ b/roles/nuancier/tasks/main.yml
@ -7,7 +7,7 @@
  - packages
 - name: install needed packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - nuancier-lite
  - python-psycopg2
@ -20,7 +20,7 @@
 - name: copy sundry nuancier configuration
  template: src={{ item.file }}
-            dest={{ item.location }}/{{ item.dest }}
+            dest="{{ item.location }}/{{ item.dest }}"
            owner=apache group=apache mode=0600
  with_items:
  - { file: nuancier_admin.cfg, location: /etc/nuancier, dest: nuancier-lite.cfg }
@ -49,7 +49,7 @@
 - name: replace the nuancier configuration file by the one with the normal user
  template: src={{ item.file }}
-            dest={{ item.location }}/{{ item.file }}
+            dest="{{ item.location }}/{{ item.file }}"
            owner=apache group=apache mode=0600
  with_items:
  - { file: nuancier-lite.cfg, location: /etc/nuancier }
@ -79,7 +79,7 @@
 - name: hotfix python-fedora-flask to include latest flask_fas_openid
  template: src={{ item.file }}
-            dest={{ item.location }}/{{ item.file }}
+            dest="{{ item.location }}/{{ item.file }}"
            owner=apache group=apache mode=0600
  with_items:
  - { file: flask_fas_openid.py, location: /usr/lib/python2.6/site-packages/ }
--- a/roles/postgresql_server/tasks/main.yml
+++ b/roles/postgresql_server/tasks/main.yml
@ -3,7 +3,7 @@
 # Setup postgresql server. 
 #
 - name: install postgresql server packages
-  yum: name=$item state=installed
+  yum: name={{ item }}  state=installed
  with_items:
  - postgresql-server
  - postgresql-contrib
--- a/tasks/2fa_client.yml
+++ b/tasks/2fa_client.yml
@ -5,30 +5,30 @@
  - packages
 - name: /etc/pki/tls/private/totpcgi.pem
-  copy: src=$puppet_private/2fa-certs/keys/${inventory_hostname}.pem dest=/etc/pki/tls/private/totpcgi.pem mode=0400
+  copy: src="{{ puppet_private }}/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
  tags:
  - config
 - name: /etc/pki/tls/private/totpcgi-ca.cert
-  copy: src=$puppet_private/2fa-certs/keys/ca.crt dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
+  copy: src="{{ puppet_private }}/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
  tags:
  - config
 - name: /etc/pam_url.conf - split for staging/phx2/everyone else
-  template: src=$item dest=/etc/pam_url.conf mode=0644
+  template: src={{ item }} dest=/etc/pam_url.conf mode=0644
  with_first_found:
-  - $files/2fa/pam_url.conf.${inventory_hostname}
+  - "{{ files }}/2fa/pam_url.conf.{{ inventory_hostname }}"
-  - $files/2fa/pam_url.conf.${ansible_domain}
+  - "{{ files }}/2fa/pam_url.conf.{{ ansible_domain }}"
-  - $files/2fa/pam_url.conf.j2
+  - "{{ files }}/2fa/pam_url.conf.j2"
  tags:
  - config
 - name: /etc/pam.d/sudo
-  copy: src=$item dest=/etc/pam.d/sudo mode=0644
+  copy: src={{ item }} dest=/etc/pam.d/sudo mode=0644
  with_first_found:
-  - $files/2fa/sudo.pam.${inventory_hostname}
+  - "{{ files }}/2fa/sudo.pam.{{ inventory_hostname }}"
-  - $files/2fa/sudo.pam.${ansible_domain}
+  - "{{ files }}/2fa/sudo.pam.{{ ansible_domain }}"
-  - $files/2fa/sudo.pam
+  - "{{ files }}/2fa/sudo.pam"
  tags:
  - config
--- a/tasks/accelerate_prep.yml
+++ b/tasks/accelerate_prep.yml
@ -1,6 +1,6 @@
 ---
 - name: install needed packages for accelerated mode
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - python-keyczar
  tags:
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@ -1,7 +1,7 @@
 ---
 # install apache(httpd)
 - name: install apache
-  yum: name=$item state=installed
+  yum: name={{ item }} state=installed
  with_items:
  - httpd
  - httpd-tools
@ -20,7 +20,7 @@
 # install hash randomization hotfix
 - name: hotfix - copy over new httpd init script 
-  copy: src=$files/hotfix/httpd/httpd.init dest=/etc/init.d/httpd
+  copy: src="{{ files }}/hotfix/httpd/httpd.init" dest=/etc/init.d/httpd
        owner=root group=root mode=0755
  notify:
  - restart apache
@ -30,7 +30,7 @@
  - apache
 - name: hotfix - copy over new httpd sysconfig
-  copy: src=$files/hotfix/httpd/httpd.sysconfig dest=/etc/sysconfig/httpd
+  copy: src="{{ files }}/hotfix/httpd/httpd.sysconfig" dest=/etc/sysconfig/httpd
  notify:
  - restart apache
  tags:
@ -39,7 +39,7 @@
  - apache
 - name: add appserver headers.conf
-  template: src=$files/httpd/headers.conf.j2 dest=/etc/httpd/conf.d/headers.conf
+  template: src="{{ files }}/httpd/headers.conf.j2" dest=/etc/httpd/conf.d/headers.conf
  notify:
  - restart apache
  tags: 
@ -47,7 +47,7 @@
  - apache
 - name: add apache_status location for collectd
-  template: src=$files/httpd/apachestatus.conf dest=/etc/httpd/conf.d/apachestatus.conf
+  template: src="{{ files }}/httpd/apachestatus.conf" dest=/etc/httpd/conf.d/apachestatus.conf
  notify:
  - restart apache
  tags: 
--- a/tasks/cloud_setup_basic.yml
+++ b/tasks/cloud_setup_basic.yml
@ -6,7 +6,7 @@
  - packages
 - name: ntp pkgs
-  action: yum state=installed pkg=$item
+  action: yum state=installed pkg={{ item }}
  with_items:
  - ntpdate
  - ntp
@ -22,13 +22,13 @@
  - packages
 - name: put step-tickers in place
-  action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
+  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
 - name: enable the service
  action: service name=ntpd state=running enabled=true
 - name: edit hostname to be instance name - prefix hostbase var if it exists
-  action: shell hostname  ${hostbase}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
+  action: shell hostname  {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
  tags:
  - config
@ -42,7 +42,7 @@
 - name: add root keys for sysadmin-main and other allowed users
  action: authorized_key user=root key="{{ item }}"
  with_pipe:
-  - "${auth_keys_from_fas} @sysadmin-main ${root_auth_users}"
+  - "{{ auth_keys_from_fas }} @sysadmin-main {{ root_auth_users }}"
  tags:
  - config
  ignore_errors: true
--- a/tasks/collectd/client.yml
+++ b/tasks/collectd/client.yml
@ -11,13 +11,13 @@
 # install collected.conf
 - name: /etc/collectd.conf
-  template: src=$files/collectd/collectd.conf.j2 dest=/etc/collectd.conf
+  template: src="{{ files }}/collectd/collectd.conf.j2" dest=/etc/collectd.conf
  notify:
  - restart collectd
 # install collectd-network config
 - name: /etc/collectd.d/network.conf
-  copy: src=$files/collectd/network-client.conf dest=/etc/collectd.d/network.conf
+  copy: src="{{ files }}/collectd/network-client.conf" dest=/etc/collectd.d/network.conf
  notify:
  - restart collectd
@ -26,13 +26,13 @@
  yum: state=installed name=collectd-apache
  notify:
  - restart collectd
-  when_set: $collectd_apache
+  when_set: {{ collectd_apache }}
 - name: /etc/collectd/apache.conf
-  copy: src=$files/collectd/apache.conf dest=/etc/collectd.d/apache.conf
+  copy: src="{{ files }}/collectd/apache.conf" dest=/etc/collectd.d/apache.conf
  notify:
  - restart collectd
-  when_set: $collectd_apache
+  when_set: {{ collectd_apache }}
 # each of the below should move to a separate task list
--- a/tasks/common_scripts.yml
+++ b/tasks/common_scripts.yml
@ -5,7 +5,7 @@
 #
 - name: Install common scripts
-  action: copy src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
+  action: copy src={{ item }} dest=/usr/local/bin/ owner=root group=root mode=0755
-  with_fileglob: $files/common-scripts/*
+  with_fileglob: "{{ files }}/common-scripts/*"
  tags:
  - config
--- a/tasks/growroot_cloud.yml
+++ b/tasks/growroot_cloud.yml
@ -17,13 +17,13 @@
 - name: reboot the box
  action: command /sbin/reboot
-  when: ${growpart.rc} == 0
+  when: "{{ growpart.rc }} == 0"
  ignore_errors: true
 - name: wait for it to come back (should be quick)
-  local_action: wait_for host=${inventory_hostname} port=22 delay=10 timeout=120
+  local_action: wait_for host={{ inventory_hostname }} port=22 delay=10 timeout=120
-  when: ${growpart.rc} == 0
+  when: "{{ growpart.rc }} == 0"
 - name: resize the /dev/vda 2 fs
  action: command resize2fs /dev/vda2
-  when: ${growpart.rc} == 0
+  when: "{{ growpart.rc }} == 0"
--- a/tasks/hosts.yml
+++ b/tasks/hosts.yml
@ -10,9 +10,9 @@
 # Note that if it's not set it will just skip this play and do nothing. 
 #
 - name: setup /etc/hosts for some clients
-  action: copy src=$item dest=/etc/hosts
+  action: copy src={{ item }} dest=/etc/hosts
  with_first_found:
-  - files: $files/hosts/${ansible_fqdn}-hosts $files/hosts/${ansible_hostname}-hosts $files/hosts/${ansible_domain}-hosts $files/hosts/${host_group}-hosts
+  - files: "{{ files }}/hosts/{{ ansible_fqdn }}-hosts" "{{ files }}/hosts/{{ ansible_hostname }}-hosts" "{{ files }}/hosts/{{ ansible_domain }}-hosts" "{{ files }}/hosts/{{ host_group }}-hosts"
    skip: true
  tags:
  - config
--- a/tasks/iptables.yml
+++ b/tasks/iptables.yml
@ -22,13 +22,13 @@
  - service
 - name: iptables
-  action: template src=$item dest=/etc/sysconfig/iptables mode=600 backup=yes
+  action: template src={{ item }} dest=/etc/sysconfig/iptables mode=600 backup=yes
  with_first_found:
-    - $iptables
+    - "{{ iptables }}"
-    - $files/iptables/iptables.${ansible_fqdn}
+    - "{{ files }}/iptables/iptables.{{ ansible_fqdn }}"
-    - $files/iptables/iptables.${host_group}
+    - "{{ files }}/iptables/iptables.{{ host_group }}"
-    - $files/iptables/iptables.${env}
+    - "{{ files }}/iptables/iptables.{{ env }}"
-    - $files/iptables/iptables
+    - "{{ files }}/iptables/iptables"
  notify:
  - restart iptables
  tags:
--- a/tasks/keyserver.yml
+++ b/tasks/keyserver.yml
@ -16,12 +16,12 @@
    owner=sks group=sks mode=0755
 - name: /srv/sks/membership
-  copy: src=$files/keyserver/membership dest=/srv/sks/membership owner=sks group=sks mode=0644
+  copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
  tags:
  - config
 - name: /srv/sks/sksconf
-  copy: src=$files/keyserver/sksconf dest=/srv/sks/sksconf owner=sks group=sks mode=0644
+  copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
  tags:
  - config
@ -32,47 +32,47 @@
    owner=sks group=sks mode=0755
 - name: /srv/sks/web/index.html
-  copy: src=$files/keyserver/index.html dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
+  copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
  tags:
  - config
 - name: /srv/sks/web/css.css
-  copy: src=$files/keyserver/css.css dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
+  copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
  tags:
  - config
 - name: /etc/httpd/conf.d/sks.conf
-  copy: src=$files/keyserver/sks.conf dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+  copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
  tags:
  - config
 - name: /etc/httpd/conf.d/ssl.conf
-  copy: src=$files/keyserver/ssl.conf dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
+  copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
  tags:
  - config
 - name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
-  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
+  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
  tags:
  - config
 - name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
-  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.key dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
+  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
  tags:
  - config
 - name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
-  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.intermediate.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
+  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
  tags:
  - config
 - name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
-  copy: src=$puppet_private/keys_fedoraproject_org.crt.pem dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
+  copy: src="{{ puppet_private }}/keys_fedoraproject_org.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
  tags:
  - config
 - name: /etc/pki/tls/keys_fedoraproject_org.key
-  copy: src=$puppet_private/keys_fedoraproject_org.key dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
+  copy: src="{{ puppet_private }}/keys_fedoraproject_org.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
  tags:
  - config
--- a/tasks/koji/base_builder.yml
+++ b/tasks/koji/base_builder.yml
@ -1,5 +1,5 @@
 - name: set root passwd
-  action: user name=root password=$builder_rootpw state=present
+  action: user name=root password={{ builder_rootpw }} state=present
 - name: add mock user as 425
  action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
@ -11,7 +11,7 @@
  action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
 - name: add mock ssh keys
-  action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
+  action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock
 - name: add kojibuilder
  action: user name=kojibuilder groups=mock 
@ -23,10 +23,10 @@
  action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder
 - name: mockbuilder ssh key
-  action: copy src=$files/kojibuilder/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
+  action: copy src="{{ files }}/kojibuilder/ftbfs_auth_keys" dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder
 - name: make a bunch of dirs
-  action: file state=directory path=$item
+  action: file state=directory path={{ item }}
  with_items:
    - /pub
    - /mnt/fedora_koji
@ -35,16 +35,16 @@
    - /var/spool/rsyslog
 - name: add builder infra yum repo
-  action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
+  action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
 - name: clean up packages we do not need
-  action: yum state=removed pkg=$item
+  action: yum state=removed pkg={{ item }}
  with_items:
    - audit
    - 'cronie\*'
 - name: add pkgs
-  action: yum  state=installed pkg=$item
+  action: yum  state=installed pkg={{ item }}
  with_items:
    - yum-utils
    - koji-builder
@ -56,49 +56,49 @@
    - ntpdate
 - name: /etc/kojid/kojid.conf
-  action: copy src=$files/kojibuilder/kojid.conf dest=/etc/kojid/kojid.conf
+  action: copy src="{{ files }}/kojibuilder/kojid.conf" dest=/etc/kojid/kojid.conf
  when: not inventory_hostname.startswith(('arm01','arm03'))
  notify:
  - restart kojid
 - name: arm /etc/kojid/kojid.conf
-  action: copy src=$files/kojibuilder/arm-kojid.conf dest=/etc/kojid/kojid.conf
+  action: copy src="{{ files }}/kojibuilder/arm-kojid.conf" dest=/etc/kojid/kojid.conf
  when: inventory_hostname.startswith(('arm01','arm03'))
  notify:
  - restart kojid
 - name: /etc/koji/koji.conf
-  action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
+  action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
  when: not inventory_hostname.startswith(('arm01','arm03'))
 - name: /etc/koji/koji.conf
-  action: copy src=$files/kojibuilder/arm-koji.conf dest=/etc/koji.conf
+  action: copy src="{{ files }}/kojibuilder/arm-koji.conf" dest=/etc/koji.conf
  when: inventory_hostname.startswith(('arm01','arm03'))
 - name: copy over koji ca cert
-  action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem
+  action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/etc/kojid/cacert.pem
 - name: copy over /etc/security/limits.conf
-  action: copy src=$files/kojibuilder/limits.conf dest=/etc/security/limits.conf
+  action: copy src="{{ files }}/kojibuilder/limits.conf" dest=/etc/security/limits.conf
 - name: copy over builder cert to /etc/kojid/kojibuilder.pem
-  action: copy src=$private/files/koji/buildercerts/${inventory_hostname}.pem dest=/etc/kojid/kojibuilder.pem mode=600   
+  action: copy src="{{ private }}/files/koji/buildercerts/{{ inventory_hostname }}.pem" dest=/etc/kojid/kojibuilder.pem mode=600   
 - name: chkconfig kojid on and leave it running
  action: service name=kojid enabled=on
 #  action: service name=kojid enabled=on state=started
 - name: copy over authorized keys for root
-  action: copy src=$files/kojibuilder/root_auth_keys dest=/root/.ssh/authorized_keys mode=644
+  action: copy src="{{ files }}/kojibuilder/root_auth_keys" dest=/root/.ssh/authorized_keys mode=644
 # idmapd and make sure it's set to run
 - name: idmapd.conf
-  action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
+  action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
  tags:
  - configs
 - name: enable nfs-related services and run them
-  action: service name=$item  enabled=true state=started
+  action: service name={{ item }}  enabled=true state=started
  with_items:
  - rpcidmapd
  - rpcbind
@ -106,7 +106,7 @@
  - nfslock
 - name: route config for netapp network
-  action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
+  action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
 - name: run netapp route
  command: /etc/sysconfig/network-scripts/ifup-routes eth1
@ -122,7 +122,7 @@
 # mock configs for pungify job
 # TODO: restore this to "copy:", this is a temporary "fix" for https://github.com/ansible/ansible/issues/4377
 - name: put extra special  mock configs in
-  template: src=$files/kojibuilder/builders/$item dest=/etc/mock/$item mode=644
+  template: src="{{ files }}/kojibuilder/builders/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
  with_items:
    - fedora-branched-pungi-armhfp.cfg
    - fedora-branched-pungi-i386.cfg
@ -132,14 +132,14 @@
    - fedora-rawhide-pungi-armhfp.cfg
 - name: mock site-defaults.cfg
-  action: copy src=$files/kojibuilder/builders/site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
+  action: copy src="{{ files }}/kojibuilder/builders/site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
  when: not inventory_hostname.startswith('bkernel')
 - name: ntp steptickers
-  action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
+  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
 - name: ntp.conf
-  action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf
+  action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
 - name: enable ntpd
  action: service name=ntpd enabled=true state=started
--- a/tasks/koji/bkernel-setup.yml
+++ b/tasks/koji/bkernel-setup.yml
@ -1,6 +1,6 @@
 ---
 - name: add pkgs for bkernel boxes
-  action: yum state=latest pkg=$item enablerepo=epel-test
+  action: yum state=latest pkg={{ item }} enablerepo=epel-test
  with_items:
    - pesign
    - ccid
@ -22,11 +22,11 @@
  action: service name=pesign state=started enabled=true
 - name: when you awake you will remember nothing
-  action: copy src=$files/kojibuilder/history_off.sh dest=/etc/profile.d/history_off.sh mode=0644
+  action: copy src="{{ files }}/kojibuilder/history_off.sh" dest=/etc/profile.d/history_off.sh mode=0644
 - name: mock site-defaults.cfg
-  action: copy src=$files/kojibuilder/builders/bkernel-site-defaults.cfg dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
+  action: copy src="{{ files }}/kojibuilder/builders/bkernel-site-defaults.cfg" dest=/etc/mock/site-defaults.cfg mode=0644 owner=root group=mock
 - name: make sure our bkernel boxes have static ip
-  action: template src=$files/kojibuilder/builders/bkernel-eth0-network dest=/etc/sysconfig/network-scripts/ifcfg-eth0 
+  action: template src="{{ files }}/kojibuilder/builders/bkernel-eth0-network" dest=/etc/sysconfig/network-scripts/ifcfg-eth0 
--- a/tasks/koji/builder_kernel_config.yml
+++ b/tasks/koji/builder_kernel_config.yml
@ -5,7 +5,7 @@
  action: command /sbin/grubby --update-kernel=ALL --args=max_loop=64 
 - name: special pkgs for the x86_64 builders
-  yum: state=installed pkg=$item
+  yum: state=installed pkg={{ item }}
  with_items:
  - kmod-hfsplus    
  when: is_rhel == 'True'
--- a/tasks/koji/releng_config.yml
+++ b/tasks/koji/releng_config.yml
@ -1,5 +1,5 @@
 - name: set root passwd
-  action: user name=root password=$builder_rootpw state=present
+  action: user name=root password={{ builder_rootpw }} state=present
 - name: add mock user as 425
  action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes
@ -8,7 +8,7 @@
 - name: add mock ssh dir
  action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock
 - name: add mock ssh keys
-  action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
+  action: copy src="{{ files }}/kojibuilder/mock_auth_keys" dest=/var/lib/mock/.ssh/authorized_keys mode=644 owner=mock group=mock
 - name: add ftpsync group
  action: group name=ftpsync gid=263 system=yes state=present
@ -17,7 +17,7 @@
  action: user name=ftpsync uid=263 group=ftpsync system=yes home=/var/tmp/ftpsync createhome=yes system=yes state=present
 - name: add the ftpsync update-fullfilelist script
-  action: copy src=$files/releng/update-fullfilelist dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
+  action: copy src="{{ files }}/releng/update-fullfilelist" dest=/usr/local/bin/update-fullfilelist owner=ftpsync group=ftpsync mode=555
 - name: add masher group
  action: group name=masher gid=751 system=yes state=present
@ -28,18 +28,18 @@
 - name: add masher ssh dir
  action: file state=directory path=/home/masher/.ssh mode=700 owner=masher group=masher
 - name: add masher ssh keys
-  action: copy src=$files/releng/mash/masher.$item dest=/home/masher/.ssh/$item mode=600 owner=masher group=masher
+  action: copy src="{{ files }}/releng/mash/masher.{{ item }}" dest="/home/masher/.ssh/{{ item }}" mode=600 owner=masher group=masher
  with_items:
    - id_rsa.pub
    - config
 - name: add masher ssh priv key
-  action: copy src=$private/files/mash/masher.id_rsa dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
+  action: copy src="{{ private }}/files/mash/masher.id_rsa" dest=/home/masher/.ssh/id_rsa mode=600 owner=masher group=masher
 - name: add masher koji cert/key
-  action: copy src=$private/files/mash/masher.pem dest=/home/masher/.fedora.cert mode=600 owner=masher group=masher
+  action: copy src="{{ private }}/files/mash/masher.pem dest=/home/masher/.fedora.cert" mode=600 owner=masher group=masher
 - name: add masher koji ca cert
-  action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/home/masher/.fedora-server-ca.cert
+  action: copy src="{{ private }}/files/koji/buildercerts/fedora-ca.cert" dest=/home/masher/.fedora-server-ca.cert
 # rawhide group
 - name: rawhide group
@ -49,7 +49,7 @@
  action: user name=rawhide uid=265 group=rawhide home=/tmp comment="rawhide compose account"
 - name: make a bunch of dirs
-  action: file state=directory path=$item
+  action: file state=directory path={{ item }}
  with_items:
    - /pub
    - /pub/fedora
@ -67,17 +67,17 @@
  action: file src=/mnt/fedora_koji/compose/cache dest=/srv/pungi/cache  state=link
 - name: add builder infra yum repo
-  action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo
+  action: copy src="{{ files }}/kojibuilder/builder-infrastructure.repo" dest=/etc/yum.repos.d/builder-infrastructure.repo
  tags:
  - configs
 - name: add releng yum repo
-  action: copy src=$files/releng/releng.repo dest=/etc/yum.repos.d/releng.repo
+  action: copy src="{{ files }}/releng/releng.repo" dest=/etc/yum.repos.d/releng.repo
  tags:
  - configs
 - name: add pkgs
-  action: yum  state=installed pkg=$item
+  action: yum  state=installed pkg={{ item }}
  with_items:
    - yum-utils
    - koji
@ -93,12 +93,12 @@
    - pykickstart
 - name: /etc/koji/koji.conf
-  action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
+  action: copy src="{{ files }}/kojibuilder/koji.conf" dest=/etc/koji.conf
 # mock configs
 - name: put extra special  mock configs in
-  action: copy src=$files/releng/$item dest=/etc/mock/$item mode=644
+  action: copy src="{{ files }}/releng/{{ item }}" dest="/etc/mock/{{ item }}" mode=644
  with_items:
    - fedora-branched-compose-armhfp.cfg
    - fedora-rawhide-compose-armhfp.cfg
@ -109,12 +109,12 @@
 # idmapd and make sure it's set to run
 - name: idmapd.conf
-  action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
+  action: copy src="{{ files }}/kojibuilder/idmapd.conf" dest=/etc/idmapd.conf
  tags:
  - configs
 - name: enable nfs-related services and run them
-  action: service name=$item  enabled=true state=started
+  action: service name={{ item }}  enabled=true state=started
  with_items:
  - rpcidmapd
  - rpcbind
@ -123,7 +123,7 @@
 - name: route to netapp network
-  action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1
+  action: copy src="{{ files }}/kojibuilder/route-eth1" dest=/etc/sysconfig/network-scripts/route-eth1
  notify:
  - restart netapproute
@ -138,26 +138,26 @@
 # put cron job in for branched compose
 - name: branched compose cron
-  action: copy src=$files/releng/branched dest=/etc/cron.d/branched
+  action: copy src="{{ files }}/releng/branched" dest=/etc/cron.d/branched
  when: inventory_hostname.startswith('releng01')
 # put cron job in for rawhide compose
 - name: rawhide compose cron
-  action: copy src=$files/releng/rawhide dest=/etc/cron.d/rawhide
+  action: copy src="{{ files }}/releng/rawhide" dest=/etc/cron.d/rawhide
  when: inventory_hostname.startswith('releng02')
 - name: sudoers defaults
-  action: copy src=$private/files/sudo/releng-sudoers dest=/etc/sudoers mode=0440
+  action: copy src="{{ private }}/files/sudo/releng-sudoers" dest=/etc/sudoers mode=0440
  tags:
  - configs
 - name: sudoers for ftpsync
-  action: copy src=$private/files/sudo/ftpsync-sudo dest=/etc/sudoers.d/ftpsync mode=0440
+  action: copy src="{{ private }}/files/sudo/ftpsync-sudo" dest=/etc/sudoers.d/ftpsync mode=0440
  tags:
  - configs
 # fedmsg message buss stuff. 
 - name: fedmsg install
-  action: yum  state=installed pkg=$item
+  action: yum  state=installed pkg={{ item }}
  with_items:
    - fedmsg
    # needed for now, until moksha 0.8.8-4 pulls it in.
@ -173,7 +173,7 @@
  tags:
  - fedmsg
 - name: fedmsg files
-  action: copy src=$files/releng/fedmsg/$item dest=/etc/fedmsg.d/$item mode=644
+  action: copy src="{{ files }}/releng/fedmsg/{{ item }}" dest="/etc/fedmsg.d/{{ item }}" mode=644
  with_items:
    - ircbot.py
    - ssl.py
@ -182,32 +182,32 @@
  tags:
  - fedmsg
 - name: fedmsg ca
-  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
+  action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
  with_items:
    - ca.crt
 - name: fedmsg cert
-  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
+  action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
  with_items:
    - bodhi-releng01.phx2.fedoraproject.org.crt
  tags:
  - fedmsg
  when: inventory_hostname.startswith('releng01')
 - name: fedmsg key
-  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
+  action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=640 group=masher
  with_items:
    - bodhi-releng01.phx2.fedoraproject.org.key
  tags:
  - fedmsg
  when: inventory_hostname.startswith('releng01')
 - name: fedmsg cert
-  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=644
+  action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=644
  with_items:
    - bodhi-releng02.phx2.fedoraproject.org.crt
  tags:
  - fedmsg
  when: inventory_hostname.startswith('releng02')
 - name: fedmsg key
-  action: copy src=$private/files/fedmsg-certs/keys/$item dest=/etc/pki/fedmsg/$item mode=640 group=masher
+  action: copy src="{{ private }}/files/fedmsg-certs/keys/{{ item }}" dest="/etc/pki/fedmsg/{{ item }}" mode=640 group=masher
  with_items:
    - bodhi-releng02.phx2.fedoraproject.org.key
  tags:
--- a/tasks/mod_wsgi.yml
+++ b/tasks/mod_wsgi.yml
@ -6,7 +6,7 @@
  - packages
 - name: wsgi.conf
-  copy: src=$files/mod_wsgi/wsgi.conf dest=/etc/httpd/conf.d/wsgi.conf
+  copy: src="{{ files }}/mod_wsgi/wsgi.conf" dest=/etc/httpd/conf.d/wsgi.conf
  notify:
  - restart apache
  tags:
--- a/tasks/mysql_server.yml
+++ b/tasks/mysql_server.yml
@ -3,14 +3,14 @@
 # Setup mysql server. 
 #
 - name: install mysql server packages
-  yum: name=$item state=installed
+  yum: name={{ item }} state=installed
  with_items:
  - mysql-server
  tags:
  - packages
 - name: install our my.cnf
-  copy: src=$files/mysql/my.cnf dest=/etc/my.cnf owner=root group=root mode=0644
+  copy: src="{{ files }}/mysql/my.cnf" dest=/etc/my.cnf owner=root group=root mode=0644
 - name: Set mysql-server to run
  service: name=mysqld enabled=yes state=running
--- a/tasks/openvpn_client.yml
+++ b/tasks/openvpn_client.yml
@ -6,35 +6,35 @@
  - packages
 - name: /etc/openvpn/ca.crt from  vpn/openvpn/keys/ca.crt
-  copy: src=$puppet_private/vpn/openvpn/keys/ca.crt dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
+  copy: src="{{ puppet_private }}/vpn/openvpn/keys/ca.crt" dest=/etc/openvpn/ca.crt mode=0600 owner=root group=root
  tags:
  - config
  notify:
  - restart openvpn
 - name: /etc/openvpn/crl.pem from vpn/openvpn/keys/crl.pem
-  copy: src=$puppet_private/vpn/openvpn/keys/crl.pem dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
+  copy: src="{{ puppet_private }}/vpn/openvpn/keys/crl.pem" dest=/etc/openvpn/crl.pem mode=0644 owner=root group=root
  tags:
  - config
  notify:
  - restart openvpn
 - name: /etc/openvpn/openvpn.conf
-  copy: src=$files/openvpn/client.conf dest=/etc/openvpn/openvpn.conf
+  copy: src="{{ files }}/openvpn/client.conf" dest=/etc/openvpn/openvpn.conf
  tags:
  - config
  notify:
  - restart openvpn
 - name: /etc/openvpn/client.crt
-  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.crt dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
+  copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.crt" dest=/etc/openvpn/client.crt mode=0600 owner=root group=root
  tags:
  - config
  notify:
  - restart openvpn
 - name: /etc/openvpn/client.key
-  copy: src=$puppet_private/vpn/openvpn/keys/${inventory_hostname}.key dest=/etc/openvpn/client.key mode=0600 owner=root group=root
+  copy: src="{{ puppet_private }}/vpn/openvpn/keys/{{ inventory_hostname }}.key" dest=/etc/openvpn/client.key mode=0600 owner=root group=root
  tags:
  - config
  notify:
--- a/tasks/persistent_cloud.yml
+++ b/tasks/persistent_cloud.yml
@ -1,25 +1,25 @@
 ---
 - name: check it out
-  local_action: shell nc -d -z -w 5 ${inventory_hostname} 22 >>/dev/null
+  local_action: shell nc -d -z -w 5 {{ inventory_hostname }} 22 >>/dev/null
  register: host_is_up
  ignore_errors: true
 - name: spin it up
-  local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group} ec2_access_key=$persist_access_key ec2_secret_key=$persist_secret_key ec2_url=$os_ec2_url 
+  local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }} ec2_access_key={{ persist_access_key }} ec2_secret_key={{ persist_secret_key }} ec2_url={{ os_ec2_url }} 
  register: inst_res
  when: host_is_up|failed
 - name: assign it a special ip
-  local_action: shell euca-associate-address --config ${persist_config} -i ${inst_res.instances[0].id} ${public_ip}
+  local_action: shell euca-associate-address --config {{ persist_config }} -i {{ inst_res.instances[0].id }} {{ public_ip }}
  when: host_is_up|failed
 - name: wait for the reassignation
-  local_action: wait_for host=${public_ip} port=22 delay=20 timeout=300
+  local_action: wait_for host={{ public_ip }} port=22 delay=20 timeout=300
  when: host_is_up|failed
 # attach and mount volumes
 - name: attach volumes to the system
-  local_action: shell euca-attach-volume --config ${persist_config} -i ${inst_res.instances[0].id} $item
+  local_action: shell euca-attach-volume --config {{ persist_config }} -i {{ inst_res.instances[0].id }} {{ item }}
-  with_items: $volumes
+  with_items: "{{ volumes }}"
  when: volumes is defined and host_is_up|failed
--- a/tasks/postfix_basic.yml
+++ b/tasks/postfix_basic.yml
@ -5,14 +5,14 @@
  - packages
 - name: /etc/postfix/main.cf
-  action: copy src=$item dest=/etc/postfix/main.cf
+  action: copy src={{ item }} dest=/etc/postfix/main.cf
  with_first_found:
-    - $postfix_maincf
+    - "{{ postfix_maincf }}"
-    - $files/postfix/main.cf.${ansible_fqdn}
+    - "{{ files }}/postfix/main.cf.{{ ansible_fqdn }}"
-    - $files/postfix/main.cf.${inventory_hostname}
+    - "{{ files }}/postfix/main.cf.{{ inventory_hostname }}"
-    - $files/postfix/main.cf.${host_group}
+    - "{{ files }}/postfix/main.cf.{{ host_group }}"
-    - $files/postfix/main.cf.${postfix_group}
+    - "{{ files }}/postfix/main.cf.{{ postfix_group }}"
-    - $files/postfix/main.cf
+    - "{{ files }}/postfix/main.cf"
  notify:
  - restart postfix
  tags:
--- a/tasks/rdiff_backup_server.yml
+++ b/tasks/rdiff_backup_server.yml
@ -1,7 +1,7 @@
 ---
 # tasklist for setting up a rdiff backup server.
 - name: install rdiff-backup
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - rdiff-backup
  - git
@ -10,11 +10,11 @@
  - packages
 - name: setup rdiff backup script
-  copy: src=$files/rdiff-backup/run-rdiff-backups dest=/usr/local/bin/run-rdiff-backups mode=755
+  copy: src="{{ files }}/rdiff-backup/run-rdiff-backups" dest=/usr/local/bin/run-rdiff-backups mode=755
  tags:
  - config
 - name: setup rdiff backup cron
-  copy: src=$files/rdiff-backup/run-rdiff-backups.cron dest=/etc/cron.d/run-rdiff-backups
+  copy: src="{{ files }}/rdiff-backup/run-rdiff-backups.cron" dest=/etc/cron.d/run-rdiff-backups
  tags:
  - config
--- a/tasks/serialgetty.yml
+++ b/tasks/serialgetty.yml
@ -1,7 +1,7 @@
 ---
 - name: upstart serial setup
-  action: copy src=$files/common/ttyS0.conf dest=/etc/init/ttyS0.conf
+  action: copy src="{{ files }}/common/ttyS0.conf" dest=/etc/init/ttyS0.conf
  when: is_rhel == 'True'
  tags:
  - configs
--- a/tasks/sign_setup.yml
+++ b/tasks/sign_setup.yml
@ -1,7 +1,7 @@
 ---
 - name: put builder-repo on system
-  action: copy src=$files/sign/$item dest=/etc/yum.repos.d/$item
+  action: copy src="{{ files }}/sign/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - builder-rpms.repo
  when: is_rhel == 'True'
@ -10,7 +10,7 @@
  - packages
 - name: install sigul
-  action: yum state=installed name=$item
+  action: yum state=installed name={{ item }}
  with_items:
  - sigul
  - ntp
@ -20,24 +20,24 @@
  - packages
 - name: setup /etc/sigul/bridge.conf file
-  action: template src=$files/sign/bridge.conf.j2 dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
+  action: template src="{{ files }}/sign/bridge.conf.j2" dest=/etc/sigul/bridge.conf owner=root group=sigul mode=640
  tags:
  - config
 - name: setup /etc/sigul/server.conf file
-  action: copy src=$files/sign/server.conf dest=/etc/sigul/server.conf owner=root group=sigul mode=640
+  action: copy src="{{ files }}/sign/server.conf" dest=/etc/sigul/server.conf owner=root group=sigul mode=640
 - name: ntp steptickers
-  action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers
+  action: copy src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
 - name: ntp.conf
-  action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf
+  action: copy src="{{ files }}/common/ntp.conf" dest=/etc/ntp.conf
 - name: enable ntpd
  action: service name=ntpd enabled=true state=started
 - name: /etc/hosts
-  action: copy src=$files/hosts/sign-hosts dest=/etc/hosts
+  action: copy src="{{ files }}/hosts/sign-hosts" dest=/etc/hosts
  tags:
  - configs
--- a/tasks/sudo.yml
+++ b/tasks/sudo.yml
@ -7,16 +7,16 @@
 # Put in place the default sysadmin-main sudoers file. 
 #
 - name: setup /etc/sudoers.d/sysadmin-main
-  action: copy src=$private/files/sudo/sysadmin-main dest=/etc/sudoers.d/ owner=root group=root mode=0600
+  action: copy src="{{ private }}/files/sudo/sysadmin-main" dest=/etc/sudoers.d/ owner=root group=root mode=0600
  tags:
  - config
 #
 # This will move a /etc/sudoers.d/ file in place 
 #
 - name: setup /etc/sudoers.d/sudoer file for client use
-  action: copy src=$item dest=/etc/sudoers.d/ owner=root group=root mode=0600
+  action: copy src={{ item }} dest=/etc/sudoers.d/ owner=root group=root mode=0600
  with_first_found:
-  - files: ${sudoers} ${private}/files/sudo/${ansible_fqdn}-sudoers ${private}/files/sudo/${ansible_hostname}-sudoers ${private}/files/sudo/${ansible_domain}-sudoers
+  - files: "{{ sudoers }}" "{{ private }}/files/sudo/{{ ansible_fqdn }}-sudoers" "{{ private }}/files/sudo/{{ ansible_hostname }}-sudoers" "{{ private }}/files/sudo/{{ ansible_domain }}-sudoers"
    skip: true
  tags:
  - config
--- a/tasks/transient_cloud.yml
+++ b/tasks/transient_cloud.yml
@ -1,16 +1,16 @@
 ---
 - name: spin it up
-  local_action: ec2 keypair=${keypair} image=${image} type=${instance_type} wait=true group=${security_group} ec2_access_key=$transient_access_key ec2_secret_key=$transient_secret_key ec2_url=$os_ec2_url
+  local_action: ec2 keypair={{ keypair }} image={{ image }} type={{ instance_type }} wait=true group={{ security_group }} ec2_access_key={{ transient_access_key }} ec2_secret_key={{ transient_secret_key }} ec2_url={{ os_ec2_url }}
  register: inst_res
 - name: add it to the special group
-  local_action: add_host hostname=${inst_res.instances[0].public_ip} groupname=tmp_just_created
+  local_action: add_host hostname={{ inst_res.instances[0].public_ip }} groupname=tmp_just_created
 - name: mail off about where it is
-  local_action: mail to=sysadmin-main-members@fedoraproject.org from=ansible-create@fedoraproject.org subject=${inst_res.instances[0].public_ip} msg="cloud instance created on ${inst_res.instances[0].public_ip}\n instance id - ${inst_res.instances[0].id} - ${hostbase} ${root_auth_users} "
+  local_action: mail to=sysadmin-main-members@fedoraproject.org from=ansible-create@fedoraproject.org subject={{ inst_res.instances[0].public_ip }} msg="cloud instance created on {{ inst_res.instances[0].public_ip }}\n instance id - {{ inst_res.instances[0].id }} - {{ hostbase }} {{ root_auth_users }} "
 - name: wait for the host to be hot
-  local_action: wait_for host=${inst_res.instances[0].public_ip} port=22 delay=2 timeout=300
+  local_action: wait_for host={{ inst_res.instances[0].public_ip }} port=22 delay=2 timeout=300
--- a/tasks/virthost.yml
+++ b/tasks/virthost.yml
@ -5,7 +5,7 @@
  selinux: policy=targeted state=enforcing
 - name: install libvirt packages
-  yum: pkg=$item state=installed
+  yum: pkg={{ item }} state=installed
  with_items:
  - qemu-kvm
  - libvirt
@ -18,7 +18,7 @@
 # This provides us with the ability to use virt-manager from non root accounts. 
 #
 - name: install libvirtd.conf
-  copy: src=$files/virthost/libvirtd.conf dest=/etc/libvirt/libvirtd.conf
+  copy: src="{{ files }}/virthost/libvirtd.conf" dest=/etc/libvirt/libvirtd.conf
  notify:
  - restart libvirtd
  tags:
--- a/tasks/yumrepos.yml
+++ b/tasks/yumrepos.yml
@ -1,6 +1,6 @@
 ---
 - name: put rhel repos on system
-  action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
+  action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - epel6.repo
  - rhel6.repo
@ -10,7 +10,7 @@
  - packages
 - name: put fedora repos on x86 systems
-  action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
+  action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - fedora.repo
  - fedora-updates.repo
@ -21,7 +21,7 @@
  - packages
 - name: put fedora repos on arm systems
-  action: copy src=$files/common/$item-arm dest=/etc/yum.repos.d/$item
+  action: copy src="{{ files }}/common/{{ item-arm }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - fedora.repo
  - fedora-updates.repo
@ -32,7 +32,7 @@
  - packages
 - name: add infrastructure repo
-  action: copy src=$files/common/$item dest=/etc/yum.repos.d/$item
+  action: copy src="{{ files }}/common/{{ item }}" dest="/etc/yum.repos.d/{{ item }}"
  with_items:
  - infrastructure.repo
  - infrastructure-testing.repo