Roles fighting over config files
Clearest example I have is as follows. I have a playbook that I run on all new servers, doing things like installing docker and some basic hardening. One of the tasks here is writing the sshd config from a template.
For my backup server, I need to allow certain users to ssh in. The backup-setup playbook is run, and with LineInFile it happens to modify the sshd config.
It has just so happened that a modification was made to the hardening role, and it needed to be re-run. This obviously broke things, but I wasn't immediately aware as it had been a while since setting up the backup server.
What is the right way to approach this issue? The hardening role isn't necessarily maintained by myself. My instinct says to craft playbooks in such a way that these conflicting tasks are always run in the right order, but I think that in practice that would mean often running way more tasks than is necessary.