diff --git a/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml b/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml
new file mode 100644
index 00000000..ee8e78d2
--- /dev/null
+++ b/releasenotes/notes/fix-check-mode-with-tags-bf798856a27c53eb.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    When the security role was run in Ansible's check mode and a tag was
+    provided, the ``check_mode`` variable was not being set. Any tasks which
+    depend on that variable would fail. This `bug is fixed <https://bugs.launchpad.net/openstack-ansible/+bug/1590086>`_
+    and the ``check_mode`` variable is now set properly on every playbook run.
diff --git a/tasks/main.yml b/tasks/main.yml
index dc9cc8fb..b93d6a32 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -16,10 +16,14 @@
   - name: Verify if we're using check mode
     command: /bin/true
     register: noop_result
+    tags:
+      - always
 
-  - name: Set a fact if we're in check mode
+  - name: Set facts
     set_fact:
-      check_mode: "{{ noop_result|skipped }}"
+      check_mode: "{{ noop_result | skipped }}"
+    tags:
+      - always
 
   - include: apt.yml
   - include: auditd.yml