Merge branch 'main' into 8343-New-machine-id

playbooks/debian.yml

@@ -15,4 +15,4 @@
   - name: Configure virtual machine
     import_role:
       name: debian-qemu
-    when: ansible_virtualization_type == 'kvm'
+    when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'

roles/debian-base/tasks/main.yml

@@ -32,5 +32,3 @@
   tags: bacula
 - import_tasks: vn-repo.yml
   tags: vn-repo
-- import_tasks: grub_startup.yml
-  tags: grub_startup

roles/debian-base/tasks/relayhost.yml

@@ -1,29 +1,33 @@
-- name: Install exim packages
+- name: Getting service facts to check for postfix
-  apt:
+  service_facts:
-    name: exim4
+- when: "'postfix.service' not in ansible_facts.services"
-    state: present
+  block:
-- name: Prepare exim configuration
+  - name: Install exim packages
-  blockinfile:
+    apt:
-    path: /etc/exim4/update-exim4.conf.conf
+      name: exim4
-    marker_begin: '--- BEGIN VN ---'
+      state: present
-    marker_end: '--- END VN ---'
+  - name: Prepare exim configuration
-    marker: "# {mark}"
+    blockinfile:
-    block: |
+      path: /etc/exim4/update-exim4.conf.conf
-      dc_eximconfig_configtype='satellite'
+      marker_begin: '--- BEGIN VN ---'
-      dc_other_hostnames='{{ ansible_fqdn }}'
+      marker_end: '--- END VN ---'
-      dc_local_interfaces='127.0.0.1'
+      marker: "# {mark}"
-      dc_readhost='{{ ansible_fqdn }}'
+      block: |
-      dc_smarthost='{{ smtp_server }}'
+        dc_eximconfig_configtype='satellite'
-      dc_hide_mailname='true'
+        dc_other_hostnames='{{ ansible_fqdn }}'
-    state: present
+        dc_local_interfaces='127.0.0.1'
-    create: yes
+        dc_readhost='{{ ansible_fqdn }}'
-    mode: u=rw,g=r,o=r
+        dc_smarthost='{{ smtp_server }}'
-  notify: update exim configuration
+        dc_hide_mailname='true'
-  register: exim_config
+      state: present
-- name: Force execution of handlers immediately
+      create: yes
-  meta: flush_handlers
+      mode: u=rw,g=r,o=r
-- name: Sending mail to verify relay host configuration works
+    notify: update exim configuration
-  shell: >
+    register: exim_config
-    sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
+  - name: Force execution of handlers immediately
-      | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
+    meta: flush_handlers
-  when: exim_config.changed
+  - name: Sending mail to verify relay host configuration works
+    shell: >
+      sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
+        | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
+    when: exim_config.changed

roles/debian-base/tasks/root.yml

@@ -26,7 +26,7 @@
             lookup(passbolt, inventory_hostname_short,
               username='root',
               password=root_password,
-              uri='ssh://'+hostname_fqdn
+              uri='ssh://'+hostname_fqdn+'/'
             )
           }}
       environment:

roles/debian-base/tasks/timesync.yml

@@ -1,23 +1,28 @@
-- name: Ensure directory for timesyncd custom configuration exists
+- name: Getting service facts to check for timesyncd
-  file:
+  service_facts:
-    path: /etc/systemd/timesyncd.conf.d/
+- when: "'systemd-timesyncd.service' in ansible_facts.services"
-    state: directory
+  block:
-    owner: root
+  - name: Ensure directory for timesyncd custom configuration exists
-    group: root
+    file:
-    mode: u=rwx,g=rx,o=rx
+      path: /etc/systemd/timesyncd.conf.d/
-- name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf
+      state: directory
-  copy:
+      owner: root
-    dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
+      group: root
-    content: |
+      mode: u=rwx,g=rx,o=rx
-      [Time]
+  - name: Configure timesyncd service
-      NTP={{ time_server }}
+    copy:
-      FallbackNTP={{ time_server_spain }}
+      dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
-    owner: root
+      content: |
-    group: root
+        [Time]
-    mode: u=rw,g=r,o=r
+        NTP={{ time_server }}
-  notify: restart systemd-timesyncd
+        FallbackNTP={{ time_server_spain }}
-- name: Ensure systemd-timesyncd service is enabled and started
+      owner: root
-  service:
+      group: root
-    name: systemd-timesyncd
+      mode: u=rw,g=r,o=r
-    enabled: yes
+    notify: restart systemd-timesyncd
-    state: started
+  - name: Ensure timesyncd service is enabled and started
+    when: "ansible_facts.services['systemd-timesyncd.service'].status == 'enabled'"
+    service:
+      name: systemd-timesyncd
+      enabled: yes
+      state: started

roles/debian-host/tasks/apparmor.yml

@@ -1,12 +1,16 @@
-- name: Stop AppArmor
+- name: Getting service facts to check for apparmor
-  systemd:
+  service_facts:
-    name: apparmor
+- when: "'apparmor.service' in ansible_facts.services"
-    state: stopped
+  block:
-- name: Disable AppArmor service
+  - name: Stop AppArmor
-  systemd:
+    systemd:
-    name: apparmor
+      name: apparmor
-    enabled: no
+      state: stopped
-- name: Mask AppArmor service
+  - name: Disable AppArmor service
-  systemd:
+    systemd:
-    name: apparmor
+      name: apparmor
-    masked: yes
+      enabled: no
+  - name: Mask AppArmor service
+    systemd:
+      name: apparmor
+      masked: yes

roles/debian-qemu/handlers/main.yml

@@ -1,7 +1,3 @@
-- name: restart-nslcd
-  service:
-    name: nslcd
-    state: restarted
 - name: restart-autofs
   service:
     name: autofs

roles/debian-qemu/tasks/autofs.yml

@@ -11,7 +11,6 @@
   lineinfile:
     path: /etc/nsswitch.conf
     line: "automount:      files"
-  notify: restart-nslcd
 - name: Add file homes.autofs configured to autofs
   template:
     src: homes.autofs

roles/debian-qemu/tasks/main.yml

@@ -6,3 +6,5 @@
   tags: autofs
 - import_tasks: blacklist.yml
   tags: blacklist
+- import_tasks: grub_startup.yml
+  tags: grub_startup