Merge branch 'main' into 8343-New-machine-id

playbooks/debian.yml

@@ -15,4 +15,4 @@
   - name: Configure virtual machine
     import_role:
       name: debian-qemu
-    when: ansible_virtualization_type == 'kvm'
+    when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'

roles/debian-base/tasks/main.yml

@@ -32,5 +32,3 @@
   tags: bacula
 - import_tasks: vn-repo.yml
   tags: vn-repo
-- import_tasks: grub_startup.yml
-  tags: grub_startup

roles/debian-base/tasks/relayhost.yml

@@ -1,29 +1,33 @@
-- name: Install exim packages
-  apt:
-    name: exim4
-    state: present
-- name: Prepare exim configuration
-  blockinfile:
-    path: /etc/exim4/update-exim4.conf.conf
-    marker_begin: '--- BEGIN VN ---'
-    marker_end: '--- END VN ---'
-    marker: "# {mark}"
-    block: |
-      dc_eximconfig_configtype='satellite'
-      dc_other_hostnames='{{ ansible_fqdn }}'
-      dc_local_interfaces='127.0.0.1'
-      dc_readhost='{{ ansible_fqdn }}'
-      dc_smarthost='{{ smtp_server }}'
-      dc_hide_mailname='true'
-    state: present
-    create: yes
-    mode: u=rw,g=r,o=r
-  notify: update exim configuration
-  register: exim_config
-- name: Force execution of handlers immediately
-  meta: flush_handlers
-- name: Sending mail to verify relay host configuration works
-  shell: >
-    sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
-      | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
-  when: exim_config.changed
+- name: Getting service facts to check for postfix
+  service_facts:
+- when: "'postfix.service' not in ansible_facts.services"
+  block:
+  - name: Install exim packages
+    apt:
+      name: exim4
+      state: present
+  - name: Prepare exim configuration
+    blockinfile:
+      path: /etc/exim4/update-exim4.conf.conf
+      marker_begin: '--- BEGIN VN ---'
+      marker_end: '--- END VN ---'
+      marker: "# {mark}"
+      block: |
+        dc_eximconfig_configtype='satellite'
+        dc_other_hostnames='{{ ansible_fqdn }}'
+        dc_local_interfaces='127.0.0.1'
+        dc_readhost='{{ ansible_fqdn }}'
+        dc_smarthost='{{ smtp_server }}'
+        dc_hide_mailname='true'
+      state: present
+      create: yes
+      mode: u=rw,g=r,o=r
+    notify: update exim configuration
+    register: exim_config
+  - name: Force execution of handlers immediately
+    meta: flush_handlers
+  - name: Sending mail to verify relay host configuration works
+    shell: >
+      sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
+        | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
+    when: exim_config.changed

roles/debian-base/tasks/root.yml

@@ -26,7 +26,7 @@
             lookup(passbolt, inventory_hostname_short,
               username='root',
               password=root_password,
-              uri='ssh://'+hostname_fqdn
+              uri='ssh://'+hostname_fqdn+'/'
             )
           }}
       environment:

roles/debian-base/tasks/timesync.yml

@@ -1,23 +1,28 @@
-- name: Ensure directory for timesyncd custom configuration exists
-  file:
-    path: /etc/systemd/timesyncd.conf.d/
-    state: directory
-    owner: root
-    group: root
-    mode: u=rwx,g=rx,o=rx
-- name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf
-  copy:
-    dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
-    content: |
-      [Time]
-      NTP={{ time_server }}
-      FallbackNTP={{ time_server_spain }}
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
-  notify: restart systemd-timesyncd
-- name: Ensure systemd-timesyncd service is enabled and started
-  service:
-    name: systemd-timesyncd
-    enabled: yes
-    state: started
+- name: Getting service facts to check for timesyncd
+  service_facts:
+- when: "'systemd-timesyncd.service' in ansible_facts.services"
+  block:
+  - name: Ensure directory for timesyncd custom configuration exists
+    file:
+      path: /etc/systemd/timesyncd.conf.d/
+      state: directory
+      owner: root
+      group: root
+      mode: u=rwx,g=rx,o=rx
+  - name: Configure timesyncd service
+    copy:
+      dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
+      content: |
+        [Time]
+        NTP={{ time_server }}
+        FallbackNTP={{ time_server_spain }}
+      owner: root
+      group: root
+      mode: u=rw,g=r,o=r
+    notify: restart systemd-timesyncd
+  - name: Ensure timesyncd service is enabled and started
+    when: "ansible_facts.services['systemd-timesyncd.service'].status == 'enabled'"
+    service:
+      name: systemd-timesyncd
+      enabled: yes
+      state: started

roles/debian-host/tasks/apparmor.yml

@@ -1,12 +1,16 @@
-- name: Stop AppArmor
-  systemd:
-    name: apparmor
-    state: stopped
-- name: Disable AppArmor service
-  systemd:
-    name: apparmor
-    enabled: no
-- name: Mask AppArmor service
-  systemd:
-    name: apparmor
-    masked: yes
+- name: Getting service facts to check for apparmor
+  service_facts:
+- when: "'apparmor.service' in ansible_facts.services"
+  block:
+  - name: Stop AppArmor
+    systemd:
+      name: apparmor
+      state: stopped
+  - name: Disable AppArmor service
+    systemd:
+      name: apparmor
+      enabled: no
+  - name: Mask AppArmor service
+    systemd:
+      name: apparmor
+      masked: yes

roles/debian-qemu/handlers/main.yml

@@ -1,7 +1,3 @@
-- name: restart-nslcd
-  service:
-    name: nslcd
-    state: restarted
 - name: restart-autofs
   service:
     name: autofs

roles/debian-qemu/tasks/autofs.yml

@@ -11,7 +11,6 @@
   lineinfile:
     path: /etc/nsswitch.conf
     line: "automount:      files"
-  notify: restart-nslcd
 - name: Add file homes.autofs configured to autofs
   template:
     src: homes.autofs

roles/debian-qemu/tasks/main.yml

@@ -6,3 +6,5 @@
   tags: autofs
 - import_tasks: blacklist.yml
   tags: blacklist
+- import_tasks: grub_startup.yml
+  tags: grub_startup