Improve ansible code so that ansibe-lint shows fewer errors
This commit is contained in:
Raphael Dannecker
parent
e8ef744f59
commit
f965f4466c
23 changed files with 228 additions and 189 deletions
|
|
@ -20,16 +20,17 @@
|
|||
- name: Apply common configuration to the machines
|
||||
hosts: all # desktop:laptop
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
become: true
|
||||
pre_tasks:
|
||||
- pause:
|
||||
- name: Ask for global-admin AD password
|
||||
ansible.builtin.pause:
|
||||
prompt: "Enter global-admin AD password. Leave empty to skip domain join"
|
||||
echo: false
|
||||
register: adpw
|
||||
no_log: true
|
||||
when: "ansible_cmdline.adpw is not defined"
|
||||
- name: Preseed apparmor
|
||||
debconf:
|
||||
ansible.builtin.debconf:
|
||||
name: apparmor
|
||||
question: apparmor/homedirs
|
||||
value: >-
|
||||
|
|
@ -38,7 +39,7 @@
|
|||
/srv/samba/schools/default-school/examusers/
|
||||
vtype: string
|
||||
- name: Preseed unattended-upgrades
|
||||
debconf:
|
||||
ansible.builtin.debconf:
|
||||
name: unattended-upgrades
|
||||
question: unattended-upgrades/enable_auto_updates
|
||||
value: true
|
||||
|
|
@ -115,13 +116,13 @@
|
|||
tasks:
|
||||
## Temporary fixes and quirks:
|
||||
- name: Remove disturbing NetworkManager connection
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "/etc/NetworkManager/system-connections/Wired connection 1"
|
||||
state: absent
|
||||
when: ansible_interfaces | select('search', '^en[pso].+') | length > 1
|
||||
|
||||
- name: Fix 8086:4909 external graphics card
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: "/etc/default/grub"
|
||||
regexp: 'GRUB_CMDLINE_LINUX=""$'
|
||||
replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
|
||||
|
|
@ -129,7 +130,7 @@
|
|||
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
|
||||
|
||||
- name: Fix sound on 312A
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: "/etc/default/grub"
|
||||
regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
|
||||
replace: 'GRUB_CMDLINE_LINUX=""'
|
||||
|
|
@ -137,7 +138,7 @@
|
|||
when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
|
||||
|
||||
- name: Fix sound on 312A and 312D
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: firmware-sof-signed
|
||||
state: latest
|
||||
when: >
|
||||
|
|
@ -145,31 +146,32 @@
|
|||
(ansible_board_name == "312D" or ansible_board_name == "312A")
|
||||
|
||||
- name: Install customized CodeBlocks packages
|
||||
when: "'PCroom' in group_names"
|
||||
block:
|
||||
- name: Check for old CodeBlocks
|
||||
command:
|
||||
ansible.builtin.command:
|
||||
cmd: dpkg -l codeblocks
|
||||
register: codeblocks_version
|
||||
changed_when: False
|
||||
changed_when: false
|
||||
|
||||
- name: Download codeblocks zip archive
|
||||
ansible.builtin.get_url:
|
||||
url: "http://livebox.pn.steinbeis.schule/codeblocks/CodeBlocks.zip"
|
||||
dest: /tmp/CodeBlocks.zip
|
||||
use_proxy: False
|
||||
mode: '0644'
|
||||
use_proxy: false
|
||||
register: new_codeblocks
|
||||
when: codeblocks_version.stdout is not search('svn13544')
|
||||
|
||||
- name: Unpack zip archive and install packages manually
|
||||
shell:
|
||||
ansible.builtin.shell:
|
||||
cmd: unzip -d /tmp/cb/ CodeBlocks.zip && dpkg -i cb/*.deb
|
||||
chdir: /tmp/
|
||||
when: new_codeblocks.changed | default(false)
|
||||
when: "'PCroom' in group_names"
|
||||
|
||||
## Clean up stuff from obsolete/faulty tasks:
|
||||
- name: Remove sddm login screen patch with deprecated marker (homeondisk)
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
path: /usr/share/sddm/themes/debian-breeze/Main.qml
|
||||
marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk
|
||||
state: absent
|
||||
|
|
@ -180,15 +182,15 @@
|
|||
- cachefilesd
|
||||
- mosquitto
|
||||
state: absent
|
||||
purge: True
|
||||
purge: true
|
||||
|
||||
- name: Remove virtiofs service
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/systemd/system/virtiofs@.service
|
||||
state: absent
|
||||
|
||||
- name: Fix mount point permissions and owner
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
mode: '0755'
|
||||
owner: root
|
||||
|
|
@ -198,7 +200,7 @@
|
|||
- /srv/samba/schools
|
||||
|
||||
- name: Remove pam_mount sysvol mount
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/security/pam_mount.conf.xml
|
||||
marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (SysVol) -->"
|
||||
block: |
|
||||
|
|
@ -212,28 +214,30 @@
|
|||
</volume>
|
||||
state: absent
|
||||
|
||||
- name: check if rmlpr.timer is installed
|
||||
stat: path=/etc/systemd/system/rmlpr.timer
|
||||
- name: Check if rmlpr.timer is installed
|
||||
ansible.builtin.stat:
|
||||
path: /etc/systemd/system/rmlpr.timer
|
||||
register: rmlpr
|
||||
|
||||
- name: disable rmlpr.timer
|
||||
systemd:
|
||||
- name: Disable rmlpr.timer
|
||||
ansible.builtin.systemd:
|
||||
name: rmlpr.timer
|
||||
enabled: false
|
||||
when: rmlpr.stat.exists
|
||||
|
||||
- name: check if vmimage-torrent.service is installed
|
||||
stat: path=/etc/systemd/system/vmimage-torrent.service
|
||||
- name: Check if vmimage-torrent.service is installed
|
||||
ansible.builtin.stat:
|
||||
path: /etc/systemd/system/vmimage-torrent.service
|
||||
register: vmimagetorrent
|
||||
|
||||
- name: disable vmimage-torrent.service
|
||||
systemd:
|
||||
- name: Disable vmimage-torrent.service
|
||||
ansible.builtin.systemd:
|
||||
name: vmimage-torrent.service
|
||||
enabled: false
|
||||
when: vmimagetorrent.stat.exists
|
||||
|
||||
- name: Remove deprecated files and directories
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
|
|
@ -269,12 +273,13 @@
|
|||
- /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
|
||||
- /etc/tmpfiles.d/clean-exam.conf
|
||||
|
||||
- name: check if vm_usage_information.txt exists
|
||||
stat: path=/lmn/vm/vm_usage_information.txt
|
||||
- name: Check if vm_usage_information.txt exists
|
||||
ansible.builtin.stat:
|
||||
path: /lmn/vm/vm_usage_information.txt
|
||||
register: vm_usage_information
|
||||
|
||||
- name: pre-fill vm_usage_information.txt
|
||||
shell:
|
||||
- name: Pre-fill vm_usage_information.txt
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt
|
||||
chown lmnsynci:lmnsynci vm_usage_information.txt
|
||||
|
|
@ -285,11 +290,11 @@
|
|||
ansible.builtin.shell:
|
||||
cmd: grep "IPP Everywhere" /etc/cups/printers.conf
|
||||
register: ipp_everywhere
|
||||
failed_when: False
|
||||
changed_when: False
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
|
||||
- name: Delete old IPP-Everywhere printers
|
||||
shell:
|
||||
ansible.builtin.shell:
|
||||
cmd: |
|
||||
for p in $(lpstat -p | cut -d" " -f2); do
|
||||
lpadmin -x "$p"
|
||||
|
|
@ -297,17 +302,17 @@
|
|||
when: not ipp_everywhere.rc
|
||||
|
||||
- name: Remove old VM-printerlists
|
||||
shell:
|
||||
ansible.builtin.shell:
|
||||
cmd: rm -f /lmn/media/*/.printerlist.csv
|
||||
|
||||
- name: Remove Listen on VMBridge
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/cups/cupsd.conf
|
||||
line: 'Listen 192.168.122.1:631'
|
||||
state: absent
|
||||
|
||||
- name: Remove NetworkManager Ansible-Block for non-laptops
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/NetworkManager/NetworkManager.conf
|
||||
state: absent
|
||||
when: "'laptop' not in group_names"
|
||||
|
|
@ -343,7 +348,7 @@
|
|||
- name: Timestamp successfull run and send up-to-date report
|
||||
ansible.builtin.shell:
|
||||
cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter
|
||||
changed_when: False
|
||||
changed_when: false
|
||||
tags: upgrade
|
||||
|
||||
- name: Force ansible-run after install trough emitter by setting timestamp in the past
|
||||
|
|
@ -356,7 +361,7 @@
|
|||
- name: Apply additional laptop configuration
|
||||
hosts: laptop
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
become: true
|
||||
vars_files: lmn-vault
|
||||
vars:
|
||||
localuser: "{{ vault_localuser }}"
|
||||
|
|
@ -366,7 +371,7 @@
|
|||
when: "'teacherlaptop' not in group_names"
|
||||
tasks:
|
||||
- name: Remove deprecated files and directories (laptop-class)
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
|
|
@ -380,7 +385,7 @@
|
|||
- name: Enable wpa-supplicant
|
||||
ansible.builtin.systemd:
|
||||
name: wpa_supplicant.service
|
||||
enabled: True
|
||||
enabled: true
|
||||
tags:
|
||||
- never
|
||||
- wlan_8021x
|
||||
|
|
@ -388,13 +393,13 @@
|
|||
- name: Disable iwd
|
||||
ansible.builtin.systemd:
|
||||
name: iwd.service
|
||||
enabled: False
|
||||
enabled: false
|
||||
tags:
|
||||
- never
|
||||
- wlan_8021x
|
||||
|
||||
- name: Remove deprecated NetworkManager config
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
path: /etc/NetworkManager/NetworkManager.conf
|
||||
state: absent
|
||||
tags:
|
||||
|
|
@ -405,7 +410,7 @@
|
|||
- name: Apply roles that must run serial
|
||||
hosts: all
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
become: true
|
||||
serial: 1
|
||||
ignore_unreachable: true
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue