it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup and restructuring. Move pressed-installer tasks to other roles.

Browse source
This commit is contained in:
Andreas B. Mundt 2019-11-25 18:26:21 +01:00
parent a0ee0fd90d
commit 284dadc2d3
15 changed files with 214 additions and 154 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README
View file

@ -41,9 +41,8 @@ Installbox
- LAN interface not configured/managed - LAN interface not configured/managed
• Customize installbox.yml: • Customize installbox.yml:
- set if_lan (mandatory) - set if_lan if necessary
- modify deb_mirror - enable/disable installbox2kiosk task
- enable installbox2kiosk task
• Run ansible: • Run ansible:
ssh-copy-id ansible@1.2.3.4 ssh-copy-id ansible@1.2.3.4

27
installbox.yml
View file

@ -1,28 +1,33 @@
--- ---
# This playbook deploys the installbox on a minimal installation. ## This playbook deploys the installbox. Add 'hostname=XXX' and
## 'domain=YYY' to the installer boot parameters to set hostname and
## domain.
- name: apply configuration to the installbox - name: apply configuration to the installbox
hosts: all hosts: all
remote_user: ansible remote_user: ansible
become: yes become: yes
vars: vars:
## This interface provides the default route: ## This interface provides the default route:
if_wan: "{{ ansible_default_ipv4.interface }}" if_wan: "{{ ansible_default_ipv4.interface }}"
## Use the first remaining interface for the LAN: ## Use the first remaining interface for the LAN:
if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}" if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}"
## Add 'hostname=XXX' to the installer boot parameters if necessary:
hostname: "{{ ansible_hostname }}" ## LAN IP address range:
ipaddr_lan: 192.168.0.10 ipaddr_lan: 192.168.0.10
dhcp_range: 192.168.0.50,192.168.0.150,2h dhcp_range: 192.168.0.50,192.168.0.150,2h
dhcp_list: "{{ lookup('sequence', 'start=50 end=150 format=192.168.0.%d', wantlist=True) }}" dhcp_list: "{{ lookup('sequence', 'start=50 end=150 format=192.168.0.%d', wantlist=True) }}"
tftp_root: "/var/lib/tftpboot"
deb_mirror: "deb.debian.org" di_dist: "{{ ansible_distribution_release }}"
di_dist: "buster" di_version: "{{ ansible_distribution_major_version }}"
di_version: "10"
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
ansible_user: ansible ansible_user: ansible
repo_dir: "/home/{{ ansible_user }}/kiosk" repo_dir: "/home/{{ ansible_user }}/debian-lan"
ansible_python_interpreter: "/usr/bin/python3" # needed for firewalld module ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
pre_tasks: pre_tasks:
- name: validate if interfaces are available - name: validate if interfaces are available
@ -30,11 +35,11 @@
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed." msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan) when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
roles: roles:
- up2date-debian - up2date-debian
- two-interface-firewalld - two-interface-firewalld
- dhcp-dns-dnsmasq - dhcp-dns-dnsmasq
- tftp-netboot-installer - tftp-netboot-installer
- preseed-installer
- apt-cacher - apt-cacher
- installbox2kiosk - prepare4clients

22
kerberox.yml
View file

@ -1,46 +1,52 @@
--- ---
# This playbook deploys the kerberox server. ## This playbook deploys the kerberox server. Add 'hostname=XXX' and
## 'domain=YYY' to the installer boot parameters to set hostname and domain.
- name: apply configuration to the installbox - name: apply configuration to the kerberox server
hosts: all hosts: all
remote_user: ansible remote_user: ansible
become: yes become: yes
vars: vars:
## This interface provides the default route: ## This interface provides the default route:
if_wan: "{{ ansible_default_ipv4.interface }}" if_wan: "{{ ansible_default_ipv4.interface }}"
## Use the first remaining interface for the LAN: ## Use the first remaining interface for the LAN:
if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}" if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}"
## Add 'hostname=XXX' to the installer boot parameters if necessary:
hostname: "{{ ansible_hostname }}" ## LAN IP address range:
ipaddr_lan: 192.168.0.10 ipaddr_lan: 192.168.0.10
dhcp_range: 192.168.0.50,192.168.0.150,2h dhcp_range: 192.168.0.50,192.168.0.150,2h
dhcp_list: "{{ lookup('sequence', 'start=50 end=150 format=192.168.0.%d', wantlist=True) }}" dhcp_list: "{{ lookup('sequence', 'start=50 end=150 format=192.168.0.%d', wantlist=True) }}"
tftp_root: "/var/lib/tftpboot"
deb_mirror: "deb.debian.org"
di_dist: "{{ ansible_distribution_release }}" di_dist: "{{ ansible_distribution_release }}"
di_version: "{{ ansible_distribution_version }}" di_version: "{{ ansible_distribution_major_version }}"
di_pkg: "debian-installer-{{ di_version }}-netboot-amd64" di_pkg: "debian-installer-{{ di_version }}-netboot-amd64"
ansible_user: ansible ansible_user: ansible
repo_dir: "/home/{{ ansible_user }}/debian-lan" repo_dir: "/home/{{ ansible_user }}/debian-lan"
ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module ansible_python_interpreter: "/usr/bin/python3" ## needed for firewalld module
vars_prompt: vars_prompt:
- name: "foo_pwd" - name: "foo_pwd"
prompt: "Provide a non-empty password for the test user 'foo'.\nLeave empty to continue without test user" prompt: "Provide a non-empty password for the test user 'foo'.\nLeave empty to continue without test user"
private: yes private: yes
pre_tasks: pre_tasks:
- name: validate if interfaces are available - name: validate if interfaces are available
fail: fail:
msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed." msg: "Interfaces {{ ansible_interfaces }} found. WAN: '{{ if_wan }}', LAN: '{{ if_lan }}'. Two NICs needed."
when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan) when: (if_lan not in ansible_interfaces) or (if_wan not in ansible_interfaces) or (if_lan == if_wan)
roles: roles:
- up2date-debian - up2date-debian
- two-interface-firewalld - two-interface-firewalld
- dhcp-dns-dnsmasq - dhcp-dns-dnsmasq
- tftp-netboot-installer - tftp-netboot-installer
- preseed-installer
- apt-cacher - apt-cacher
- krb5-kdc-ldap - krb5-kdc-ldap
- nfs-server - nfs-server
- prepare4clients

13
roles/apt-cacher/tasks/main.yml
View file

@ -9,5 +9,18 @@
dest: /etc/apt/apt.conf dest: /etc/apt/apt.conf
backup: yes backup: yes
notify: "start apt-cacher-ng" notify: "start apt-cacher-ng"
when: not run_in_installer|default(false)|bool ## do not enable apt-cacher during installation
- name: check if preseeded installer is available
stat: path={{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg
register: preseedcfg
- name: enable apt-cacher-ng for install-clients
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(d-i mirror/http/proxy string.*)$'
replace: 'd-i mirror/http/proxy string http://{{ ansible_hostname }}:3142/'
when: preseedcfg.stat.exists
- meta: flush_handlers - meta: flush_handlers

72
roles/installbox2kiosk/tasks/main.yml
View file

@ -1,72 +0,0 @@
- name: generate ssh key
command: "su -l {{ ansible_user }} -c \"ssh-keygen -t rsa -f /home/{{ ansible_user }}/.ssh/id_rsa -P ''\""
args:
creates: "/home/{{ ansible_user }}/.ssh/id_rsa"
warn: False
- name: slurp public key
slurp:
src: "/home/{{ ansible_user }}/.ssh/id_rsa.pub"
register: sshpubkey
# The following seems to be necessary to get rid of a newline:
- set_fact:
sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}"
- name: set debian mirror in preseed file
when: deb_mirror != "deb.debian.org"
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(d-i mirror/http/hostname string deb.debian.org)$'
replace: '#\1\nd-i mirror/http/hostname string {{ deb_mirror }}'
- name: enable backports in preseed file
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^#(apt-setup-udeb.*)$'
replace: '\1'
- name: preseed client - add firmware-linux, ansible and git
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(d-i pkgsel/include string firmware-linux)$'
replace: '#\1\nd-i pkgsel/include string firmware-linux ansible git'
- name: insert start of managed block
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(### This command is run just before the install finishes:)'
replace: '#\1\n# BEGIN ANSIBLE MANAGED BLOCK preseed/late_command'
- name: insert end of managed block
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(## When installing.*)'
replace: '# END ANSIBLE MANAGED BLOCK preseed/late_command\n#\1'
- name: insert block
blockinfile:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
insertafter: "^### This command is run just before the install finishes:"
block: |
d-i preseed/late_command string \
mkdir -p /target/home/ansible/.ssh && \
echo "{{ sshpubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \
in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
in-target chmod -R og= /home/ansible/.ssh/ ; \
in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
-i localhost, --url=git://{{ hostname }}/.git $playbook
marker: "# {mark} ANSIBLE MANAGED BLOCK preseed/late_command"
- name: provide git repo if not available already
git:
repo: 'https://salsa.debian.org/andi/debian-lan-ansible.git'
dest: "{{ repo_dir }}"
update: no
become_user: "ansible"
- name: start git-repo
template:
src: git-repo.j2
dest: "/etc/systemd/system/git-repo.service"
notify: start git-repo

2
roles/krb5-kdc-ldap/tasks/main.yml
View file

@ -4,7 +4,7 @@
- fail: msg="The machine's domain must not be empty." - fail: msg="The machine's domain must not be empty."
when: ansible_domain | length == 0 when: ansible_domain | length == 0
- name: check if slapd is already there - name: check if krb5kdc is already there
stat: path=/usr/sbin/krb5kdc stat: path=/usr/sbin/krb5kdc
register: krb5kdc register: krb5kdc

0
roles/installbox2kiosk/handlers/main.yml → roles/prepare4clients/handlers/main.yml
View file

146
roles/prepare4clients/tasks/main.yml Normal file
View file

@ -0,0 +1,146 @@
- name: generate ssh key
command: "su -l {{ ansible_user }} -c \"ssh-keygen -t rsa -f /home/{{ ansible_user }}/.ssh/id_rsa -P ''\""
args:
creates: "/home/{{ ansible_user }}/.ssh/id_rsa"
warn: False
- name: slurp public key
slurp:
src: "/home/{{ ansible_user }}/.ssh/id_rsa.pub"
register: sshpubkey
# The following seems to be necessary to get rid of a newline:
- set_fact:
sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}"
- name: enable backports in preseed file
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^#(apt-setup-udeb.*)$'
replace: '\1'
- name: preseed client - add firmware-linux, ansible and git
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(d-i pkgsel/include string firmware-linux)$'
replace: '#\1\nd-i pkgsel/include string firmware-linux ansible git'
- name: insert start of managed block
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(### This command is run just before the install finishes:)'
replace: '#\1\n# BEGIN ANSIBLE MANAGED BLOCK preseed/late_command'
- name: insert end of managed block
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(## When installing.*)'
replace: '# END ANSIBLE MANAGED BLOCK preseed/late_command\n#\1'
- name: insert block
blockinfile:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
insertafter: "^### This command is run just before the install finishes:"
block: |
d-i preseed/late_command string \
mkdir -p /target/home/ansible/.ssh && \
echo "{{ sshpubkey }}" >> /target/home/ansible/.ssh/authorized_keys ; \
in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
in-target chmod -R og= /home/ansible/.ssh/ ; \
in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
-i localhost, --url=git://{{ ansible_hostname }}/.git $playbook
marker: "# {mark} ANSIBLE MANAGED BLOCK preseed/late_command"
- name: add kiosk auto pxe boot entry to di-netboot-assistant
blockinfile:
dest: /etc/di-netboot-assistant/pxelinux.HEAD
insertbefore: EOF
block: |
TIMEOUT 100
# Use a temporary package cache during installation, install etckeeper.
LABEL tmp pkg cache
MENU LABEL Debian stable (amd64) + temporary package cache
kernel ::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux
append initrd=::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz mirror/http/proxy?=http://{{ ansible_hostname }}:3142/ pkgsel/include=etckeeper preseed/late_command="rm -fv /target/etc/apt/apt.conf" ---
LABEL autoinstall
MENU LABEL Debian {{ di_version }} (amd64) + preseed + kiosk.yml
kernel ::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux
append initrd=::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml ---
#LABEL daily
#MENU LABEL Debian daily (amd64) + preseed + kiosk.yml
#kernel ::/d-i/n-a/daily/amd64/linux
#append initrd=::/d-i/n-a/daily/amd64/initrd.gz auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml ---
marker: "# {mark} ANSIBLE MANAGED BLOCK kiosk"
notify: "rebuild di-netboot-assistant menu"
- name: add kiosk auto efi boot entry to di-netboot-assistant
blockinfile:
dest: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: EOF
block: |
# Use a temporary package cache during installation, install etckeeper.
menuentry 'Debian stable (amd64) + temporary package cache' {
linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux mirror/http/proxy?=http://{{ ansible_hostname }}:3142/ pkgsel/include=etckeeper preseed/late_command="rm -fv /target/etc/apt/apt.conf" ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
menuentry 'Debian {{ di_version }} (amd64) + preseed + kiosk.yml' {
linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
#menuentry 'Debian daily (amd64) + preseed + kiosk.yml' {
# linux /d-i/n-a/daily/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kiosk.yml ---
# initrd /d-i/n-a/daily/amd64/initrd.gz
#}
marker: "# {mark} ANSIBLE MANAGED BLOCK kiosk"
notify: "rebuild di-netboot-assistant menu"
######## kerberox-client #######
- name: check if we opereate on kerberox
stat: path=/usr/sbin/krb5kdc
register: krb5kdc
- name: add kerberox-client auto pxe boot entry to di-netboot-assistant
blockinfile:
dest: /etc/di-netboot-assistant/pxelinux.HEAD
insertbefore: EOF
block: |
LABEL autoinstall
MENU LABEL Debian {{ di_version }} (amd64) + preseed + kerberox-client.yml
kernel ::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux
append initrd=::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kerberox-client.yml ---
marker: "# {mark} ANSIBLE MANAGED BLOCK kerberox-client"
notify: "rebuild di-netboot-assistant menu"
when: krb5kdc.stat.exists
- name: add kerberox-client auto efi boot entry to di-netboot-assistant
blockinfile:
dest: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: EOF
block: |
menuentry 'Debian {{ di_version }} (amd64) + preseed + kerberox-client.yml' {
linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ ansible_hostname }} playbook=kerberox-client.yml ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
marker: "# {mark} ANSIBLE MANAGED BLOCK kerberox-client"
notify: "rebuild di-netboot-assistant menu"
when: krb5kdc.stat.exists
######################
- name: provide git repo if not available already
git:
repo: 'https://salsa.debian.org/andi/debian-lan-ansible.git'
dest: "{{ repo_dir }}"
update: no
become_user: "ansible"
- name: start git-repo
template:
src: git-repo.j2
dest: "/etc/systemd/system/git-repo.service"
notify: start git-repo

0
roles/installbox2kiosk/templates/git-repo.j2 → roles/prepare4clients/templates/git-repo.j2
View file

55
roles/preseed-installer/tasks/main.yml
View file

@ -1,55 +0,0 @@
- name: make preseed directory available
file:
path: "{{ tftp_root }}/d-i/{{ di_dist }}"
state: directory
- name: provide preseed file
copy:
src: /usr/share/doc/di-netboot-assistant/examples/preseed.cfg
dest: "{{ tftp_root }}/d-i/{{ di_dist }}"
force: no
- name: enable apt-cacher-ng for install-clients
replace:
dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
regexp: '^(d-i mirror/http/proxy string.*)$'
replace: 'd-i mirror/http/proxy string http://{{ hostname }}:3142/'
- name: make the hostname resolvable from the LAN
replace:
path: /etc/hosts
regexp: '^(127\.0\.1\.1.*)$'
replace: '#\1\n{{ ipaddr_lan }} {{ hostname }}'
- name: add auto pxe boot entry to di-netboot-assistant
blockinfile:
dest: /etc/di-netboot-assistant/pxelinux.HEAD
insertbefore: EOF
block: |
TIMEOUT 100
LABEL autoinstall
MENU LABEL Debian {{ di_version }} (amd64) + preseed + kiosk.yml
kernel ::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux
append initrd=::/d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz auto=true priority=critical url=tftp://{{ hostname }} playbook=kiosk.yml ---
#LABEL daily
#MENU LABEL Debian daily (amd64) + preseed + kiosk.yml
#kernel ::/d-i/n-a/daily/amd64/linux
#append initrd=::/d-i/n-a/daily/amd64/initrd.gz auto=true priority=critical url=tftp://{{ hostname }} playbook=kiosk.yml ---
notify: "rebuild di-netboot-assistant menu"
- name: add auto efi boot entry to di-netboot-assistant
blockinfile:
dest: /etc/di-netboot-assistant/grub.cfg.HEAD
insertbefore: EOF
block: |
menuentry 'Debian {{ di_version }} (amd64) + preseed + kiosk.yml' {
linux /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/linux auto=true priority=critical url=tftp://{{ hostname }} playbook=kiosk.yml ---
initrd /d-i/n-pkg/images/{{ di_version }}/amd64/text/debian-installer/amd64/initrd.gz
}
#menuentry 'Debian daily (amd64) + preseed + kiosk.yml' {
# linux /d-i/n-a/daily/amd64/linux auto=true priority=critical url=tftp://{{ hostname }} playbook=kiosk.yml ---
# initrd /d-i/n-a/daily/amd64/initrd.gz
#}
notify: "rebuild di-netboot-assistant menu"

1
roles/tftp-netboot-installer/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
tftp_root: "/var/lib/tftpboot"

17
roles/tftp-netboot-installer/tasks/main.yml
View file

@ -1,3 +1,8 @@
- name: make preseed directory available
file:
path: "{{ tftp_root }}/d-i/{{ di_dist }}"
state: directory
- name: install di-netboot-assistant and installer package - name: install di-netboot-assistant and installer package
apt: apt:
name: name:
@ -7,6 +12,12 @@
- bind mount images - bind mount images
- rebuild di-netboot-assistant menu - rebuild di-netboot-assistant menu
- name: provide preseed file
copy:
src: /usr/share/doc/di-netboot-assistant/examples/preseed.cfg
dest: "{{ tftp_root }}/d-i/{{ di_dist }}"
force: no
- name: configure dnsmasq - name: configure dnsmasq
template: template:
src: dnsmasq-tftp-netboot-installer.j2 src: dnsmasq-tftp-netboot-installer.j2
@ -14,3 +25,9 @@
notify: notify:
- restart dnsmasq - restart dnsmasq
- rebuild di-netboot-assistant menu - rebuild di-netboot-assistant menu
- name: make the hostname resolvable from the LAN
replace:
path: /etc/hosts
regexp: '^(127\.0\.1\.1.*)$'
replace: '#\1\n{{ ipaddr_lan }} {{ ansible_hostname }}.{{ ansible_domain }} {{ ansible_hostname }}'

2
roles/two-interface-firewalld/tasks/main.yml
View file

@ -24,7 +24,7 @@
- name: enable masquerading - name: enable masquerading
firewalld: firewalld:
zone: public zone: public
masquerade: yes masquerade: 'yes'
permanent: yes permanent: yes
state: enabled state: enabled
when: not run_in_installer|default(false)|bool when: not run_in_installer|default(false)|bool