From a2e8bac9bd2eee8a03a05d5b3aab55ee67fdba9b Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Mon, 9 Mar 2026 12:32:27 +0100 Subject: [PATCH] Prevent unintended local execution of delegated tasks in ansible-pull --- roles/lmn_misc/templates/lmn-updater.service.j2 | 2 +- roles/lmn_vpn/tasks/main.yml | 2 ++ roles/lmn_wlan/tasks/main.yaml | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/lmn_misc/templates/lmn-updater.service.j2 b/roles/lmn_misc/templates/lmn-updater.service.j2 index 76aad89..6fe3d85 100644 --- a/roles/lmn_misc/templates/lmn-updater.service.j2 +++ b/roles/lmn_misc/templates/lmn-updater.service.j2 @@ -5,5 +5,5 @@ Description=Run LMN Client updates via ansible-pull Type=oneshot User=root ExecStart=/usr/bin/ansible-pull --only-if-changed --verbose --vault-password-file /root/.inventory-pw -l %H -d /root/lmn-client \ - -i {{ misc_updater_inventory }} --url={{ misc_updater_repository }} -C {{ misc_updater_branch }} lmn-client.yml + --skip-tags no_ansible_pull -i {{ misc_updater_inventory }} --url={{ misc_updater_repository }} -C {{ misc_updater_branch }} lmn-client.yml diff --git a/roles/lmn_vpn/tasks/main.yml b/roles/lmn_vpn/tasks/main.yml index b6da7e0..5daa5d0 100644 --- a/roles/lmn_vpn/tasks/main.yml +++ b/roles/lmn_vpn/tasks/main.yml @@ -29,3 +29,5 @@ - name: Configure Wireguard ansible.builtin.include_tasks: wg_config.yml when: vpn is defined and vpn == "wg" + tags: + - no_ansible_pull diff --git a/roles/lmn_wlan/tasks/main.yaml b/roles/lmn_wlan/tasks/main.yaml index d5adcea..eb9bacf 100644 --- a/roles/lmn_wlan/tasks/main.yaml +++ b/roles/lmn_wlan/tasks/main.yaml @@ -39,3 +39,5 @@ - name: Configure WPA-Enterprise (EAP-TLS) ansible.builtin.include_tasks: eap-tls_check-certificate.yaml when: wlan == 'eap-tls' + tags: + - no_ansible_pull