From a8e4130aa83751c912d8f02243d12e2c82c460ca Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Fri, 28 Mar 2025 07:27:39 +0100
Subject: [PATCH] Create final task including lmn_finish and lmn_tmpfixes
lmn_tmpfixes is used for:
- temporary fixes and quirks
- cleaning up stuff from obsolete/erroneous tasks
lmn_finish is used for:
- installing extra_pkg
- setting ansible-stamps
---
lmn-client.yml | 257 +-----------------
roles/lmn_extrapkgs/defaults/main.yml | 2 -
roles/lmn_finish/defaults/main.yml | 6 +
.../tasks/main.yaml | 28 +-
4 files changed, 32 insertions(+), 261 deletions(-)
delete mode 100644 roles/lmn_extrapkgs/defaults/main.yml
create mode 100644 roles/lmn_finish/defaults/main.yml
rename roles/{lmn_extrapkgs => lmn_finish}/tasks/main.yaml (52%)
diff --git a/lmn-client.yml b/lmn-client.yml
index 3d5be68..93c63e5 100644
--- a/lmn-client.yml
+++ b/lmn-client.yml
@@ -82,7 +82,6 @@
when: vm_support
- lmn_printer
- kerberize
- - lmn_security
- lmn_misc
- role: lmn_localhome
when: localhome
@@ -94,7 +93,6 @@
when:
- ansible_interfaces | select('search', 'wl.+') | first is defined
- wlan != none
- - role: lmn_extrapkgs
tasks:
- name: Include custom roles
@@ -105,255 +103,18 @@
loop_var: rolename
when: custom_roles is defined
- ## Temporary fixes and quirks:
- - name: Remove disturbing NetworkManager connection
- ansible.builtin.file:
- path: "/etc/NetworkManager/system-connections/Wired connection 1"
- state: absent
- when: ansible_interfaces | select('search', '^en[pso].+') | length > 1
-
- - name: Fix 8086:4909 external graphics card
- ansible.builtin.replace:
- dest: "/etc/default/grub"
- regexp: 'GRUB_CMDLINE_LINUX=""$'
- replace: 'GRUB_CMDLINE_LINUX="i915.force_probe=4909"'
- notify: Run update-grub
- when: ansible_board_vendor == "LENOVO" and ansible_board_name == "32CB"
-
- - name: Fix sound on 312A
- ansible.builtin.replace:
- dest: "/etc/default/grub"
- regexp: 'GRUB_CMDLINE_LINUX="snd-intel-dspcfg.dsp_driver=1"$'
- replace: 'GRUB_CMDLINE_LINUX=""'
- notify: Run update-grub
- when: ansible_board_vendor == "LENOVO" and ansible_board_name == "312A"
-
- - name: Fix sound on 312A and 312D
- ansible.builtin.apt:
- name: firmware-sof-signed
- state: latest
- when: >
- ansible_board_vendor == "LENOVO" and
- (ansible_board_name == "312D" or ansible_board_name == "312A")
-
- - name: Install customized CodeBlocks packages
- when: "'PCroom' in group_names"
- block:
- - name: Check for old CodeBlocks
- ansible.builtin.command:
- cmd: dpkg -l codeblocks
- register: codeblocks_version
- changed_when: false
-
- - name: Download codeblocks zip archive
- ansible.builtin.get_url:
- url: "http://livebox.pn.steinbeis.schule/codeblocks/CodeBlocks.zip"
- dest: /tmp/CodeBlocks.zip
- mode: '0644'
- use_proxy: false
- register: new_codeblocks
- when: codeblocks_version.stdout is not search('svn13544')
-
- - name: Unpack zip archive and install packages manually
- ansible.builtin.shell:
- cmd: unzip -d /tmp/cb/ CodeBlocks.zip && dpkg -i cb/*.deb
- chdir: /tmp/
- when: new_codeblocks.changed | default(false)
-
-## Clean up stuff from obsolete/faulty tasks:
- - name: Remove sddm login screen patch with deprecated marker (homeondisk)
- ansible.builtin.blockinfile:
- path: /usr/share/sddm/themes/debian-breeze/Main.qml
- marker: // {mark} ANSIBLE MANAGED BLOCK homeondisk
- state: absent
-
- - name: Remove packages we do not need anymore
- ansible.builtin.apt:
- name:
- - cachefilesd
- - mosquitto
- state: absent
- purge: true
-
- - name: Remove virtiofs service
- ansible.builtin.file:
- path: /etc/systemd/system/virtiofs@.service
- state: absent
-
- - name: Fix mount point permissions and owner
- ansible.builtin.file:
- path: "{{ item }}"
- mode: '0755'
- owner: root
- group: root
- loop:
- - /srv/samba
- - /srv/samba/schools
-
- - name: Remove pam_mount sysvol mount
- ansible.builtin.blockinfile:
- dest: /etc/security/pam_mount.conf.xml
- marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (SysVol) -->"
- block: |
- <volume
- fstype="cifs"
- server="{{ smb_server }}"
- path="sysvol/"
- mountpoint="/srv/samba/%(USER)/sysvol"
- options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks"
- ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user>{% if localuser %}<user>{{ localuser }}</user>{% endif %}</or></not>
- </volume>
- state: absent
-
- - name: Remove pam_mount for VM bind mounts
- ansible.builtin.blockinfile:
- dest: /etc/security/pam_mount.conf.xml
- marker: "<!-- {mark} ANSIBLE MANAGED BLOCK (bind mount school for VMs) -->"
- state: absent
-
- - name: Check if rmlpr.timer is installed
- ansible.builtin.stat:
- path: /etc/systemd/system/rmlpr.timer
- register: rmlpr
-
- - name: Disable rmlpr.timer
- ansible.builtin.systemd:
- name: rmlpr.timer
- enabled: false
- when: rmlpr.stat.exists
-
- - name: Check if vmimage-torrent.service is installed
- ansible.builtin.stat:
- path: /etc/systemd/system/vmimage-torrent.service
- register: vmimagetorrent
-
- - name: Disable vmimage-torrent.service
- ansible.builtin.systemd:
- name: vmimage-torrent.service
- enabled: false
- when: vmimagetorrent.stat.exists
-
- - name: Remove deprecated files and directories
- ansible.builtin.file:
- path: "{{ item }}"
- state: absent
- with_items:
- - /etc/linuxmuster-linuxclient7
- - /usr/lib/python3/dist-packages/linuxmusterLinuxclient7
- - /usr/share/linuxmuster-linuxclient7
- - /usr/local/bin/onLogin
- - /etc/sudoers.d/90-lmn-sudotools
- - /etc/systemd/system/rmlpr.service
- - /etc/systemd/system/rmlpr.timer
- - /usr/local/bin/sync-vm.sh
- - /usr/local/bin/run-vm.sh
- - /usr/local/bin/rebase-vm.sh
- - /usr/local/bin/create-vm.sh
- - /usr/local/bin/upload-vm.sh
- - /usr/local/bin/vmimage-torrent
- - /etc/systemd/system/vmimage-torrent.service
- - /usr/local/bin/linbo-torrenthelper.sh
- - /usr/local/bin/link-images.sh
- - /usr/local/bin/start-virtiofsd.sh
- - /etc/sudoers.d/90-lmn-upload-vm
- - /etc/sudoers.d/90-lmn-sync-vm
- - /etc/sudoers.d/90-lmn-startvirtiofsd
- - /etc/sudoers.d/90-lmn-link-images
- - /etc/rsync.secret
- - /etc/systemd/network/30-virbr1.netdev
- - /etc/systemd/network/30-virbr2.netdev
- - /etc/systemd/network/40-ethernet.network
- - /etc/systemd/network/40-ethernet-usb.network
- - /etc/systemd/network/50-virbr1.network
- - /etc/systemd/network/50-virbr2.network
- - /etc/systemd/network/60-wlan0-dhcp.network
- - /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection
- - /etc/tmpfiles.d/clean-exam.conf
- - /etc/polkit-1/rules.d/lmn-networkmanager.rules
- - /etc/polkit-1/rules.d/lmn-packagekit.rules
-
- - name: Check if vm_usage_information.txt exists
- ansible.builtin.stat:
- path: /lmn/vm/vm_usage_information.txt
- register: vm_usage_information
-
- - name: Pre-fill vm_usage_information.txt
- ansible.builtin.shell:
- cmd: |
- ls -tr *.qcow2 > vm_usage_information.txt || touchvm_usage_information.txt
- chown lmnsynci:lmnsynci vm_usage_information.txt
- chdir: /lmn/vm/
- when: not vm_usage_information.stat.exists
-
- - name: Detect if IPP-Everywhere printers exist
- ansible.builtin.shell:
- cmd: grep "IPP Everywhere" /etc/cups/printers.conf
- register: ipp_everywhere
- failed_when: false
- changed_when: false
-
- - name: Delete old IPP-Everywhere printers
- ansible.builtin.shell:
- cmd: |
- for p in $(lpstat -p | cut -d" " -f2); do
- lpadmin -x "$p"
- done
- when: not ipp_everywhere.rc
-
- - name: Remove old VM-printerlists
- ansible.builtin.shell:
- cmd: rm -f /lmn/media/*/.printerlist.csv
-
- - name: Remove Listen on VMBridge
- ansible.builtin.lineinfile:
- dest: /etc/cups/cupsd.conf
- line: 'Listen 192.168.122.1:631'
- state: absent
-
- - name: Remove NetworkManager Ansible-Block for non-laptops
- ansible.builtin.blockinfile:
- path: /etc/NetworkManager/NetworkManager.conf
- state: absent
- when: "'laptop' not in group_names"
-
- - name: Remove pam-exec from common-auth
- ansible.builtin.lineinfile:
- dest: /etc/pam.d/common-auth
- line: "auth optional pam_exec.so /usr/local/sbin/pam-exec.sh"
- state: absent
- when: exam_mode
-
- - name: Remove pam-mkhomedir from common-session
- ansible.builtin.lineinfile:
- dest: /etc/pam.d/common-session
- line: "session optional pam_mkhomedir.so umask=0077"
- state: absent
- when: localhome
-
-## bookworm fixes/hacks:
- - name: Work around sddm hang on shutdown
- ansible.builtin.lineinfile:
- path: /etc/systemd/system.conf
- line: DefaultTimeoutStopSec=5s
- insertafter: '^#DefaultTimeoutStopSec=.*'
-
- - name: Patch spyder to fix 'file-has-changed' issues on CIFS
- ansible.posix.patch:
- src: spyder.patch
- dest: /usr/lib/python3/dist-packages/spyder/plugins/editor/widgets/editor.py
#################
- - name: Timestamp successfull run and send up-to-date report
- ansible.builtin.shell:
- cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter
- changed_when: false
- tags: upgrade
-
- - name: Force ansible-run after install trough emitter by setting timestamp in the past
- ansible.builtin.shell:
- cmd: echo "2020-01-01T00:00:00+01:00" >> /var/local/ansible-stamps && /usr/local/sbin/reporter
- when: run_in_installer|default(false)|bool
+ - name: Final tasks
+ ansible.builtin.include_role:
+ name: "{{ role }}"
+ loop_control:
+ loop_var: role
+ loop:
+ - lmn_security
+ - lmn_finish
+ - lmn_tmpfixes
#################
diff --git a/roles/lmn_extrapkgs/defaults/main.yml b/roles/lmn_extrapkgs/defaults/main.yml
deleted file mode 100644
index de1ad44..0000000
--- a/roles/lmn_extrapkgs/defaults/main.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-extra_pkgs: []
-extra_pkgs_bpo: []
diff --git a/roles/lmn_finish/defaults/main.yml b/roles/lmn_finish/defaults/main.yml
new file mode 100644
index 0000000..4db4d23
--- /dev/null
+++ b/roles/lmn_finish/defaults/main.yml
@@ -0,0 +1,6 @@
+extra_pkgs: []
+extra_pkgs1: []
+extra_pkgs2: []
+extra_pkgs_bpo: []
+extra_pkgs_bpo1: []
+extra_pkgs_bpo2: []
diff --git a/roles/lmn_extrapkgs/tasks/main.yaml b/roles/lmn_finish/tasks/main.yaml
similarity index 52%
rename from roles/lmn_extrapkgs/tasks/main.yaml
rename to roles/lmn_finish/tasks/main.yaml
index d3d7250..5f3a787 100644
--- a/roles/lmn_extrapkgs/tasks/main.yaml
+++ b/roles/lmn_finish/tasks/main.yaml
@@ -1,14 +1,11 @@
---
-- name: Merge extra_pkgs and extra_pkgs_bpo lists
- ansible.builtin.set_fact:
- extra_pkgs: "{{ extra_pkgs + lookup('vars', 'extra_pkgs' + item, default=[]) }}"
- extra_pkgs_bpo: "{{ extra_pkgs_bpo + lookup('vars', 'extra_pkgs_bpo' + item, default=[]) }}"
- loop: "{{ range(1, 11) | map('string') | list }}"
-
- name: Install extra packages from stable
ansible.builtin.apt:
- name: "{{ extra_pkgs }}"
- when: extra_pkgs|length
+ name: "{{ item }}"
+ loop:
+ - "{{ extra_pkgs }}"
+ - "{{ extra_pkgs1 }}"
+ - "{{ extra_pkgs2 }}"
- name: Add backports for {{ ansible_distribution_release }}
ansible.builtin.apt_repository:
@@ -17,11 +14,20 @@
main non-free-firmware
state: present
update_cache: true
- when: extra_pkgs_bpo|length
+# when: extra_pkgs_bpo|length
- name: Install extra packages from backports
ansible.builtin.apt:
- name: "{{ extra_pkgs_bpo }}"
+ name: "{{ item }}"
state: latest # noqa package-latest
default_release: "{{ ansible_distribution_release }}-backports"
- when: extra_pkgs_bpo|length
+ loop:
+ - "{{ extra_pkgs_bpo }}"
+ - "{{ extra_pkgs_bpo1 }}"
+ - "{{ extra_pkgs_bpo2 }}"
+
+- name: Timestamp successfull run and send up-to-date report
+ ansible.builtin.shell:
+ cmd: date --iso-8601=seconds >> /var/local/ansible-stamps && /usr/local/sbin/reporter
+ changed_when: false
+ tags: upgrade