Tag tasks for basic installation

lmn-client.yml

@@ -80,15 +80,17 @@
         loop_var: rolename
       when: custom_roles is defined
 
-    - name: Final tasks
-      ansible.builtin.include_role:
-        name: "{{ role }}"
-      loop_control:
-        loop_var: role
-      loop:
-        - lmn_security
-        - lmn_finish
-        - lmn_tmpfixes
+    - name: Import role security
+      ansible.builtin.import_role:
+        name: lmn_security
+
+    - name: Import role finish
+      ansible.builtin.import_role:
+        name: lmn_finish
+
+    - name: Import role tmpfixes
+      ansible.builtin.import_role:
+        name: lmn_tmpfixes
 
 
 - name: Apply roles that must run serial

roles/lmn_misc/tasks/main.yml

@@ -167,6 +167,8 @@
     src: reporter.j2
     dest: /usr/local/sbin/reporter
     mode: '0755'
+  tags:
+    - baseinstall
 
 - name: Provide services and timers for reporter
   ansible.builtin.copy:
@@ -177,12 +179,16 @@
     - reporter.service
     - reporter.timer
   when: misc_reporter
+  tags:
+    - baseinstall
 
 - name: Enable reporter.timer
   ansible.builtin.systemd:
     name: reporter.timer
     enabled: true
   when: misc_reporter
+  tags:
+    - baseinstall
 
 # Prepare CloneScreen on Presenter PCs
 

roles/lmn_security/tasks/main.yml

@@ -5,6 +5,8 @@
     key: "{{ item }}"
   loop: "{{ keys2deploy }}"
   when: keys2deploy is defined
+  tags:
+    - baseinstall
 
 - name: Allow sudo without password for ansible
   ansible.builtin.lineinfile:
@@ -14,12 +16,16 @@
     owner: root
     group: root
     mode: '0700'
+  tags:
+    - baseinstall
 
 - name: Disable ansible user login
   ansible.builtin.user:
     name: ansible
     password_lock: true
   when: security_defaultuser_login_disable
+  tags:
+    - baseinstall
 
 - name: Limit SSH access to user ansible
   ansible.builtin.blockinfile: