lmn-client.yml

@@ -80,17 +80,15 @@
         loop_var: rolename
       when: custom_roles is defined
 
-    - name: Import role security
-      ansible.builtin.import_role:
-        name: lmn_security
-
-    - name: Import role finish
-      ansible.builtin.import_role:
-        name: lmn_finish
-
-    - name: Import role tmpfixes
-      ansible.builtin.import_role:
-        name: lmn_tmpfixes
+    - name: Final tasks
+      ansible.builtin.include_role:
+        name: "{{ role }}"
+      loop_control:
+        loop_var: role
+      loop:
+        - lmn_security
+        - lmn_finish
+        - lmn_tmpfixes
 
 
 - name: Apply roles that must run serial

roles/lmn_misc/tasks/main.yml

@@ -167,8 +167,6 @@
     src: reporter.j2
     dest: /usr/local/sbin/reporter
     mode: '0755'
-  tags:
-    - baseinstall
 
 - name: Provide services and timers for reporter
   ansible.builtin.copy:
@@ -179,16 +177,12 @@
     - reporter.service
     - reporter.timer
   when: misc_reporter
-  tags:
-    - baseinstall
 
 - name: Enable reporter.timer
   ansible.builtin.systemd:
     name: reporter.timer
     enabled: true
   when: misc_reporter
-  tags:
-    - baseinstall
 
 # Prepare CloneScreen on Presenter PCs
 

roles/lmn_security/tasks/main.yml

@@ -5,8 +5,6 @@
     key: "{{ item }}"
   loop: "{{ keys2deploy }}"
   when: keys2deploy is defined
-  tags:
-    - baseinstall
 
 - name: Allow sudo without password for ansible
   ansible.builtin.lineinfile:
@@ -16,16 +14,12 @@
     owner: root
     group: root
     mode: '0700'
-  tags:
-    - baseinstall
 
 - name: Disable ansible user login
   ansible.builtin.user:
     name: ansible
     password_lock: true
   when: security_defaultuser_login_disable
-  tags:
-    - baseinstall
 
 - name: Limit SSH access to user ansible
   ansible.builtin.blockinfile: