Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/roles/bootstrap/tasks/main.yml - annotation
814be5def61d
845 B
text/x-yaml
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
626eadba53b7 626eadba53b7 626eadba53b7 e4a0f78340ef e4a0f78340ef 48a901602e77 626eadba53b7 626eadba53b7 e4a0f78340ef e4a0f78340ef 48a901602e77 626eadba53b7 626eadba53b7 e4a0f78340ef e4a0f78340ef 48a901602e77 e4a0f78340ef e4a0f78340ef 626eadba53b7 626eadba53b7 e4a0f78340ef e4a0f78340ef e4a0f78340ef 626eadba53b7 626eadba53b7 e4a0f78340ef e4a0f78340ef e4a0f78340ef e4a0f78340ef e4a0f78340ef e4a0f78340ef 61ddc6eab566 61ddc6eab566 e4a0f78340ef e4a0f78340ef e4a0f78340ef e4a0f78340ef 7387caca37f3 7387caca37f3 7387caca37f3 fcf5abdd3ad5 7387caca37f3 0388df2571ca | ---
- name: Install sudo
apt:
name: sudo
state: present
- name: Set-up the Ansible group
group:
name: ansible
system: true
- name: Set-up the Ansible user
user:
name: ansible
system: true
group: ansible
shell: /bin/bash
- name: Set-up authorized key for the Ansible user
authorized_key:
user: ansible
key: "{{ ansible_key }}"
- name: Set-up password-less sudo for the ansible user
copy:
src: "ansible_sudo"
dest: "/etc/sudoers.d/ansible"
mode: 0640
owner: root
group: root
- name: Revoke rights for Ansible user to log-in as root to server via ssh
authorized_key:
user: root
key: "{{ ansible_key }}"
state: absent
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "run_handlers | default(False) | bool()"
tags:
- handlers
|