From ecf048c47eff3d946d34cacc2141da04e3d579bb Mon Sep 17 00:00:00 2001 From: Karl Goetz Date: Tue, 23 Sep 2014 13:27:00 +1000 Subject: [PATCH] Add more tasks to read only preparation I've now included most items on the debian ReadonlyRoot page with a few FIXME items left in the role and a few i've skipped (like samba). I and still tossing up what to do with suck and udev and if i should do anything at all. --- meta/main.yml | 5 +---- tasks/prepare-ro.yml | 41 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/meta/main.yml b/meta/main.yml index 9bc7d61..9575faa 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -4,7 +4,7 @@ galaxy_info: description: Prepare and configure system filesystems. # company: your company (optional) license: GPLv2 - min_ansible_version: 1.4 + min_ansible_version: 1.7 # # Below are all platforms currently available. Just uncomment # the ones that apply to your role. If you don't see your @@ -86,9 +86,6 @@ galaxy_info: - name: Debian versions: # - all - # - etch - # - lenny - # - squeeze - wheezy # # Below are all categories currently available. Just as with diff --git a/tasks/prepare-ro.yml b/tasks/prepare-ro.yml index 7ebf8af..bd62892 100644 --- a/tasks/prepare-ro.yml +++ b/tasks/prepare-ro.yml @@ -1,13 +1,52 @@ --- -# https://wiki.debian.org/ReadonlyRoot for a big list of other things that may need changing +# Most of the items here come from the Debian wiki - +# https://wiki.debian.org/ReadonlyRoot . As Roles for these things end up on +# galaxy I will try and push out the read only support to them. - name: Remove adjtime configuration file file: path=/etc/adjtime state=absent +- name: Update hwclock init script to remove adjtime + when: ansible_os_family == 'Debian' + lineinfile: state=present + line='HWCLOCKPARS="--noadjfile"' + regexp='^HWCLOCKPARS=.*' + dest='/etc/init.d/hwclock.sh' + +# FIXME: should this attempt to fix the alsa init script to set HOME? + - name: Move file used by libblkid1 out of etc command: mv /etc/blkid.tab /var/lib/misc/blkid.tab removes=/etc/blkid.tab creates=/var/lib/misc/blkid.tab +# FIXME: will moving cups configuration manually cause issues? + +- name: Configure LVM to use /var/backups + lineinfile: + line='{{ item }}_dir = "/var/backups/lvm/{{ item }}"' + regexp='{{ item }}_dir = "/etc.*"' + dest='/etc/lvm/lvm.conf' + with_items: + - backup + - archive + +- name: Create new directories for LVM backups and archives + file: state=directory name='/var/backups/lvm' + +- name: Move LVM backups to new location + command: mv /etc/lvm/backup /var/backups/lvm/backup + creates=/var/backups/lvm/backup + +- name: Move LVM archives to new location + command: mv /etc/lvm/archive /var/backups/lvm/archive + creates=/var/backups/lvm/archive + +- name: Make mtab a symlink + file: force=yes + state=link + name='/etc/mtab' + src='/proc/mounts' + # TODO: swap to using user: module. This will need special testing - does it # replace the next one or two entries? user: createhome=no move_home=yes # Shnoul this be done by franklinkim.users?