diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/common/tasks/main.yml | 7 | ||||
-rw-r--r-- | roles/common/templates/etc/apt/preferences.j2 | 3 | ||||
-rw-r--r-- | roles/common/templates/etc/apt/sources.list.j2 | 4 |
3 files changed, 9 insertions, 5 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index c98af99..caecf9a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -2,6 +2,10 @@ - include: sysctl.yml tags=sysctl - include: hosts.yml - include: apt.yml tags=apt +- name: Install intel-microcode + apt: pkg=intel-microcode + when: "ansible_processor[0] | search('^Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')" + tags: intel - include: firewall.yml tags=firewall,iptables - include: samhain.yml tags=samhain - include: auditd.yml tags=auditd @@ -16,8 +20,7 @@ dest=/usr/local/bin/genkeypair.sh owner=root group=root mode=0755 - tags: - - genkey + tags: genkey - include: logging.yml tags=logging - include: ntp.yml tags=ntp - include: mail.yml tags=mail,postfix diff --git a/roles/common/templates/etc/apt/preferences.j2 b/roles/common/templates/etc/apt/preferences.j2 index a3a7595..2821f6d 100644 --- a/roles/common/templates/etc/apt/preferences.j2 +++ b/roles/common/templates/etc/apt/preferences.j2 @@ -19,7 +19,8 @@ Package: firmware-linux-nonfree Pin-Priority: 200 {% endif %} -{% if ansible_processor[0] | search("^Intel.*") -%} +{% if ansible_processor[0] | search('^Intel.*') and + not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') -%} # Automatically upgrade the microcode (when manually installed) Package: intel-microcode iucode-tool Pin-Priority: 200 diff --git a/roles/common/templates/etc/apt/sources.list.j2 b/roles/common/templates/etc/apt/sources.list.j2 index b6d0a64..ee4f20d 100644 --- a/roles/common/templates/etc/apt/sources.list.j2 +++ b/roles/common/templates/etc/apt/sources.list.j2 @@ -2,9 +2,9 @@ # Do NOT edit this file directly! # vim: set filetype=debsources : -deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %} +deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }} main{% if 'non-free' in group_names or (ansible_processor[0] | search("^Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %} -deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or ansible_processor[0] | search("^Intel.*") %} contrib non-free{% endif %} +deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main{% if 'non-free' in group_names or (ansible_processor[0] | search("^Intel.*") and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')) %} contrib non-free{% endif %} deb http://ftp.se.debian.org/debian/ {{ ansible_lsb.codename }}-updates main |