fix!: stop disable of ptrace protection

Role disabled ptrace protection for the kernel per default, which we don't want. This is only required for debugging purposes and should not be touched in the scope of this role! Refs: https://docs.bareos.org/Appendix/Debugging.html#traceback
adfinis · Oct 29, 2024 · 435f4b3 · 435f4b3
1 parent fb8f585
commit 435f4b3
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 18 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -19,4 +19,4 @@ bareos_repository_release: current
 bareos_repository_version: 23
 
 # You can enable tracebacks for troubleshooting purposes.
-bareos_repository_enable_tracebacks: no
+bareos_repository_enable_tracebacks: false
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -4,19 +4,19 @@
 - name: Import assert.yml
   ansible.builtin.import_tasks:
     file: assert.yml
-  run_once: yes
+  run_once: true
   delegate_to: localhost
 
 - name: Add repository (rpm)
   ansible.builtin.yum_repository:
     name: "{{ item.name }}"
     description: "{{ item.description }}"
     baseurl: "{{ item.baseurl }}"
-    gpgcheck: yes
+    gpgcheck: true
     gpgkey: "{{ item.gpgkey }}"
     username: "{{ item.username | default(omit) }}"
     password: "{{ item.password | default(omit) }}"
-  no_log: yes
+  no_log: true
   loop: "{{ bareos_repository_list }}"
   loop_control:
     label: "{{ item.name }}"
@@ -40,7 +40,7 @@
         owner: root
         group: root
         mode: "0644"
-      no_log: yes
+      no_log: true
 
     - name: Place credentials file (apt)
       ansible.builtin.copy:
@@ -52,7 +52,7 @@
         owner: root
         group: root
         mode: "0600"
-      no_log: yes
+      no_log: true
       when:
         - bareos_repository_type == "subscription"
 
@@ -61,8 +61,8 @@
         repo: "{{ item.deb_repo }}"
         state: present
         filename: "{{ item.name }}"
-        update_cache: yes
-      no_log: yes
+        update_cache: true
+      no_log: true
       loop: "{{ bareos_repository_list }}"
       loop_control:
         label: "{{ item.name }}"
@@ -80,7 +80,7 @@
         owner: root
         group: root
         mode: "0644"
-      no_log: yes
+      no_log: true
 
     - name: Import gpg key (zypper)
       ansible.builtin.rpm_key:
@@ -95,7 +95,7 @@
         owner: root
         group: root
         mode: "0600"
-      no_log: yes
+      no_log: true
       when:
         - bareos_repository_type == "subscription"
 
@@ -117,11 +117,11 @@
         name: "{{ item.name }}"
         description: "{{ item.description }}"
         baseurl: "{{ item.baseurl }}"
-        gpgcheck: yes
+        gpgcheck: true
         gpgkey: "{{ item.gpgkey }}"
         username: "{{ item.username | default(omit) }}"
         password: "{{ item.password | default(omit) }}"
-      no_log: yes
+      no_log: true
       loop: "{{ bareos_repository_debug_list }}"
       loop_control:
         label: "{{ item.name }}"
@@ -142,9 +142,3 @@
     - name: Install required packages
       ansible.builtin.package:
         name: "{{ bareos_repository_debug_required_packages }}"
-
-    - name: Disable ptrace_scope
-      ansible.posix.sysctl:
-        name: kernel.yama.ptrace_scope
-        value: "0"
-        sysctl_set: yes