Set 'become' default to True (#7)

ansible.cfg

@@ -3,8 +3,12 @@ inventory = ./inventory
 retry_files_enabled = False
 #vault_password_file = ~/.ansible/vault-password-file
 remote_tmp = $HOME/ansible_tmp
+remote_user = admin
 ansible_managed = Ansible managed - don't edit this file!
 roles_path = ./roles
 
+[privilege_escalation]
+become=True
+
 #[ssh_connection]
 #pipelining = True

roles/ffmwu-bird/tasks/main.yml

@@ -7,7 +7,6 @@
     owner: admin
     group: bird
     mode: 0750
-  become: yes
 
 - name: standardise file ownerships
   file:
@@ -16,7 +15,6 @@
     owner: admin
     group: bird
     mode: 0750
-  become: yes
   with_items:
   - /etc/bird/bird.conf
   - /etc/bird/mwu_peers_v4.inc

roles/ffmwu-build/tasks/packages.yml

@@ -4,7 +4,6 @@
     repo: 'deb https://repo.universe-factory.net/debian/ sid main'
     state: present
     filename: 'neoraider'
-  become: true
   notify: update apt cache
 
 - name: add apt repository of freifunk-mwu
@@ -12,7 +11,6 @@
     repo: 'deb http://repo.freifunk-mwu.de/debian/ jessie main'
     state: present
     filename: 'ffmwu'
-  become: true
   notify: update apt cache
 
 - name: add apt-key of neoraider
@@ -20,14 +18,12 @@
     keyserver: keyserver.ubuntu.com
     id: 16EF3F64CB201D9C
     state: present
-  become: true
   notify: update apt cache
 
 - name: add apt-key of freifunk-mwu package sigs
   apt_key:
     url: http://repo.freifunk-mwu.de/83A70084.gpg.key
     state: present
-  become: true
   notify: update apt cache
 
 - name: install needed packages for build-server
@@ -50,4 +46,3 @@
     - subversion
     - unzip
     - zlib1g-dev
-  become: true

roles/ffmwu-build/tasks/rsyncd.yml

@@ -4,18 +4,15 @@
     src: rsyncd.conf
     dest: /etc/rsyncd.conf
     mode: 0640
-  become: true
 
 - name: install rsnyc systemd unit
   copy:
     src: rsync.service
     dest: /etc/systemd/system/
     mode: 0644
-  become: true
 
 - name: ensure rsync is started on boot as a daemon
   systemd:
     name: rsync
     state: started
     enabled: True
-  become: true

roles/ffmwu-build/tasks/web.yml

@@ -5,13 +5,11 @@
     owner: admin
     group: admin
     recurse: yes
-  become: true
 
 - name: enable apache module ssl
   apache2_module:
     state: present
     name: ssl
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -20,7 +18,6 @@
   command: /usr/sbin/a2dissite 000-default
   args:
     removes: /etc/apache2/sites-enabled/000-default.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -29,7 +26,6 @@
   command: /usr/sbin/a2dissite default-ssl
   args:
     removes: /etc/apache2/sites-enabled/default-ssl.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -38,7 +34,6 @@
   command: /usr/sbin/a2disconf other-vhosts-access-log
   args:
     removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -49,7 +44,6 @@
     regexp: '^([\s\t]+)?SSLCipherSuite'
     line: "SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
     state: present
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -60,7 +54,6 @@
     regexp: '^([\s\t]+)?SSLProtocol'
     line: "SSLProtocol all -SSLv2 -SSLv3"
     state: present
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -71,7 +64,6 @@
     regexp: "^ServerTokens"
     line: "ServerTokens Prod"
     state: present
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -82,7 +74,6 @@
     regexp: "^ServerSignature"
     line: "ServerSignature EMail"
     state: present
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -91,7 +82,6 @@
   template:
     src: ffmwu-default-http.conf.j2
     dest: /etc/apache2/sites-available/ffmwu-default-http.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -100,7 +90,6 @@
   template:
     src: ffmwu-default-https.conf.j2
     dest: /etc/apache2/sites-available/ffmwu-default-https.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -109,7 +98,6 @@
   command: /usr/sbin/a2ensite ffmwu-default-http
   args:
     creates: /etc/apache2/sites-enabled/ffmwu-default-http.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2
@@ -118,7 +106,6 @@
   command: /usr/sbin/a2ensite ffmwu-default-https
   args:
     creates: /etc/apache2/sites-enabled/ffmwu-default-https.conf
-  become: true
   notify:
     - check apache syntax
     - restart systemd unit apache2

roles/ffmwu-meshing/tasks/fastd.yml

@@ -2,7 +2,6 @@
 
 - name: ensure correct ownership of /etc/fastd
   file: path=/etc/fastd state=directory mode=0750 owner=admin group=admin
-  become: True
 
 - name: find ssh keyfile name for use with git
   shell: grep IdentityFile ~/.ssh/config | awk '{print $2}'

roles/ffmwu-server/tasks/main.yml

@@ -10,7 +10,6 @@
 - block:
   - name: ensure needed system users are present
     user: name=admin comment="Freifunk MWU Admin" shell=/bin/bash state=present
-    become: True
 
   - name: ensure all wanted ssh keys exclusively
     authorized_key: exclusive=True state=present user=admin
@@ -18,11 +17,9 @@
 
   - name: ensure vim is default editor
     alternatives: name=editor path=/usr/bin/vim.basic
-    become: True
 
   - name: set timezone to Europe/Berlin
     timezone: name=Europe/Berlin
-    become: True
 
   when: (ansible_managed_server is defined) and (ansible_managed_server)
 # end block

roles/git-fastd-peers/tasks/main.yml

@@ -5,7 +5,6 @@
     state: present
   with_items:
     - git
-  become: true
 
 - name: create fastd peer mesh directories
   file:
@@ -15,7 +14,6 @@
     owner: admin
     group: admin
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: create fastd peer intragate directories
   file:
@@ -25,7 +23,6 @@
     owner: admin
     group: admin
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: clone fastd peer mesh repos
   git:

roles/kmod-batman/tasks/main.yml

@@ -9,10 +9,8 @@
     - linux-headers-amd64
     - batman-adv-dkms
     - batctl
-  become: true
 
 - name: configure batman module to load on system boot
   template:
     src: batman-adv.module.conf.j2
     dest: /etc/modules-load.d/batman-adv.conf
-  become: true

roles/network-batman/tasks/main.yml

@@ -4,14 +4,12 @@
     src: dummy.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}0"
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: create batman interfaces
   template:
     src: batman.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}BAT"
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: set sysfs variables
   template:
@@ -19,4 +17,3 @@
     dest: "/etc/sysfs.d/99-{{ item.key }}BAT.conf"
   with_dict: "{{ meshes }}"
   notify: activate sysfs variables
-  become: true

roles/network-fastd/tasks/main.yml

@@ -4,11 +4,9 @@
     src: fastd-mesh.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}VPN"
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: create fastd intragate interfaces
   template:
     src: fastd-intragate.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}igVPN"
   with_dict: "{{ meshes }}"
-  become: true

roles/network-ffrl/tasks/main.yml

@@ -4,4 +4,3 @@
     src: ffrl.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}"
   with_dict: "{{ ffrl_exit_server }}"
-  become: true

roles/network-meshbridge/tasks/main.yml

@@ -4,7 +4,6 @@
     src: bridge.j2
     dest: "/etc/network/interfaces.d/{{ item.key }}BR"
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: set sysfs variables
   template:
@@ -12,4 +11,3 @@
     dest: "/etc/sysfs.d/99-{{ item.key }}BR.conf"
   with_dict: "{{ meshes }}"
   notify: activate sysfs variables
-  become: true

roles/network-routetables/tasks/main.yml

@@ -6,4 +6,3 @@
     line: "{{ item.value }}{{ '\t' }}{{ item.key }}"
     state: present
   with_dict: "{{ routing_tables }}"
-  become: true

roles/packages/tasks/main.yml

@@ -21,7 +21,6 @@
       with_items: "{{ (pkg_repo_list|default({})).repo_keys | default([]) }}"
       loop_control:
         loop_var: pkg_item
-      become: True
       # see defaults in with - when: (pkg_repo_list is defined) and (pkg_repo_list.repo_keys is defined)
 
     - name: ensure defined apt repos
@@ -33,7 +32,6 @@
       with_items: "{{ (pkg_repo_list|default({})).repos | default([]) }}"
       loop_control:
         loop_var: pkg_item
-      become: True
       # see defaults in with - when: (pkg_repo_list is defined) and (pkg_repo_list.repos is defined)
 
     # see defaults in with - when: pkg_repo_list is defined
@@ -48,7 +46,6 @@
     with_items: "{{meshing_pkg_pkg_list | default([])}}"
     loop_control:
       loop_var: mwu_m_item
-    become: True
     # see default in with - when: meshing_pkg_pkg_list is defined
 
   - name: ensure defined python libs
@@ -56,7 +53,6 @@
     with_items: "{{meshing_pkg_pip_list | default([])}}"
     loop_control:
       loop_var: mwu_m_item
-    become: True
     # see default in with - when: meshing_pkg_pip_list is defined
 
   when: (really_do is defined) and (really_do)

roles/prerequisites/tasks/main.yml

@@ -11,4 +11,3 @@
 - name: Test root access for admin account
   command: "true"
   changed_when: False
-  become: True

roles/server-basic/tasks/main.yml

@@ -6,15 +6,12 @@
     update_cache: yes
     cache_valid_time: 21600
   with_items: "{{ packages }}"
-  become: true
 
 - name: ensure vim is default editor
   alternatives:
     name: editor
     path: /usr/bin/vim.basic
-  become: true
 
 - name: set timezone to Europe/Berlin
   timezone:
     name: Europe/Berlin
-  become: true

roles/server-repos/tasks/main.yml

@@ -8,21 +8,18 @@
   with_items:
     - dirmngr
     - apt-transport-https
-  become: true
 
 - name: ensure apt key for universe-factory is present
   apt_key:
     state: present
     id: 16ef3f64cb201d9c
     keyserver: pgp.mit.edu
-  become: true
 
 - name: ensure apt key for freifunk-mwu is present
   apt_key:
     state: present
     id: 83A70084
     url: "http://repo.freifunk-mwu.de/83A70084.gpg.key"
-  become: true
 
 - name: ensure needed apt repos are present
   apt_repository:
@@ -31,4 +28,3 @@
     update_cache: "{{ item.update_cache }}"
     filename: "{{ item.name }}"
   with_items: "{{ repos }}"
-  become: true

roles/service-bird/tasks/main.yml

@@ -7,7 +7,6 @@
   with_items:
     - bird-bgp
     - bird-doc
-  become: true
 
 - name: write bird configuration
   template:
@@ -20,7 +19,6 @@
   with_items:
     - ""
     - 6
-  become: true
 
 - name: configure mwu peers
   template:
@@ -33,7 +31,6 @@
   with_items:
     - 4
     - 6
-  become: true
 
 - name: enable + start systemd units bird + bird6
   systemd:
@@ -43,4 +40,3 @@
   with_items:
     - ""
     - 6
-  become: true

roles/service-dhcpd/tasks/main.yml

@@ -3,14 +3,12 @@
   apt:
     name: isc-dhcp-server
     state: present
-  become: true
 
 - name: enable systemd unit isc-dhcp-server
   systemd:
     name: isc-dhcp-server
     enabled: yes
     daemon_reload: yes
-  become: true
 
 - name: concatenate meshbridge interfaces
   set_fact:
@@ -22,18 +20,15 @@
     regexp: '^INTERFACESv4="'
     line: 'INTERFACESv4="{{ dhcp_interfaces }}"'
   notify: restart isc dhcp server
-  become: true
 
 - name: set ipv6 interfaces isc dhcp should listen on
   lineinfile:
     path: /etc/default/isc-dhcp-server
     regexp: '^INTERFACESv6="'
     line: 'INTERFACESv6=""'
-  become: true
 
 - name: configure isc dhcp server
   template:
     src: dhcpd.conf.j2
     dest: /etc/dhcp/dhcpd.conf
 #  notify: restart isc dhcp server
-  become: true

roles/service-fastd-intragate/tasks/main.yml

@@ -3,7 +3,6 @@
   apt:
     name: fastd
     state: present
-  become: true
 
 - name: create fastd intragate directories
   file:
@@ -11,18 +10,15 @@
     state: directory
     mode: 0755
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: template fastd mesh config
   template:
     src: fastd-intragate.conf.j2
     dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf"
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: write fastd intragate secret
   template:
     src: fastd-secret.conf.j2
     dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf"
   with_dict: "{{ meshes }}"
-  become: true

roles/service-fastd-mesh/tasks/main.yml

@@ -3,7 +3,6 @@
   apt:
     name: fastd
     state: present
-  become: true
 
 - name: create fastd directories
   file:
@@ -11,18 +10,15 @@
     state: directory
     mode: 0755
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: template fastd mesh config
   template:
     src: fastd-mesh.conf.j2
     dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf"
   with_dict: "{{ meshes }}"
-  become: true
 
 - name: write fastd mesh secret
   template:
     src: fastd-secret.conf.j2
     dest: "/etc/fastd/{{ item.key }}VPN/secret.conf"
   with_dict: "{{ meshes }}"
-  become: true

roles/service-haveged/tasks/main.yml

@@ -4,11 +4,9 @@
     name: haveged
     state: present
   notify: reload systemd
-  become: true
 
 - name: start and enable systemd unit haveged
   systemd:
     name: haveged
     enabled: yes
     state: started
-  become: true

roles/service-ntpd/tasks/main.yml

@@ -4,7 +4,6 @@
     name: systemd-timesyncd
     enabled: no
     state: stopped
-  become: true
 
 - name: install ntp packages
   apt:
@@ -17,7 +16,6 @@
     - ntp-doc
     - ntpdate
     - ntpstat
-  become: true
 
 - name: enable and start ntp daemon
   systemd:
@@ -25,4 +23,3 @@
     enabled: yes
     state: started
     daemon_reload: yes
-  become: true

roles/service-radvd/tasks/main.yml

@@ -3,18 +3,15 @@
   apt:
     name: radvd
     state: present
-  become: true
 
 - name: enable systemd unit radvd
   systemd:
     name: radvd
     enabled: yes
     daemon_reload: yes
-  become: true
 
 - name: configure radvd
   template:
     src: radvd.conf.j2
     dest: /etc/radvd.conf
     #notify: restart radvd
-  become: true

roles/service-rclocal/tasks/main.yml

@@ -4,10 +4,8 @@
     src: rc.local.j2
     dest: /etc/rc.local
     mode: 0755
-  become: true
 
 - name: enable systemd unit rc.local
   systemd:
     name: rc.local
     enabled: yes
-  become: true