diff --git a/playbooks/postgres-maintenance/fenced_to_standby.yml b/playbooks/postgres-maintenance/fenced_to_standby.yml
index 2bb1400a4c01a41261f58e55859be9162b0d836b..bbd813bcda90578934cde9871ea1e91af2edfc66 100644
--- a/playbooks/postgres-maintenance/fenced_to_standby.yml
+++ b/playbooks/postgres-maintenance/fenced_to_standby.yml
@@ -15,13 +15,13 @@
- name: delete postgresql data directory
ansible.builtin.file:
- path: /var/lib/postgresql/11/main/
+ path: /var/lib/postgresql/13/main/
state: absent
force: true
- name: copy data from primary
ansible.builtin.command: >
- repmgr -f /etc/postgresql/11/main/repmgr.conf
+ repmgr -f /etc/postgresql/13/main/repmgr.conf
--force --verbose
standby clone
-h {{ hostvars[groups['postgres_primary'][0]]['ansible_default_ipv4']['address'] }}
@@ -39,7 +39,7 @@
when: copy_from_primary is succeeded
- name: register node as standby
- ansible.builtin.command: "repmgr -f /etc/postgresql/11/main/repmgr.conf --force --verbose standby register"
+ ansible.builtin.command: "repmgr -f /etc/postgresql/13/main/repmgr.conf --force --verbose standby register"
become: true
become_user: postgres
when: copy_from_primary is succeeded
diff --git a/playbooks/postgres-maintenance/standby_to_primary.yml b/playbooks/postgres-maintenance/standby_to_primary.yml
index b073f824f9c1d4ac52f28a7ba4d920ae9267c72f..a4be1c4bcd84791d9e603995bd13f05a35862c95 100644
--- a/playbooks/postgres-maintenance/standby_to_primary.yml
+++ b/playbooks/postgres-maintenance/standby_to_primary.yml
@@ -8,13 +8,13 @@
msg: "Current status {{ rephacheck['stdout'] }} must be standby."
when: rephacheck['stdout'] != "standby"
- name: check if node is currently in standby
- ansible.builtin.command: "repmgr standby switchover -f /etc/postgresql/11/main/repmgr.conf --siblings-follow --dry-run"
+ ansible.builtin.command: "repmgr standby switchover -f /etc/postgresql/13/main/repmgr.conf --siblings-follow --dry-run"
become: true
become_user: postgres
when: rephacheck['stdout'] == "standby"
register: standby_dry_run
- name: switch standby node to primary
- ansible.builtin.command: "repmgr standby switchover -f /etc/postgresql/11/main/repmgr.conf --siblings-follow"
+ ansible.builtin.command: "repmgr standby switchover -f /etc/postgresql/13/main/repmgr.conf --siblings-follow"
become: true
become_user: postgres
when:
diff --git a/roles/celerity/tasks/main.yml b/roles/celerity/tasks/main.yml
index 5d223ce619ad0faa354d927c3ceaa27f220dfe92..28783ff8b9fee3c414bfc53aaadca444562f2f4d 100644
--- a/roles/celerity/tasks/main.yml
+++ b/roles/celerity/tasks/main.yml
@@ -4,7 +4,7 @@
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
- name: celerity-server
+ name: ubicast-celerity-server
register: apt_status
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
diff --git a/roles/ferm-install/tasks/main.yml b/roles/ferm-install/tasks/main.yml
index 22c8b2e43792e58c3c8c013c0cb9d976c8c14fda..5ec0a4f68cbea2ccf4152629b2ea8b1dc21d98fd 100644
--- a/roles/ferm-install/tasks/main.yml
+++ b/roles/ferm-install/tasks/main.yml
@@ -9,6 +9,13 @@
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
+- name: use iptables-legacy
+ ansible.builtin.shell: |
+ update-alternatives --set iptables /usr/sbin/iptables-legacy
+ update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+ register: cmd
+ changed_when: "'using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode' in cmd.stdout"
+
- name: configuration
notify: restart ferm
ansible.builtin.template:
diff --git a/roles/mediaimport/handlers/main.yml b/roles/mediaimport/handlers/main.yml
index fa3120ff1e45824b4837588379d1d16ba753588f..b87528a150512ae485d9f60c64083572a5953062 100644
--- a/roles/mediaimport/handlers/main.yml
+++ b/roles/mediaimport/handlers/main.yml
@@ -4,6 +4,11 @@
ansible.builtin.systemd:
daemon_reload: true
+- name: restart sshd
+ ansible.builtin.systemd:
+ name: sshd
+ state: restarted
+
- name: restart pure-ftpd
ansible.builtin.systemd:
name: pure-ftpd
diff --git a/roles/mediaimport/tasks/main.yml b/roles/mediaimport/tasks/main.yml
index 01c83410b4b0b481e5bf6d9e94b3c0da94e6a6e5..528c843d876390dd280672549eb5cb0929dda011 100644
--- a/roles/mediaimport/tasks/main.yml
+++ b/roles/mediaimport/tasks/main.yml
@@ -41,6 +41,13 @@
## MYSECURESHELL
+- name: enable password login for ssh
+ notify: restart sshd
+ ansible.builtin.replace:
+ dest: /etc/ssh/sshd_config
+ regexp: "^PasswordAuthentication no"
+ replace: "#PasswordAuthentication yes"
+
- name: set the setuid on mysecureshell
ansible.builtin.file:
path: /usr/bin/mysecureshell
diff --git a/roles/mediaserver/defaults/main.yml b/roles/mediaserver/defaults/main.yml
index 626b207a39d28f6903effd585288d52468f2da4e..ba8a4045e04af981f751a497019a07a6a39c93fb 100644
--- a/roles/mediaserver/defaults/main.yml
+++ b/roles/mediaserver/defaults/main.yml
@@ -6,7 +6,6 @@ server_packages:
- memcached
- nginx
- postfix
- - celerity-utils
- ubicast-mediaserver
server_default_email_sender: "noreply@{{ server_hostname }}"
diff --git a/roles/mediaserver/tasks/main.yml b/roles/mediaserver/tasks/main.yml
index 2472be46c9a4655acba584b602abf58c10fade20..e7b3beefce4478dd7555a8be7fb74e0dbf1e3016 100644
--- a/roles/mediaserver/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -27,14 +27,6 @@
key: "{{ hostvars[item]['pubkey'] }}"
tags: always
-- name: resolve domain name to localhost
- notify: restart nginx
- loop: "{{ server_instances }}"
- ansible.builtin.lineinfile:
- path: /etc/hosts
- line: '127.0.1.1 {{ item.ms_server_name }}'
- backup: true
-
- name: Update the MS configuration with the celerity server IP
ansible.builtin.lineinfile:
path: /etc/mediaserver/msconf.py
@@ -60,23 +52,6 @@
mode: '0644'
- name: create instances
- when: inventory_hostname == groups['mediaserver'][0]
- loop: "{{ server_instances }}"
- environment:
- MS_ID: "{{ item.ms_id }}"
- MS_SERVER_NAME: "{{ item.ms_server_name }}"
- MS_API_KEY: "{{ item.ms_api_key }}"
- CM_SERVER_NAME: "{{ item.cm_server_name }}"
- MS_SUPERUSER_PWD: "{{ item.ms_superuser_pwd }}"
- MS_ADMIN_PWD: "{{ item.ms_admin_pwd }}"
- ansible.builtin.command:
- cmd: msinstaller.py {{ item.name }} --no-input
- creates: /etc/nginx/sites-available/mediaserver-{{ item.name }}.conf
-
-- name: create instances for secondary servers
- when:
- - groups['mediaserver'] | length > 1
- - inventory_hostname != groups['mediaserver'][0]
loop: "{{ server_instances }}"
environment:
MS_ID: "{{ item.ms_id }}"
@@ -85,8 +60,12 @@
CM_SERVER_NAME: "{{ item.cm_server_name }}"
MS_SUPERUSER_PWD: "{{ item.ms_superuser_pwd }}"
MS_ADMIN_PWD: "{{ item.ms_admin_pwd }}"
+ DB_HOST: "{{ envsetup_db_host | d('127.0.0.1') }}"
+ DB_PORT: "{{ envsetup_db_port | d('5432') }}"
+ DB_PG_ROOT_PWD: "{{ envsetup_db_pg_root_pwd | d('') }}"
+ MS_SECRET: "{{ envsetup_ms_secret | d('') }}"
ansible.builtin.command:
- cmd: msinstaller.py {{ item.name }} --no-input
+ cmd: mscontroller.py add -u {{ item.name }}
creates: /etc/nginx/sites-available/mediaserver-{{ item.name }}.conf
throttle: 1
diff --git a/roles/mediaworker/tasks/main.yml b/roles/mediaworker/tasks/main.yml
index 3e0fcfc513d83a21a13f1b2dc0dbffcc327c1b9d..d4282ed4524851fd805dbc0d51160d0770c83579 100644
--- a/roles/mediaworker/tasks/main.yml
+++ b/roles/mediaworker/tasks/main.yml
@@ -4,7 +4,7 @@
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
- name: celerity-workers
+ name: ubicast-celerity-workers
register: apt_status
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
diff --git a/roles/mirismanager/tasks/main.yml b/roles/mirismanager/tasks/main.yml
index fc47293153bac63910e28604c32e8221d67e4edb..6e9506b90b7a8cc4a8a96734acf74b6786fef3ca 100644
--- a/roles/mirismanager/tasks/main.yml
+++ b/roles/mirismanager/tasks/main.yml
@@ -15,6 +15,8 @@
state: started
- name: mirismanager install
+ environment:
+ CM_SERVER_NAME: "{{ manager_hostname }}"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
@@ -23,38 +25,6 @@
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-- name: configure domain name in nginx conf
- notify: restart nginx
- ansible.builtin.replace:
- path: /etc/nginx/sites-available/skyreach.conf
- regexp: '^(\s*server_name).*;$'
- replace: '\1 {{ manager_hostname }};'
- backup: true
-
-- name: configure domain name in settings
- notify: restart skyreach
- ansible.builtin.lineinfile:
- path: /home/skyreach/skyreach_data/private/settings_override.py
- regexp: '^#? ?SITE_URL.*'
- line: "SITE_URL = 'https://{{ manager_hostname }}'"
- backup: true
-
-- name: configure site title in settings
- notify: restart skyreach
- ansible.builtin.lineinfile:
- path: /home/skyreach/skyreach_data/private/settings_override.py
- regexp: '^#? ?SITE_TITLE.*'
- line: "SITE_TITLE = '{{ manager_hostname }}'"
- backup: true
-
-- name: configure site name in settings
- notify: restart skyreach
- ansible.builtin.lineinfile:
- path: /home/skyreach/skyreach_data/private/settings_override.py
- regexp: '^#? ?SITE_NAME.*'
- line: "SITE_NAME = '{{ manager_hostname }}'"
- backup: true
-
- name: configure email sender address in settings
notify: restart skyreach
ansible.builtin.lineinfile:
@@ -63,13 +33,6 @@
line: "DEFAULT_FROM_EMAIL = '{{ manager_email_sender }}'"
backup: true
-- name: resolve domain name to localhost ipv4
- notify: restart nginx
- ansible.builtin.lineinfile:
- path: /etc/hosts
- line: '127.0.0.1 {{ manager_hostname }}'
- backup: true
-
- name: ensure skyreach is running
ansible.builtin.service:
name: skyreach
diff --git a/roles/munin/msmonitor/defaults/main.yml b/roles/munin/msmonitor/defaults/main.yml
index 409e1b2fa3cc94b98a960dae74d0c74d0576951f..47019bc9ff066808741c1de15fd1bf2fdc81e125 100644
--- a/roles/munin/msmonitor/defaults/main.yml
+++ b/roles/munin/msmonitor/defaults/main.yml
@@ -1,6 +1,9 @@
---
monitor_shell_pwd: "{{ envsetup_monitor_shell_pwd | d() }}"
+monitor_admin_pwd: "{{ envsetup_monitor_admin_pwd | d() }}"
+monitor_superuser_pwd: "{{ envsetup_monitor_superuser_pwd | d() }}"
+ssh_maintenance_port: "{{ envsetup_ssh_maintenance_port | d() }}"
monitor_hostname: "{{ envsetup_monitor_server_name | d('monitor', true) }}"
monitor_firewall_enabled: true
diff --git a/roles/munin/msmonitor/tasks/main.yml b/roles/munin/msmonitor/tasks/main.yml
index da807a33f45134ca044c8bdc4aff7f965cd078eb..3251fd361ee65a84fc3e9780d1689fba6bd62127 100644
--- a/roles/munin/msmonitor/tasks/main.yml
+++ b/roles/munin/msmonitor/tasks/main.yml
@@ -1,49 +1,29 @@
---
- name: install ubicast msmonitor
+ environment:
+ MONITOR_SERVER_NAME: "{{ monitor_hostname }}"
+ MONITOR_SHELL_PWD: "{{ monitor_shell_pwd | password_hash('sha512', 'monitor') }}"
+ MONITOR_ADMIN_PWD: "{{ monitor_admin_pwd | password_hash('sha512', 'monitor') }}"
+ MONITOR_SUPERUSER_PWD: "{{ monitor_superuser_pwd }}"
+ SSH_MAINTENANCE_PORT: "{{ ssh_maintenance_port }}"
ansible.builtin.apt:
force_apt_get: true
install_recommends: false
state: latest
name:
- - ubicast-monitor
- - ubicast-monitor-runtime
+ - ubicast-webmonitor
+ - ubicast-webmonitor-runtime
register: apt_status
retries: 60
until: apt_status is success or ('Failed to lock apt for exclusive operation' not in apt_status.msg and '/var/lib/dpkg/lock' not in apt_status.msg)
-- name: set msmonitor account password
- ansible.builtin.user:
- name: msmonitor
- password: "{{ monitor_shell_pwd | password_hash('sha512', 'monitor') }}"
-
-- name: configure domain name in nginx
- notify: restart nginx
- ansible.builtin.replace:
- path: /etc/nginx/sites-available/msmonitor.conf
- regexp: '^(\s*server_name).*;$'
- replace: '\1 {{ monitor_hostname }};'
- backup: true
-
-- name: resolve domain name to localhost ipv4
- notify: restart nginx
- ansible.builtin.lineinfile:
- path: /etc/hosts
- line: '127.0.1.1 {{ monitor_hostname }}'
- backup: true
-
- name: ensure msmonitor is running
ansible.builtin.service:
- name: msmonitor
+ name: webmonitor
enabled: true
state: started
-- name: set directory permissions
- ansible.builtin.file:
- path: /home/msmonitor/msmonitor
- mode: 0755
- state: directory
-
# FIREWALL
- name: firewall
diff --git a/roles/postgres-ha/defaults/main.yml b/roles/postgres-ha/defaults/main.yml
index cfc389595af4be7b732b524619e99f017fbfe7c6..dcdd831a34ffc4c8cbd98c49aaff540755a71ccb 100644
--- a/roles/postgres-ha/defaults/main.yml
+++ b/roles/postgres-ha/defaults/main.yml
@@ -7,7 +7,7 @@ repmgr_packages:
- python3-psycopg2
- python3-toml
-repmgr_pg_version: "{{ pg_version | default('11') }}"
+repmgr_pg_version: "{{ pg_version | default('13') }}"
repmgr_pg_cluster: "{{ pg_cluster | default('main') }}"
repmgr_pg_data: /var/lib/postgresql/{{ repmgr_pg_version }}/{{ repmgr_pg_cluster }}
diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml
index 50dcd0ec4269ef6c6accc6cc58961d009ef31fe5..c9938a2fa65567b3850548d03b65a5e2436b23bc 100644
--- a/roles/postgres/defaults/main.yml
+++ b/roles/postgres/defaults/main.yml
@@ -4,7 +4,7 @@ pg_packages:
- acl
- postgresql
-pg_version: 11
+pg_version: 13
pg_cluster: main
pg_password: "{{ envsetup_db_pg_root_pwd | d() }}"
diff --git a/roles/postgres/files/logrotate-postgresql b/roles/postgres/files/logrotate-postgresql
new file mode 100644
index 0000000000000000000000000000000000000000..92e62237d155ef046415982026a245e4071ec59e
--- /dev/null
+++ b/roles/postgres/files/logrotate-postgresql
@@ -0,0 +1,10 @@
+/var/log/postgresql/*.log {
+ weekly
+ rotate 4
+ copytruncate
+ delaycompress
+ compress
+ notifempty
+ missingok
+ su root root
+}
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
index f30db26aeeed30984cc486f717340f8d0088abf1..fcf23ded110885133c7fd654f19d88b9e713b33b 100644
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -20,6 +20,15 @@
# CONFIGURATION
+- name: update logrotate config
+ ansible.builtin.copy:
+ src: logrotate-postgresql
+ dest: "/etc/logrotate.d/postgresql-common"
+ owner: root
+ group: root
+ backup: false
+ mode: '644'
+
- name: ensure conf directory exists
ansible.builtin.file:
path: "{{ pg_conf_dir }}/conf.d"
diff --git a/roles/sysconfig/tasks/main.yml b/roles/sysconfig/tasks/main.yml
index 0a6d4b24612d379af4ca58992fc7f118f9bc344d..8019c58d8667ea6f4974eecb6b0054e5d01420b1 100644
--- a/roles/sysconfig/tasks/main.yml
+++ b/roles/sysconfig/tasks/main.yml
@@ -86,12 +86,13 @@
replace: 'Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";'
notify: restart unattended-upgrades
-- name: allow automatic updates for ubicast security
+- name: allow automatic updates for ubicast security repo
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/50unattended-upgrades
insertafter: '^Unattended-Upgrade::Origins-Pattern {$'
line: ' "origin=UbiCast,label=UbiCast-Security";'
backup: true
+ notify: restart unattended-upgrades
- name: enable root login via ssh with key
ansible.builtin.replace:
diff --git a/roles/sysconfig/tasks/ntp.yml b/roles/sysconfig/tasks/ntp.yml
index f0e6d6383c61abdf1df39bbb90fdaf1625b911e4..92f6a3d2654287202d065389b9512cf5558e3b0d 100644
--- a/roles/sysconfig/tasks/ntp.yml
+++ b/roles/sysconfig/tasks/ntp.yml
@@ -1,29 +1,17 @@
---
-- name: create systemd-timesync service config directory
- ansible.builtin.file:
- path: /lib/systemd/system/systemd-timesyncd.service.d
- state: directory
- mode: 0755
-- name: ntp add condition to systemd-timesyncd service
- notify: systemd daemon reload
- ansible.builtin.copy:
- dest: /lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf
- mode: '644'
- content: |
- [Unit]
- # don't run timesyncd if we have another NTP daemon installed
- ConditionFileIsExecutable=!/usr/sbin/ntpd
- ConditionFileIsExecutable=!/usr/sbin/openntpd
- ConditionFileIsExecutable=!/usr/sbin/chronyd
- ConditionFileIsExecutable=!/usr/sbin/VBoxService
+- name: gathering services
+ ansible.builtin.service_facts:
- name: ntp disable systemd-timesyncd service
notify: restart ntp
ansible.builtin.systemd:
name: systemd-timesyncd
enabled: false
+ daemon_reload: true
state: stopped
+ when: ('systemd-timesyncd.service' in ansible_facts.services)
+ and (ansible_facts.services['systemd-timesyncd.service'].status != 'not-found')
- name: ntp install
ansible.builtin.apt:
diff --git a/roles/sysconfig/tasks/repos.yml b/roles/sysconfig/tasks/repos.yml
index 653aea4fffaccdeb7bcb24629528db307938a894..4d2b06501d01f4a656e75b16c733a95a656fe297 100644
--- a/roles/sysconfig/tasks/repos.yml
+++ b/roles/sysconfig/tasks/repos.yml
@@ -1,23 +1,24 @@
---
-- name: ubuntu apt repo sources list
+- name: debian 10 apt repo sources list
when:
- not offline_mode | d(false)
- - ansible_distribution == 'Ubuntu'
+ - ansible_distribution == 'Debian'
+ - ansible_distribution_major_version == '10'
notify: update cache
ansible.builtin.copy:
dest: /etc/apt/sources.list
mode: '644'
content: |
- deb {{ repos_prefix }}archive.ubuntu.com/ubuntu/ {{ repos_release }} main restricted universe multiverse
- deb {{ repos_prefix }}archive.ubuntu.com/ubuntu/ {{ repos_release }}-updates main restricted universe multiverse
- deb {{ repos_prefix }}archive.ubuntu.com/ubuntu/ {{ repos_release }}-backports main restricted universe multiverse
- deb {{ repos_prefix }}security.ubuntu.com/ubuntu {{ repos_release }}-security main restricted universe multiverse
+ deb {{ repos_prefix }}{{ repos_deb }}/debian {{ repos_release }} main contrib non-free
+ deb {{ repos_prefix }}{{ repos_deb }}/debian {{ repos_release }}-updates main contrib non-free
+ deb {{ repos_prefix }}{{ repos_deb_sec }}/debian-security {{ repos_release }}/updates main contrib non-free
-- name: debian apt repo sources list
+- name: debian 11 apt repo sources list
when:
- not offline_mode | d(false)
- ansible_distribution == 'Debian'
+ - ansible_distribution_major_version == '11'
notify: update cache
ansible.builtin.copy:
dest: /etc/apt/sources.list
@@ -25,7 +26,7 @@
content: |
deb {{ repos_prefix }}{{ repos_deb }}/debian {{ repos_release }} main contrib non-free
deb {{ repos_prefix }}{{ repos_deb }}/debian {{ repos_release }}-updates main contrib non-free
- deb {{ repos_prefix }}{{ repos_deb_sec }}/debian-security {{ repos_release }}/updates main contrib non-free
+ deb {{ repos_prefix }}{{ repos_deb_sec }}/debian-security {{ repos_release }}-security main contrib non-free
- name: add ubicast apt repo key
when: not offline_mode | d(false)
@@ -36,16 +37,42 @@
when:
- not offline_mode | d(false)
- repos_skyreach_token | d(false)
+ - ansible_distribution == 'Debian'
+ - ansible_distribution_major_version == '10'
ansible.builtin.apt_repository:
repo: deb https://{{ repos_skyreach_host }} packaging/apt/{{ repos_skyreach_token }}/
filename: ubicast
update_cache: true
+- name: add ubicast apt repo
+ when:
+ - not offline_mode | d(false)
+ - repos_skyreach_token | d(false)
+ - ansible_distribution == 'Debian'
+ - ansible_distribution_major_version == '11'
+ ansible.builtin.apt_repository:
+ repo: deb https://{{ repos_skyreach_host }} packaging/apt/{{ repos_skyreach_token }}/bullseye/
+ filename: ubicast
+ update_cache: true
+
- name: add ubicast security apt repo
- when: not offline_mode | d(false)
+ when:
+ - not offline_mode | d(false)
+ - ansible_distribution == 'Debian'
+ - ansible_distribution_major_version == '10'
ansible.builtin.apt_repository:
repo: deb https://{{ repos_skyreach_host }} packaging/apt/ubicast-security-updates/
filename: ubicast-secu
update_cache: true
+- name: add ubicast security apt repo
+ when:
+ - not offline_mode | d(false)
+ - ansible_distribution == 'Debian'
+ - ansible_distribution_major_version == '11'
+ ansible.builtin.apt_repository:
+ repo: deb https://{{ repos_skyreach_host }} packaging/apt/ubicast-security-updates/bullseye/
+ filename: ubicast-secu
+ update_cache: true
+
...
diff --git a/roles/tester/defaults/main.yml b/roles/tester/defaults/main.yml
index 4297d274ba76927b0b6641e4c233e2ca99191bb6..c05f4349c4ab2e24787c652951ae9ef799f70c54 100644
--- a/roles/tester/defaults/main.yml
+++ b/roles/tester/defaults/main.yml
@@ -3,5 +3,7 @@
tester_packages:
- ubicast-env
- ubicast-tester
+ - ubicast-tester-nudgis
+ - ubicast-tester-system
...