ypid.epoptes default variables¶
Sections
Mode of operation¶
-
epoptes__deploy_modes
¶
In which mode(s) should the role operate when running against a specific host. Possible options:
prepare_client
- Prepare a client computer for later configuration deployment.
teacher
- Directly configure a teacher computer.
student
- Directly configure a student computer.
postsync
- Write the configuration into a directory structure and configure LINBO using it’s postsync feature to sync the appropriate configuration to clients. The role is expected to be run against a linuxmuster.net server in this mode.
Please choose one or more modes.
Note that the sets { "postsync" }
and { "teacher", "student" }
can
not be used together. The role asserts for this to ensure valid configuration.
epoptes__deploy_modes: []
-
epoptes__prepare_mode
¶
How should the role handle client preparation? Possible options:
divert
- Default. Uses dpkg-divert to rename the files. This operation is package management aware and thus preferred.
remove
- Can be used for debugging when you used
epoptes__deploy_modes
set tostudent
orteacher
and later want a clean client again.
epoptes__prepare_mode: 'divert'
-
epoptes__deploy_state
¶
What is the desired state which this role should achieve? Possible options:
present
- Default. Ensure that Epoptes is installed and configured as requested.
absent
- Ensure that Epoptes is uninstalled and it's configuration is removed. This mode is not fully tested and might not remove all "traces".
epoptes__deploy_state: 'present'
System packages¶
-
epoptes__student_packages
¶
List of packages to install on student client systems.
epoptes__student_packages:
- 'epoptes-client'
-
epoptes__teacher_packages
¶
List of packages to install on teacher client systems.
epoptes__teacher_packages:
# Master component (server).
- 'epoptes'
-
epoptes__optional_client_packages
¶
List of optional packages to install on all client systems with Epoptes enabled.
epoptes__optional_client_packages: []
Epoptes X.509 certificate¶
Those settings only apply when the private key and X.509 certificate are generated on the initial role run. You can remove those files on the Ansible controller to generate new once. They will be pushed to remote hosts on the next role run. Note that you will need to update/redeploy all clients which use Epoptes for it to work correctly.
-
epoptes__cert_key_type
¶
Epoptes public key algorithm to use. Refer to req(1ssl) for details.
epoptes__cert_key_type: 'rsa'
-
epoptes__cert_key_size
¶
Epoptes public key size to use.
This depends on the setting of epoptes__cert_key_type
.
epoptes__cert_key_size: 4096
-
epoptes__cert_days_valid
¶
Days until the certificate expires.
epoptes__cert_days_valid: '{{ 366 * 10 }}'
linuxmuster.net postsync configuration¶
-
epoptes__postsync_image_name
¶
Name of the Linbo image for which to generate the postsync script.
epoptes__postsync_image_name: 'linux_mint'
-
epoptes__postsync_script
¶
File path of the postsync script.
epoptes__postsync_script: '/var/linbo/{{ epoptes__postsync_image_name }}.cloop.postsync'
Epoptes configuration¶
-
epoptes__port
¶
The port where the server will be listening on and where clients will try to connect to. For security reasons it defaults to a well-known port which requires elevated permissions to listen on.
epoptes__port: 789
-
epoptes__wol_enabled
¶
Should teachers be able to start computers using Wake on LAN?
epoptes__wol_enabled: True
-
epoptes__wol_mode
¶
Wake On LAN mode.
epoptes__wol_mode: 'g'
-
epoptes__socket_group
¶
System group the Epoptes server will use for the communications socket. That means that any user in that group will be able to launch the Epoptes UI and control the clients.
epoptes__socket_group: 'teachers'
-
epoptes__secret_path
¶
Path on the Ansible controller where the public-private-keypair is stored.
epoptes__secret_path: '{{ secret + "/epoptes/by-group/all" }}'
-
epoptes__client_key_dir
¶
Directory where the private key will be cached in on the client when a teacher logs in.
epoptes__client_key_dir: '/dev/shm/.k'
-
epoptes__teacher_ui_name
¶
Name of the Epoptes (G)UI which can be used by teachers to control computers of students.
epoptes__teacher_ui_name: 'Epoptes'
-
epoptes__room_prefix
¶
Room prefix string to extract the room from the hostname.
epoptes__room_prefix: ''
-
epoptes__room_suffix
¶
Room prefix string to extract the room from the hostname.
epoptes__room_suffix: '-*'
-
epoptes__rooms
¶
Epoptes room definitions.
Refer to the documentation of all options for more details.
epoptes__rooms: {}
-
epoptes__enforce
¶
Enforce mode aka sweet revenge mode :) Restart the display server if a student tries to kill the epoptes-client. Work in progress and probably not needed/handled differently in Epoptes.
epoptes__enforce: False
-
epoptes__enforce_dm
¶
The display server to restart in epoptes__enforce
mode.
epoptes__enforce_dm: 'mdm'