Ensure the AppArmor LSM is enabled, recompiling the Linux kernel itself on Raspberry Pis running Raspbian OS, if they do not already have AppArmor support compiled in. Also install userspace AppArmor utilities and profiles.
There is only one user-settable variable in this role (for now):
raspberry_pi_linux_kernel_version: Git reference to the Raspberry Pi Foundation's Linux kernel source repository to determine which version of their Linux kernel to recompile to, if necessary. This only affects managed hosts that are detected as running Raspbian OS by your playbook(s), for now. Defaults torpi-5.4.y.
This role is immediately usable on Debian-based systems, in which case it will ensure AppArmor is added to the GRUB configuration to pass to the Linux kernel command line. Raspberry Pi hardware, however, requires special consideration. An easy way to detect Raspbian OS in your playbook is like this:
# In `playbooks/site.yaml` or similar.
---
- name: Identify Raspbian OS hosts.
hosts: all
tasks:
- stat:
path: /etc/rpi-issue
register: rpi_issue
- set_fact:
raspbian: "{{ rpi_issue.stat.exists }}"
- name: Ensure AppArmor is enabled.
hosts: all
tasks:
- import_role: anarchotechnyc.apparmorThe Ansible set_fact module in the first play will associate the raspbian variable with each host in your inventory. For Raspbian OS hosts, the value will be true, based on the existence of Raspbian OS's /etc/rpi-issue distribution version info file, generated by pi-gen.
AGPL-3.0-or-later
Use Molecule to run the tests. (You'll also need to install VirtualBox and Vagrant, as tests are run in Vagrant-managed, VirtualBox-backed virtual machines.) Here's how to install Molecule into a virtual environment.
# Molecule is written in Python, so you'll also need Python.
python -m venv venv # Create your virtual environment.
source venv/bin/activate # Activate it.
pip install molecule ansible-lint molecule-vagrant # Install testing tools.
# Then, you can run the tests:
molecule test
# When you're done, deactivate your virtual environment.
deactivate