kasmtech · guruevi · May 20, 2026
diff --git a/restart_kasm.yml b/restart_kasm.yml
@@ -1,3 +1,6 @@
-- import_playbook: stop_kasm.yml
+---
+- name: Stop Kasm Services
+  import_playbook: stop_kasm.yml
 
-- import_playbook: start_kasm.yml
+- name: Start Kasm Services
+  import_playbook: start_kasm.yml
diff --git a/roles/install_common/tasks/add_zones.yml b/roles/install_common/tasks/add_zones.yml
@@ -1,23 +1,24 @@
+---
 - name: Add additional zones
   when: i != 0
   loop: "{{ zones }}"
   loop_control:
     index_var: i
-  blockinfile:
-    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}" 
+  ansible.builtin.blockinfile:
+    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }}"
     state: present
     insertafter: EOF
-    dest: "{{ tempdir.path }}/kasm_release/conf/database/seed_data/default_properties.yaml"
+    dest: "{{ install_common_tempdir.path }}/kasm_release/conf/database/seed_data/default_properties.yaml"
     content: |
-        - allow_origin_domain: $request_host$
-          load_strategy: least_load
-          primary_manager_id: null
-          prioritize_static_agents: true
-          proxy_connections: true
-          proxy_hostname: $request_host$
-          proxy_path: desktop
-          proxy_port: {{ proxy_port }}
-          search_alternate_zones: true
-          upstream_auth_address: $request_host$
-          zone_id: "${uuid:zone_id:{{ i + 1 }}}"
-          zone_name: {{ item }}
+      - allow_origin_domain: $request_host$
+        load_strategy: least_load
+        primary_manager_id: null
+        prioritize_static_agents: true
+        proxy_connections: true
+        proxy_hostname: $request_host$
+        proxy_path: desktop
+        proxy_port: {{ proxy_port }}
+        search_alternate_zones: true
+        upstream_auth_address: $request_host$
+        zone_id: "${uuid:zone_id:{{ i + 1 }}}"
+        zone_name: {{ item }}
diff --git a/roles/install_common/tasks/agent_install.yml b/roles/install_common/tasks/agent_install.yml
@@ -1,6 +1,7 @@
+---
 - name: Check connection from agent to webserver
-  uri:
-    url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck"
+  ansible.builtin.uri:
+    url: "https://{{ install_common_web_host }}:{{ proxy_port }}/api/__healthcheck"
     timeout: 5
     validate_certs: false
   register: _result
@@ -9,19 +10,20 @@
   delay: 5
 
 - name: Install agent role
-  command: >
-    bash {{ tempdir.path }}/kasm_release/install.sh 
-      --role agent 
-      --accept-eula 
-      --proxy-port {{ proxy_port }} 
-      --public-hostname {{ target_ip }} 
-      --manager-hostname {{ web_ip }} 
-      --manager-token {{ manager_token }} 
-      {{ '-s ' ~ service_images_copy.dest if service_images_file }} 
-      {{ '-w ' ~ workspace_images_copy.dest if workspace_images_file }}
-      {{ '-x ' ~ network_plugin_copy.dest if network_plugin_file }}
+  ansible.builtin.command: >
+    bash {{ install_common_tempdir.path }}/kasm_release/install.sh
+      --role agent
+      --accept-eula
+      --proxy-port {{ proxy_port }}
+      --public-hostname {{ install_common_target_host }}
+      --manager-hostname {{ install_common_web_host }}
+      --manager-token {{ manager_token }}
+      {{ '-s ' ~ install_common_service_images_copy.dest if install_common_service_images_file }}
+      {{ '-w ' ~ install_common_workspace_images_copy.dest if install_common_workspace_images_file }}
+      {{ '-x ' ~ install_common_network_plugin_copy.dest if install_common_network_plugin_file }}
   register: install_output
   become: true
   retries: 20
   delay: 10
-  until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr)
+  until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in
+    install_output.stderr)
diff --git a/roles/install_common/tasks/copy_installer.yml b/roles/install_common/tasks/copy_installer.yml
@@ -1,48 +1,59 @@
+---
 # List of files in the files directory matching the installer, service_images, and workspace images.
-- set_fact:
-    installer_glob: "{{ lookup('fileglob', '{{role_path}}/files/kasm_workspaces_*.tar.gz', wantlist=True) + lookup('fileglob', '{{role_path}}/files/kasm_release_*.tar.gz', wantlist=True) }}"
-    service_images_glob: "{{ lookup('fileglob', '{{role_path}}/files/kasm_workspaces_service_images*.tar.gz', wantlist=True) + lookup('fileglob', '{{role_path}}/files/kasm_release_service_images*.tar.gz', wantlist=True) }}"
-    workspace_images_glob: "{{ lookup('fileglob', '{{role_path}}/files/kasm_workspaces_workspace_images_*.tar.gz', wantlist=True) + lookup('fileglob', '{{role_path}}/files/kasm_release_workspace_images_*.tar.gz', wantlist=True)  }}"
-    network_plugin_glob: "{{ lookup('fileglob', '{{role_path}}//files/kasmweb_network_plugin_*.tar.gz', wantlist=True)}}"
+
+- name: Set installer, service images, workspace images, and network plugin file globs
+  ansible.builtin.set_fact:
+    install_common_installer_glob: "{{ lookup('fileglob', role_path + '/files/kasm_workspaces_*.tar.gz', wantlist=True) +
+      lookup('fileglob', role_path + '/files/kasm_release_*.tar.gz', wantlist=True) }}"
+    install_common_service_images_glob: "{{ lookup('fileglob', role_path + '/files/kasm_workspaces_service_images*.tar.gz', wantlist=True) +
+      lookup('fileglob', role_path + '/files/kasm_release_service_images*.tar.gz', wantlist=True) }}"
+    install_common_workspace_images_glob: "{{ lookup('fileglob', role_path + '/files/kasm_workspaces_workspace_images_*.tar.gz', wantlist=True) +
+      lookup('fileglob', role_path + '/files/kasm_release_workspace_images_*.tar.gz', wantlist=True) }}"
+    install_common_network_plugin_glob: "{{ lookup('fileglob', role_path + '/files/kasmweb_network_plugin_*.tar.gz', wantlist=True) }}"
   delegate_to: localhost
 
-- set_fact:
+- name: Set installer, service images, workspace images, and network plugin file facts
+  ansible.builtin.set_fact:
     # Our installer glob search will also include service_images and workspace_images so we filter them out with difference()
-    installer_file: "{{ installer_glob | difference(service_images_glob) | difference(workspace_images_glob) | first | default(None) }}"
-    service_images_file: "{{ service_images_glob | first | default(None) }}"
-    workspace_images_file: "{{ workspace_images_glob | first | default(None) }}"
-    network_plugin_file: "{{ network_plugin_glob | first | default(None) }}"
+    install_common_installer_file: "{{ install_common_installer_glob | difference(install_common_service_images_glob)
+      | difference(install_common_workspace_images_glob) | first | default(None) }}"
+    install_common_service_images_file: "{{ install_common_service_images_glob | first | default(None) }}"
+    install_common_workspace_images_file: "{{ install_common_workspace_images_glob | first | default(None) }}"
+    install_common_network_plugin_file: "{{ install_common_network_plugin_glob | first | default(None) }}"
 
 - name: Assert that Kasm installer exists
-  assert:
+  ansible.builtin.assert:
     that:
-      - installer_file
+      - install_common_installer_file is not none
     fail_msg:
       - "Kasm installer not found"
-      - "Ensure that kasm_workspaces installer tarfile is in {{role_path}}/files/"
+      - "Ensure that kasm_workspaces installer tarfile is in {{ role_path }}/files/"
 
-- name: unarchive kasm installer
-  unarchive:
-    src: "{{ installer_file }}"
-    dest: "{{ tempdir.path }}"
+- name: Unarchive kasm installer
+  ansible.builtin.unarchive:
+    src: "{{ install_common_installer_file }}"
+    dest: "{{ install_common_tempdir.path }}"
 
 - name: Copy service images
-  copy:
-    src: "{{ service_images_file }}"
-    dest: "{{ tempdir.path }}"
-  register: service_images_copy
-  when: service_images_file
+  ansible.builtin.copy:
+    src: "{{ install_common_service_images_file }}"
+    dest: "{{ install_common_tempdir.path }}"
+    mode: "0644"
+  register: install_common_service_images_copy
+  when: install_common_service_images_file is not none
 
 - name: Copy Workspace images
-  copy:
-    src: "{{ workspace_images_file }}"
-    dest: "{{ tempdir.path }}"
-  register: workspace_images_copy
-  when: workspace_images_file
+  ansible.builtin.copy:
+    src: "{{ install_common_workspace_images_file }}"
+    dest: "{{ install_common_tempdir.path }}"
+    mode: "0644"
+  register: install_common_workspace_images_copy
+  when: install_common_workspace_images_file is not none
 
 - name: Copy Network Plugin
-  copy:
-    src: "{{ network_plugin_file }}"
-    dest: "{{ tempdir.path }}"
-  register: network_plugin_copy
-  when: network_plugin_file
+  ansible.builtin.copy:
+    src: "{{ install_common_network_plugin_file }}"
+    dest: "{{ install_common_tempdir.path }}"
+    mode: "0644"
+  register: install_common_network_plugin_copy
+  when: install_common_network_plugin_file is not none
diff --git a/roles/install_common/tasks/db_install.yml b/roles/install_common/tasks/db_install.yml
@@ -1,22 +1,25 @@
+---
 - name: Install database role
-  command: > 
-    bash {{ tempdir.path }}/kasm_release/install.sh 
-      --role db 
-      --accept-eula 
-      --proxy-port {{ proxy_port }} 
-      --database-user {{ database_user }} 
+  ansible.builtin.command: >
+    bash {{ install_common_tempdir.path }}/kasm_release/install.sh
+      --role db
+      --accept-eula
+      --proxy-port {{ proxy_port }}
+      --database-user {{ database_user }}
       --database-name {{ database_name }}
-      --db-password {{ database_password }} 
-      --user-password {{ user_password }} 
-      --admin-password {{ admin_password }} 
-      --manager-token {{ manager_token }} 
+      --db-password {{ database_password }}
+      --user-password {{ user_password }}
+      --admin-password {{ admin_password }}
+      --manager-token {{ manager_token }}
       --registration-token {{ registration_token }}
       --server-zone {{ zones[0] }}
-      {{ '--no-db-ssl ' if not database_ssl }} 
-      {{ '--offline-service ' ~ service_images_copy.dest if service_images_file }} 
-      {{ '--offline-workspaces ' ~ workspace_images_copy.dest if workspace_images_file }}
-  register: install_output
+      {{ '--no-db-ssl ' if not database_ssl }}
+      {{ '--offline-service ' ~ install_common_service_images_copy.dest if install_common_service_images_file }}
+      {{ '--offline-workspaces ' ~ install_common_workspace_images_copy.dest if install_common_workspace_images_file }}
+  register: install_common_output
   become: true
   retries: 20
   delay: 10
-  until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr)
+  until: install_common_output is success or
+    ('Failed to lock apt for exclusive operation' not in install_common_output.stderr and '/var/lib/dpkg/lock' not in install_common_output.stderr)
+  changed_when: true
diff --git a/roles/install_common/tasks/default_credentials.yml b/roles/install_common/tasks/default_credentials.yml
@@ -1,31 +1,32 @@
+---
 # Setup default creds if users don't set them in the inventory
 
-- set_fact:
+- ansible.builtin.set_fact:
     database_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
   when: database_password is not defined
   run_once: true
   delegate_to: localhost
-  
-- set_fact:
+
+- ansible.builtin.set_fact:
     user_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
   when: user_password is not defined
   run_once: true
   delegate_to: localhost
 
-- set_fact:
+- ansible.builtin.set_fact:
     admin_password: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
   when: admin_password is not defined
   run_once: true
   delegate_to: localhost
 
-- set_fact:
+- ansible.builtin.set_fact:
     manager_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=16') }}"
   when: manager_token is not defined
   run_once: true
   delegate_to: localhost
 
-- set_fact:
+- ansible.builtin.set_fact:
     registration_token: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=22') }}"
   when: registration_token is not defined
   run_once: true
-  delegate_to: localhost 
+  delegate_to: localhost
diff --git a/roles/install_common/tasks/guac_install.yml b/roles/install_common/tasks/guac_install.yml
@@ -1,6 +1,7 @@
+---
 - name: Check connection from guac to webserver
-  uri:
-    url: "https://{{ web_ip }}:{{ proxy_port }}/api/__healthcheck"
+  ansible.builtin.uri:
+    url: "https://{{ install_common_web_host }}:{{ proxy_port }}/api/__healthcheck"
     timeout: 5
     validate_certs: false
   register: _result
@@ -9,17 +10,18 @@
   delay: 5
 
 - name: Install guac role
-  command: >
-    bash {{ tempdir.path }}/kasm_release/install.sh 
-      --role guac 
-      --accept-eula 
-      --proxy-port {{ proxy_port }} 
-      --api-hostname {{ web_ip }} 
-      --public-hostname {{ target_ip }} 
-      --registration-token {{ registration_token }} 
-      {{ '-s ' ~ service_images_copy.dest if service_images_file }}
+  ansible.builtin.command: >
+    bash {{ install_common_tempdir.path }}/kasm_release/install.sh
+      --role guac
+      --accept-eula
+      --proxy-port {{ proxy_port }}
+      --api-hostname {{ install_common_web_host }}
+      --public-hostname {{ install_common_target_host }}
+      --registration-token {{ registration_token }}
+      {{ '-s ' ~ install_common_service_images_copy.dest if install_common_service_images_file }}
   register: install_output
   become: true
   retries: 20
   delay: 10
-  until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in install_output.stderr)
+  until: install_output is success or ('Failed to lock apt for exclusive operation' not in install_output.stderr and '/var/lib/dpkg/lock' not in
+    install_output.stderr)