--- - name: Deploy KVM virtual machines ansible.builtin.import_playbook: include/deploy-kvm-guest.yml vars: myhosts: zm - name: Configure instance hosts: zm user: root gather_facts: true vars_files: - "{{ ansible_private }}/vars.yml" pre_tasks: - name: Mount /export ansible.posix.mount: name: /export src: LABEL=/export fstype: xfs opts: noatime,noexec,nosuid,nodev passno: "0" dump: "0" state: mounted roles: - base - mod_auth_gssapi - role: keytab keytab: /etc/httpd/httpd.keytab principals: HTTP/zm.foo.sh@FOO.SH group: apache tasks: - name: Run handlers to get interfaces configured ansible.builtin.meta: flush_handlers # TODO: this should really be fixed - name: Put selinux in permissive state ansible.posix.selinux: policy: targeted state: permissive - name: Copy DNS zone files ansible.builtin.copy: dest: "/var/lib/unbound/{{ item }}" src: "/srv/dns/{{ item }}" mode: "0644" owner: root group: "{{ ansible_wheel }}" tags: dns notify: Restart unbound with_items: - 26.20.172.in-addr.arpa - cam.foo.sh - name: Include unbound role ansible.builtin.import_role: name: unbound - name: Include dhcpd and zoneminder roles ansible.builtin.include_role: name: "{{ item }}" with_items: - dhcpd - zoneminder - name: Install extra packages for debugging ansible.builtin.package: name: rtmpdump state: installed - name: Require authentication for zoneminder ansible.builtin.copy: dest: /etc/httpd/conf.local.d/zoneminder-auth.conf content: | AuthType GSSAPI GssapiBasicAuth Off AuthName "Password Required" Require valid-user mode: "0644" owner: root group: "{{ ansible_wheel }}" notify: Restart apache - name: Enable NTP server for cam network ansible.builtin.lineinfile: path: /etc/chrony.conf regexp: "^#?allow .*" line: "allow 172.20.26.0/24"