foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible/roles/base/tasks/RedHat.yml

187 lines
4.3 KiB
YAML
Raw Blame History

---
- name: Set correct hostname
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
- name: Check if dnf python bindings are installed
ansible.builtin.command:
argv:
- rpm
- "-q"
- python3-dnf
register: result
failed_when: false
changed_when: false
- name: Install dnf python bindings
ansible.builtin.command:
argv:
- dnf
- install
- "-y"
- python3-dnf
when: result.rc != 0
- name: Install OS specific roles for physical hardware
ansible.builtin.include_role:
name: cpupower
when:
- ansible_virtualization_role == "host"
- name: Install OS specific roles
ansible.builtin.include_role:
name: "{{ role }}"
with_items:
- selinux # selinux first to get fcontexts working
- rsyslog
loop_control:
loop_var: role
- name: Install systemd-resolved
ansible.builtin.include_role:
name: systemd_resolved
when: ansible_distribution == "Fedora"
- name: Install firewall
ansible.builtin.include_role:
name: iptables
when: ansible_distribution_major_version|int <= 8
- name: Install firewall
ansible.builtin.include_role:
name: nftables
when: ansible_distribution_major_version|int >= 9
- name: Fix SELinux context from /export
community.general.sefcontext:
path: "/export"
setype: var_t
- name: Check SELinux context from /export
ansible.builtin.command:
argv:
- matchpathcon
- -V
- /export
register: result
check_mode: false
changed_when: false
failed_when: false
- name: Apply selinux context to /export
ansible.builtin.command:
argv:
- restorecon
- -iv
- /export
when: "' should be ' in result.stdout"
- name: Enable tmpfs mount for /tmp
ansible.builtin.service:
name: tmp.mount
state: started
enabled: true
- name: Install postfix
ansible.builtin.include_role:
name: postfix
when: "'mail' not in group_names"
- name: Install packages
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
- bind-utils # dig
- bzip2 # bzip
- cronie # missing from fedora
- curl # curl
- iotop # monitor io usage
- nc # netcat
- net-tools # ifconfig etc
- psmisc # pstree for debugging
- rsync # rsync
- strace # debugging
- sysstat # sa, sar
- tar # tar
- tcpdump # for network debugging
- telnet # test ports
- tmpwatch # tmp cleanup
- usbutils # lsusb
- vim-enhanced # working vi :)
- xterm # resize
- name: Install roles for physical hardware
ansible.builtin.include_role:
name: fwupd
when:
- ansible_virtualization_role == "host"
- name: Install packages for physical hardware
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
- hdparm
- pciutils
- powertop
when:
- ansible_virtualization_role == "host"
- name: Install packages (el8 and older)
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
- mailx
when: ansible_distribution_major_version|int <= 8
- name: Install packages (el9 and newer)
ansible.builtin.package:
name: "{{ item }}"
state: installed
with_items:
- s-nail
when: ansible_distribution_major_version|int >= 9
- name: Disable grep colors
ansible.builtin.file:
dest: /etc/GREP_COLORS
state: absent
- name: Check date format
ansible.builtin.shell:
cmd: |
set -o pipefail
localectl status | grep -E '^\s+LC_TIME=C.UTF-8$'
executable: /bin/bash
register: locale_check
changed_when: false
failed_when: false
check_mode: false
- name: Set date format to use 24 hour clock
ansible.builtin.command:
argv:
- localectl
- set-locale
- LC_TIME=C.UTF-8
register: result
changed_when: result.rc == 0
when: locale_check.rc != 0
- name: Store date and time for bash history
ansible.builtin.copy:
dest: /etc/profile.d/history.sh
content: 'export HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "'
mode: "0644"
owner: root
group: "{{ ansible_wheel }}"
- name: Cron job for downloading updates
ansible.builtin.cron:
name: dnf-downloadonly
user: root
hour: "3"
minute: "{{ 59 | random(seed=inventory_hostname) }}"
job: "dnf-3 -q -y update --downloadonly"
Reference in a new issue View git blame Copy permalink