Timo Makinen
3a48849a29
Newest ansible version on el9 uses python 3.11 but netaddr package is not yet packaged for it. This patch will install python 3.9 netaddr package and copy library files from there.
86 lines
2.1 KiB
YAML
86 lines
2.1 KiB
YAML
---
|
|
- name: Install packages
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- ansible
|
|
- ansible-collection-ansible-posix
|
|
- ansible-collection-community-general
|
|
- python3.11-dns # required for lookup('dig', 'hostname')
|
|
- python3-netaddr # required by iptables role
|
|
|
|
- name: Create python3.11 lib directories
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
with_items:
|
|
- /usr/local/lib/python3.11
|
|
- /usr/local/lib/python3.11/site-packages
|
|
|
|
- name: Kludge to add netaddr to python3.11 until package is released
|
|
ansible.builtin.copy:
|
|
dest: /usr/local/lib/python3.11/site-packages/netaddr
|
|
src: /usr/lib/python3.9/site-packages/netaddr
|
|
mode: preserve
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
remote_src: true
|
|
|
|
- name: Create private directory and force permissions
|
|
ansible.builtin.file:
|
|
path: /export/private
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
state: directory
|
|
|
|
- name: Link private directory
|
|
ansible.builtin.file:
|
|
src: /export/private
|
|
dest: /srv/private
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
state: link
|
|
follow: false
|
|
|
|
- name: Allow http server to access /srv/ansible
|
|
community.general.sefcontext:
|
|
path: /srv/ansible(/.*)?
|
|
setype: httpd_sys_content_t
|
|
|
|
- name: Clone ansible repository
|
|
ansible.builtin.git:
|
|
dest: /srv/ansible
|
|
repo: https://git.foo.sh/ansible.git
|
|
update: false
|
|
version: master
|
|
|
|
- name: Link facts to nginx
|
|
ansible.builtin.file:
|
|
src: "/srv/ansible/facts"
|
|
dest: "/srv/web/{{ inventory_hostname }}/facts"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
state: link
|
|
follow: false
|
|
|
|
- name: Create nginx conf
|
|
ansible.builtin.copy:
|
|
src: nginx.conf
|
|
dest: /etc/nginx/conf.d/{{ inventory_hostname }}/ansible.conf
|
|
mode: 0644
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart nginx
|
|
|
|
- name: Add custom .bashrc for root
|
|
ansible.builtin.copy:
|
|
dest: /root/.bashrc
|
|
src: root-bashrc.sh
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
mode: 0600
|