From c9bfb20e2a8105eb153e8d8e210776d4efb88b44 Mon Sep 17 00:00:00 2001 From: Josh Lay Date: Mon, 5 Apr 2021 00:18:41 -0500 Subject: [PATCH] bootstrap: fix hosts, add dnf tasks, -nmcli phoning home --- roles/bootstrap/tasks/dnf.yml | 27 +++++++++++++++++++ roles/bootstrap/tasks/main.yml | 49 +++++++++++++++++++++++----------- 2 files changed, 61 insertions(+), 15 deletions(-) create mode 100644 roles/bootstrap/tasks/dnf.yml diff --git a/roles/bootstrap/tasks/dnf.yml b/roles/bootstrap/tasks/dnf.yml new file mode 100644 index 000000000..48fbca9 --- /dev/null +++ b/roles/bootstrap/tasks/dnf.yml @@ -0,0 +1,27 @@ +--- +- name: raise max_parallel_downloads to 20 + lineinfile: + path: /etc/dnf/dnf.conf + regexp: "^max_parallel_downloads.=" + line: "max_parallel_downloads=20" + +- name: install dnf-automatic + package: + name: dnf-automatic + state: present + +- name: configure dnf-automatic + lineinfile: + path: /etc/dnf/automatic.conf + state: present + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^upgrade_type.=', line: 'upgrade_type = security' } + - { regexp: '^emit_via.=', line: 'emit_via = stdio' } + +- name: enable dnf-automatic timer + systemd: + name: dnf-automatic.timer + state: started + enabled: yes diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index faf815a..4475c37 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -23,6 +23,10 @@ set_fact: is_cloudy: "{{ cloudcfg.stat.exists }}" + - name: include dnf tasks + include_tasks: dnf.yml + when: (ansible_distribution in ["Fedora"] and not is_atomic) or (ansible_distribution in ["RedHat", "Red Hat Enterprise Linux", "CentOS"] and ansible_distribution_major_version is version('8', '>=')) + - name: install prereqs package: name: "{{ DEFAULT_PKGS | difference(ansible_facts.packages) }}" @@ -36,13 +40,6 @@ line: "fastestmirror=False" when: ansible_distribution in ["Fedora"] and not is_atomic - - name: dnf - set max_parallel_downloads to 20 (fedora - non-atomic) - lineinfile: - path: /etc/dnf/dnf.conf - regexp: "^max_parallel_downloads=" - line: "max_parallel_downloads=20" - when: ansible_distribution in ["Fedora"] and not is_atomic - - name: remove update_etc_hosts from cloud.cfg lineinfile: line: ' - update_etc_hosts' @@ -50,12 +47,12 @@ state: absent when: is_cloudy|bool - - name: add hosts to /etc/hosts + - name: add all hosts to /etc/hosts lineinfile: path: /etc/hosts state: present - line: "{{ hostvars[item].ip }} {{ hostvars[item].ansible_hostname }}" - regexp: "^{{ hostvars[item].ip }} " + line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}" + regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$" with_items: "{{ groups.all }}" - name: set hostname to match inventory @@ -69,17 +66,39 @@ path: /etc/sudoers state: absent - - name: install epel + - name: import epel GPG key + rpm_key: + state: present + key: https://getfedora.org/static/fedora.gpg + when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic + + - name: install epel (dist pkg) package: name: epel-release state: latest - when: ansible_distribution in ["CentOS", "Red Hat Enterprise Linux"] and not is_atomic + when: ansible_distribution in ['CentOS'] and not is_atomic - - name: remove earlyoom + - name: install epel (upstream pkg) package: - name: earlyoom + name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ansible_distribution_major_version}}.noarch.rpm" + state: present + when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic + + - name: remove unwanted packages + package: + name: "{{ item }}" state: absent - when: ('earlyoom' in ansible_facts.packages) + when: "(item in ansible_facts.packages)" + with_items: "{{ UNWANTED_PKGS }}" # see roles/bootstrap/defaults/main.yml + + - name: disable NetworkManager phoning home on Fedora + file: + path: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf + access_time: preserve # make this properly idempotent, register no change when file exists + modification_time: preserve # ^ + state: touch + mode: 0644 + when: (ansible_distribution in ['Fedora'] and not is_atomic) and ('NetworkManager' in ansible_facts.packages) tags: - bootstrap