diff --git a/roles/bootstrap/defaults/main.yml b/roles/bootstrap/defaults/main.yml index afc8670..dfc2e6e 100644 --- a/roles/bootstrap/defaults/main.yml +++ b/roles/bootstrap/defaults/main.yml @@ -1,25 +1,12 @@ --- -bootstrap_default_pkgs: - common: - - sudo - - vim - RedHat: - - python3-rpm - - python3-dnf - AlmaLinux: &CENT - - epel-release - - python3-rpm - - python3-dnf - Rocky: *CENT - Fedora: - - vim-default-editor - - kitty-terminfo - -# removal assumes no need to sort by os_family, unlike the installation requests -bootstrap_unwanted_pkgs: +DEFAULT_PKGS: + - sudo + - vim + - vim-default-editor +UNWANTED_PKGS: - earlyoom - power-profiles-daemon - - nano-default-editor - nano + - nano-default-editor - systemd-oomd-defaults - zram-generator-defaults diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index 2d2c902..e6c967c 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -1,42 +1,54 @@ --- -- name: Bootstrap/common tasks - tags: - - bootstrap - block: +- block: - - name: Gather service facts - ansible.builtin.service_facts: - tags: ['always'] # ensure this runs if tasks are selected w/ tags (may provide required info) + - name: Gather package facts + ansible.builtin.package_facts: + manager: auto - - name: Remove unwanted packages # before installation; may be required for conflicts + - name: Check if atomic + ansible.builtin.stat: + path: /run/ostree-booted + register: ostree + + - name: Check for cloud.cfg + ansible.builtin.stat: + path: /etc/cloud/cloud.cfg + register: cloudcfg + + - name: Set fact (atomic state) + ansible.builtin.set_fact: + is_atomic: "{{ ostree.stat.exists }}" + + - name: Set fact (cloud.cfg state) + ansible.builtin.set_fact: + is_cloudy: "{{ cloudcfg.stat.exists }}" + + - name: Include dnf tasks + include_tasks: dnf.yml + when: (ansible_distribution in ["Fedora"] and not is_atomic) or (ansible_distribution in ["RedHat", "Red Hat Enterprise Linux", "CentOS"] and ansible_distribution_major_version is version('8', '>=')) + + - name: Remove unwanted packages become: true ansible.builtin.package: name: "{{ item }}" state: absent - with_items: "{{ bootstrap_unwanted_pkgs }}" + when: "(item in ansible_facts.packages)" + with_items: "{{ UNWANTED_PKGS }}" # see roles/bootstrap/defaults/main.yml - name: Install prereqs become: true ansible.builtin.package: - name: "{{ bootstrap_default_pkgs['common'] + bootstrap_default_pkgs[ansible_distribution] }}" - state: present - update_cache: true - when: (not ansible_local.os.is_atomic) # skip if an ostree/atomic host, unhandled + name: "{{ DEFAULT_PKGS | difference(ansible_facts.packages) }}" + state: installed + when: (ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "RedHat", "Fedora"] and not is_atomic) - - name: Include dnf tasks - ansible.builtin.include_tasks: dnf.yml - when: - - ansible_os_family in ["RedHat"] - - not ansible_local.os.is_atomic # see 'custom-facts' role - - ansible_distribution_major_version is version('8', '>=') # don't use on EL6/7, as rare as they are anymore - - - name: Disable fastestmirror (Fedora - non-atomic) + - name: Disable fastestmirror (fedora - non-atomic) become: true ansible.builtin.lineinfile: path: /etc/dnf/dnf.conf regexp: "^fastestmirror=" line: "fastestmirror=False" - when: ansible_distribution in ["Fedora"] and not ansible_local.os.is_atomic + when: ansible_distribution in ["Fedora"] and not is_atomic - name: Remove update_etc_hosts from cloud.cfg become: true @@ -44,19 +56,18 @@ line: ' - update_etc_hosts' path: /etc/cloud/cloud.cfg state: absent - when: ansible_local.os.is_cloudy + when: is_cloudy|bool -# - name: Add all hosts to /etc/hosts -# become: true -# ansible.builtin.lineinfile: -# path: /etc/hosts -# state: present -# line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}" -# regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$" -# with_items: "{{ groups.all }}" + - name: Add all hosts to /etc/hosts + become: true + ansible.builtin.lineinfile: + path: /etc/hosts + state: present + line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}" + regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$" + with_items: "{{ groups.all }}" - name: Set hostname to match inventory - become: true ansible.builtin.hostname: name: "{{ inventory_hostname }}" register: hostname_change @@ -73,36 +84,31 @@ ansible.builtin.rpm_key: state: present key: https://getfedora.org/static/fedora.gpg - when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic + when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic - name: Install EPEL (dist pkg) become: true ansible.builtin.package: name: epel-release state: present - when: ansible_distribution in ['CentOS'] and not ansible_local.os.is_atomic + when: ansible_distribution in ['CentOS'] and not is_atomic - name: Install EPEL (upstream pkg) become: true ansible.builtin.package: name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" state: present - when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic + when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic - - name: Disable NetworkManager phoning home (on Fedora, when enabled) + - name: Disable NetworkManager phoning home on Fedora become: true - tags: ['phone', 'phoning'] ansible.builtin.file: path: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf access_time: preserve # make this properly idempotent, register no change when file exists modification_time: preserve # ^ state: touch mode: '0644' - when: - - ansible_distribution in ['Fedora'] - - not ansible_local.os.is_atomic - - "'NetworkManager.service' in ansible_facts.services" - - ansible_facts.services['NetworkManager.service'].status in ['enabled'] + when: (ansible_distribution in ['Fedora'] and not is_atomic) and ('NetworkManager' in ansible_facts.packages) - name: Ensure systemd-oomd service and socket are disabled and stopped become: true @@ -113,7 +119,7 @@ with_items: - systemd-oomd.service - systemd-oomd.socket - when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic) + when: (ansible_distribution in ['Fedora'] and not is_atomic) - name: Ensure systemd-oomd service and socket are masked become: true @@ -123,4 +129,13 @@ with_items: - systemd-oomd.service - systemd-oomd.socket - when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic) + when: (ansible_distribution in ['Fedora'] and not is_atomic) + + - name: Ensure systemd-oomd-defaults package is removed + become: true + ansible.builtin.package: + name: systemd-oomd-defaults + state: absent + + tags: + - bootstrap diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 37eddbc..cf8559a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,13 +2,11 @@ # depends on create-user role / create_username var - name: "Install Docker" - become: true ansible.builtin.package: name: "{{ docker_pkgs[ansible_distribution] }}" state: present - name: Enable/start docker - become: true ansible.builtin.service: name: docker state: started