roles/bootstrap/defaults/main.yml

@@ -1,25 +1,12 @@
 ---
-bootstrap_default_pkgs:
+DEFAULT_PKGS:
-  common:
+  - sudo
-    - sudo
+  - vim
-    - vim
+  - vim-default-editor
-  RedHat:
+UNWANTED_PKGS:
-    - python3-rpm
-    - python3-dnf
-  AlmaLinux: &CENT
-    - epel-release
-    - python3-rpm
-    - python3-dnf
-  Rocky: *CENT
-  Fedora:
-    - vim-default-editor
-    - kitty-terminfo
-
-# removal assumes no need to sort by os_family, unlike the installation requests
-bootstrap_unwanted_pkgs:
   - earlyoom
   - power-profiles-daemon
-  - nano-default-editor
   - nano
+  - nano-default-editor
   - systemd-oomd-defaults
   - zram-generator-defaults

roles/bootstrap/tasks/main.yml

@@ -1,42 +1,54 @@
 ---
-- name: Bootstrap/common tasks
+- block:
-  tags:
-    - bootstrap
-  block:
 
-    - name: Gather service facts
+    - name: Gather package facts
-      ansible.builtin.service_facts:
+      ansible.builtin.package_facts:
-      tags: ['always']  # ensure this runs if tasks are selected w/ tags (may provide required info)
+        manager: auto
 
-    - name: Remove unwanted packages  # before installation; may be required for conflicts
+    - name: Check if atomic
+      ansible.builtin.stat:
+        path: /run/ostree-booted
+      register: ostree
+
+    - name: Check for cloud.cfg
+      ansible.builtin.stat:
+        path: /etc/cloud/cloud.cfg
+      register: cloudcfg
+
+    - name: Set fact (atomic state)
+      ansible.builtin.set_fact:
+        is_atomic: "{{ ostree.stat.exists }}"
+
+    - name: Set fact (cloud.cfg state)
+      ansible.builtin.set_fact:
+        is_cloudy: "{{ cloudcfg.stat.exists }}"
+
+    - name: Include dnf tasks
+      include_tasks: dnf.yml
+      when: (ansible_distribution in ["Fedora"] and not is_atomic) or (ansible_distribution in ["RedHat", "Red Hat Enterprise Linux", "CentOS"] and ansible_distribution_major_version is version('8', '>='))
+
+    - name: Remove unwanted packages
       become: true
       ansible.builtin.package:
         name: "{{ item }}"
         state: absent
-      with_items: "{{ bootstrap_unwanted_pkgs }}"
+      when: "(item in ansible_facts.packages)"
+      with_items: "{{ UNWANTED_PKGS }}" # see roles/bootstrap/defaults/main.yml
 
     - name: Install prereqs
       become: true
       ansible.builtin.package:
-        name: "{{ bootstrap_default_pkgs['common'] + bootstrap_default_pkgs[ansible_distribution] }}"
+        name: "{{ DEFAULT_PKGS | difference(ansible_facts.packages) }}"
-        state: present
+        state: installed
-        update_cache: true
+      when: (ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "RedHat", "Fedora"] and not is_atomic)
-      when: (not ansible_local.os.is_atomic)  # skip if an ostree/atomic host, unhandled
 
-    - name: Include dnf tasks
+    - name: Disable fastestmirror (fedora - non-atomic)
-      ansible.builtin.include_tasks: dnf.yml
-      when:
-        - ansible_os_family in ["RedHat"]
-        - not ansible_local.os.is_atomic  # see 'custom-facts' role
-        - ansible_distribution_major_version is version('8', '>=')  # don't use on EL6/7, as rare as they are anymore
-
-    - name: Disable fastestmirror (Fedora - non-atomic)
       become: true
       ansible.builtin.lineinfile:
         path: /etc/dnf/dnf.conf
         regexp: "^fastestmirror="
         line: "fastestmirror=False"
-      when: ansible_distribution in ["Fedora"] and not ansible_local.os.is_atomic
+      when: ansible_distribution in ["Fedora"] and not is_atomic
 
     - name: Remove update_etc_hosts from cloud.cfg
       become: true
@@ -44,19 +56,18 @@
         line: ' - update_etc_hosts'
         path: /etc/cloud/cloud.cfg
         state: absent
-      when: ansible_local.os.is_cloudy
+      when: is_cloudy|bool
 
-#    - name: Add all hosts to /etc/hosts
+    - name: Add all hosts to /etc/hosts
-#      become: true
+      become: true
-#      ansible.builtin.lineinfile:
+      ansible.builtin.lineinfile:
-#        path: /etc/hosts
+        path: /etc/hosts
-#        state: present
+        state: present
-#        line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}"
+        line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}"
-#        regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$"
+        regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$"
-#      with_items: "{{ groups.all }}"
+      with_items: "{{ groups.all }}"
 
     - name: Set hostname to match inventory
-      become: true
       ansible.builtin.hostname:
         name: "{{ inventory_hostname }}"
       register: hostname_change
@@ -73,36 +84,31 @@
       ansible.builtin.rpm_key:
         state: present
         key: https://getfedora.org/static/fedora.gpg
-      when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic
+      when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic
 
     - name: Install EPEL (dist pkg)
       become: true
       ansible.builtin.package:
         name: epel-release
         state: present
-      when: ansible_distribution in ['CentOS'] and not ansible_local.os.is_atomic
+      when: ansible_distribution in ['CentOS'] and not is_atomic
 
     - name: Install EPEL (upstream pkg)
       become: true
       ansible.builtin.package:
         name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
         state: present
-      when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic
+      when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic
 
-    - name: Disable NetworkManager phoning home (on Fedora, when enabled)
+    - name: Disable NetworkManager phoning home on Fedora
       become: true
-      tags: ['phone', 'phoning']
       ansible.builtin.file:
         path: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf
         access_time: preserve # make this properly idempotent, register no change when file exists
         modification_time: preserve # ^
         state: touch
         mode: '0644'
-      when:
+      when: (ansible_distribution in ['Fedora'] and not is_atomic) and ('NetworkManager' in ansible_facts.packages)
-        - ansible_distribution in ['Fedora']
-        - not ansible_local.os.is_atomic
-        - "'NetworkManager.service' in ansible_facts.services"
-        - ansible_facts.services['NetworkManager.service'].status in ['enabled']
 
     - name: Ensure systemd-oomd service and socket are disabled and stopped
       become: true
@@ -113,7 +119,7 @@
       with_items:
         - systemd-oomd.service
         - systemd-oomd.socket
-      when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic)
+      when: (ansible_distribution in ['Fedora'] and not is_atomic)
 
     - name: Ensure systemd-oomd service and socket are masked
       become: true
@@ -123,4 +129,13 @@
       with_items:
         - systemd-oomd.service
         - systemd-oomd.socket
-      when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic)
+      when: (ansible_distribution in ['Fedora'] and not is_atomic)
+
+    - name: Ensure systemd-oomd-defaults package is removed
+      become: true
+      ansible.builtin.package:
+        name: systemd-oomd-defaults
+        state: absent
+
+  tags:
+    - bootstrap

roles/docker/tasks/main.yml

@@ -2,13 +2,11 @@
 # depends on create-user role / create_username var
 
 - name: "Install Docker"
-  become: true
   ansible.builtin.package:
     name: "{{ docker_pkgs[ansible_distribution] }}"
     state: present
 
 - name: Enable/start docker
-  become: true
   ansible.builtin.service:
     name: docker
     state: started