From bd0f479b76631f9e1fb0da8ab79a3bbb82b1b781 Mon Sep 17 00:00:00 2001 From: Josh Lay Date: Sun, 27 Jul 2025 12:43:07 -0500 Subject: [PATCH 1/2] docker: become to install/enable --- roles/docker/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index cf8559a..37eddbc 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,11 +2,13 @@ # depends on create-user role / create_username var - name: "Install Docker" + become: true ansible.builtin.package: name: "{{ docker_pkgs[ansible_distribution] }}" state: present - name: Enable/start docker + become: true ansible.builtin.service: name: docker state: started From 024b6f8c9fa85f15675fc8fedad15f7b185fb547 Mon Sep 17 00:00:00 2001 From: Josh Lay Date: Sun, 27 Jul 2025 12:45:01 -0500 Subject: [PATCH 2/2] bootstrap: pkg dict, custom facts --- roles/bootstrap/defaults/main.yml | 25 ++++++-- roles/bootstrap/tasks/main.yml | 103 +++++++++++++----------------- 2 files changed, 63 insertions(+), 65 deletions(-) diff --git a/roles/bootstrap/defaults/main.yml b/roles/bootstrap/defaults/main.yml index dfc2e6e..afc8670 100644 --- a/roles/bootstrap/defaults/main.yml +++ b/roles/bootstrap/defaults/main.yml @@ -1,12 +1,25 @@ --- -DEFAULT_PKGS: - - sudo - - vim - - vim-default-editor -UNWANTED_PKGS: +bootstrap_default_pkgs: + common: + - sudo + - vim + RedHat: + - python3-rpm + - python3-dnf + AlmaLinux: &CENT + - epel-release + - python3-rpm + - python3-dnf + Rocky: *CENT + Fedora: + - vim-default-editor + - kitty-terminfo + +# removal assumes no need to sort by os_family, unlike the installation requests +bootstrap_unwanted_pkgs: - earlyoom - power-profiles-daemon - - nano - nano-default-editor + - nano - systemd-oomd-defaults - zram-generator-defaults diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index e6c967c..2d2c902 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -1,54 +1,42 @@ --- -- block: +- name: Bootstrap/common tasks + tags: + - bootstrap + block: - - name: Gather package facts - ansible.builtin.package_facts: - manager: auto + - name: Gather service facts + ansible.builtin.service_facts: + tags: ['always'] # ensure this runs if tasks are selected w/ tags (may provide required info) - - name: Check if atomic - ansible.builtin.stat: - path: /run/ostree-booted - register: ostree - - - name: Check for cloud.cfg - ansible.builtin.stat: - path: /etc/cloud/cloud.cfg - register: cloudcfg - - - name: Set fact (atomic state) - ansible.builtin.set_fact: - is_atomic: "{{ ostree.stat.exists }}" - - - name: Set fact (cloud.cfg state) - ansible.builtin.set_fact: - is_cloudy: "{{ cloudcfg.stat.exists }}" - - - name: Include dnf tasks - include_tasks: dnf.yml - when: (ansible_distribution in ["Fedora"] and not is_atomic) or (ansible_distribution in ["RedHat", "Red Hat Enterprise Linux", "CentOS"] and ansible_distribution_major_version is version('8', '>=')) - - - name: Remove unwanted packages + - name: Remove unwanted packages # before installation; may be required for conflicts become: true ansible.builtin.package: name: "{{ item }}" state: absent - when: "(item in ansible_facts.packages)" - with_items: "{{ UNWANTED_PKGS }}" # see roles/bootstrap/defaults/main.yml + with_items: "{{ bootstrap_unwanted_pkgs }}" - name: Install prereqs become: true ansible.builtin.package: - name: "{{ DEFAULT_PKGS | difference(ansible_facts.packages) }}" - state: installed - when: (ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "RedHat", "Fedora"] and not is_atomic) + name: "{{ bootstrap_default_pkgs['common'] + bootstrap_default_pkgs[ansible_distribution] }}" + state: present + update_cache: true + when: (not ansible_local.os.is_atomic) # skip if an ostree/atomic host, unhandled - - name: Disable fastestmirror (fedora - non-atomic) + - name: Include dnf tasks + ansible.builtin.include_tasks: dnf.yml + when: + - ansible_os_family in ["RedHat"] + - not ansible_local.os.is_atomic # see 'custom-facts' role + - ansible_distribution_major_version is version('8', '>=') # don't use on EL6/7, as rare as they are anymore + + - name: Disable fastestmirror (Fedora - non-atomic) become: true ansible.builtin.lineinfile: path: /etc/dnf/dnf.conf regexp: "^fastestmirror=" line: "fastestmirror=False" - when: ansible_distribution in ["Fedora"] and not is_atomic + when: ansible_distribution in ["Fedora"] and not ansible_local.os.is_atomic - name: Remove update_etc_hosts from cloud.cfg become: true @@ -56,18 +44,19 @@ line: ' - update_etc_hosts' path: /etc/cloud/cloud.cfg state: absent - when: is_cloudy|bool + when: ansible_local.os.is_cloudy - - name: Add all hosts to /etc/hosts - become: true - ansible.builtin.lineinfile: - path: /etc/hosts - state: present - line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}" - regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$" - with_items: "{{ groups.all }}" +# - name: Add all hosts to /etc/hosts +# become: true +# ansible.builtin.lineinfile: +# path: /etc/hosts +# state: present +# line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}" +# regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$" +# with_items: "{{ groups.all }}" - name: Set hostname to match inventory + become: true ansible.builtin.hostname: name: "{{ inventory_hostname }}" register: hostname_change @@ -84,31 +73,36 @@ ansible.builtin.rpm_key: state: present key: https://getfedora.org/static/fedora.gpg - when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic + when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic - name: Install EPEL (dist pkg) become: true ansible.builtin.package: name: epel-release state: present - when: ansible_distribution in ['CentOS'] and not is_atomic + when: ansible_distribution in ['CentOS'] and not ansible_local.os.is_atomic - name: Install EPEL (upstream pkg) become: true ansible.builtin.package: name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" state: present - when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not is_atomic + when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic - - name: Disable NetworkManager phoning home on Fedora + - name: Disable NetworkManager phoning home (on Fedora, when enabled) become: true + tags: ['phone', 'phoning'] ansible.builtin.file: path: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf access_time: preserve # make this properly idempotent, register no change when file exists modification_time: preserve # ^ state: touch mode: '0644' - when: (ansible_distribution in ['Fedora'] and not is_atomic) and ('NetworkManager' in ansible_facts.packages) + when: + - ansible_distribution in ['Fedora'] + - not ansible_local.os.is_atomic + - "'NetworkManager.service' in ansible_facts.services" + - ansible_facts.services['NetworkManager.service'].status in ['enabled'] - name: Ensure systemd-oomd service and socket are disabled and stopped become: true @@ -119,7 +113,7 @@ with_items: - systemd-oomd.service - systemd-oomd.socket - when: (ansible_distribution in ['Fedora'] and not is_atomic) + when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic) - name: Ensure systemd-oomd service and socket are masked become: true @@ -129,13 +123,4 @@ with_items: - systemd-oomd.service - systemd-oomd.socket - when: (ansible_distribution in ['Fedora'] and not is_atomic) - - - name: Ensure systemd-oomd-defaults package is removed - become: true - ansible.builtin.package: - name: systemd-oomd-defaults - state: absent - - tags: - - bootstrap + when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic)