--- - name: Bootstrap/common tasks tags: - bootstrap block: - name: Gather service facts ansible.builtin.service_facts: tags: ['always'] # ensure this runs if tasks are selected w/ tags (may provide required info) - name: Remove unwanted packages # before installation; may be required for conflicts become: true ansible.builtin.package: name: "{{ item }}" state: absent with_items: "{{ bootstrap_unwanted_pkgs }}" - name: Install prereqs become: true ansible.builtin.package: name: "{{ bootstrap_default_pkgs['common'] + bootstrap_default_pkgs[ansible_distribution] }}" state: present update_cache: true when: (not ansible_local.os.is_atomic) # skip if an ostree/atomic host, unhandled - name: Include dnf tasks ansible.builtin.include_tasks: dnf.yml when: - ansible_os_family in ["RedHat"] - not ansible_local.os.is_atomic # see 'custom-facts' role - ansible_distribution_major_version is version('8', '>=') # don't use on EL6/7, as rare as they are anymore - name: Disable fastestmirror (Fedora - non-atomic) become: true ansible.builtin.lineinfile: path: /etc/dnf/dnf.conf regexp: "^fastestmirror=" line: "fastestmirror=False" when: ansible_distribution in ["Fedora"] and not ansible_local.os.is_atomic - name: Remove update_etc_hosts from cloud.cfg become: true ansible.builtin.lineinfile: line: ' - update_etc_hosts' path: /etc/cloud/cloud.cfg state: absent when: ansible_local.os.is_cloudy # - name: Add all hosts to /etc/hosts # become: true # ansible.builtin.lineinfile: # path: /etc/hosts # state: present # line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}" # regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$" # with_items: "{{ groups.all }}" - name: Set hostname to match inventory become: true ansible.builtin.hostname: name: "{{ inventory_hostname }}" register: hostname_change - name: Remove requiretty become: true ansible.builtin.lineinfile: regexp: '^\w+\s+requiretty' path: /etc/sudoers state: absent - name: Import EPEL GPG key become: true ansible.builtin.rpm_key: state: present key: https://getfedora.org/static/fedora.gpg when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic - name: Install EPEL (dist pkg) become: true ansible.builtin.package: name: epel-release state: present when: ansible_distribution in ['CentOS'] and not ansible_local.os.is_atomic - name: Install EPEL (upstream pkg) become: true ansible.builtin.package: name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" state: present when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic - name: Disable NetworkManager phoning home (on Fedora, when enabled) become: true tags: ['phone', 'phoning'] ansible.builtin.file: path: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf access_time: preserve # make this properly idempotent, register no change when file exists modification_time: preserve # ^ state: touch mode: '0644' when: - ansible_distribution in ['Fedora'] - not ansible_local.os.is_atomic - "'NetworkManager.service' in ansible_facts.services" - ansible_facts.services['NetworkManager.service'].status in ['enabled'] - name: Ensure systemd-oomd service and socket are disabled and stopped become: true ansible.builtin.systemd: name: "{{ item }}" state: stopped enabled: false with_items: - systemd-oomd.service - systemd-oomd.socket when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic) - name: Ensure systemd-oomd service and socket are masked become: true ansible.builtin.systemd: name: "{{ item }}" masked: true with_items: - systemd-oomd.service - systemd-oomd.socket when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic)