jlay/deploy-base
1
1
Fork 0
Code Issues Pull requests Activity
deploy-base/roles/bootstrap/tasks/main.yml

126 lines
4.4 KiB
YAML
Raw Blame History

---
- name: Bootstrap/common tasks
tags:
- bootstrap
block:
- name: Gather service facts
ansible.builtin.service_facts:
tags: ['always'] # ensure this runs if tasks are selected w/ tags (may provide required info)
- name: Remove unwanted packages # before installation; may be required for conflicts
become: true
ansible.builtin.package:
name: "{{ item }}"
state: absent
with_items: "{{ bootstrap_unwanted_pkgs }}"
- name: Install prereqs
become: true
ansible.builtin.package:
name: "{{ bootstrap_default_pkgs['common'] + bootstrap_default_pkgs[ansible_distribution] }}"
state: present
update_cache: true
when: (not ansible_local.os.is_atomic) # skip if an ostree/atomic host, unhandled
- name: Include dnf tasks
ansible.builtin.include_tasks: dnf.yml
when:
- ansible_os_family in ["RedHat"]
- not ansible_local.os.is_atomic # see 'custom-facts' role
- ansible_distribution_major_version is version('8', '>=') # don't use on EL6/7, as rare as they are anymore
- name: Disable fastestmirror (Fedora - non-atomic)
become: true
ansible.builtin.lineinfile:
path: /etc/dnf/dnf.conf
regexp: "^fastestmirror="
line: "fastestmirror=False"
when: ansible_distribution in ["Fedora"] and not ansible_local.os.is_atomic
- name: Remove update_etc_hosts from cloud.cfg
become: true
ansible.builtin.lineinfile:
line: ' - update_etc_hosts'
path: /etc/cloud/cloud.cfg
state: absent
when: ansible_local.os.is_cloudy
# - name: Add all hosts to /etc/hosts
# become: true
# ansible.builtin.lineinfile:
# path: /etc/hosts
# state: present
# line: "{{ hostvars[item].ip | default('127.0.0.1') }} {{ hostvars[item].ansible_hostname }}"
# regexp: "^{{ hostvars[item].ip | default('127.0.0.1') }}.*{{ hostvars[item].ansible_hostname }}$"
# with_items: "{{ groups.all }}"
- name: Set hostname to match inventory
become: true
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
register: hostname_change
- name: Remove requiretty
become: true
ansible.builtin.lineinfile:
regexp: '^\w+\s+requiretty'
path: /etc/sudoers
state: absent
- name: Import EPEL GPG key
become: true
ansible.builtin.rpm_key:
state: present
key: https://getfedora.org/static/fedora.gpg
when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic
- name: Install EPEL (dist pkg)
become: true
ansible.builtin.package:
name: epel-release
state: present
when: ansible_distribution in ['CentOS'] and not ansible_local.os.is_atomic
- name: Install EPEL (upstream pkg)
become: true
ansible.builtin.package:
name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
state: present
when: ansible_distribution in ['Red Hat Enterprise Linux', 'RedHat'] and not ansible_local.os.is_atomic
- name: Disable NetworkManager phoning home (on Fedora, when enabled)
become: true
tags: ['phone', 'phoning']
ansible.builtin.file:
path: /etc/NetworkManager/conf.d/20-connectivity-fedora.conf
access_time: preserve # make this properly idempotent, register no change when file exists
modification_time: preserve # ^
state: touch
mode: '0644'
when:
- ansible_distribution in ['Fedora']
- not ansible_local.os.is_atomic
- "'NetworkManager.service' in ansible_facts.services"
- ansible_facts.services['NetworkManager.service'].status in ['enabled']
- name: Ensure systemd-oomd service and socket are disabled and stopped
become: true
ansible.builtin.systemd:
name: "{{ item }}"
state: stopped
enabled: false
with_items:
- systemd-oomd.service
- systemd-oomd.socket
when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic)
- name: Ensure systemd-oomd service and socket are masked
become: true
ansible.builtin.systemd:
name: "{{ item }}"
masked: true
with_items:
- systemd-oomd.service
- systemd-oomd.socket
when: (ansible_distribution in ['Fedora'] and not ansible_local.os.is_atomic)
Reference in a new issue View git blame Copy permalink