--- - name: basic_setup_el | Install the basic packages ansible.builtin.dnf: name: "{{ centos_packages_to_install }}" state: "{{ centos_pkg_state }}" tags: - centos - bootstrap - packages - name: basic_setup_el | Install the basic packages from the EPEL repository ansible.builtin.dnf: name: "{{ centos_packages_from_epel }}" state: "{{ centos_pkg_state }}" when: centos_install_epel tags: - centos - bootstrap - packages - name: basic_setup_el | Install the packages we want on a non virtualized host ansible.builtin.dnf: name: "{{ centos_hw_packages | default([]) }}" state: "{{ centos_pkg_state }}" when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host' tags: - centos - bootstrap - packages - name: basic_setup_el | Install the selinux policy file to fix a timedatectl problem and various qemu-ga ones ansible.builtin.copy: src: qemu_ag_provisioning-sepol.te dest: /usr/local/etc/qemu_ag_provisioning-sepol.te owner: root group: root mode: "0644" register: qemu_ga_selinux_policy tags: - centos - rhel - selinux - name: basic_setup_el | Activate the selinux policy for qemu ansible.builtin.shell: > checkmodule -M -m -o /usr/local/etc/qemu_ag_provisioning-sepol.mod /usr/local/etc/qemu_ag_provisioning-sepol.te && semodule_package -o /usr/local/etc/qemu_ag_provisioning-sepol.pp -m /usr/local/etc/qemu_ag_provisioning-sepol.mod && semodule -i /usr/local/etc/qemu_ag_provisioning-sepol.pp args: creates: /usr/local/etc/qemu_ag_provisioning-sepol.pp when: qemu_ga_selinux_policy is changed # noqa: no-handler tags: - centos - rhel - selinux - name: basic_setup_el | Install the selinux policy file to fix a systemd policy glitch ansible.builtin.copy: src: systemd-enable.te dest: /usr/local/etc/systemd-enable-sepol.te owner: root group: root mode: "0644" register: systemd_selinux_policy tags: - centos - rhel - selinux - name: basic_setup_el | Activate the selinux policy for systemd ansible.builtin.shell: > checkmodule -M -m -o /usr/local/etc/systemd-enable-sepol.mod /usr/local/etc/systemd-enable-sepol.te && semodule_package -o /usr/local/etc/systemd-enable-sepol.pp -m /usr/local/etc/systemd-enable-sepol.mod && semodule -i /usr/local/etc/systemd-enable-sepol.pp args: creates: /usr/local/etc/systemd-enable-sepol.pp when: systemd_selinux_policy is changed # noqa: no-handler tags: - centos - rhel - selinux - name: basic_setup_el | Activate smartmontools on a non virtualized host ansible.builtin.service: name: smartd state: started enabled: true when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host' tags: - centos - bootstrap - packages - name: basic_setup_el | Install the locate utility if needed ansible.builtin.dnf: name: "{{ centos_locate_package }}" state: "{{ centos_pkg_state }}" when: centos_enable_locate tags: - centos - bootstrap - packages - name: basic_setup_el | Configure the main interface to set the correct resolvers - dns1 ansible.builtin.lineinfile: name: /etc/sysconfig/network-scripts/ifcfg-eth0 regexp: ^DNS1= line: DNS1={{ dns1 }} when: centos_set_dns_servers tags: - centos - bootstrap - name: basic_setup_el | Configure the main interface to set the correct resolvers - dns2 ansible.builtin.lineinfile: name: /etc/sysconfig/network-scripts/ifcfg-eth0 regexp: ^DNS2= line: DNS2={{ dns2 }} when: centos_set_dns_servers tags: - centos - bootstrap - name: basic_setup_el | Configure the main interface to set the correct search domain ansible.builtin.lineinfile: name: /etc/sysconfig/network-scripts/ifcfg-eth0 regexp: ^DOMAIN= line: DOMAIN={{ domain_name }} when: configure_domain_name_in_interface tags: - centos - bootstrap - name: basic_setup_el | Stop avahi before removing it when it is not needed ansible.builtin.service: name: avahi-daemon state: stopped enabled: false when: centos_remove_avahi or centos_disable_avahi failed_when: false tags: - centos - bootstrap - avahi - name: basic_setup_el | Stop and disable NetworkManager when we do not need it ansible.builtin.service: name: NetworkManager state: stopped enabled: false when: centos_remove_networkmanager or centos_disable_networkmanager failed_when: false tags: - centos - bootstrap - networkmanager - name: basic_setup_el | Remove some unneeded packages ansible.builtin.dnf: name: "{{ centos_packages_to_remove | default([]) }}" state: absent when: centos_packages_cleanup tags: - centos - bootstrap - packages - name: basic_setup_el | Remove the Avahi packages ansible.builtin.dnf: name: "{{ centos_avahi_packages | default([]) }}" state: absent when: centos_remove_avahi tags: - centos - bootstrap - packages - name: basic_setup_el | Remove the NetworkManager packages ansible.builtin.dnf: name: "{{ centos_nm_packages | default([]) }}" state: absent when: centos_remove_networkmanager tags: - centos - bootstrap - packages - name: basic_setup_el | Disable some unneeded services ansible.builtin.service: name: "{{ item }}" state: stopped enabled: false loop: "{{ centos_services_to_be_disabled }}" when: centos_services_to_be_disabled is defined failed_when: false tags: - centos - bootstrap - daemons - name: basic_setup_el | Configure selinux to permit core dumps by daemons ansible.posix.seboolean: name: daemons_dump_core state: true persistent: true when: centos_selinux_daemons_dump_core | bool tags: - centos - bootstrap - selinux - name: basic_setup_el | Set other SELinux booleans - Optional ansible.posix.seboolean: name: "{{ item.name }}" state: "{{ item.state }}" persistent: "{{ item.persistent | default('yes') }}" loop: "{{ selinux_booleans }}" when: selinux_booleans is defined tags: - centos - bootstrap - selinux - name: basic_setup_el | Set the SELinux global policy - Defaults to Enforcing ansible.posix.selinux: policy: "{{ selinux_policy_type }}" state: "{{ selinux_policy_state }}" tags: - centos - bootstrap - selinux - name: basic_setup_el | Add public ssh keys for root ansible.posix.authorized_key: user: root key: "{{ item }}" state: present loop: "{{ root_ssh_keys | default([]) }}" when: manage_root_ssh_keys tags: - root_pubkeys - name: basic_setup_el | Remove obsolete keys from the authorized ones ansible.posix.authorized_key: user: root key: "{{ item }}" state: absent loop: "{{ obsolete_root_ssh_keys | default([]) }}" when: obsolete_root_ssh_keys is defined tags: - root_pubkeys