--- - name: Install the basic packages yum: name={{ centos_packages_to_install }} state={{ centos_pkg_state }} tags: [ 'centos', 'bootstrap', 'packages' ] - name: Install the basic packages from the EPEL repository yum: name={{ centos_packages_from_epel }} state={{ centos_pkg_state }} when: centos_install_epel tags: [ 'centos', 'bootstrap', 'packages' ] - name: Install the packages we want on a non virtualized host yum: name={{ centos_hw_packages | default([]) }} state={{ centos_pkg_state }} when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host' tags: [ 'centos', 'bootstrap', 'packages' ] - name: Install the selinux policy file to fix a timedatectl problem and various qemu-ga ones copy: src=qemu_ag_provisioning-sepol.te dest=/usr/local/etc/qemu_ag_provisioning-sepol.te register: qemu_ga_selinux_policy tags: [ 'centos', 'rhel', 'selinux' ] - name: Activate the selinux policy for qemu shell: checkmodule -M -m -o /usr/local/etc/qemu_ag_provisioning-sepol.mod /usr/local/etc/qemu_ag_provisioning-sepol.te ; semodule_package -o /usr/local/etc/qemu_ag_provisioning-sepol.pp -m /usr/local/etc/qemu_ag_provisioning-sepol.mod ; semodule -i /usr/local/etc/qemu_ag_provisioning-sepol.pp args: creates: /usr/local/etc/qemu_ag_provisioning-sepol.pp when: qemu_ga_selinux_policy is changed tags: [ 'centos', 'rhel', 'selinux' ] - name: Install the selinux policy file to fix a systemd policy glitch copy: src=systemd-enable.te dest=/usr/local/etc/systemd-enable-sepol.te register: systemd_selinux_policy tags: [ 'centos', 'rhel', 'selinux' ] - name: Activate the selinux policy for systemd shell: checkmodule -M -m -o /usr/local/etc/systemd-enable-sepol.mod /usr/local/etc/systemd-enable-sepol.te ; semodule_package -o /usr/local/etc/systemd-enable-sepol.pp -m /usr/local/etc/systemd-enable-sepol.mod ; semodule -i /usr/local/etc/systemd-enable-sepol.pp args: creates: /usr/local/etc/systemd-enable-sepol.pp when: systemd_selinux_policy is changed tags: [ 'centos', 'rhel', 'selinux' ] - name: Activate smartmontools on a non virtualized host service: name=smartd state=started enabled=yes when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host' tags: [ 'centos', 'bootstrap', 'packages' ] - name: Install the locate utility if needed yum: name={{ centos_locate_package }} state={{ centos_pkg_state }} when: centos_enable_locate tags: [ 'centos', 'bootstrap', 'packages' ] - name: Set the timezone command: timedatectl set-timezone {{ timezone }} tags: [ 'centos', 'bootstrap' ] - name: Set the hostname when explicitly defined hostname: name={{ hostname }} when: hostname is defined tags: [ 'centos', 'bootstrap' ] - name: Set the hostname as defined in the inventory hostname: name={{ inventory_hostname }} when: hostname is not defined tags: [ 'bootstrap', 'set_hostname' ] - name: Configure the main interface to set the correct resolvers. dns1 lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DNS1=" line="DNS1={{ dns1 }}" when: centos_set_dns_servers tags: [ 'centos', 'bootstrap' ] - name: Configure the main interface to set the correct resolvers. dns2 lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DNS2=" line="DNS2={{ dns2 }}" when: centos_set_dns_servers tags: [ 'centos', 'bootstrap' ] - name: Configure the main interface to set the correct resolvers. search domain lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DOMAIN=" line="DOMAIN={{ domain_name }}" when: configure_domain_name_in_interface tags: [ 'centos', 'bootstrap' ] - name: Stop avahi before removing it when it is not needed service: name=avahi-daemon state=stopped enabled=no when: centos_remove_avahi or centos_disable_avahi ignore_errors: True tags: [ 'centos', 'bootstrap', 'avahi' ] - name: Stop and disable NetworkManager when we do not need it or we are going to remove it service: name=NetworkManager state=stopped enabled=no when: centos_remove_networkmanager or centos_disable_networkmanager ignore_errors: True tags: [ 'centos', 'bootstrap', 'networkmanager' ] - name: Remove some unneeded packages yum: name={{ centos_packages_to_remove | default ([]) }} state=absent when: centos_packages_cleanup tags: [ 'centos', 'bootstrap', 'packages' ] - name: Remove the Avahi packages yum: name={{ centos_avahi_packages | default ([]) }} state=absent when: centos_remove_avahi tags: [ 'centos', 'bootstrap', 'packages' ] - name: Remove the NetworkManager packages yum: name={{ centos_nm_packages | default ([]) }} state=absent when: centos_remove_networkmanager tags: [ 'centos', 'bootstrap', 'packages' ] - name: Disable some unneeded services service: name= state=stopped enabled=no with_items: '{{ centos_services_to_be_disabled }}' when: centos_services_to_be_disabled is defined ignore_errors: True tags: [ 'centos', 'bootstrap', 'daemons' ] - name: Configure selinux to permit core dumps by daemons seboolean: name=daemons_dump_core state=yes persistent=yes when: centos_selinux_daemons_dump_core | bool tags: [ 'centos', 'bootstrap', 'selinux' ] - name: Set other SELinux booleans. Optional seboolean: name={{ item.name }} state={{ item.state }} persistent={{ item.persistent | default('yes') }} with_items: '{{ selinux_booleans }}' when: selinux_booleans is defined tags: [ 'centos', 'bootstrap', 'selinux' ] - name: Set the SELinux global policy. Defaults to Enforcing selinux: policy={{ selinux_policy_type }} state={{ selinux_policy_state }} tags: [ 'centos', 'bootstrap', 'selinux' ] - name: various pub ssh keys for users and apps authorized_key: user=root key="{{ item }}" state=present with_items: '{{ root_ssh_keys | default([]) }}' when: manage_root_ssh_keys tags: root_pubkeys - name: Remove obsolete keys from the authorized ones authorized_key: user=root key="{{ item }}" state=absent with_items: '{{ obsolete_root_ssh_keys | default([]) }}' when: obsolete_root_ssh_keys is defined tags: root_pubkeys