ISTI-ansible-roles
/
ansible-roles
5
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity
ansible-roles/library/centos/roles/basic-setup/tasks/main.yml

141 lines
6.0 KiB
YAML
Raw Blame History

---
- name: Install the basic packages
yum: name={{ centos_packages_to_install }} state={{ centos_pkg_state }}
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Install the basic packages from the EPEL repository
yum: name={{ centos_packages_from_epel }} state={{ centos_pkg_state }}
when: centos_install_epel
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Install the packages we want on a non virtualized host
yum: name={{ centos_hw_packages | default([]) }} state={{ centos_pkg_state }}
when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host'
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Install the selinux policy file to fix a timedatectl problem and various qemu-ga ones
copy: src=qemu_ag_provisioning-sepol.te dest=/usr/local/etc/qemu_ag_provisioning-sepol.te
register: qemu_ga_selinux_policy
tags: [ 'centos', 'rhel', 'selinux' ]
- name: Activate the selinux policy for qemu
shell: checkmodule -M -m -o /usr/local/etc/qemu_ag_provisioning-sepol.mod /usr/local/etc/qemu_ag_provisioning-sepol.te ; semodule_package -o /usr/local/etc/qemu_ag_provisioning-sepol.pp -m /usr/local/etc/qemu_ag_provisioning-sepol.mod ; semodule -i /usr/local/etc/qemu_ag_provisioning-sepol.pp
args:
creates: /usr/local/etc/qemu_ag_provisioning-sepol.pp
when: qemu_ga_selinux_policy is changed
tags: [ 'centos', 'rhel', 'selinux' ]
- name: Install the selinux policy file to fix a systemd policy glitch
copy: src=systemd-enable.te dest=/usr/local/etc/systemd-enable-sepol.te
register: systemd_selinux_policy
tags: [ 'centos', 'rhel', 'selinux' ]
- name: Activate the selinux policy for systemd
shell: checkmodule -M -m -o /usr/local/etc/systemd-enable-sepol.mod /usr/local/etc/systemd-enable-sepol.te ; semodule_package -o /usr/local/etc/systemd-enable-sepol.pp -m /usr/local/etc/systemd-enable-sepol.mod ; semodule -i /usr/local/etc/systemd-enable-sepol.pp
args:
creates: /usr/local/etc/systemd-enable-sepol.pp
when: systemd_selinux_policy is changed
tags: [ 'centos', 'rhel', 'selinux' ]
- name: Activate smartmontools on a non virtualized host
service: name=smartd state=started enabled=yes
when: ansible_virtualization_role is defined and ansible_virtualization_role == 'host'
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Install the locate utility if needed
yum: name={{ centos_locate_package }} state={{ centos_pkg_state }}
when: centos_enable_locate
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Set the timezone
command: timedatectl set-timezone {{ timezone }}
tags: [ 'centos', 'bootstrap' ]
- name: Set the hostname when explicitly defined
hostname: name={{ hostname }}
when: hostname is defined
tags: [ 'centos', 'bootstrap' ]
- name: Set the hostname as defined in the inventory
hostname: name={{ inventory_hostname }}
when: hostname is not defined
tags: [ 'bootstrap', 'set_hostname' ]
- name: Configure the main interface to set the correct resolvers. dns1
lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DNS1=" line="DNS1={{ dns1 }}"
when: centos_set_dns_servers
tags: [ 'centos', 'bootstrap' ]
- name: Configure the main interface to set the correct resolvers. dns2
lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DNS2=" line="DNS2={{ dns2 }}"
when: centos_set_dns_servers
tags: [ 'centos', 'bootstrap' ]
- name: Configure the main interface to set the correct resolvers. search domain
lineinfile: name=/etc/sysconfig/network-scripts/ifcfg-eth0 regexp="^DOMAIN=" line="DOMAIN={{ domain_name }}"
when: configure_domain_name_in_interface
tags: [ 'centos', 'bootstrap' ]
- name: Stop avahi before removing it when it is not needed
service: name=avahi-daemon state=stopped enabled=no
when: centos_remove_avahi or centos_disable_avahi
ignore_errors: True
tags: [ 'centos', 'bootstrap', 'avahi' ]
- name: Stop and disable NetworkManager when we do not need it or we are going to remove it
service: name=NetworkManager state=stopped enabled=no
when: centos_remove_networkmanager or centos_disable_networkmanager
ignore_errors: True
tags: [ 'centos', 'bootstrap', 'networkmanager' ]
- name: Remove some unneeded packages
yum: name={{ centos_packages_to_remove | default ([]) }} state=absent
when: centos_packages_cleanup
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Remove the Avahi packages
yum: name={{ centos_avahi_packages | default ([]) }} state=absent
when: centos_remove_avahi
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Remove the NetworkManager packages
yum: name={{ centos_nm_packages | default ([]) }} state=absent
when: centos_remove_networkmanager
tags: [ 'centos', 'bootstrap', 'packages' ]
- name: Disable some unneeded services
service: name= state=stopped enabled=no
with_items: '{{ centos_services_to_be_disabled }}'
when: centos_services_to_be_disabled is defined
ignore_errors: True
tags: [ 'centos', 'bootstrap', 'daemons' ]
- name: Configure selinux to permit core dumps by daemons
seboolean: name=daemons_dump_core state=yes persistent=yes
when: centos_selinux_daemons_dump_core | bool
tags: [ 'centos', 'bootstrap', 'selinux' ]
- name: Set other SELinux booleans. Optional
seboolean: name={{ item.name }} state={{ item.state }} persistent={{ item.persistent | default('yes') }}
with_items: '{{ selinux_booleans }}'
when: selinux_booleans is defined
tags: [ 'centos', 'bootstrap', 'selinux' ]
- name: Set the SELinux global policy. Defaults to Enforcing
selinux: policy={{ selinux_policy_type }} state={{ selinux_policy_state }}
tags: [ 'centos', 'bootstrap', 'selinux' ]
- name: various pub ssh keys for users and apps
authorized_key: user=root key="{{ item }}" state=present
with_items: '{{ root_ssh_keys | default([]) }}'
when: manage_root_ssh_keys
tags: root_pubkeys
- name: Remove obsolete keys from the authorized ones
authorized_key: user=root key="{{ item }}" state=absent
with_items: '{{ obsolete_root_ssh_keys | default([]) }}'
when: obsolete_root_ssh_keys is defined
tags: root_pubkeys
View Git Blame Copy Permalink