Externalize role

files/hosts.allow

@@ -0,0 +1,33 @@
+#
+# hosts.allow	This file contains access rules which are used to
+#		allow or deny connections to network services that
+#		either use the tcp_wrappers library or that have been
+#		started through a tcp_wrappers-enabled xinetd.
+#
+#		See 'man 5 hosts_options' and 'man 5 hosts_access'
+#		for information on rule syntax.
+#		See 'man tcpd' for information on tcp_wrappers
+#
+sshd:ALL
+
+# Pour NFS
+#portmap:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0
+#lockd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0
+#mountd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0
+#rquotad:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0
+#statd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0
+
+# Pour Saned
+#sane:172.16.0.0/255.255.255.0
+
+# Pour ProFTPd
+#in.ftpd:ALL
+
+# Pour le tftp
+#in.tftpd:172.16.0.0/255.255.255.0 192.168.1.1
+
+# Pour VMware
+#vmware-authd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0
+
+# Pour SNMP
+#snmpd:172.16.0.0/255.255.255.0 172.16.2.0/255.255.255.0 172.16.255.0/255.255.255.0

files/hosts.deny

@@ -0,0 +1,14 @@
+#
+# hosts.deny	This file contains access rules which are used to
+#		deny connections to network services that either use
+#		the tcp_wrappers library or that have been
+#		started through a tcp_wrappers-enabled xinetd.
+#
+#		The rules in this file can also be set up in
+#		/etc/hosts.allow with a 'deny' option instead.
+#
+#		See 'man 5 hosts_options' and 'man 5 hosts_access'
+#		for information on rule syntax.
+#		See 'man tcpd' for information on tcp_wrappers
+#
+ALL:ALL EXCEPT 127.0.0.1:DENY

tasks/main.yml

@@ -0,0 +1,56 @@
+---
+- name: Include vars for {{ ansible_os_family }}
+  include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install repo definition packages for {{ ansible_os_family }}
+  package: name="{{ item }}" update_cache=yes state=latest
+  with_items:
+    - epel-release
+
+- name: Install base packages for {{ ansible_os_family }}
+  package: name="{{ base_packages }}" update_cache=yes state=latest
+
+- name: echo 'LANG="{{ locale }}"' > /etc/locale.conf
+  template: src=locale.conf.j2 dest=/etc/locale.conf owner=root group=root mode=0644
+
+# ln -sf ../usr/share/zoneinfo/Europe/Paris /etc/localtime
+- name: timedatectl set-timezone "{{ timezone }}"; timedatectl set-local-rtc no
+  timezone: name={{ timezone }} hwclock=UTC
+
+# echo UTC >> /etc/adjtime
+
+#cat /etc/adjtime
+#0.0 0 0.0
+#0
+#UTC
+
+- name: upgrade all packages
+  package: name=* update_cache=yes state=latest
+
+- name: Install install_pxe.sh script
+  copy: src=usr/local/sbin/install_pxe.sh dest=/usr/local/sbin/install_pxe.sh owner=root group=root mode=0755
+
+- name: Enable rngd service
+  service: name=rngd state=started enabled=yes
+- name: Ensure rngd service is started
+  service: name=rngd state=started
+
+- name: Compress logs
+  replace: path=/etc/logrotate.conf regexp='^#compress' replace='compress'
+
+- name: Verify if hosts.deny TCP_Wrappers file exists
+  stat: path="/etc/hosts.deny"
+  register: hostsdeny
+- name: Verify if hosts.allow TCP_Wrappers file exists
+  stat: path="/etc/hosts.allow"
+  register: hostsallow
+
+- name: Install hosts.deny TCP_Wrappers file
+  copy: src="hosts.deny" dest="/etc/hosts.deny" owner=root group=root mode=0644
+  when:
+    - not hostsdeny.stat.exists
+- name: Install hosts.allow TCP_Wrappers file
+  copy: src="hosts.allow" dest="/etc/hosts.allow" owner=root group=root mode=0644
+  when:
+    - not hostsallow.stat.exists
+

templates/locale.conf.j2

@@ -0,0 +1,5 @@
+{% if locale is defined %}
+LANG="{{ locale }}"
+{% else %}
+LANG="en_US.UTF-8"
+{% endif %}

vars/RedHat.yml

@@ -0,0 +1,15 @@
+---
+base_packages:
+  - "@core"
+  - tcp_wrappers
+  - NetworkManager-config-server
+#  - aide
+  - chrony
+#  - libcap-ng-utils
+  - rng-tools
+  - usbutils
+  - pigz
+  - pxz
+  - patch
+  - bash-completion
+  - libselinux-python