adrien/ansible-role-base
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
ansible-role-base/tasks/main.yml
Adrien Reslinger 82bdb9a37d
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Details
Update ansible code
2022-08-16 14:55:44 +02:00

216 lines
6 KiB
YAML
Raw Blame History

---
- block:
- name: Include vars for {{ ansible_os_family }}
ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
- name: Change /bin/sh link on Ubuntu
ansible.builtin.file:
src: "bash"
dest: "/bin/sh"
owner: root
group: root
state: link
when:
- "ansible_distribution == 'Ubuntu'"
- name: Install EPEL repo definition packages for {{ ansible_os_family }} on x86_64 and aarch64 plateform
ansible.builtin.package:
name: "{{ item }}"
update_cache: true
state: present
with_items:
- epel-release
when:
- ansible_os_family == "RedHat"
- not ansible_distribution == "OracleLinux"
- not ansible_machine == "armv7l"
- not ansible_machine == "armv6l"
- name: Install EPEL repo definition packages for OracleLinux on x86_64 and aarch64 plateform
ansible.builtin.package:
name: "{{ item }}"
update_cache: true
state: present
with_items:
- oracle-epel-release-el8
when:
- ansible_distribution == "OracleLinux"
- not ansible_machine == "armv7l"
- not ansible_machine == "armv6l"
- name: Install EPEL repo definition for {{ ansible_os_family }} on ARM 32b plateform
ansible.builtin.template:
src: etc/yum.repos.d/epel_arm.repo.j2
dest: /etc/yum.repos.d/epel.repo
owner: root
group: root
mode: 0644
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == '7'
- ansible_machine == "armv7l"
# or ansible_machine == "armv6l"
- name: Install base packages for {{ ansible_os_family }}
ansible.builtin.package:
name: "{{ base_packages }}"
update_cache: true
state: present
- name: echo 'LANG="{{ locale }}"' > /etc/locale.conf
ansible.builtin.template:
src: locale.conf.j2
dest: /etc/locale.conf
owner: root
group: root
mode: 0644
# ln -sf ../usr/share/zoneinfo/Europe/Paris /etc/localtime
- name: timedatectl set-timezone "{{ timezone }}"; timedatectl set-local-rtc no
timezone:
name: "{{ timezone }}"
hwclock: UTC
# echo UTC >> /etc/adjtime
# cat /etc/adjtime
# 0.0 0 0.0
# 0
# UTC
- name: "Configure auto update for RHEL 7 linux family"
ansible.builtin.template:
src: etc/yum/yum-cron.conf.j2
dest: /etc/yum/yum-cron.conf
owner: root
group: root
mode: 0644
when:
- base_autoupdate | bool
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == '7'
- name: "Configure auto update for RHEL 8/9 linux family"
ansible.builtin.template:
src: etc/dnf/automatic.conf.j2
dest: /etc/dnf/automatic.conf
owner: root
group: root
mode: 0644
when:
- base_autoupdate | bool
- ansible_os_family == "RedHat"
- ansible_distribution_major_version >= '8'
- name: enable a timer for dnf-automatic for RHEL 8 linux family
ansible.builtin.systemd:
name: dnf-automatic.timer
state: started
enabled: true
when:
- base_autoupdate | bool
- ansible_os_family == "RedHat"
- ansible_distribution_major_version >= '8'
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/managing_monitoring_and_updating_the_kernel/index#applying-patches-with-kernel-live-patching_managing-monitoring-and-updating-the-kernel
- name: Install kpatch packages on RedHat Enterprise Linux 8/9
ansible.builtin.package:
name:
- kpatch
- kpatch-dnf
- kpatch-patch
- "kpatch-patch = {{ ansible_kernel }}"
update_cache: true
state: present
when:
- base_autoupdate | bool
- ansible_distribution == "RedHat"
- ansible_distribution_major_version >= '8'
- name: "Configure kernel auto update for RedHat Enterprise Linux 8/9"
ansible.builtin.copy:
src: etc/dnf/plugins/kpatch.conf
dest: /etc/dnf/plugins/kpatch.conf
owner: root
group: root
mode: 0644
when:
- base_autoupdate | bool
- ansible_distribution == "RedHat"
- ansible_distribution_major_version >= '8'
- name: enable kernel auto update for RHEL 8/9 linux family
ansible.builtin.systemd:
name: kpatch.service
state: started
enabled: true
when:
- base_autoupdate | bool
- ansible_distribution == "RedHat"
- ansible_distribution_major_version >= '8'
# - name: upgrade all packages
# ansible.builtin.package:
# name: "*"
# update_cache: true
# state: latest
- name: Install install_pxe.sh script
ansible.builtin.copy:
src: usr/local/sbin/install_pxe.sh
dest: /usr/local/sbin/install_pxe.sh
owner: root
group: root
mode: 0755
- name: Enable rngd service
ansible.builtin.service:
name: rngd
state: started
enabled: true
- name: Ensure rngd service is started
ansible.builtin.service:
name: rngd
state: started
- name: Compress logs
ansible.builtin.replace:
path: /etc/logrotate.conf
regexp: '^#compress'
replace: 'compress'
- block:
- name: Verify if hosts.deny TCP_Wrappers file exists
ansible.builtin.stat:
path: "/etc/hosts.deny"
register: hostsdeny
check_mode: false
- name: Verify if hosts.allow TCP_Wrappers file exists
ansible.builtin.stat:
path: "/etc/hosts.allow"
register: hostsallow
check_mode: false
- name: Install hosts.deny TCP_Wrappers file
ansible.builtin.copy:
src: "hosts.deny"
dest: "/etc/hosts.deny"
owner: root
group: root
mode: 0644
when:
- not hostsdeny.stat.exists
- name: Install hosts.allow TCP_Wrappers file
ansible.builtin.copy:
src: "hosts.allow"
dest: "/etc/hosts.allow"
owner: root
group: root
mode: 0644
when:
- not hostsallow.stat.exists
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version < '9'
tags:
- base
Reference in a new issue View git blame Copy permalink