lab-ansible/roles/vm-common/tasks/base.yml

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostname }}"

- name: Set timezone
  community.general.timezone:
    name: "{{ timezone }}"

- name: Copy hosts file
  ansible.builtin.template:
    src: etc/hosts.j2
    dest: /etc/hosts
    owner: root
    mode: u=rw,g=r,o=r

- name: Disable systemd-resolved stub resolver
  when: hostname in groups['control_infra']
  block:
    - name: Set /etc/resolv.conf symlink
      ansible.builtin.file:
        path: /etc/resolv.conf
        src: /run/systemd/resolve/resolv.conf
        owner: root
        force: true
        state: link

    - name: Set DNSStubListener=no
      ansible.builtin.lineinfile:
        path: /etc/systemd/resolved.conf
        regexp: '^#?DNSStubListener='
        line: 'DNSStubListener=no'
        state: present
      notify: Restart systemd-resolved

- name: Enable Security SIG repositories
  ansible.builtin.dnf:
    name: rocky-release-security
    state: present

- name: Install system packages
  ansible.builtin.dnf:
    name:
      - haveged
      - firewalld
      - lkrg
    state: present

- name: Ensure services are enabled and running
  ansible.builtin.service:
    name: "{{ item }}"
    enabled: true
    state: started
  loop:
    - haveged
    - firewalld
    - lkrg
Initial commit 2023-10-28 23:00:05 +00:00			`# vim: ft=yaml.ansible`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`# code: language=ansible`
Initial commit 2023-10-28 23:00:05 +00:00			`---`
			`- name: Set hostname`
			`ansible.builtin.hostname:`
			`name: "{{ hostname }}"`

			`- name: Set timezone`
			`community.general.timezone:`
			`name: "{{ timezone }}"`

Add hosts file 2023-11-05 18:27:30 +00:00			`- name: Copy hosts file`
			`ansible.builtin.template:`
			`src: etc/hosts.j2`
			`dest: /etc/hosts`
			`owner: root`
			`mode: u=rw,g=r,o=r`

Initial commit 2023-10-28 23:00:05 +00:00			`- name: Disable systemd-resolved stub resolver`
Only disable stub resolver for control machines 2023-11-07 21:25:43 +00:00			`when: hostname in groups['control_infra']`
			`block:`
			`- name: Set /etc/resolv.conf symlink`
			`ansible.builtin.file:`
			`path: /etc/resolv.conf`
			`src: /run/systemd/resolve/resolv.conf`
			`owner: root`
			`force: true`
			`state: link`

Add initial nginx configuration 2023-11-08 21:30:41 +00:00			`- name: Set DNSStubListener=no`
Only disable stub resolver for control machines 2023-11-07 21:25:43 +00:00			`ansible.builtin.lineinfile:`
			`path: /etc/systemd/resolved.conf`
			`regexp: '^#?DNSStubListener='`
			`line: 'DNSStubListener=no'`
			`state: present`
			`notify: Restart systemd-resolved`
Initial commit 2023-10-28 23:00:05 +00:00
Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`- name: Enable Security SIG repositories`
			`ansible.builtin.dnf:`
			`name: rocky-release-security`
			`state: present`
Switch to firewalld as it's compatible with Docker 2023-11-11 18:11:14 +00:00
			`- name: Install system packages`
Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`ansible.builtin.dnf:`
			`name:`
Initial commit 2023-10-28 23:00:05 +00:00			`- haveged`
Switch to firewalld as it's compatible with Docker 2023-11-11 18:11:14 +00:00			`- firewalld`
Switch to Rocky Linux 2023-11-12 15:41:59 +00:00			`- lkrg`
			`state: present`

			`- name: Ensure services are enabled and running`
			`ansible.builtin.service:`
			`name: "{{ item }}"`
			`enabled: true`
			`state: started`
			`loop:`
			`- haveged`
			`- firewalld`
			`- lkrg`