lab-ansible/roles/virt-common/tasks/main.yml

107 lines
2.1 KiB
YAML
Raw Normal View History

2023-11-25 17:40:00 +00:00
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Copy hosts file
ansible.builtin.template:
src: hosts.j2
dest: /etc/hosts
owner: root
mode: u=rw,g=r,o=r
2023-12-29 16:43:18 +00:00
- name: Copy MOTD file
ansible.builtin.template:
src: motd.j2
dest: /etc/motd.d/10-ansible
owner: root
mode: u=rw,g=r,o=r
2023-11-25 17:40:00 +00:00
- name: Add users
ansible.builtin.user:
name: "{{ item.name }}"
comment: "{{ item.comment }}"
groups: "{{ item.groups }}"
shell: /bin/bash
state: present
loop: "{{ users }}"
- name: Add SSH keys to users
ansible.posix.authorized_key:
user: "{{ item.name }}"
key: "{{ item.ssh_keys | join('\n') }}"
exclusive: true
loop: "{{ users }}"
- name: Allow passwordless sudo
community.general.sudoers:
name: passwordless
2023-12-24 23:58:55 +00:00
group: wheel
2023-11-25 17:40:00 +00:00
host: ALL
commands: ALL
nopassword: true
state: present
- name: Copy sshd_config
ansible.builtin.copy:
src: sshd_config
dest: /etc/ssh/sshd_config
owner: root
mode: u=rw,g=r,o=r
validate: /usr/sbin/sshd -t -f %s
notify: Restart sshd
- name: Enable extra repositories
ansible.builtin.dnf:
name:
- epel-release
- rocky-release-security
state: present
2023-12-28 17:33:05 +00:00
notify: Upgrade system packages
2023-11-25 17:40:00 +00:00
- name: Install system packages
ansible.builtin.dnf:
name:
2023-12-28 15:30:11 +00:00
- bind-utils
2023-11-25 17:40:00 +00:00
- firewalld
- htop
- jq
- logrotate
2023-12-28 17:33:05 +00:00
- lsof
- microcode_ctl
2023-11-25 17:40:00 +00:00
- mtr
- rsyslog
2023-12-28 15:30:11 +00:00
- telnet
2023-12-24 20:37:05 +00:00
- vim
2023-11-25 17:40:00 +00:00
update_cache: true
state: present
- name: Ensure services are enabled and running
ansible.builtin.service:
name: "{{ item }}"
enabled: true
state: started
loop:
- firewalld
- rsyslog
2023-12-31 22:02:14 +00:00
- name: Packages for KVM instances
2023-11-25 17:40:00 +00:00
when: virt_type == 'kvm'
block:
2023-12-31 22:02:14 +00:00
- name: Install haveged and LKRG packages
2023-11-25 17:40:00 +00:00
ansible.builtin.dnf:
2023-12-31 22:02:14 +00:00
name:
- haveged
- lkrg
2023-11-25 17:40:00 +00:00
state: present
2023-12-31 22:02:14 +00:00
- name: Ensure haveged and LKRG are enabled and running
2023-11-25 17:40:00 +00:00
ansible.builtin.service:
2023-12-31 22:02:14 +00:00
name: "{{ item }}"
2023-11-25 17:40:00 +00:00
enabled: true
state: started
2023-12-31 22:02:14 +00:00
loop:
- haveged
- lkrg
2023-11-25 17:40:00 +00:00
- name: Configure firewall
ansible.builtin.import_tasks: firewall.yml