From b8e18cdbe9e84b763a2055ecee046b3d972a9102 Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 12 Nov 2023 16:41:59 +0100 Subject: [PATCH] Switch to Rocky Linux --- roles/docker/tasks/main.yml | 31 ++++++++++++++++++------------- roles/vm-common/tasks/base.yml | 29 ++++++++++++++++++----------- 2 files changed, 36 insertions(+), 24 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index fb23d69..2356c1a 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -2,25 +2,30 @@ # code: language=ansible --- - name: Add Docker PGP key - ansible.builtin.apt_key: - keyserver: keyserver.ubuntu.com - id: '0x8D81803C0EBFCD88' + ansible.builtin.rpm_key: + key: https://download.docker.com/linux/centos/gpg + fingerprint: 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35 state: present -- name: Add Docker apt repository - ansible.builtin.apt_repository: - repo: 'deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable' - update_cache: true +- name: Add Docker repository + ansible.builtin.yum_repository: + name: docker-ce-stable + description: Docker CE Stable - $basearch + file: docker-ce + baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable + gpgkey: https://download.docker.com/linux/centos/gpg + gpgcheck: true + enabled: true state: present -- name: Install Docker - ansible.builtin.apt: - name: "{{ pkgs }}" - state: present - vars: - pkgs: +- name: Install Docker and Docker Compose + ansible.builtin.dnf: + name: - docker-ce + - docker-ce-cli - docker-compose-plugin + - containerd.io + state: present - name: Copy Docker daemon config file ansible.builtin.template: diff --git a/roles/vm-common/tasks/base.yml b/roles/vm-common/tasks/base.yml index 9e9e0dd..970b556 100644 --- a/roles/vm-common/tasks/base.yml +++ b/roles/vm-common/tasks/base.yml @@ -35,18 +35,25 @@ state: present notify: Restart systemd-resolved -- name: Ensure UFW is absent - ansible.builtin.apt: - name: ufw - state: absent +- name: Enable Security SIG repositories + ansible.builtin.dnf: + name: rocky-release-security + state: present - name: Install system packages - ansible.builtin.apt: - name: "{{ pkgs }}" - update_cache: true - state: present - vars: - pkgs: - - apparmor + ansible.builtin.dnf: + name: - haveged - firewalld + - lkrg + state: present + +- name: Ensure services are enabled and running + ansible.builtin.service: + name: "{{ item }}" + enabled: true + state: started + loop: + - haveged + - firewalld + - lkrg