Initial Commit

2016-06-29 12:34:37 +12:00
commit 0e9fd3a1fe
12 changed files with 413 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,126 @@
+---
+# tasks file for common role
+- name: Set Hostname
+  hostname: name="{{ inventory_hostname }}"
+  
+- name: Change root password
+  user: 
+    name: root 
+    password: "{{ root_pwd }}"
+  changed_when: false
+  
+- name: Create admin group
+  group: name={{ADMIN_GROUP}} state=present
+  
+- name: Ensure common packages
+  yum: 
+    name: "{{item}}"
+    state: present
+    enablerepo: epel
+  with_items: 
+    - libselinux-python
+    - ntp
+    - nano
+    - git
+    - htop
+    - atop
+    - bind-utils
+    - yum-utils
+    
+- name: Check SELinux status
+  command: /usr/sbin/getenforce
+  register: result
+  changed_when: False
+  
+- name: Disable SELinux now if enabled
+  shell: /usr/sbin/setenforce 0
+  when: result.stdout != "Disabled"
+  
+- name: Check/Set SELinux Disabled on boot
+  selinux: policy=targeted state=disabled
+  
+- name: Configure NTPD
+  template:
+    src: ntp.conf.j2
+    dest: /etc/ntp.conf
+    
+- name: Ensure NTPD enabled and started
+  service: 
+    name: ntpd
+    state: started
+    enabled: yes
+    
+- name: Ensure Hostname/DNS common config
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: etc.sysconfig.network.j2,
+        dest: /etc/sysconfig/network,
+        mode: u+rw
+      }
+    - { src: etc.hosts.j2,
+        dest: /etc/hosts,
+        mode: u=rw,g=r,o=r
+      }
+    - { src: etc.resolv.conf.j2,
+        dest: /etc/resolv.conf,
+        mode: u=rw,g=r,o=r
+      }
+    - { src: sshd_config.j2,
+        dest: /etc/ssh/sshd_config,
+        mode: u=rw
+      }
+  notify: 
+    - Restart NTPD
+    - Restart SSH
+- name: Ensure correct permissions (hosts/resolv.conf)
+  file:
+    path: "{{item}}"
+    state: touch
+    mode: u+rw,g+r,o+r
+  with_items: 
+    - /etc/resolv.conf
+    - /etc/hosts
+  changed_when: false
+  
+- name: Configure yum
+  lineinfile:
+    dest: /etc/yum.conf
+    regexp: "installonly_limit="
+    line: "installonly_limit=2"
+    
+- name: Apply postfix configuration
+  lineinfile: 
+    dest: "{{item.dest}}"
+    regexp: "{{item.regexp}}"
+    line: "{{item.line}}"
+    insertafter: EOF
+  notify: Restart Postfix
+  with_items:
+    - { dest: /etc/postfix/main.cf,
+        regexp: "inet_protocols =",
+        line: "inet_protocols = ipv4"
+      }
+    - { dest: /etc/postfix/main.cf,
+        regexp: "inet_interfaces =",
+        line: "inet_interfaces = all"
+      }
+    - { dest: /etc/postfix/main.cf,
+        regexp: "relayhost =",
+        line: "relayhost = {{ relayhost }}"
+      }
+      
+- name: Ensure Postfix is Started/Enabled
+  service:
+    name: postfix
+    state: started
+    enabled: yes
+
+- name: Ensure root forwarding address is set
+  lineinfile:
+    dest: ~/.forward
+    regexp: "{{ root_email }}"
+    line: "{{ root_email }}"
+    create: yes