cybercinch/ansible-role-common
1
0
Fork 0
Code Issues Pull Requests Actions Releases 10 Activity

Refactored to individual files by function

Browse Source
This commit is contained in:
Aaron Guise
2016-11-17 13:41:44 +13:00
parent a1ac1de7e2
commit 2111038879
4 changed files with 142 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
tasks/RedHat.yml
View File

@@ -1,164 +1,28 @@
--- ---
# tasks file for common role # tasks file for common role
- name: Create admin group
group: name={{ADMIN_GROUP}} state=present
- name: Ensure common packages
yum:
name: "{{item}}"
state: present
enablerepo: epel
with_items:
- libselinux-python
- MySQL-python
- ntp
- nano
- git
- htop
- atop
- wget
- bind-utils
- yum-utils
- unzip
tags: packages
- name: Ensure SELinux status - name: Ensure SELinux status
selinux: selinux:
state: disabled state: disabled
tags: security tags: security
- name: Ensure DNS and SSH common config - name: Create admin group
template: group: name={{ADMIN_GROUP}} state=present
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
with_items:
- { src: etc.sysconfig.network.j2,
dest: /etc/sysconfig/network,
mode: u+rw,a+r
}
- { src: etc.resolv.conf.j2,
dest: /etc/resolv.conf,
mode: u+rw,a+r
}
- { src: sshd_config.j2,
dest: /etc/ssh/sshd_config,
mode: u+rw,a+r
}
notify:
- Restart SSH
tags: dns
- name: Ensure NetworkManager does not fiddle DNS - name: Configure yum limit
ini_file:
dest: /etc/NetworkManager/NetworkManager.conf
section: "main"
option: "dns"
value: "none"
backup: yes
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
notify:
- restart NetworkManager
- name: Ensure hosts file correct
lineinfile:
dest: /etc/hosts
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
backup: yes
with_items:
- {regexp: "^127.0.0.1.+localdomain4$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {regexp: "^::1.+localdomain6$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
}
- {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
}
- name: Ensure correct permissions (hosts/resolv.conf)
file:
path: "{{item}}"
state: touch
mode: u+rw,g+r,a+r
with_items:
- /etc/resolv.conf
- /etc/hosts
changed_when: false
tags: dns
- name: Configure yum
lineinfile: lineinfile:
dest: /etc/yum.conf dest: /etc/yum.conf
regexp: "installonly_limit=" regexp: "installonly_limit="
line: "installonly_limit=2" line: "installonly_limit=2"
tags: packages tags: packages
- name: Apply postfix configuration - name: Ensure common packages
lineinfile: yum:
dest: "{{item.dest}}" name: "{{item}}"
regexp: "{{item.regexp}}" state: present
line: "{{item.line}}" enablerepo: epel
insertafter: EOF with_items: "{{ common_packages }}"
notify: Restart Postfix tags: packages
with_items:
- { dest: /etc/postfix/main.cf,
regexp: "inet_protocols =",
line: "inet_protocols = ipv4"
}
- { dest: /etc/postfix/main.cf,
regexp: "inet_interfaces =",
line: "inet_interfaces = all"
}
- { dest: /etc/postfix/main.cf,
regexp: "relayhost =",
line: "relayhost = {{ relayhost }}"
}
- name: Ensure Postfix is Started/Enabled
service:
name: postfix
state: started
enabled: yes
- name: Ensure root forwarding address is set
lineinfile:
dest: ~/.forward
regexp: "{{ root_email }}"
line: "{{ root_email }}"
create: yes
- name: Ensure Dynamic MOTD Script is in place
copy:
src: dynmotd
dest: /usr/local/bin/dynmotd
mode: a+x
- name: Remove Dynamic MOTD in profile
lineinfile:
dest: /etc/profile
regexp: "^/usr/local/bin/dynmotd"
state: absent
- name: Configure Dynamic MOTD in profile.d
lineinfile:
dest: /etc/profile.d/motd.sh
regexp: "^/usr/local/bin/dynmotd"
line: "/usr/local/bin/dynmotd"
create: yes
- name: Ensure Hostname is set - name: Ensure Hostname is set
hostname: hostname:
@@ -169,3 +33,7 @@
name: root name: root
password: "{{ root_pwd }}" password: "{{ root_pwd }}"
changed_when: false changed_when: false
include: communication.yml
include: networking.yml
include: motd.yml

34
tasks/communication.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: Apply postfix configuration
lineinfile:
dest: "{{item.dest}}"
regexp: "{{item.regexp}}"
line: "{{item.line}}"
insertafter: EOF
notify: Restart Postfix
with_items:
- { dest: /etc/postfix/main.cf,
regexp: "inet_protocols =",
line: "inet_protocols = ipv4"
}
- { dest: /etc/postfix/main.cf,
regexp: "inet_interfaces =",
line: "inet_interfaces = all"
}
- { dest: /etc/postfix/main.cf,
regexp: "relayhost =",
line: "relayhost = {{ relayhost }}"
}
- name: Ensure Postfix is Started/Enabled
service:
name: postfix
state: started
enabled: yes
- name: Ensure root forwarding address is set
lineinfile:
dest: ~/.forward
regexp: "{{ root_email }}"
line: "{{ root_email }}"
create: yes

19
tasks/motd.yml Normal file
View File

@@ -0,0 +1,19 @@
---
- name: Ensure Dynamic MOTD Script is in place
copy:
src: dynmotd
dest: /usr/local/bin/dynmotd
mode: a+x
- name: Remove Dynamic MOTD in profile if present
lineinfile:
dest: /etc/profile
regexp: "^/usr/local/bin/dynmotd"
state: absent
- name: Configure Dynamic MOTD in profile.d
lineinfile:
dest: /etc/profile.d/motd.sh
regexp: "^/usr/local/bin/dynmotd"
line: "/usr/local/bin/dynmotd"
create: yes

72
tasks/networking.yml Normal file
View File

@@ -0,0 +1,72 @@
---
- name: Ensure DNS and SSH common config
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
with_items:
- { src: etc.sysconfig.network.j2,
dest: /etc/sysconfig/network,
mode: u+rw,a+r
}
- { src: etc.resolv.conf.j2,
dest: /etc/resolv.conf,
mode: u+rw,a+r
}
- { src: sshd_config.j2,
dest: /etc/ssh/sshd_config,
mode: u+rw,a+r
}
notify:
- Restart SSH
tags: dns
- name: Ensure hosts file correct
lineinfile:
dest: /etc/hosts
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
backrefs: yes
backup: yes
with_items:
- {regexp: "^127.0.0.1.+localdomain4$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {regexp: "^::1.+localdomain6$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_default_ipv4.address.split('.')[-1] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
}
- {regexp: "^127.0.0.1.+{{ ansible_nodename.split('.')[0] }}$",
line: "127.0.0.1 localhost {{ inventory_hostname }}"
}
- {regexp: "^::1.+{{ ansible_nodename.split('.')[0] }}$",
line: "::1 localhost {{ inventory_hostname }}"
}
- {regexp: "^{{ ansible_default_ipv4.address }}.*{{ ansible_nodename.split('.')[0] }}$",
line: "{{ ansible_default_ipv4.address }} {{ inventory_hostname }}.{{ domain }} {{ inventory_hostname }}"
}
- name: Ensure NetworkManager does not fiddle DNS
ini_file:
dest: /etc/NetworkManager/NetworkManager.conf
section: "main"
option: "dns"
value: "none"
backup: yes
when: (ansible_os_family == "RedHat" and ansible_distribution_major_version == "7")
notify:
- restart NetworkManager
- name: Ensure correct permissions (hosts/resolv.conf)
file:
path: "{{item}}"
state: touch
mode: u+rw,g+r,a+r
with_items:
- /etc/resolv.conf
- /etc/hosts
changed_when: false
tags: dns