You've already forked ansible-role-common
147 lines
3.0 KiB
YAML
147 lines
3.0 KiB
YAML
---
|
|
# tasks file for common role
|
|
- name: Set Hostname
|
|
hostname: name="{{ inventory_hostname }}"
|
|
|
|
- name: Change root password
|
|
user:
|
|
name: root
|
|
password: "{{ root_pwd }}"
|
|
changed_when: false
|
|
|
|
- name: Create admin group
|
|
group: name={{ADMIN_GROUP}} state=present
|
|
|
|
- name: Ensure common packages
|
|
yum:
|
|
name: "{{item}}"
|
|
state: present
|
|
enablerepo: epel
|
|
with_items:
|
|
- libselinux-python
|
|
- ntp
|
|
- nano
|
|
- git
|
|
- htop
|
|
- atop
|
|
- wget
|
|
- bind-utils
|
|
- yum-utils
|
|
tags: packages
|
|
|
|
- name: Ensure SELinux status
|
|
selinux:
|
|
state: disabled
|
|
tags: security
|
|
|
|
- name: Configure NTPD
|
|
template:
|
|
src: ntp.conf.j2
|
|
dest: /etc/ntp.conf
|
|
tags: ntp
|
|
|
|
- name: Ensure NTPD enabled and started
|
|
service:
|
|
name: ntpd
|
|
state: started
|
|
enabled: yes
|
|
tags: ntp
|
|
|
|
- name: Ensure Hostname/DNS common config
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
mode: "{{ item.mode }}"
|
|
with_items:
|
|
- { src: etc.sysconfig.network.j2,
|
|
dest: /etc/sysconfig/network,
|
|
mode: o+rw
|
|
}
|
|
- { src: etc.hosts.j2,
|
|
dest: /etc/hosts,
|
|
mode: o=rw,g=r,a=r
|
|
}
|
|
- { src: etc.resolv.conf.j2,
|
|
dest: /etc/resolv.conf,
|
|
mode: o=rw,g=r,a=r
|
|
}
|
|
- { src: sshd_config.j2,
|
|
dest: /etc/ssh/sshd_config,
|
|
mode: o=rw
|
|
}
|
|
notify:
|
|
- Restart NTPD
|
|
- Restart SSH
|
|
tags: dns
|
|
|
|
- name: Ensure correct permissions (hosts/resolv.conf)
|
|
file:
|
|
path: "{{item}}"
|
|
state: touch
|
|
mode: o+rw,g+r,a+r
|
|
with_items:
|
|
- /etc/resolv.conf
|
|
- /etc/hosts
|
|
changed_when: false
|
|
tags: dns
|
|
|
|
- name: Configure yum
|
|
lineinfile:
|
|
dest: /etc/yum.conf
|
|
regexp: "installonly_limit="
|
|
line: "installonly_limit=2"
|
|
tags: packages
|
|
|
|
- name: Apply postfix configuration
|
|
lineinfile:
|
|
dest: "{{item.dest}}"
|
|
regexp: "{{item.regexp}}"
|
|
line: "{{item.line}}"
|
|
insertafter: EOF
|
|
notify: Restart Postfix
|
|
with_items:
|
|
- { dest: /etc/postfix/main.cf,
|
|
regexp: "inet_protocols =",
|
|
line: "inet_protocols = ipv4"
|
|
}
|
|
- { dest: /etc/postfix/main.cf,
|
|
regexp: "inet_interfaces =",
|
|
line: "inet_interfaces = all"
|
|
}
|
|
- { dest: /etc/postfix/main.cf,
|
|
regexp: "relayhost =",
|
|
line: "relayhost = {{ relayhost }}"
|
|
}
|
|
|
|
- name: Ensure Postfix is Started/Enabled
|
|
service:
|
|
name: postfix
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Ensure root forwarding address is set
|
|
lineinfile:
|
|
dest: ~/.forward
|
|
regexp: "{{ root_email }}"
|
|
line: "{{ root_email }}"
|
|
create: yes
|
|
|
|
- name: Ensure Dynamic MOTD
|
|
copy:
|
|
src: dynmotd
|
|
dest: /usr/local/bin/dynmotd
|
|
mode: a+x
|
|
|
|
|
|
- name: Configure Dynamic MOTD in profile
|
|
lineinfile:
|
|
dest: /etc/profile
|
|
regexp: "^/usr/local/bin/dynmotd"
|
|
state: absent
|
|
|
|
- name: Configure Dynamic MOTD in profile
|
|
lineinfile:
|
|
dest: /etc/profile.d/motd.sh
|
|
regexp: "^/usr/local/bin/dynmotd"
|
|
line: "/usr/local/bin/dynmotd"
|
|
create: yes |