redhat/almalinux

files/fedora40.repo

@@ -0,0 +1,8 @@
+[fedora40]
+name=Fedora 40 - \$basearch
+baseurl=https://download.fedoraproject.org/pub/fedora/linux/releases/40/Everything/\$basearch/os/
+enabled=0
+#gpgcheck=1
+gpgcheck=0
+#gpgkey=https://getfedora.org/static/fedora.gpg
+gpgkey=https://fedoraproject.org/fedora.gpg

tasks/debian.yml

@@ -212,6 +212,7 @@
       - ifupdown
       - mosh
       - python3-redis
+      - acl
     state: present
 
 - name: install packages for debian0-11 ubuntu20

tasks/main.yml

@@ -18,7 +18,7 @@
 
 - name: include redhat specific
   include_tasks: redhat.yml
-  when: ansible_distribution == "RedHat"
+  when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
 
 ##############################################################################
 
@@ -39,46 +39,80 @@
     state: absent
     key: "{{ mgmt_ssh_key }}"
 
-- name: find ntp.conf
-  tags: ntp
-  command: "find /etc -name ntp.conf"
-  register: find_ntpconf
-
-- name: set ntpconf variable
-  set_fact:
-    ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"
-
-- name: ntp.conf remove factory ntp servers
-  tags: ntp
-  lineinfile:
-    dest: "{{ ntpconf }}"
-    regexp: '^(pool|server)\s'
-    state: absent
-
-- name: ntp.conf set ntp server
-  tags: ntp
-  lineinfile:
-    dest: "{{ ntpconf }}"
-    regexp: '^(pool|server)\s'
-    line: "server {{ ntp }} iburst"
-    insertafter: '^# pool:'
-
-- name: ntp.conf remove limited, debian9-99 ubuntu20-99
-  tags: ntp
-  replace:
-    path: "{{ ntpconf }}"
-    regexp: "noquery limited"
-    replace: "noquery"
+- name: ntpd configuration
   when:
-    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
-      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
+    - ansible_distribution == "Debian" or
+      ansible_distribution == "Ubuntu" or
+      (ansible_distribution == "RedHat" and ansible_distribution_major_version|int() == 9) or
+      (ansible_distribution == "AlmaLinux" and ansible_distribution_major_version|int() == 9)
+  block:
+    - name: find ntp.conf
+      tags: ntp
+      command: "find /etc -name ntp.conf"
+      register: find_ntpconf
 
-- name: ntp.conf set minsane 1
-  tags: ntp
-  replace:
-    path: "{{ ntpconf }}"
-    regexp: "minsane \\d+"
-    replace: "minsane 1"
+    - name: set ntpconf variable
+      set_fact:
+        ntpconf: "{{ find_ntpconf.stdout_lines[0] }}"
+
+    - name: ntp.conf remove factory ntp servers
+      tags: ntp
+      lineinfile:
+        dest: "{{ ntpconf }}"
+        regexp: '^(pool|server)\s'
+        state: absent
+
+    - name: ntp.conf set ntp server
+      tags: ntp
+      lineinfile:
+        dest: "{{ ntpconf }}"
+        regexp: '^(pool|server)\s'
+        line: "server {{ ntp }} iburst"
+        insertafter: '^# pool:'
+
+    - name: ntp.conf remove limited, debian9-99 ubuntu20-99
+      tags: ntp
+      replace:
+        path: "{{ ntpconf }}"
+        regexp: "noquery limited"
+        replace: "noquery"
+      when:
+        - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or
+          (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
+
+    - name: ntp.conf set minsane 1
+      tags: ntp
+      replace:
+        path: "{{ ntpconf }}"
+        regexp: "minsane \\d+"
+        replace: "minsane 1"
+
+- name: chrony configuration
+  when:
+    - ansible_distribution == "RedHat" and ansible_distribution_major_version|int() >= 10
+  block:
+    - name: chrony.conf remove factory ntp servers
+      tags: ntp
+      lineinfile:
+        dest: /etc/chrony.conf
+        regexp: '^(pool|server|sourcedir)\s'
+        state: absent
+
+    - name: chrony.conf set ntp server
+      tags: ntp
+      lineinfile:
+        dest: /etc/chrony.conf
+        regexp: '^(pool|server)\s'
+        line: "server {{ ntp }} iburst"
+        insertafter: '^# Please consider'
+
+    - name: chrony.conf set allow
+      tags: ntp
+      lineinfile:
+        dest: /etc/chrony.conf
+        regexp: '^allow\s'
+        line: "allow all"
+        insertafter: '^#allow'
 
 - name: postfix master.cf debian8
   tags: postfix
@@ -129,7 +163,7 @@
     src: postfix_master.cf.patch.redhat9
     dest: /etc/postfix/master.cf
   when:
-    - ansible_distribution == "RedHat"
+    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
 
 - name: enable postfix service on redhat
   tags: postfix
@@ -137,7 +171,7 @@
     name: postfix
     enabled: yes
   when:
-    - ansible_distribution == "RedHat"
+    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
 
 - name: postfix inet_protocols ipv4 (redhat)
   tags: postfix
@@ -146,7 +180,7 @@
     regexp: '^inet_protocols\s'
     line: "inet_protocols = ipv4"
   when:
-    - ansible_distribution == "RedHat"
+    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
 
 - name: postfix myhostname (redhat)
   tags: postfix
@@ -155,7 +189,7 @@
     regexp: '^myhostname\s'
     line: "myhostname = {{ hostname }}.{{ domain }}"
   when:
-    - ansible_distribution == "RedHat"
+    - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
 
 - name: postfix relayhost
   tags: postfix

tasks/redhat.yml

@@ -35,39 +35,107 @@
       - perl-JSON
       - perl-English
       - net-tools
-      - mlocate
       - glibc-langpack-hu
       - setools-console
       - setroubleshoot-server
+      - acl
     state: present
+  retries: 3
+  delay: 15
 
-- name: subscription-manager repo change for epel install
-  tags: dnf
-  shell: "subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms"
-
-- name: install epel-release
-  tags: dnf
-  dnf:
-    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
-    disable_gpg_check: yes
-
-- name: install packages, 2nd round
+- name: install packages for rhel9
+  tags: dnf
+  dnf:
+    name: 
+      - mlocate
+    state: present
+  retries: 3
+  delay: 15
+  when: "ansible_distribution_major_version|int() == 9"
+
+- name: install packages for rhel10-99
+  tags: dnf
+  dnf:
+    name: 
+      - plocate
+    state: present
+  retries: 3
+  delay: 15
+  when: "ansible_distribution_major_version|int() >= 10"
+
+- name: subscription-manager repo change for epel install
+  tags: dnf
+  shell: "subscription-manager repos --enable codeready-builder-for-rhel-{{ ansible_distribution_major_version }}-$(arch)-rpms"
+  when: ansible_distribution == "RedHat"
+
+- name: install epel-release on redhat
+  tags: dnf
+  dnf:
+    name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
+    disable_gpg_check: yes
+  when: ansible_distribution == "RedHat"
+  retries: 3
+  delay: 15
+
+- name: install epel-release on alma
+  tags: dnf
+  dnf:
+    name: epel-release
+  when: ansible_distribution == "AlmaLinux"
+
+- name: install packages, 2nd round, rhel9
   tags: dnf
   dnf:
     name: 
-      - ntpsec
       - ngrep
-      - pwgen
       - screen
       - mosh
+      - ntpsec
+      - pwgen
       - w3m
       - prename
       - python3-redis
+  retries: 3
+  delay: 15
+  when: "ansible_distribution_major_version|int() == 9"
+
+- name: install packages, 2nd round, rhel10-99
+  tags: dnf
+  dnf:
+    name: 
+      - ngrep
+      - screen
+      - mosh
+      - python3-redis
+      - chrony
+  retries: 3
+  delay: 15
+  when: "ansible_distribution_major_version|int() >= 10"
+
+- name: setup fedora40 repo, rhel10
+  copy:
+    src: fedora40.repo
+    dest: /etc/yum.repos.d/fedora40.repo
+  when:
+    - ansible_distribution == "RedHat"
+    - ansible_distribution_major_version|int() == 10
+
+- name: install package from fedora40 repo, rhel10
+  tags: dnf
+  dnf:
+    name: 
+      - pwgen
+      - prename
+    enablerepo: fedora40
+  retries: 4
+  delay: 30
+  when: "ansible_distribution_major_version|int() == 10"
 
 - name: enable ntpd service
   systemd_service:
     name: ntpd
     enabled: true
+  when: "ansible_distribution_major_version|int() == 9"
 
 - name: remove motd.d/insights-client
   file: