From 616f1fdfa1ba625132733aff986c2a8e14e3d5eb Mon Sep 17 00:00:00 2001 From: Rottler Tamas Date: Sun, 16 Nov 2025 16:10:03 +0100 Subject: [PATCH] redhat/almalinux --- files/fedora40.repo | 8 +++ tasks/debian.yml | 1 + tasks/main.yml | 120 ++++++++++++++++++++++++++++---------------- tasks/redhat.yml | 96 +++++++++++++++++++++++++++++------ 4 files changed, 168 insertions(+), 57 deletions(-) create mode 100644 files/fedora40.repo diff --git a/files/fedora40.repo b/files/fedora40.repo new file mode 100644 index 0000000..86ef3b1 --- /dev/null +++ b/files/fedora40.repo @@ -0,0 +1,8 @@ +[fedora40] +name=Fedora 40 - \$basearch +baseurl=https://download.fedoraproject.org/pub/fedora/linux/releases/40/Everything/\$basearch/os/ +enabled=0 +#gpgcheck=1 +gpgcheck=0 +#gpgkey=https://getfedora.org/static/fedora.gpg +gpgkey=https://fedoraproject.org/fedora.gpg diff --git a/tasks/debian.yml b/tasks/debian.yml index 9281a51..c54012d 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -212,6 +212,7 @@ - ifupdown - mosh - python3-redis + - acl state: present - name: install packages for debian0-11 ubuntu20 diff --git a/tasks/main.yml b/tasks/main.yml index 0db1332..21282ac 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -18,7 +18,7 @@ - name: include redhat specific include_tasks: redhat.yml - when: ansible_distribution == "RedHat" + when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" ############################################################################## @@ -39,46 +39,80 @@ state: absent key: "{{ mgmt_ssh_key }}" -- name: find ntp.conf - tags: ntp - command: "find /etc -name ntp.conf" - register: find_ntpconf - -- name: set ntpconf variable - set_fact: - ntpconf: "{{ find_ntpconf.stdout_lines[0] }}" - -- name: ntp.conf remove factory ntp servers - tags: ntp - lineinfile: - dest: "{{ ntpconf }}" - regexp: '^(pool|server)\s' - state: absent - -- name: ntp.conf set ntp server - tags: ntp - lineinfile: - dest: "{{ ntpconf }}" - regexp: '^(pool|server)\s' - line: "server {{ ntp }} iburst" - insertafter: '^# pool:' - -- name: ntp.conf remove limited, debian9-99 ubuntu20-99 - tags: ntp - replace: - path: "{{ ntpconf }}" - regexp: "noquery limited" - replace: "noquery" +- name: ntpd configuration when: - - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or - (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) + - ansible_distribution == "Debian" or + ansible_distribution == "Ubuntu" or + (ansible_distribution == "RedHat" and ansible_distribution_major_version|int() == 9) or + (ansible_distribution == "AlmaLinux" and ansible_distribution_major_version|int() == 9) + block: + - name: find ntp.conf + tags: ntp + command: "find /etc -name ntp.conf" + register: find_ntpconf -- name: ntp.conf set minsane 1 - tags: ntp - replace: - path: "{{ ntpconf }}" - regexp: "minsane \\d+" - replace: "minsane 1" + - name: set ntpconf variable + set_fact: + ntpconf: "{{ find_ntpconf.stdout_lines[0] }}" + + - name: ntp.conf remove factory ntp servers + tags: ntp + lineinfile: + dest: "{{ ntpconf }}" + regexp: '^(pool|server)\s' + state: absent + + - name: ntp.conf set ntp server + tags: ntp + lineinfile: + dest: "{{ ntpconf }}" + regexp: '^(pool|server)\s' + line: "server {{ ntp }} iburst" + insertafter: '^# pool:' + + - name: ntp.conf remove limited, debian9-99 ubuntu20-99 + tags: ntp + replace: + path: "{{ ntpconf }}" + regexp: "noquery limited" + replace: "noquery" + when: + - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 9) or + (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) + + - name: ntp.conf set minsane 1 + tags: ntp + replace: + path: "{{ ntpconf }}" + regexp: "minsane \\d+" + replace: "minsane 1" + +- name: chrony configuration + when: + - ansible_distribution == "RedHat" and ansible_distribution_major_version|int() >= 10 + block: + - name: chrony.conf remove factory ntp servers + tags: ntp + lineinfile: + dest: /etc/chrony.conf + regexp: '^(pool|server|sourcedir)\s' + state: absent + + - name: chrony.conf set ntp server + tags: ntp + lineinfile: + dest: /etc/chrony.conf + regexp: '^(pool|server)\s' + line: "server {{ ntp }} iburst" + insertafter: '^# Please consider' + + - name: chrony.conf set allow + tags: ntp + lineinfile: + dest: /etc/chrony.conf + regexp: '^allow\s' + line: "allow all" + insertafter: '^#allow' - name: postfix master.cf debian8 tags: postfix @@ -129,7 +163,7 @@ src: postfix_master.cf.patch.redhat9 dest: /etc/postfix/master.cf when: - - ansible_distribution == "RedHat" + - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - name: enable postfix service on redhat tags: postfix @@ -137,7 +171,7 @@ name: postfix enabled: yes when: - - ansible_distribution == "RedHat" + - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - name: postfix inet_protocols ipv4 (redhat) tags: postfix @@ -146,7 +180,7 @@ regexp: '^inet_protocols\s' line: "inet_protocols = ipv4" when: - - ansible_distribution == "RedHat" + - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - name: postfix myhostname (redhat) tags: postfix @@ -155,7 +189,7 @@ regexp: '^myhostname\s' line: "myhostname = {{ hostname }}.{{ domain }}" when: - - ansible_distribution == "RedHat" + - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - name: postfix relayhost tags: postfix diff --git a/tasks/redhat.yml b/tasks/redhat.yml index 0927b1e..b2a4104 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -35,39 +35,107 @@ - perl-JSON - perl-English - net-tools - - mlocate - glibc-langpack-hu - setools-console - setroubleshoot-server + - acl state: present + retries: 3 + delay: 15 -- name: subscription-manager repo change for epel install - tags: dnf - shell: "subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms" - -- name: install epel-release - tags: dnf - dnf: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm - disable_gpg_check: yes - -- name: install packages, 2nd round +- name: install packages for rhel9 + tags: dnf + dnf: + name: + - mlocate + state: present + retries: 3 + delay: 15 + when: "ansible_distribution_major_version|int() == 9" + +- name: install packages for rhel10-99 + tags: dnf + dnf: + name: + - plocate + state: present + retries: 3 + delay: 15 + when: "ansible_distribution_major_version|int() >= 10" + +- name: subscription-manager repo change for epel install + tags: dnf + shell: "subscription-manager repos --enable codeready-builder-for-rhel-{{ ansible_distribution_major_version }}-$(arch)-rpms" + when: ansible_distribution == "RedHat" + +- name: install epel-release on redhat + tags: dnf + dnf: + name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" + disable_gpg_check: yes + when: ansible_distribution == "RedHat" + retries: 3 + delay: 15 + +- name: install epel-release on alma + tags: dnf + dnf: + name: epel-release + when: ansible_distribution == "AlmaLinux" + +- name: install packages, 2nd round, rhel9 tags: dnf dnf: name: - - ntpsec - ngrep - - pwgen - screen - mosh + - ntpsec + - pwgen - w3m - prename - python3-redis + retries: 3 + delay: 15 + when: "ansible_distribution_major_version|int() == 9" + +- name: install packages, 2nd round, rhel10-99 + tags: dnf + dnf: + name: + - ngrep + - screen + - mosh + - python3-redis + - chrony + retries: 3 + delay: 15 + when: "ansible_distribution_major_version|int() >= 10" + +- name: setup fedora40 repo, rhel10 + copy: + src: fedora40.repo + dest: /etc/yum.repos.d/fedora40.repo + when: + - ansible_distribution == "RedHat" + - ansible_distribution_major_version|int() == 10 + +- name: install package from fedora40 repo, rhel10 + tags: dnf + dnf: + name: + - pwgen + - prename + enablerepo: fedora40 + retries: 4 + delay: 30 + when: "ansible_distribution_major_version|int() == 10" - name: enable ntpd service systemd_service: name: ntpd enabled: true + when: "ansible_distribution_major_version|int() == 9" - name: remove motd.d/insights-client file: