diff --git a/tasks/main.yml b/tasks/main.yml index 72a995a..57ea069 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -24,16 +24,52 @@ path: /etc/sudoers line: "ansible ALL=(ALL) NOPASSWD: ALL" -# as ansible user from here - -- name: delayed facts gathering +- name: delayed facts gathering as root user + remote_user: root + ignore_unreachable: yes setup: +- name: delayed facts gathering as ansible user in case root keys are already withdrawed + setup: + when: ansible_distribution is not defined + +- name: install python3-policycoreutils on almalinux + ignore_unreachable: yes + remote_user: root + dnf: + name: python3-policycoreutils + when: + #- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" + - ansible_distribution == "AlmaLinux" + - ansible_selinux.status == 'enabled' + +- name: ansible user .ssh selinux fcontext + ignore_unreachable: yes + remote_user: root + sefcontext: + setype: ssh_home_t + target: "/var/local/ansible/.ssh(/.*)?" + when: + - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" + - ansible_selinux.status == 'enabled' + +- name: ansible user .ssh restorecon + ignore_unreachable: yes + remote_user: root + command: "restorecon -r /var/local/ansible/.ssh" + when: + - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" + - ansible_selinux.status == 'enabled' + +############################################################################## +# as ansible user from here + - name: empty /etc/resolv.conf to avoid own hostname resolve errors copy: content: "" dest: /etc/resolv.conf tags: dns + when: ansible_distribution == "Debian" - name: set hostname command: "hostname {{ hostname }}" @@ -47,17 +83,13 @@ file: path: /etc/network state: directory + when: ansible_distribution == "Debian" - name: new /etc/network/interfaces template: src: interfaces.t dest: /etc/network/interfaces - -- name: new /etc/hosts - template: - src: hosts.t - dest: /etc/hosts - tags: dns + when: ansible_distribution == "Debian" - name: new /etc/resolv.conf template: @@ -65,11 +97,65 @@ dest: /etc/resolv.conf tags: dns +- name: networkmanager configuration + template: + src: nmconnection + dest: "/etc/NetworkManager/system-connections/{{ ansible_default_ipv4.interface }}.nmconnection" + when: (ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux") + +- name: new /etc/hosts + template: + src: hosts.t + dest: /etc/hosts + when: ansible_distribution == "Debian" + tags: dns + +- name: new /etc/resolv.conf + template: + src: resolv.conf.t + dest: /etc/resolv.conf + when: ansible_distribution == "Debian" + tags: dns + - name: remove ssh host keys shell: "rm /etc/ssh/ssh_host*key*" - name: create new ssh host keys command: "dpkg-reconfigure openssh-server" + when: ansible_distribution == "Debian" + +- name: create new ssh host keys + systemd_service: + name: sshd + state: restarted + when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" + +- name: redhat subscription clean + command: "subscription-manager clean" + when: ansible_distribution == "RedHat" + +- name: redhat subscription rhel9 + community.general.redhat_subscription: + state: present + auto_attach: true + consumer_name: "{{ hostname }}" + force_register: true + username: "{{ rhsm_user }}" + password: "{{ rhsm_passwd }}" + when: + - ansible_distribution == "RedHat" + - ansible_distribution_major_version|int() == 9 + +- name: redhat subscription rhel10-99 + when: + - ansible_distribution == "RedHat" + - ansible_distribution_major_version|int() == 10 + block: + - name: register + command: "subscription-manager register --username '{{ rhsm_user }}' --password '{{ rhsm_passwd }}'" + + - name: manage_repos=1 + command: "subscription-manager config --rhsm.manage_repos=1" #- name: postfix hostname ???? - nem kell, ezutan installaljuk csak diff --git a/templates/nmconnection b/templates/nmconnection new file mode 100644 index 0000000..f369c1e --- /dev/null +++ b/templates/nmconnection @@ -0,0 +1,22 @@ +[connection] +id={{ ansible_default_ipv4.interface }} +#uuid= +type=ethernet +autoconnect-priority=-999 +interface-name={{ ansible_default_ipv4.interface }} + +[ethernet] + +[ipv4] +address1={{ ip }}/{{ netmask }},{{ gw }} +{% set nameservers = dns.split('+') %} +dns={% for a in nameservers %}{{ a }};{% endfor %} + +dns-search={{ domain }} +method=manual + +[ipv6] +addr-gen-mode=eui64 +method=disabled + +[proxy]