--- - name: "add ansible user" remote_user: root ignore_unreachable: yes user: name: ansible system: yes home: /var/local/ansible comment: 'ansible management' password: '!' shell: '/bin/bash' - name: "authorized_keys for ansible user" remote_user: root ignore_unreachable: yes authorized_key: user: ansible key: "{{ mgmt_ssh_key }}" - name: "sudo for ansible user" remote_user: root ignore_unreachable: yes lineinfile: path: /etc/sudoers line: "ansible ALL=(ALL) NOPASSWD: ALL" - name: delayed facts gathering as root user remote_user: root ignore_unreachable: yes setup: - name: delayed facts gathering as ansible user in case root keys are already withdrawed setup: when: ansible_distribution is not defined - name: install python3-policycoreutils on almalinux ignore_unreachable: yes remote_user: root dnf: name: python3-policycoreutils when: #- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - ansible_distribution == "AlmaLinux" - ansible_selinux.status == 'enabled' - name: ansible user .ssh selinux fcontext ignore_unreachable: yes remote_user: root sefcontext: setype: ssh_home_t target: "/var/local/ansible/.ssh(/.*)?" when: - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - ansible_selinux.status == 'enabled' - name: ansible user .ssh restorecon ignore_unreachable: yes remote_user: root command: "restorecon -r /var/local/ansible/.ssh" when: - ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - ansible_selinux.status == 'enabled' ############################################################################## # as ansible user from here - name: empty /etc/resolv.conf to avoid own hostname resolve errors copy: content: "" dest: /etc/resolv.conf tags: dns when: ansible_distribution == "Debian" - name: set hostname command: "hostname {{ hostname }}" - name: new /etc/hostname copy: dest: /etc/hostname content: "{{ hostname }}\n" - name: /etc/network directory file: path: /etc/network state: directory when: ansible_distribution == "Debian" - name: new /etc/network/interfaces template: src: interfaces.t dest: /etc/network/interfaces when: ansible_distribution == "Debian" - name: new /etc/resolv.conf template: src: resolv.conf.t dest: /etc/resolv.conf tags: dns - name: networkmanager configuration template: src: nmconnection dest: "/etc/NetworkManager/system-connections/{{ ansible_default_ipv4.interface }}.nmconnection" when: (ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux") - name: new /etc/hosts template: src: hosts.t dest: /etc/hosts when: ansible_distribution == "Debian" tags: dns - name: new /etc/resolv.conf template: src: resolv.conf.t dest: /etc/resolv.conf when: ansible_distribution == "Debian" tags: dns - name: remove ssh host keys shell: "rm /etc/ssh/ssh_host*key*" - name: create new ssh host keys command: "dpkg-reconfigure openssh-server" when: ansible_distribution == "Debian" - name: create new ssh host keys systemd_service: name: sshd state: restarted when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux" - name: redhat subscription clean command: "subscription-manager clean" when: ansible_distribution == "RedHat" - name: redhat subscription rhel9 community.general.redhat_subscription: state: present auto_attach: true consumer_name: "{{ hostname }}" force_register: true username: "{{ rhsm_user }}" password: "{{ rhsm_passwd }}" when: - ansible_distribution == "RedHat" - ansible_distribution_major_version|int() == 9 - name: redhat subscription rhel10-99 when: - ansible_distribution == "RedHat" - ansible_distribution_major_version|int() == 10 block: - name: register command: "subscription-manager register --username '{{ rhsm_user }}' --password '{{ rhsm_passwd }}'" - name: manage_repos=1 command: "subscription-manager config --rhsm.manage_repos=1" #- name: postfix hostname ???? - nem kell, ezutan installaljuk csak # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: