bitfit/ansible_etalon_deploy
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ansible_etalon_deploy/tasks/main.yml
ROTTLER Tamas fb13f7e107 redhat/almalinux
2025-11-16 16:08:23 +01:00

163 lines
4.2 KiB
YAML
Raw Blame History

---
- name: "add ansible user"
remote_user: root
ignore_unreachable: yes
user:
name: ansible
system: yes
home: /var/local/ansible
comment: 'ansible management'
password: '!'
shell: '/bin/bash'
- name: "authorized_keys for ansible user"
remote_user: root
ignore_unreachable: yes
authorized_key:
user: ansible
key: "{{ mgmt_ssh_key }}"
- name: "sudo for ansible user"
remote_user: root
ignore_unreachable: yes
lineinfile:
path: /etc/sudoers
line: "ansible ALL=(ALL) NOPASSWD: ALL"
- name: delayed facts gathering as root user
remote_user: root
ignore_unreachable: yes
setup:
- name: delayed facts gathering as ansible user in case root keys are already withdrawed
setup:
when: ansible_distribution is not defined
- name: install python3-policycoreutils on almalinux
ignore_unreachable: yes
remote_user: root
dnf:
name: python3-policycoreutils
when:
#- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
- ansible_distribution == "AlmaLinux"
- ansible_selinux.status == 'enabled'
- name: ansible user .ssh selinux fcontext
ignore_unreachable: yes
remote_user: root
sefcontext:
setype: ssh_home_t
target: "/var/local/ansible/.ssh(/.*)?"
when:
- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
- ansible_selinux.status == 'enabled'
- name: ansible user .ssh restorecon
ignore_unreachable: yes
remote_user: root
command: "restorecon -r /var/local/ansible/.ssh"
when:
- ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
- ansible_selinux.status == 'enabled'
##############################################################################
# as ansible user from here
- name: empty /etc/resolv.conf to avoid own hostname resolve errors
copy:
content: ""
dest: /etc/resolv.conf
tags: dns
when: ansible_distribution == "Debian"
- name: set hostname
command: "hostname {{ hostname }}"
- name: new /etc/hostname
copy:
dest: /etc/hostname
content: "{{ hostname }}\n"
- name: /etc/network directory
file:
path: /etc/network
state: directory
when: ansible_distribution == "Debian"
- name: new /etc/network/interfaces
template:
src: interfaces.t
dest: /etc/network/interfaces
when: ansible_distribution == "Debian"
- name: new /etc/resolv.conf
template:
src: resolv.conf.t
dest: /etc/resolv.conf
tags: dns
- name: networkmanager configuration
template:
src: nmconnection
dest: "/etc/NetworkManager/system-connections/{{ ansible_default_ipv4.interface }}.nmconnection"
when: (ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux")
- name: new /etc/hosts
template:
src: hosts.t
dest: /etc/hosts
when: ansible_distribution == "Debian"
tags: dns
- name: new /etc/resolv.conf
template:
src: resolv.conf.t
dest: /etc/resolv.conf
when: ansible_distribution == "Debian"
tags: dns
- name: remove ssh host keys
shell: "rm /etc/ssh/ssh_host*key*"
- name: create new ssh host keys
command: "dpkg-reconfigure openssh-server"
when: ansible_distribution == "Debian"
- name: create new ssh host keys
systemd_service:
name: sshd
state: restarted
when: ansible_distribution == "RedHat" or ansible_distribution == "AlmaLinux"
- name: redhat subscription clean
command: "subscription-manager clean"
when: ansible_distribution == "RedHat"
- name: redhat subscription rhel9
community.general.redhat_subscription:
state: present
auto_attach: true
consumer_name: "{{ hostname }}"
force_register: true
username: "{{ rhsm_user }}"
password: "{{ rhsm_passwd }}"
when:
- ansible_distribution == "RedHat"
- ansible_distribution_major_version|int() == 9
- name: redhat subscription rhel10-99
when:
- ansible_distribution == "RedHat"
- ansible_distribution_major_version|int() == 10
block:
- name: register
command: "subscription-manager register --username '{{ rhsm_user }}' --password '{{ rhsm_passwd }}'"
- name: manage_repos=1
command: "subscription-manager config --rhsm.manage_repos=1"
#- name: postfix hostname ???? - nem kell, ezutan installaljuk csak
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
Reference in New Issue View Git Blame Copy Permalink