blob: ae412e8efa6f5027709ebf70313cc5aef2ee6a97 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
---
- name: Install desired extra packages (yum)
yum: state=present pkg={{ item }}
with_items:
- ntpdate
- ntp
- libsemanage-python
- libselinux-python
when: ansible_distribution_major_version|int < 22
tags:
- packages
- name: Install desired extra packages (dnf)
dnf: state=present pkg={{ item }}
with_items:
- ntpdate
- ntp
- libsemanage-python
- libselinux-python
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
tags:
- packages
- name: remove some packages (yum)
yum: state=absent pkg={{ item }}
with_items:
- chrony
tags:
- packages
when: ansible_distribution_major_version|int < 22
- name: remove some packages (dnf)
dnf: state=absent pkg={{ item }}
with_items:
- chrony
tags:
- packages
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
- name: Include basessh
include_role: name=basessh
- name: put step-tickers in place
copy: src="{{ files }}/common/step-tickers" dest=/etc/ntp/step-tickers
when: ansible_cmdline.ostree is not defined
tags:
- ntp
- config
- name: enable the service
service: name=ntpd state=started enabled=true
when: ansible_cmdline.ostree is not defined
#- name: edit hostname to be instance name - prefix hostbase var if it exists
# shell: hostname {{ hostbase }}`curl -s http://169.254.169.254/latest/meta-data/instance-id`
# tags:
# - config
- name: add ansible root key
authorized_key: user=root key="{{ item }}"
with_file:
- /srv/web/infra/ansible/roles/base/files/ansible-pub-key
tags:
- config
- sshkeys
- name: add root keys for sysadmin-main and other allowed users
authorized_key: user=root key="{{ item }}"
with_lines:
- "/srv/web/infra/ansible/scripts/auth-keys-from-fas @sysadmin-main {{ root_auth_users }}"
tags:
- config
- sshkeys
ignore_errors: true
- name: enable ssh_sysadm_login sebool
seboolean: name=ssh_sysadm_login state=yes persistent=yes
ignore_errors: true
# note - kinda should be a handler - but handlers need args
- name: restorecon
file: path=/root/.ssh setype=ssh_home_t recurse=yes
tags:
- config
- name: update all
command: yum -y update creates=/etc/sysconfig/global-update-applied
register: updated
when: ansible_distribution_major_version|int < 22
tags:
- packages
- name: update all
command: dnf -y update creates=/etc/sysconfig/global-update-applied
register: updated
when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined
tags:
- packages
- name: write out global-update-applied file if we updated
copy: content="updated" dest=/etc/sysconfig/global-update-applied
when: updated is defined
tags:
- packages
|
