forked from msvsphere/cloud-images
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
133 lines
3.1 KiB
133 lines
3.1 KiB
1 year ago
|
---
|
||
|
- name: Remove firewalld and linux-firmware
|
||
|
ansible.builtin.dnf:
|
||
|
name:
|
||
|
- firewalld
|
||
|
- firewalld-filesystem
|
||
|
- ipset
|
||
|
- ipset-libs
|
||
|
- iptables
|
||
|
- python3-firewall
|
||
|
- python3-slip
|
||
|
- libnftnl
|
||
|
- libnfnetlink
|
||
|
- linux-firmware
|
||
|
state: absent
|
||
|
|
||
|
- name: Install additional software
|
||
|
ansible.builtin.dnf:
|
||
|
name:
|
||
|
- cockpit-system
|
||
|
- cockpit-ws
|
||
|
- dnf-utils
|
||
|
- gdisk
|
||
|
- nfs-utils
|
||
|
- rsync
|
||
|
- tar
|
||
|
- tuned
|
||
|
- tcpdump
|
||
|
state: present
|
||
|
|
||
|
- name: Find persistent-net.rules
|
||
|
ansible.builtin.find:
|
||
|
paths: /etc/udev/rules.d
|
||
|
patterns: 70*
|
||
|
register: net_rules
|
||
|
|
||
|
- name: Delete persistent-net.rules
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item.path }}"
|
||
|
state: absent
|
||
|
with_items: "{{ net_rules.files }}"
|
||
|
|
||
|
- name: Configure /etc/sysconfig/network
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /etc/sysconfig/network
|
||
|
line: "{{ item }}"
|
||
|
with_items:
|
||
|
- NETWORKING=yes
|
||
|
- NOZEROCONF=yes
|
||
|
|
||
|
- name: Configure /etc/sysconfig/network-scripts/ifcfg-eth0
|
||
|
ansible.builtin.copy:
|
||
|
src: ifcfg-eth0
|
||
|
dest: /etc/sysconfig/network-scripts/ifcfg-eth0
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0644
|
||
|
|
||
|
- name: Configure /etc/cloud/cloud.cfg.d/00_Ec2.cfg
|
||
|
ansible.builtin.copy:
|
||
|
src: 00_Ec2.cfg
|
||
|
dest: /etc/cloud/cloud.cfg.d/00_Ec2.cfg
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0644
|
||
|
|
||
|
- name: Disable consistent network device naming
|
||
|
ansible.builtin.file:
|
||
|
src: /dev/null
|
||
|
dest: /etc/udev/rules.d/80-net-name-slot.rules
|
||
|
owner: root
|
||
|
group: root
|
||
|
state: link
|
||
|
|
||
|
- name: Disable virtual terminals allocation by logind
|
||
|
ansible.builtin.replace:
|
||
|
path: '/etc/systemd/logind.conf'
|
||
|
regexp: '^#?NAutoVTs=\d+'
|
||
|
replace: 'NAutoVTs=0'
|
||
|
|
||
|
- name: Configure NetworkManager default DHCP timeout
|
||
|
community.general.ini_file:
|
||
|
path: /etc/NetworkManager/conf.d/dhcp.conf
|
||
|
section: connection
|
||
|
option: ipv4.dhcp-timeout
|
||
|
value: 300
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0644
|
||
|
seuser: system_u
|
||
|
|
||
|
- name: Set default kernel package type to kernel
|
||
|
ansible.builtin.replace:
|
||
|
path: /etc/sysconfig/kernel
|
||
|
regexp: '^(DEFAULTKERNEL=).*$'
|
||
|
replace: '\1kernel'
|
||
|
|
||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1849082#c7
|
||
|
- name: Enable Xen support
|
||
|
block:
|
||
|
- name: Enable xen drivers in dracut
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /etc/dracut.conf.d/xen.conf
|
||
|
line: 'add_drivers+=" xen-netfront xen-blkfront "'
|
||
|
create: true
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: 0644
|
||
|
|
||
|
- name: Upgrade initramfs
|
||
|
ansible.builtin.command: dracut -f --regenerate-all
|
||
|
when: ansible_facts['architecture'] == 'x86_64'
|
||
|
|
||
|
- name: Add msvsphere user to /etc/sudoers
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /etc/sudoers
|
||
|
line: "msvsphere\tALL=(ALL)\tNOPASSWD: ALL"
|
||
|
state: present
|
||
|
|
||
|
- name: Set virtual-guest as default profile for tuned
|
||
|
ansible.builtin.lineinfile:
|
||
|
path: /etc/tuned/active_profile
|
||
|
line: virtual-guest
|
||
|
create: yes
|
||
|
|
||
|
- name: Regenerate the initramfs
|
||
|
ansible.builtin.command: dracut -f --regenerate-all
|
||
|
|
||
|
- name: Disable root login
|
||
|
ansible.builtin.user:
|
||
|
name: root
|
||
|
password: '!!'
|