--- - name: Remove firewalld and linux-firmware ansible.builtin.dnf: name: - firewalld - firewalld-filesystem - ipset - ipset-libs - iptables - python3-firewall - python3-slip - libnftnl - libnfnetlink - linux-firmware state: absent - name: Install additional software ansible.builtin.dnf: name: - cockpit-system - cockpit-ws - dnf-utils - gdisk - rsync - tar - tuned - tcpdump state: present - name: Find persistent-net.rules ansible.builtin.find: paths: /etc/udev/rules.d patterns: 70* register: net_rules - name: Delete persistent-net.rules ansible.builtin.file: path: "{{ item.path }}" state: absent with_items: "{{ net_rules.files }}" - name: Configure /etc/sysconfig/network ansible.builtin.lineinfile: path: /etc/sysconfig/network line: "{{ item }}" with_items: - NETWORKING=yes - NOZEROCONF=yes - name: Configure /etc/sysconfig/network-scripts/ifcfg-eth0 ansible.builtin.copy: src: ifcfg-eth0 dest: /etc/sysconfig/network-scripts/ifcfg-eth0 owner: root group: root mode: 0644 - name: Disable consistent network device naming ansible.builtin.file: src: /dev/null dest: /etc/udev/rules.d/80-net-name-slot.rules owner: root group: root state: link - name: Disable virtual terminals allocation by logind ansible.builtin.replace: path: '/etc/systemd/logind.conf' regexp: '^#?NAutoVTs=\d+' replace: 'NAutoVTs=0' - name: Configure NetworkManager default DHCP timeout community.general.ini_file: path: /etc/NetworkManager/conf.d/dhcp.conf section: connection option: ipv4.dhcp-timeout value: 300 owner: root group: root mode: 0644 seuser: system_u - name: Set default kernel package type to kernel ansible.builtin.replace: path: /etc/sysconfig/kernel regexp: '^(DEFAULTKERNEL=).*$' replace: '\1kernel' # https://bugzilla.redhat.com/show_bug.cgi?id=1849082#c7 - name: Enable Xen support block: - name: Enable xen drivers in dracut ansible.builtin.lineinfile: path: /etc/dracut.conf.d/xen.conf line: 'add_drivers+=" xen-netfront xen-blkfront "' create: true owner: root group: root mode: 0644 - name: Upgrade initramfs ansible.builtin.command: dracut -f --regenerate-all when: ansible_facts['architecture'] == 'x86_64' - name: Add msvsphere user to /etc/sudoers ansible.builtin.lineinfile: path: /etc/sudoers line: "msvsphere\tALL=(ALL)\tNOPASSWD: ALL" state: present - name: Set virtual-guest as default profile for tuned ansible.builtin.lineinfile: path: /etc/tuned/active_profile line: virtual-guest create: yes - name: Regenerate the initramfs ansible.builtin.command: dracut -f --regenerate-all - name: Disable root login ansible.builtin.user: name: root password: '!!'