--- - name: Get the current kernel release. ansible.builtin.command: uname -r changed_when: false register: kernel_release - name: Ensure necessary packages are installed. ansible.builtin.yum: name: - wget - perl - cpp - gcc - make - bzip2 - kernel-headers - kernel-devel - "kernel-devel-{{ kernel_release.stdout }}" - cifs-utils state: present - name: install dbus-tools on RHEL 8+ ansible.builtin.yum: name: - dbus-tools state: present when: ansible_distribution_major_version|int >= 8 - name: Ensure libselinux-python package is installed. ansible.builtin.yum: name: - libselinux-python state: present when: ansible_distribution_major_version|int < 8 - name: set python block: - name: Ensure python3 packages are installed. ansible.builtin.yum: name: - python3 - python3-libselinux state: present - name: set python community.general.alternatives: name: python path: /usr/bin/python3 when: ansible_distribution_major_version|int == 8 # Fix slow DNS. - name: Fix slow DNS (adapted from Bento). ansible.builtin.lineinfile: dest: /etc/sysconfig/network regexp: '^RES_OPTIONS' line: 'RES_OPTIONS="single-request-reopen"' state: present # see https://fedoraproject.org/wiki/Changes/NetworkManager_keyfile_instead_of_ifcfg_rh - name: ensure older style network config files for greater compatibility ansible.builtin.copy: dest: /etc/NetworkManager/conf.d/99-main-plugins.conf mode: '0644' content: | [main] plugins=ifcfg-rh when: ansible_distribution_major_version|int == 8 - name: Restart network service (explicitly). ansible.builtin.service: name: network state: restarted when: ansible_distribution_major_version|int < 8 - name: Restart NetworkManager service (explicitly). ansible.builtin.service: name: NetworkManager state: restarted when: ansible_distribution_major_version|int == 8 - name: Ensure we can still connect ansible.builtin.wait_for_connection: # SSH daemon configuration. - name: Configure SSH daemon. ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present loop: - { regexp: '^UseDNS', line: 'UseDNS no' } - { regexp: '^GSSAPIAuthentication', line: 'GSSAPIAuthentication no' } # Local user SSH configuration. - name: Configure local user .ssh directory. ansible.builtin.file: path: /home/{{ local_account_username }}/.ssh state: directory owner: "{{ local_account_username }}" group: "{{ local_account_username }}" mode: '0700' - name: Get Vagrant's public key. ansible.builtin.get_url: url: https://github.com/hashicorp/vagrant/raw/master/keys/vagrant.pub dest: /home/{{ local_account_username }}/.ssh/authorized_keys owner: "{{ local_account_username }}" group: "{{ local_account_username }}" mode: '0600' ignore_errors: true when: target_vagrant | bool - name: autolabel on boot ansible.builtin.command: fixfiles onboot changed_when: false - name: cloud init ansible.builtin.include_tasks: cloud-init.yml when: target_ovirt | bool - name: grow partition ansible.builtin.include_tasks: grow_part.yml when: not (target_ovirt | bool) - name: ovirt agent ansible.builtin.include_tasks: ovirt.yml when: target_ovirt | bool # VirtualBox tools installation. - name: Check if VirtualBox is running the guest VM. ansible.builtin.stat: path: /home/{{ local_account_username }}/.vbox_version register: virtualbox_check - name: virtualbox guest additions ansible.builtin.include_tasks: virtualbox.yml when: virtualbox_check.stat.exists # VMware tools installation. - name: Check if VMWare is running the guest VM. ansible.builtin.shell: | set -o pipefail cat /proc/scsi/scsi | grep VMware changed_when: false failed_when: false register: vmware_check - name: vmware tools ansible.builtin.include_tasks: vmware.yml when: vmware_check.rc == 0 - name: parallels tools ansible.builtin.include_role: name: "{{ parallels_tools_role }}" when: ('Parallels' in (ansible_product_name | default('', true))) or (ansible_product_name == None and 'Parallels' in ansible_interfaces[0].interface_name) # Cleanup tasks. - name: Remove unneeded packages. ansible.builtin.yum: name: - cpp - kernel-devel - kernel-headers disablerepo: '*' state: absent - name: Clean up yum. ansible.builtin.command: yum clean all changed_when: false no_log: true - name: Flag the system for re-configuration ansible.builtin.file: path: /.unconfigured state: touch mode: '0644' - name: Reset hostname to localhost.localadmin ansible.builtin.copy: content: 'localhost.localdomain' dest: /etc/hostname mode: '0644' - name: Remove RedHat interface persistence (step 1). ansible.builtin.file: path: /etc/udev/rules.d/70-persistent-net.rules state: absent - name: Ensure NetworkManager config file is removed ansible.builtin.file: path: /etc/NetworkManager/system-connections/{{ ansible_default_ipv4.interface | default('eth0') }}.nmconnection state: absent - name: Check for network config file ansible.builtin.stat: path: /etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4.interface | default('eth0') }} register: network_config_file - name: Remove interface block: - name: Remove RedHat interface persistence (step 2). ansible.builtin.lineinfile: dest: "{{ network_config_file.stat.path }}" regexp: "{{ item }}" state: absent loop: - '^HWADDR' - '^UUID' - '^IPADDR' - '^NETMASK' - '^GATEWAY' - name: Set interface to DHCP ansible.builtin.lineinfile: dest: "{{ network_config_file.stat.path }}" regexp: '^BOOTPROTO=' line: BOOTPROTO=dhcp when: network_config_file.stat.exists - name: Force logs to rotate (step 1) ansible.builtin.command: /usr/sbin/logrotate -f /etc/logrotate.conf changed_when: false - name: Find any log files to delete ansible.builtin.find: paths: /var/log patterns: - "*-????????" - "*.gz" register: find_log_files - name: Force logs to rotate (step 2) ansible.builtin.file: path: "{{ item.path }}" state: absent loop: "{{ find_log_files.files }}" failed_when: false - name: Clear audit log and wtmp (step 1) ansible.builtin.shell: cat /dev/null > /var/log/audit/audit.log changed_when: false - name: Clear audit log and wtmp (step 2) ansible.builtin.shell: cat /dev/null > /var/log/wtmp changed_when: false - name: Remove ssh-host files ansible.builtin.command: rm -fr /etc/ssh/ssh_host_* changed_when: false no_log: true