playbooks/common.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

- hosts: '{{ hostlist | default("el") }}'
  gather_facts: no
  tags: common
  roles:
    - role: proxmox_instance
      when: '"proxmox_instances" in group_names'
      tags: proxmox

    - role: dns_records
      when: not (bootstrap | default(false))
      tags: dns

    - role: gather_facts
      when: not ansible_facts
      tags: always

    - role: udev
      when: not ansible_virtualization_tech_guest
      tags: udev

    - role: root_authorized_keys
      tags: authorized_keys

    - role: root_password
      tags: root_password

    - role: polkit
      tags: polkit

    - role: grub
      tags: grub

    - role: sudo
      tags: sudo,sudoers

    - role: hostname
      tags: hostname

    - role: timezone
      tags: timezone

    - role: journald
      tags: journald

    - role: yum_disable_default_repos
      when: '"yum_mirrors" not in group_names'

    - role: yum
      yum_repositories:
        - rocky-baseos
        - rocky-appstream
        - rocky-extras
      when:
        - '"yum_mirrors" not in group_names'
        - not (bootstrap | default(false))
      tags: yum

    - role: dnsmasq
      when: '"freeipa_servers" not in group_names'
      tags: dnsmasq

    - role: locale
      tags: locale

    - role: selinux
      tags: selinux

    - role: qemu_guest_agent
      when: '"kvm" in ansible_virtualization_tech_guest'
      tags: qemu

    - role: firewalld
      tags: firewalld

    - role: chrony
      tags: chrony,ntp

    - role: dnf_automatic
      tags: yum

    - role: ssh
      tags: ssh

    - role: tuned
      tags: tuned

    - role: motd
      tags: motd

    - role: packages
      tags: packages

    - role: postfix_client
      when: '"mail_servers" not in group_names'
      tags: postfix,mail

    - role: freeipa_client
      when: '"freeipa_servers" not in group_names'
      tags: freeipa

    - role: rsyslog_client
      when:
        - '"syslog_servers" not in group_names'
        - not (bootstrap | default(false))
      tags: rsyslog

    - role: nagios_client
      when:
        - (group_names | intersect(nagios_excluded_groups) | length) == 0
        - '"yum_mirrors" not in group_names'
        - not (bootstrap | default(false))
      tags: nagios