ansible/playbooks/hosts/noc-cc01.rdu-cc.fedoraproject.org.yml

# This is a basic playbook

---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
  vars:
    myhosts: "noc-cc01.rdu-cc.fedoraproject.org"

- name: make cloud noc hardware
  hosts: noc-cc01.rdu-cc.fedoraproject.org
  user: root
  gather_facts: true

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
  - base
  - rkhunter
  - nagios_client
  - hosts
  - openvpn/client
  - ipa/client
  - collectd/base
  - sudo
  - dhcp_server
  - tftp_server

  pre_tasks:
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  tasks:
  - import_tasks: "{{ tasks_path }}/motd.yml"

  - name: install some packages which arent in playbooks
    ansible.builtin.package:
      state: present
      name:
        - nmap
        - tcpdump
        - dhcp-server

  - name: check if ntpd port is already known by selinux
    ansible.builtin.shell: semanage port -l | grep ntp
    register: ntp_selinux_port
    check_mode: no
    changed_when: false
    failed_when: false
    tags:
    - config
    - selinux

  - name: allow alternate ntpd port
    ansible.builtin.command: semanage port -a -t ntp_port_t -p tcp 124
    when: '"124" not in ntp_selinux_port'
    failed_when: false
    tags:
    - config
    - selinux

  - name: allow alternate ntpd port
    ansible.builtin.command: semanage port -a -t ntp_port_t -p udp 124
    when: '"124" not in ntp_selinux_port'
    failed_when: false
    tags:
    - config
    - selinux

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"