ansible/tasks/base.yml

---

- name: sshd_config 
  action: copy src=$item dest=/etc/ssh/sshd_config mode=600
  with_first_found:
    - $sshd_config
    - ${files}/ssh/sshd_config.${ansible_fqdn}
    - ${files}/ssh/sshd_config.${host_group}
    - ${files}/ssh/sshd_config.${dist_tag}
    - ${files}/ssh/sshd_config.${ansible_distribution}
  notify:
  - restart sshd
  tags:
  - sshd_config
  - config
  - sshd

- name: set root passwd
  action: user name=root password=$rootpw state=present
  tags:
  - rootpw

- name: add ansible root key 
  action: authorized_key user=root key='$FILE(${files}/common/ansible-pub-key)'
  tags:
  - config

  
- name: default packages to install
  action: yum state=installed name=$item
  with_items:
  - bind-utils
  - joe
  - mailx
  - nc
  - openssh-clients
  - patch
  - postfix
  - strace
  - telnet
  - tmpwatch
  - traceroute
  - vim-enhanced
  - xz
  - zsh
  tags:
  - packages

#### RHEL SPECIFIC - see the only_if
- name: default pkgs to remove on rhel
  action: yum state=removed name=$item
  with_items:
  - logwatch
  - firstboot-tui
  - bluez-utils
  - sendmail
  only_if: '$is_rhel'
  tags:
  - packages


### END RHEL SPECIFIC ####

### FEDORA SPECIFIC BITS ####

- name: default pkgs to remove on fedora
  action: yum state=removed name=$item
  with_items:
  - firewalld
  - PackageKit*
  - sendmail
  - at
  only_if: '$is_fedora'
  tags:
  - packages

- name: pkgs to install on fedora
  action: yum state=installed name=$item
  with_items:
  - iptables-services
  only_if: '$is_fedora'
  tags:
  - packages

- name: disabled services on fedora
  action: service state=stopped enabled=false name=$item
  with_items:
  - avahi-daemon
  only_if: '$is_fedora'
  tags:
  - service
  - config

#### END FEDORA SPECIFIC ####


- name: iptables
  action: template src=$item dest=/etc/sysconfig/iptables mode=600
  with_first_found:
    - $iptables
    - $files/iptables/iptables.${ansible_fqdn}
    - $files/iptables/iptables.${host_group}
    - $files/iptables/iptables
  notify:
  - restart iptables
  tags:
  - iptables
  - config

# XXX fixme # a datacenter 'fact' from setup
- name: /etc/resolv.conf
  action: copy src=$item dest=/etc/resolv.conf
  with_first_found:
  - ${resolvconf}
  - $files/resolv.conf/${ansible_fqdn}
  - $files/resolv.conf/${host_group}
  - $files/resolv.conf/${datacenter}
  - $files/resolv.conf/resolv.conf
  tags:
  - config
  - resolvconf

- name: rsyslog.conf
  action: copy src=$item dest=/etc/rsyslog.conf mode=644
  with_first_found:
    - $rsyslogconf
    - $files/rsyslog/rsyslog.conf.${ansible_fqdn}
    - $files/rsyslog/rsyslog.conf.${host_group}
    - $files/rsyslog/rsyslog.conf.${datacenter}
    - $files/rsyslog/rsyslog.conf

  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config

- name: /etc/postfix/main.cf
  action: copy src=$item dest=/etc/postfix/main.cf
  with_first_found:
    - $postfix_maincf
    - $files/postfix/main.cf.${ansible_fqdn}
    - $files/postfix/main.cf.${host_group}
    - $files/postfix/main.cf.${postfix_group}
    - $files/postfix/main.cf
  notify:
  - restart postfix
  tags:
  - postfix
  - config
base tasks 2012-10-17 20:33:38 +00:00			`---`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00
			`- name: sshd_config`
pretty sure this never worked :) 2013-05-20 21:58:11 +00:00			`action: copy src=$item dest=/etc/ssh/sshd_config mode=600`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`- $sshd_config`
add basic f19 sshd_config 2013-05-15 21:06:21 +00:00			`- ${files}/ssh/sshd_config.${ansible_fqdn}`
			`- ${files}/ssh/sshd_config.${host_group}`
			`- ${files}/ssh/sshd_config.${dist_tag}`
			`- ${files}/ssh/sshd_config.${ansible_distribution}`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`notify:`
			`- restart sshd`
			`tags:`
			`- sshd_config`
			`- config`
			`- sshd`

			`- name: set root passwd`
			`action: user name=root password=$rootpw state=present`
			`tags:`
			`- rootpw`

			`- name: add ansible root key`
			`action: authorized_key user=root key='$FILE(${files}/common/ansible-pub-key)'`
			`tags:`
			`- config`

add the infrastructure repo, properly 2013-05-17 19:22:26 +00:00
base tasks 2012-10-17 20:33:38 +00:00			`- name: default packages to install`
			`action: yum state=installed name=$item`
			`with_items:`
alphabetize the default pkgs add mailx 2013-05-21 22:07:41 +00:00			`- bind-utils`
base tasks 2012-10-17 20:33:38 +00:00			`- joe`
alphabetize the default pkgs add mailx 2013-05-21 22:07:41 +00:00			`- mailx`
base tasks 2012-10-17 20:33:38 +00:00			`- nc`
			`- openssh-clients`
			`- patch`
add postfix to base 2013-05-15 22:00:21 +00:00			`- postfix`
alphabetize the default pkgs add mailx 2013-05-21 22:07:41 +00:00			`- strace`
			`- telnet`
add tmpwatch to base.yml pkg installs 2013-05-21 20:33:54 +00:00			`- tmpwatch`
alphabetize the default pkgs add mailx 2013-05-21 22:07:41 +00:00			`- traceroute`
			`- vim-enhanced`
base tasks 2012-10-17 20:33:38 +00:00			`- xz`
			`- zsh`
			`tags:`
			`- packages`

add section for fedora specificness 2013-05-24 14:52:32 +00:00			`#### RHEL SPECIFIC - see the only_if`
add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`- name: default pkgs to remove on rhel`
base tasks 2012-10-17 20:33:38 +00:00			`action: yum state=removed name=$item`
			`with_items:`
			`- logwatch`
			`- firstboot-tui`
			`- bluez-utils`
			`- sendmail`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`only_if: '$is_rhel'`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
			`- packages`

add section for fedora specificness 2013-05-24 14:52:32 +00:00
			`### END RHEL SPECIFIC ####`

			`### FEDORA SPECIFIC BITS ####`

add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`- name: default pkgs to remove on fedora`
			`action: yum state=removed name=$item`
			`with_items:`
			`- firewalld`
			`- PackageKit*`
			`- sendmail`
kill the at 2013-05-24 15:15:20 +00:00			`- at`
add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`only_if: '$is_fedora'`
			`tags:`
			`- packages`

			`- name: pkgs to install on fedora`
add section for fedora specificness 2013-05-24 14:52:32 +00:00			`action: yum state=installed name=$item`
add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`with_items:`
			`- iptables-services`
			`only_if: '$is_fedora'`
			`tags:`
			`- packages`

add section for fedora specificness 2013-05-24 14:52:32 +00:00			`- name: disabled services on fedora`
base tasks 2012-10-17 20:33:38 +00:00			`action: service state=stopped enabled=false name=$item`
			`with_items:`
add section for fedora specificness 2013-05-24 14:52:32 +00:00			`- avahi-daemon`
			`only_if: '$is_fedora'`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`- service`
base tasks 2012-10-17 20:33:38 +00:00			`- config`

add section for fedora specificness 2013-05-24 14:52:32 +00:00			`#### END FEDORA SPECIFIC ####`


base tasks 2012-10-17 20:33:38 +00:00			`- name: iptables`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`action: template src=$item dest=/etc/sysconfig/iptables mode=600`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $iptables`
			`- $files/iptables/iptables.${ansible_fqdn}`
			`- $files/iptables/iptables.${host_group}`
			`- $files/iptables/iptables`
base tasks 2012-10-17 20:33:38 +00:00			`notify:`
			`- restart iptables`
			`tags:`
			`- iptables`
			`- config`

- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`# XXX fixme # a datacenter 'fact' from setup`
base tasks 2012-10-17 20:33:38 +00:00			`- name: /etc/resolv.conf`
how did this EVER work? 2013-05-29 22:15:50 +00:00			`action: copy src=$item dest=/etc/resolv.conf`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
how did this EVER work? 2013-05-29 22:15:50 +00:00			`- ${resolvconf}`
			`- $files/resolv.conf/${ansible_fqdn}`
			`- $files/resolv.conf/${host_group}`
			`- $files/resolv.conf/${datacenter}`
			`- $files/resolv.conf/resolv.conf`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
			`- config`
			`- resolvconf`

			`- name: rsyslog.conf`
how did this EVER work? 2013-05-29 22:15:50 +00:00			`action: copy src=$item dest=/etc/rsyslog.conf mode=644`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $rsyslogconf`
			`- $files/rsyslog/rsyslog.conf.${ansible_fqdn}`
			`- $files/rsyslog/rsyslog.conf.${host_group}`
			`- $files/rsyslog/rsyslog.conf.${datacenter}`
			`- $files/rsyslog/rsyslog.conf`

base tasks 2012-10-17 20:33:38 +00:00			`notify:`
			`- restart rsyslog`
			`tags:`
			`- rsyslogd`
			`- config`

			`- name: /etc/postfix/main.cf`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`action: copy src=$item dest=/etc/postfix/main.cf`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
base tasks 2012-10-17 20:33:38 +00:00			`- $postfix_maincf`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $files/postfix/main.cf.${ansible_fqdn}`
			`- $files/postfix/main.cf.${host_group}`
			`- $files/postfix/main.cf.${postfix_group}`
			`- $files/postfix/main.cf`
base tasks 2012-10-17 20:33:38 +00:00			`notify:`
postfix typo 2012-11-19 22:06:46 +00:00			`- restart postfix`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
			`- postfix`
			`- config`