ansible/tasks/base.yml

---

- name: sshd_config 
  action: copy src=$item dest=/etc/ssh/sshd_config mode=600
  with_first_found:
    - $sshd_config
    - ${files}/ssh/sshd_config.${ansible_fqdn}
    - ${files}/ssh/sshd_config.${host_group}
    - ${files}/ssh/sshd_config.${dist_tag}
    - ${files}/ssh/sshd_config.${ansible_distribution}
  notify:
  - restart sshd
  tags:
  - sshd_config
  - config
  - sshd

- name: set root passwd
  action: user name=root password={{ rootpw }} state=present
  tags:
  - rootpw

- name: add ansible root key 
  action: authorized_key user=root key="{{ item }}"
  with_file:
  - ${files}/common/ansible-pub-key
  tags:
  - config

- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network
  lineinfile: dest=/etc/sysconfig/network backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=
  tags:
  - config
  
- name: global default packages to install
  action: yum state=installed name=$item
  with_items: $global_pkgs_inst
  tags:
  - packages

- name: dist pkgs to remove
  action: yum state=removed name=$item
  with_items: $base_pkgs_erase
  tags:
  - packages

- name: dist pkgs to install
  action: yum state=installed name=$item
  with_items: $base_pkgs_inst
  tags:
  - packages

- name: dist disabled services
  action: service state=stopped enabled=false name=$item
  with_items: $service_disabled
  tags:
  - service
  - config

- name: dist enabled services
  action: service state=running enabled=true name=$item
  with_items: $service_enabled
  tags:
  - service
  - config


- name: iptables
  action: template src=$item dest=/etc/sysconfig/iptables mode=600 backup=yes
  with_first_found:
    - $iptables
    - $files/iptables/iptables.${ansible_fqdn}
    - $files/iptables/iptables.${host_group}
    - $files/iptables/iptables.${env}
    - $files/iptables/iptables
  notify:
  - restart iptables
  tags:
  - iptables
  - config

# XXX fixme # a datacenter 'fact' from setup
- name: /etc/resolv.conf
  action: copy src=$item dest=/etc/resolv.conf
  with_first_found:
  - ${resolvconf}
  - $files/resolv.conf/${ansible_fqdn}
  - $files/resolv.conf/${host_group}
  - $files/resolv.conf/${datacenter}
  - $files/resolv.conf/resolv.conf
  tags:
  - config
  - resolvconf

- name: rsyslog.conf
  action: copy src=$item dest=/etc/rsyslog.conf mode=644
  with_first_found:
    - $rsyslogconf
    - $files/rsyslog/rsyslog.conf.${ansible_fqdn}
    - $files/rsyslog/rsyslog.conf.${host_group}
    - $files/rsyslog/rsyslog.conf.${datacenter}
    - $files/rsyslog/rsyslog.conf

  notify:
  - restart rsyslog
  tags:
  - rsyslogd
  - config

- name: /etc/postfix/main.cf
  action: copy src=$item dest=/etc/postfix/main.cf
  with_first_found:
    - $postfix_maincf
    - $files/postfix/main.cf.${ansible_fqdn}
    - $files/postfix/main.cf.${host_group}
    - $files/postfix/main.cf.${postfix_group}
    - $files/postfix/main.cf
  notify:
  - restart postfix
  tags:
  - postfix
  - config

#
# This task installs some common scripts to /usr/local/bin
# scripts are under $files/common-scripts
#

- name: Install common scripts
  action: copy src=$item dest=/usr/local/bin/ owner=root group=root mode=0755
  with_fileglob: $files/common-scripts/*
  tags:
  - config
base tasks 2012-10-17 20:33:38 +00:00			`---`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00
			`- name: sshd_config`
pretty sure this never worked :) 2013-05-20 21:58:11 +00:00			`action: copy src=$item dest=/etc/ssh/sshd_config mode=600`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`- $sshd_config`
add basic f19 sshd_config 2013-05-15 21:06:21 +00:00			`- ${files}/ssh/sshd_config.${ansible_fqdn}`
			`- ${files}/ssh/sshd_config.${host_group}`
			`- ${files}/ssh/sshd_config.${dist_tag}`
			`- ${files}/ssh/sshd_config.${ansible_distribution}`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`notify:`
			`- restart sshd`
			`tags:`
			`- sshd_config`
			`- config`
			`- sshd`

			`- name: set root passwd`
don't add the module invocation and check {{ }} syntax in the logger 2013-06-28 21:28:29 +00:00			`action: user name=root password={{ rootpw }} state=present`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`tags:`
			`- rootpw`

			`- name: add ansible root key`
ansible 1.2 breaks $FILE and $PIPE - so I went and fixed it everywhere :( 2013-06-17 13:54:17 +00:00			`action: authorized_key user=root key="{{ item }}"`
			`with_file:`
			`- ${files}/common/ansible-pub-key`
move some tasks around - need to find out if the sshd config will work at all for f19 :) 2013-05-15 20:57:44 +00:00			`tags:`
			`- config`

add resolv_mods=no to /etc/sysconfig/network so rebooting doesn't nuke our name servers 2013-06-17 19:27:08 +00:00			`- name: make sure our resolv.conf is the one being used - set RESOLV_MODS=no in /etc/sysconfig/network`
			`lineinfile: dest=/etc/sysconfig/network backup=yes state=present line='RESOLV_MODS=no' regexp=^RESOLV_MODS=`
			`tags:`
			`- config`
add the infrastructure repo, properly 2013-05-17 19:22:26 +00:00
make it more generic and remove the fedora/rhel specific tasks 2013-06-06 18:04:01 +00:00			`- name: global default packages to install`
base tasks 2012-10-17 20:33:38 +00:00			`action: yum state=installed name=$item`
make it more generic and remove the fedora/rhel specific tasks 2013-06-06 18:04:01 +00:00			`with_items: $global_pkgs_inst`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
			`- packages`

make it more generic and remove the fedora/rhel specific tasks 2013-06-06 18:04:01 +00:00			`- name: dist pkgs to remove`
add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`action: yum state=removed name=$item`
try out lists of base removals as vars instead of with_items 2013-06-06 17:53:54 +00:00			`with_items: $base_pkgs_erase`
add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`tags:`
			`- packages`

make it more generic and remove the fedora/rhel specific tasks 2013-06-06 18:04:01 +00:00			`- name: dist pkgs to install`
add section for fedora specificness 2013-05-24 14:52:32 +00:00			`action: yum state=installed name=$item`
try out lists of base removals as vars instead of with_items 2013-06-06 17:53:54 +00:00			`with_items: $base_pkgs_inst`
add iptables-services to fedora boxes b/c apparently the world hates me 2013-05-24 14:42:39 +00:00			`tags:`
			`- packages`

make it more generic and remove the fedora/rhel specific tasks 2013-06-06 18:04:01 +00:00			`- name: dist disabled services`
base tasks 2012-10-17 20:33:38 +00:00			`action: service state=stopped enabled=false name=$item`
try out lists of base removals as vars instead of with_items 2013-06-06 17:53:54 +00:00			`with_items: $service_disabled`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`- service`
base tasks 2012-10-17 20:33:38 +00:00			`- config`

make it more generic and remove the fedora/rhel specific tasks 2013-06-06 18:04:01 +00:00			`- name: dist enabled services`
			`action: service state=running enabled=true name=$item`
			`with_items: $service_enabled`
			`tags:`
			`- service`
			`- config`
add section for fedora specificness 2013-05-24 14:52:32 +00:00

base tasks 2012-10-17 20:33:38 +00:00			`- name: iptables`
make iptables backup the old versions 2013-07-03 18:58:53 +00:00			`action: template src=$item dest=/etc/sysconfig/iptables mode=600 backup=yes`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $iptables`
			`- $files/iptables/iptables.${ansible_fqdn}`
			`- $files/iptables/iptables.${host_group}`
modify iptables tasks to look for $env extension for staging systems 2013-07-03 18:44:47 +00:00			`- $files/iptables/iptables.${env}`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $files/iptables/iptables`
base tasks 2012-10-17 20:33:38 +00:00			`notify:`
			`- restart iptables`
			`tags:`
			`- iptables`
			`- config`

- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`# XXX fixme # a datacenter 'fact' from setup`
base tasks 2012-10-17 20:33:38 +00:00			`- name: /etc/resolv.conf`
how did this EVER work? 2013-05-29 22:15:50 +00:00			`action: copy src=$item dest=/etc/resolv.conf`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
how did this EVER work? 2013-05-29 22:15:50 +00:00			`- ${resolvconf}`
			`- $files/resolv.conf/${ansible_fqdn}`
			`- $files/resolv.conf/${host_group}`
			`- $files/resolv.conf/${datacenter}`
			`- $files/resolv.conf/resolv.conf`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
			`- config`
			`- resolvconf`

			`- name: rsyslog.conf`
how did this EVER work? 2013-05-29 22:15:50 +00:00			`action: copy src=$item dest=/etc/rsyslog.conf mode=644`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $rsyslogconf`
			`- $files/rsyslog/rsyslog.conf.${ansible_fqdn}`
			`- $files/rsyslog/rsyslog.conf.${host_group}`
			`- $files/rsyslog/rsyslog.conf.${datacenter}`
			`- $files/rsyslog/rsyslog.conf`

base tasks 2012-10-17 20:33:38 +00:00			`notify:`
			`- restart rsyslog`
			`tags:`
			`- rsyslogd`
			`- config`

			`- name: /etc/postfix/main.cf`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`action: copy src=$item dest=/etc/postfix/main.cf`
convert first_available_files to with_first_found 2013-05-20 20:25:00 +00:00			`with_first_found:`
base tasks 2012-10-17 20:33:38 +00:00			`- $postfix_maincf`
- add core config files for kojibuilders - base tasks to make them use first_available for sensible defaults 2012-10-18 15:57:06 +00:00			`- $files/postfix/main.cf.${ansible_fqdn}`
			`- $files/postfix/main.cf.${host_group}`
			`- $files/postfix/main.cf.${postfix_group}`
			`- $files/postfix/main.cf`
base tasks 2012-10-17 20:33:38 +00:00			`notify:`
postfix typo 2012-11-19 22:06:46 +00:00			`- restart postfix`
base tasks 2012-10-17 20:33:38 +00:00			`tags:`
			`- postfix`
			`- config`

move common_scripts to base - and replace it in mirrorlist 2013-05-31 15:24:28 +00:00			`#`
			`# This task installs some common scripts to /usr/local/bin`
			`# scripts are under $files/common-scripts`
			`#`

			`- name: Install common scripts`
			`action: copy src=$item dest=/usr/local/bin/ owner=root group=root mode=0755`
			`with_fileglob: $files/common-scripts/*`
			`tags:`
			`- config`