Ansible-Linux_Base/roles/base/tasks/core.yml

92 lines
2 KiB
YAML
Raw Normal View History

2021-09-01 17:31:49 -06:00
---
# file: roles/base/tasks/core.yml
- name: "*** Hostname Configuration ***"
include_tasks:
file: core_hostname.yml
apply:
tags: hostname
tags:
- hostname
2022-08-22 13:15:23 -06:00
# Gather facts now because the hostname may have changed
2021-09-01 17:31:49 -06:00
- name: Gather facts
setup:
when: hostname_change.changed
- name: Gather service facts
service_facts:
tags:
- always
2022-08-22 13:14:54 -06:00
- name: Attach RHEL subscription
redhat_subscription:
state: present
activationkey: "{{ base_redhat_subscription_activationkey }}"
org_id: "{{ base_redhat_subscription_org_id }}"
pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
2022-08-22 13:14:54 -06:00
when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")
2021-09-01 17:31:49 -06:00
- name: "*** MOTD Configuration ***"
include_tasks:
file: core_motd.yml
apply:
tags: motd
2022-08-23 08:25:04 -06:00
when: base_core_motd_configure == true
2021-09-01 17:31:49 -06:00
tags:
- motd
- name: "*** SSH Configuration ***"
include_tasks:
file: core_ssh.yml
apply:
tags: ssh
tags:
- ssh
- name: "*** SUDO Configuration ***"
include_tasks:
file: core_sudo.yml
apply:
tags: sudo
tags:
- sudo
2021-09-01 17:31:49 -06:00
- name: "*** Generate Self-Signed Cert ***"
include_tasks:
file: core_cert.yml
apply:
tags: cert
when: base_core_cert_common_name != ''
tags:
- cert
- name: "*** Root CA Install ***"
include_tasks:
file: core_root_ca.yml
apply:
tags: root_ca
tags:
- root_ca
- name: "*** Web Management Configuration ***"
include_tasks:
file: core_web_management.yml
apply:
tags: web_management
when: base_core_web_management == true
tags:
- web_management
2022-08-22 13:15:23 -06:00
- name: Disable password for management account
user:
name: "{{ base_core_management_user }}"
password_lock: yes
when: base_core_management_user_disable_password == true
- name: Disable password for secondary management account
user:
name: "{{ base_core_secondary_user }}"
password_lock: yes
when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true