91 lines
2 KiB
YAML
91 lines
2 KiB
YAML
---
|
|
# file: roles/base/tasks/core.yml
|
|
|
|
- name: "*** Hostname Configuration ***"
|
|
include_tasks:
|
|
file: core_hostname.yml
|
|
apply:
|
|
tags: hostname
|
|
tags:
|
|
- hostname
|
|
|
|
# Gather facts now because the hostname may have changed
|
|
- name: Gather facts
|
|
setup:
|
|
when: hostname_change.changed
|
|
|
|
- name: Gather service facts
|
|
service_facts:
|
|
tags:
|
|
- always
|
|
|
|
- name: Attach RHEL subscription
|
|
redhat_subscription:
|
|
state: present
|
|
activationkey: "{{ base_redhat_subscription_activationkey }}"
|
|
org_id: "{{ base_redhat_subscription_org_id }}"
|
|
pool: '^(Red Hat Enterprise Server|Red Hat Virtualization)$'
|
|
when: ansible_distribution == 'RedHat' and (base_redhat_subscription_org_id != "" and base_redhat_subscription_activationkey != "")
|
|
|
|
- name: "*** MOTD Configuration ***"
|
|
include_tasks:
|
|
file: core_motd.yml
|
|
apply:
|
|
tags: motd
|
|
when: base_core_motd_configure == true
|
|
tags:
|
|
- motd
|
|
|
|
- name: "*** SSH Configuration ***"
|
|
include_tasks:
|
|
file: core_ssh.yml
|
|
apply:
|
|
tags: ssh
|
|
tags:
|
|
- ssh
|
|
|
|
- name: "*** SUDO Configuration ***"
|
|
include_tasks:
|
|
file: core_sudo.yml
|
|
apply:
|
|
tags: sudo
|
|
tags:
|
|
- sudo
|
|
|
|
- name: "*** Generate Self-Signed Cert ***"
|
|
include_tasks:
|
|
file: core_cert.yml
|
|
apply:
|
|
tags: cert
|
|
when: base_core_cert_common_name != ''
|
|
tags:
|
|
- cert
|
|
|
|
- name: "*** Root CA Install ***"
|
|
include_tasks:
|
|
file: core_root_ca.yml
|
|
apply:
|
|
tags: root_ca
|
|
tags:
|
|
- root_ca
|
|
|
|
- name: "*** Web Management Configuration ***"
|
|
include_tasks:
|
|
file: core_web_management.yml
|
|
apply:
|
|
tags: web_management
|
|
when: base_core_web_management == true
|
|
tags:
|
|
- web_management
|
|
|
|
- name: Disable password for management account
|
|
user:
|
|
name: "{{ base_core_management_user }}"
|
|
password_lock: yes
|
|
when: base_core_management_user_disable_password == true
|
|
|
|
- name: Disable password for secondary management account
|
|
user:
|
|
name: "{{ base_core_secondary_user }}"
|
|
password_lock: yes
|
|
when: base_core_secondary_user != "" and base_core_secondary_user_disable_password == true
|