-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.yml
174 lines (155 loc) · 3.83 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
---
- name: Upgrade all packages
dnf:
name: "*"
state: latest
when: upgrade_software | bool
tags:
- skip_ansible_lint
- name: Install additional software
dnf:
name: "{{ item }}"
state: present
with_items: "{{ install_software }}"
- name: Start cockpit
systemd:
name: cockpit
state: started
tags:
- molecule-notest
- name: Enable cockpit.socket
systemd:
name: cockpit.socket
enabled: yes
tags:
- molecule-notest
- name: Firewall rules for cockpit
firewalld:
zone: public
service: cockpit
permanent: true
state: enabled
immediate: yes
tags:
- molecule-notest
- name: Reload firewalld service
ansible.builtin.systemd:
name: firewalld.service
state: reloaded
tags:
- molecule-notest
- name: Enable and start libvirt
systemd:
name: libvirtd
state: started
enabled: yes
tags:
- molecule-notest
- name: Configure dnf-automatic
ansible.builtin.lineinfile:
path: "/etc/dnf/automatic.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- regexp: "^apply_updates.*"
line: "apply_updates = yes"
- regexp: "^upgrade_type.*"
line: "upgrade_type = security"
- name: Enable and start dnf-automatic.timer
systemd:
name: dnf-automatic.timer
state: started
enabled: yes
tags:
- molecule-notest
- name: Configure external repo
yum_repository:
name: hashicorp
description: hashicorp repo
file: hashicorp.repo
baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
gpgcheck: yes
gpgkey: https://rpm.releases.hashicorp.com/gpg
- name: Install terraform
dnf:
name: terraform
state: present
- name: Configure libvirt storage pool
shell:
cmd: |
virsh pool-define-as default dir - - - - "/var/lib/libvirt/images"
virsh pool-build default
virsh pool-start default
virsh pool-autostart default
virsh pool-list --all
virsh pool-info default
args:
executable: /bin/bash
failed_when: false
changed_when: false
- name: Configure libvirt bridge network
shell:
cmd: |
ip link add bridge0 type bridge
ip link set enp57s0u1 up
ip link set enp57s0u1 master bridge0
ip address add dev bridge0 10.0.2.74/22
args:
executable: /bin/bash
failed_when: false
changed_when: false
- name: Configure primary network
shell:
cmd: |
nmcli con mod eno1 ipv4.dns "8.8.8.8 8.8.4.4"
nmcli con mod eno1 ipv4.dns-search "anyops.site"
args:
executable: /bin/bash
failed_when: false
changed_when: false
- name: Create netfilter bridge
ansible.builtin.copy:
content: |
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
dest: /etc/sysctl.d/99-netfilter-bridge.conf
mode: "0644"
- name: Load netfilter bridge settings
command: sysctl -p /etc/sysctl.d/99-netfilter-bridge.conf
changed_when: false
tags: molecule-notest
- name: Run modprobe
command: "modprobe {{ item }}"
with_items:
- br_netfilter
- overlay
failed_when: false
changed_when: false
- name: Create modprobe configuration
ansible.builtin.copy:
content: |
br_netfilter
overlay
dest: /etc/modules-load.d/br_netfilter.conf
mode: "0644"
- name: Prepare bridged network configuration
ansible.builtin.copy:
content: |
<network>
<name>bridged-network</name>
<forward mode="bridge" />
<bridge name="bridge0" />
</network>
dest: /tmp/bridged-network.xml
mode: "0644"
- name: Apply bridged network configuration
shell:
cmd: |
virsh net-define /tmp/bridged-network.xml
virsh net-start bridged-network
virsh net-autostart bridged-network
args:
executable: /bin/bash
failed_when: false
changed_when: false