115 lines
3.3 KiB
YAML
115 lines
3.3 KiB
YAML
|
---
|
||
|
- name: Set hostname
|
||
|
become: true
|
||
|
hostname:
|
||
|
name: "{{ default_host if default_host is defined else inventory_hostname }}"
|
||
|
|
||
|
- name: Install CentOS-specific repositories
|
||
|
become: true
|
||
|
when: ansible_distribution == "CentOS"
|
||
|
block:
|
||
|
- name: Enable Extra Packages for Enterprise Linux
|
||
|
yum_repository:
|
||
|
name: epel
|
||
|
description: Extra Packages for Enterprise Linux
|
||
|
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
|
||
|
- name: Install Extra Packages for Enterprise Linux GPG key
|
||
|
rpm_key:
|
||
|
state: present
|
||
|
key: https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
|
||
|
- name: Enable Inline with Upstream Stable
|
||
|
yum:
|
||
|
state: latest
|
||
|
name: https://centos7.iuscommunity.org/ius-release.rpm
|
||
|
|
||
|
- name: Install selinux and firewalld python bindings
|
||
|
become: true
|
||
|
block:
|
||
|
- name: Install python bindings using DNF
|
||
|
when: ansible_distribution == "Fedora"
|
||
|
dnf:
|
||
|
name: "{{ item }}"
|
||
|
state: latest
|
||
|
with_items:
|
||
|
- libselinux-python
|
||
|
- policycoreutils-python
|
||
|
- python-firewall
|
||
|
- name: Install python bindings using YUM
|
||
|
when: ansible_distribution == "CentOS"
|
||
|
yum:
|
||
|
state: latest
|
||
|
name:
|
||
|
- libselinux-python
|
||
|
- policycoreutils-python
|
||
|
- python-firewall
|
||
|
|
||
|
- name: Install networkd on CentOS
|
||
|
when: ansible_distribution == "CentOS"
|
||
|
become: true
|
||
|
yum:
|
||
|
state: latest
|
||
|
name: "{{ item }}"
|
||
|
with_items:
|
||
|
- systemd-resolved
|
||
|
- systemd-networkd
|
||
|
|
||
|
# The directory is deleted ahead of creation to ensure that no old configs
|
||
|
# remain after runnign ansible
|
||
|
- name: Delete networkd config directory
|
||
|
file:
|
||
|
path: /etc/systemd/network
|
||
|
state: absent
|
||
|
|
||
|
- name: Create the networkd config directory
|
||
|
file:
|
||
|
path: /etc/systemd/network
|
||
|
state: directory
|
||
|
|
||
|
- name: Make .network files
|
||
|
template:
|
||
|
src: dot.network.j2
|
||
|
dest: "/etc/systemd/network/{{ item.key }}.network"
|
||
|
with_dict: "{{ networking }}"
|
||
|
|
||
|
- name: Register static entries
|
||
|
delegate_to: {{ router.address }}
|
||
|
edgeos_config:
|
||
|
save: true
|
||
|
lines:
|
||
|
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} mac-address {{ item.mac }}
|
||
|
- set service dhcp-server shared-network-name {{ router.static.server }} subnet {{ router.static.subnet }} static-mapping {{ item.alias | default(inventory_hostname) }} ip-address {{ item.address }}
|
||
|
|
||
|
- name: Disable network scripts and NetworkManager
|
||
|
service:
|
||
|
name: "{{ item }}"
|
||
|
enabled: false
|
||
|
with_items:
|
||
|
- network
|
||
|
- NetworkManager
|
||
|
- NetworkManager-wait-online
|
||
|
|
||
|
- name: Enable systemd-networkd and systemd-resolved
|
||
|
service:
|
||
|
name: "{{ item }}"
|
||
|
enabled: true
|
||
|
state: started
|
||
|
with_items:
|
||
|
- systemd-networkd
|
||
|
- systemd-networkd-wait-online
|
||
|
- systemd-resolved
|
||
|
|
||
|
- name: Symlink so systemd-resolved uses /etc/resolv.conf
|
||
|
file:
|
||
|
dest: /etc/resolv.conf
|
||
|
src: /run/systemd/resolve/resolv.conf
|
||
|
state: link
|
||
|
force: true
|
||
|
setype: net_conf_t
|
||
|
|
||
|
- name: Symlink so /etc/resolv.conf uses systemd
|
||
|
file:
|
||
|
dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
|
||
|
src: /usr/lib/systemd/system/systemd-resolved.service
|
||
|
state: link
|
||
|
force: true
|