From 0c058e1a879b60e36d5174274d8281b839d80a88 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 28 Oct 2023 19:57:20 +0200 Subject: [PATCH] update.. --- group_vars/all/main.yml | 321 +++++++++++++++++++++- host_vars/d.mx.oopen.de.yml | 70 +++++ host_vars/lists.mx.warenform.de.yml | 70 +++++ host_vars/server24.warenform.de.yml | 71 +++++ host_vars/web-test.oopen.de.yml | 179 ++++++++++++ roles/common/tasks/caching-nameserver.yml | 1 + roles/common/tasks/main.yml | 4 +- roles/common/tasks/redis-server.yml | 4 +- roles/common/tasks/yum.yml | 102 ++++++- 9 files changed, 803 insertions(+), 19 deletions(-) create mode 100644 host_vars/web-test.oopen.de.yml diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 7ea4b07..53c046e 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -999,7 +999,7 @@ apt_compiler_pkgs: - libnss3-dev #- python-dev -yum_compiler_pkgs: +yum_compiler_pkgs_centos: - gcc-c++ - cpp - make @@ -1021,9 +1021,30 @@ yum_compiler_pkgs: - systemd-devel - nss-devel +yum_compiler_pkgs_fedora: + - gcc-c++ + - cpp + - make + - cmake + - automake + - autoconf + - libtool + - flex + - bison + - gettext + - pkgconfig + - openssl-devel + - readline-devel + - readline-static + - ncurses + - ncurses-devel + - ncurses-static + - systemd-devel + - nss-devel + install_webserver_pkgs: false -yum_webserver_pkgs: +yum_webserver_pkgs_centos: - libdb-devel - zlib - zlib-devel @@ -1194,6 +1215,165 @@ yum_webserver_pkgs: #- libc-client-dev #- ffmpeg +yum_webserver_pkgs_fedora: + - libdb-devel + - zlib + - zlib-devel + - zlib-static + - openssl-devel + - neon + - neon-devel + - libxml2 + - libxml2-devel + - libxml2-static + - curl + - libcurl + - libcurl-devel + - gdbm + - gdbm-devel + - aspell + - aspell-devel + - libjpeg-turbo + - libjpeg-turbo-devel + - libjpeg-turbo-static + - libXpm + - libXpm-devel + - freetype + - freetype-devel + - libwmf + - libwmf-devel + - libtiff + - libtiff-devel + - libtiff-static + - libpaper-devel + - libpaper-devel + - file-libs + - file-devel + - file-static + - GraphicsMagick + - GraphicsMagick-perl + - GraphicsMagick-devel + - GraphicsMagick-doc + - GraphicsMagick-c++ + - GraphicsMagick-c++-devel + - graphviz + - graphviz-devel + - libgsf + - libgsf-devel + - ilmbase + - ilmbase-devel + - libvpx + - libvpx-devel + - libvpx-utils + - gpm + - gpm-devel + - gpm-static + - texlive-kpathsea + - texlive-kpathsea-bin + - texlive-kpathsea-lib + - texlive-kpathsea-lib-devel + - OpenEXR + - OpenEXR-libs + - OpenEXR-devel + - librsvg2 + - librsvg2-devel + - librsvg2-tools + - djvulibre + - djvulibre-libs + - djvulibre-devel + - expat + - expat-devel + - expat-static + - ImageMagick + - ImageMagick-devel + - libexif + - libexif-devel + - exiv2 + - exiv2-libs + - exiv2-devel + - re2c + - netpbm + - netpbm-devel + - netpbm-progs + - mcrypt + - libmcrypt + - libmcrypt-devel + - mariadb-devel + - postgresql-libs + - postgresql-private-devel + - postgresql-static + - libdbi + - libdbi-devel + - libdbi-dbd-mysql + - libdbi-dbd-pgsql + - libdbi-dbd-sqlite + - libdbi-devel + - libdbi-drivers + - readline + - readline-devel + - ncurses + - ncurses-devel + - ncurses-static + - libdb + - libdb-devel + - libdb-cxx + - libdb-cxx-devel + - libxslt + - libxslt-devel + - pcre + - pcre-devel + - pcre-static + - libicu + - libicu-devel + - libtidy + - libtidy-devel + - ModemManager + - ModemManager-glib + - gmp + - gmp-devel + - gmp-static + - krb5-libs + - krb5-devel + - openldap + - openldap-devel + - mhash + - mhash-devel.x86_64 + - gd + - gd-devel + - lua + - lua-static + - lua-devel + - apr + - apr-devel.i686 + - apr-util + - apr-util-devel + - apr-util-ldap + - apr-util-mysql + - apr-util-odbc + - apr-util-openssl + - apr-util-pgsql + - apr-util-sqlite + - lksctp-tools + - lksctp-tools-devel + - openssl + - openssl-libs + - openssl-devel + - cryptopp + - cryptopp-devel + - GeoIP + - GeoIP-devel + - libaio + - libaio-devel + - tk + - tk-devel + - tcl + - tcl-devel + - tcl-tclreadline + - tcl-tclreadline-devel + - expect + - expect-devel + - perl-Expect + - poppler-utils apt_webserver_pkgs: @@ -1284,7 +1464,7 @@ install_postgresql_pkgs: false apt_postgresql_pkgs: - postgresql -yum_postgresql_pkgs: +yum_postgresql_pkgs_centos: - postgresql - postgresql-server - postgresql-libs @@ -1295,6 +1475,17 @@ yum_postgresql_pkgs: - perl-DateTime-Format-Pg - check_postgres +yum_postgresql_pkgs_fedora: + - postgresql + - postgresql-server + - postgresql-libs + - postgresql-private-devel + - postgresql-static + - postgresql-plperl + - perl-DBD-Pg + - perl-DateTime-Format-Pg + - check_postgres + install_bind_packages: false apt_bind_pkgs: - bind9 @@ -1313,7 +1504,7 @@ apt_lxc_host_pkgs: - debootstrap - ntp -yum_lxc_host_pkgs: +yum_lxc_host_pkgs_centos: - bridge-utils - lxc - lxc-templates @@ -1321,6 +1512,14 @@ yum_lxc_host_pkgs: - debootstrap - ntp +yum_lxc_host_pkgs_fedora: + - bridge-utils + - lxc + - lxc-templates + - python3-lxc + - debootstrap + - ntpsec + install_kvm_host_pkgs: false apt_kvm_host_pkgs: @@ -1491,6 +1690,120 @@ yum_initial_install_centos_7: - lua - btrfs-progs +yum_base_install_fedora_38: + - redhat-lsb-core + - ca-certificates + - git + - iproute + - mc + - net-tools + - bind-utils + - openssl + - python2 + - python3 + - sudo + - vim + - yum-utils + +yum_initial_install_fedora_38: + - cryptsetup + - dbus + - openssh-server + - bash + - bash-completion + - vim + - vim-common + - mc + - screen + - tmux + - cronie + - bc + - figlet + - sudo + - rsync + - dselect + - iputils + - zip + - unzip + - bzip2 + - arj + - mlocate + - curl + - gawk + - mawk + - lynx + - links + - w3m + - ctags + - file + - coreutils + - moreutils + - less + - sipcalc + - psmisc + - whois + - gettext + - gettext-devel + - debian-keyring + - patch + - patchutils + - recode + - recode-devel + - sharutils + - perl + - perl-devel + - readline + - readline-devel + - libtermkey + - libtermkey-devel + - perl-Time-Duration-Parse + - perl-DateTime + - perl-libwww-perl + - pcre + - pcre2 + - perl-IO-Compress + - re2c + - util-linux + - parted + - lshw + - gdisk + - smartmontools + - tcpdump + - telnet + - unhide + - lsof + - hdparm + - groff + - bridge-utils + - ethtool + - nwipe + - iperf + - mtr + - iptraf + - wget + - logrotate + - rsyslog + - haveged + - rdate + - man + - groff + - iptables + - ShellCheck + - ftp + - htop + - net-tools + - attr + - acl + - quota + - quotatool + - needrestart + - socat + - zsh + - lua + - btrfs-progs + + + #- ntpdate # --- diff --git a/host_vars/d.mx.oopen.de.yml b/host_vars/d.mx.oopen.de.yml index c314402..63755d9 100644 --- a/host_vars/d.mx.oopen.de.yml +++ b/host_vars/d.mx.oopen.de.yml @@ -29,6 +29,76 @@ install_compiler_pkgs: true install_postgresql_pkgs: true +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 127.0.0.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: true + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/lists.mx.warenform.de.yml b/host_vars/lists.mx.warenform.de.yml index 06c2e4e..e47caa3 100644 --- a/host_vars/lists.mx.warenform.de.yml +++ b/host_vars/lists.mx.warenform.de.yml @@ -29,6 +29,76 @@ install_compiler_pkgs: true install_postgresql_pkgs: true +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 127.0.0.1 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - warenform.de + +resolved_dnssec: true + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + # --- # vars used by roles/common/tasks/users.yml # --- diff --git a/host_vars/server24.warenform.de.yml b/host_vars/server24.warenform.de.yml index 4c4a10d..f287a43 100644 --- a/host_vars/server24.warenform.de.yml +++ b/host_vars/server24.warenform.de.yml @@ -142,6 +142,77 @@ apt_extra_pkgs: - subversion-tools +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 212.42.230.1 + - 83.223.66.51 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: true + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + # --- # vars used by roles/common/tasks/cron.yml # --- diff --git a/host_vars/web-test.oopen.de.yml b/host_vars/web-test.oopen.de.yml new file mode 100644 index 0000000..d5611fa --- /dev/null +++ b/host_vars/web-test.oopen.de.yml @@ -0,0 +1,179 @@ +--- + +# --- +# vars used by roles/ansible_dependencies +# --- + + +# --- +# vars used by roles/ansible_user +# --- + + +# --- +# vars used by roles/common/tasks/basic.yml +# --- + + +# --- +# vars used by roles/common/tasks/sshd.yml +# --- + + +# --- +# vars used by roles/common/tasks/apt.yml +# --- + +# --- +# vars used by roles/common/tasks/systemd-resolved.yml +# --- + +systemd_resolved: true + +# CyberGhost - Schnelle Verbindung mit Keine-Logs-Datenschutzrichtlinie +# Primäre DNS-Adresse: 38.132.106.139 +# Sekundäre DNS-Adresse: 194.187.251.67 +# +# Cloudflare (USA) Bester kostenloser DNS-Server für Gaming mit zuverlässigen Verbindungen +# primäre DNS-Adresse +# IPv4: 1.1.1.1 +# IPv6: 2606:4700:4700::1111 +# sekundäre DNS-Adresse +# IPv4: 1.0.0.1 +# IPv6: 2606:4700:4700::1001 +# +# Google (USA) Public DNS - Großartige Kombination aus Geschwindigkeit und Sicherheit +# primäre DNS-Adresse +# IPv4: 8.8.8.8 +# IPv6: 2001:4860:4860::8888 +# sekundäre DNS-Adresse +# IPv4: 8.8.4.4 +# IPv6: 2001:4860:4860::8844 +# +# Quad9 (CH) - Blockiert mühelos schädliche Seiten und verhindert Phishing-Betrug +# primäre DNS-Adresse +# IPv4: 9.9.9.9 +# IPv6: 2620:fe::fe +# sekundäre DNS-Adresse +# IPv4: 149.112.112.112 +# IPv6: 2620:fe::9 +# +# OpenNIC - https://www.opennic.org/ +# IPv4: 195.10.195.195 - ns31.de +# IPv4: 94.16.114.254 - ns28.de +# IPv4: 51.254.162.59 - ns9.de +# IPv4: 194.36.144.87 - ns29.de +# IPv6: 2a00:f826:8:2::195 - ns31.de +# +# Freifunk München (normales DNS, DNS-over-TLS und DNS-over-HTTPS) +# IPv4: 5.1.66.255 +# IPv6: 2001:678:e68:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# IPv4: 185.150.99.255 +# IPv6: 2001:678:ed0:f000:: +# Servername für DNS-over-TLS: dot.ffmuc.net +# für iOS 14+: DoT-Server-Konfiguration (unsigniert, vom PrHdb) +resolved_nameserver: + - 213.133.100.100 + - 2a01:4f8:0:1::add:9898 + - 213.133.99.99 + +# search domains +# +# If there are more than one search domains, then specify them here in the order in which +# the resolver should also search them +# +#resolved_domains: [] +resolved_domains: + - ~. + - oopen.de + +resolved_dnssec: true + +# dns.as250.net: 194.150.168.168 +# +resolved_fallback_nameserver: + - 194.150.168.168 + + +# --- +# vars used by roles/common/tasks/users.yml +# --- + +default_user: + + - name: chris + password: $6$bSHlaLHC$URSMVq090e/cJ1v55Jh9ws0w5WekhO7X3Y0RqryAl5R76K9khWBegC76Smjastja.xMiD57/LzUUXW7y9NvAL. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: sysadm + + user_id: 1050 + group_id: 1050 + group: sysadm + password: $6$EEVWxA5E$bNxU8EOp/tTcYVghFharUM10k3vRt2siEnIiiznfGmhMSM6zJTP0umdxql9VVEj856oKa.Sp.q3N2nthgNMeN1 + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + + - name: back + user_id: 1060 + group_id: 1060 + group: back + password: $6$GntX81EP$O1GEmQF.BbOQfTMMw/m/BDKSXmANVpqmz0nyzw4O4R2/iK9huGOAjT/2eq8FVdMghvNOvdwrWtwohO.Mg4V9n. + shell: /bin/bash + ssh_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO90culn3sicU2chTHn40ytcTay0nUIHap0uF/5fVM6P chris@sol' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQHMUKlDh2ufno5pZOhUY5xFljC1R5zQ/GjOHDkS58D root@sol' + +sudo_users: + - chris + - sysadm + + +# --- +# vars used by roles/common/tasks/users-systemfiles.yml +# --- + + +# --- +# vars used by roles/common/tasks/webadmin-user.yml +# --- + + +# --- +# vars used by roles/common/tasks/sudoers.yml +# --- +# +# see: roles/common/tasks/vars + + +# --- +# vars used by roles/common/tasks/caching-nameserver.yml +# --- + + +# --- +# vars used by roles/common/tasks/git.yml +# --- + +git_firewall_repository: + name: ipt-server + repo: https://git.oopen.de/firewall/ipt-server + dest: /usr/local/src/ipt-server + +# ============================== + + +# --- +# vars used by scripts/reset_root_passwd.yml +# --- + +root_user: + name: root + password: $6$J1ssJfdshf/$mknQEPDcW4HN5.wFfawbamamywI7F7fhdZmaR1abNrc4DA7DNRx766lz3ygf9YV3gcmRq3QhJ3fBVlkwGMCvq. + diff --git a/roles/common/tasks/caching-nameserver.yml b/roles/common/tasks/caching-nameserver.yml index 82da4ba..a8f59e7 100644 --- a/roles/common/tasks/caching-nameserver.yml +++ b/roles/common/tasks/caching-nameserver.yml @@ -154,4 +154,5 @@ - apt-caching-nameserver when: - ansible_distribution == "Debian" + - not systemd_resolved diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 82586a5..e2df7c9 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -37,7 +37,7 @@ - import_tasks: yum.yml when: - ansible_os_family == "RedHat" - - ansible_distribution == "CentOS" + - ansible_distribution == "CentOS" or ansible_distribution == "Fedora" tags: yum @@ -232,7 +232,7 @@ inventory_hostname in groups['nginx_webserver'] tags: - redis-server - + # tags supportetd inside caching-nameserver.yml # diff --git a/roles/common/tasks/redis-server.yml b/roles/common/tasks/redis-server.yml index fb6fcda..5f32bba 100644 --- a/roles/common/tasks/redis-server.yml +++ b/roles/common/tasks/redis-server.yml @@ -51,14 +51,14 @@ tags: - redis-server -- name: (redis-server.yml) Install redis packages (centos system) +- name: (redis-server.yml) Install redis packages (centos / fedora system) yum: name: redis state: latest update_cache: yes when: - ansible_os_family == "RedHat" - - ansible_distribution == "CentOS" + - ansible_distribution == "CentOS" or ansible_distribution == "Fedora" tags: - redis-server diff --git a/roles/common/tasks/yum.yml b/roles/common/tasks/yum.yml index d6aea89..f233eac 100644 --- a/roles/common/tasks/yum.yml +++ b/roles/common/tasks/yum.yml @@ -1,6 +1,6 @@ --- -- name: (yum.yml) Install system updates for centos systems +- name: (yum.yml) Install system updates for redhat (centos/fedora) systems yum: name: '*' state: latest @@ -8,7 +8,7 @@ #cache_valid_time: 3600 when: - ansible_os_family == "RedHat" - - ansible_distribution == "CentOS" + - ansible_distribution == "CentOS" or ansible_distribution == "Fedora" tags: - yum-update @@ -17,6 +17,9 @@ yum: name: epel-release state: latest + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "CentOS" # Its more eficient to in @@ -43,39 +46,116 @@ - yum-initial-install -- name: (yum.yml) Install lxc_host related packages +# Its more eficient to in +- name: (yum.yml) Base install Fedira packages (Fedora 38) yum: - name: "{{ yum_lxc_host_pkgs }}" + name: "{{ yum_base_install_fedora_38 }}" state: "{{ yum_install_state }}" when: + - ansible_os_family == "RedHat" + - ansible_distribution == "Fedora" + - ansible_distribution_major_version == "38" + tags: + - yum-base-install + +- name: (yum.yml) Initial install Fedora packages (Fedora 38) + yum: + name: "{{ yum_initial_install_fedora_38 }}" + state: "{{ yum_install_state }}" + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "Fedora" + - ansible_distribution_major_version == "38" + tags: + - yum-initial-install + + +- name: (yum.yml) Install lxc_host related packages CentOS systems + yum: + name: "{{ yum_lxc_host_pkgs_centos }}" + state: "{{ yum_install_state }}" + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "CentOS" + - groups['lxc_host']|string is search(inventory_hostname) + tags: + - yum-lxc-hosts-pkgs + +- name: (yum.yml) Install lxc_host related packages Fedora systems + yum: + name: "{{ yum_lxc_host_pkgs_fedora }}" + state: "{{ yum_install_state }}" + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "Fedora" - groups['lxc_host']|string is search(inventory_hostname) tags: - yum-lxc-hosts-pkgs -- name: (yum.yml) Install postgresql server related packages +- name: (yum.yml) Install postgresql server related packages CentOS systems yum: - name: "{{ yum_postgresql_pkgs }}" + name: "{{ yum_postgresql_pkgs_centos }}" state: "{{ yum_install_state }}" when: + - ansible_os_family == "RedHat" + - ansible_distribution == "CentOS" + - install_postgresql_pkgs|bool + tags: + - apt-postgresql-server-pkgs + +- name: (yum.yml) Install postgresql server related packages Fedora systems + yum: + name: "{{ yum_postgresql_pkgs_fedora }}" + state: "{{ yum_install_state }}" + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "Fedora" - install_postgresql_pkgs|bool tags: - apt-postgresql-server-pkgs -- name: (yum.yml) Install compile related packages +- name: (yum.yml) Install compile related packages CentOS systems yum: - name: "{{ yum_compiler_pkgs }}" + name: "{{ yum_compiler_pkgs_centos }}" state: "{{ yum_install_state }}" when: + - ansible_os_family == "RedHat" + - ansible_distribution == "CentOS" - install_compiler_pkgs|bool tags: - yum-compiler-pkgs -- name: (yum.yml) Install webserver related packages +- name: (yum.yml) Install compile related packages Fedora systems yum: - name: "{{ yum_webserver_pkgs }}" + name: "{{ yum_compiler_pkgs_fedora }}" state: "{{ yum_install_state }}" - when: install_webserver_pkgs|bool + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "Fedora" + - install_compiler_pkgs|bool + tags: + - yum-compiler-pkgs + +- name: (yum.yml) Install webserver related packages CentOS systems + yum: + name: "{{ yum_webserver_pkgs_centos }}" + state: "{{ yum_install_state }}" + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "CentOS" + - install_webserver_pkgs|bool + tags: + - yum-webserver-pkgs + +- name: (yum.yml) Install webserver related packages Fedora systems + yum: + name: "{{ yum_webserver_pkgs_fedora }}" + state: "{{ yum_install_state }}" + when: + - ansible_os_family == "RedHat" + - ansible_distribution == "Fedora" + - install_webserver_pkgs|bool tags: - yum-webserver-pkgs