Fixed some lint suggestions

This commit is contained in:
Francesco Antognazza 2023-02-06 10:11:03 +01:00
parent 29ead64f6a
commit 3e7f5b44b3
6 changed files with 41 additions and 28 deletions

View File

@ -1,8 +1,9 @@
- hosts: chef.heaplab.deib.polimi.it - hosts: chef.heaplab.deib.polimi.it
name: Base configuration of OS
pre_tasks: pre_tasks:
- name: Update system - name: Update system
become: true become: true
package: ansible.builtin.package:
name: "*" name: "*"
state: latest # noqa package-latest state: latest # noqa package-latest
- name: Set hostname - name: Set hostname
@ -10,10 +11,10 @@
ansible.builtin.hostname: ansible.builtin.hostname:
name: chef name: chef
use: systemd use: systemd
#- name: Reboot # - name: Reboot
# become: true # become: true
# reboot: # ansible.builtin.reboot:
roles: roles:
- auto-updates - auto-updates
- base-os - base-os

View File

@ -9,7 +9,7 @@
- name: Permit traffic from any IP to http port - name: Permit traffic from any IP to http port
become: true become: true
ansible.builtin.ufw: community.general.ufw:
direction: in direction: in
from_ip: any from_ip: any
proto: tcp proto: tcp
@ -18,7 +18,7 @@
- name: Permit traffic from any IP to https port - name: Permit traffic from any IP to https port
become: true become: true
ansible.builtin.ufw: community.general.ufw:
direction: in direction: in
from_ip: any from_ip: any
proto: tcp proto: tcp

View File

@ -1,6 +1,6 @@
- name: Install base packages - name: Install base packages
become: true become: true
package: ansible.builtin.package:
name: name:
- htop - htop
- tmux - tmux
@ -9,4 +9,3 @@
- python3 - python3
- acl - acl
state: present state: present

View File

@ -1,6 +1,6 @@
- name: Install base packages - name: Install base packages
become: true become: true
package: ansible.builtin.package:
name: name:
- cockpit - cockpit
- cockpit-bridge - cockpit-bridge
@ -16,10 +16,10 @@
become: true become: true
ansible.builtin.systemd: ansible.builtin.systemd:
name: cockpit.socket name: cockpit.socket
enabled: yes enabled: true
state: started state: started
- name: Copy cockpit configuration - name: Copy cockpit configuration
become: true become: true
ansible.builtin.template: ansible.builtin.template:
src: cockpit.conf.j2 src: cockpit.conf.j2
@ -28,6 +28,6 @@
group: root group: root
mode: 0644 mode: 0644
#- name: Reboot # - name: Reboot
# become: true # become: true
# reboot: # ansible.builtin.reboot:

View File

@ -1,9 +1,10 @@
- name: Check if cgroup v2 is available - name: Check if cgroup v2 is available
ansible.builtin.command: grep cgroup2 /proc/filesystems ansible.builtin.command: grep cgroup2 /proc/filesystems
register: cgroup2_present register: cgroup2_present
changed_when: cgroup2_present.rc != 0
- name: Enable cgroup v2 - name: Enable cgroup v2
ansible.builtin.command: 'grubby --update-kernel=ALL --add-args="systemd.unified_cgroup_hierarchy=1"' ansible.builtin.command: 'grubby --update-kernel=ALL --add-args="systemd.unified_cgroup_hierarchy=1"'
become: true become: true
when: when:
- cgroup2_present.rc != 0 - cgroup2_present.rc != 0

View File

@ -1,6 +1,6 @@
- name: Install base packages - name: Install base packages
become: true become: true
package: ansible.builtin.package:
name: name:
- podman - podman
- podman-docker - podman-docker
@ -8,18 +8,30 @@
- name: Add the 'containers' user - name: Add the 'containers' user
become: true become: true
user: ansible.builtin.user:
name: containers name: containers
password: "!"
system: false
shell: /bin/bash shell: /bin/bash
comment: User running unprivileged containers
state: present
- name: Add admin pub keys to authorized_keys
become: true
ansible.posix.authorized_keys:
user: containers
key: "{{ item }}"
state: present
loop: "{{ vault_containers_authorized_keys }}"
- name: Check if user is lingering - name: Check if user is lingering
stat: ansible.builtin.stat:
path: "/var/lib/systemd/linger/containers" path: "/var/lib/systemd/linger/containers"
register: user_lingering register: user_lingering
- name: Enable lingering is needed - name: Enable lingering is needed
become: true become: true
command: "loginctl enable-linger containers" ansible.builtin.command: "loginctl enable-linger containers"
when: when:
- not user_lingering.stat.exists - not user_lingering.stat.exists
@ -28,7 +40,7 @@
ansible.posix.sysctl: ansible.posix.sysctl:
name: net.ipv4.ip_unprivileged_port_start name: net.ipv4.ip_unprivileged_port_start
value: "80" value: "80"
sysctl_set: yes sysctl_set: true
- name: Enable podman socket - name: Enable podman socket
become: true become: true
@ -36,30 +48,30 @@
ansible.builtin.systemd: ansible.builtin.systemd:
scope: user scope: user
name: podman.socket name: podman.socket
enabled: yes enabled: true
state: started state: started
- name: Enable podman auto-update timer - name: Enable podman auto-update timer
become: true become: true
ansible.builtin.systemd: ansible.builtin.systemd:
name: podman-auto-update.timer name: podman-auto-update.timer
enabled: yes enabled: true
- name: Copy default containers config file - name: Copy default containers config file
become: true become: true
ansible.builtin.copy: ansible.builtin.copy:
remote_src: yes remote_src: true
src: /usr/share/containers/containers.conf src: /usr/share/containers/containers.conf
dest: /etc/containers/containers.conf dest: /etc/containers/containers.conf
mode: 0644 mode: 0644
- name: Change podman default subnet - name: Change podman default subnet
become: true become: true
lineinfile: ansible.builtin.lineinfile:
path: /etc/containers/containers.conf path: /etc/containers/containers.conf
regex: "^(.*)default_subnet = (.*)$" regex: "^(.*)default_subnet = (.*)$"
line: 'default_subnet = "172.16.0.0/24"' line: 'default_subnet = "172.16.0.0/24"'
#- name: Reboot # - name: Reboot
# become: true # become: true
# reboot: # ansible.builtin.reboot: