-
Lahmer, Thomas authoredd528cfa7
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
setup_host.yml 4.43 KiB
- name: Update the /etc/hosts file with node name
lineinfile:
dest: "/etc/hosts"
regexp: ".*\t{{ hostvars[item]['inventory_hostname']}}"
line: "{{ hostvars[item]['ansible_host'] }}\t{{ hostvars[item]['inventory_hostname']}}"
state: present
backup: yes
loop: "{{ groups['all'] }}"
- name: disable firewalld
ansible.builtin.systemd:
name: "firewalld"
enabled: no
masked: no
state: stopped
ignore_errors: True #this command is not idempotent it seems
- name: enable nftables
ansible.builtin.systemd:
name: "nftables"
enabled: yes
state: started
masked: no
- name: add kernel params
template:
src: kernel_params.conf.j2
dest: /etc/sysctl.d/rke2_kernel_params.conf
register: kernel_params
- name: load kernel params
shell: sysctl --system
when: kernel_params.changed
- name: add group - etcd
group:
name: etcd
state: present
- name: add user - etcd
user:
name: etcd
group: etcd
- name: remove rocky user at uid 1000
user:
name: rocky
state: absent
remove: yes
ignore_errors: True
- name: Download root CA
get_url:
url: https://curl.se/ca/cacert.pem
dest: /etc/ssl/certs
- name: Update CA trust
shell: update-ca-trust
- name: Resize the disks if volume was expanded (experimental)
shell: |
/usr/bin/growpart /dev/vda 2
/usr/sbin/pvresize -y -q /dev/vda2
/usr/sbin/lvresize -y -q -r -l +100%FREE /dev/mapper/*root
- name: Disable SELinux
selinux:
policy: targeted
state: permissive