*** Wartungsfenster jeden ersten Mittwoch vormittag im Monat ***

Skip to content
Snippets Groups Projects
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
setup_host.yml 4.43 KiB
- name: Update the /etc/hosts file with node name
  lineinfile:
    dest: "/etc/hosts"
    regexp: ".*\t{{ hostvars[item]['inventory_hostname']}}"
    line: "{{ hostvars[item]['ansible_host'] }}\t{{ hostvars[item]['inventory_hostname']}}"
    state: present
    backup: yes
  loop: "{{ groups['all'] }}"

- name: disable firewalld
  ansible.builtin.systemd:
    name: "firewalld"
    enabled: no
    masked: no
    state: stopped
  ignore_errors: True #this command is not idempotent it seems

- name: enable nftables
  ansible.builtin.systemd:
    name: "nftables"
    enabled: yes
    state: started
    masked: no

- name: add kernel params
  template:
    src: kernel_params.conf.j2
    dest: /etc/sysctl.d/rke2_kernel_params.conf
  register: kernel_params

- name: load kernel params
  shell: sysctl --system
  when: kernel_params.changed

- name: add group - etcd 
  group:
    name: etcd
    state: present

- name: add user - etcd
  user:
    name: etcd
    group: etcd

- name: remove rocky user at uid 1000
  user:
    name: rocky
    state: absent 
    remove: yes
  ignore_errors: True 

- name: Download root CA
  get_url:
    url: https://curl.se/ca/cacert.pem
    dest: /etc/ssl/certs

- name: Update CA trust
  shell: update-ca-trust


- name: Resize the disks if volume was expanded (experimental)
  shell: |
    /usr/bin/growpart /dev/vda 2 
    /usr/sbin/pvresize -y -q /dev/vda2 
    /usr/sbin/lvresize -y -q -r -l +100%FREE /dev/mapper/*root 

- name: Disable SELinux
  selinux:
    policy: targeted
    state: permissive