iiab/roles/2-common/tasks/main.yml

# Common OS-Level Additions & Mods (that only need to be performed once)

- name: ...IS BEGINNING ==========================================
  command: echo

- name: Create IIAB directory structure ("file layout")
  include_tasks: fl.yml

- include_tasks: pylib.yml

- include_tasks: centos.yml
  when: ansible_distribution == "CentOS"

- include_tasks: fedora.yml
  when: ansible_distribution == "Fedora"

- include_tasks: prep.yml
  when: not is_debuntu

- include_tasks: xo.yml
  when: xo_model != "none" or osbuilder is defined

- include_tasks: packages.yml
- include_tasks: iptables.yml

- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
  with_items:
    - { name: 'net.ipv4.ip_forward', value: '1' }
    - { name: 'net.ipv4.conf.default.rp_filter', value: '1' }
    - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }
    - { name: 'kernel.sysrq', value: '1' }
    - { name: 'kernel.core_uses_pid', value: '1' }
    - { name: 'net.ipv4.tcp_syncookies', value: '1' }
    - { name: 'kernel.shmmax', value: '268435456' }
    - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }    # IPv6 disabled
    - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
    - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }

- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH
  template:
    dest: /etc/profile.d/zzz_iiab.sh
    src: zzz_iiab.sh

- include_tasks: net_mods.yml
  when: not is_debuntu and not is_F18

- include_tasks: udev.yml
- include_tasks: iiab-startup.yml

- name: Recording STAGE 2 HAS COMPLETED ==========================
  lineinfile:
    dest: "{{ iiab_env_file }}"
    regexp: '^STAGE=*'
    line: 'STAGE=2'
Update main.yml 2017-10-27 03:43:50 +00:00			`# Common OS-Level Additions & Mods (that only need to be performed once)`

fill lines with ==='s 2017-10-30 20:31:16 +00:00			`- name: ...IS BEGINNING ==========================================`
Update main.yml 2017-10-27 03:43:50 +00:00			`command: echo`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Update main.yml 2019-01-15 20:33:02 +00:00			`- name: Create IIAB directory structure ("file layout")`
move fl.yml 2019-01-15 12:16:08 +00:00			`include_tasks: fl.yml`

ready to test 2019-11-19 13:46:15 +00:00			`- include_tasks: pylib.yml`

56 changes to include_tasks --edits double check after rebase 2017-10-31 03:55:24 +00:00			`- include_tasks: centos.yml`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`when: ansible_distribution == "CentOS"`

56 changes to include_tasks --edits double check after rebase 2017-10-31 03:55:24 +00:00			`- include_tasks: fedora.yml`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`when: ansible_distribution == "Fedora"`

cleanup 2017-11-09 10:51:07 +00:00			`- include_tasks: prep.yml`
			`when: not is_debuntu`

			`- include_tasks: xo.yml`
			`when: xo_model != "none" or osbuilder is defined`

56 changes to include_tasks --edits double check after rebase 2017-10-31 03:55:24 +00:00			`- include_tasks: packages.yml`
iptables 2017-11-09 12:11:15 +00:00			`- include_tasks: iptables.yml`
cleanup 2017-11-09 10:51:07 +00:00
Clean 2-common/tasks/main.yml 2020-01-13 16:28:04 +00:00			`- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible`
			`sysctl:`
			`name: "{{ item.name }}"`
			`value: "{{ item.value }}"`
			`with_items:`
			`- { name: 'net.ipv4.ip_forward', value: '1' }`
			`- { name: 'net.ipv4.conf.default.rp_filter', value: '1' }`
			`- { name: 'net.ipv4.conf.default.accept_source_route', value: '0' }`
			`- { name: 'kernel.sysrq', value: '1' }`
			`- { name: 'kernel.core_uses_pid', value: '1' }`
			`- { name: 'net.ipv4.tcp_syncookies', value: '1' }`
			`- { name: 'kernel.shmmax', value: '268435456' }`
			`- { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled`
			`- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }`
			`- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' }`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
Clean 2-common/tasks/main.yml to avoid warnings etc 2020-01-12 01:28:47 +00:00			`- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH`
indentation/syntax per new Ansible docs 2018-02-13 02:29:06 +00:00			`template:`
Update main.yml 2018-10-31 01:52:02 +00:00			`dest: /etc/profile.d/zzz_iiab.sh`
indentation/syntax per new Ansible docs 2018-02-13 02:29:06 +00:00			`src: zzz_iiab.sh`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
56 changes to include_tasks --edits double check after rebase 2017-10-31 03:55:24 +00:00			`- include_tasks: net_mods.yml`
patch 0002 2017-05-27 23:10:45 +00:00			`when: not is_debuntu and not is_F18`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00
56 changes to include_tasks --edits double check after rebase 2017-10-31 03:55:24 +00:00			`- include_tasks: udev.yml`
create a script that executes at every startup 2017-11-24 16:57:46 +00:00			`- include_tasks: iiab-startup.yml`

fill lines with ==='s 2017-10-30 20:31:16 +00:00			`- name: Recording STAGE 2 HAS COMPLETED ==========================`
indentation/syntax per new Ansible docs 2018-02-13 02:29:06 +00:00			`lineinfile:`
Update main.yml 2018-10-15 09:30:30 +00:00			`dest: "{{ iiab_env_file }}"`
Update main.yml 2018-02-13 02:51:08 +00:00			`regexp: '^STAGE=*'`
			`line: 'STAGE=2'`