From 5aa1a21c079d0af8b21dfaa9a4d1060a59831f56 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 28 Jul 2021 01:57:19 -0400 Subject: [PATCH] 2-common/tasks/main.yml made far more readable --- roles/2-common/tasks/main.yml | 37 +++++++++++------------------------ 1 file changed, 11 insertions(+), 26 deletions(-) diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index f4d86732e..048b455c7 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -1,11 +1,18 @@ # Common OS-Level Additions & Mods (that only need to be performed once) - name: ...IS BEGINNING ========================================== - command: echo + meta: noop - name: Create IIAB directory structure ("file layout") include_tasks: fl.yml +- include_tasks: packages.yml + +- name: 'Network prep, including partial setup of iptables (firewall). SEE ALSO: 1-prep/tasks/raspberry_pi.yml' + include_tasks: network.yml + +- include_tasks: iiab-startup.yml + # UNMAINTAINED #- include_tasks: centos.yml # when: ansible_distribution == "CentOS" @@ -22,25 +29,9 @@ #- include_tasks: xo.yml # when: xo_model != "none" or osbuilder is defined -- include_tasks: packages.yml -- include_tasks: network.yml - -# Ongoing rework (e.g. PR #2652) arising from ansible.posix collection changes: -- name: Use 'sysctl' to set 5 network/kernel settings, turning off IPv6 if possible - sysctl: # Places these settings in /etc/sysctl.conf, to survive reboot - name: "{{ item.name }}" - value: "{{ item.value }}" - with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } # Masquerading LAN->Internet - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - #- { name: 'kernel.sysrq', value: '1' } # OS values differ, Ok? - - { name: 'kernel.core_uses_pid', value: '1' } - #- { name: 'net.ipv4.tcp_syncookies', value: '1' } # Very standard in 2020 - #- { name: 'kernel.shmmax', value: '268435456' } # OS values differ, Ok? - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled - #- { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } # AUTO-SET - #- { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } # BY ABOVE +# UNMAINTAINED +#- include_tasks: net_mods.yml +# when: not is_debuntu and not is_F18 # UNMAINTAINED #- name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH @@ -48,12 +39,6 @@ # dest: /etc/profile.d/zzz_iiab.sh # src: zzz_iiab.sh -# UNMAINTAINED -#- include_tasks: net_mods.yml -# when: not is_debuntu and not is_F18 - -- include_tasks: iiab-startup.yml - - name: Recording STAGE 2 HAS COMPLETED ========================== lineinfile: path: "{{ iiab_env_file }}"