diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index f9012c00c..bb499df5c 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -105,15 +105,15 @@ when: is_ubuntu ignore_errors: True -- name: Disable SELinux on next boot (OS's other than debuntu) - selinux: - state: disabled - register: selinux_disabled - when: not is_debuntu +#- name: Disable SELinux on next boot (OS's other than debuntu) +# selinux: +# state: disabled +# register: selinux_disabled +# when: not is_debuntu -- name: Disable SELinux for this session (OS's other than debuntu, if needed) - command: setenforce Permissive - when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed +#- name: Disable SELinux for this session (OS's other than debuntu, if needed) +# command: setenforce Permissive +# when: not is_debuntu and selinux_disabled is defined and selinux_disabled.changed ## DISCOVER PLATFORMS ###### # Put conditional actions for hardware platforms here diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index db436515f..c4dc34309 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -21,21 +21,25 @@ - include_tasks: packages.yml - include_tasks: iptables.yml -- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible - sysctl: - name: "{{ item.name }}" - value: "{{ item.value }}" - with_items: - - { name: 'net.ipv4.ip_forward', value: '1' } - - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } - - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } - - { name: 'kernel.sysrq', value: '1' } - - { name: 'kernel.core_uses_pid', value: '1' } - - { name: 'net.ipv4.tcp_syncookies', value: '1' } - - { name: 'kernel.shmmax', value: '268435456' } - - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled - - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } - - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } +# 2020-11-27 emergency patch+experiment til this is answered more methodically: +# https://github.com/iiab/iiab/issues/2650 +# https://github.com/iiab/iiab/pull/2651 +# +#- name: Use 'sysctl' to set 10 network/kernel settings, turning off IPv6 if possible +# sysctl: +# name: "{{ item.name }}" +# value: "{{ item.value }}" +# with_items: +# - { name: 'net.ipv4.ip_forward', value: '1' } +# - { name: 'net.ipv4.conf.default.rp_filter', value: '1' } +# - { name: 'net.ipv4.conf.default.accept_source_route', value: '0' } +# - { name: 'kernel.sysrq', value: '1' } +# - { name: 'kernel.core_uses_pid', value: '1' } +# - { name: 'net.ipv4.tcp_syncookies', value: '1' } +# - { name: 'kernel.shmmax', value: '268435456' } +# - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' } # IPv6 disabled +# - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' } +# - { name: 'net.ipv6.conf.lo.disable_ipv6', value: '1' } - name: Install /etc/profile.d/zzz_iiab.sh from template, to add sbin dirs to unprivileged users' $PATH template: diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 4f28e1d6e..bc2e447bd 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -48,6 +48,7 @@ url: "{{ gitea_download_url }}" dest: "{{ gitea_install_path }}" mode: '0775' + timeout: "{{ download_timeout }}" when: internet_available - name: Download Gitea GPG signature diff --git a/scripts/ansible b/scripts/ansible index 6938e5468..8ee0bd207 100755 --- a/scripts/ansible +++ b/scripts/ansible @@ -94,6 +94,7 @@ $APT_PATH/apt -y --allow-downgrades install ansible-base \ echo -e "\n\nIIAB requires these 2 Ansible Collections: (w/ ansible-base 2.10.0 or higher)\n" ansible-galaxy collection install community.general # Re-running these ansible-galaxy collection install community.mysql # appears to be safe!? +#ansible-galaxy collection install ansible.posix # 2020-11-27: See roles/1-prep/tasks/main.yml & PR #2647, PR #2648, #2650, PR #2651 echo -e "\n\nCreating/verifying directory /etc/ansible & installing /etc/ansible/hosts\n" mkdir -p /etc/ansible