Update to 2021-12-01 19:13

roles/common/tasks/facts.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Check if tailf command exists
+  stat: path=/bin/tailf
+  register: system_tailf

roles/common/tasks/guest.yml

@@ -0,0 +1,16 @@
+---
+
+- name: Check if qemu agent channel is available
+  stat: path=/dev/virtio-ports/org.qemu.guest_agent.0
+  register: qemu_ga_dev
+
+- include: guest_{{ ansible_os_family }}.yml
+  when:
+    - qemu_ga_dev.stat.exists
+    - ansible_virtualization_type == 'kvm'
+
+- name: Start and enable qemu guest agent
+  service: name=qemu-guest-agent state=started enabled=yes
+  when:
+    - qemu_ga_dev.stat.exists
+    - ansible_virtualization_type == 'kvm'

roles/common/tasks/guest_Debian.yml

@@ -0,0 +1,4 @@
+---
+
+- name: Install qemu guest agent
+  apt: name=qemu-guest-agent state=present

roles/common/tasks/guest_RedHat.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Install qemu guest agent
+  yum: name=qemu-guest-agent state=present
+

roles/common/tasks/hardware.yml

@@ -0,0 +1,18 @@
+---
+
+- set_fact:
+    controllers: "{{ controllers | default([]) + [ ansible_devices[item].host ] }}"
+  with_items: "{{ ansible_devices.keys() | list }}"
+
+- set_fact:
+    lsi_controllers: "{{ controllers | select('match', '(?i).*(lsi|megaraid).*') | list | unique }}"
+
+- include_tasks: hardware_{{ ansible_os_family }}.yml
+
+- name: Remove MegaCli package
+  file: path=/tmp/{{ megacli }} state=absent
+  when:
+    - lsi_controllers | length > 0
+    - megacli_installed_version.stdout != megacli_version
+
+...

roles/common/tasks/hardware_Debian.yml

@@ -0,0 +1,30 @@
+---
+
+- set_fact: megacli=megacli_{{ megacli_version }}_all.deb
+
+- name: Install libncurses
+  apt:
+    name:
+      - libncurses5
+
+- name: Check if MegaCLi is installed (Debian)
+  shell: dpkg -s megacli | grep Version | awk '{ print $2 }' 2>/dev/null
+  args:
+    warn: False
+  register: megacli_installed_version
+  failed_when: False
+  changed_when: False
+  when: lsi_controllers | length > 0
+
+- name: Copy MegaCli package
+  copy: src={{ megacli }} dest=/tmp
+  when:
+    - lsi_controllers | length > 0
+    - megacli_installed_version.stdout != megacli_version
+
+- name: Install MegaCli (Debian)
+  apt: deb=/tmp/{{ megacli }} allow_unauthenticated=yes
+  when:
+    - lsi_controllers | length > 0
+    - megacli_installed_version.stdout != megacli_version
+ 

roles/common/tasks/hardware_RedHat.yml

@@ -0,0 +1,24 @@
+---
+
+- set_fact:
+    megacli: MegaCli-{{ megacli_version }}.noarch.rpm
+
+- name: Check if MegaCLi is installed
+  shell: rpm -q --qf "%{VERSION}-%{RELEASE}" MegaCli 2>/dev/null
+  register: megacli_installed_version
+  changed_when: False
+  failed_when: False
+  when: lsi_controllers | length > 0
+
+- name: Copy MegaCli package
+  copy: src={{ megacli }} dest=/tmp
+  when:
+    - lsi_controllers | length > 0
+    - megacli_installed_version.stdout != megacli_version
+
+- name: Install MegaCli
+  yum: name=/tmp/{{ megacli }} state=present
+  when:
+    - lsi_controllers | length > 0
+    - megacli_installed_version.stdout != megacli_version
+

roles/common/tasks/hostname.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Set system hostname
+  hostname: name={{ system_hostname | default(inventory_hostname | regex_replace('^([^\.]+)\..*','\\1')) }}
+
+- name: Prevent PVE from changing /etc/hostname
+  copy: content='' dest=/etc/.pve-ignore.hostname
+  when: ansible_virtualization_type == 'lxc'
+
+...
+

roles/common/tasks/mail.yml

@@ -0,0 +1,15 @@
+---
+
+- when: system_admin_email is defined
+  block:
+    - name: Install postfix
+      package: name=postfix
+
+    - name: Configure root email forward
+      lineinfile:
+        dest: /etc/aliases
+        regexp: "^root:.*"
+        line: "root: {{ system_admin_email }}"
+      notify: newaliases
+
+...

roles/common/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- include_vars: "{{ item }}"
+  with_first_found:
+    - vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_os_family }}-{{ ansible_distribution_major_version }}.yml
+    - vars/{{ ansible_distribution }}.yml
+    - vars/{{ ansible_os_family }}.yml
+
+- include: facts.yml
+- include_tasks: utils.yml
+- include_tasks: hostname.yml
+- include_tasks: tz.yml
+- include_tasks: tuned.yml
+  when:
+    - ansible_virtualization_role == 'host' or ansible_virtualization_type != 'lxc'
+    - ansible_os_family == 'RedHat'
+- include_tasks: mail.yml
+- include_tasks: system.yml
+- include_tasks: hardware.yml
+  when: ansible_virtualization_role == 'host'
+- include_tasks: guest.yml
+  when:
+    - ansible_virtualization_role == 'guest'
+
+...

roles/common/tasks/system.yml

@@ -0,0 +1,153 @@
+---
+
+- name: Deploy journald.conf
+  template: src=journald.conf.j2 dest=/etc/systemd/journald.conf
+  when: ansible_service_mgr == 'systemd'
+  notify: restart journald
+
+- name: Allow userspace to trigger kernel autoload of modules
+  seboolean: name=domain_kernel_load_modules state=yes persistent=yes
+  when: ansible_selinux.status == 'enabled'
+  tags: selinux
+
+- name: Configure kmod to load
+  copy: content={{ system_kmods | join("\n") }} dest=/etc/modules-load.d/system.conf
+  register: system_kmods_file
+
+- name: Load needed kmods
+  service: name=systemd-modules-load state=restarted
+  when: system_kmods_file.changed
+
+- name: Set SELinux booleans
+  seboolean: name={{ item.name }} state={{ item.state }} persistent={{ item.persistent | default(True) }}
+  when: ansible_selinux.status == 'enabled'
+  with_items: "{{ sebool }}"
+
+- name: Set logrotate_t to permissive mode
+  selinux_permissive: name=logrotate_t permissive=True
+  when: ansible_selinux.status == 'enabled'
+
+- name: Create mount points directories
+  file: path={{ item.name }} state=directory
+  with_items: "{{ fstab }}"
+  ignore_errors: True # needed for some fuse mount points
+
+- name: Configure mount points
+  mount:
+    name: "{{ item.name }}"
+    src: "{{ item.src }}"
+    fstype: "{{ item.fstype | default(omit) }}"
+    opts: "{{ item.opts | default(omit) }}"
+    boot: "{{ item.boot | default(omit) }}"
+    state: "{{ item.state | default('mounted') }}"
+  with_items: "{{ fstab }}"
+
+- name: Set swappiness
+  sysctl:
+    name: vm.swappiness
+    value: "{{ system_swappiness }}"
+    sysctl_file: /etc/sysctl.d/ansible.conf
+    state: present
+  when: ansible_virtualization_role == 'host' or (ansible_virtualization_type != 'lxc' and ansible_virtualization_type != 'systemd-nspawn')
+
+- name: Set sysctl values
+  sysctl:
+    name: "{{ item }}"
+    value: "{{ system_sysctl[item] }}"
+    sysctl_file: /etc/sysctl.d/ansible.conf
+    state: present
+  when: ansible_virtualization_role == 'host' or ansible_virtualization_type != 'lxc'
+  loop: "{{ system_sysctl.keys() | list }}"
+
+- name: Create symlink for restricted bash
+  file:
+    src: /bin/bash
+    dest: /bin/rbash
+    state: link
+
+- name: Set bash as default shell
+  file:
+    src: /bin/bash
+    dest: /bin/sh
+    state: link
+
+- name: Configure logrotate compression
+  blockinfile:
+    dest: /etc/logrotate.conf
+    insertbefore: BOF
+    block: |
+      compress
+      compressoptions -T0
+      compresscmd /usr/bin/xz
+      compressext .xz
+      uncompresscmd /usr/bin/unxz
+
+- name: Configure crond to send cron's log to syslog
+  copy: src=crond dest=/etc/sysconfig/crond mode=600
+  notify: restart crond
+  when: ansible_os_family == 'RedHat'
+
+- name: Deploy fstrim script
+  copy: src=fstrim_all dest=/usr/local/bin/fstrim_all mode=755
+
+- name: Add a cron task to run fstrim
+  cron:
+    name: fstrim
+    special_time: "{{ system_fstrim_freq }}"
+    user: root
+    job: 'sleep $(( 3600 + 1$(/bin/date +\%N) \% 7200 )); /usr/bin/systemd-cat /usr/local/bin/fstrim_all'
+    cron_file: fstrim
+    state: "{{ (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'lxc') | ternary('absent','present') }}"
+
+- name: Deploy global vimrc
+  copy: src=vimrc.local_{{ ansible_os_family }} dest=/etc/vim/vimrc.local
+  when: ansible_os_family == 'Debian'
+
+- name: Configure vim for dark background
+  lineinfile: path=/etc/vimrc regexp='^set\sbackground=' line='set background=dark'
+  when: ansible_os_family == 'RedHat'
+
+- name: Configure screen to use login shell
+  lineinfile: path=/etc/screenrc regexp='^shell\s.*' line='shell -/bin/sh'
+  when: ansible_os_family == 'Debian'
+
+- name: Handle syslog daemon
+  service:
+    name: rsyslog
+    state: "{{ (system_disable_syslog | default(False)) | ternary('stopped','started') }}"
+    enabled: "{{ (system_disable_syslog | default(False)) | ternary(False,True) }}"
+
+- name: Remove old bash aliases script
+  file: path=/etc/profile.d/bash_aliases.sh state=absent
+
+- name: Deploy bash aliases
+  template: src=bash_aliases.sh.j2 dest=/etc/profile.d/ansible_aliases.sh mode=755
+
+- name: Ensure /etc/rc.d exists
+  file: path=/etc/rc.d state=directory
+
+- name: Deploy rc.local script
+  template: src=rc.local.j2 dest=/etc/rc.d/rc.local mode=755
+
+- name: Deploy rc.local.shutdown script
+  template: src=rc.local.shutdown.j2 dest=/etc/rc.d/rc.local.shutdown mode=755
+
+  # Debian is using /etc/rc.local while RHEL is using /etc/rc.d/rc.local
+- name: Link /etc/rc.local to /etc/rc.d/rc.local
+  file: src=/etc/rc.d/rc.local path=/etc/rc.local state=link force=True
+
+- name: Link /etc/rc.local.shutdown to /etc/rc.d/rc.local.shutdown
+  file: src=/etc/rc.d/rc.local.shutdown path=/etc/rc.local.shutdown state=link force=True
+
+- name: Deploy rc-local-shutdown systemd unit
+  template: src=rc-local-shutdown.service.j2 dest=/etc/systemd/system/rc-local-shutdown.service
+  register: system_rc_local_shutdown_unit
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: system_rc_local_shutdown_unit.changed
+
+- name: Enable rc-local-shutdown service
+  service: name=rc-local-shutdown enabled=True
+
+...

roles/common/tasks/tuned.yml

@@ -0,0 +1,35 @@
+---
+
+- name: Install tuned service
+  yum: name=tuned state=present
+
+- name: Enabling tuned
+  service: name=tuned state=started enabled=yes
+
+- name: Check actual tuned profile
+  shell: "tuned-adm active | awk -F': ' '{print $2}'"
+  register: tuned_profile
+  changed_when: False
+  ignore_errors: True
+
+- name: Applying custom tuned profile
+  command: tuned-adm profile {{ system_tuned_profile }}
+  when:
+    - system_tuned_profile is defined
+    - tuned_profile.stdout != system_tuned_profile
+
+- name: Applying virtual guest tuned profile
+  command: tuned-adm profile virtual-guest
+  when:
+    - ansible_virtualization_role == "guest"
+    - tuned_profile.stdout != "virtual-guest"
+    - system_tuned_profile is not defined
+
+- name: Applying virtual host tuned profile
+  command: tuned-adm profile virtual-host
+  when:
+    - ansible_virtualization_role == "host"
+    - tuned_profile.stdout != "virtual-host"
+    - system_tuned_profile is not defined
+
+...

roles/common/tasks/tz.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Set system TZ
+  timezone: name={{ system_tz }}
+  when: system_tz is defined

roles/common/tasks/utils.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Install common utilities
+  package:
+    name: "{{ system_utils + system_distro_utils }}"
+
+- name: Install extra softwares
+  package:
+    name: "{{ system_extra_pkgs }}"
+
+  # Screendump is not used, and prevent using tab to use screen quickly, so remove it
+- name: Check if screendump is present
+  stat: path=/usr/bin/screendump
+  register: system_screendump
+
+- name: Rename screendump
+  command: mv -f /usr/bin/screendump /usr/bin/_screendump
+  when: system_screendump.stat.exists
+...