---
- name: system update
hosts: rhel9
become: true
tasks:
- name: packages update
ansible.builtin.dnf:
name: "*"
state: latest
- name: unneeded packages remove
ansible.builtin.dnf:
autoremove: yes
- name: other software installation
hosts: rhel9
become: true
tasks:
- name: RHSM repository enable
community.general.rhsm_repository:
name: codeready-builder-for-rhel-9-x86_64-rpms
- name: epel-release repository gpg installation
ansible.builtin.rpm_key:
state: present
key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
- name: epel-release repository installation
ansible.builtin.dnf:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
state: latest
- name: policycoreutils-python-utils wget vim installation
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
with_items:
- policycoreutils-python-utils
- wget
- vim
- tar
- name: dnf-automatic installation & configuration
hosts: rhel9
become: true
tasks:
- name: dnf-automatic installation
ansible.builtin.dnf:
name: dnf-automatic
state: latest
- name: dnf-automatic configuration
ansible.builtin.copy:
src: /etc/ansible/templates/dnf/automatic.conf
dest: /etc/dnf/automatic.conf
owner: root
group: root
mode: "0644"
backup: true
- name: dnf-automatic service enable
ansible.builtin.systemd:
name: dnf-automatic.timer
enabled: true
- name: dnf-automatic service start
ansible.builtin.systemd:
name: dnf-automatic.timer
state: started
- name: fail2ban installation & configuration
hosts: rhel9
become: true
tasks:
- name: fail2ban installation
ansible.builtin.dnf:
name: fail2ban
state: latest
- name: fail2ban configuration
ansible.builtin.copy:
src: /etc/ansible/templates/fail2ban/sshd.local
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
group: root
mode: "0644"
backup: true
- name: fail2ban service enable
ansible.builtin.systemd:
name: fail2ban
enabled: true
- name: fail2ban service start
ansible.builtin.systemd:
name: fail2ban
state: started
- name: cockpit installation & configuration
hosts: rhel9
become: true
tasks:
- name: cockpit installation
ansible.builtin.dnf:
name: "{{ item }}"
state: latest
with_items:
- cockpit
- cockpit-ws
- cockpit-pcp
- cockpit-selinux
- cockpit-doc
- cockpit-bridge
- cockpit-machines
- cockpit-kdump
- cockpit-packagekit
- cockpit-sosreport
- cockpit-storaged
- cockpit-networkmanager
- cockpit-system
- name: firewalld - cockpit service enable
ansible.posix.firewalld:
zone: public
service: cockpit
permanent: yes
immediate: yes
state: enabled
- name: cockpit service enable
ansible.builtin.systemd:
name: cockpit.socket
enabled: true
- name: cockpit service start
ansible.builtin.systemd:
name: cockpit.socket
state: started
- name: zabbix agent 2 installation & configuration
hosts: rhel9
become: true
tasks:
- name: zabbix repository gpg installation
ansible.builtin.rpm_key:
state: present
key: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-08EFA7DD
- name: zabbix repository installation
ansible.builtin.dnf:
name: https://repo.zabbix.com/zabbix/6.0/rhel/9/x86_64/zabbix-release-6.0-4.el9.noarch.rpm
state: latest
- name: zabbix agent 2 installation
ansible.builtin.dnf:
name: zabbix-agent2
state: latest
- name: firewalld - port 10050/tcp configuration
ansible.builtin.firewalld:
zone: public
port: 10050/tcp
permanent: yes
immediate: yes
state: enabled
- name: firewalld - port 10051/tcp configuration
ansible.builtin.firewalld:
zone: public
port: 10051/tcp
permanent: yes
immediate: yes
state: enabled
- name: zabbix agent 2 configuration
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^Server="
line: "Server=zabbix.krolaki.eu"
state: present
notify: zabbix agent service restart
- name: zabbix agent server configuration
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^ServerActive="
line: "ServerActive=zabbix.krolaki.eu"
state: present
notify: zabbix agent service restart
- name: zabbix agent hostmetadata set
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^# HostMetadata="
line: "HostMetadata==rhel9"
state: present
notify: zabbix agent service restart
- name: zabbix agent hostname set
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^Hostname="
line: "Hostname="
state: present
notify: zabbix agent service restart
- name: zabbix agent hostname set
ansible.builtin.lineinfile:
path: /etc/zabbix/zabbix_agent2.conf
regexp: "^# HostnameItem=system.hostname"
line: "HostnameItem=system.hostname"
state: present
notify: zabbix agent service restart
- name: zabbix agent service enable
ansible.builtin.systemd:
name: zabbix-agent2
enabled: true
handlers:
- name: zabbix agent service restart
ansible.builtin.systemd:
name: zabbix-agent2
state: restarted
- name: user management
hosts: rhel9
become: true
tasks:
- name: root password delete
ansible.builtin.user:
name: root
password: "*"
state: present
- name: ansible password delete
ansible.builtin.user:
name: ansible
password: "*"
groups: wheel
state: present
- name: wheel group check
ansible.builtin.group:
name: wheel
state: present
- name: manager user create
ansible.builtin.user:
name: manager
groups: wheel
- name: manager authkey export
ansible.posix.authorized_key:
user: manager
state: present
key: "{{ lookup('file', '/etc/ansible/templates/authorized_keys/manager.pub') }}"
...
