Gitiles
Code Review Sign In
gerrit.opencord.org / ci-management / e711087d28aac5778326e1398fa636a9f1cb81be / . / packer / provision / baseline.yaml
blob: 10562eb64a3a57617cf5e6f397d3f77ecaa597ff [file] [log] [blame]
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]1---
2- hosts: all
3 become_user: root
4 become_method: sudo
5
6 pre_tasks:
7 - include_role: name=lfit.system-update
8
9 - name: Install base packages
10 include_tasks: "{{item}}"
11 with_first_found:
12 - "install-base-pkgs-{{ansible_distribution}}.yaml"
13 - "install-base-pkgs-{{ansible_os_family}}.yaml"
14
15 - name: Allow jenkins user sudo access
16 copy:
17 dest: /etc/sudoers.d/89-jenkins-user-defaults
18 content: |
19 Defaults:jenkins !requiretty
Hung-Wei Chiubfa8fe32021-04-27 10:59:40 -0700[diff] [blame]20 jenkins ALL = NOPASSWD: /usr/sbin/update-alternatives, /usr/sbin/update-java-alternatives
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]21 validate: /usr/sbin/visudo -cf %s
Joey Armstrong3f575f72023-01-15 23:49:19 -0500[diff] [blame]22 become: true
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]23
24 roles:
25 - lfit.lf-recommended-tools
26 - lfit.lf-dev-libs
27 - lfit.haveged-install
28 - lfit.java-install
29 - lfit.python-install
30 - lfit.shellcheck-install
31 - lfit.sysstat-install
32
33 post_tasks:
34 - name: Update /etc/nss-switch.conf to map hostname with IP
35 # Update /etc/nss-switch.conf to map hostname with IP instead of using `localhost`
36 # from /etc/hosts which is required by some of the Java API's to avoid
37 # Java UnknownHostException: "Name or service not known" error.
38 replace:
39 path: /etc/nsswitch.conf
40 regexp: '^hosts:(\s+.*)?$'
41 replace: 'hosts:\1 myhostname'
Joey Armstrong3f575f72023-01-15 23:49:19 -0500[diff] [blame]42 backup: true
43 become: true
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]44
Jan Klarefb6b0f02023-09-28 16:32:01 +0200[diff] [blame]45 - name: Update /etc/hosts to resolve voltha-api and etcd ingress hostnames
46 replace:
47 path: /etc/hosts
48 regexp: '^(127\.0\.0\.1 .*)$'
49 replace: '127.0.0.1 localhost voltha.voltha.local voltha-infra.local'
50 backup: true
51 become: true
52
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]53 - name: Disable periodic updates
54 block:
55 - name: Set all periodic update options to 0
56 replace:
57 path: /etc/apt/apt.conf.d/10periodic
58 regexp: "1"
59 replace: "0"
60 - name: Set all auto update options to 0
61 replace:
62 path: /etc/apt/apt.conf.d/20auto-upgrades
63 regexp: "1"
64 replace: "0"
65 - name: Disable unattended upgrades
66 lineinfile:
67 path: /etc/apt/apt.conf.d/10periodic
68 regexp: "^APT::Periodic::Unattended-Upgrade"
69 line: 'APT::Periodic::Unattended-Upgrade "0";'
Joey Armstrong3f575f72023-01-15 23:49:19 -0500[diff] [blame]70 create: true
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]71 - name: Uninstall unattended upgrades
72 apt:
73 name: unattended-upgrades
74 state: absent
75 - name: Prevent unattended upgrades from being installed
76 dpkg_selections:
77 name: unattended-upgrades
78 selection: hold
79 - name: Disable apt-daily.* systemd services
80 systemd:
81 name: "{{service}}"
Joey Armstrong3f575f72023-01-15 23:49:19 -0500[diff] [blame]82 enabled: false
83 masked: true
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]84 with_items:
85 - apt-daily.service
86 - apt-daily.timer
87 - apt-daily-upgrade.service
88 - apt-daily-upgrade.timer
89 loop_control:
90 loop_var: service
91 when: ansible_distribution == 'Ubuntu'
Joey Armstrong3f575f72023-01-15 23:49:19 -0500[diff] [blame]92 become: true
Hung-Wei Chiu9708ed82021-04-14 14:20:08 -0700[diff] [blame]93
94 - name: System Reseal
95 script: system-reseal.sh
96 become: true
Joey Armstrongaf679da2023-01-31 14:22:41 -0500[diff] [blame]97
98# [EOF]