nearly get bootstrap working in configure mode without internet access

sjpb · sjpb · commit a91b2c464fb9 · 2025-05-23T09:55:16.000Z
diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml
@@ -185,8 +185,9 @@
   become: yes
   tasks:
     - name: Install and configure tuneD
-      import_role:
+      include_role:
         name: tuned
+        tasks_from: "{{ 'configure.yml' if appliances_mode == 'configure' else 'main.yml' }}"
 
 - hosts: freeipa_server
   # Done here as it might be providing DNS
@@ -216,31 +217,27 @@
   become: yes
   tags: firewalld
   tasks:
-    - import_role:
+    - include_role:
         name: firewalld
+        tasks_from: "{{ 'runtime.yml' if appliances_mode == 'configure' else 'main.yml' }}"
 
 - hosts: fail2ban
   gather_facts: false
   become: yes
   tags: fail2ban
   tasks:
-    - import_role:
+    - include_role:
         name: fail2ban
+        tasks_from: "{{ 'configure.yml' if appliances_mode == 'configure' else 'main.yml' }}"
 
 - name: Setup podman
   gather_facts: false
   hosts: podman
   tags: podman
   tasks:
-    - import_role:
-        name: podman
-        tasks_from: prereqs.yml
-      tags: prereqs
-
-    - import_role:
+    - include_role:
         name: podman
-        tasks_from: config.yml
-      tags: config
+        tasks_from: "{{ 'configure.yml' if appliances_mode == 'configure' else 'main.yml' }}"
 
 - hosts: update
   gather_facts: false
diff --git a/ansible/roles/fail2ban/tasks/configure.yml b/ansible/roles/fail2ban/tasks/configure.yml
@@ -0,0 +1,15 @@
+---
+- name: Create config
+  template:
+    dest: /etc/fail2ban/jail.local
+    src: jail.local.j2
+  notify: Restart fail2ban
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: Ensure fail2ban running even if no config change
+  service:
+    name: fail2ban
+    state: started
+    enabled: true
diff --git a/ansible/roles/fail2ban/tasks/install.yml b/ansible/roles/fail2ban/tasks/install.yml
@@ -0,0 +1,11 @@
+---
+- name: Install EPEL repo
+  package:
+    name: epel-release
+
+- name: Install fail2ban packages
+  package:
+    name:
+      - fail2ban-server
+      - fail2ban-firewalld
+    state: present
diff --git a/ansible/roles/fail2ban/tasks/main.yml b/ansible/roles/fail2ban/tasks/main.yml
@@ -1,26 +1,4 @@
 ---
-- name: Install EPEL repo
-  package:
-    name: epel-release
 
-- name: Install fail2ban packages
-  package:
-    name:
-      - fail2ban-server
-      - fail2ban-firewalld
-    state: present
-
-- name: Create config
-  template:
-    dest: /etc/fail2ban/jail.local
-    src: jail.local.j2
-  notify: Restart fail2ban
-
-- name: flush handlers
-  meta: flush_handlers
-
-- name: Ensure fail2ban running even if no config change
-  service:
-    name: fail2ban
-    state: started
-    enabled: true
+- import_tasks: install.yml
+- import_tasks: configure.yml
diff --git a/ansible/roles/podman/tasks/configure.yml b/ansible/roles/podman/tasks/configure.yml
diff --git a/ansible/roles/podman/tasks/install.yml b/ansible/roles/podman/tasks/install.yml
diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml
@@ -0,0 +1,2 @@
+- import_tasks: install.yml
+- import_tasks: configure.yml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+- import_tasks: install.yml`
	`2`	`+- import_tasks: configure.yml`