Refactor roles to support new variable schema

Add common-env and docker roles

roles/common_env/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Set hostname
+  become: true
+  hostname:
+    name: "{{ ansible_host }}"
+
+- name: Install global bashrc
+  become: true
+  copy:
+    src: bashrc.sh
+    dest: /etc/profile.d/ZA-enpn-bashrc.sh
+    mode: 0644

roles/docker/tasks/install.yml

@@ -0,0 +1,45 @@
+---
+# Just use the same repo for cent7 and cent8 because ¯\_(ツ)_/¯
+- name: Install Docker repository
+  become: true
+  when: ansible_distribution == "CentOS"
+  yum_repository:
+    name: docker-ce-stable
+    description: Docker CE Stable - $basearch
+    file: docker-ce-stable
+    baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
+    gpgcheck: false
+    gpgcakey: https://download.docker.com/linux/centos/gpg
+
+- name: Install Docker on Cent7
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  yum:
+    # Update the cache to update with the new docker repo
+    update_cache: yes
+    state: latest
+    name:
+      - device-mapper-persistent-data  # Required for docker devicestorage driver
+      - lvm2                           #  same
+      - docker-ce
+      - containerd.io
+
+- name: Install Docker on Cent8
+  become: true
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
+  dnf:
+    # Update the cache to update with the new docker repo
+    update_cache: yes
+    state: latest
+    name:
+      - device-mapper-persistent-data  # Required for docker devicestorage driver
+      - lvm2                           #  same
+      - docker-ce-3:18.09.1-3.el7
+
+- name: Install python bindings
+  become: true
+  pip:
+    name:
+      - docker==4.2.0
+      - docker-compose==1.25.4
+    state: present

roles/docker/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+- import_tasks: install.yml
+
+- name: Start and enable docker service
+  become: true
+  systemd:
+    name: docker
+    state: started
+    enabled: yes
+
+- import_tasks: tasks/preprocess-users.yml
+
+- name: Add superusers to the docker group
+  become: true
+  user:
+    name: "{{ item.name }}"
+    groups: docker
+    append: yes
+  loop: "{{ _users_local_admin }}"

roles/networkd/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+omni_restart_services: false

roles/networkd/tasks/main.yml

@@ -1,33 +1,31 @@
 ---
 - import_tasks: packages.yml
 
-- name: Delete networkd config directory
+- name: Configure networking via systemd
   become: true
-  file:
-    path: /etc/systemd/network
-    state: absent
+  when: omni_networking is defined
+  block:
+    - name: Delete networkd config directory
+      file:
+        path: /etc/systemd/network
+        state: absent
 
-- name: Create the networkd config directory
-  become: true
-  file:
-    path: /etc/systemd/network
-    state: directory
+    - name: Create the networkd config directory
+      file:
+        path: /etc/systemd/network
+        state: directory
 
-- name: Make network files
-  when: networking is defined
-  become: true
-  template:
-    src: network.j2
-    dest: "/etc/systemd/network/{{ item.key }}.network"
-  loop: "{{ networking | dict2items }}"
+    - name: Make network files
+      template:
+        src: network.j2
+        dest: "/etc/systemd/network/{{ item.key }}.network"
+      loop: "{{ omni_networking | dict2items }}"
 
-- name: Make netdev files
-  when: networking is defined
-  become: true
-  template:
-    src: netdev.j2
-    dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
-  loop: "{{ networking | dict2items | subelements('value.vlans', true) }}"
+    - name: Make netdev files
+      template:
+        src: netdev.j2
+        dest: "/etc/systemd/network/{{ item.0.key + '.' + item.1 }}.netdev"
+      loop: "{{ omni_networking | dict2items | subelements('value.vlans', true) }}"
 
 - import_tasks: services.yml
 

roles/networkd/tasks/packages.yml

@@ -21,14 +21,18 @@
   when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
   become: true
   block:
-    - name: Install this super-legitimate and definitely vetted COPR repo
-      shell:
-        creates: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:fschwarz:systemd-networkd.repo
-        cmd: dnf copr enable fschwarz/systemd-networkd
-        warn: false
+    # The systemd-networkd EPEL package is currently in the testing phase, so we have
+    # to enable the testing EPEL repo to install it. Note that this is also done in
+    # the packages role
+    # https://bugzilla.redhat.com/show_bug.cgi?id=1789146
+    - name: Enable EPEL-Testing repository on CentOS 8s
+      lineinfile:
+        path: /etc/yum.repos.d/epel-testing.repo
+        regexp: "enabled=(0|1)"
+        line: "enabled=1"
+        insertbefore: "^$"
+        firstmatch: true
     - name: Install networkd
       dnf:
         state: latest
-        name:
-          # This now comes from aforementioned very good COPR repo
-          - systemd-networkd
+        name: systemd-networkd

roles/networkd/tasks/services.yml

@@ -19,7 +19,7 @@
     - systemd-networkd-wait-online
 
 - name: Stop NetworkManager
-  when: restart_services | default(false) == true
+  when: omni_restart_services == true
   become: true
   systemd:
     name: "{{ item }}"
@@ -29,6 +29,7 @@
     - NetworkManager-wait-online
 
 - name: Start systemd-networkd
+  when: omni_restart_services == true
   become: true
   systemd:
     name: "{{ item }}"

roles/packages/tasks/centos-8-dracut.yml

@@ -1,71 +0,0 @@
----
-# The dracut patch is an issue uniquely bound to the fact that I'm using several
-# old-as-shit hardware RAID cards. Specifically the Dell PERC H200 and the Dell PERC
-# H310, both of which had their hardware drivers dropped in Cent8 (despite the drivers
-# being included in the upstream fedora kernel, but whatever). OS installation and the
-# process in this set of tasks is based off of this blog post:
-# https://www.centos.org/forums/viewtopic.php?t=71862#p302447
-#
-# TODO: Host the RPMs locally. The internet may never forget, but it's also never there
-# when you need it
-#
-# NOTE: These tasks only need to be run on Cent8
-#
-# NOTE: We assume- since this file literally has 'centos' in the name- that the
-# ansible_distribution check has already been done at import time
-#
-
-- name: Determine dracut version
-  shell:
-    cmd: rpm -qa | grep dracut-[0-9]
-    warn: false
-  register: dracut_version_check
-
-- name: Install patched version of dracut
-  when: dracut_version_check.stdout != "dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64"
-  block:
-    - name: Create temporary download directory
-      file:
-        path: /tmp/dracut-patch
-        state: directory
-
-    - name: Download patched dracut tool RPMs
-      get_url:
-        url: "{{ item.source }}"
-        dest: /tmp/dracut-patch/{{ item.dest }}
-      loop:
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-caps-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-caps.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-generic-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-config-generic.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-config-rescue-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-config-rescue.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-live-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-live.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-network-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-network.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-squash-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-squash.rpm
-        - source: http://elrepo.org/people/akemi/testing/el8/dracut/dracut-tools-049-13.git20190614.p1.el8_0.elrepo.x86_64.rpm
-          dest: dracut-tools.rpm
-
-    - name: Install patched dracut toolchain
-      become: true
-      dnf:
-        state: latest
-        name:
-          - /tmp/dracut-patch/dracut.rpm
-          - /tmp/dracut-patch/dracut-caps.rpm
-          - /tmp/dracut-patch/dracut-config-generic.rpm
-          - /tmp/dracut-patch/dracut-config-rescue.rpm
-          - /tmp/dracut-patch/dracut-live.rpm
-          - /tmp/dracut-patch/dracut-network.rpm
-          - /tmp/dracut-patch/dracut-squash.rpm
-          - /tmp/dracut-patch/dracut-tools.rpm
-
-    - name: Remove temporary download directory
-      file:
-        path: /tmp/dracut-patch
-        state: absent

roles/packages/tasks/clean.yml

@@ -2,13 +2,13 @@
 - name: Clean DNF cache
   become: true
   when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
-  shell:
-    cmd: dnf clean all
+  command:
+    cmd: /usr/bin/dnf clean all
     warn: false
 
 - name: Clean YUM cache
   become: true
   when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
-  shell:
-    cmd: yum clean all
+  command:
+    cmd: /usr/bin/yum clean all
     warn: false

roles/packages/tasks/repos.yml

@@ -8,6 +8,14 @@
         state: latest
         name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
 
+    - name: Enable EPEL-Testing repository on CentOS 8s
+      lineinfile:
+        path: /etc/yum.repos.d/epel-testing.repo
+        regexp: "enabled=(0|1)"
+        line: "enabled=1"
+        insertbefore: "^$"
+        firstmatch: true
+
     - name: Enable the power tools repository on CentOS 8
       lineinfile:
         path: /etc/yum.repos.d/CentOS-PowerTools.repo

roles/packages/tasks/update.yml

@@ -1,7 +1,4 @@
 ---
-- import_tasks: centos-8-dracut.yml
-  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "8"
-
 # Gotta hate this, but I have to hardcode the systemd exclusion on cent8
 # Because I'm using "janky-systemd-networkd-2-the-jankening" (see the networkd role)
 # there are a pile of conflicts when you run "dnf update" with it installed. I found

roles/sshd/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 omni_restart_services: false
+omni_ssh_enabled: true

roles/sshd/tasks/install.yml

@@ -0,0 +1,14 @@
+---
+- name: Install OpenSSH server on Fedora and CentOS 8
+  when: ansible_distribution == "Fedora" or (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
+  become: true
+  dnf:
+    name: openssh-server
+    state: latest
+
+- name: Install OpenSSH server on CentOS 7
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  become: true
+  yum:
+    name: openssh-server
+    state: latest

roles/sshd/tasks/main.yml

@@ -1,4 +1,6 @@
 ---
+- import_tasks: install.yml
+
 - name: Install SSH Banner
   become: true
   template:
@@ -26,8 +28,8 @@
       set: "ChallengeResponseAuthentication no"
 
 - name: Restart sshd service
-  when: omni_restart_services == true
   become: true
   systemd:
     name: sshd
-    state: restarted
+    state: "{{ 'restarted' if omni_restart_services == true else 'started' }}"
+    enabled: "{{ omni_ssh_enabled }}"