Ansible - Test Playbook 2

1. - hosts: testservers
2.   tasks:
4.     #### System Update ####
5.  
6.     ## CentOS ##
7.  
8.     - name: System Update CentOS
9.       yum: name=* state=latest
10.       when: ansible_distribution == "CentOS"
11.  
12.     - name: Disable SELinux
13.       selinux: state=disabled
14.       when: ansible_distribution == "CentOS"
15.  
16.  
17.     ## SUSE ##
18.  
19.     - name: System Update SUSE
20.       zypper: name=* state=latest
21.       when: ansible_os_family == "Suse"
22.  
23.     - name: Apply ALL patches SUSE
24.       zypper: name=* state=latest type=patch
25.       when: ansible_os_family == "Suse"
26.  
27.     ## ALL OS ##
28.  
29.     - name: Reboot server
30.       shell: sleep 3 && /sbin/shutdown -r now "Ansible system reboot"
31.       async: 1 #ansible-playbook this_file.yml --check не отработает! закомментить при тесте!#
32.       poll: 0
33.  
34.     - name: Wait for hosts sshd
35.       local_action: wait_for host={{ inventory_hostname }} port=22 delay=20 connect_timeout=200
36.       become: false
37.       delegate_to: localhost
38.  
39.     #### Software installation ####
40.  
41.     ## Apache CentOS ##
42.  
43.     - name: Install Apache CentOS
44.       yum: pkg=httpd state=latest
45.       when: ansible_distribution == "CentOS"
46.  
47.     - name: Enable Apache on System Boot CentOS
48.       service: name=httpd enabled=yes
49.       when: ansible_distribution == "CentOS"
50.  
51.     - name: Starting service Apache CentOS
52.       service: name=httpd state=started
53.       when: ansible_distribution == "CentOS"
54.  
55.     ## Apache SUSE ##
56.  
57.     - name: Install Apache SUSE
58.       zypper: name=apache2 state=latest
59.       when: ansible_os_family == "Suse"
60.  
61.     - name: Enable Apache on System Boot SUSE
62.       service: name=apache2 enabled=yes
63.       when: ansible_os_family == "Suse"
64.  
65.     #### Firewall config ####
66.  
67.     ## CentOS ##
68.  
69.     - name: Allow HTTP CentOS
70.       command: firewall-cmd --add-service=http --permanent
71.       when: ansible_distribution == "CentOS"
72.  
73.     - name: Allow HTTPs CentOS
74.       command: firewall-cmd --add-service=https --permanent
75.       when: ansible_distribution == "CentOS"
76.  
77.     ## SUSE ##
78.  
79.     - name: Allow SSH SUSE
80.       command: iptables -A INPUT -p tcp --dport 22 -j ACCEPT
81.       when: ansible_os_family == "Suse"
82.  
83.     - name: Allow HTTP SUSE
84.       command: iptables -A INPUT -p tcp --dport 80 -j ACCEPT
85.       when: ansible_os_family == "Suse"
86.  
87.     - name: Allow HTTPs SUSE
88.       command: iptables -A INPUT -p tcp --dport 443 -j ACCEPT
89.       when: ansible_os_family == "Suse"
90.  
91.     #### Firewall reboot ####
92.  
93.     - name: Reload Firewall settings CentOS
94.       command: firewall-cmd --reload
95.       when: ansible_distribution == "CentOS"
96.  
97. #    - name: Reload Firewall settings SUSE
98. #      command: /etc/init.d/SuSEfirewall2_init restart
99. #      when: ansible_os_family == "Suse"