-
Notifications
You must be signed in to change notification settings - Fork 96
/
cvmfs.yml
72 lines (71 loc) · 1.83 KB
/
cvmfs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
---
- hosts: cvmfsstratum1servers
become: true
vars:
hostname: cvmfs1-ufr0.internal.galaxyproject.eu
vars_files:
- "secret_group_vars/all.yml"
- mounts/mountpoints.yml
- mounts/dest/all.yml
collections:
- devsec.hardening
pre_tasks:
- name: Set default version of Python
alternatives:
name: python
path: /usr/bin/python3
- file:
src: /data/dnb01
dest: /srv
owner: root
group: root
state: link
force: true
post_tasks:
- name: Disable SELinux
selinux:
state: disabled
register:
selinux_disabled
# - name: Reboot if SELinux was disabled
# reboot:
# when: selinux_disabled.reboot_required == true
roles:
# Starting configuration of the operating system
- role: usegalaxy_eu.handy.os_setup
vars:
enable_hostname: true
enable_powertools: true # geerlingguy.repo-epel role doesn't enable PowerTools repository
enable_grub: true
enable_kernel_5: true
- geerlingguy.repo-epel # Install EPEL repository
- usegalaxy-eu.autoupdates # keep all of our packages up to date
- influxdata.chrony # Keep our time in sync.
- usegalaxy-eu.dynmotd
# Filesystems
- usegalaxy-eu.autofs
# Applications
- galaxyproject.cvmfs
- hxr.monitor-squid
- hxr.monitor-cvmfs
- dj-wasabi.telegraf
# hardening
- os_hardening
- ssh_hardening
#
# - hostname
# - usegalaxy-eu.dynmotd
# - geerlingguy.repo-epel
# - hxr.admin-tools
# - influxdata.chrony
# - hxr.monitor-email
# - linuxhq.yum_cron
# - hxr.autofs
# # BEGIN custom
# - galaxyproject.cvmfs
# - hxr.monitor-squid
# - hxr.monitor-cvmfs
# # END custom
# - dj-wasabi.telegraf
# - dev-sec.os-hardening
# - dev-sec.ssh-hardening