- name: network tweaks gather_facts: no hosts: "{{target}}" become: "{{become}}" tasks: # # name resolution # - name: per-host static name resolution hotfix ansible.builtin.blockinfile: marker: "# {mark} ANSIBLE MANAGED BLOCK - per-host" block: "{{host_hosts_block}}" path: /etc/hosts # define with inventory/host_vars/ when: host_hosts_block is defined diff: true - name: group-wide static name resolution hotfix ansible.builtin.blockinfile: marker: "# {mark} ANSIBLE MANAGED BLOCK - group-wide" block: "{{group_hosts_block}}" path: /etc/hosts # define with inventory/group_vars/ when: group_hosts_block is defined diff: true # both per_host_resolv_conf and per_group_resolv_conf cannot be defined - assert: that: not ( group_resolv_conf is defined and host_resolv_conf is defined ) - name: per-host dynamic name resolution hotfix ansible.builtin.copy: content: "{{host_resolv_conf}}" dest: /etc/resolv.conf # define with inventory/host_vars/ when: host_resolv_conf is defined diff: true - name: group-wide dynamic name resolution hotfix ansible.builtin.copy: content: "{{group_resolv_conf}}" dest: /etc/resolv.conf # define with inventory/group_vars/ when: group_resolv_conf is defined diff: true # # ssl # - name: deploy custom ssl anchors on debian systems ansible.builtin.copy: src: "{{item}}" dest: "/usr/local/share/ca-certificates/{{item}}" mode: 0444 with_items: "{{trust_anchors}}" notify: refresh ssl anchors on debian when: fix_anchors is defined and system == 'debian' diff: true - name: deploy custom ssl anchors on redhat systems ansible.builtin.copy: src: "{{item}}" dest: "/etc/pki/ca-trust/source/anchors/{{item}}" mode: 0444 with_items: "{{trust_anchors}}" notify: refresh ssl anchors on redhat when: fix_anchors is defined and system == 'redhat' diff: true handlers: - name: refresh ssl anchors on debian ansible.builtin.shell: executable: /bin/bash cmd: update-ca-certificates - name: refresh ssl anchors on redhat ansible.builtin.shell: executable: /bin/bash cmd: update-ca-trust