- name: maintain packages gather_facts: no hosts: "{{target}}" become: "{{become}}" tasks: # todo - use /etc/os-release instead? - name: preliminary requirement ansible.builtin.apt: pkg: - lsb-release # define distro on debian family systems update_cache: false # we didn't update sources.list yet autoremove: true purge: true diff: true when: system == 'debian' # # distro flavor & release # # debian vs ubuntu - required by sources.list - name: define distro flavor on debian systems ansible.builtin.shell: executable: /bin/bash cmd: "lsb_release -is 2>/dev/null | tr A-Z a-z || echo unknown" register: distro changed_when: false check_mode: false when: system == 'debian' - debug: var=distro.stdout when: system == 'debian' # non debian nor ubuntu (e.g. mint) release names (e.g. vera based on jammy) are problematic # we prefer to get an error in that case - assert: that: distro.stdout == 'debian' or distro.stdout == 'ubuntu' when: system == 'debian' # e.g. bookworm vs focal - required by sources.list - name: define distro release on debian systems ansible.builtin.shell: executable: /bin/bash cmd: "lsb_release -cs 2>/dev/null || echo unknown" register: release changed_when: false check_mode: false when: system == 'debian' - debug: var=release.stdout when: system == 'debian' - name: package mgmt setup on debian systems ansible.builtin.template: src: sources.list dest: /etc/apt/sources.list diff: true when: system == 'debian' #- name: clean-up few unwanted packages and daemons # ansible.builtin.apt: # state: absent # pkg: # - multipath-tools # - python3-update-manager # - sosreport # # todo - check and get rid of snap packages first # #- snapd # - ubuntu-advantage-tools # - ubuntu-pro-client # - ubuntu-pro-client-l10n # update_cache: true # autoremove: true # purge: true # diff: true # when: system == 'debian' # python3 already installed - name: install few packages on debian/ubuntu systems ansible.builtin.apt: pkg: - bash-completion - ca-certificates - colordiff - curl - net-tools - mlocate # no plocate on centos7 nor ubuntu20/focal update_cache: true autoremove: true purge: true diff: true when: system == 'debian' # already installed #- name: install sudo # ansible.builtin.package: # name: sudo # required by runner and new-school users role # diff: true # when: become == 'true' and ( system == 'debian' or system == 'redhat' ) - name: uninstall sudo ansible.builtin.package: name: sudo # reduce attack surface state: absent diff: true when: become == 'false' and ( system == 'debian' or system == 'redhat' ) - name: clean-up left-over packages preview ansible.builtin.shell: executable: /bin/bash cmd: | apt-get -qs autoremove --purge dpkg -l | grep ^rc | awk '{print $2}' register: real_clean_preview check_mode: false changed_when: false when: system == 'debian' and skip_real_clean is not defined - debug: var=real_clean_preview.stdout when: system == 'debian' and ansible_check_mode and skip_real_clean is not defined - debug: var=real_clean_preview.stderr when: system == 'debian' and ansible_check_mode and skip_real_clean is not defined - name: clean-up left-over packages ansible.builtin.shell: executable: /bin/bash cmd: | apt-get -qy autoremove --purge dpkg -l | grep ^rc | awk '{print $2}' | xargs -r dpkg --purge register: real_clean when: system == 'debian' and skip_real_clean is not defined - debug: var=real_clean.stdout when: system == 'debian' and not ansible_check_mode and skip_real_clean is not defined - debug: var=real_clean.stderr when: system == 'debian' and not ansible_check_mode and skip_real_clean is not defined # package mgmt setup on redhat systems # TBD # avoid redhat-lsb package, that's too many deps - name: install few packages on redhat systems ansible.builtin.yum: pkg: - bash-completion - ca-certificates - colordiff - curl - mlocate # no plocate on centos7 nor ubuntu20/focal update_cache: true #autoremove: true diff: true when: system == 'redhat'