diff --git a/src/aws.yml b/src/aws.yml index cdd214cc..49f433a4 100644 --- a/src/aws.yml +++ b/src/aws.yml @@ -3,11 +3,21 @@ name: AWS-specific roles become: yes become_method: sudo - roles: - - amazon_efs_utils - - amazon_ssm_agent - - chrony_aws - - cloudwatch_agent + tasks: + - name: Install Amazon EFS utilities + ansible.builtin.include_role: + name: amazon_efs_utils + - name: Install Amazon SSM Agent + ansible.builtin.include_role: + name: amazon_ssm_agent + - name: Install chrony and configure it for use within AWS + ansible.builtin.include_role: + name: chrony_aws + - name: Install and configure Amazon CloudWatch Agent + ansible.builtin.include_role: + name: cloudwatch_agent # The instance types used for almost all the instances expose EBS # volumes as NVMe block devices, so that's why we need nvme here. - - nvme + - name: Install prerequisites for working with NVMe block devices + ansible.builtin.include_role: + name: nvme diff --git a/src/base.yml b/src/base.yml index ca570179..e6d5386d 100644 --- a/src/base.yml +++ b/src/base.yml @@ -3,9 +3,19 @@ name: Setup base image become: yes become_method: sudo - roles: - - automated_security_updates - - banner - - clamav - - htop - - persist_journald + tasks: + - name: Install and configure automated security updates + ansible.builtin.include_role: + name: automated_security_updates + - name: Install and configure login banner + ansible.builtin.include_role: + name: banner + - name: Install and configure ClamAV + ansible.builtin.include_role: + name: clamav + - name: Install and configure htop + ansible.builtin.include_role: + name: htop + - name: Configure JournalD to preserve logs across reboots + ansible.builtin.include_role: + name: persist_journald diff --git a/src/example.yml b/src/example.yml index dc4ffbf7..38e9e141 100644 --- a/src/example.yml +++ b/src/example.yml @@ -3,5 +3,9 @@ name: Project-specific roles become: yes become_method: sudo - roles: - - example + tasks: + # The cisagov/ansible-role-example Ansible role is just a no-op, + # but we include it here as an example/placeholder. + - name: Apply the cisagov/ansible-role-example role + ansible.builtin.include_role: + name: example diff --git a/src/python.yml b/src/python.yml index f9eab0c2..a1980ae7 100644 --- a/src/python.yml +++ b/src/python.yml @@ -3,7 +3,17 @@ name: Install pip3/python3 and remove pip2/python2 become: yes become_method: sudo - roles: - - pip - - python - - remove_python2 + tasks: + # If pip were to be installed first, then the OS _could_ pull + # different Python packages than what would be installed via the + # cisagov/ansible-role-python role; hence, the ordering below is + # more controlled. + - name: Install Python 3 + ansible.builtin.include_role: + name: python + - name: Install pip3 + ansible.builtin.include_role: + name: pip + - name: Uninstall Python 2 + ansible.builtin.include_role: + name: remove_python2 diff --git a/src/requirements.yml b/src/requirements.yml index e16eb0ab..dc9ad7ab 100644 --- a/src/requirements.yml +++ b/src/requirements.yml @@ -1,31 +1,31 @@ --- -- src: https://github.com/cisagov/ansible-role-amazon-efs-utils - name: amazon_efs_utils -- src: https://github.com/cisagov/ansible-role-amazon-ssm-agent - name: amazon_ssm_agent -- src: https://github.com/cisagov/ansible-role-automated-security-updates - name: automated_security_updates -- src: https://github.com/cisagov/ansible-role-banner - name: banner -- src: https://github.com/cisagov/ansible-role-chrony-aws - name: chrony_aws -- src: https://github.com/cisagov/ansible-role-clamav - name: clamav -- src: https://github.com/cisagov/ansible-role-cloudwatch-agent - name: cloudwatch_agent -- src: https://github.com/cisagov/skeleton-ansible-role - name: example -- src: https://github.com/cisagov/ansible-role-htop - name: htop -- src: https://github.com/cisagov/ansible-role-nvme - name: nvme -- src: https://github.com/cisagov/ansible-role-persist-journald - name: persist_journald -- src: https://github.com/cisagov/ansible-role-pip - name: pip -- src: https://github.com/cisagov/ansible-role-python - name: python -- src: https://github.com/cisagov/ansible-role-remove-python2 - name: remove_python2 -- src: https://github.com/cisagov/ansible-role-upgrade - name: upgrade +- name: amazon_efs_utils + src: https://github.com/cisagov/ansible-role-amazon-efs-utils +- name: amazon_ssm_agent + src: https://github.com/cisagov/ansible-role-amazon-ssm-agent +- name: automated_security_updates + src: https://github.com/cisagov/ansible-role-automated-security-updates +- name: banner + src: https://github.com/cisagov/ansible-role-banner +- name: chrony_aws + src: https://github.com/cisagov/ansible-role-chrony-aws +- name: clamav + src: https://github.com/cisagov/ansible-role-clamav +- name: cloudwatch_agent + src: https://github.com/cisagov/ansible-role-cloudwatch-agent +- name: example + src: https://github.com/cisagov/skeleton-ansible-role +- name: htop + src: https://github.com/cisagov/ansible-role-htop +- name: nvme + src: https://github.com/cisagov/ansible-role-nvme +- name: persist_journald + src: https://github.com/cisagov/ansible-role-persist-journald +- name: pip + src: https://github.com/cisagov/ansible-role-pip +- name: python + src: https://github.com/cisagov/ansible-role-python +- name: remove_python2 + src: https://github.com/cisagov/ansible-role-remove-python2 +- name: upgrade + src: https://github.com/cisagov/ansible-role-upgrade diff --git a/src/upgrade.yml b/src/upgrade.yml index e172d4d4..744c01e5 100644 --- a/src/upgrade.yml +++ b/src/upgrade.yml @@ -3,5 +3,7 @@ name: Upgrade base image become: yes become_method: sudo - roles: - - upgrade + tasks: + - name: Upgrade all packages + ansible.builtin.include_role: + name: upgrade