[root@RockyLinux8 tasks]# cat main.yml
- name: backup file
  copy:
    src: "{{ item }}"
    dest: "{{ item }}.org"
    remote_src: yes
    force: no
  with_items:
    - /etc/resolv.conf
    - /etc/selinux/config
    - /etc/dnf/dnf.conf
    - /etc/default/grub
    - /etc/systemd/system.conf

- name: Set timezone to Asia/Tokyo
  timezone:
    name: Asia/Tokyo

- name: template resolv.conf
  template:
    src: resolv.conf
    dest: /etc/resolv.conf
    force: yes

- name: Disable SELinux
  selinux:
    state: disabled

- name: change /etc/systemd/system.conf
  lineinfile:
    path: /etc/systemd/system.conf
    regexp: 'DefaultTimeoutStopSec='
    line: DefaultTimeoutStopSec=15s

- name: Install package ( RedHat )
  when: "ansible_os_family == 'RedHat'"
  dnf:
    name: "{{ item }}"
    state: present
  with_items:
    - epel-release

- name: Install package ( MIRACLE )
  when: "ansible_os_family == 'MIRACLE'"
  dnf:
    name: "{{ item }}"
    state: present
    disable_gpg_check: yes
  with_items:
    - https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

- name: Install package ( 共通 )
  dnf:
    name: "{{ item }}"
    state: present
  with_items:
    - open-vm-tools
    - chrony
    - rsyslog 
    - htop
    - iotop
    - lsof
    - sysstat
    - tcpdump
    - cloud-utils-growpart
    - netcat

- name: backup file( chronyd )
  copy:
    src: "{{ item }}"
    dest: "{{ item }}.org"
    remote_src: yes
    force: no
  with_items:
    - /etc/sysconfig/chronyd
    - /etc/chrony.conf

- name: change /etc/chrony.conf
  lineinfile:
    path: /etc/chrony.conf 
    regexp: '^pool '
    line: pool ntp.nict.jp iburst

- name: change /etc/sysconfig/chronyd
  lineinfile:
    path: /etc/sysconfig/chronyd
    regexp: '^OPTIONS='
    line: OPTIONS="-4"

- name: Enable, Started  Service
  systemd:
    name: "{{ item }}"
    state: started
    enabled: yes
  with_items:
    - chronyd.service
    - rsyslog.service
    - firewalld.service
    - vmtoolsd.service

- name: change interface
  command: "{{ item }}"
  changed_when: False
  with_items:
    - nmcli connection modify "{{ conn_name }}" ipv4.dns ""
    - nmcli connection modify "{{ conn_name }}" ipv6.method disabled

- name: change firewalld ( new-zone )
  firewalld:
    zone: "{{ item }}"
    state: present
    permanent: yes
  with_items:
    - all
    - lab-2
    - maint

- name: change firewalld ( zone=lab-2 add-service )
  firewalld:
    zone: lab-2
    service: "{{ item }}"
    state: enabled
    permanent: yes
  with_items:
    - ssh

- name: change firewalld ( zone=lab-2 add-source )
  firewalld:
    zone: lab-2
    source: 172.16.2.0/24
    state: enabled
    permanent: yes

- name: change firewalld ( zone=maint add-service )
  firewalld:
    zone: maint
    service: "{{ item }}"
    state: enabled
    permanent: yes
  with_items:
    - ssh

- name: change firewalld ( zone=maint add-source )
  firewalld:
    zone: maint
    source: 192.168.10.0/24
    state: enabled
    permanent: yes

- name: change firewalld ( zone=all interface )
  command: "{{ item }}"
  changed_when: False
  with_items:
    - firewall-cmd --zone=all --change-interface="{{ conn_name }}" --permanent

- name: change firewalld ( zone=drop default zone ) 
  command: "{{ item }}"
  changed_when: False
  with_items:
    - firewall-cmd --set-default-zone=drop

- name: upgrade all packages
  dnf:
    name: "*"
    state: latest
 
- name: change /etc/dnf/dnf.conf
  lineinfile:
    path: /etc/dnf/dnf.conf
    line: excludepkgs=kernel*

- name: change /etc/default/grub
  replace:
    path: /etc/default/grub
    regexp: '^GRUB_CMDLINE_LINUX=(.*swap)"$'
    replace: 'GRUB_CMDLINE_LINUX=\1 ipv6.disable=1"'

- name: grub2-efi.cfg check
  stat:
    path: /etc/grub2-efi.cfg
  register: grub2_efi_cfg_check

- name: grub2.cfg check
  stat:
    path: /etc/grub2.cfg
  register: grub2_cfg_check

- name: grub2-mkconfig(UEFI)
  when: grub2_efi_cfg_check.stat.exists == true and  grub2_cfg_check.stat.exists == false
  command: "{{ item }}"
  changed_when: False
  with_items:
    - grub2-mkconfig -o /etc/grub2-efi.cfg

- name: grub2-mkconfig(BIOS)
  when: grub2_efi_cfg_check.stat.exists == false and  grub2_cfg_check.stat.exists == true 
  command: "{{ item }}"
  changed_when: False
  with_items:
    - grub2-mkconfig -o /etc/grub2.cfg

- name: grub2-mkconfig(ERROR1)
  when: grub2_efi_cfg_check.stat.exists == true and  grub2_cfg_check.stat.exists == true 
  command: "{{ item }}"
  with_items:
    - /bin/false

- name: grub2-mkconfig(ERROR2)
  when: grub2_efi_cfg_check.stat.exists == false and  grub2_cfg_check.stat.exists == false
  command: "{{ item }}"
  with_items:
    - /bin/false

#### ERROR
# piix4_smbus 0000:00:07.3: SMBus base address uninitialized - upgrade BIOS or use force_addr=0xaddr
# piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
# 
#- name: template blacklist-i2c_piix4.conf
#  template:
#    src: blacklist-i2c_piix4.conf
#    dest: /etc/modprobe.d/blacklist-i2c_piix4.conf
#    force: yes

- name: restart machine
  command: shutdown -r now
  changed_when: False
  async: 1
  poll: 0

- name: wait for reboot
  wait_for_connection:
    delay: 30
    timeout: 300

- name: connect check
  ping:

[root@RockyLinux8 tasks]#