---
- name: "enable sshd"
  systemd:
    name: sshd
    enabled: yes

- name: "enable chronyd"
  systemd:
    name: chronyd
    enabled: yes

- name: "set chrony.conf"
  template:
    src: "{{ role_path }}/templates/chrony.conf.j2"
    dest: /usr/lib/tmpfiles.d/chrony.conf
  tags: template

- name: "disable ntpd"
  systemd:
    name: ntpd
    enabled: no

#Service Optimization
- name: "enable snmpd"
  systemd:
    name: snmpd
    enabled: yes

- name: "enable snmptrapd"
  systemd:
    name: snmptrapd
    enabled: yes

- name: "disenable abrt-ccpp"
  systemd:
    name: abrt-ccpp
    enabled: no

- name: "disenable abrt-oops"
  systemd:
    name: abrt-oops
    enabled: no

- name: "disenable abrtd"
  systemd:
    name: abrtd
    enabled: no

- name: "disenable dmraid-activation"
  systemd:
    name: dmraid-activation
    enabled: no

- name: "disenable postfix"
  systemd:
    name: postfix
    enabled: no

- name: "set sshd UseDns no"
  shell: sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config

- name: "update initramfs"
  shell: dracut --force -v /boot/initramfs-5.4.159-1.el7.elrepo.x86_64.img 5.4.159-1.el7.elrepo.x86_64
  when: runtime_env != 'TSG-X-P1403' and runtime_env != 'TSG-X-P0804' and runtime_env != 'TSG-X-P0906'

- name: "Export MLX5_GLUE_PATH"
  lineinfile:
     dest: /etc/profile
     line: 'export MLX5_GLUE_PATH=/opt/tsg/mrzcpd/lib'

- name: "Generate ansiblg.cfg after ansible upgrade in rockylinux8"
  shell: ansible-config init --disabled > /etc/ansible/ansible.cfg
  when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'

- name: 'change ansible hash_behaviour value replace to merge'
  lineinfile:
    path: /etc/ansible/ansible.cfg
    backrefs: yes
    regexp: "^(.*hash_behaviour.*=.*replace.*)$"
    line: '\1\nhash_behaviour = merge'

- name: 'install psutil'
  shell: pip3 install -i https://pypi.tuna.tsinghua.edu.cn/simple psutil
  when: runtime_env == 'TSG-X-P0804' or runtime_env == 'TSG-X-P0906'

- name: "add sudo secure_path"
  lineinfile:
    path: /etc/sudoers
    backrefs: yes
    regexp: "^(.*Defaults    secure_path =.*)$"
    line: '\1:/opt/tsg/tsg-os-provision'

- name: "Comment /run/nologin create on system booting up"
  replace:
    path: /usr/lib/tmpfiles.d/systemd-nologin.conf
    regexp: '^(F! /run/nologin 0644*)'
    replace: '#\1'