Ansible-Bootstrap/roles/configuration/tasks/main.yml

214 lines
7.3 KiB
YAML
Raw Permalink Normal View History

2024-07-11 22:20:45 +02:00
---
2024-03-19 23:02:50 +01:00
- name: Configuration
block:
- name: Generate fstab
2024-07-11 22:20:45 +02:00
ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab
changed_when: result.rc == 0
register: result
2024-10-30 00:29:46 +01:00
- name: Replace ISO UUID entry with /dev/sr0 in fstab
when: os in ["rhel8", "rhel9"]
ansible.builtin.lineinfile:
path: /mnt/etc/fstab
regexp: '^.*\/dvd.*$'
2024-10-30 20:25:41 +01:00
line: "{{ '/usr/local/install/redhat/rhel.iso /usr/local/install/redhat/dvd iso9660 loop,nofail 0 0' if hypervisor == 'vmware'
else '/dev/sr0 /usr/local/install/redhat/dvd iso9660 ro,relatime,nojoliet,check=s,map=n,nofail 0 0' }}"
2024-10-30 00:29:46 +01:00
state: present
backrefs: true
2024-10-30 20:25:41 +01:00
- name: Write image from RHEL ISO to the target machine
2024-10-30 22:19:00 +01:00
ansible.builtin.command: dd if=/dev/sr1 of=/mnt/usr/local/install/redhat/rhel.iso bs=4M
2024-10-30 20:25:41 +01:00
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
- name: Append TempFS to fstab
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile:
2024-03-19 23:02:50 +01:00
path: /mnt/etc/fstab
line: "{{ item }}"
insertafter: EOF
with_items:
- ""
- "# TempFS"
2024-07-11 22:20:45 +02:00
- tmpfs /tmp tmpfs defaults,nosuid,nodev,noexec 0 0
- tmpfs /var/tmp tmpfs defaults,nosuid,nodev,noexec 0 0
- tmpfs /dev/shm tmpfs defaults,noexec 0 0
2024-03-19 23:02:50 +01:00
- name: Set local timezone
2024-07-11 22:20:45 +02:00
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
with_items:
- systemctl daemon-reload
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
- name: Setup locales
block:
- name: Set hostname
2024-07-11 22:20:45 +02:00
ansible.builtin.copy:
2024-03-19 23:02:50 +01:00
content: "{{ hostname }}"
dest: /mnt/etc/hostname
mode: '0644'
2024-03-19 23:02:50 +01:00
- name: Add host entry to /etc/hosts
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile:
2024-03-19 23:02:50 +01:00
path: /mnt/etc/hosts
line: "{{ ansible_host }} {{ hostname }}"
state: present
- name: Create vconsole.conf
2024-07-11 22:20:45 +02:00
ansible.builtin.copy:
content: KEYMAP=us
2024-03-19 23:02:50 +01:00
dest: /mnt/etc/vconsole.conf
mode: '0644'
2024-03-19 23:02:50 +01:00
- name: Create locale.conf
2024-07-11 22:20:45 +02:00
ansible.builtin.copy:
content: LANG=en_US.UTF-8
2024-03-19 23:02:50 +01:00
dest: /mnt/etc/locale.conf
mode: '0644'
2024-03-19 23:02:50 +01:00
- name: SSH permit Password
2024-07-11 22:20:45 +02:00
ansible.builtin.replace:
2024-03-19 23:02:50 +01:00
path: /mnt/etc/ssh/sshd_config
2024-07-11 22:20:45 +02:00
regexp: "#PasswordAuthentication yes"
replace: PasswordAuthentication yes
2024-03-19 23:02:50 +01:00
2024-10-30 18:54:15 +01:00
- name: SSH permit root login
ansible.builtin.replace:
path: /mnt/etc/ssh/sshd_config
regexp: "^#?PermitRootLogin.*"
replace: "PermitRootLogin yes"
2024-03-19 23:02:50 +01:00
- name: Enable Systemd Services
2024-11-07 14:57:39 +01:00
ansible.builtin.command: arch-chroot /mnt systemctl enable NetworkManager sshd
2024-10-30 00:29:46 +01:00
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
- name: Configure Bootloader
block:
- name: Install Bootloader
2024-11-07 14:57:39 +01:00
ansible.builtin.command: arch-chroot /mnt /usr/sbin/efibootmgr -c -L '{{ os }}'
-d "{{ install_drive }}" -p 1
-l '\efi\EFI\redhat\shimx64.efi'
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
- name: Generate grub config
2024-11-07 14:57:39 +01:00
ansible.builtin.command: arch-chroot /mnt /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
changed_when: result.rc == 0
register: result
2024-04-16 01:14:05 +02:00
- name: Regenerate initramfs
2024-04-17 10:53:09 +02:00
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
2024-11-07 14:57:39 +01:00
ansible.builtin.command: arch-chroot /mnt /usr/bin/dracut --regenerate-all --force
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
- name: Extra Configuration
block:
2024-10-31 02:05:11 +01:00
- name: Append vim configurations to vimrc
2024-10-28 18:56:00 +01:00
failed_when: false
2024-10-31 02:05:11 +01:00
ansible.builtin.blockinfile:
2024-11-07 14:57:39 +01:00
path: "/mnt/etc/vimrc"
2024-10-31 02:05:11 +01:00
block: |
set encoding=utf-8
set number
set autoindent
set smartindent
set mouse=a
2024-03-19 23:02:50 +01:00
insertafter: EOF
2024-10-31 02:05:11 +01:00
marker: ""
- name: Add memory tuning parameters
ansible.builtin.blockinfile:
path: /mnt/etc/sysctl.d/90-memory.conf
create: true
block: |
vm.swappiness=10
vm.vfs_cache_pressure=50
vm.dirty_background_ratio=1
vm.dirty_ratio=10
vm.page-cluster=10
marker: ""
mode: '0644'
2024-03-19 23:02:50 +01:00
2024-10-31 02:18:55 +01:00
- name: Create zram config
2024-11-07 14:57:39 +01:00
when: os not in ['rhel8']
2024-10-31 02:18:55 +01:00
ansible.builtin.copy:
dest: /mnt/etc/systemd/zram-generator.conf
content: |
[zram0]
zram-size = ram / 2
compression-algorithm = zstd
swap-priority = 100
fs-type = swap
mode: '0644'
2024-03-19 23:02:50 +01:00
- name: Copy FirstRun Script
2024-07-11 22:20:45 +02:00
ansible.builtin.template:
2024-03-19 23:02:50 +01:00
src: firstrun.sh.j2
dest: /mnt/root/firstrun.sh
2024-07-11 22:20:45 +02:00
mode: "0755"
2024-03-19 23:02:50 +01:00
- name: Copy Custom Shell config
2024-07-11 22:20:45 +02:00
ansible.builtin.template:
2024-03-19 23:02:50 +01:00
src: custom.sh.j2
dest: /mnt/etc/profile.d/custom.sh
mode: '0644'
2024-03-19 23:02:50 +01:00
- name: Setup Network
block:
2024-07-11 22:20:45 +02:00
- name: Generate UUID for Network Profile
ansible.builtin.command: uuidgen
changed_when: net_uuid.rc == 0
2024-07-11 22:20:45 +02:00
register: net_uuid
- name: Retrieve Network Interface Name
2024-10-28 18:47:31 +01:00
ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}'
changed_when: net_inf.rc == 0
2024-07-11 22:20:45 +02:00
register: net_inf
- name: Register MAC Address of the Network Interface
2024-10-31 00:43:49 +01:00
ansible.builtin.shell: set -o pipefail && ip link show "{{ net_inf.stdout }}" | awk '/link\/ether/ {print $2}' | tr '[:lower:]' '[:upper:]'
register: net_mac
changed_when: net_mac.rc == 0
2024-07-11 22:20:45 +02:00
- name: Copy NetworkManager keyfile
ansible.builtin.template:
src: network.j2
dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
mode: "0600"
2024-03-19 23:02:50 +01:00
- name: Setup user account
block:
- name: Create user account
2024-07-11 22:20:45 +02:00
ansible.builtin.command: "{{ item }}"
2024-03-19 23:02:50 +01:00
with_items:
2024-11-07 14:57:39 +01:00
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups wheel
2024-10-28 18:26:54 +01:00
{{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
2024-07-11 22:20:45 +02:00
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
changed_when: result.rc == 0
register: result
2024-03-19 23:02:50 +01:00
- name: Add SSH public key to authorized_keys
when: user_public_key is defined
2024-07-11 22:20:45 +02:00
ansible.builtin.lineinfile:
path: /mnt/home/{{ user_name }}/.ssh/authorized_keys
2024-03-19 23:02:50 +01:00
line: "{{ user_public_key }}"
owner: 1000
group: 1000
mode: "0600"
2024-07-11 22:09:58 +02:00
create: true
2024-03-19 23:02:50 +01:00
- name: Give sudo access to wheel group
2024-07-11 22:20:45 +02:00
ansible.builtin.copy:
2024-11-07 14:57:39 +01:00
content: "%wheel ALL=(ALL) ALL"
2024-03-19 23:02:50 +01:00
dest: /mnt/etc/sudoers.d/01-wheel
2024-07-11 22:20:45 +02:00
mode: "0440"
2024-03-19 23:02:50 +01:00
validate: /usr/sbin/visudo --check --file=%s
- name: Fix SELinux
2024-11-07 14:57:39 +01:00
ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot"
changed_when: result.rc == 0
register: result