2024-03-19 23:02:50 +01:00
|
|
|
---
|
|
|
|
- name: Partition install drive
|
|
|
|
block:
|
|
|
|
- name: Prepare partitions
|
2024-10-28 18:56:00 +01:00
|
|
|
failed_when: false
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: "{{ item.cmd }}"
|
2024-10-28 19:20:05 +01:00
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|
2024-03-19 23:02:50 +01:00
|
|
|
loop:
|
2024-07-11 22:20:45 +02:00
|
|
|
- { cmd: umount -l /mnt }
|
|
|
|
- { cmd: vgremove -f sys }
|
|
|
|
- { cmd: 'find /dev -wholename "{{ install_drive }}*" -exec wipefs --force --all {} \;' }
|
2024-03-19 23:02:50 +01:00
|
|
|
loop_control:
|
|
|
|
label: "{{ item.cmd }}"
|
|
|
|
|
|
|
|
- name: Define partitions
|
2024-07-11 22:20:45 +02:00
|
|
|
community.general.parted:
|
2024-03-19 23:02:50 +01:00
|
|
|
device: "{{ install_drive }}"
|
|
|
|
label: gpt
|
|
|
|
number: "{{ item.number }}"
|
|
|
|
part_end: "{{ item.part_end | default(omit) }}"
|
|
|
|
part_start: "{{ item.part_start | default(omit) }}"
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
flags: "{{ item.flags | default(omit) }}"
|
|
|
|
state: present
|
|
|
|
loop:
|
2024-07-11 22:20:45 +02:00
|
|
|
- { number: 1, part_end: 500MiB, name: boot, flags: [boot, esp] }
|
|
|
|
- { number: 2, part_start: 500MiB, name: root }
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Create LVM logical volumes
|
|
|
|
when: filesystem != 'btrfs'
|
|
|
|
block:
|
|
|
|
- name: Create LVM volume group
|
2024-07-11 22:20:45 +02:00
|
|
|
community.general.lvg:
|
2024-03-19 23:02:50 +01:00
|
|
|
vg: sys
|
2024-07-11 22:20:45 +02:00
|
|
|
pvs: "{{ install_drive }}{{ main_partition_suffix }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Create LVM logical volumes
|
2024-10-31 05:46:33 +01:00
|
|
|
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
|
2024-07-11 22:20:45 +02:00
|
|
|
community.general.lvol:
|
2024-03-19 23:02:50 +01:00
|
|
|
vg: sys
|
|
|
|
lv: "{{ item.lv }}"
|
|
|
|
size: "{{ item.size }}"
|
|
|
|
state: present
|
|
|
|
loop:
|
2024-10-31 17:32:27 +01:00
|
|
|
- lv: root
|
|
|
|
size: >-
|
|
|
|
{{ ((cis | lower == 'true') | ternary(
|
|
|
|
(((vm_size | float - ((vm_memory | float / 1024 >= 16.0) | ternary(
|
|
|
|
(vm_memory | float / 2048) | int,
|
|
|
|
[vm_memory | float / 1024, 4.0] | max
|
|
|
|
)) - 0.5 - 7.5) > 12.0) | ternary(
|
|
|
|
(vm_size | float * 0.4) | round(0, 'ceil'),
|
|
|
|
vm_size | float - ((vm_memory | float / 1024 >= 16.0) | ternary(
|
|
|
|
(vm_memory | float / 2048) | int,
|
|
|
|
[vm_memory | float / 1024, 4.0] | max
|
|
|
|
)) - 0.5 - 7.5
|
|
|
|
)),
|
|
|
|
vm_size | float - ((vm_memory | float / 1024 >= 16.0) | ternary(
|
|
|
|
(vm_memory | float / 2048) | int,
|
|
|
|
[vm_memory | float / 1024, 4.0] | max
|
|
|
|
)) - 0.5
|
|
|
|
)) | string + 'G' }}
|
|
|
|
|
|
|
|
- lv: swap
|
|
|
|
size: >-
|
|
|
|
{{ ((vm_memory | float / 1024 >= 16.0) | ternary(
|
|
|
|
(vm_memory | float / 2048) | int,
|
|
|
|
[vm_memory | float / 1024, 4.0] | max
|
|
|
|
)) | string + 'G' }}
|
|
|
|
|
|
|
|
- lv: home
|
|
|
|
size: "2G"
|
|
|
|
|
|
|
|
- lv: var
|
|
|
|
size: "2G"
|
|
|
|
|
|
|
|
- lv: var_log
|
|
|
|
size: "2G"
|
|
|
|
|
|
|
|
- lv: var_log_audit
|
|
|
|
size: "1.5G"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Create filesystems
|
|
|
|
block:
|
|
|
|
- name: Create FAT32 filesystem in boot partition
|
2024-07-11 22:20:45 +02:00
|
|
|
community.general.filesystem:
|
|
|
|
dev: "{{ install_drive }}{{ boot_partition_suffix }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
fstype: vfat
|
2024-10-30 00:29:46 +01:00
|
|
|
opts: -F32 -n BOOT
|
2024-07-11 22:09:58 +02:00
|
|
|
force: true
|
2024-03-19 23:02:50 +01:00
|
|
|
|
2024-10-31 05:46:33 +01:00
|
|
|
- name: Create swap filesystem
|
|
|
|
when: filesystem != 'btrfs'
|
|
|
|
community.general.filesystem:
|
|
|
|
fstype: swap
|
|
|
|
dev: /dev/sys/swap
|
|
|
|
|
2024-03-19 23:02:50 +01:00
|
|
|
- name: Create filesystem
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.include_tasks: "{{ filesystem }}.yml"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Get UUID for boot filesystem
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: blkid -s UUID -o value '{{ install_drive }}{{ boot_partition_suffix }}'
|
2024-03-19 23:02:50 +01:00
|
|
|
changed_when: false
|
|
|
|
register: boot_uuid
|
|
|
|
|
|
|
|
- name: Get UUID for main filesystem
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: blkid -s UUID -o value '{{ install_drive }}{{ main_partition_suffix }}'
|
2024-03-19 23:02:50 +01:00
|
|
|
changed_when: false
|
|
|
|
register: main_uuid
|
|
|
|
|
|
|
|
- name: Get UUIDs for LVM filesystems
|
2024-10-31 05:46:33 +01:00
|
|
|
when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit'])
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
|
2024-03-19 23:02:50 +01:00
|
|
|
changed_when: false
|
|
|
|
register: uuid_result
|
|
|
|
loop:
|
|
|
|
- root
|
2024-10-31 05:46:33 +01:00
|
|
|
- swap
|
2024-03-19 23:02:50 +01:00
|
|
|
- home
|
|
|
|
- var
|
|
|
|
- var_log
|
|
|
|
- var_log_audit
|
|
|
|
|
2024-07-11 22:22:43 +02:00
|
|
|
- name: Assign UUIDs to Variables
|
2024-10-31 05:46:33 +01:00
|
|
|
when: filesystem != 'btrfs'
|
2024-07-11 22:22:43 +02:00
|
|
|
ansible.builtin.set_fact:
|
2024-03-19 23:02:50 +01:00
|
|
|
uuid_root: "{{ uuid_result.results[0].stdout_lines }}"
|
2024-10-31 05:46:33 +01:00
|
|
|
uuid_swap: "{{ uuid_result.results[1].stdout_lines }}"
|
|
|
|
uuid_home: "{{ uuid_result.results[2].stdout_lines if cis | bool else '' }}"
|
|
|
|
uuid_var: "{{ uuid_result.results[3].stdout_lines if cis | bool else '' }}"
|
|
|
|
uuid_var_log: "{{ uuid_result.results[4].stdout_lines if cis | bool else '' }}"
|
|
|
|
uuid_var_log_audit: "{{ uuid_result.results[5].stdout_lines if cis | bool else '' }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Mount filesystems
|
|
|
|
block:
|
|
|
|
- name: Mount filesystems and subvolumes
|
2024-10-31 14:23:55 +01:00
|
|
|
when:
|
2024-10-31 05:46:33 +01:00
|
|
|
- cis | bool or (not cis and (item.path == '/var/log' and filesystem == 'btrfs')
|
|
|
|
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit']))
|
2024-10-31 14:23:55 +01:00
|
|
|
- not (item.path == '/swap' and filesystem != 'btrfs')
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.posix.mount:
|
|
|
|
path: /mnt{{ item.path }}
|
2024-03-19 23:02:50 +01:00
|
|
|
src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}"
|
2024-07-11 22:03:15 +02:00
|
|
|
fstype: "{{ filesystem }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
opts: "{{ item.opts }}"
|
|
|
|
state: mounted
|
|
|
|
loop:
|
2024-07-11 22:20:45 +02:00
|
|
|
- path: ""
|
|
|
|
uuid: "{{ uuid_root[0] | default(omit) }}"
|
|
|
|
opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}"
|
2024-10-31 05:46:33 +01:00
|
|
|
- path: /swap
|
|
|
|
opts: "rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@swap"
|
2024-07-11 22:20:45 +02:00
|
|
|
- path: /home
|
|
|
|
uuid: "{{ uuid_home[0] | default(omit) }}"
|
2024-10-28 18:26:54 +01:00
|
|
|
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
|
|
|
|
else 'rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@home' }}"
|
2024-07-11 22:20:45 +02:00
|
|
|
- path: /var
|
|
|
|
uuid: "{{ uuid_var[0] | default(omit) }}"
|
2024-10-28 18:26:54 +01:00
|
|
|
opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
|
|
|
|
else 'rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var' }}"
|
2024-07-11 22:20:45 +02:00
|
|
|
- path: /var/log
|
|
|
|
uuid: "{{ uuid_var_log[0] | default(omit) }}"
|
2024-10-28 18:26:54 +01:00
|
|
|
opts: "{{ 'defaults,nosuid,nodev,noexec' if filesystem != 'btrfs'
|
|
|
|
else 'rw,nosuid,nodev,noexec,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var_log' }}"
|
2024-07-11 22:20:45 +02:00
|
|
|
- path: /var/log/audit
|
|
|
|
uuid: "{{ uuid_var_log_audit[0] | default(omit) }}"
|
2024-10-28 18:26:54 +01:00
|
|
|
opts: "{{ 'defaults,nosuid,nodev,noexec' if filesystem != 'btrfs'
|
|
|
|
else 'rw,nosuid,nodev,noexec,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var_log_audit' }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Mount tmp and var_tmp filesystems
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.posix.mount:
|
|
|
|
path: /mnt{{ item.path }}
|
2024-03-19 23:02:50 +01:00
|
|
|
src: tmpfs
|
|
|
|
fstype: tmpfs
|
|
|
|
opts: defaults,nosuid,nodev,noexec
|
|
|
|
state: mounted
|
|
|
|
loop:
|
2024-07-11 22:20:45 +02:00
|
|
|
- { path: /tmp }
|
|
|
|
- { path: /var/tmp }
|
2024-03-19 23:02:50 +01:00
|
|
|
|
|
|
|
- name: Mount boot filesystem
|
2024-07-11 22:20:45 +02:00
|
|
|
ansible.posix.mount:
|
2024-10-30 00:29:46 +01:00
|
|
|
path: "{{ '/mnt/boot/efi' if os | lower in ['rhel8', 'ubuntu', 'ubuntu-lts'] else '/mnt/boot' }}"
|
2024-03-19 23:02:50 +01:00
|
|
|
src: UUID={{ boot_uuid.stdout }}
|
|
|
|
fstype: vfat
|
2024-07-11 22:03:15 +02:00
|
|
|
state: mounted
|
2024-10-31 05:46:33 +01:00
|
|
|
|
|
|
|
- name: Activate swap
|
|
|
|
ansible.builtin.command: "{{ 'swapon /mnt/swap/swapfile' if filesystem == 'btrfs' else 'swapon -U ' + uuid_swap[0] }}"
|
|
|
|
changed_when: result.rc == 0
|
|
|
|
register: result
|