sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add ubuntu support

Browse Source
This commit is contained in:
Sandwich 2024-04-17 10:53:09 +02:00
parent ec6ca49265
commit 2444c5d7af
8 changed files with 140 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -52,7 +52,7 @@ Inventory variables are defined for individual hosts or VMs in the inventory fil
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false` | | `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false` |
| `filesystem` | Filesystem type for the VM's primary storage. | `btrfs`, `ext4`, `xfs` | | `filesystem` | Filesystem type for the VM's primary storage. | `btrfs`, `ext4`, `xfs` |
| `hostname` | The hostname assigned to the virtual machine or system. | `vm01` | | `hostname` | The hostname assigned to the virtual machine or system. | `vm01` |
| `os` | Operating system to be installed on the VM. | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora`, `rocky` | | `os` | Operating system to be installed on the VM. | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora`, `rocky`, `ubuntu`, `ubuntu-lts` |
| `root_password` | Root password for the VM or system, used for initial setup or secure access. | `SecurePass123` | | `root_password` | Root password for the VM or system, used for initial setup or secure access. | `SecurePass123` |
| `user_name` | Username for a user account within the VM, often used with cloud-init. | `adminuser` | | `user_name` | Username for a user account within the VM, often used with cloud-init. | `adminuser` |
| `user_password` | Password for the user account within the VM. | `UserPass123` | | `user_password` | Password for the user account within the VM. | `UserPass123` |

2
main.yml
View File

@ -47,7 +47,7 @@
that: that:
- hypervisor in ["libvirt", "proxmox", "vmware", "none"] - hypervisor in ["libvirt", "proxmox", "vmware", "none"]
- filesystem in ["btrfs", "ext4", "xfs"] - filesystem in ["btrfs", "ext4", "xfs"]
- os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rocky"] - os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rocky", "ubuntu", "ubuntu-lts"]
fail_msg: "Invalid input specified, please try again" fail_msg: "Invalid input specified, please try again"
- name: Set connection - name: Set connection

9
roles/bootstrap/tasks/main.yml
View File

@ -18,6 +18,15 @@
- arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }} - arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }}
- arch-chroot /mnt apt remove -y libcups2 libavahi-common3 libavahi-common-data - arch-chroot /mnt apt remove -y libcups2 libavahi-common3 libavahi-common-data
- name: Bootstrap Ubuntu System
when: os | lower in ['ubuntu', 'ubuntu-lts']
shell: "{{ item }}"
with_items:
- debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'mantic' if os == 'ubuntu' else 'jammy' }} /mnt http://archive.ubuntu.com/ubuntu/
- arch-chroot /mnt sed -i '1s|$| universe|' /etc/apt/sources.list
- arch-chroot /mnt apt update -y
- arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }}
- name: Bootstrap AlmaLinux 9 - name: Bootstrap AlmaLinux 9
when: os | lower == 'almalinux' when: os | lower == 'almalinux'
shell: "{{ item }}" shell: "{{ item }}"

145
roles/bootstrap/vars/packages.yml
View File

@ -1,11 +1,10 @@
---
almalinux: almalinux:
- bind-utils - bind-utils
- cloud-init - cloud-init
- dhcp-client - dhcp-client
- efibootmgr - efibootmgr
- glibc-langpack-en
- glibc-langpack-de - glibc-langpack-de
- glibc-langpack-en
- grub2 - grub2
- grub2-efi - grub2-efi
- lrzsz - lrzsz
@ -56,13 +55,12 @@ debian11:
base: base:
- apparmor-utils - apparmor-utils
- btrfs-progs - btrfs-progs
- xfsprogs
- chrony - chrony
- cron - cron
- gnupg
- grub-efi - grub-efi
- grub-efi-amd64-signed - grub-efi-amd64-signed
- grub2-common - grub2-common
- gnupg
- linux-image-amd64 - linux-image-amd64
- locales - locales
- logrotate - logrotate
@ -71,67 +69,72 @@ debian11:
- openssh-server - openssh-server
- python3 - python3
- sudo - sudo
- xfsprogs
extra: extra:
- cloud-init - cloud-init
- curl - curl
- firewalld - firewalld
- fish
- htop - htop
- network-manager - libpam-pwquality
- screen - lrzsz
- open-vm-tools
- python-is-python3
- ncdu - ncdu
- neofetch - neofetch
- lrzsz - network-manager
- libpam-pwquality - open-vm-tools
- python-is-python3
- rsync - rsync
- screen
- software-properties-common - software-properties-common
- syslog-ng - syslog-ng
- tcpd - tcpd
- fish
- vim - vim
- wget - wget
- zstd
debian12: debian12:
base: base:
- btrfs-progs - btrfs-progs
- xfsprogs
- cron - cron
- gnupg
- grub-efi - grub-efi
- grub-efi-amd64-signed - grub-efi-amd64-signed
- grub2-common - grub2-common
- gnupg
- linux-image-amd64 - linux-image-amd64
- locales - locales
- logrotate
- lvm2 - lvm2
- xfsprogs
extra: extra:
- cloud-init
- apparmor-utils - apparmor-utils
- chrony - chrony
- cloud-init
- curl - curl
- firewalld - firewalld
- fish - fish
- htop - htop
- network-manager - libpam-pwquality
- screen
- open-vm-tools
- python-is-python3
- ncdu
- neofetch
- logrotate - logrotate
- lrzsz - lrzsz
- libpam-pwquality - ncdu
- neofetch
- net-tools
- network-manager
- open-vm-tools
- openssh-server
- python-is-python3
- python3
- rsync - rsync
- screen
- software-properties-common - software-properties-common
- sudo - sudo
- syslog-ng - syslog-ng
- tcpd - tcpd
- net-tools
- openssh-server
- python3
- vim - vim
- wget - wget
- zstd
fedora: fedora:
- bind-utils - bind-utils
@ -139,8 +142,8 @@ fedora:
- cloud-init - cloud-init
- dhcp-client - dhcp-client
- efibootmgr - efibootmgr
- glibc-langpack-en
- glibc-langpack-de - glibc-langpack-de
- glibc-langpack-en
- grub2 - grub2
- grub2-efi - grub2-efi
- lrzsz - lrzsz
@ -188,8 +191,8 @@ rocky:
- cloud-init - cloud-init
- dhcp-client - dhcp-client
- efibootmgr - efibootmgr
- glibc-langpack-en
- glibc-langpack-de - glibc-langpack-de
- glibc-langpack-en
- grub2 - grub2
- grub2-efi - grub2-efi
- lrzsz - lrzsz
@ -203,4 +206,92 @@ rocky:
- util-linux-core - util-linux-core
- vim - vim
- wget - wget
- zstd - zstd
ubuntu:
base:
- btrfs-progs
- cron
- gnupg
- grub-efi
- grub-efi-amd64-signed
- grub2-common
- initramfs-tools
- linux-image-generic
- locales
- lvm2
- xfsprogs
extra:
- apparmor-utils
- bash-completion
- chrony
- cloud-init
- curl
- dnsutils
- firewalld
- fish
- htop
- libpam-pwquality
- logrotate
- lrzsz
- ncdu
- net-tools
- network-manager
- open-vm-tools
- openssh-server
- python-is-python3
- python3
- rsync
- screen
- software-properties-common
- sudo
- syslog-ng
- tcpd
- vim
- wget
- zstd
ubuntu-lts:
base:
- btrfs-progs
- cron
- gnupg
- grub-efi
- grub-efi-amd64-signed
- grub2-common
- initramfs-tools
- linux-image-generic
- locales
- lvm2
- xfsprogs
extra:
- apparmor-utils
- bash-completion
- chrony
- cloud-init
- curl
- dnsutils
- firewalld
- fish
- htop
- libpam-pwquality
- logrotate
- lrzsz
- ncdu
- net-tools
- network-manager
- open-vm-tools
- openssh-server
- python-is-python3
- python3
- rsync
- screen
- software-properties-common
- sudo
- syslog-ng
- tcpd
- vim
- wget
- zstd

16
roles/configuration/tasks/main.yml
View File

@ -21,9 +21,6 @@
- systemctl daemon-reload - systemctl daemon-reload
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
- name: Generate adjtime file
command: arch-chroot /mnt /usr/sbin/hwclock --systohc
- name: Setup locales - name: Setup locales
block: block:
- name: Configure locale.gen - name: Configure locale.gen
@ -90,13 +87,14 @@
- name: Configure Bootloader - name: Configure Bootloader
block: block:
- name: Install Bootloader - name: Install Bootloader
command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12"] %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -wwp 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id={{ os }}{% endif %} command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -wwp 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }} --bootloader-id={{ os }}{% endif %}
- name: Generate grub config - name: Generate grub config
command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12"] %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg{% endif %} command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/" + os + "/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}{% endif %}
- name: Regenerate initramfs - name: Regenerate initramfs
command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12"] %}/usr/bin/dracut --regenerate-all --force{% else %}/usr/sbin/mkinitcpio -P{% endif %} when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
command: arch-chroot /mnt {% if os | lower == "archlinux" %}/usr/sbin/mkinitcpio -P{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %}/usr/bin/dracut --regenerate-all --force{% else %}echo "Skipping initramfs regeneration"{% endif %}
- name: Extra Configuration - name: Extra Configuration
when: os | lower != "archlinux" when: os | lower != "archlinux"
@ -104,7 +102,7 @@
- name: Append lines to vimrc - name: Append lines to vimrc
ignore_errors: true ignore_errors: true
lineinfile: lineinfile:
path: "{{ '/mnt/etc/vim/vimrc' if os|lower in ['debian11' ,'debian12'] else '/mnt/etc/vimrc' }}" path: "{{ '/mnt/etc/vim/vimrc' if os|lower in ['debian11' ,'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}"
line: "{{ item }}" line: "{{ item }}"
insertafter: EOF insertafter: EOF
with_items: with_items:
@ -146,7 +144,7 @@
- name: Create user account - name: Create user account
command: '{{ item }}' command: '{{ item }}'
with_items: with_items:
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower in ["debian11", "debian12"] else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
- name: Add SSH public key to authorized_keys - name: Add SSH public key to authorized_keys
@ -161,7 +159,7 @@
- name: Give sudo access to wheel group - name: Give sudo access to wheel group
copy: copy:
content: "{{ '%sudo ALL=(ALL) ALL' if os|lower in ['debian11', 'debian12'] else '%wheel ALL=(ALL) ALL' }}" content: "{{ '%sudo ALL=(ALL) ALL' if os|lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"
dest: /mnt/etc/sudoers.d/01-wheel dest: /mnt/etc/sudoers.d/01-wheel
mode: 0440 mode: 0440
validate: /usr/sbin/visudo --check --file=%s validate: /usr/sbin/visudo --check --file=%s

3
roles/environment/tasks/main.yml
View File

@ -54,8 +54,9 @@
loop: loop:
- { name: 'glibc' } - { name: 'glibc' }
- { name: 'dnf', os: ['almalinux', 'fedora', 'rhel9', 'rhel8', 'rocky'] } - { name: 'dnf', os: ['almalinux', 'fedora', 'rhel9', 'rhel8', 'rocky'] }
- { name: 'debootstrap', os: ['debian11', 'debian12'] } - { name: 'debootstrap', os: ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] }
- { name: 'debian-archive-keyring', os: ['debian11', 'debian12'] } - { name: 'debian-archive-keyring', os: ['debian11', 'debian12'] }
- { name: 'ubuntu-keyring', os: ['ubuntu', 'ubuntu-lts'] }
when: "'os' not in item or os in item.os" when: "'os' not in item or os in item.os"
retries: 4 retries: 4
delay: 15 delay: 15

2
roles/partitioning/tasks/ext4.yml
View File

@ -13,7 +13,7 @@
- { lv: var_log_audit } - { lv: var_log_audit }
- name: Remove Unsupported features for older Systems - name: Remove Unsupported features for older Systems
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis == true or item.lv not in ['var_log', 'var_log_audit']) when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky', 'ubuntu-lts']) and (cis == true or item.lv not in ['var_log', 'var_log_audit'])
command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}" command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
loop: loop:
- { lv: root } - { lv: root }

2
roles/partitioning/tasks/main.yml
View File

@ -119,7 +119,7 @@
- name: Mount boot filesystem - name: Mount boot filesystem
mount: mount:
path: /mnt/boot path: "{{ '/mnt/boot/efi' if os | lower in ['ubuntu', 'ubuntu-lts'] else '/mnt/boot' }}"
src: UUID={{ boot_uuid.stdout }} src: UUID={{ boot_uuid.stdout }}
fstype: vfat fstype: vfat
state: mounted state: mounted