feat(environment): VMware network config, DNS resolvers, and SSH switchover

2026-03-12 07:43:46 +01:00
parent 335534176f
commit 54ffe5ff91
3 changed files with 47 additions and 3 deletions
--- a/roles/environment/tasks/_configure_network.yml
+++ b/roles/environment/tasks/_configure_network.yml
@@ -13,6 +13,14 @@
        | default('')
      }}
 - name: Bring up network interface
  when:
    - hypervisor_type == "vmware"
    - environment_interface_name | default('') | length > 0
  ansible.builtin.command: "ip link set {{ environment_interface_name }} up"
  register: environment_link_result
  changed_when: environment_link_result.rc == 0
 - name: Set IP-Address
  when:
    - hypervisor_type == "vmware"
@@ -32,13 +40,31 @@
  register: environment_gateway_result
  changed_when: environment_gateway_result.rc == 0
 - name: Configure DNS resolvers
  when:
    - hypervisor_type == "vmware"
    - system_cfg.network.dns.servers | default([]) | length > 0
  ansible.builtin.copy:
    dest: /etc/resolv.conf
    content: |
      {% for server in system_cfg.network.dns.servers %}
      nameserver {{ server }}
      {% endfor %}
      {% if system_cfg.network.dns.search | default([]) | length > 0 %}
      search {{ system_cfg.network.dns.search | join(' ') }}
      {% endif %}
    mode: "0644"
 - name: Synchronize clock via NTP
  ansible.builtin.command: timedatectl set-ntp true
  register: environment_ntp_result
  changed_when: environment_ntp_result.rc == 0
 - name: Configure SSH for root login
-  when: hypervisor_type == "vmware" and hypervisor_cfg.ssh | bool
+  when:
    - hypervisor_type == "vmware"
    - hypervisor_cfg.ssh | default(false) | bool
    - system_cfg.network.ip is defined and system_cfg.network.ip | string | length > 0
  block:
    - name: Allow login
      ansible.builtin.replace:
@@ -58,7 +84,18 @@
        name: sshd
        state: reloaded
-    - name: Set SSH connection for VMware
+    - name: Switch to SSH connection
      ansible.builtin.set_fact:
        ansible_connection: ssh
        ansible_user: root
        ansible_password: ""
        ansible_host: "{{ system_cfg.network.ip }}"
        ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
    - name: Reset connection for SSH switchover
      ansible.builtin.meta: reset_connection
    - name: Verify SSH connectivity
      ansible.builtin.wait_for_connection:
        timeout: 30
        delay: 2
--- a/roles/environment/tasks/_prepare_installer.yml
+++ b/roles/environment/tasks/_prepare_installer.yml
@@ -79,6 +79,13 @@
 # bootstrapping RHEL-family distros from the Arch ISO, where the
 # host rpm/dnf does not trust target distro GPG keys. Package
 # integrity is verified by the target system's own rpm after reboot.
 - name: Create RPM macros directory
  when: is_rhel | bool
  ansible.builtin.file:
    path: /etc/rpm
    state: directory
    mode: "0755"
 - name: Relax RPM Sequoia signature policy for RHEL bootstrap
  when: is_rhel | bool
  ansible.builtin.copy:
--- a/roles/environment/tasks/main.yml
+++ b/roles/environment/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Configure work environment
-  become: "{{ hypervisor_type != 'vmware' }}"
+  become: "{{ (hypervisor_type | default('none')) != 'vmware' }}"
  block:
    - name: Detect and validate live environment
      ansible.builtin.include_tasks: _detect_live.yml