diff --git a/roles/bootstrap/tasks/almalinux.yml b/roles/bootstrap/tasks/almalinux.yml new file mode 100644 index 0000000..b9ace90 --- /dev/null +++ b/roles/bootstrap/tasks/almalinux.yml @@ -0,0 +1,25 @@ +--- +- name: Bootstrap AlmaLinux 9 + vars: + bootstrap_alma_extra: >- + {{ + ( + ( + lookup('vars', bootstrap_var_key) + | difference(bootstrap_guest_agent_remove_packages) + ) + + bootstrap_guest_agent_packages + ) + | join(' ') + }} + ansible.builtin.command: "{{ item }}" + loop: + - >- + dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt + --setopt=install_weak_deps=False groupinstall -y base core + - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf + - >- + arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False + install -y {{ bootstrap_alma_extra }} + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/archlinux.yml b/roles/bootstrap/tasks/archlinux.yml new file mode 100644 index 0000000..e1e4345 --- /dev/null +++ b/roles/bootstrap/tasks/archlinux.yml @@ -0,0 +1,15 @@ +--- +- name: Bootstrap ArchLinux + vars: + bootstrap_archlinux_packages: >- + {{ + ( + lookup('vars', bootstrap_var_key) + | difference(bootstrap_guest_agent_remove_packages) + ) + + bootstrap_guest_agent_packages + }} + ansible.builtin.command: >- + pacstrap /mnt {{ bootstrap_archlinux_packages | join(' ') }} --asexplicit + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/debian.yml b/roles/bootstrap/tasks/debian.yml new file mode 100644 index 0000000..e77db3a --- /dev/null +++ b/roles/bootstrap/tasks/debian.yml @@ -0,0 +1,29 @@ +--- +- name: Bootstrap Debian System + vars: + bootstrap_debian_release: >- + {{ + 'bullseye' if bootstrap_os_key == 'debian11' + else 'bookworm' if bootstrap_os_key == 'debian12' + else 'trixie' + }} + bootstrap_debian_base_list: "{{ lookup('vars', bootstrap_var_key).base | default([]) }}" + bootstrap_debian_extra_list: "{{ lookup('vars', bootstrap_var_key).extra | default([]) }}" + bootstrap_debian_base: "{{ (bootstrap_debian_base_list | difference(bootstrap_guest_agent_remove_packages)) | join(',') }}" + bootstrap_debian_extra: >- + {{ + ( + (bootstrap_debian_extra_list | difference(bootstrap_guest_agent_remove_packages)) + + bootstrap_guest_agent_packages + ) + | join(' ') + }} + ansible.builtin.command: "{{ item }}" + loop: + - >- + debootstrap --include={{ bootstrap_debian_base }} + {{ bootstrap_debian_release }} /mnt http://deb.debian.org/debian/ + - "arch-chroot /mnt apt install -y {{ bootstrap_debian_extra }}" + - arch-chroot /mnt apt remove -y libcups2 libavahi-common3 libavahi-common-data + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/fedora.yml b/roles/bootstrap/tasks/fedora.yml new file mode 100644 index 0000000..07c7068 --- /dev/null +++ b/roles/bootstrap/tasks/fedora.yml @@ -0,0 +1,27 @@ +--- +- name: Bootstrap Fedora 42 + vars: + bootstrap_fedora_extra: >- + {{ + ( + ( + lookup('vars', bootstrap_var_key) + | difference(bootstrap_guest_agent_remove_packages) + ) + + bootstrap_guest_agent_packages + ) + | join(' ') + }} + ansible.builtin.command: "{{ item }}" + loop: + - >- + dnf --releasever=42 --best --repo=fedora --repo=fedora-updates + --installroot=/mnt --setopt=install_weak_deps=False + groupinstall -y critical-path-base core + - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf + - >- + arch-chroot /mnt dnf --releasever=42 --setopt=install_weak_deps=False + install -y {{ bootstrap_fedora_extra }} + - arch-chroot /mnt dnf reinstall -y kernel-core + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index 2911344..997e0e9 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -1,101 +1,43 @@ --- - name: Run OS-specific bootstrap process + vars: + bootstrap_os_key: "{{ os | lower }}" + bootstrap_var_key: "{{ 'bootstrap_' + (os | lower | replace('-', '_')) }}" + bootstrap_hypervisor_key: "{{ hypervisor | default('none') | lower }}" + bootstrap_guest_agent_packages: >- + {{ + ['qemu-guest-agent'] if bootstrap_hypervisor_key in ['libvirt', 'proxmox'] + else ['open-vm-tools'] if bootstrap_hypervisor_key == 'vmware' + else [] + }} + bootstrap_guest_agent_remove_packages: + - open-vm-tools + - qemu-guest-agent block: - - name: Bootstrap ArchLinux - when: os | lower == 'archlinux' - ansible.builtin.command: pacstrap /mnt {{ archlinux | join(' ') }} --asexplicit - changed_when: result.rc == 0 - register: result + - name: Include AlmaLinux bootstrap tasks + when: bootstrap_os_key == 'almalinux' + ansible.builtin.include_tasks: almalinux.yml - - name: Bootstrap Debian System - when: os | lower in ['debian11', 'debian12', 'debian13'] - ansible.builtin.command: "{{ item }}" - changed_when: result.rc == 0 - register: result - with_items: - - debootstrap --include={{ vars[os].base | join(',') }} {{ 'bullseye' if os == 'debian11' else 'bookworm' if os == 'debian12' else 'trixie' }} - /mnt http://deb.debian.org/debian/ - - arch-chroot /mnt apt install -y {{ vars[os].extra | join(' ') }} - - arch-chroot /mnt apt remove -y libcups2 libavahi-common3 libavahi-common-data + - name: Include ArchLinux bootstrap tasks + when: bootstrap_os_key == 'archlinux' + ansible.builtin.include_tasks: archlinux.yml - - name: Bootstrap Ubuntu System - when: os | lower in ['ubuntu', 'ubuntu-lts'] - ansible.builtin.command: "{{ item }}" - changed_when: result.rc == 0 - register: result - with_items: - - debootstrap --include={{ vars[os].base | join(',') }} {{ 'plucky' if os == 'ubuntu' else 'noble' }} - /mnt http://archive.ubuntu.com/ubuntu/ - - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf - - arch-chroot /mnt sed -i '1s|$| universe|' /etc/apt/sources.list - - arch-chroot /mnt apt update -y - - arch-chroot /mnt apt install -y {{ vars[os].extra | join(' ') }} + - name: Include Debian bootstrap tasks + when: bootstrap_os_key in ['debian11', 'debian12', 'debian13'] + ansible.builtin.include_tasks: debian.yml - - name: Bootstrap AlmaLinux 9 - when: os | lower == 'almalinux' - ansible.builtin.command: "{{ item }}" - changed_when: result.rc == 0 - register: result - with_items: - - dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf - - arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ almalinux | join(' ') }} + - name: Include Fedora bootstrap tasks + when: bootstrap_os_key == 'fedora' + ansible.builtin.include_tasks: fedora.yml - - name: Bootstrap Fedora 42 - when: os | lower == 'fedora' - ansible.builtin.command: "{{ item }}" - changed_when: result.rc == 0 - register: result - with_items: - - dnf --releasever=42 --best --repo=fedora --repo=fedora-updates - --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y critical-path-base core - - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf - - arch-chroot /mnt dnf --releasever=42 --setopt=install_weak_deps=False install -y {{ fedora | join(' ') }} - - arch-chroot /mnt dnf reinstall -y kernel-core + - name: Include Rocky bootstrap tasks + when: bootstrap_os_key == 'rocky' + ansible.builtin.include_tasks: rocky.yml - - name: Bootstrap RockyLinux 9 - when: os | lower == 'rocky' - ansible.builtin.command: "{{ item }}" - changed_when: result.rc == 0 - register: result - with_items: - - dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt - --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists - groupinstall -y base core - - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf - - arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ rocky | join(' ') }} + - name: Include RHEL bootstrap tasks + when: bootstrap_os_key in ['rhel8', 'rhel9', 'rhel10'] + ansible.builtin.include_tasks: rhel.yml - - name: Bootstrap RHEL System - when: os | lower in ['rhel8', 'rhel9', 'rhel10'] - block: - - name: Install base packages in chroot environment - ansible.builtin.command: >- - dnf --releasever={{ os | lower | replace('rhel', '') }} --repo={{ os | lower }}-baseos - --installroot=/mnt - --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists - groupinstall -y core base standard - changed_when: result.rc == 0 - register: result - - - name: Prepare chroot environment - ansible.builtin.shell: | - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf - mkdir -p /mnt/usr/local/install/redhat/dvd - mount --bind /usr/local/install/redhat/dvd /mnt/usr/local/install/redhat/dvd - arch-chroot /mnt rpm --rebuilddb - changed_when: result.rc == 0 - register: result - - - name: Copy RHEL repo file into chroot environment - ansible.builtin.copy: - src: /etc/yum.repos.d/{{ os | lower }}.repo - dest: /mnt/etc/yum.repos.d/redhat.repo - mode: "0644" - remote_src: true - - - name: Install additional packages in chroot - ansible.builtin.command: >- - arch-chroot /mnt dnf --releasever={{ os | lower | replace('rhel', '') }} - --setopt=install_weak_deps=False install -y {{ vars[os] | join(' ') }} - changed_when: result.rc == 0 - register: result + - name: Include Ubuntu bootstrap tasks + when: bootstrap_os_key in ['ubuntu', 'ubuntu-lts'] + ansible.builtin.include_tasks: ubuntu.yml diff --git a/roles/bootstrap/tasks/rhel.yml b/roles/bootstrap/tasks/rhel.yml new file mode 100644 index 0000000..916ce00 --- /dev/null +++ b/roles/bootstrap/tasks/rhel.yml @@ -0,0 +1,71 @@ +--- +- name: Bootstrap RHEL System + block: + - name: Install base packages in chroot environment + vars: + bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}" + ansible.builtin.command: >- + dnf --releasever={{ bootstrap_rhel_release }} --repo={{ bootstrap_os_key }}-baseos + --installroot=/mnt + --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists + groupinstall -y core base standard + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 + + - name: Ensure chroot has resolv.conf + ansible.builtin.file: + src: /run/NetworkManager/resolv.conf + dest: /mnt/etc/resolv.conf + state: link + force: true + + - name: Ensure chroot RHEL DVD directory exists + ansible.builtin.file: + path: /mnt/usr/local/install/redhat/dvd + state: directory + mode: "0755" + + - name: Bind mount RHEL DVD into chroot + ansible.posix.mount: + src: /usr/local/install/redhat/dvd + path: /mnt/usr/local/install/redhat/dvd + fstype: none + opts: bind + state: mounted + + - name: Rebuild RPM database inside chroot + ansible.builtin.command: + argv: + - arch-chroot + - /mnt + - rpm + - --rebuilddb + register: bootstrap_rpm_rebuild_result + changed_when: bootstrap_rpm_rebuild_result.rc == 0 + + - name: Copy RHEL repo file into chroot environment + ansible.builtin.copy: + src: /etc/yum.repos.d/{{ bootstrap_os_key }}.repo + dest: /mnt/etc/yum.repos.d/redhat.repo + mode: "0644" + remote_src: true + + - name: Install additional packages in chroot + vars: + bootstrap_rhel_release: "{{ bootstrap_os_key | replace('rhel', '') }}" + bootstrap_rhel_extra: >- + {{ + ( + ( + lookup('vars', bootstrap_var_key) + | difference(bootstrap_guest_agent_remove_packages) + ) + + bootstrap_guest_agent_packages + ) + | join(' ') + }} + ansible.builtin.command: >- + arch-chroot /mnt dnf --releasever={{ bootstrap_rhel_release }} + --setopt=install_weak_deps=False install -y {{ bootstrap_rhel_extra }} + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/rocky.yml b/roles/bootstrap/tasks/rocky.yml new file mode 100644 index 0000000..82bc18e --- /dev/null +++ b/roles/bootstrap/tasks/rocky.yml @@ -0,0 +1,26 @@ +--- +- name: Bootstrap RockyLinux 9 + vars: + bootstrap_rocky_extra: >- + {{ + ( + ( + lookup('vars', bootstrap_var_key) + | difference(bootstrap_guest_agent_remove_packages) + ) + + bootstrap_guest_agent_packages + ) + | join(' ') + }} + ansible.builtin.command: "{{ item }}" + loop: + - >- + dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt + --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists + groupinstall -y base core + - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf + - >- + arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False + install -y {{ bootstrap_rocky_extra }} + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/tasks/ubuntu.yml b/roles/bootstrap/tasks/ubuntu.yml new file mode 100644 index 0000000..44bb683 --- /dev/null +++ b/roles/bootstrap/tasks/ubuntu.yml @@ -0,0 +1,27 @@ +--- +- name: Bootstrap Ubuntu System + vars: + bootstrap_ubuntu_release: >- + {{ 'plucky' if bootstrap_os_key == 'ubuntu' else 'noble' }} + bootstrap_ubuntu_base_list: "{{ lookup('vars', bootstrap_var_key).base | default([]) }}" + bootstrap_ubuntu_extra_list: "{{ lookup('vars', bootstrap_var_key).extra | default([]) }}" + bootstrap_ubuntu_base: "{{ (bootstrap_ubuntu_base_list | difference(bootstrap_guest_agent_remove_packages)) | join(',') }}" + bootstrap_ubuntu_extra: >- + {{ + ( + (bootstrap_ubuntu_extra_list | difference(bootstrap_guest_agent_remove_packages)) + + bootstrap_guest_agent_packages + ) + | join(' ') + }} + ansible.builtin.command: "{{ item }}" + loop: + - >- + debootstrap --include={{ bootstrap_ubuntu_base }} + {{ bootstrap_ubuntu_release }} /mnt http://archive.ubuntu.com/ubuntu/ + - ln -sf /run/NetworkManager/resolv.conf /mnt/etc/resolv.conf + - arch-chroot /mnt sed -i '1s|$| universe|' /etc/apt/sources.list + - arch-chroot /mnt apt update + - "arch-chroot /mnt apt install -y {{ bootstrap_ubuntu_extra }}" + register: bootstrap_result + changed_when: bootstrap_result.rc == 0 diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml index 1a95b0a..1058e0f 100644 --- a/roles/bootstrap/vars/main.yml +++ b/roles/bootstrap/vars/main.yml @@ -1,5 +1,7 @@ -almalinux: +--- +bootstrap_almalinux: - bind-utils + - cryptsetup - dbus-daemon - dhcp-client - efibootmgr @@ -13,19 +15,20 @@ almalinux: - nfs-utils - nfsv4-client-utils - mtr - - open-vm-tools - ppp - shim - tmux + - tpm2-tools - vim - wget - zram-generator - zstd -archlinux: +bootstrap_archlinux: - base - btrfs-progs - cronie + - cryptsetup - dhcpcd - efibootmgr - fastfetch @@ -43,27 +46,28 @@ archlinux: - ncdu - networkmanager - nfs-utils - - open-vm-tools - openssh - ppp - prometheus-node-exporter - python-psycopg2 - - qemu-guest-agent - reflector - rsync - sudo - tldr - tmux + - tpm2-tools - vim - wireguard-tools - zram-generator -debian11: +bootstrap_debian11: base: - apparmor-utils - btrfs-progs - chrony - cron + - cryptsetup + - cryptsetup-initramfs - gnupg - grub-efi - grub-efi-amd64-signed @@ -93,7 +97,6 @@ debian11: - ncdu - neofetch - network-manager - - open-vm-tools - python-is-python3 - ripgrep - rsync @@ -102,14 +105,17 @@ debian11: - syslog-ng - tcpd - tldr + - tpm2-tools - vim - wget - zstd -debian12: +bootstrap_debian12: base: - btrfs-progs - cron + - cryptsetup + - cryptsetup-initramfs - gnupg - grub-efi - grub-efi-amd64-signed @@ -140,7 +146,6 @@ debian12: - neofetch - net-tools - network-manager - - open-vm-tools - openssh-server - python-is-python3 - python3 @@ -153,14 +158,17 @@ debian12: - systemd-zram-generator - tcpd - tldr + - tpm2-tools - vim - wget - zstd -debian13: +bootstrap_debian13: base: - btrfs-progs - cron + - cryptsetup + - cryptsetup-initramfs - gnupg - grub-efi - grub-efi-amd64-signed @@ -191,7 +199,6 @@ debian13: - ncdu - net-tools - network-manager - - open-vm-tools - openssh-server - python-is-python3 - python3 @@ -202,15 +209,17 @@ debian13: - syslog-ng - systemd-zram-generator - tcpd + - tpm2-tools - vim - wget - zstd -fedora: +bootstrap_fedora: - bat - bind-utils - btrfs-progs - cronie + - cryptsetup - dhcp-client - duf - efibootmgr @@ -229,20 +238,21 @@ fedora: - nc - nfs-utils - nfsv4-client-utils - - open-vm-tools - polkit - ppp - ripgrep - shim - tmux + - tpm2-tools - vim-default-editor - wget - zoxide - zram-generator - zstd -rhel8: +bootstrap_rhel8: - bind-utils + - cryptsetup - dhcp-client - efibootmgr - glibc-langpack-de @@ -255,16 +265,17 @@ rhel8: - mtr - ncurses-term - nfs-utils - - open-vm-tools - policycoreutils-python-utils - python39 - shim - tmux + - tpm2-tools - vim - zstd -rhel9: +bootstrap_rhel9: - bind-utils + - cryptsetup - dhcp-client - efibootmgr - glibc-langpack-de @@ -277,17 +288,18 @@ rhel9: - mtr - ncurses-term - nfs-utils - - open-vm-tools - policycoreutils-python-utils - python - shim - tmux + - tpm2-tools - vim - zram-generator - zstd -rhel10: +bootstrap_rhel10: - bind-utils + - cryptsetup - efibootmgr - glibc-langpack-de - glibc-langpack-en @@ -299,17 +311,18 @@ rhel10: - mtr - ncurses-term - nfs-utils - - open-vm-tools - policycoreutils-python-utils - python - shim - tmux + - tpm2-tools - vim - zram-generator - zstd -rocky: +bootstrap_rocky: - bind-utils + - cryptsetup - dbus-daemon - dhcp-client - efibootmgr @@ -323,21 +336,23 @@ rocky: - nc - nfs-utils - nfsv4-client-utils - - open-vm-tools - ppp - shim - telnet - tmux + - tpm2-tools - util-linux-core - vim - wget - zram-generator - zstd -ubuntu: +bootstrap_ubuntu: base: - btrfs-progs - cron + - cryptsetup + - cryptsetup-initramfs - gnupg - grub-efi - grub-efi-amd64-signed @@ -372,7 +387,6 @@ ubuntu: - ncurses-term - net-tools - network-manager - - open-vm-tools - openssh-server - python-is-python3 - python3 @@ -386,6 +400,7 @@ ubuntu: - tcpd - tldr - tmux + - tpm2-tools - traceroute - util-linux-extra - vim @@ -394,10 +409,12 @@ ubuntu: - zoxide - zstd -ubuntu-lts: +bootstrap_ubuntu_lts: base: - btrfs-progs - cron + - cryptsetup + - cryptsetup-initramfs - gnupg - grub-efi - grub-efi-amd64-signed @@ -432,7 +449,6 @@ ubuntu-lts: - ncurses-term - net-tools - network-manager - - open-vm-tools - openssh-server - python-is-python3 - python3 @@ -446,6 +462,7 @@ ubuntu-lts: - tcpd - tldr - tmux + - tpm2-tools - traceroute - util-linux-extra - vim