diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..20cd697 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,77 @@ +--- +os: "" +filesystem: "" +hostname: "" +install_type: "physical" +hypervisor: "none" +install_drive: "/dev/sda" +boot_iso: "" +rhel_iso: "" +custom_iso: false +cis: false +selinux: true +is_rhel: false +is_debian: false + +hypervisor_url: "" +hypervisor_username: "" +hypervisor_password: "" +hypervisor_datacenter: "" +hypervisor_cluster: "" +hypervisor_node: "" +hypervisor_storage: "" +vm_path: "" +vmware_ssh: false +vlan_name: "" +note: "" + +vm_ip: "" +vm_nms: 24 +vm_gw: "" +vm_dns: "" +vm_dns_search: "" +vm_nif: "vmbr0" +vm_id: 0 +vm_size: 0 +vm_memory: 0 +vm_cpus: 4 +vm_ballo: 0 +extra_packages: [] + +luks_enabled: false +luks_passphrase: "" +luks_mapper_name: "SYSTEM_DECRYPTED" +luks_auto_decrypt: true +luks_auto_decrypt_method: "tpm2" +luks_tpm2_device: "auto" +luks_tpm2_pcrs: "" +luks_keyfile_size: 64 +luks_options: "discard,tries=3" +luks_type: "luks2" +luks_cipher: "aes-xts-plain64" +luks_hash: "sha512" +luks_iter_time: 4000 +luks_key_size: 512 +luks_pbkdf: "argon2id" +luks_use_urandom: true +luks_verify_passphrase: true + +partitioning_luks_enabled: "{{ luks_enabled }}" +partitioning_luks_passphrase: "{{ luks_passphrase }}" +partitioning_luks_mapper_name: "{{ luks_mapper_name }}" +partitioning_luks_type: "{{ luks_type }}" +partitioning_luks_cipher: "{{ luks_cipher }}" +partitioning_luks_hash: "{{ luks_hash }}" +partitioning_luks_iter_time: "{{ luks_iter_time }}" +partitioning_luks_key_size: "{{ luks_key_size }}" +partitioning_luks_pbkdf: "{{ luks_pbkdf }}" +partitioning_luks_use_urandom: "{{ luks_use_urandom }}" +partitioning_luks_verify_passphrase: "{{ luks_verify_passphrase }}" +partitioning_luks_auto_decrypt: "{{ luks_auto_decrypt }}" +partitioning_luks_auto_decrypt_method: "{{ luks_auto_decrypt_method }}" +partitioning_luks_tpm2_device: "{{ luks_tpm2_device }}" +partitioning_luks_tpm2_pcrs: "{{ luks_tpm2_pcrs }}" +partitioning_luks_keyfile_size: "{{ luks_keyfile_size }}" +partitioning_luks_options: "{{ luks_options }}" +partitioning_vm_size: 0 +partitioning_vm_memory: 0 diff --git a/main.yml b/main.yml index d876277..72ab2aa 100644 --- a/main.yml +++ b/main.yml @@ -32,26 +32,26 @@ - install_type in ["virtual", "physical"] - hypervisor in ["libvirt", "proxmox", "vmware", "none"] - filesystem in ["btrfs", "ext4", "xfs"] - - install_drive is defined - - install_type == "physical" or vm_size is defined - - install_type == "physical" or vm_memory is defined + - install_drive | length > 0 + - install_type == "physical" or (vm_size | float) > 0 + - install_type == "physical" or (vm_memory | float) > 0 - os in ["archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts"] - - os not in ["rhel8", "rhel9", "rhel10"] or rhel_iso is defined + - os not in ["rhel8", "rhel9", "rhel10"] or rhel_iso | length > 0 - >- install_type == "physical" or ( - (filesystem == "btrfs" and (vm_size | default(0) | int) >= 10) - or (filesystem != "btrfs" and (vm_size | default(0) | int) >= 20) + (filesystem == "btrfs" and (vm_size | int) >= 10) + or (filesystem != "btrfs" and (vm_size | int) >= 20) ) - >- install_type == "physical" or ( - (vm_size | default(0) | float) + (vm_size | float) >= ( - (vm_memory | default(0) | float / 1024 >= 16.0) + (vm_memory | float / 1024 >= 16.0) | ternary( - (vm_memory | default(0) | float / 2048), - [vm_memory | default(0) | float / 1024, 4.0] | max + (vm_memory | float / 2048), + [vm_memory | float / 1024, 4.0] | max ) + 16 ) @@ -60,10 +60,10 @@ - name: Normalize optional flags ansible.builtin.set_fact: - cis: "{{ cis | default(false) | bool }}" - custom_iso: "{{ custom_iso | default(false) | bool }}" - is_rhel: "{{ os | default('') | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}" - is_debian: "{{ os | default('') | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}" + cis: "{{ cis | bool }}" + custom_iso: "{{ custom_iso | bool }}" + is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}" + is_debian: "{{ os | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}" changed_when: false - name: Set Python interpreter for RHEL-based installers @@ -110,7 +110,7 @@ - role: configuration - role: cis - when: cis | default(false) | bool + when: cis | bool - role: cleanup when: install_type in ["virtual", "physical"] @@ -122,7 +122,7 @@ post_reboot_can_connect: >- {{ (ansible_connection | default('ssh')) != 'ssh' - or ((vm_ip | default('') | string | length) > 0) + or ((vm_ip | string | length) > 0) or ( install_type == 'physical' and (ansible_host | default('') | string | length) > 0 @@ -132,7 +132,7 @@ - name: Set final SSH credentials for post-reboot tasks when: - - post_reboot_can_connect | default(false) | bool + - post_reboot_can_connect | bool ansible.builtin.set_fact: ansible_user: "{{ user_name }}" ansible_password: "{{ user_password }}" @@ -141,8 +141,8 @@ - name: Install post-reboot extra packages when: - - extra_packages is defined - - post_reboot_can_connect | default(false) | bool + - post_reboot_can_connect | bool + - extra_packages | length > 0 block: - name: Normalize extra package list ansible.builtin.set_fact: @@ -151,7 +151,7 @@ ( extra_packages if (extra_packages is iterable and extra_packages is not string) - else (extra_packages | default('') | string).split(',') + else (extra_packages | string).split(',') ) | map('trim') | reject('equalto', '') diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml index 27cd002..0a2d114 100644 --- a/roles/bootstrap/vars/main.yml +++ b/roles/bootstrap/vars/main.yml @@ -17,10 +17,10 @@ bootstrap_almalinux: - ppp - shim - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - wget - zram-generator @@ -56,10 +56,10 @@ bootstrap_archlinux: - sudo - tldr - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - wireguard-tools - zram-generator @@ -74,8 +74,8 @@ bootstrap_debian11: - grub-efi - grub-efi-amd64-signed - grub2-common - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'cryptsetup-initramfs' if luks_enabled | default(false) else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'cryptsetup-initramfs' if luks_enabled else '' }}" - linux-image-amd64 - locales - logrotate @@ -109,9 +109,9 @@ bootstrap_debian11: - syslog-ng - tcpd - tldr - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - wget - zstd @@ -124,8 +124,8 @@ bootstrap_debian12: - grub-efi - grub-efi-amd64-signed - grub2-common - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'cryptsetup-initramfs' if luks_enabled | default(false) else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'cryptsetup-initramfs' if luks_enabled else '' }}" - linux-image-amd64 - locales - logrotate @@ -164,9 +164,9 @@ bootstrap_debian12: - systemd-zram-generator - tcpd - tldr - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - wget - zstd @@ -179,8 +179,8 @@ bootstrap_debian13: - grub-efi - grub-efi-amd64-signed - grub2-common - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'cryptsetup-initramfs' if luks_enabled | default(false) else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'cryptsetup-initramfs' if luks_enabled else '' }}" - linux-image-amd64 - locales - logrotate @@ -217,9 +217,9 @@ bootstrap_debian13: - syslog-ng - systemd-zram-generator - tcpd - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - wget - zstd @@ -252,10 +252,10 @@ bootstrap_fedora: - ripgrep - shim - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim-default-editor - wget - zoxide @@ -280,10 +280,10 @@ bootstrap_rhel8: - python39 - shim - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - zstd @@ -305,10 +305,10 @@ bootstrap_rhel9: - python - shim - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - zram-generator - zstd @@ -330,10 +330,10 @@ bootstrap_rhel10: - python - shim - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - vim - zram-generator - zstd @@ -357,10 +357,10 @@ bootstrap_rocky: - shim - telnet - tmux - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - util-linux-core - vim - wget @@ -375,8 +375,8 @@ bootstrap_ubuntu: - grub-efi - grub-efi-amd64-signed - grub2-common - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'cryptsetup-initramfs' if luks_enabled | default(false) else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'cryptsetup-initramfs' if luks_enabled else '' }}" - linux-image-generic - locales - lvm2 @@ -419,9 +419,9 @@ bootstrap_ubuntu: - tcpd - tldr - tmux - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - traceroute - util-linux-extra - vim @@ -438,8 +438,8 @@ bootstrap_ubuntu_lts: - grub-efi - grub-efi-amd64-signed - grub2-common - - "{{ 'cryptsetup' if luks_enabled | default(false) else '' }}" - - "{{ 'cryptsetup-initramfs' if luks_enabled | default(false) else '' }}" + - "{{ 'cryptsetup' if luks_enabled else '' }}" + - "{{ 'cryptsetup-initramfs' if luks_enabled else '' }}" - linux-image-generic - locales - lvm2 @@ -482,9 +482,9 @@ bootstrap_ubuntu_lts: - tcpd - tldr - tmux - - "{{ 'tpm2-tools' if luks_enabled | default(false) else '' }}" - - "{{ 'qemu-guest-agent' if hypervisor | default('none') | lower in ['libvirt', 'proxmox'] else '' }}" - - "{{ 'open-vm-tools' if hypervisor | default('none') | lower == 'vmware' else '' }}" + - "{{ 'tpm2-tools' if luks_enabled else '' }}" + - "{{ 'qemu-guest-agent' if hypervisor | lower in ['libvirt', 'proxmox'] else '' }}" + - "{{ 'open-vm-tools' if hypervisor | lower == 'vmware' else '' }}" - traceroute - util-linux-extra - vim diff --git a/roles/cis/tasks/security_lines.yml b/roles/cis/tasks/security_lines.yml index aa8d08d..f26522e 100644 --- a/roles/cis/tasks/security_lines.yml +++ b/roles/cis/tasks/security_lines.yml @@ -10,8 +10,8 @@ - {path: /mnt/etc/security/pwquality.conf, content: ucredit = -1} - {path: /mnt/etc/security/pwquality.conf, content: ocredit = -1} - {path: /mnt/etc/security/pwquality.conf, content: lcredit = -1} - - {path: '/mnt/etc/{{ "bashrc" if is_rhel | default(false) else "bash.bashrc" }}', content: umask 077} - - {path: '/mnt/etc/{{ "bashrc" if is_rhel | default(false) else "bash.bashrc" }}', content: export TMOUT=3000} + - {path: '/mnt/etc/{{ "bashrc" if is_rhel else "bash.bashrc" }}', content: umask 077} + - {path: '/mnt/etc/{{ "bashrc" if is_rhel else "bash.bashrc" }}', content: export TMOUT=3000} - {path: '/mnt/{{ "usr/lib/systemd/journald.conf" if os == "fedora" else "etc/systemd/journald.conf" }}', content: Storage=persistent} - {path: /mnt/etc/sudoers, content: Defaults logfile="/var/log/sudo.log"} - {path: /mnt/etc/pam.d/su, content: auth required pam_wheel.so} diff --git a/roles/cleanup/tasks/libvirt.yml b/roles/cleanup/tasks/libvirt.yml index 6c3d041..ba6d9c8 100644 --- a/roles/cleanup/tasks/libvirt.yml +++ b/roles/cleanup/tasks/libvirt.yml @@ -6,7 +6,8 @@ block: - name: Set libvirt image paths vars: - cleanup_libvirt_image_dir_value: "{{ vm_path | default('/var/lib/libvirt/images') }}" + cleanup_libvirt_image_dir_value: >- + {{ vm_path if vm_path | length > 0 else '/var/lib/libvirt/images' }} ansible.builtin.set_fact: cleanup_libvirt_image_dir: "{{ cleanup_libvirt_image_dir_value }}" cleanup_libvirt_cloudinit_path: >- @@ -38,7 +39,7 @@ changed_when: false - name: Remove boot ISO device from VM XML (source match) - when: boot_iso is defined and (boot_iso | length > 0) + when: boot_iso | length > 0 community.general.xml: xmlstring: "{{ cleanup_libvirt_domain_xml }}" xpath: "/domain/devices/disk[contains(source/@file, '{{ boot_iso | basename }}')]" @@ -46,7 +47,7 @@ register: cleanup_libvirt_xml_strip_boot_source - name: Update cleaned VM XML after removing boot ISO source match - when: boot_iso is defined and (boot_iso | length > 0) + when: boot_iso | length > 0 ansible.builtin.set_fact: cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_boot_source.xmlstring }}" changed_when: false diff --git a/roles/cleanup/tasks/vmware.yml b/roles/cleanup/tasks/vmware.yml index e4ae9c7..1205de8 100644 --- a/roles/cleanup/tasks/vmware.yml +++ b/roles/cleanup/tasks/vmware.yml @@ -24,7 +24,7 @@ unit_number: 1 controller_type: sata type: iso - iso_path: "{{ rhel_iso | default(omit) }}" + iso_path: "{{ rhel_iso if rhel_iso | length > 0 else omit }}" state: absent failed_when: false diff --git a/roles/configuration/tasks/bootloader.yml b/roles/configuration/tasks/bootloader.yml index 84364dc..2593900 100644 --- a/roles/configuration/tasks/bootloader.yml +++ b/roles/configuration/tasks/bootloader.yml @@ -3,16 +3,8 @@ block: - name: Install Bootloader vars: - configuration_use_efibootmgr: "{{ is_rhel | default(false) }}" - configuration_efi_dir: >- - {{ - partitioning_efi_mountpoint - | default( - "/boot/efi" - if (is_rhel | default(false)) or (os | lower in ["ubuntu", "ubuntu-lts"]) - else "/boot" - ) - }} + configuration_use_efibootmgr: "{{ is_rhel | bool }}" + configuration_efi_dir: "{{ partitioning_efi_mountpoint }}" configuration_bootloader_id: >- {{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }} configuration_efi_vendor: >- @@ -47,7 +39,7 @@ else ( '/usr/bin/env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ' + '/usr/sbin/update-initramfs -u -k all' - if is_debian | default(false) + if is_debian | bool else '/usr/bin/dracut --regenerate-all --force' ) }} @@ -62,9 +54,9 @@ configuration_grub_cfg_cmd: >- {{ '/usr/sbin/grub2-mkconfig -o ' - + (partitioning_efi_mountpoint | default('/boot/efi')) + + partitioning_efi_mountpoint + '/EFI/' + configuration_efi_vendor + '/grub.cfg' - if is_rhel | default(false) + if is_rhel | bool else '/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg' }} ansible.builtin.command: "arch-chroot /mnt {{ configuration_grub_cfg_cmd }}" diff --git a/roles/configuration/tasks/encryption.yml b/roles/configuration/tasks/encryption.yml index 50879c5..614eeb6 100644 --- a/roles/configuration/tasks/encryption.yml +++ b/roles/configuration/tasks/encryption.yml @@ -1,31 +1,17 @@ --- - name: Configure disk encryption - when: partitioning_luks_enabled | default(luks_enabled | default(false)) | bool + when: partitioning_luks_enabled | bool vars: configuration_luks_passphrase_effective: >- - {{ (partitioning_luks_passphrase | default(luks_passphrase | default(''))) | string }} + {{ partitioning_luks_passphrase | string }} block: - name: Set LUKS configuration facts vars: configuration_luks_mapper_name_value: >- - {{ - partitioning_luks_mapper_name - | default(luks_mapper_name | default('SYSTEM_DECRYPTED')) - }} - configuration_luks_device_value: >- - {{ - partitioning_luks_device - | default( - install_drive - ~ ( - partitioning_root_partition_suffix - | default(partitioning_main_partition_suffix | default(2)) - | string - ) - ) - }} + {{ partitioning_luks_mapper_name }} + configuration_luks_device_value: "{{ partitioning_luks_device }}" configuration_luks_tpm2_pcrs_raw: >- - {{ partitioning_luks_tpm2_pcrs | default(luks_tpm2_pcrs | default('')) }} + {{ partitioning_luks_tpm2_pcrs }} configuration_luks_tpm2_pcrs_effective_value: >- {{ ( @@ -43,17 +29,17 @@ configuration_luks_uuid: "{{ partitioning_luks_uuid | default('') }}" configuration_luks_device: "{{ configuration_luks_device_value }}" configuration_luks_options: >- - {{ partitioning_luks_options | default(luks_options | default('discard,tries=3')) }} + {{ partitioning_luks_options }} configuration_luks_auto_method: >- {{ - (partitioning_luks_auto_decrypt | default(luks_auto_decrypt | default(true)) | bool) + (partitioning_luks_auto_decrypt | bool) | ternary( - partitioning_luks_auto_decrypt_method | default(luks_auto_decrypt_method | default('tpm2')), + partitioning_luks_auto_decrypt_method, 'manual' ) }} configuration_luks_tpm2_device: >- - {{ partitioning_luks_tpm2_device | default(luks_tpm2_device | default('auto')) }} + {{ partitioning_luks_tpm2_device }} configuration_luks_tpm2_pcrs: "{{ configuration_luks_tpm2_pcrs_raw }}" configuration_luks_tpm2_pcrs_effective: "{{ configuration_luks_tpm2_pcrs_effective_value }}" configuration_luks_keyfile_path: >- @@ -151,7 +137,7 @@ - name: Ensure keyfile pattern for initramfs-tools when: - - is_debian | default(false) + - is_debian | bool - configuration_luks_keyfile_in_use ansible.builtin.lineinfile: path: /mnt/etc/cryptsetup-initramfs/conf-hook @@ -215,14 +201,14 @@ }}) - name: Ensure dracut config directory exists - when: is_rhel | default(false) + when: is_rhel | bool ansible.builtin.file: path: /mnt/etc/dracut.conf.d state: directory mode: "0755" - name: Configure dracut for LUKS - when: is_rhel | default(false) + when: is_rhel | bool ansible.builtin.copy: dest: /mnt/etc/dracut.conf.d/crypt.conf content: | @@ -233,13 +219,13 @@ mode: "0644" - name: Read kernel cmdline defaults - when: is_rhel | default(false) + when: is_rhel | bool ansible.builtin.slurp: src: /mnt/etc/kernel/cmdline register: configuration_kernel_cmdline_slurp - name: Build kernel cmdline with LUKS args - when: is_rhel | default(false) + when: is_rhel | bool vars: configuration_kernel_cmdline_current_value: >- {{ configuration_kernel_cmdline_slurp.content | b64decode | trim }} @@ -265,14 +251,14 @@ changed_when: false - name: Write kernel cmdline with LUKS args - when: is_rhel | default(false) + when: is_rhel | bool ansible.builtin.copy: dest: /mnt/etc/kernel/cmdline mode: "0644" content: "{{ configuration_kernel_cmdline_new }}\n" - name: Find BLS entries - when: is_rhel | default(false) + when: is_rhel | bool ansible.builtin.find: paths: /mnt/boot/loader/entries patterns: "*.conf" @@ -281,7 +267,7 @@ - name: Update BLS options with LUKS args when: - - is_rhel | default(false) + - is_rhel | bool - configuration_kernel_bls_entries.files | length > 0 ansible.builtin.lineinfile: path: "{{ item.path }}" @@ -292,13 +278,13 @@ label: "{{ item.path }}" - name: Read grub defaults - when: not is_rhel | default(false) + when: not is_rhel | bool ansible.builtin.slurp: src: /mnt/etc/default/grub register: configuration_grub_slurp - name: Build grub command lines with LUKS args - when: not is_rhel | default(false) + when: not is_rhel | bool vars: configuration_grub_content_value: "{{ configuration_grub_slurp.content | b64decode }}" configuration_grub_cmdline_linux_value: >- @@ -362,7 +348,7 @@ configuration_grub_cmdline_default_new: "{{ configuration_grub_cmdline_default_new_value }}" - name: Update GRUB_CMDLINE_LINUX_DEFAULT for LUKS - when: not is_rhel | default(false) + when: not is_rhel | bool ansible.builtin.lineinfile: path: /mnt/etc/default/grub regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=' diff --git a/roles/configuration/tasks/encryption/keyfile.yml b/roles/configuration/tasks/encryption/keyfile.yml index 599fe46..8cbc39c 100644 --- a/roles/configuration/tasks/encryption/keyfile.yml +++ b/roles/configuration/tasks/encryption/keyfile.yml @@ -16,7 +16,7 @@ {{ lookup( 'community.general.random_string', - length=(partitioning_luks_keyfile_size | default(luks_keyfile_size | default(64)) | int), + length=(partitioning_luks_keyfile_size | int), override_all='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ) }} @@ -71,7 +71,7 @@ {{ lookup( 'community.general.random_string', - length=(partitioning_luks_keyfile_size | default(luks_keyfile_size | default(64)) | int), + length=(partitioning_luks_keyfile_size | int), override_all='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' ) }} diff --git a/roles/configuration/tasks/extras.yml b/roles/configuration/tasks/extras.yml index 3188868..afb25c1 100644 --- a/roles/configuration/tasks/extras.yml +++ b/roles/configuration/tasks/extras.yml @@ -1,7 +1,7 @@ --- - name: Append vim configurations to vimrc ansible.builtin.blockinfile: - path: "{{ '/mnt/etc/vim/vimrc' if is_debian | default(false) else '/mnt/etc/vimrc' }}" + path: "{{ '/mnt/etc/vim/vimrc' if is_debian | bool else '/mnt/etc/vimrc' }}" block: | set encoding=utf-8 set number diff --git a/roles/configuration/tasks/grub.yml b/roles/configuration/tasks/grub.yml index c4fb4d0..086fe7e 100644 --- a/roles/configuration/tasks/grub.yml +++ b/roles/configuration/tasks/grub.yml @@ -1,6 +1,6 @@ --- - name: Configure grub defaults - when: not is_rhel | default(false) + when: not is_rhel | bool ansible.builtin.lineinfile: dest: /mnt/etc/default/grub regexp: "{{ item.regexp }}" @@ -12,7 +12,7 @@ line: GRUB_TIMEOUT=1 - name: Ensure grub defaults file exists for RHEL-based systems - when: is_rhel | default(false) + when: is_rhel | bool block: - name: Build RHEL kernel command line defaults vars: @@ -106,7 +106,7 @@ label: "{{ item.path }}" - name: Enable GRUB cryptodisk for encrypted /boot - when: partitioning_grub_enable_cryptodisk | default(false) | bool + when: partitioning_grub_enable_cryptodisk | bool ansible.builtin.lineinfile: path: /mnt/etc/default/grub regexp: '^GRUB_ENABLE_CRYPTODISK=' diff --git a/roles/configuration/tasks/locales.yml b/roles/configuration/tasks/locales.yml index 02c8dc4..6586a8a 100644 --- a/roles/configuration/tasks/locales.yml +++ b/roles/configuration/tasks/locales.yml @@ -10,7 +10,7 @@ - name: Setup locales block: - name: Configure locale.gen - when: not is_rhel | default(false) + when: not is_rhel | bool ansible.builtin.lineinfile: dest: /mnt/etc/locale.gen regexp: "{{ item.regex }}" @@ -19,7 +19,7 @@ - {regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8} - name: Generate locales - when: not is_rhel | default(false) + when: not is_rhel | bool ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen register: configuration_locale_result changed_when: configuration_locale_result.rc == 0 @@ -32,7 +32,7 @@ if '.' in hostname else ( hostname + '.' + vm_dns_search - if vm_dns_search is defined and vm_dns_search | length + if vm_dns_search | length else hostname ) }} @@ -49,7 +49,7 @@ if '.' in hostname else ( hostname + '.' + vm_dns_search - if vm_dns_search is defined and vm_dns_search | length + if vm_dns_search | length else hostname ) }} @@ -57,7 +57,7 @@ configuration_hostname_entries: >- {{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }} configuration_hosts_line: >- - {{ vm_ip | default(inventory_hostname) }} {{ configuration_hostname_entries }} + {{ (vm_ip if vm_ip | length > 0 else inventory_hostname) }} {{ configuration_hostname_entries }} ansible.builtin.lineinfile: path: /mnt/etc/hosts line: "{{ configuration_hosts_line }}" diff --git a/roles/configuration/tasks/selinux.yml b/roles/configuration/tasks/selinux.yml index c23f327..ef8936d 100644 --- a/roles/configuration/tasks/selinux.yml +++ b/roles/configuration/tasks/selinux.yml @@ -1,9 +1,9 @@ --- - name: Fix SELinux - when: is_rhel | default(false) + when: is_rhel | bool block: - name: Fix SELinux by pre-labeling the filesystem before first boot - when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux | default(true) | bool) + when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux | bool) ansible.builtin.command: > arch-chroot /mnt /sbin/setfiles -v -F -e /dev -e /proc -e /sys -e /run @@ -12,7 +12,7 @@ changed_when: configuration_setfiles_result.rc == 0 - name: Disable SELinux - when: os | lower == "fedora" or not (selinux | default(true) | bool) + when: os | lower == "fedora" or not (selinux | bool) ansible.builtin.lineinfile: path: /mnt/etc/selinux/config regexp: ^SELINUX= diff --git a/roles/configuration/tasks/sudo.yml b/roles/configuration/tasks/sudo.yml index f1f37fa..625b26d 100644 --- a/roles/configuration/tasks/sudo.yml +++ b/roles/configuration/tasks/sudo.yml @@ -1,7 +1,7 @@ --- - name: Give sudo access to wheel group ansible.builtin.copy: - content: "{{ '%sudo ALL=(ALL) ALL' if is_debian | default(false) else '%wheel ALL=(ALL) ALL' }}" + content: "{{ '%sudo ALL=(ALL) ALL' if is_debian | bool else '%wheel ALL=(ALL) ALL' }}" dest: /mnt/etc/sudoers.d/01-wheel mode: "0440" validate: /usr/sbin/visudo --check --file=%s diff --git a/roles/configuration/tasks/users.yml b/roles/configuration/tasks/users.yml index 9282554..a05235e 100644 --- a/roles/configuration/tasks/users.yml +++ b/roles/configuration/tasks/users.yml @@ -2,7 +2,7 @@ - name: Create user account vars: configuration_user_group: >- - {{ "sudo" if is_debian | default(false) else "wheel" }} + {{ "sudo" if is_debian | bool else "wheel" }} configuration_useradd_cmd: >- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ configuration_user_group }} {{ user_name }} @@ -18,7 +18,7 @@ changed_when: configuration_user_result.rc == 0 - name: Ensure .ssh directory exists - when: user_public_key is defined + when: user_public_key | length > 0 ansible.builtin.file: path: /mnt/home/{{ user_name }}/.ssh state: directory @@ -27,7 +27,7 @@ mode: "0700" - name: Add SSH public key to authorized_keys - when: user_public_key is defined + when: user_public_key | length > 0 ansible.builtin.lineinfile: path: /mnt/home/{{ user_name }}/.ssh/authorized_keys line: "{{ user_public_key }}" diff --git a/roles/configuration/templates/network.j2 b/roles/configuration/templates/network.j2 index a03ece1..03123e8 100644 --- a/roles/configuration/templates/network.j2 +++ b/roles/configuration/templates/network.j2 @@ -7,14 +7,14 @@ type=ethernet mac-address={{ configuration_net_mac }} [ipv4] -{% set dns_value = vm_dns | default('') %} +{% set dns_value = vm_dns %} {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %} {% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %} -{% set search_value = vm_dns_search | default('') %} +{% set search_value = vm_dns_search %} {% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %} {% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %} -{% if vm_ip is defined and vm_ip | length %} -address1={{ vm_ip }}/{{ vm_nms | default(24) }}{{ (',' ~ vm_gw) if (vm_gw is defined and vm_gw | length) else '' }} +{% if vm_ip | length %} +address1={{ vm_ip }}/{{ vm_nms }}{{ (',' ~ vm_gw) if (vm_gw | length) else '' }} method=manual {% else %} method=auto diff --git a/roles/environment/tasks/main.yml b/roles/environment/tasks/main.yml index de6238d..0f4bd43 100644 --- a/roles/environment/tasks/main.yml +++ b/roles/environment/tasks/main.yml @@ -17,7 +17,7 @@ - name: Abort if the host is not booted from the Arch install media when: - - not (custom_iso | default(false) | bool) + - not (custom_iso | bool) - not environment_archiso_stat.stat.exists ansible.builtin.fail: msg: This host is not booted from the Arch install media! @@ -40,10 +40,9 @@ - name: Set IP-Address when: - hypervisor == "vmware" - - vm_ip is defined - - vm_ip | length + - vm_ip | length > 0 ansible.builtin.command: >- - ip addr replace {{ vm_ip }}/{{ vm_nms | default(24) }} + ip addr replace {{ vm_ip }}/{{ vm_nms }} dev {{ environment_interface_name }} register: environment_ip_result changed_when: environment_ip_result.rc == 0 @@ -51,10 +50,8 @@ - name: Set Default Gateway when: - hypervisor == "vmware" - - vm_gw is defined - - vm_gw | length - - vm_ip is defined - - vm_ip | length + - vm_gw | length > 0 + - vm_ip | length > 0 ansible.builtin.command: "ip route replace default via {{ vm_gw }}" register: environment_gateway_result changed_when: environment_gateway_result.rc == 0 @@ -65,7 +62,7 @@ changed_when: false - name: Configure SSH for root login - when: hypervisor == "vmware" and (vmware_ssh is defined and vmware_ssh | bool) + when: hypervisor == "vmware" and (vmware_ssh | bool) block: - name: Allow login ansible.builtin.replace: @@ -91,14 +88,14 @@ - name: Prepare installer environment block: - name: Speed-up Bootstrap process - when: not (custom_iso | default(false) | bool) + when: not (custom_iso | bool) ansible.builtin.lineinfile: path: /etc/pacman.conf regexp: ^#ParallelDownloads = line: ParallelDownloads = 20 - name: Wait for pacman lock to be released - when: not (custom_iso | default(false) | bool) + when: not (custom_iso | bool) ansible.builtin.wait_for: path: /var/lib/pacman/db.lck state: absent @@ -107,7 +104,7 @@ - name: Setup Pacman when: - - not (custom_iso | default(false) | bool) + - not (custom_iso | bool) - "'os' not in item or os in item.os" community.general.pacman: update_cache: true @@ -141,7 +138,7 @@ state: mounted - name: Configure RHEL Repos for installation - when: is_rhel | default(false) + when: is_rhel | bool block: - name: Create directories for repository files and RPM GPG keys ansible.builtin.file: diff --git a/roles/partitioning/defaults/main.yml b/roles/partitioning/defaults/main.yml index 59f02f9..c3da7f1 100644 --- a/roles/partitioning/defaults/main.yml +++ b/roles/partitioning/defaults/main.yml @@ -1,20 +1,20 @@ --- -partitioning_luks_enabled: "{{ luks_enabled | default(false) | bool }}" -partitioning_luks_mapper_name: "{{ luks_mapper_name | default('SYSTEM_DECRYPTED') }}" -partitioning_luks_type: "{{ luks_type | default('luks2') }}" -partitioning_luks_cipher: "{{ luks_cipher | default('aes-xts-plain64') }}" -partitioning_luks_hash: "{{ luks_hash | default('sha512') }}" -partitioning_luks_iter_time: "{{ luks_iter_time | default(4000) }}" -partitioning_luks_key_size: "{{ luks_key_size | default(512) }}" -partitioning_luks_pbkdf: "{{ luks_pbkdf | default('argon2id') }}" -partitioning_luks_use_urandom: "{{ luks_use_urandom | default(true) | bool }}" -partitioning_luks_verify_passphrase: "{{ luks_verify_passphrase | default(true) | bool }}" -partitioning_luks_auto_decrypt: "{{ luks_auto_decrypt | default(true) | bool }}" -partitioning_luks_auto_decrypt_method: "{{ luks_auto_decrypt_method | default('tpm2') }}" -partitioning_luks_tpm2_device: "{{ luks_tpm2_device | default('auto') }}" -partitioning_luks_tpm2_pcrs: "{{ luks_tpm2_pcrs | default('') }}" -partitioning_luks_keyfile_size: "{{ luks_keyfile_size | default(64) }}" -partitioning_luks_options: "{{ luks_options | default('discard,tries=3') }}" +partitioning_luks_enabled: "{{ luks_enabled | bool }}" +partitioning_luks_mapper_name: "{{ luks_mapper_name }}" +partitioning_luks_type: "{{ luks_type }}" +partitioning_luks_cipher: "{{ luks_cipher }}" +partitioning_luks_hash: "{{ luks_hash }}" +partitioning_luks_iter_time: "{{ luks_iter_time }}" +partitioning_luks_key_size: "{{ luks_key_size }}" +partitioning_luks_pbkdf: "{{ luks_pbkdf }}" +partitioning_luks_use_urandom: "{{ luks_use_urandom | bool }}" +partitioning_luks_verify_passphrase: "{{ luks_verify_passphrase | bool }}" +partitioning_luks_auto_decrypt: "{{ luks_auto_decrypt | bool }}" +partitioning_luks_auto_decrypt_method: "{{ luks_auto_decrypt_method }}" +partitioning_luks_tpm2_device: "{{ luks_tpm2_device }}" +partitioning_luks_tpm2_pcrs: "{{ luks_tpm2_pcrs }}" +partitioning_luks_keyfile_size: "{{ luks_keyfile_size }}" +partitioning_luks_options: "{{ luks_options }}" partitioning_boot_partition_suffix: 1 partitioning_main_partition_suffix: 2 partitioning_efi_size_mib: 50 @@ -22,13 +22,13 @@ partitioning_boot_size_mib: 1024 partitioning_separate_boot: >- {{ (partitioning_luks_enabled | bool) - and (os | default('') | lower not in ['archlinux']) + and (os | lower not in ['archlinux']) }} partitioning_boot_fs_fstype: >- {{ - (filesystem | default('') | lower) - if (filesystem | default('') | lower) != 'btrfs' - else ('xfs' if (is_rhel | default(false)) else 'ext4') + (filesystem | lower) + if (filesystem | lower) != 'btrfs' + else ('xfs' if is_rhel else 'ext4') }} partitioning_boot_fs_partition_suffix: >- {{ @@ -46,7 +46,7 @@ partitioning_efi_mountpoint: >- if (partitioning_separate_boot | bool) else ( '/boot/efi' - if (is_rhel | default(false)) or (os | default('') | lower in ['ubuntu', 'ubuntu-lts']) + if is_rhel or (os | lower in ['ubuntu', 'ubuntu-lts']) else '/boot' ) }} @@ -107,8 +107,16 @@ partitioning_root_device: >- if (partitioning_luks_enabled | bool) else install_drive ~ (partitioning_root_partition_suffix | string) }} -partitioning_vm_size_effective: "{{ (partitioning_vm_size | default(vm_size | default(0))) | float }}" -partitioning_vm_memory_effective: "{{ (partitioning_vm_memory | default(vm_memory | default(0))) | float }}" +partitioning_vm_size_effective: >- + {{ + (partitioning_vm_size if (partitioning_vm_size | float) > 0 else vm_size) + | float + }} +partitioning_vm_memory_effective: >- + {{ + (partitioning_vm_memory if (partitioning_vm_memory | float) > 0 else vm_memory) + | float + }} partitioning_swap_size_gb: >- {{ ((partitioning_vm_memory_effective / 1024) >= 16.0) diff --git a/roles/partitioning/tasks/btrfs.yml b/roles/partitioning/tasks/btrfs.yml index 5604d4c..9ee8cd5 100644 --- a/roles/partitioning/tasks/btrfs.yml +++ b/roles/partitioning/tasks/btrfs.yml @@ -10,7 +10,7 @@ {{ '-K' if (partitioning_luks_enabled | bool) - and not ('discard' in (partitioning_luks_options | default('') | lower)) + and not ('discard' in (partitioning_luks_options | lower)) else omit }} diff --git a/roles/partitioning/tasks/main.yml b/roles/partitioning/tasks/main.yml index 3758a54..aaf4326 100644 --- a/roles/partitioning/tasks/main.yml +++ b/roles/partitioning/tasks/main.yml @@ -1,8 +1,8 @@ --- - name: Detect system memory for swap sizing when: - - partitioning_vm_memory is not defined - - vm_memory is not defined + - (partitioning_vm_memory | float) <= 0 + - (vm_memory | float) <= 0 block: - name: Read system memory ansible.builtin.command: awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo @@ -17,9 +17,9 @@ - name: Set partitioning vm_size for physical installs when: - install_type == "physical" - - partitioning_vm_size is not defined - - vm_size is not defined - - install_drive is defined + - (partitioning_vm_size | float) <= 0 + - (vm_size | float) <= 0 + - install_drive | length > 0 block: - name: Detect install drive size ansible.builtin.command: "lsblk -b -dn -o SIZE {{ install_drive }}" @@ -157,7 +157,7 @@ when: partitioning_luks_enabled | bool vars: partitioning_luks_passphrase_effective: >- - {{ (partitioning_luks_passphrase | default(luks_passphrase | default(''))) | string }} + {{ partitioning_luks_passphrase | string }} block: - name: Validate LUKS passphrase ansible.builtin.assert: @@ -207,7 +207,7 @@ state: opened name: "{{ partitioning_luks_mapper_name }}" passphrase: "{{ partitioning_luks_passphrase_effective }}" - allow_discards: "{{ 'discard' in (partitioning_luks_options | default('') | lower) }}" + allow_discards: "{{ 'discard' in (partitioning_luks_options | lower) }}" register: partitioning_luks_open_result no_log: true rescue: @@ -235,7 +235,7 @@ state: opened name: "{{ partitioning_luks_mapper_name }}" passphrase: "{{ partitioning_luks_passphrase_effective }}" - allow_discards: "{{ 'discard' in (partitioning_luks_options | default('') | lower) }}" + allow_discards: "{{ 'discard' in (partitioning_luks_options | lower) }}" register: partitioning_luks_open_retry no_log: true diff --git a/roles/virtualization/defaults/main.yml b/roles/virtualization/defaults/main.yml index 81c1437..ffff2ed 100644 --- a/roles/virtualization/defaults/main.yml +++ b/roles/virtualization/defaults/main.yml @@ -1,11 +1,10 @@ --- virtualization_tpm2_enabled: >- {{ - (partitioning_luks_enabled | default(luks_enabled | default(false)) | bool) - and (partitioning_luks_auto_decrypt | default(luks_auto_decrypt | default(true)) | bool) + (partitioning_luks_enabled | bool) + and (partitioning_luks_auto_decrypt | bool) and ( - (partitioning_luks_auto_decrypt_method | default(luks_auto_decrypt_method | default('tpm2'))) - | lower + (partitioning_luks_auto_decrypt_method | lower) == 'tpm2' ) }} diff --git a/roles/virtualization/tasks/libvirt.yml b/roles/virtualization/tasks/libvirt.yml index f581ef2..82dac0c 100644 --- a/roles/virtualization/tasks/libvirt.yml +++ b/roles/virtualization/tasks/libvirt.yml @@ -2,7 +2,8 @@ - name: Set libvirt image paths delegate_to: localhost vars: - virtualization_libvirt_image_dir_value: "{{ vm_path | default('/var/lib/libvirt/images') }}" + virtualization_libvirt_image_dir_value: >- + {{ vm_path if vm_path | length > 0 else '/var/lib/libvirt/images' }} ansible.builtin.set_fact: virtualization_libvirt_image_dir: "{{ virtualization_libvirt_image_dir_value }}" virtualization_libvirt_disk_path: >- diff --git a/roles/virtualization/tasks/proxmox.yml b/roles/virtualization/tasks/proxmox.yml index 52f4c53..8320e4a 100644 --- a/roles/virtualization/tasks/proxmox.yml +++ b/roles/virtualization/tasks/proxmox.yml @@ -2,7 +2,7 @@ - name: Deploy VM on Proxmox delegate_to: localhost vars: - virtualization_dns_value: "{{ vm_dns | default('') }}" + virtualization_dns_value: "{{ vm_dns }}" virtualization_dns_list_raw: >- {{ virtualization_dns_value @@ -11,7 +11,7 @@ }} virtualization_dns_list: >- {{ virtualization_dns_list_raw | map('trim') | reject('equalto', '') | list }} - virtualization_search_value: "{{ vm_dns_search | default('') }}" + virtualization_search_value: "{{ vm_dns_search }}" virtualization_search_list_raw: >- {{ virtualization_search_value @@ -33,7 +33,7 @@ cpu: host cores: "{{ vm_cpus }}" memory: "{{ vm_memory }}" - balloon: "{{ vm_ballo | default(omit) }}" + balloon: "{{ vm_ballo if vm_ballo | int > 0 else omit }}" numa_enabled: true hotplug: network,disk update: "{{ virtualization_tpm2_enabled | bool }}" @@ -57,16 +57,16 @@ }} ide: ide0: "{{ boot_iso }},media=cdrom" - ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso is defined else omit }}" + ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso | length > 0 else omit }}" ide2: "{{ hypervisor_storage }}:cloudinit" net: - net0: virtio,bridge={{ vm_nif }}{% if vlan_name is defined and vlan_name %},tag={{ vlan_name }}{% endif %} + net0: virtio,bridge={{ vm_nif }}{% if vlan_name | length > 0 %},tag={{ vlan_name }}{% endif %} ipconfig: ipconfig0: >- {{ - 'ip=' ~ vm_ip ~ '/' ~ (vm_nms | default(24)) - ~ (',gw=' ~ vm_gw if vm_gw is defined and vm_gw | length else '') - if vm_ip is defined and vm_ip | length + 'ip=' ~ vm_ip ~ '/' ~ vm_nms + ~ (',gw=' ~ vm_gw if vm_gw | length else '') + if vm_ip | length else 'ip=dhcp' }} nameservers: "{{ virtualization_dns_list if virtualization_dns_list | length else omit }}" diff --git a/roles/virtualization/tasks/vmware.yml b/roles/virtualization/tasks/vmware.yml index 0694a64..599bca4 100644 --- a/roles/virtualization/tasks/vmware.yml +++ b/roles/virtualization/tasks/vmware.yml @@ -8,11 +8,11 @@ validate_certs: false datacenter: "{{ hypervisor_datacenter }}" cluster: "{{ hypervisor_cluster }}" - folder: "{{ vm_path | default(omit) }}" + folder: "{{ vm_path if vm_path | length > 0 else omit }}" name: "{{ hostname }}" guest_id: otherLinux64Guest annotation: | - {{ note | default('') }} + {{ note }} state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}" disk: - size_gb: "{{ vm_size }}" @@ -41,12 +41,12 @@ "state": "present", "type": "iso", "iso_path": rhel_iso - } ] if rhel_iso is defined and rhel_iso|length > 0 else [] ) + } ] if rhel_iso | length > 0 else [] ) }} networks: - name: "{{ vm_nif }}" type: dhcp - vlan: "{{ vlan_name | default(omit) }}" + vlan: "{{ vlan_name if vlan_name | length > 0 else omit }}" - name: Ensure vTPM2 is enabled when required when: virtualization_tpm2_enabled | bool @@ -57,7 +57,7 @@ password: "{{ hypervisor_password }}" validate_certs: false datacenter: "{{ hypervisor_datacenter }}" - folder: "{{ vm_path | default(omit) }}" + folder: "{{ vm_path if vm_path | length > 0 else omit }}" name: "{{ hostname }}" state: present diff --git a/roles/virtualization/templates/cloud-network-config.yml.j2 b/roles/virtualization/templates/cloud-network-config.yml.j2 index 35a2bf8..8c2e6f8 100644 --- a/roles/virtualization/templates/cloud-network-config.yml.j2 +++ b/roles/virtualization/templates/cloud-network-config.yml.j2 @@ -4,27 +4,27 @@ network: id0: match: macaddress: "{{ virtualization_mac_address }}" -{% set has_static = vm_ip is defined and vm_ip | length %} -{% set dns_value = vm_dns | default('') %} +{% set has_static = vm_ip | length %} +{% set dns_value = vm_dns %} {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %} {% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %} -{% set search_value = vm_dns_search | default('') %} +{% set search_value = vm_dns_search %} {% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %} {% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %} {% if has_static %} addresses: - - "{{ vm_ip }}/{{ vm_nms | default(24) }}" -{% if vm_gw is defined and vm_gw | length %} + - "{{ vm_ip }}/{{ vm_nms }}" +{% if vm_gw | length %} gateway4: "{{ vm_gw }}" {% endif %} {% else %} dhcp4: true -{% if (vm_dns is defined and vm_dns | length) or (vm_dns_search is defined and vm_dns_search | length) %} +{% if (vm_dns | length) or (vm_dns_search | length) %} dhcp4-overrides: -{% if vm_dns is defined and vm_dns | length %} +{% if vm_dns | length %} use-dns: false {% endif %} -{% if vm_dns_search is defined and vm_dns_search | length %} +{% if vm_dns_search | length %} use-domains: false {% endif %} {% endif %} diff --git a/roles/virtualization/templates/vm.xml.j2 b/roles/virtualization/templates/vm.xml.j2 index 1186fde..a48aa95 100644 --- a/roles/virtualization/templates/vm.xml.j2 +++ b/roles/virtualization/templates/vm.xml.j2 @@ -1,7 +1,7 @@ {{ hostname }} {{ vm_memory | int * 1024 }} - {% if vm_ballo is defined %}{{ vm_ballo | int * 1024 }}{% endif %} + {% if vm_ballo | int > 0 %}{{ vm_ballo | int * 1024 }}{% endif %} {{ vm_cpus }} hvm @@ -37,7 +37,7 @@ - {% if rhel_iso is defined %} + {% if rhel_iso | length > 0 %} @@ -49,7 +49,7 @@ - {% if virtualization_tpm2_enabled | default(false) %} + {% if virtualization_tpm2_enabled %}