diff --git a/main.yml b/main.yml index be73f70..1db63ad 100644 --- a/main.yml +++ b/main.yml @@ -33,39 +33,54 @@ - name: Validate variables ansible.builtin.assert: that: - - install_type in ["virtual", "physical"] - - hypervisor in ["libvirt", "proxmox", "vmware", "none"] - - filesystem in ["btrfs", "ext4", "xfs"] - - install_drive | length > 0 - - install_type == "physical" or (vm_size | float) > 0 - - install_type == "physical" or (vm_memory | float) > 0 - - os in ["archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts"] - - os not in ["rhel8", "rhel9", "rhel10"] or rhel_iso | length > 0 + - install_type is defined and install_type in ["virtual", "physical"] + - hypervisor is defined and hypervisor in ["libvirt", "proxmox", "vmware", "none"] + - filesystem is defined and filesystem in ["btrfs", "ext4", "xfs"] + - install_drive is defined and install_drive | length > 0 + - hostname is defined and hostname | length > 0 + - os is defined and os in ["archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts"] + - os is defined and (os not in ["rhel8", "rhel9", "rhel10"] or (rhel_iso is defined and rhel_iso | length > 0)) + - install_type is defined and (install_type == "physical" or (boot_iso is defined and boot_iso | length > 0)) + - install_type is defined and (install_type == "physical" or (vm_size is defined and (vm_size | float) > 0)) + - install_type is defined and (install_type == "physical" or (vm_memory is defined and (vm_memory | float) > 0)) - >- - install_type == "physical" - or ( - (filesystem == "btrfs" and (vm_size | int) >= 10) - or (filesystem != "btrfs" and (vm_size | int) >= 20) - ) - - >- - install_type == "physical" - or ( - (vm_size | float) - >= ( - (vm_memory | float / 1024 >= 16.0) - | ternary( - (vm_memory | float / 2048), - [vm_memory | float / 1024, 4.0] | max - ) - + 16 + install_type is defined and filesystem is defined and ( + install_type == "physical" + or ( + vm_size is defined + and ( + (filesystem == "btrfs" and (vm_size | int) >= 10) + or (filesystem != "btrfs" and (vm_size | int) >= 20) + ) ) ) + - >- + install_type is defined and ( + install_type == "physical" + or ( + vm_size is defined + and vm_memory is defined + and ( + (vm_size | float) + >= ( + (vm_memory | float / 1024 >= 16.0) + | ternary( + (vm_memory | float / 2048), + [vm_memory | float / 1024, 4.0] | max + ) + + 16 + ) + ) + ) + ) + - >- + vm_ip is not defined + or vm_ip | length == 0 + or (vm_nms is defined and (vm_nms | int) > 0) fail_msg: Invalid input specified, please try again. - - name: Normalize optional flags + - name: Set OS family flags ansible.builtin.set_fact: - cis: "{{ cis | bool }}" - custom_iso: "{{ custom_iso | bool }}" is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}" is_debian: "{{ os | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}" changed_when: false @@ -114,7 +129,7 @@ - role: configuration - role: cis - when: cis | bool + when: cis_enabled - role: cleanup when: install_type in ["virtual", "physical"] @@ -126,7 +141,7 @@ post_reboot_can_connect: >- {{ (ansible_connection | default('ssh')) != 'ssh' - or ((vm_ip | string | length) > 0) + or (vm_ip is defined and (vm_ip | string | length) > 0) or ( install_type == 'physical' and (ansible_host | default('') | string | length) > 0 @@ -146,6 +161,7 @@ - name: Install post-reboot extra packages when: - post_reboot_can_connect | bool + - extra_packages is defined - extra_packages | length > 0 block: - name: Normalize extra package list diff --git a/roles/cleanup/tasks/libvirt.yml b/roles/cleanup/tasks/libvirt.yml index ba6d9c8..6a84eae 100644 --- a/roles/cleanup/tasks/libvirt.yml +++ b/roles/cleanup/tasks/libvirt.yml @@ -7,7 +7,7 @@ - name: Set libvirt image paths vars: cleanup_libvirt_image_dir_value: >- - {{ vm_path if vm_path | length > 0 else '/var/lib/libvirt/images' }} + {{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }} ansible.builtin.set_fact: cleanup_libvirt_image_dir: "{{ cleanup_libvirt_image_dir_value }}" cleanup_libvirt_cloudinit_path: >- @@ -39,7 +39,7 @@ changed_when: false - name: Remove boot ISO device from VM XML (source match) - when: boot_iso | length > 0 + when: boot_iso is defined and boot_iso | length > 0 community.general.xml: xmlstring: "{{ cleanup_libvirt_domain_xml }}" xpath: "/domain/devices/disk[contains(source/@file, '{{ boot_iso | basename }}')]" @@ -47,7 +47,7 @@ register: cleanup_libvirt_xml_strip_boot_source - name: Update cleaned VM XML after removing boot ISO source match - when: boot_iso | length > 0 + when: boot_iso is defined and boot_iso | length > 0 ansible.builtin.set_fact: cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_boot_source.xmlstring }}" changed_when: false diff --git a/roles/cleanup/tasks/vmware.yml b/roles/cleanup/tasks/vmware.yml index 1205de8..455f30b 100644 --- a/roles/cleanup/tasks/vmware.yml +++ b/roles/cleanup/tasks/vmware.yml @@ -24,7 +24,7 @@ unit_number: 1 controller_type: sata type: iso - iso_path: "{{ rhel_iso if rhel_iso | length > 0 else omit }}" + iso_path: "{{ rhel_iso if rhel_iso is defined and rhel_iso | length > 0 else omit }}" state: absent failed_when: false diff --git a/roles/configuration/tasks/encryption.yml b/roles/configuration/tasks/encryption.yml index 614eeb6..3d05e77 100644 --- a/roles/configuration/tasks/encryption.yml +++ b/roles/configuration/tasks/encryption.yml @@ -3,7 +3,14 @@ when: partitioning_luks_enabled | bool vars: configuration_luks_passphrase_effective: >- - {{ partitioning_luks_passphrase | string }} + {{ + ( + partitioning_luks_passphrase + if partitioning_luks_passphrase is defined + else (luks_passphrase if luks_passphrase is defined else '') + ) + | string + }} block: - name: Set LUKS configuration facts vars: diff --git a/roles/configuration/tasks/locales.yml b/roles/configuration/tasks/locales.yml index 6586a8a..fb43440 100644 --- a/roles/configuration/tasks/locales.yml +++ b/roles/configuration/tasks/locales.yml @@ -32,7 +32,7 @@ if '.' in hostname else ( hostname + '.' + vm_dns_search - if vm_dns_search | length + if vm_dns_search is defined and vm_dns_search | length else hostname ) }} @@ -49,7 +49,7 @@ if '.' in hostname else ( hostname + '.' + vm_dns_search - if vm_dns_search | length + if vm_dns_search is defined and vm_dns_search | length else hostname ) }} @@ -57,7 +57,7 @@ configuration_hostname_entries: >- {{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }} configuration_hosts_line: >- - {{ (vm_ip if vm_ip | length > 0 else inventory_hostname) }} {{ configuration_hostname_entries }} + {{ (vm_ip if vm_ip is defined and vm_ip | length > 0 else inventory_hostname) }} {{ configuration_hostname_entries }} ansible.builtin.lineinfile: path: /mnt/etc/hosts line: "{{ configuration_hosts_line }}" diff --git a/roles/configuration/tasks/selinux.yml b/roles/configuration/tasks/selinux.yml index ef8936d..e52b100 100644 --- a/roles/configuration/tasks/selinux.yml +++ b/roles/configuration/tasks/selinux.yml @@ -3,7 +3,7 @@ when: is_rhel | bool block: - name: Fix SELinux by pre-labeling the filesystem before first boot - when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux | bool) + when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux is not defined or selinux | bool) ansible.builtin.command: > arch-chroot /mnt /sbin/setfiles -v -F -e /dev -e /proc -e /sys -e /run @@ -12,7 +12,7 @@ changed_when: configuration_setfiles_result.rc == 0 - name: Disable SELinux - when: os | lower == "fedora" or not (selinux | bool) + when: os | lower == "fedora" or (selinux is defined and not (selinux | bool)) ansible.builtin.lineinfile: path: /mnt/etc/selinux/config regexp: ^SELINUX= diff --git a/roles/configuration/templates/network.j2 b/roles/configuration/templates/network.j2 index 03123e8..1595ab0 100644 --- a/roles/configuration/templates/network.j2 +++ b/roles/configuration/templates/network.j2 @@ -7,14 +7,14 @@ type=ethernet mac-address={{ configuration_net_mac }} [ipv4] -{% set dns_value = vm_dns %} +{% set dns_value = vm_dns if vm_dns is defined else '' %} {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %} {% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %} -{% set search_value = vm_dns_search %} +{% set search_value = vm_dns_search if vm_dns_search is defined else '' %} {% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %} {% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %} -{% if vm_ip | length %} -address1={{ vm_ip }}/{{ vm_nms }}{{ (',' ~ vm_gw) if (vm_gw | length) else '' }} +{% if vm_ip is defined and vm_ip | length %} +address1={{ vm_ip }}/{{ vm_nms }}{{ (',' ~ vm_gw) if (vm_gw is defined and vm_gw | length) else '' }} method=manual {% else %} method=auto diff --git a/roles/environment/tasks/main.yml b/roles/environment/tasks/main.yml index 0f4bd43..661faca 100644 --- a/roles/environment/tasks/main.yml +++ b/roles/environment/tasks/main.yml @@ -17,7 +17,7 @@ - name: Abort if the host is not booted from the Arch install media when: - - not (custom_iso | bool) + - not custom_iso_enabled - not environment_archiso_stat.stat.exists ansible.builtin.fail: msg: This host is not booted from the Arch install media! @@ -40,7 +40,7 @@ - name: Set IP-Address when: - hypervisor == "vmware" - - vm_ip | length > 0 + - vm_ip is defined and vm_ip | length > 0 ansible.builtin.command: >- ip addr replace {{ vm_ip }}/{{ vm_nms }} dev {{ environment_interface_name }} @@ -50,8 +50,8 @@ - name: Set Default Gateway when: - hypervisor == "vmware" - - vm_gw | length > 0 - - vm_ip | length > 0 + - vm_gw is defined and vm_gw | length > 0 + - vm_ip is defined and vm_ip | length > 0 ansible.builtin.command: "ip route replace default via {{ vm_gw }}" register: environment_gateway_result changed_when: environment_gateway_result.rc == 0 @@ -62,7 +62,7 @@ changed_when: false - name: Configure SSH for root login - when: hypervisor == "vmware" and (vmware_ssh | bool) + when: hypervisor == "vmware" and (vmware_ssh is defined and vmware_ssh | bool) block: - name: Allow login ansible.builtin.replace: @@ -88,14 +88,14 @@ - name: Prepare installer environment block: - name: Speed-up Bootstrap process - when: not (custom_iso | bool) + when: not custom_iso_enabled ansible.builtin.lineinfile: path: /etc/pacman.conf regexp: ^#ParallelDownloads = line: ParallelDownloads = 20 - name: Wait for pacman lock to be released - when: not (custom_iso | bool) + when: not custom_iso_enabled ansible.builtin.wait_for: path: /var/lib/pacman/db.lck state: absent @@ -104,7 +104,7 @@ - name: Setup Pacman when: - - not (custom_iso | bool) + - not custom_iso_enabled - "'os' not in item or os in item.os" community.general.pacman: update_cache: true diff --git a/roles/global_defaults/defaults/main.yml b/roles/global_defaults/defaults/main.yml index 246b945..d9f41da 100644 --- a/roles/global_defaults/defaults/main.yml +++ b/roles/global_defaults/defaults/main.yml @@ -1,45 +1,9 @@ --- -os: "" -filesystem: "" -hostname: "" -install_type: "physical" -hypervisor: "none" -install_drive: "/dev/sda" -boot_iso: "" -rhel_iso: "" -custom_iso: false -cis: false -selinux: true -is_rhel: false -is_debian: false - -hypervisor_url: "" -hypervisor_username: "" -hypervisor_password: "" -hypervisor_datacenter: "" -hypervisor_cluster: "" -hypervisor_node: "" -hypervisor_storage: "" -vm_path: "" -vmware_ssh: false -vlan_name: "" -note: "" - -vm_ip: "" -vm_nms: 24 -vm_gw: "" -vm_dns: "" -vm_dns_search: "" -vm_nif: "vmbr0" -vm_id: 0 -vm_size: 0 -vm_memory: 0 vm_cpus: 4 -vm_ballo: 0 -extra_packages: [] +cis_enabled: "{{ cis is defined and cis | bool }}" +custom_iso_enabled: "{{ custom_iso is defined and custom_iso | bool }}" luks_enabled: false -luks_passphrase: "" luks_mapper_name: "SYSTEM_DECRYPTED" luks_auto_decrypt: true luks_auto_decrypt_method: "tpm2" diff --git a/roles/partitioning/defaults/main.yml b/roles/partitioning/defaults/main.yml index e41b620..8ef8629 100644 --- a/roles/partitioning/defaults/main.yml +++ b/roles/partitioning/defaults/main.yml @@ -1,6 +1,5 @@ --- partitioning_luks_enabled: "{{ luks_enabled | bool }}" -partitioning_luks_passphrase: "{{ luks_passphrase }}" partitioning_luks_mapper_name: "{{ luks_mapper_name }}" partitioning_luks_type: "{{ luks_type }}" partitioning_luks_cipher: "{{ luks_cipher }}" @@ -112,12 +111,20 @@ partitioning_root_device: >- }} partitioning_vm_size_effective: >- {{ - (partitioning_vm_size if (partitioning_vm_size | float) > 0 else vm_size) + ( + partitioning_vm_size + if (partitioning_vm_size | float) > 0 + else (vm_size if vm_size is defined else 0) + ) | float }} partitioning_vm_memory_effective: >- {{ - (partitioning_vm_memory if (partitioning_vm_memory | float) > 0 else vm_memory) + ( + partitioning_vm_memory + if (partitioning_vm_memory | float) > 0 + else (vm_memory if vm_memory is defined else 0) + ) | float }} partitioning_swap_size_gb: >- diff --git a/roles/partitioning/tasks/btrfs.yml b/roles/partitioning/tasks/btrfs.yml index 9ee8cd5..1b9c44f 100644 --- a/roles/partitioning/tasks/btrfs.yml +++ b/roles/partitioning/tasks/btrfs.yml @@ -28,7 +28,7 @@ changed_when: false - name: Make root subvolumes - when: cis | bool or item.subvol not in ['var_log_audit'] + when: cis_enabled or item.subvol not in ['var_log_audit'] ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} args: creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} @@ -43,7 +43,7 @@ register: partitioning_btrfs_subvol_result - name: Set quotas for subvolumes - when: cis | bool + when: cis_enabled ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} loop: - {subvol: home, quota: 2G} diff --git a/roles/partitioning/tasks/ext4.yml b/roles/partitioning/tasks/ext4.yml index 4869e87..1225200 100644 --- a/roles/partitioning/tasks/ext4.yml +++ b/roles/partitioning/tasks/ext4.yml @@ -1,6 +1,6 @@ --- - name: Create and format ext4 logical volumes - when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] + when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] community.general.filesystem: dev: /dev/sys/{{ item.lv }} fstype: ext4 @@ -13,7 +13,7 @@ - {lv: var_log_audit} - name: Remove Unsupported features for older Systems - when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']) + when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']) ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}" loop: - {lv: root} diff --git a/roles/partitioning/tasks/main.yml b/roles/partitioning/tasks/main.yml index aaf4326..819b9b1 100644 --- a/roles/partitioning/tasks/main.yml +++ b/roles/partitioning/tasks/main.yml @@ -2,7 +2,7 @@ - name: Detect system memory for swap sizing when: - (partitioning_vm_memory | float) <= 0 - - (vm_memory | float) <= 0 + - vm_memory is not defined or (vm_memory | float) <= 0 block: - name: Read system memory ansible.builtin.command: awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo @@ -18,7 +18,7 @@ when: - install_type == "physical" - (partitioning_vm_size | float) <= 0 - - (vm_size | float) <= 0 + - vm_size is not defined or (vm_size | float) <= 0 - install_drive | length > 0 block: - name: Detect install drive size @@ -157,7 +157,14 @@ when: partitioning_luks_enabled | bool vars: partitioning_luks_passphrase_effective: >- - {{ partitioning_luks_passphrase | string }} + {{ + ( + partitioning_luks_passphrase + if partitioning_luks_passphrase is defined + else (luks_passphrase if luks_passphrase is defined else '') + ) + | string + }} block: - name: Validate LUKS passphrase ansible.builtin.assert: @@ -257,7 +264,7 @@ pvs: "{{ partitioning_root_device }}" - name: Create LVM logical volumes - when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] + when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] community.general.lvol: vg: sys lv: "{{ item.lv }}" @@ -266,24 +273,24 @@ loop: - lv: root size: >- - {{ [(((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) + {{ [(((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4) - | ternary(4,((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0)) - + | ternary(4,((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) | ternary( ((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024) ))) > 12) - | ternary(((partitioning_vm_size_effective | float) * 0.4) | round(0, 'ceil'),((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) + | ternary(((partitioning_vm_size_effective | float) * 0.4) | round(0, 'ceil'),((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024))))))))), 4 ] | max | string + 'G' }} - lv: swap size: >- - {{ ((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0))) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) + {{ ((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0))) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4) - | ternary((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0))) - 4), (((partitioning_vm_memory_effective | float / 1024) + | ternary((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0))) - 4), (((partitioning_vm_memory_effective | float / 1024) > 16.0) | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) | string + 'G' }} - lv: home @@ -346,7 +353,7 @@ changed_when: false - name: Get UUIDs for LVM filesystems - when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit']) + when: filesystem != 'btrfs' and (cis_enabled or item not in ['home', 'var', 'var_log', 'var_log_audit']) ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }} loop: - root @@ -363,18 +370,18 @@ ansible.builtin.set_fact: partitioning_uuid_root: "{{ partitioning_uuid_result.results[0].stdout_lines }}" partitioning_uuid_swap: "{{ partitioning_uuid_result.results[1].stdout_lines }}" - partitioning_uuid_home: "{{ partitioning_uuid_result.results[2].stdout_lines if cis | bool else '' }}" - partitioning_uuid_var: "{{ partitioning_uuid_result.results[3].stdout_lines if cis | bool else '' }}" - partitioning_uuid_var_log: "{{ partitioning_uuid_result.results[4].stdout_lines if cis | bool else '' }}" - partitioning_uuid_var_log_audit: "{{ partitioning_uuid_result.results[5].stdout_lines if cis | bool else '' }}" + partitioning_uuid_home: "{{ partitioning_uuid_result.results[2].stdout_lines if cis_enabled else '' }}" + partitioning_uuid_var: "{{ partitioning_uuid_result.results[3].stdout_lines if cis_enabled else '' }}" + partitioning_uuid_var_log: "{{ partitioning_uuid_result.results[4].stdout_lines if cis_enabled else '' }}" + partitioning_uuid_var_log_audit: "{{ partitioning_uuid_result.results[5].stdout_lines if cis_enabled else '' }}" - name: Mount filesystems block: - name: Mount filesystems and subvolumes when: - >- - cis | bool or ( - not cis and ( + cis_enabled or ( + not cis_enabled and ( (filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg']) or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg']) ) diff --git a/roles/partitioning/tasks/xfs.yml b/roles/partitioning/tasks/xfs.yml index 2ad68d3..32e6b7a 100644 --- a/roles/partitioning/tasks/xfs.yml +++ b/roles/partitioning/tasks/xfs.yml @@ -1,6 +1,6 @@ --- - name: Create and format XFS logical volumes - when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] + when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] community.general.filesystem: dev: /dev/sys/{{ item.lv }} fstype: xfs diff --git a/roles/virtualization/tasks/libvirt.yml b/roles/virtualization/tasks/libvirt.yml index 82dac0c..3d886fc 100644 --- a/roles/virtualization/tasks/libvirt.yml +++ b/roles/virtualization/tasks/libvirt.yml @@ -3,7 +3,7 @@ delegate_to: localhost vars: virtualization_libvirt_image_dir_value: >- - {{ vm_path if vm_path | length > 0 else '/var/lib/libvirt/images' }} + {{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }} ansible.builtin.set_fact: virtualization_libvirt_image_dir: "{{ virtualization_libvirt_image_dir_value }}" virtualization_libvirt_disk_path: >- diff --git a/roles/virtualization/tasks/proxmox.yml b/roles/virtualization/tasks/proxmox.yml index 8320e4a..74708c0 100644 --- a/roles/virtualization/tasks/proxmox.yml +++ b/roles/virtualization/tasks/proxmox.yml @@ -2,7 +2,7 @@ - name: Deploy VM on Proxmox delegate_to: localhost vars: - virtualization_dns_value: "{{ vm_dns }}" + virtualization_dns_value: "{{ vm_dns if vm_dns is defined else '' }}" virtualization_dns_list_raw: >- {{ virtualization_dns_value @@ -11,7 +11,7 @@ }} virtualization_dns_list: >- {{ virtualization_dns_list_raw | map('trim') | reject('equalto', '') | list }} - virtualization_search_value: "{{ vm_dns_search }}" + virtualization_search_value: "{{ vm_dns_search if vm_dns_search is defined else '' }}" virtualization_search_list_raw: >- {{ virtualization_search_value @@ -33,7 +33,7 @@ cpu: host cores: "{{ vm_cpus }}" memory: "{{ vm_memory }}" - balloon: "{{ vm_ballo if vm_ballo | int > 0 else omit }}" + balloon: "{{ vm_ballo if vm_ballo is defined and vm_ballo | int > 0 else omit }}" numa_enabled: true hotplug: network,disk update: "{{ virtualization_tpm2_enabled | bool }}" @@ -57,16 +57,16 @@ }} ide: ide0: "{{ boot_iso }},media=cdrom" - ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso | length > 0 else omit }}" + ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso is defined and rhel_iso | length > 0 else omit }}" ide2: "{{ hypervisor_storage }}:cloudinit" net: - net0: virtio,bridge={{ vm_nif }}{% if vlan_name | length > 0 %},tag={{ vlan_name }}{% endif %} + net0: virtio,bridge={{ vm_nif }}{% if vlan_name is defined and vlan_name | length > 0 %},tag={{ vlan_name }}{% endif %} ipconfig: ipconfig0: >- {{ 'ip=' ~ vm_ip ~ '/' ~ vm_nms - ~ (',gw=' ~ vm_gw if vm_gw | length else '') - if vm_ip | length + ~ (',gw=' ~ vm_gw if vm_gw is defined and vm_gw | length else '') + if vm_ip is defined and vm_ip | length else 'ip=dhcp' }} nameservers: "{{ virtualization_dns_list if virtualization_dns_list | length else omit }}" diff --git a/roles/virtualization/tasks/vmware.yml b/roles/virtualization/tasks/vmware.yml index 599bca4..3356915 100644 --- a/roles/virtualization/tasks/vmware.yml +++ b/roles/virtualization/tasks/vmware.yml @@ -8,11 +8,11 @@ validate_certs: false datacenter: "{{ hypervisor_datacenter }}" cluster: "{{ hypervisor_cluster }}" - folder: "{{ vm_path if vm_path | length > 0 else omit }}" + folder: "{{ vm_path if vm_path is defined and vm_path | length > 0 else omit }}" name: "{{ hostname }}" guest_id: otherLinux64Guest annotation: | - {{ note }} + {{ note if note is defined else '' }} state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}" disk: - size_gb: "{{ vm_size }}" @@ -41,12 +41,12 @@ "state": "present", "type": "iso", "iso_path": rhel_iso - } ] if rhel_iso | length > 0 else [] ) + } ] if rhel_iso is defined and rhel_iso | length > 0 else [] ) }} networks: - name: "{{ vm_nif }}" type: dhcp - vlan: "{{ vlan_name if vlan_name | length > 0 else omit }}" + vlan: "{{ vlan_name if vlan_name is defined and vlan_name | length > 0 else omit }}" - name: Ensure vTPM2 is enabled when required when: virtualization_tpm2_enabled | bool @@ -57,7 +57,7 @@ password: "{{ hypervisor_password }}" validate_certs: false datacenter: "{{ hypervisor_datacenter }}" - folder: "{{ vm_path if vm_path | length > 0 else omit }}" + folder: "{{ vm_path if vm_path is defined and vm_path | length > 0 else omit }}" name: "{{ hostname }}" state: present diff --git a/roles/virtualization/templates/cloud-network-config.yml.j2 b/roles/virtualization/templates/cloud-network-config.yml.j2 index 8c2e6f8..dbcefa3 100644 --- a/roles/virtualization/templates/cloud-network-config.yml.j2 +++ b/roles/virtualization/templates/cloud-network-config.yml.j2 @@ -4,27 +4,27 @@ network: id0: match: macaddress: "{{ virtualization_mac_address }}" -{% set has_static = vm_ip | length %} -{% set dns_value = vm_dns %} +{% set has_static = vm_ip is defined and vm_ip | length %} +{% set dns_value = vm_dns if vm_dns is defined else '' %} {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %} {% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %} -{% set search_value = vm_dns_search %} +{% set search_value = vm_dns_search if vm_dns_search is defined else '' %} {% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %} {% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %} {% if has_static %} addresses: - "{{ vm_ip }}/{{ vm_nms }}" -{% if vm_gw | length %} +{% if vm_gw is defined and vm_gw | length %} gateway4: "{{ vm_gw }}" {% endif %} {% else %} dhcp4: true -{% if (vm_dns | length) or (vm_dns_search | length) %} +{% if (vm_dns is defined and vm_dns | length) or (vm_dns_search is defined and vm_dns_search | length) %} dhcp4-overrides: -{% if vm_dns | length %} +{% if vm_dns is defined and vm_dns | length %} use-dns: false {% endif %} -{% if vm_dns_search | length %} +{% if vm_dns_search is defined and vm_dns_search | length %} use-domains: false {% endif %} {% endif %} diff --git a/roles/virtualization/templates/vm.xml.j2 b/roles/virtualization/templates/vm.xml.j2 index a48aa95..edf934e 100644 --- a/roles/virtualization/templates/vm.xml.j2 +++ b/roles/virtualization/templates/vm.xml.j2 @@ -1,7 +1,7 @@ {{ hostname }} {{ vm_memory | int * 1024 }} - {% if vm_ballo | int > 0 %}{{ vm_ballo | int * 1024 }}{% endif %} + {% if vm_ballo is defined and vm_ballo | int > 0 %}{{ vm_ballo | int * 1024 }}{% endif %} {{ vm_cpus }} hvm @@ -37,7 +37,7 @@ - {% if rhel_iso | length > 0 %} + {% if rhel_iso is defined and rhel_iso | length > 0 %}