sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove defaults for required vars

Browse Source
This commit is contained in:
Sandwich
2025-12-28 17:10:00 +01:00
parent fd37b4ee96
commit 98d0a4954d
19 changed files with 136 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
main.yml
View File

@@ -33,23 +33,34 @@
- name: Validate variables - name: Validate variables
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- install_type in ["virtual", "physical"] - install_type is defined and install_type in ["virtual", "physical"]
- hypervisor in ["libvirt", "proxmox", "vmware", "none"] - hypervisor is defined and hypervisor in ["libvirt", "proxmox", "vmware", "none"]
- filesystem in ["btrfs", "ext4", "xfs"] - filesystem is defined and filesystem in ["btrfs", "ext4", "xfs"]
- install_drive | length > 0 - install_drive is defined and install_drive | length > 0
- install_type == "physical" or (vm_size | float) > 0 - hostname is defined and hostname | length > 0
- install_type == "physical" or (vm_memory | float) > 0 - os is defined and os in ["archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts"]
- os in ["archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts"] - os is defined and (os not in ["rhel8", "rhel9", "rhel10"] or (rhel_iso is defined and rhel_iso | length > 0))
- os not in ["rhel8", "rhel9", "rhel10"] or rhel_iso | length > 0 - install_type is defined and (install_type == "physical" or (boot_iso is defined and boot_iso | length > 0))
- install_type is defined and (install_type == "physical" or (vm_size is defined and (vm_size | float) > 0))
- install_type is defined and (install_type == "physical" or (vm_memory is defined and (vm_memory | float) > 0))
- >- - >-
install_type is defined and filesystem is defined and (
install_type == "physical" install_type == "physical"
or ( or (
vm_size is defined
and (
(filesystem == "btrfs" and (vm_size | int) >= 10) (filesystem == "btrfs" and (vm_size | int) >= 10)
or (filesystem != "btrfs" and (vm_size | int) >= 20) or (filesystem != "btrfs" and (vm_size | int) >= 20)
) )
)
)
- >- - >-
install_type is defined and (
install_type == "physical" install_type == "physical"
or ( or (
vm_size is defined
and vm_memory is defined
and (
(vm_size | float) (vm_size | float)
>= ( >= (
(vm_memory | float / 1024 >= 16.0) (vm_memory | float / 1024 >= 16.0)
@@ -60,12 +71,16 @@
+ 16 + 16
) )
) )
)
)
- >-
vm_ip is not defined
or vm_ip | length == 0
or (vm_nms is defined and (vm_nms | int) > 0)
fail_msg: Invalid input specified, please try again. fail_msg: Invalid input specified, please try again.
- name: Normalize optional flags - name: Set OS family flags
ansible.builtin.set_fact: ansible.builtin.set_fact:
cis: "{{ cis | bool }}"
custom_iso: "{{ custom_iso | bool }}"
is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}" is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}"
is_debian: "{{ os | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}" is_debian: "{{ os | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}"
changed_when: false changed_when: false
@@ -114,7 +129,7 @@
- role: configuration - role: configuration
- role: cis - role: cis
when: cis | bool when: cis_enabled
- role: cleanup - role: cleanup
when: install_type in ["virtual", "physical"] when: install_type in ["virtual", "physical"]
@@ -126,7 +141,7 @@
post_reboot_can_connect: >- post_reboot_can_connect: >-
{{ {{
(ansible_connection | default('ssh')) != 'ssh' (ansible_connection | default('ssh')) != 'ssh'
or ((vm_ip | string | length) > 0) or (vm_ip is defined and (vm_ip | string | length) > 0)
or ( or (
install_type == 'physical' install_type == 'physical'
and (ansible_host | default('') | string | length) > 0 and (ansible_host | default('') | string | length) > 0
@@ -146,6 +161,7 @@
- name: Install post-reboot extra packages - name: Install post-reboot extra packages
when: when:
- post_reboot_can_connect | bool - post_reboot_can_connect | bool
- extra_packages is defined
- extra_packages | length > 0 - extra_packages | length > 0
block: block:
- name: Normalize extra package list - name: Normalize extra package list

6
roles/cleanup/tasks/libvirt.yml
View File

@@ -7,7 +7,7 @@
- name: Set libvirt image paths - name: Set libvirt image paths
vars: vars:
cleanup_libvirt_image_dir_value: >- cleanup_libvirt_image_dir_value: >-
{{ vm_path if vm_path | length > 0 else '/var/lib/libvirt/images' }} {{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }}
ansible.builtin.set_fact: ansible.builtin.set_fact:
cleanup_libvirt_image_dir: "{{ cleanup_libvirt_image_dir_value }}" cleanup_libvirt_image_dir: "{{ cleanup_libvirt_image_dir_value }}"
cleanup_libvirt_cloudinit_path: >- cleanup_libvirt_cloudinit_path: >-
@@ -39,7 +39,7 @@
changed_when: false changed_when: false
- name: Remove boot ISO device from VM XML (source match) - name: Remove boot ISO device from VM XML (source match)
when: boot_iso | length > 0 when: boot_iso is defined and boot_iso | length > 0
community.general.xml: community.general.xml:
xmlstring: "{{ cleanup_libvirt_domain_xml }}" xmlstring: "{{ cleanup_libvirt_domain_xml }}"
xpath: "/domain/devices/disk[contains(source/@file, '{{ boot_iso | basename }}')]" xpath: "/domain/devices/disk[contains(source/@file, '{{ boot_iso | basename }}')]"
@@ -47,7 +47,7 @@
register: cleanup_libvirt_xml_strip_boot_source register: cleanup_libvirt_xml_strip_boot_source
- name: Update cleaned VM XML after removing boot ISO source match - name: Update cleaned VM XML after removing boot ISO source match
when: boot_iso | length > 0 when: boot_iso is defined and boot_iso | length > 0
ansible.builtin.set_fact: ansible.builtin.set_fact:
cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_boot_source.xmlstring }}" cleanup_libvirt_domain_xml: "{{ cleanup_libvirt_xml_strip_boot_source.xmlstring }}"
changed_when: false changed_when: false

2
roles/cleanup/tasks/vmware.yml
View File

@@ -24,7 +24,7 @@
unit_number: 1 unit_number: 1
controller_type: sata controller_type: sata
type: iso type: iso
iso_path: "{{ rhel_iso if rhel_iso | length > 0 else omit }}" iso_path: "{{ rhel_iso if rhel_iso is defined and rhel_iso | length > 0 else omit }}"
state: absent state: absent
failed_when: false failed_when: false

9
roles/configuration/tasks/encryption.yml
View File

@@ -3,7 +3,14 @@
when: partitioning_luks_enabled | bool when: partitioning_luks_enabled | bool
vars: vars:
configuration_luks_passphrase_effective: >- configuration_luks_passphrase_effective: >-
{{ partitioning_luks_passphrase | string }} {{
(
partitioning_luks_passphrase
if partitioning_luks_passphrase is defined
else (luks_passphrase if luks_passphrase is defined else '')
)
| string
}}
block: block:
- name: Set LUKS configuration facts - name: Set LUKS configuration facts
vars: vars:

6
roles/configuration/tasks/locales.yml
View File

@@ -32,7 +32,7 @@
if '.' in hostname if '.' in hostname
else ( else (
hostname + '.' + vm_dns_search hostname + '.' + vm_dns_search
if vm_dns_search | length if vm_dns_search is defined and vm_dns_search | length
else hostname else hostname
) )
}} }}
@@ -49,7 +49,7 @@
if '.' in hostname if '.' in hostname
else ( else (
hostname + '.' + vm_dns_search hostname + '.' + vm_dns_search
if vm_dns_search | length if vm_dns_search is defined and vm_dns_search | length
else hostname else hostname
) )
}} }}
@@ -57,7 +57,7 @@
configuration_hostname_entries: >- configuration_hostname_entries: >-
{{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }} {{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }}
configuration_hosts_line: >- configuration_hosts_line: >-
{{ (vm_ip if vm_ip | length > 0 else inventory_hostname) }} {{ configuration_hostname_entries }} {{ (vm_ip if vm_ip is defined and vm_ip | length > 0 else inventory_hostname) }} {{ configuration_hostname_entries }}
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /mnt/etc/hosts path: /mnt/etc/hosts
line: "{{ configuration_hosts_line }}" line: "{{ configuration_hosts_line }}"

4
roles/configuration/tasks/selinux.yml
View File

@@ -3,7 +3,7 @@
when: is_rhel | bool when: is_rhel | bool
block: block:
- name: Fix SELinux by pre-labeling the filesystem before first boot - name: Fix SELinux by pre-labeling the filesystem before first boot
when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux | bool) when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rhel10', 'rocky'] and (selinux is not defined or selinux | bool)
ansible.builtin.command: > ansible.builtin.command: >
arch-chroot /mnt /sbin/setfiles -v -F arch-chroot /mnt /sbin/setfiles -v -F
-e /dev -e /proc -e /sys -e /run -e /dev -e /proc -e /sys -e /run
@@ -12,7 +12,7 @@
changed_when: configuration_setfiles_result.rc == 0 changed_when: configuration_setfiles_result.rc == 0
- name: Disable SELinux - name: Disable SELinux
when: os | lower == "fedora" or not (selinux | bool) when: os | lower == "fedora" or (selinux is defined and not (selinux | bool))
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /mnt/etc/selinux/config path: /mnt/etc/selinux/config
regexp: ^SELINUX= regexp: ^SELINUX=

8
roles/configuration/templates/network.j2
View File

@@ -7,14 +7,14 @@ type=ethernet
mac-address={{ configuration_net_mac }} mac-address={{ configuration_net_mac }}
[ipv4] [ipv4]
{% set dns_value = vm_dns %} {% set dns_value = vm_dns if vm_dns is defined else '' %}
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %} {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
{% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %} {% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %}
{% set search_value = vm_dns_search %} {% set search_value = vm_dns_search if vm_dns_search is defined else '' %}
{% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %} {% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %}
{% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %} {% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %}
{% if vm_ip | length %} {% if vm_ip is defined and vm_ip | length %}
address1={{ vm_ip }}/{{ vm_nms }}{{ (',' ~ vm_gw) if (vm_gw | length) else '' }} address1={{ vm_ip }}/{{ vm_nms }}{{ (',' ~ vm_gw) if (vm_gw is defined and vm_gw | length) else '' }}
method=manual method=manual
{% else %} {% else %}
method=auto method=auto

16
roles/environment/tasks/main.yml
View File

@@ -17,7 +17,7 @@
- name: Abort if the host is not booted from the Arch install media - name: Abort if the host is not booted from the Arch install media
when: when:
- not (custom_iso | bool) - not custom_iso_enabled
- not environment_archiso_stat.stat.exists - not environment_archiso_stat.stat.exists
ansible.builtin.fail: ansible.builtin.fail:
msg: This host is not booted from the Arch install media! msg: This host is not booted from the Arch install media!
@@ -40,7 +40,7 @@
- name: Set IP-Address - name: Set IP-Address
when: when:
- hypervisor == "vmware" - hypervisor == "vmware"
- vm_ip | length > 0 - vm_ip is defined and vm_ip | length > 0
ansible.builtin.command: >- ansible.builtin.command: >-
ip addr replace {{ vm_ip }}/{{ vm_nms }} ip addr replace {{ vm_ip }}/{{ vm_nms }}
dev {{ environment_interface_name }} dev {{ environment_interface_name }}
@@ -50,8 +50,8 @@
- name: Set Default Gateway - name: Set Default Gateway
when: when:
- hypervisor == "vmware" - hypervisor == "vmware"
- vm_gw | length > 0 - vm_gw is defined and vm_gw | length > 0
- vm_ip | length > 0 - vm_ip is defined and vm_ip | length > 0
ansible.builtin.command: "ip route replace default via {{ vm_gw }}" ansible.builtin.command: "ip route replace default via {{ vm_gw }}"
register: environment_gateway_result register: environment_gateway_result
changed_when: environment_gateway_result.rc == 0 changed_when: environment_gateway_result.rc == 0
@@ -62,7 +62,7 @@
changed_when: false changed_when: false
- name: Configure SSH for root login - name: Configure SSH for root login
when: hypervisor == "vmware" and (vmware_ssh | bool) when: hypervisor == "vmware" and (vmware_ssh is defined and vmware_ssh | bool)
block: block:
- name: Allow login - name: Allow login
ansible.builtin.replace: ansible.builtin.replace:
@@ -88,14 +88,14 @@
- name: Prepare installer environment - name: Prepare installer environment
block: block:
- name: Speed-up Bootstrap process - name: Speed-up Bootstrap process
when: not (custom_iso | bool) when: not custom_iso_enabled
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/pacman.conf path: /etc/pacman.conf
regexp: ^#ParallelDownloads = regexp: ^#ParallelDownloads =
line: ParallelDownloads = 20 line: ParallelDownloads = 20
- name: Wait for pacman lock to be released - name: Wait for pacman lock to be released
when: not (custom_iso | bool) when: not custom_iso_enabled
ansible.builtin.wait_for: ansible.builtin.wait_for:
path: /var/lib/pacman/db.lck path: /var/lib/pacman/db.lck
state: absent state: absent
@@ -104,7 +104,7 @@
- name: Setup Pacman - name: Setup Pacman
when: when:
- not (custom_iso | bool) - not custom_iso_enabled
- "'os' not in item or os in item.os" - "'os' not in item or os in item.os"
community.general.pacman: community.general.pacman:
update_cache: true update_cache: true

40
roles/global_defaults/defaults/main.yml
View File

@@ -1,45 +1,9 @@
--- ---
os: ""
filesystem: ""
hostname: ""
install_type: "physical"
hypervisor: "none"
install_drive: "/dev/sda"
boot_iso: ""
rhel_iso: ""
custom_iso: false
cis: false
selinux: true
is_rhel: false
is_debian: false
hypervisor_url: ""
hypervisor_username: ""
hypervisor_password: ""
hypervisor_datacenter: ""
hypervisor_cluster: ""
hypervisor_node: ""
hypervisor_storage: ""
vm_path: ""
vmware_ssh: false
vlan_name: ""
note: ""
vm_ip: ""
vm_nms: 24
vm_gw: ""
vm_dns: ""
vm_dns_search: ""
vm_nif: "vmbr0"
vm_id: 0
vm_size: 0
vm_memory: 0
vm_cpus: 4 vm_cpus: 4
vm_ballo: 0 cis_enabled: "{{ cis is defined and cis | bool }}"
extra_packages: [] custom_iso_enabled: "{{ custom_iso is defined and custom_iso | bool }}"
luks_enabled: false luks_enabled: false
luks_passphrase: ""
luks_mapper_name: "SYSTEM_DECRYPTED" luks_mapper_name: "SYSTEM_DECRYPTED"
luks_auto_decrypt: true luks_auto_decrypt: true
luks_auto_decrypt_method: "tpm2" luks_auto_decrypt_method: "tpm2"

13
roles/partitioning/defaults/main.yml
View File

@@ -1,6 +1,5 @@
--- ---
partitioning_luks_enabled: "{{ luks_enabled | bool }}" partitioning_luks_enabled: "{{ luks_enabled | bool }}"
partitioning_luks_passphrase: "{{ luks_passphrase }}"
partitioning_luks_mapper_name: "{{ luks_mapper_name }}" partitioning_luks_mapper_name: "{{ luks_mapper_name }}"
partitioning_luks_type: "{{ luks_type }}" partitioning_luks_type: "{{ luks_type }}"
partitioning_luks_cipher: "{{ luks_cipher }}" partitioning_luks_cipher: "{{ luks_cipher }}"
@@ -112,12 +111,20 @@ partitioning_root_device: >-
}} }}
partitioning_vm_size_effective: >- partitioning_vm_size_effective: >-
{{ {{
(partitioning_vm_size if (partitioning_vm_size | float) > 0 else vm_size) (
partitioning_vm_size
if (partitioning_vm_size | float) > 0
else (vm_size if vm_size is defined else 0)
)
| float | float
}} }}
partitioning_vm_memory_effective: >- partitioning_vm_memory_effective: >-
{{ {{
(partitioning_vm_memory if (partitioning_vm_memory | float) > 0 else vm_memory) (
partitioning_vm_memory
if (partitioning_vm_memory | float) > 0
else (vm_memory if vm_memory is defined else 0)
)
| float | float
}} }}
partitioning_swap_size_gb: >- partitioning_swap_size_gb: >-

4
roles/partitioning/tasks/btrfs.yml
View File

@@ -28,7 +28,7 @@
changed_when: false changed_when: false
- name: Make root subvolumes - name: Make root subvolumes
when: cis | bool or item.subvol not in ['var_log_audit'] when: cis_enabled or item.subvol not in ['var_log_audit']
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
args: args:
creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} creates: /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
@@ -43,7 +43,7 @@
register: partitioning_btrfs_subvol_result register: partitioning_btrfs_subvol_result
- name: Set quotas for subvolumes - name: Set quotas for subvolumes
when: cis | bool when: cis_enabled
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
loop: loop:
- {subvol: home, quota: 2G} - {subvol: home, quota: 2G}

4
roles/partitioning/tasks/ext4.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Create and format ext4 logical volumes - name: Create and format ext4 logical volumes
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
community.general.filesystem: community.general.filesystem:
dev: /dev/sys/{{ item.lv }} dev: /dev/sys/{{ item.lv }}
fstype: ext4 fstype: ext4
@@ -13,7 +13,7 @@
- {lv: var_log_audit} - {lv: var_log_audit}
- name: Remove Unsupported features for older Systems - name: Remove Unsupported features for older Systems
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']) when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}" ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
loop: loop:
- {lv: root} - {lv: root}

39
roles/partitioning/tasks/main.yml
View File

@@ -2,7 +2,7 @@
- name: Detect system memory for swap sizing - name: Detect system memory for swap sizing
when: when:
- (partitioning_vm_memory | float) <= 0 - (partitioning_vm_memory | float) <= 0
- (vm_memory | float) <= 0 - vm_memory is not defined or (vm_memory | float) <= 0
block: block:
- name: Read system memory - name: Read system memory
ansible.builtin.command: awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo ansible.builtin.command: awk '/MemTotal/ {print int($2/1024)}' /proc/meminfo
@@ -18,7 +18,7 @@
when: when:
- install_type == "physical" - install_type == "physical"
- (partitioning_vm_size | float) <= 0 - (partitioning_vm_size | float) <= 0
- (vm_size | float) <= 0 - vm_size is not defined or (vm_size | float) <= 0
- install_drive | length > 0 - install_drive | length > 0
block: block:
- name: Detect install drive size - name: Detect install drive size
@@ -157,7 +157,14 @@
when: partitioning_luks_enabled | bool when: partitioning_luks_enabled | bool
vars: vars:
partitioning_luks_passphrase_effective: >- partitioning_luks_passphrase_effective: >-
{{ partitioning_luks_passphrase | string }} {{
(
partitioning_luks_passphrase
if partitioning_luks_passphrase is defined
else (luks_passphrase if luks_passphrase is defined else '')
)
| string
}}
block: block:
- name: Validate LUKS passphrase - name: Validate LUKS passphrase
ansible.builtin.assert: ansible.builtin.assert:
@@ -257,7 +264,7 @@
pvs: "{{ partitioning_root_device }}" pvs: "{{ partitioning_root_device }}"
- name: Create LVM logical volumes - name: Create LVM logical volumes
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
community.general.lvol: community.general.lvol:
vg: sys vg: sys
lv: "{{ item.lv }}" lv: "{{ item.lv }}"
@@ -266,24 +273,24 @@
loop: loop:
- lv: root - lv: root
size: >- size: >-
{{ [(((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) {{ [(((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4) | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4)
| ternary(4,((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0)) - | ternary(4,((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0)) -
(((partitioning_vm_memory_effective | float / 1024) > 16.0) (((partitioning_vm_memory_effective | float / 1024) > 16.0)
| ternary( | ternary(
((partitioning_vm_memory_effective | float / 2048) | int), ((partitioning_vm_memory_effective | float / 2048) | int),
(partitioning_vm_memory_effective | float / 1024) (partitioning_vm_memory_effective | float / 1024)
))) )))
> 12) > 12)
| ternary(((partitioning_vm_size_effective | float) * 0.4) | round(0, 'ceil'),((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(((partitioning_vm_size_effective | float) * 0.4) | round(0, 'ceil'),((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled)
| ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) | ternary(7.5, 0)) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024))))))))), 4 ] | max | string + | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024))))))))), 4 ] | max | string +
'G' }} 'G' }}
- lv: swap - lv: swap
size: >- size: >-
{{ ((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0))) - (((partitioning_vm_memory_effective | float / 1024) > 16.0) {{ ((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0))) - (((partitioning_vm_memory_effective | float / 1024) > 16.0)
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4) | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) < 4)
| ternary((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis | bool) | ternary(7.5, 0))) - 4), (((partitioning_vm_memory_effective | float / 1024) | ternary((((partitioning_vm_size_effective | float) - (partitioning_reserved_gb | float) - ((cis_enabled) | ternary(7.5, 0))) - 4), (((partitioning_vm_memory_effective | float / 1024)
> 16.0) > 16.0)
| ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) | string + 'G' }} | ternary(((partitioning_vm_memory_effective | float / 2048) | int), (partitioning_vm_memory_effective | float / 1024)))) | string + 'G' }}
- lv: home - lv: home
@@ -346,7 +353,7 @@
changed_when: false changed_when: false
- name: Get UUIDs for LVM filesystems - name: Get UUIDs for LVM filesystems
when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit']) when: filesystem != 'btrfs' and (cis_enabled or item not in ['home', 'var', 'var_log', 'var_log_audit'])
ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }} ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
loop: loop:
- root - root
@@ -363,18 +370,18 @@
ansible.builtin.set_fact: ansible.builtin.set_fact:
partitioning_uuid_root: "{{ partitioning_uuid_result.results[0].stdout_lines }}" partitioning_uuid_root: "{{ partitioning_uuid_result.results[0].stdout_lines }}"
partitioning_uuid_swap: "{{ partitioning_uuid_result.results[1].stdout_lines }}" partitioning_uuid_swap: "{{ partitioning_uuid_result.results[1].stdout_lines }}"
partitioning_uuid_home: "{{ partitioning_uuid_result.results[2].stdout_lines if cis | bool else '' }}" partitioning_uuid_home: "{{ partitioning_uuid_result.results[2].stdout_lines if cis_enabled else '' }}"
partitioning_uuid_var: "{{ partitioning_uuid_result.results[3].stdout_lines if cis | bool else '' }}" partitioning_uuid_var: "{{ partitioning_uuid_result.results[3].stdout_lines if cis_enabled else '' }}"
partitioning_uuid_var_log: "{{ partitioning_uuid_result.results[4].stdout_lines if cis | bool else '' }}" partitioning_uuid_var_log: "{{ partitioning_uuid_result.results[4].stdout_lines if cis_enabled else '' }}"
partitioning_uuid_var_log_audit: "{{ partitioning_uuid_result.results[5].stdout_lines if cis | bool else '' }}" partitioning_uuid_var_log_audit: "{{ partitioning_uuid_result.results[5].stdout_lines if cis_enabled else '' }}"
- name: Mount filesystems - name: Mount filesystems
block: block:
- name: Mount filesystems and subvolumes - name: Mount filesystems and subvolumes
when: when:
- >- - >-
cis | bool or ( cis_enabled or (
not cis and ( not cis_enabled and (
(filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg']) (filesystem == 'btrfs' and item.path in ['/home', '/var/log', '/var/cache/pacman/pkg'])
or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg']) or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit', '/var/cache/pacman/pkg'])
) )

2
roles/partitioning/tasks/xfs.yml
View File

@@ -1,6 +1,6 @@
--- ---
- name: Create and format XFS logical volumes - name: Create and format XFS logical volumes
when: cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'] when: cis_enabled or item.lv not in ['home', 'var', 'var_log', 'var_log_audit']
community.general.filesystem: community.general.filesystem:
dev: /dev/sys/{{ item.lv }} dev: /dev/sys/{{ item.lv }}
fstype: xfs fstype: xfs

2
roles/virtualization/tasks/libvirt.yml
View File

@@ -3,7 +3,7 @@
delegate_to: localhost delegate_to: localhost
vars: vars:
virtualization_libvirt_image_dir_value: >- virtualization_libvirt_image_dir_value: >-
{{ vm_path if vm_path | length > 0 else '/var/lib/libvirt/images' }} {{ vm_path if vm_path is defined and vm_path | length > 0 else '/var/lib/libvirt/images' }}
ansible.builtin.set_fact: ansible.builtin.set_fact:
virtualization_libvirt_image_dir: "{{ virtualization_libvirt_image_dir_value }}" virtualization_libvirt_image_dir: "{{ virtualization_libvirt_image_dir_value }}"
virtualization_libvirt_disk_path: >- virtualization_libvirt_disk_path: >-

14
roles/virtualization/tasks/proxmox.yml
View File

@@ -2,7 +2,7 @@
- name: Deploy VM on Proxmox - name: Deploy VM on Proxmox
delegate_to: localhost delegate_to: localhost
vars: vars:
virtualization_dns_value: "{{ vm_dns }}" virtualization_dns_value: "{{ vm_dns if vm_dns is defined else '' }}"
virtualization_dns_list_raw: >- virtualization_dns_list_raw: >-
{{ {{
virtualization_dns_value virtualization_dns_value
@@ -11,7 +11,7 @@
}} }}
virtualization_dns_list: >- virtualization_dns_list: >-
{{ virtualization_dns_list_raw | map('trim') | reject('equalto', '') | list }} {{ virtualization_dns_list_raw | map('trim') | reject('equalto', '') | list }}
virtualization_search_value: "{{ vm_dns_search }}" virtualization_search_value: "{{ vm_dns_search if vm_dns_search is defined else '' }}"
virtualization_search_list_raw: >- virtualization_search_list_raw: >-
{{ {{
virtualization_search_value virtualization_search_value
@@ -33,7 +33,7 @@
cpu: host cpu: host
cores: "{{ vm_cpus }}" cores: "{{ vm_cpus }}"
memory: "{{ vm_memory }}" memory: "{{ vm_memory }}"
balloon: "{{ vm_ballo if vm_ballo | int > 0 else omit }}" balloon: "{{ vm_ballo if vm_ballo is defined and vm_ballo | int > 0 else omit }}"
numa_enabled: true numa_enabled: true
hotplug: network,disk hotplug: network,disk
update: "{{ virtualization_tpm2_enabled | bool }}" update: "{{ virtualization_tpm2_enabled | bool }}"
@@ -57,16 +57,16 @@
}} }}
ide: ide:
ide0: "{{ boot_iso }},media=cdrom" ide0: "{{ boot_iso }},media=cdrom"
ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso | length > 0 else omit }}" ide1: "{{ rhel_iso + ',media=cdrom' if rhel_iso is defined and rhel_iso | length > 0 else omit }}"
ide2: "{{ hypervisor_storage }}:cloudinit" ide2: "{{ hypervisor_storage }}:cloudinit"
net: net:
net0: virtio,bridge={{ vm_nif }}{% if vlan_name | length > 0 %},tag={{ vlan_name }}{% endif %} net0: virtio,bridge={{ vm_nif }}{% if vlan_name is defined and vlan_name | length > 0 %},tag={{ vlan_name }}{% endif %}
ipconfig: ipconfig:
ipconfig0: >- ipconfig0: >-
{{ {{
'ip=' ~ vm_ip ~ '/' ~ vm_nms 'ip=' ~ vm_ip ~ '/' ~ vm_nms
~ (',gw=' ~ vm_gw if vm_gw | length else '') ~ (',gw=' ~ vm_gw if vm_gw is defined and vm_gw | length else '')
if vm_ip | length if vm_ip is defined and vm_ip | length
else 'ip=dhcp' else 'ip=dhcp'
}} }}
nameservers: "{{ virtualization_dns_list if virtualization_dns_list | length else omit }}" nameservers: "{{ virtualization_dns_list if virtualization_dns_list | length else omit }}"

10
roles/virtualization/tasks/vmware.yml
View File

@@ -8,11 +8,11 @@
validate_certs: false validate_certs: false
datacenter: "{{ hypervisor_datacenter }}" datacenter: "{{ hypervisor_datacenter }}"
cluster: "{{ hypervisor_cluster }}" cluster: "{{ hypervisor_cluster }}"
folder: "{{ vm_path if vm_path | length > 0 else omit }}" folder: "{{ vm_path if vm_path is defined and vm_path | length > 0 else omit }}"
name: "{{ hostname }}" name: "{{ hostname }}"
guest_id: otherLinux64Guest guest_id: otherLinux64Guest
annotation: | annotation: |
{{ note }} {{ note if note is defined else '' }}
state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}" state: "{{ 'poweredoff' if virtualization_tpm2_enabled | bool else 'poweredon' }}"
disk: disk:
- size_gb: "{{ vm_size }}" - size_gb: "{{ vm_size }}"
@@ -41,12 +41,12 @@
"state": "present", "state": "present",
"type": "iso", "type": "iso",
"iso_path": rhel_iso "iso_path": rhel_iso
} ] if rhel_iso | length > 0 else [] ) } ] if rhel_iso is defined and rhel_iso | length > 0 else [] )
}} }}
networks: networks:
- name: "{{ vm_nif }}" - name: "{{ vm_nif }}"
type: dhcp type: dhcp
vlan: "{{ vlan_name if vlan_name | length > 0 else omit }}" vlan: "{{ vlan_name if vlan_name is defined and vlan_name | length > 0 else omit }}"
- name: Ensure vTPM2 is enabled when required - name: Ensure vTPM2 is enabled when required
when: virtualization_tpm2_enabled | bool when: virtualization_tpm2_enabled | bool
@@ -57,7 +57,7 @@
password: "{{ hypervisor_password }}" password: "{{ hypervisor_password }}"
validate_certs: false validate_certs: false
datacenter: "{{ hypervisor_datacenter }}" datacenter: "{{ hypervisor_datacenter }}"
folder: "{{ vm_path if vm_path | length > 0 else omit }}" folder: "{{ vm_path if vm_path is defined and vm_path | length > 0 else omit }}"
name: "{{ hostname }}" name: "{{ hostname }}"
state: present state: present

14
roles/virtualization/templates/cloud-network-config.yml.j2
View File

@@ -4,27 +4,27 @@ network:
id0: id0:
match: match:
macaddress: "{{ virtualization_mac_address }}" macaddress: "{{ virtualization_mac_address }}"
{% set has_static = vm_ip | length %} {% set has_static = vm_ip is defined and vm_ip | length %}
{% set dns_value = vm_dns %} {% set dns_value = vm_dns if vm_dns is defined else '' %}
{% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %} {% set dns_list_raw = dns_value if dns_value is iterable and dns_value is not string else dns_value.split(',') %}
{% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %} {% set dns_list = dns_list_raw | map('trim') | reject('equalto', '') | list %}
{% set search_value = vm_dns_search %} {% set search_value = vm_dns_search if vm_dns_search is defined else '' %}
{% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %} {% set search_list_raw = search_value if search_value is iterable and search_value is not string else search_value.split(',') %}
{% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %} {% set search_list = search_list_raw | map('trim') | reject('equalto', '') | list %}
{% if has_static %} {% if has_static %}
addresses: addresses:
- "{{ vm_ip }}/{{ vm_nms }}" - "{{ vm_ip }}/{{ vm_nms }}"
{% if vm_gw | length %} {% if vm_gw is defined and vm_gw | length %}
gateway4: "{{ vm_gw }}" gateway4: "{{ vm_gw }}"
{% endif %} {% endif %}
{% else %} {% else %}
dhcp4: true dhcp4: true
{% if (vm_dns | length) or (vm_dns_search | length) %} {% if (vm_dns is defined and vm_dns | length) or (vm_dns_search is defined and vm_dns_search | length) %}
dhcp4-overrides: dhcp4-overrides:
{% if vm_dns | length %} {% if vm_dns is defined and vm_dns | length %}
use-dns: false use-dns: false
{% endif %} {% endif %}
{% if vm_dns_search | length %} {% if vm_dns_search is defined and vm_dns_search | length %}
use-domains: false use-domains: false
{% endif %} {% endif %}
{% endif %} {% endif %}

4
roles/virtualization/templates/vm.xml.j2
View File

@@ -1,7 +1,7 @@
<domain type='kvm'> <domain type='kvm'>
<name>{{ hostname }}</name> <name>{{ hostname }}</name>
<memory>{{ vm_memory | int * 1024 }}</memory> <memory>{{ vm_memory | int * 1024 }}</memory>
{% if vm_ballo | int > 0 %}<currentMemory>{{ vm_ballo | int * 1024 }}</currentMemory>{% endif %} {% if vm_ballo is defined and vm_ballo | int > 0 %}<currentMemory>{{ vm_ballo | int * 1024 }}</currentMemory>{% endif %}
<vcpu placement='static'>{{ vm_cpus }}</vcpu> <vcpu placement='static'>{{ vm_cpus }}</vcpu>
<os> <os>
<type arch='x86_64' machine="pc-q35-8.0">hvm</type> <type arch='x86_64' machine="pc-q35-8.0">hvm</type>
@@ -37,7 +37,7 @@
<source file="{{ virtualization_libvirt_cloudinit_path }}"/> <source file="{{ virtualization_libvirt_cloudinit_path }}"/>
<target dev="sdb" bus="sata"/> <target dev="sdb" bus="sata"/>
</disk> </disk>
{% if rhel_iso | length > 0 %} {% if rhel_iso is defined and rhel_iso | length > 0 %}
<disk type="file" device="cdrom"> <disk type="file" device="cdrom">
<driver name="qemu" type="raw"/> <driver name="qemu" type="raw"/>
<source file="{{ rhel_iso }}"/> <source file="{{ rhel_iso }}"/>