sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(bootstrap): nest network fields under system.network to match main project schema

Browse Source
This commit is contained in:
Sandwich
2026-02-11 23:01:39 +01:00
parent 45c002c2dd
commit a60e6fd0d3
19 changed files with 185 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@@ -108,7 +108,8 @@ all:
cpus: 2
memory: 4096
balloon: 0
network: vmbr0
network:
bridge: vmbr0
ip: 10.0.0.10
prefix: 24
gateway: 10.0.0.1
@@ -168,26 +169,26 @@ Top-level host install/runtime settings. Use these keys under `system`.
| `cpus` | int | `0` | vCPU count |
| `memory` | int | `0` | Memory in MiB |
| `balloon` | int | `0` | Balloon memory in MiB |
| `network` | string | empty | Hypervisor network/bridge |
| `vlan` | string/int | empty | VLAN tag |
| `ip` | string | empty | Static IP (omit for DHCP) |
| `prefix` | int | empty | CIDR prefix for static IP |
| `gateway` | string | empty | Default gateway (static only) |
| `path` | string | empty | Hypervisor folder/path (libvirt/vmware) |
| `packages` | list | `[]` | Additional packages installed post-reboot |
| `dns` | dict | see below | DNS configuration |
| `network` | dict | see below | Network configuration |
| `disks` | list | `[]` | Disk layout (see [Multi-Disk Schema](#45-multi-disk-schema)) |
| `user` | dict | see below | User account settings |
| `root` | dict | see below | Root account settings |
| `luks` | dict | see below | Encryption settings |
| `features` | dict | see below | Feature toggles |
#### `system.dns`
#### `system.network`
| Key | Type | Default | Description |
| --------- | ----------- | ------- | --------------------------------------------------- |
| `servers` | list/string | `[]` | DNS resolvers; comma-separated string is normalized |
| `search` | list/string | `[]` | Search domains; comma-separated string is normalized |
| -------------- | ----------- | ------- | --------------------------------------------------- |
| `bridge` | string | empty | Hypervisor network/bridge name |
| `vlan` | string/int | empty | VLAN tag |
| `ip` | string | empty | Static IP (omit for DHCP) |
| `prefix` | int | empty | CIDR prefix for static IP |
| `gateway` | string | empty | Default gateway (static only) |
| `dns.servers` | list/string | `[]` | DNS resolvers; comma-separated string is normalized |
| `dns.search` | list/string | `[]` | Search domains; comma-separated string is normalized |
#### `system.user`
@@ -386,7 +387,7 @@ To protect sensitive information such as passwords, API keys, and other confiden
- For virtual installs, `system.cpus`, `system.memory`, and `system.disks[0].size` are required and validated.
- For physical installs, sizing is derived from the detected install drive; set installer access (`ansible_user`/`ansible_password`) when the installer environment differs from the prompted user credentials.
- `system.dns.servers` and `system.dns.search` accept either YAML lists or comma-separated strings.
- `system.network.dns.servers` and `system.network.dns.search` accept either YAML lists or comma-separated strings.
- `hypervisor.type` selects backend-specific provisioning and cleanup behavior.
- Guest tools are selected automatically by hypervisor: `qemu-guest-agent` for `libvirt`/`proxmox`, `open-vm-tools` for `vmware`.
- With `system.luks.method: tpm2` on virtual installs, the virtualization role enables a TPM2 device where supported (libvirt/proxmox/vmware).

6
inventory_example.yml
View File

@@ -23,7 +23,8 @@ all:
cpus: 2
memory: 4096
balloon: 0
network: "vmbr0"
network:
bridge: "vmbr0"
ip: 10.0.0.10
prefix: 24
gateway: 10.0.0.1
@@ -82,7 +83,8 @@ all:
id: 101
cpus: 4
memory: 8192
network: "vmbr0"
network:
bridge: "vmbr0"
ip: 10.0.0.11
prefix: 24
gateway: 10.0.0.1

9
inventory_libvirt_example.yml
View File

@@ -22,7 +22,8 @@ all:
name: "web01.local"
cpus: 2
memory: 2048
network: "default"
network:
bridge: "default"
ip: 192.168.122.20
prefix: 24
gateway: 192.168.122.1
@@ -63,7 +64,8 @@ all:
name: "db01.local"
cpus: 4
memory: 4096
network: "default"
network:
bridge: "default"
ip: 192.168.122.21
prefix: 24
gateway: 192.168.122.1
@@ -103,7 +105,8 @@ all:
name: "compute01.local"
cpus: 8
memory: 8192
network: "default"
network:
bridge: "default"
ip: 192.168.122.22
prefix: 24
gateway: 192.168.122.1

2
main.yml
View File

@@ -103,7 +103,7 @@
post_reboot_can_connect: >-
{{
(ansible_connection | default('ssh')) != 'ssh'
or ((system_cfg.ip | default('') | string | length) > 0)
or ((system_cfg.network.ip | default('') | string | length) > 0)
or (
system_cfg.type == 'physical'
and (ansible_host | default('') | string | length) > 0

2
roles/cleanup/tasks/virtual.yml
View File

@@ -26,7 +26,7 @@
if post_reboot_can_connect is defined
else (
(ansible_connection | default('ssh')) != 'ssh'
or ((system_cfg.ip | default('') | string | length) > 0)
or ((system_cfg.network.ip | default('') | string | length) > 0)
or (
system_cfg.type == 'physical'
and (ansible_host | default('') | string | length) > 0

8
roles/configuration/tasks/locales.yml
View File

@@ -31,7 +31,7 @@
- name: Set hostname
vars:
configuration_dns_domain: "{{ (system_cfg.dns.search | default([]) | first | default('')) | string }}"
configuration_dns_domain: "{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}"
configuration_hostname_fqdn: >-
{{
hostname
@@ -49,7 +49,7 @@
- name: Add host entry to /etc/hosts
vars:
configuration_dns_domain: "{{ (system_cfg.dns.search | default([]) | first | default('')) | string }}"
configuration_dns_domain: "{{ (system_cfg.network.dns.search | default([]) | first | default('')) | string }}"
configuration_hostname_fqdn: >-
{{
hostname
@@ -65,8 +65,8 @@
{{ [configuration_hostname_fqdn, configuration_hostname_short] | unique | join(' ') }}
configuration_hosts_ip: >-
{{
system_cfg.ip
if system_cfg.ip is defined and (system_cfg.ip | string | length) > 0
system_cfg.network.ip
if system_cfg.network.ip is defined and (system_cfg.network.ip | string | length) > 0
else inventory_hostname
}}
configuration_hosts_line: >-

32
roles/configuration/tasks/network.yml
View File

@@ -101,13 +101,13 @@
- name: Configure Alpine networking
when: os | lower == "alpine"
vars:
configuration_dns_list: "{{ system_cfg.dns.servers | default([]) }}"
configuration_dns_list: "{{ system_cfg.network.dns.servers | default([]) }}"
configuration_alpine_static: >-
{{
system_cfg.ip is defined
and system_cfg.ip | string | length > 0
and system_cfg.prefix is defined
and (system_cfg.prefix | string | length) > 0
system_cfg.network.ip is defined
and system_cfg.network.ip | string | length > 0
and system_cfg.network.prefix is defined
and (system_cfg.network.prefix | string | length) > 0
}}
block:
- name: Write Alpine network interfaces
@@ -121,9 +121,9 @@
auto {{ configuration_net_inf }}
iface {{ configuration_net_inf }} inet {{ 'static' if configuration_alpine_static | bool else 'dhcp' }}
{% if configuration_alpine_static | bool %}
address {{ system_cfg.ip }}/{{ system_cfg.prefix }}
{% if system_cfg.gateway is defined and system_cfg.gateway | string | length %}
gateway {{ system_cfg.gateway }}
address {{ system_cfg.network.ip }}/{{ system_cfg.network.prefix }}
{% if system_cfg.network.gateway is defined and system_cfg.network.gateway | string | length %}
gateway {{ system_cfg.network.gateway }}
{% endif %}
{% endif %}
@@ -140,13 +140,13 @@
- name: Configure Void networking
when: os | lower == "void"
vars:
configuration_dns_list: "{{ system_cfg.dns.servers | default([]) }}"
configuration_dns_list: "{{ system_cfg.network.dns.servers | default([]) }}"
configuration_void_static: >-
{{
system_cfg.ip is defined
and system_cfg.ip | string | length > 0
and system_cfg.prefix is defined
and (system_cfg.prefix | string | length) > 0
system_cfg.network.ip is defined
and system_cfg.network.ip | string | length > 0
and system_cfg.network.prefix is defined
and (system_cfg.network.prefix | string | length) > 0
}}
block:
- name: Write dhcpcd configuration for static networking
@@ -156,9 +156,9 @@
mode: "0644"
content: |
interface {{ configuration_net_inf }}
static ip_address={{ system_cfg.ip }}/{{ system_cfg.prefix }}
{% if system_cfg.gateway is defined and system_cfg.gateway | string | length %}
static routers={{ system_cfg.gateway }}
static ip_address={{ system_cfg.network.ip }}/{{ system_cfg.network.prefix }}
{% if system_cfg.network.gateway is defined and system_cfg.network.gateway | string | length %}
static routers={{ system_cfg.network.gateway }}
{% endif %}
{% if configuration_dns_list | length > 0 %}
static domain_name_servers={{ configuration_dns_list | join(' ') }}

8
roles/configuration/templates/network.j2
View File

@@ -4,10 +4,10 @@ uuid={{ configuration_net_uuid }}
type=ethernet
[ipv4]
{% set dns_list = system_cfg.dns.servers | default([]) %}
{% set search_list = system_cfg.dns.search | default([]) %}
{% if system_cfg.ip is defined and system_cfg.ip | string | length %}
address1={{ system_cfg.ip }}/{{ system_cfg.prefix }}{{ (',' ~ system_cfg.gateway) if (system_cfg.gateway is defined and system_cfg.gateway | string | length) else '' }}
{% set dns_list = system_cfg.network.dns.servers | default([]) %}
{% set search_list = system_cfg.network.dns.search | default([]) %}
{% if system_cfg.network.ip is defined and system_cfg.network.ip | string | length %}
address1={{ system_cfg.network.ip }}/{{ system_cfg.network.prefix }}{{ (',' ~ system_cfg.network.gateway) if (system_cfg.network.gateway is defined and system_cfg.network.gateway | string | length) else '' }}
method=manual
{% else %}
method=auto

10
roles/environment/tasks/main.yml
View File

@@ -98,9 +98,9 @@
- name: Set IP-Address
when:
- hypervisor_type == "vmware"
- system_cfg.ip is defined and system_cfg.ip | string | length > 0
- system_cfg.network.ip is defined and system_cfg.network.ip | string | length > 0
ansible.builtin.command: >-
ip addr replace {{ system_cfg.ip }}/{{ system_cfg.prefix }}
ip addr replace {{ system_cfg.network.ip }}/{{ system_cfg.network.prefix }}
dev {{ environment_interface_name }}
register: environment_ip_result
changed_when: environment_ip_result.rc == 0
@@ -108,9 +108,9 @@
- name: Set Default Gateway
when:
- hypervisor_type == "vmware"
- system_cfg.gateway is defined and system_cfg.gateway | string | length > 0
- system_cfg.ip is defined and system_cfg.ip | string | length > 0
ansible.builtin.command: "ip route replace default via {{ system_cfg.gateway }}"
- system_cfg.network.gateway is defined and system_cfg.network.gateway | string | length > 0
- system_cfg.network.ip is defined and system_cfg.network.ip | string | length > 0
ansible.builtin.command: "ip route replace default via {{ system_cfg.network.gateway }}"
register: environment_gateway_result
changed_when: environment_gateway_result.rc == 0

3
roles/global_defaults/defaults/main.yml
View File

@@ -27,7 +27,8 @@ system_defaults:
cpus: 0
memory: 0 # MiB
balloon: 0 # MiB
network: ""
network:
bridge: ""
vlan: ""
ip: ""
prefix: ""

29
roles/global_defaults/tasks/system.yml
View File

@@ -8,12 +8,12 @@
ansible.builtin.assert:
that:
- system is mapping
- system.dns is not defined or system.dns is mapping
- system.network is not defined or system.network is mapping
- system.user is not defined or system.user is mapping
- system.root is not defined or system.root is mapping
- system.luks is not defined or system.luks is mapping
- system.features is not defined or system.features is mapping
fail_msg: "system and its nested keys (dns, user, root, luks, features) must be dictionaries."
fail_msg: "system and its nested keys (network, user, root, luks, features) must be dictionaries."
quiet: true
- name: Validate system features input types
@@ -57,23 +57,24 @@
cpus: "{{ [system_raw.cpus | default(0) | int, 0] | max }}"
memory: "{{ [system_raw.memory | default(0) | int, 0] | max }}"
balloon: "{{ [system_raw.balloon | default(0) | int, 0] | max }}"
network: "{{ system_raw.network | default('') | string }}"
vlan: "{{ system_raw.vlan | default('') | string }}"
ip: "{{ system_raw.ip | default('') | string }}"
network:
bridge: "{{ system_raw.network.bridge | default('') | string }}"
vlan: "{{ system_raw.network.vlan | default('') | string }}"
ip: "{{ system_raw.network.ip | default('') | string }}"
prefix: >-
{{
(system_raw.prefix | int)
if (system_raw.prefix | default('') | string | length) > 0
(system_raw.network.prefix | int)
if (system_raw.network.prefix | default('') | string | length) > 0
else ''
}}
gateway: "{{ system_raw.gateway | default('') | string }}"
gateway: "{{ system_raw.network.gateway | default('') | string }}"
dns:
servers: >-
{{
(
system_raw.dns.servers
if system_raw.dns.servers is iterable and system_raw.dns.servers is not string
else (system_raw.dns.servers | string).split(',')
system_raw.network.dns.servers
if system_raw.network.dns.servers is iterable and system_raw.network.dns.servers is not string
else (system_raw.network.dns.servers | string).split(',')
)
| map('trim')
| reject('equalto', '')
@@ -82,9 +83,9 @@
search: >-
{{
(
system_raw.dns.search
if system_raw.dns.search is iterable and system_raw.dns.search is not string
else (system_raw.dns.search | string).split(',')
system_raw.network.dns.search
if system_raw.network.dns.search is iterable and system_raw.network.dns.search is not string
else (system_raw.network.dns.search | string).split(',')
)
| map('trim')
| reject('equalto', '')

24
roles/global_defaults/tasks/validation.yml
View File

@@ -50,7 +50,7 @@
- name: Validate nested system mappings
loop:
- dns
- network
- user
- root
- luks
@@ -65,7 +65,7 @@
- name: Validate system sub-dict schemas
loop:
- dns
- network
- user
- root
- luks
@@ -171,8 +171,8 @@
- hypervisor_cfg.host | string | length > 0
- hypervisor_cfg.storage | string | length > 0
- system_cfg.id | string | length > 0
- system_cfg.network | string | length > 0
fail_msg: "Missing required Proxmox inputs. Define hypervisor.(url,username,password,host,storage) and system.(id,network)."
- system_cfg.network.bridge | string | length > 0
fail_msg: "Missing required Proxmox inputs. Define hypervisor.(url,username,password,host,storage), system.id, and system.network.bridge."
quiet: true
- name: Validate VMware hypervisor inputs
@@ -187,8 +187,8 @@
- hypervisor_cfg.datacenter | string | length > 0
- hypervisor_cfg.cluster | string | length > 0
- hypervisor_cfg.storage | string | length > 0
- system_cfg.network | string | length > 0
fail_msg: "Missing required VMware inputs. Define hypervisor.(url,username,password,datacenter,cluster,storage) and system.network."
- system_cfg.network.bridge | string | length > 0
fail_msg: "Missing required VMware inputs. Define hypervisor.(url,username,password,datacenter,cluster,storage) and system.network.bridge."
quiet: true
- name: Validate Xen hypervisor inputs
@@ -197,8 +197,8 @@
- hypervisor_type == "xen"
ansible.builtin.assert:
that:
- system_cfg.network | string | length > 0
fail_msg: "Missing required Xen inputs. Define system.network."
- system_cfg.network.bridge | string | length > 0
fail_msg: "Missing required Xen inputs. Define system.network.bridge."
quiet: true
- name: Validate virtual installer ISO requirement
@@ -322,10 +322,10 @@
label: "{{ item | to_json }}"
- name: Validate static IP requirements
when: system_cfg.ip is defined and (system_cfg.ip | string | length) > 0
when: system_cfg.network.ip is defined and (system_cfg.network.ip | string | length) > 0
ansible.builtin.assert:
that:
- system_cfg.prefix is defined
- (system_cfg.prefix | int) > 0
fail_msg: "system.prefix is required when system.ip is set."
- system_cfg.network.prefix is defined
- (system_cfg.network.prefix | int) > 0
fail_msg: "system.network.prefix is required when system.network.ip is set."
quiet: true

12
roles/virtualization/tasks/proxmox.yml
View File

@@ -48,17 +48,17 @@
ide2: "{{ hypervisor_cfg.storage }}:cloudinit"
net:
net0: >-
virtio,bridge={{ system_cfg.network }}{% if system_cfg.vlan is defined and system_cfg.vlan | string | length > 0 %},tag={{ system_cfg.vlan }}{% endif %}
virtio,bridge={{ system_cfg.network.bridge }}{% if system_cfg.network.vlan is defined and system_cfg.network.vlan | string | length > 0 %},tag={{ system_cfg.network.vlan }}{% endif %}
ipconfig:
ipconfig0: >-
{{
'ip=' ~ system_cfg.ip ~ '/' ~ system_cfg.prefix
~ (',gw=' ~ system_cfg.gateway if system_cfg.gateway is defined and system_cfg.gateway | length else '')
if system_cfg.ip is defined and system_cfg.ip | string | length
'ip=' ~ system_cfg.network.ip ~ '/' ~ system_cfg.network.prefix
~ (',gw=' ~ system_cfg.network.gateway if system_cfg.network.gateway is defined and system_cfg.network.gateway | length else '')
if system_cfg.network.ip is defined and system_cfg.network.ip | string | length
else 'ip=dhcp'
}}
nameservers: "{{ system_cfg.dns.servers if system_cfg.dns.servers | length else omit }}"
searchdomains: "{{ system_cfg.dns.search if system_cfg.dns.search | length else omit }}"
nameservers: "{{ system_cfg.network.dns.servers if system_cfg.network.dns.servers | length else omit }}"
searchdomains: "{{ system_cfg.network.dns.search if system_cfg.network.dns.search | length else omit }}"
onboot: true
state: present

4
roles/virtualization/tasks/vmware.yml
View File

@@ -54,9 +54,9 @@
} ] if rhel_iso is defined and rhel_iso | length > 0 else [] )
}}
networks:
- name: "{{ system_cfg.network }}"
- name: "{{ system_cfg.network.bridge }}"
type: dhcp
vlan: "{{ system_cfg.vlan if system_cfg.vlan is defined and system_cfg.vlan | string | length > 0 else omit }}"
vlan: "{{ system_cfg.network.vlan if system_cfg.network.vlan is defined and system_cfg.network.vlan | string | length > 0 else omit }}"
register: virtualization_vmware_create_result
- name: Set VM created fact when VM was powered on during creation

12
roles/virtualization/templates/cloud-network-config.yml.j2
View File

@@ -4,14 +4,14 @@ network:
id0:
match:
macaddress: "{{ virtualization_mac_address }}"
{% set has_static = system_cfg.ip is defined and system_cfg.ip | string | length %}
{% set dns_list = system_cfg.dns.servers | default([]) %}
{% set search_list = system_cfg.dns.search | default([]) %}
{% set has_static = system_cfg.network.ip is defined and system_cfg.network.ip | string | length %}
{% set dns_list = system_cfg.network.dns.servers | default([]) %}
{% set search_list = system_cfg.network.dns.search | default([]) %}
{% if has_static %}
addresses:
- "{{ system_cfg.ip }}/{{ system_cfg.prefix }}"
{% if system_cfg.gateway is defined and system_cfg.gateway | string | length %}
gateway4: "{{ system_cfg.gateway }}"
- "{{ system_cfg.network.ip }}/{{ system_cfg.network.prefix }}"
{% if system_cfg.network.gateway is defined and system_cfg.network.gateway | string | length %}
gateway4: "{{ system_cfg.network.gateway }}"
{% endif %}
{% else %}
dhcp4: true

2
roles/virtualization/templates/vm.xml.j2
View File

@@ -48,7 +48,7 @@
{% endif %}
<interface type='network'>
<mac address="{{ virtualization_mac_address }}"/>
<source network='{{ system_cfg.network if (system_cfg.network | default('' ) | string | length) > 0 else "default" }}'/>
<source network='{{ system_cfg.network.bridge if (system_cfg.network.bridge | default('' ) | string | length) > 0 else "default" }}'/>
<model type='virtio'/>
</interface>
{% if virtualization_tpm2_enabled %}

2
templates/xen.cfg.j2
View File

@@ -10,7 +10,7 @@ disk = [
'{{ boot_iso }},,hdc,cdrom'{% if rhel_iso is defined and rhel_iso | length > 0 %}, '{{ rhel_iso }},,hdd,cdrom'{% endif %}
{%- endif -%}
]
vif = [ 'bridge={{ system_cfg.network }},model=e1000' ]
vif = [ 'bridge={{ system_cfg.network.bridge }},model=e1000' ]
boot = "{{ 'dc' if xen_installer_media_enabled | bool else 'c' }}"
on_crash = "preserve"
on_poweroff = "destroy"

1
vars_baremetal_example.yml
View File

@@ -10,6 +10,7 @@ system:
name: "{{ inventory_hostname }}"
cpus: 8
memory: 16384
network:
ip: "{{ ansible_host | default('') }}"
prefix: 24
gateway: "10.0.0.1"

3
vars_example.yml
View File

@@ -24,7 +24,8 @@ system:
cpus: 4
memory: 8192
balloon: 0
network: "vmbr0"
network:
bridge: "vmbr0"
ip: "{{ inventory_hostname }}"
prefix: 24
gateway: "10.0.0.1"