From e37b5a535b1ad943b4a809737796abc11dc7151f Mon Sep 17 00:00:00 2001 From: Sandwich Date: Mon, 28 Oct 2024 19:20:05 +0100 Subject: [PATCH] Specify changed_when for shell commands --- main.yml | 2 ++ roles/bootstrap/tasks/main.yml | 15 +++++++++++++ roles/cleanup/tasks/main.yml | 2 ++ roles/configuration/tasks/main.yml | 29 +++++++++++++++++++++++++- roles/environment/tasks/main.yml | 10 +++++++++ roles/partitioning/tasks/btrfs.yml | 6 ++++++ roles/partitioning/tasks/ext4.yml | 2 ++ roles/partitioning/tasks/main.yml | 2 ++ roles/virtualization/tasks/libvirt.yml | 4 ++++ 9 files changed, 71 insertions(+), 1 deletion(-) diff --git a/main.yml b/main.yml index 9a79141..fc33ee5 100644 --- a/main.yml +++ b/main.yml @@ -88,3 +88,5 @@ when: hypervisor != "libvirt" ansible.builtin.command: reboot failed_when: false + changed_when: result.rc == 0 + register: result diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index ea64ca8..ea26b3e 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -9,9 +9,14 @@ - name: Bootstrap ArchLinux when: os | lower == 'archlinux' ansible.builtin.command: pacstrap /mnt {{ role_packages.archlinux | join(' ') }} --asexplicit + changed_when: result.rc == 0 + register: result + - name: Bootstrap Debian System when: os | lower in ['debian11', 'debian12'] ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - | debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'bullseye' if os == 'debian11' else 'bookworm' }} \ @@ -22,6 +27,8 @@ - name: Bootstrap Ubuntu System when: os | lower in ['ubuntu', 'ubuntu-lts'] ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - | debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'mantic' if os == 'ubuntu' else 'jammy' }} \ @@ -33,6 +40,8 @@ - name: Bootstrap AlmaLinux 9 when: os | lower == 'almalinux' ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf @@ -41,6 +50,8 @@ - name: Bootstrap Fedora 40 when: os | lower == 'fedora' ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - | dnf --releasever=40 --best --repo=fedora --repo=fedora-updates \ @@ -51,6 +62,8 @@ - name: Bootstrap RockyLinux 9 when: os | lower == 'rocky' ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf @@ -59,6 +72,8 @@ - name: Bootstrap RHEL System when: os | lower in ['rhel8', 'rhel9'] ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - dnf --releasever={{ '8' if os == 'rhel8' else '9' }} --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - echo 'nameserver 1.0.0.1' > /mnt/etc/resolv.conf diff --git a/roles/cleanup/tasks/main.yml b/roles/cleanup/tasks/main.yml index 43e59af..5955a3b 100644 --- a/roles/cleanup/tasks/main.yml +++ b/roles/cleanup/tasks/main.yml @@ -64,6 +64,8 @@ when: cdrom_devices.stdout_lines | length > 0 ansible.builtin.command: virsh --connect qemu:///system detach-disk {{ hostname }} {{ item }} --persistent with_items: "{{ cdrom_devices.stdout_lines }}" + changed_when: result.rc == 0 + register: result - name: Start the VM community.libvirt.virt: diff --git a/roles/configuration/tasks/main.yml b/roles/configuration/tasks/main.yml index 55f8d26..7f29e73 100644 --- a/roles/configuration/tasks/main.yml +++ b/roles/configuration/tasks/main.yml @@ -3,6 +3,9 @@ block: - name: Generate fstab ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab + changed_when: result.rc == 0 + register: result + - name: Append TempFS to fstab ansible.builtin.lineinfile: path: /mnt/etc/fstab @@ -17,6 +20,8 @@ - name: Set local timezone ansible.builtin.command: "{{ item }}" + changed_when: result.rc == 0 + register: result with_items: - systemctl daemon-reload - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime @@ -32,9 +37,12 @@ loop: - { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 } - - name: Generate locales\ + - name: Generate locales when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky'] ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen + changed_when: result.rc == 0 + register: result + - name: Set hostname ansible.builtin.copy: content: "{{ hostname }}" @@ -70,6 +78,9 @@ - name: Enable sshd when: os | lower == "archlinux" ansible.builtin.command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager + changed_when: result.rc == 0 + register: result + - name: Configure grub when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky'] block: @@ -94,6 +105,9 @@ {% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }} --bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }} {% endif %} + changed_when: result.rc == 0 + register: result + - name: Generate grub config ansible.builtin.command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/grub2-mkconfig @@ -101,6 +115,9 @@ {% else %}/usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }} {% endif %} + changed_when: result.rc == 0 + register: result + - name: Regenerate initramfs when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] ansible.builtin.command: arch-chroot /mnt @@ -108,6 +125,9 @@ {% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force {% else %} echo "Skipping initramfs regeneration" {% endif %} + changed_when: result.rc == 0 + register: result + - name: Extra Configuration block: - name: Append lines to vimrc @@ -140,10 +160,12 @@ block: - name: Generate UUID for Network Profile ansible.builtin.command: uuidgen + changed_when: net_uuid.rc == 0 register: net_uuid - name: Retrieve Network Interface Name ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}' + changed_when: net_inf.rc == 0 register: net_inf - name: Copy NetworkManager keyfile @@ -161,6 +183,8 @@ {{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash + changed_when: result.rc == 0 + register: result - name: Add SSH public key to authorized_keys when: user_public_key is defined @@ -184,6 +208,9 @@ - name: Relabel the filesystem when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky'] ansible.builtin.command: touch /mnt/.autorelabel + changed_when: result.rc == 0 + register: result + - name: Disable SELinux when: os | lower == "fedora" ansible.builtin.lineinfile: diff --git a/roles/environment/tasks/main.yml b/roles/environment/tasks/main.yml index b6b9584..c09b2af 100644 --- a/roles/environment/tasks/main.yml +++ b/roles/environment/tasks/main.yml @@ -23,16 +23,26 @@ - name: Setect Interface when: hypervisor == "vmware" ansible.builtin.shell: "set -o pipefail && ip l | awk -F': ' '!/lo/{print $2; exit}'" + changed_when: interface_name.rc == 0 register: interface_name - name: Set IP-Address when: hypervisor == "vmware" ansible.builtin.command: ip addr replace {{ ansible_host }}/24 dev {{ interface_name.stdout }} + changed_when: result.rc == 0 + register: result + - name: Set Default Gateway when: hypervisor == "vmware" ansible.builtin.command: ip route replace default via {{ vm_gw }} + changed_when: result.rc == 0 + register: result + - name: Synchronize clock via NTP ansible.builtin.command: timedatectl set-ntp true + changed_when: result.rc == 0 + register: result + - name: Speed-up Bootstrap process ansible.builtin.lineinfile: path: /etc/pacman.conf diff --git a/roles/partitioning/tasks/btrfs.yml b/roles/partitioning/tasks/btrfs.yml index edd01b5..7bb3c23 100644 --- a/roles/partitioning/tasks/btrfs.yml +++ b/roles/partitioning/tasks/btrfs.yml @@ -17,10 +17,14 @@ - name: Enable quotas on Btrfs filesystem ansible.builtin.command: btrfs quota enable /mnt + changed_when: result.rc == 0 + register: result - name: Make root subvolumes when: cis | bool or item.subvol not in ['var_log', 'var_log_audit'] ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} + changed_when: result.rc == 0 + register: result loop: - { subvol: root } - { subvol: home } @@ -31,6 +35,8 @@ - name: Set quotas for subvolumes when: cis | bool or item.subvol not in ['var_log', 'var_log_audit'] ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} + changed_when: result.rc == 0 + register: result loop: - { subvol: home, quota: 2G } diff --git a/roles/partitioning/tasks/ext4.yml b/roles/partitioning/tasks/ext4.yml index fc37ddb..e89105f 100644 --- a/roles/partitioning/tasks/ext4.yml +++ b/roles/partitioning/tasks/ext4.yml @@ -15,6 +15,8 @@ - name: Remove Unsupported features for older Systems when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky', 'ubuntu-lts']) and (cis | bool or item.lv not in ['var_log', 'var_log_audit']) ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}" + changed_when: result.rc == 0 + register: result loop: - { lv: root } - { lv: home } diff --git a/roles/partitioning/tasks/main.yml b/roles/partitioning/tasks/main.yml index f38c0f3..d5c0de8 100644 --- a/roles/partitioning/tasks/main.yml +++ b/roles/partitioning/tasks/main.yml @@ -4,6 +4,8 @@ - name: Prepare partitions failed_when: false ansible.builtin.command: "{{ item.cmd }}" + changed_when: result.rc == 0 + register: result loop: - { cmd: umount -l /mnt } - { cmd: vgremove -f sys } diff --git a/roles/virtualization/tasks/libvirt.yml b/roles/virtualization/tasks/libvirt.yml index 267fab0..458d566 100644 --- a/roles/virtualization/tasks/libvirt.yml +++ b/roles/virtualization/tasks/libvirt.yml @@ -9,6 +9,8 @@ when: not vm_disk_stat.stat.exists delegate_to: localhost ansible.builtin.command: qemu-img create -f qcow2 {{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2 {{ vm_size }}G + changed_when: result.rc == 0 + register: result - name: Generate Random MAC Address delegate_to: localhost @@ -32,6 +34,8 @@ {{ vm_path | default('/var/lib/libvirt/images/') }} {{ hostname }}-cloudinit.iso /tmp/cloud-user-data-{{ hostname }}.yml -N /tmp/cloud-network-config-{{ hostname }}.yml + changed_when: result.rc == 0 + register: result - name: Create VM using libvirt delegate_to: localhost