sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
290 Commits 1 Branch 0 Tags
21bf8f79e2c9ece8133b568de2b65015899338f5
Commit Graph

242 Commits

Author SHA1 Message Date
Sandwich
21bf8f79e2 fix(cis): make mlkem768x25519-sha256 KexAlgorithm conditional on OpenSSH 9.9+ 2026-02-20 21:50:58 +01:00
Sandwich
38feff4369 fix(cis): use is_rhel for journald config path instead of fedora-only check 2026-02-20 21:50:55 +01:00
Sandwich
404529e8a4 refactor(configuration): add conditional dispatch to task includes 2026-02-20 21:16:52 +01:00
Sandwich
3db18858c3 refactor(cis): move OS-specific binary resolution to vars/main.yml 2026-02-20 21:16:48 +01:00
Sandwich
72a9576abe refactor(configuration): split network.yml into per-init-system dispatch files 2026-02-20 21:16:45 +01:00
Sandwich
462c2c7dfe refactor(bootstrap): restructure conditional package lists to list concatenation 2026-02-20 21:16:40 +01:00
Sandwich
ef8bfeaf84 refactor(configuration): convert services.yml to list-based loop 2026-02-20 21:16:37 +01:00
Sandwich
ba6be037ac refactor(virt): adopt module_defaults for hypervisor credentials 2026-02-20 21:16:33 +01:00
Sandwich
5ca1c7f570 refactor(cleanup): restructure dispatch to use hypervisor_type include 2026-02-20 21:16:28 +01:00
Sandwich
cd8e477534 refactor(partitioning): extract VG name to defaults variable 2026-02-20 21:16:25 +01:00
Sandwich
c439e9741e fix(configuration): remove trailing blank line from extras.yml 2026-02-20 20:20:33 +01:00
Sandwich
0a5c70e49f docs(environment): document RPM GPG policy relaxation 2026-02-20 20:19:57 +01:00
Sandwich
230c74fd9b feat(system_check): add safety check for physical installs 2026-02-20 20:19:37 +01:00
Sandwich
a2c19e2e49 fix(cleanup): fix vmware CD-ROM omit fragility and add cross-role defaults 2026-02-20 20:19:25 +01:00
Sandwich
9f9a4b38b8 fix(virtualization): add XML safety attributes and switch xen to virtio 2026-02-20 20:18:49 +01:00
Sandwich
524356cf8d fix(cis): remove deprecated sshd options and update hardening values 2026-02-20 20:17:52 +01:00
Sandwich
a2993212ca fix(configuration): disambiguate BLS task names and clean up misc noise 2026-02-20 20:17:05 +01:00
Sandwich
fba2e5fc94 refactor(configuration): relocate login banner and fix blockinfile markers 2026-02-20 20:16:19 +01:00
Sandwich
cf68a93b45 fix(configuration): use short hostname and allow per-user shell 2026-02-20 20:15:49 +01:00
Sandwich
3000268a0e fix(partitioning): mount extra disks by UUID instead of device path 2026-02-20 20:15:25 +01:00
Sandwich
196c5be67a fix(partitioning): correct LVM swap sizing and harden UUID fallbacks 2026-02-20 20:15:00 +01:00
Sandwich
33bad193b4 fix(configuration): add trailing semicolons to NM keyfile DNS fields 2026-02-20 20:14:06 +01:00
Sandwich
d5277802f7 fix(bootstrap): add missing packages and remove duplicates 2026-02-20 20:13:53 +01:00
Sandwich
28e6cf50d1 fix(bootstrap): add devpts mount and use ephemeral state for RHEL DVD 2026-02-20 20:12:59 +01:00
Sandwich
42cb5071c2 fix(bootstrap): unify resolv.conf to live environment DNS symlink 2026-02-20 20:12:42 +01:00
Sandwich
23a798a63a fix(global_defaults): add no_log to hypervisor tasks and expand validation 2026-02-20 20:11:37 +01:00
Sandwich
5dd84c6b39 fix: configurable OVMF/machine type, routes syntax, package lists, interface names 2026-02-20 18:47:12 +01:00
Sandwich
d0ae20911b fix(cleanup): keep RHEL ISO ide1 attached as local repo 2026-02-20 18:41:40 +01:00
Sandwich
b6d06dd96d fix: deep analysis audit — no_log, resolv.conf, service conflicts, lint 2026-02-20 18:34:59 +01:00
Sandwich
09b3ed44ba fix(bootstrap): RHEL 9 bootstrap from Arch ISO compatibility 
- Generate resolv.conf from inventory DNS settings instead of copying
  host file (Arch ISO has systemd-resolved stub 127.0.0.53)
- Add XFS compat options for GRUB 2.06 and kernel 5.14 across LVM
  volumes, /boot partition, and data disks
- Mount API filesystems (proc, sys, dev) into chroot for RPM scriptlets
- Bypass GPG Sequoia validation with _pkgverify_level none
- Tolerate grub2-common scriptlet warnings
- Handle libvirt VM destroy gracefully during cleanup
 2026-02-20 16:58:59 +01:00
Sandwich
1c0e6533ae fix(ubuntu): add initramfs-tools to debootstrap base packages 2026-02-20 16:58:59 +01:00
Sandwich
00aa614cfd fix(bootstrap): use explicit keyring for debootstrap and copy resolv.conf 2026-02-20 16:58:59 +01:00
Sandwich
4905d10bc0 fix(cloud-init): handle boolean sudo values in user-data template 2026-02-20 16:58:59 +01:00
Sandwich
2a82ee4d5c fix: resolve Jinja2 .keys ambiguity, fastfetch availability, and python interpreter 
- Use bracket notation item['keys'] instead of item.keys to avoid
  conflict with Python dict .keys() method
- Remove fastfetch from Debian 12 package list (only available in 13+)
- Set explicit python interpreter path for post-reboot tasks
 2026-02-20 16:58:58 +01:00
Sandwich
7b213e7456 fix(partitioning): create separate /boot for LVM-based filesystems 
VMware EFI firmware may not initialize all SCSI devices before GRUB
runs, preventing LVM assembly when the root LV spans multiple disks.
A separate /boot partition (the standard RHEL Anaconda layout) lets
GRUB load kernels without LVM; the kernel initramfs handles LVM
activation with proper device waiting.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 04:50:32 +01:00
Sandwich
cfc261878a fix(bootloader): run efibootmgr on host for universal chroot compatibility 
The previous approach ran efibootmgr inside the chroot, which only works
with arch-chroot (auto-mounts efivars) but fails silently with
systemd-nspawn or plain chroot. Move EFI boot entry creation to the host
where efivars is always available.

Also fixes wrong EFI loader path (\efi\EFI\... -> \EFI\...) and uses
the correct vendor label (e.g. "redhat" instead of raw os variable).

For non-RHEL distros, grub-install now uses --no-nvram to avoid
redundant NVRAM writes; the host efibootmgr handles entry creation
for all distros uniformly with idempotent pre-check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 03:36:20 +01:00
Sandwich
eeb580f180 refactor(standardize): fix sudoers lecture syntax, extract ssh config, remove redundant os filters 2026-02-13 00:22:59 +01:00
Sandwich
af5eecfc01 fix(configuration): correct fstab regexp escaping, sudoers newline, locales block scope 2026-02-13 00:02:54 +01:00
Sandwich
bc43b3b994 refactor(standardize): remove redundant variables, deduplicate conditionals 2026-02-12 23:47:41 +01:00
Sandwich
29d365293c fix(banner): correct visudo validate, clean trailing whitespace 2026-02-12 23:33:55 +01:00
Sandwich
c8806c9577 refactor(standardize): remove dead code, fix inconsistencies, update docs 2026-02-12 23:21:51 +01:00
Sandwich
debd1e176f refactor(bootstrap): standardize patterns, extract common logic, remove dead code 2026-02-12 23:14:17 +01:00
Sandwich
8f8ce341ae refactor(users): migrate system.user to system.users[] for multi-user support 2026-02-12 22:52:15 +01:00
Sandwich
66057bc9b2 feat(network): make interfaces[] canonical, normalize flat fields as AWX compat 2026-02-12 22:17:02 +01:00
Sandwich
5108e46a4c fix(lint): wrap long lines to satisfy yaml[line-length] rule 2026-02-12 21:54:09 +01:00
Sandwich
67c320fcc2 fix(vars): enforce strict list-only DNS and user.key format for IaC compatibility 2026-02-12 21:50:55 +01:00
Sandwich
f8eaa41fc2 fix(partitioning): register swapoff result for changed_when handling 2026-02-11 23:47:36 +01:00
Sandwich
ed8da6e4e2 fix(luks): complete migration of partitioning_luks_tpm2_device reference 2026-02-11 23:28:05 +01:00
Sandwich
a60e6fd0d3 refactor(bootstrap): nest network fields under system.network to match main project schema 2026-02-11 23:03:37 +01:00
Sandwich
45c002c2dd fix(bootstrap): correct changed_when on state-changing commands 2026-02-11 21:06:10 +01:00