sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
275 Commits 1 Branch 0 Tags
9f9a4b38b8d7ba467b4577b9691e72e9d6011db7
Commit Graph

228 Commits

Author SHA1 Message Date
Sandwich
9f9a4b38b8 fix(virtualization): add XML safety attributes and switch xen to virtio 2026-02-20 20:18:49 +01:00
Sandwich
524356cf8d fix(cis): remove deprecated sshd options and update hardening values 2026-02-20 20:17:52 +01:00
Sandwich
a2993212ca fix(configuration): disambiguate BLS task names and clean up misc noise 2026-02-20 20:17:05 +01:00
Sandwich
fba2e5fc94 refactor(configuration): relocate login banner and fix blockinfile markers 2026-02-20 20:16:19 +01:00
Sandwich
cf68a93b45 fix(configuration): use short hostname and allow per-user shell 2026-02-20 20:15:49 +01:00
Sandwich
3000268a0e fix(partitioning): mount extra disks by UUID instead of device path 2026-02-20 20:15:25 +01:00
Sandwich
196c5be67a fix(partitioning): correct LVM swap sizing and harden UUID fallbacks 2026-02-20 20:15:00 +01:00
Sandwich
33bad193b4 fix(configuration): add trailing semicolons to NM keyfile DNS fields 2026-02-20 20:14:06 +01:00
Sandwich
d5277802f7 fix(bootstrap): add missing packages and remove duplicates 2026-02-20 20:13:53 +01:00
Sandwich
28e6cf50d1 fix(bootstrap): add devpts mount and use ephemeral state for RHEL DVD 2026-02-20 20:12:59 +01:00
Sandwich
42cb5071c2 fix(bootstrap): unify resolv.conf to live environment DNS symlink 2026-02-20 20:12:42 +01:00
Sandwich
23a798a63a fix(global_defaults): add no_log to hypervisor tasks and expand validation 2026-02-20 20:11:37 +01:00
Sandwich
5dd84c6b39 fix: configurable OVMF/machine type, routes syntax, package lists, interface names 2026-02-20 18:47:12 +01:00
Sandwich
d0ae20911b fix(cleanup): keep RHEL ISO ide1 attached as local repo 2026-02-20 18:41:40 +01:00
Sandwich
b6d06dd96d fix: deep analysis audit — no_log, resolv.conf, service conflicts, lint 2026-02-20 18:34:59 +01:00
Sandwich
09b3ed44ba fix(bootstrap): RHEL 9 bootstrap from Arch ISO compatibility 
- Generate resolv.conf from inventory DNS settings instead of copying
  host file (Arch ISO has systemd-resolved stub 127.0.0.53)
- Add XFS compat options for GRUB 2.06 and kernel 5.14 across LVM
  volumes, /boot partition, and data disks
- Mount API filesystems (proc, sys, dev) into chroot for RPM scriptlets
- Bypass GPG Sequoia validation with _pkgverify_level none
- Tolerate grub2-common scriptlet warnings
- Handle libvirt VM destroy gracefully during cleanup
 2026-02-20 16:58:59 +01:00
Sandwich
1c0e6533ae fix(ubuntu): add initramfs-tools to debootstrap base packages 2026-02-20 16:58:59 +01:00
Sandwich
00aa614cfd fix(bootstrap): use explicit keyring for debootstrap and copy resolv.conf 2026-02-20 16:58:59 +01:00
Sandwich
4905d10bc0 fix(cloud-init): handle boolean sudo values in user-data template 2026-02-20 16:58:59 +01:00
Sandwich
2a82ee4d5c fix: resolve Jinja2 .keys ambiguity, fastfetch availability, and python interpreter 
- Use bracket notation item['keys'] instead of item.keys to avoid
  conflict with Python dict .keys() method
- Remove fastfetch from Debian 12 package list (only available in 13+)
- Set explicit python interpreter path for post-reboot tasks
 2026-02-20 16:58:58 +01:00
Sandwich
7b213e7456 fix(partitioning): create separate /boot for LVM-based filesystems 
VMware EFI firmware may not initialize all SCSI devices before GRUB
runs, preventing LVM assembly when the root LV spans multiple disks.
A separate /boot partition (the standard RHEL Anaconda layout) lets
GRUB load kernels without LVM; the kernel initramfs handles LVM
activation with proper device waiting.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 04:50:32 +01:00
Sandwich
cfc261878a fix(bootloader): run efibootmgr on host for universal chroot compatibility 
The previous approach ran efibootmgr inside the chroot, which only works
with arch-chroot (auto-mounts efivars) but fails silently with
systemd-nspawn or plain chroot. Move EFI boot entry creation to the host
where efivars is always available.

Also fixes wrong EFI loader path (\efi\EFI\... -> \EFI\...) and uses
the correct vendor label (e.g. "redhat" instead of raw os variable).

For non-RHEL distros, grub-install now uses --no-nvram to avoid
redundant NVRAM writes; the host efibootmgr handles entry creation
for all distros uniformly with idempotent pre-check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 03:36:20 +01:00
Sandwich
eeb580f180 refactor(standardize): fix sudoers lecture syntax, extract ssh config, remove redundant os filters 2026-02-13 00:22:59 +01:00
Sandwich
af5eecfc01 fix(configuration): correct fstab regexp escaping, sudoers newline, locales block scope 2026-02-13 00:02:54 +01:00
Sandwich
bc43b3b994 refactor(standardize): remove redundant variables, deduplicate conditionals 2026-02-12 23:47:41 +01:00
Sandwich
29d365293c fix(banner): correct visudo validate, clean trailing whitespace 2026-02-12 23:33:55 +01:00
Sandwich
c8806c9577 refactor(standardize): remove dead code, fix inconsistencies, update docs 2026-02-12 23:21:51 +01:00
Sandwich
debd1e176f refactor(bootstrap): standardize patterns, extract common logic, remove dead code 2026-02-12 23:14:17 +01:00
Sandwich
8f8ce341ae refactor(users): migrate system.user to system.users[] for multi-user support 2026-02-12 22:52:15 +01:00
Sandwich
66057bc9b2 feat(network): make interfaces[] canonical, normalize flat fields as AWX compat 2026-02-12 22:17:02 +01:00
Sandwich
5108e46a4c fix(lint): wrap long lines to satisfy yaml[line-length] rule 2026-02-12 21:54:09 +01:00
Sandwich
67c320fcc2 fix(vars): enforce strict list-only DNS and user.key format for IaC compatibility 2026-02-12 21:50:55 +01:00
Sandwich
f8eaa41fc2 fix(partitioning): register swapoff result for changed_when handling 2026-02-11 23:47:36 +01:00
Sandwich
ed8da6e4e2 fix(luks): complete migration of partitioning_luks_tpm2_device reference 2026-02-11 23:28:05 +01:00
Sandwich
a60e6fd0d3 refactor(bootstrap): nest network fields under system.network to match main project schema 2026-02-11 23:03:37 +01:00
Sandwich
45c002c2dd fix(bootstrap): correct changed_when on state-changing commands 2026-02-11 21:06:10 +01:00
Sandwich
7a76f58384 refactor(luks): use system_cfg.luks directly across roles 2026-02-11 19:26:51 +01:00
Sandwich
8c0716508e fix: honor libvirt network config, preserve DHCP DNS with search-only NM config, and exact-match Xen VM names 2026-02-11 14:00:20 +01:00
Sandwich
cd34b41862 fix(banner): align MOTD star border and default motd to disabled 2026-02-11 08:02:27 +01:00
Sandwich
37130da17b fix(libvirt): restore missing virtualization_mac_address default 2026-02-11 08:02:27 +01:00
Sandwich
4be9e2bfe1 refactor(safety): remove redundant live environment detection from system_check 2026-02-11 08:02:27 +01:00
Sandwich
fc8f43a25a refactor(validation): deduplicate hypervisor combine and collapse schema checks 2026-02-11 08:02:27 +01:00
Sandwich
70475f4082 refactor(system): simplify normalization by removing redundant intermediate merges 2026-02-11 08:02:27 +01:00
Sandwich
865d96c18e fix(bootstrap): repair version-specific package availability across distributions 2026-02-11 08:02:27 +01:00
Sandwich
e7323258fd refactor(schema): move filesystem into system dictionary 2026-02-11 05:37:18 +01:00
Sandwich
3d026407e5 refactor(configuration): simplify grub commandline variable assembly 2026-02-11 05:37:18 +01:00
Sandwich
469d89641e refactor(configuration): reduce LUKS runtime temporary facts 2026-02-11 05:37:18 +01:00
Sandwich
5326907ae9 refactor(schema): simplify dict normalization and schema checks 2026-02-11 05:37:18 +01:00
Sandwich
636656214b refactor(schema): rename nested dict keys and simplify validation 2026-02-11 05:37:18 +01:00
Sandwich
e2a42771ab docu(schema): align docs and baremetal example with dict model 2026-02-11 05:37:18 +01:00