Compare commits

...

2 Commits

Author SHA1 Message Date
e37b5a535b Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00
5312ec8cc6 Replace ignore_errors with failed_when 2024-10-28 18:56:00 +01:00
9 changed files with 75 additions and 5 deletions

View File

@ -87,4 +87,6 @@
- name: Reboot system
when: hypervisor != "libvirt"
ansible.builtin.command: reboot
ignore_errors: true
failed_when: false
changed_when: result.rc == 0
register: result

View File

@ -9,9 +9,14 @@
- name: Bootstrap ArchLinux
when: os | lower == 'archlinux'
ansible.builtin.command: pacstrap /mnt {{ role_packages.archlinux | join(' ') }} --asexplicit
changed_when: result.rc == 0
register: result
- name: Bootstrap Debian System
when: os | lower in ['debian11', 'debian12']
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- |
debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'bullseye' if os == 'debian11' else 'bookworm' }} \
@ -22,6 +27,8 @@
- name: Bootstrap Ubuntu System
when: os | lower in ['ubuntu', 'ubuntu-lts']
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- |
debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'mantic' if os == 'ubuntu' else 'jammy' }} \
@ -33,6 +40,8 @@
- name: Bootstrap AlmaLinux 9
when: os | lower == 'almalinux'
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
@ -41,6 +50,8 @@
- name: Bootstrap Fedora 40
when: os | lower == 'fedora'
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- |
dnf --releasever=40 --best --repo=fedora --repo=fedora-updates \
@ -51,6 +62,8 @@
- name: Bootstrap RockyLinux 9
when: os | lower == 'rocky'
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
@ -59,6 +72,8 @@
- name: Bootstrap RHEL System
when: os | lower in ['rhel8', 'rhel9']
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- dnf --releasever={{ '8' if os == 'rhel8' else '9' }} --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo 'nameserver 1.0.0.1' > /mnt/etc/resolv.conf

View File

@ -20,7 +20,7 @@
- name: Remove CD-ROM from VM in vCenter
when: hypervisor == "vmware"
delegate_to: localhost
ignore_errors: true
failed_when: false
community.vmware.vmware_guest:
hostname: "{{ hypervisor_url }}"
username: "{{ hypervisor_username }}"
@ -64,6 +64,8 @@
when: cdrom_devices.stdout_lines | length > 0
ansible.builtin.command: virsh --connect qemu:///system detach-disk {{ hostname }} {{ item }} --persistent
with_items: "{{ cdrom_devices.stdout_lines }}"
changed_when: result.rc == 0
register: result
- name: Start the VM
community.libvirt.virt:

View File

@ -3,6 +3,9 @@
block:
- name: Generate fstab
ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab
changed_when: result.rc == 0
register: result
- name: Append TempFS to fstab
ansible.builtin.lineinfile:
path: /mnt/etc/fstab
@ -17,6 +20,8 @@
- name: Set local timezone
ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items:
- systemctl daemon-reload
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
@ -32,9 +37,12 @@
loop:
- { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 }
- name: Generate locales\
- name: Generate locales
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen
changed_when: result.rc == 0
register: result
- name: Set hostname
ansible.builtin.copy:
content: "{{ hostname }}"
@ -70,6 +78,9 @@
- name: Enable sshd
when: os | lower == "archlinux"
ansible.builtin.command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager
changed_when: result.rc == 0
register: result
- name: Configure grub
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
block:
@ -94,6 +105,9 @@
{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }}
--bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}
{% endif %}
changed_when: result.rc == 0
register: result
- name: Generate grub config
ansible.builtin.command: arch-chroot /mnt
{% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/grub2-mkconfig
@ -101,6 +115,9 @@
{% else %}/usr/sbin/grub-mkconfig -o
{{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}
{% endif %}
changed_when: result.rc == 0
register: result
- name: Regenerate initramfs
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
ansible.builtin.command: arch-chroot /mnt
@ -108,10 +125,13 @@
{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force
{% else %} echo "Skipping initramfs regeneration"
{% endif %}
changed_when: result.rc == 0
register: result
- name: Extra Configuration
block:
- name: Append lines to vimrc
ignore_errors: true
failed_when: false
ansible.builtin.lineinfile:
path: "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}"
line: "{{ item }}"
@ -140,10 +160,12 @@
block:
- name: Generate UUID for Network Profile
ansible.builtin.command: uuidgen
changed_when: net_uuid.rc == 0
register: net_uuid
- name: Retrieve Network Interface Name
ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}'
changed_when: net_inf.rc == 0
register: net_inf
- name: Copy NetworkManager keyfile
@ -161,6 +183,8 @@
{{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }}
{{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
changed_when: result.rc == 0
register: result
- name: Add SSH public key to authorized_keys
when: user_public_key is defined
@ -184,6 +208,9 @@
- name: Relabel the filesystem
when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
ansible.builtin.command: touch /mnt/.autorelabel
changed_when: result.rc == 0
register: result
- name: Disable SELinux
when: os | lower == "fedora"
ansible.builtin.lineinfile:

View File

@ -23,16 +23,26 @@
- name: Setect Interface
when: hypervisor == "vmware"
ansible.builtin.shell: "set -o pipefail && ip l | awk -F': ' '!/lo/{print $2; exit}'"
changed_when: interface_name.rc == 0
register: interface_name
- name: Set IP-Address
when: hypervisor == "vmware"
ansible.builtin.command: ip addr replace {{ ansible_host }}/24 dev {{ interface_name.stdout }}
changed_when: result.rc == 0
register: result
- name: Set Default Gateway
when: hypervisor == "vmware"
ansible.builtin.command: ip route replace default via {{ vm_gw }}
changed_when: result.rc == 0
register: result
- name: Synchronize clock via NTP
ansible.builtin.command: timedatectl set-ntp true
changed_when: result.rc == 0
register: result
- name: Speed-up Bootstrap process
ansible.builtin.lineinfile:
path: /etc/pacman.conf

View File

@ -17,10 +17,14 @@
- name: Enable quotas on Btrfs filesystem
ansible.builtin.command: btrfs quota enable /mnt
changed_when: result.rc == 0
register: result
- name: Make root subvolumes
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit']
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
changed_when: result.rc == 0
register: result
loop:
- { subvol: root }
- { subvol: home }
@ -31,6 +35,8 @@
- name: Set quotas for subvolumes
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit']
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
changed_when: result.rc == 0
register: result
loop:
- { subvol: home, quota: 2G }

View File

@ -15,6 +15,8 @@
- name: Remove Unsupported features for older Systems
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky', 'ubuntu-lts']) and (cis | bool or item.lv not in ['var_log', 'var_log_audit'])
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
changed_when: result.rc == 0
register: result
loop:
- { lv: root }
- { lv: home }

View File

@ -2,8 +2,10 @@
- name: Partition install drive
block:
- name: Prepare partitions
ignore_errors: true
failed_when: false
ansible.builtin.command: "{{ item.cmd }}"
changed_when: result.rc == 0
register: result
loop:
- { cmd: umount -l /mnt }
- { cmd: vgremove -f sys }

View File

@ -9,6 +9,8 @@
when: not vm_disk_stat.stat.exists
delegate_to: localhost
ansible.builtin.command: qemu-img create -f qcow2 {{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2 {{ vm_size }}G
changed_when: result.rc == 0
register: result
- name: Generate Random MAC Address
delegate_to: localhost
@ -32,6 +34,8 @@
{{ vm_path | default('/var/lib/libvirt/images/') }}
{{ hostname }}-cloudinit.iso /tmp/cloud-user-data-{{ hostname }}.yml
-N /tmp/cloud-network-config-{{ hostname }}.yml
changed_when: result.rc == 0
register: result
- name: Create VM using libvirt
delegate_to: localhost