Compare commits

...

2 Commits

Author SHA1 Message Date
e37b5a535b Specify changed_when for shell commands 2024-10-28 19:20:05 +01:00
5312ec8cc6 Replace ignore_errors with failed_when 2024-10-28 18:56:00 +01:00
9 changed files with 75 additions and 5 deletions

View File

@ -87,4 +87,6 @@
- name: Reboot system - name: Reboot system
when: hypervisor != "libvirt" when: hypervisor != "libvirt"
ansible.builtin.command: reboot ansible.builtin.command: reboot
ignore_errors: true failed_when: false
changed_when: result.rc == 0
register: result

View File

@ -9,9 +9,14 @@
- name: Bootstrap ArchLinux - name: Bootstrap ArchLinux
when: os | lower == 'archlinux' when: os | lower == 'archlinux'
ansible.builtin.command: pacstrap /mnt {{ role_packages.archlinux | join(' ') }} --asexplicit ansible.builtin.command: pacstrap /mnt {{ role_packages.archlinux | join(' ') }} --asexplicit
changed_when: result.rc == 0
register: result
- name: Bootstrap Debian System - name: Bootstrap Debian System
when: os | lower in ['debian11', 'debian12'] when: os | lower in ['debian11', 'debian12']
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- | - |
debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'bullseye' if os == 'debian11' else 'bookworm' }} \ debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'bullseye' if os == 'debian11' else 'bookworm' }} \
@ -22,6 +27,8 @@
- name: Bootstrap Ubuntu System - name: Bootstrap Ubuntu System
when: os | lower in ['ubuntu', 'ubuntu-lts'] when: os | lower in ['ubuntu', 'ubuntu-lts']
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- | - |
debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'mantic' if os == 'ubuntu' else 'jammy' }} \ debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'mantic' if os == 'ubuntu' else 'jammy' }} \
@ -33,6 +40,8 @@
- name: Bootstrap AlmaLinux 9 - name: Bootstrap AlmaLinux 9
when: os | lower == 'almalinux' when: os | lower == 'almalinux'
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf - echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
@ -41,6 +50,8 @@
- name: Bootstrap Fedora 40 - name: Bootstrap Fedora 40
when: os | lower == 'fedora' when: os | lower == 'fedora'
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- | - |
dnf --releasever=40 --best --repo=fedora --repo=fedora-updates \ dnf --releasever=40 --best --repo=fedora --repo=fedora-updates \
@ -51,6 +62,8 @@
- name: Bootstrap RockyLinux 9 - name: Bootstrap RockyLinux 9
when: os | lower == 'rocky' when: os | lower == 'rocky'
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf - echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
@ -59,6 +72,8 @@
- name: Bootstrap RHEL System - name: Bootstrap RHEL System
when: os | lower in ['rhel8', 'rhel9'] when: os | lower in ['rhel8', 'rhel9']
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- dnf --releasever={{ '8' if os == 'rhel8' else '9' }} --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core - dnf --releasever={{ '8' if os == 'rhel8' else '9' }} --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo 'nameserver 1.0.0.1' > /mnt/etc/resolv.conf - echo 'nameserver 1.0.0.1' > /mnt/etc/resolv.conf

View File

@ -20,7 +20,7 @@
- name: Remove CD-ROM from VM in vCenter - name: Remove CD-ROM from VM in vCenter
when: hypervisor == "vmware" when: hypervisor == "vmware"
delegate_to: localhost delegate_to: localhost
ignore_errors: true failed_when: false
community.vmware.vmware_guest: community.vmware.vmware_guest:
hostname: "{{ hypervisor_url }}" hostname: "{{ hypervisor_url }}"
username: "{{ hypervisor_username }}" username: "{{ hypervisor_username }}"
@ -64,6 +64,8 @@
when: cdrom_devices.stdout_lines | length > 0 when: cdrom_devices.stdout_lines | length > 0
ansible.builtin.command: virsh --connect qemu:///system detach-disk {{ hostname }} {{ item }} --persistent ansible.builtin.command: virsh --connect qemu:///system detach-disk {{ hostname }} {{ item }} --persistent
with_items: "{{ cdrom_devices.stdout_lines }}" with_items: "{{ cdrom_devices.stdout_lines }}"
changed_when: result.rc == 0
register: result
- name: Start the VM - name: Start the VM
community.libvirt.virt: community.libvirt.virt:

View File

@ -3,6 +3,9 @@
block: block:
- name: Generate fstab - name: Generate fstab
ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab ansible.builtin.shell: genfstab -LU /mnt > /mnt/etc/fstab
changed_when: result.rc == 0
register: result
- name: Append TempFS to fstab - name: Append TempFS to fstab
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /mnt/etc/fstab path: /mnt/etc/fstab
@ -17,6 +20,8 @@
- name: Set local timezone - name: Set local timezone
ansible.builtin.command: "{{ item }}" ansible.builtin.command: "{{ item }}"
changed_when: result.rc == 0
register: result
with_items: with_items:
- systemctl daemon-reload - systemctl daemon-reload
- arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime - arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
@ -32,9 +37,12 @@
loop: loop:
- { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 } - { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 }
- name: Generate locales\ - name: Generate locales
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky'] when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen
changed_when: result.rc == 0
register: result
- name: Set hostname - name: Set hostname
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ hostname }}" content: "{{ hostname }}"
@ -70,6 +78,9 @@
- name: Enable sshd - name: Enable sshd
when: os | lower == "archlinux" when: os | lower == "archlinux"
ansible.builtin.command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager ansible.builtin.command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager
changed_when: result.rc == 0
register: result
- name: Configure grub - name: Configure grub
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky'] when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
block: block:
@ -94,6 +105,9 @@
{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }} {% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }}
--bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }} --bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}
{% endif %} {% endif %}
changed_when: result.rc == 0
register: result
- name: Generate grub config - name: Generate grub config
ansible.builtin.command: arch-chroot /mnt ansible.builtin.command: arch-chroot /mnt
{% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/grub2-mkconfig {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/grub2-mkconfig
@ -101,6 +115,9 @@
{% else %}/usr/sbin/grub-mkconfig -o {% else %}/usr/sbin/grub-mkconfig -o
{{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }} {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}
{% endif %} {% endif %}
changed_when: result.rc == 0
register: result
- name: Regenerate initramfs - name: Regenerate initramfs
when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
ansible.builtin.command: arch-chroot /mnt ansible.builtin.command: arch-chroot /mnt
@ -108,10 +125,13 @@
{% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force {% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force
{% else %} echo "Skipping initramfs regeneration" {% else %} echo "Skipping initramfs regeneration"
{% endif %} {% endif %}
changed_when: result.rc == 0
register: result
- name: Extra Configuration - name: Extra Configuration
block: block:
- name: Append lines to vimrc - name: Append lines to vimrc
ignore_errors: true failed_when: false
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}" path: "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '/mnt/etc/vimrc' }}"
line: "{{ item }}" line: "{{ item }}"
@ -140,10 +160,12 @@
block: block:
- name: Generate UUID for Network Profile - name: Generate UUID for Network Profile
ansible.builtin.command: uuidgen ansible.builtin.command: uuidgen
changed_when: net_uuid.rc == 0
register: net_uuid register: net_uuid
- name: Retrieve Network Interface Name - name: Retrieve Network Interface Name
ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}' ansible.builtin.shell: set -o pipefail && ip r | awk 'NR==1 {print $5}'
changed_when: net_inf.rc == 0
register: net_inf register: net_inf
- name: Copy NetworkManager keyfile - name: Copy NetworkManager keyfile
@ -161,6 +183,8 @@
{{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }} {{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }}
{{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
changed_when: result.rc == 0
register: result
- name: Add SSH public key to authorized_keys - name: Add SSH public key to authorized_keys
when: user_public_key is defined when: user_public_key is defined
@ -184,6 +208,9 @@
- name: Relabel the filesystem - name: Relabel the filesystem
when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky'] when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
ansible.builtin.command: touch /mnt/.autorelabel ansible.builtin.command: touch /mnt/.autorelabel
changed_when: result.rc == 0
register: result
- name: Disable SELinux - name: Disable SELinux
when: os | lower == "fedora" when: os | lower == "fedora"
ansible.builtin.lineinfile: ansible.builtin.lineinfile:

View File

@ -23,16 +23,26 @@
- name: Setect Interface - name: Setect Interface
when: hypervisor == "vmware" when: hypervisor == "vmware"
ansible.builtin.shell: "set -o pipefail && ip l | awk -F': ' '!/lo/{print $2; exit}'" ansible.builtin.shell: "set -o pipefail && ip l | awk -F': ' '!/lo/{print $2; exit}'"
changed_when: interface_name.rc == 0
register: interface_name register: interface_name
- name: Set IP-Address - name: Set IP-Address
when: hypervisor == "vmware" when: hypervisor == "vmware"
ansible.builtin.command: ip addr replace {{ ansible_host }}/24 dev {{ interface_name.stdout }} ansible.builtin.command: ip addr replace {{ ansible_host }}/24 dev {{ interface_name.stdout }}
changed_when: result.rc == 0
register: result
- name: Set Default Gateway - name: Set Default Gateway
when: hypervisor == "vmware" when: hypervisor == "vmware"
ansible.builtin.command: ip route replace default via {{ vm_gw }} ansible.builtin.command: ip route replace default via {{ vm_gw }}
changed_when: result.rc == 0
register: result
- name: Synchronize clock via NTP - name: Synchronize clock via NTP
ansible.builtin.command: timedatectl set-ntp true ansible.builtin.command: timedatectl set-ntp true
changed_when: result.rc == 0
register: result
- name: Speed-up Bootstrap process - name: Speed-up Bootstrap process
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/pacman.conf path: /etc/pacman.conf

View File

@ -17,10 +17,14 @@
- name: Enable quotas on Btrfs filesystem - name: Enable quotas on Btrfs filesystem
ansible.builtin.command: btrfs quota enable /mnt ansible.builtin.command: btrfs quota enable /mnt
changed_when: result.rc == 0
register: result
- name: Make root subvolumes - name: Make root subvolumes
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit'] when: cis | bool or item.subvol not in ['var_log', 'var_log_audit']
ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
changed_when: result.rc == 0
register: result
loop: loop:
- { subvol: root } - { subvol: root }
- { subvol: home } - { subvol: home }
@ -31,6 +35,8 @@
- name: Set quotas for subvolumes - name: Set quotas for subvolumes
when: cis | bool or item.subvol not in ['var_log', 'var_log_audit'] when: cis | bool or item.subvol not in ['var_log', 'var_log_audit']
ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }} ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
changed_when: result.rc == 0
register: result
loop: loop:
- { subvol: home, quota: 2G } - { subvol: home, quota: 2G }

View File

@ -15,6 +15,8 @@
- name: Remove Unsupported features for older Systems - name: Remove Unsupported features for older Systems
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky', 'ubuntu-lts']) and (cis | bool or item.lv not in ['var_log', 'var_log_audit']) when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky', 'ubuntu-lts']) and (cis | bool or item.lv not in ['var_log', 'var_log_audit'])
ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}" ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
changed_when: result.rc == 0
register: result
loop: loop:
- { lv: root } - { lv: root }
- { lv: home } - { lv: home }

View File

@ -2,8 +2,10 @@
- name: Partition install drive - name: Partition install drive
block: block:
- name: Prepare partitions - name: Prepare partitions
ignore_errors: true failed_when: false
ansible.builtin.command: "{{ item.cmd }}" ansible.builtin.command: "{{ item.cmd }}"
changed_when: result.rc == 0
register: result
loop: loop:
- { cmd: umount -l /mnt } - { cmd: umount -l /mnt }
- { cmd: vgremove -f sys } - { cmd: vgremove -f sys }

View File

@ -9,6 +9,8 @@
when: not vm_disk_stat.stat.exists when: not vm_disk_stat.stat.exists
delegate_to: localhost delegate_to: localhost
ansible.builtin.command: qemu-img create -f qcow2 {{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2 {{ vm_size }}G ansible.builtin.command: qemu-img create -f qcow2 {{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2 {{ vm_size }}G
changed_when: result.rc == 0
register: result
- name: Generate Random MAC Address - name: Generate Random MAC Address
delegate_to: localhost delegate_to: localhost
@ -32,6 +34,8 @@
{{ vm_path | default('/var/lib/libvirt/images/') }} {{ vm_path | default('/var/lib/libvirt/images/') }}
{{ hostname }}-cloudinit.iso /tmp/cloud-user-data-{{ hostname }}.yml {{ hostname }}-cloudinit.iso /tmp/cloud-user-data-{{ hostname }}.yml
-N /tmp/cloud-network-config-{{ hostname }}.yml -N /tmp/cloud-network-config-{{ hostname }}.yml
changed_when: result.rc == 0
register: result
- name: Create VM using libvirt - name: Create VM using libvirt
delegate_to: localhost delegate_to: localhost