sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sandwich:master
Branches Tags
sandwich:master
...
compare: sandwich:fe43bf6733b6779a75c781c6bae0c66bca87f29d
Branches Tags
sandwich:master

15 Commits
master ... fe43bf6733

Author SHA1 Message Date
Sandwich
fe43bf6733 add essential almalinux packages 2024-04-17 05:06:45 +02:00
Sandwich
31c155ce92 install dnf if {{ os }} is fedora 2024-04-17 04:47:33 +02:00
Sandwich
0c75114b94 add rocky to README example 2024-04-17 04:39:29 +02:00
Sandwich
cd9ed65c91 Add essential rockylinux packages 2024-04-17 04:32:11 +02:00
Sandwich
9986d19ed6 Add en and de langauge support for rockylinux 2024-04-17 04:19:32 +02:00
Sandwich
d73e78c5f2 Add cloud-init support 2024-04-16 01:17:48 +02:00
Sandwich
b6f620fb70 Add RockyLinux support 2024-04-16 01:14:12 +02:00
Sandwich
cc40bae858 Add RockyLinux support 2024-04-16 01:14:05 +02:00
Sandwich
344753fa5b Add RockyLinux Repo file 2024-04-15 21:30:04 +02:00
Sandwich
6be464a0e2 move assertion list to main playbook 2024-04-15 21:23:32 +02:00
Sandwich
48b5f602fa Enable systemd-resolved and systemd-timesyncd services for ArchLinux 2024-03-28 03:50:04 +01:00
Sandwich
cc118274a3 Update gitignore 2024-03-22 12:48:49 +01:00
sandwich
d733513e29 Delete vars_libvirt.yml 2024-03-22 12:46:31 +01:00
sandwich
402f2b9bc0 Delete inventory_libvirt.yml 2024-03-22 12:46:22 +01:00
Sandwich
4ec5432989 Add inventory example in yaml 2024-03-22 12:43:13 +01:00
12 changed files with 123 additions and 37 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -1,5 +1,8 @@
inventory.yml
inventory.yaml
inventory_libvirt.yml
vars.yml
vars.yaml
vars_kvm.yml
vars_libvirt.yml

2
README.md
View File

@@ -52,7 +52,7 @@ Inventory variables are defined for individual hosts or VMs in the inventory fil
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false` |
| `filesystem` | Filesystem type for the VM's primary storage. | `btrfs`, `ext4`, `xfs` |
| `hostname` | The hostname assigned to the virtual machine or system. | `vm01` |
| `os` | Operating system to be installed on the VM. | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora` |
| `os` | Operating system to be installed on the VM. | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora`, `rocky` |
| `root_password` | Root password for the VM or system, used for initial setup or secure access. | `SecurePass123` |
| `user_name` | Username for a user account within the VM, often used with cloud-init. | `adminuser` |
| `user_password` | Password for the user account within the VM. | `UserPass123` |

0
inventory_sample.ini → inventory_example.ini
View File

28
inventory_example.yml Normal file
View File

@@ -0,0 +1,28 @@
all:
children:
promox-kvm:
hosts:
192.168.122.10:
hostname: proxy
vm_id: 100
os: archlinux
filesystem: btrfs
vm_memory: "2048"
vm_ballo: "1024"
vm_cpus: "2"
vm_size: "5"
vm_nif: vmbr1
vm_gw: 192.168.122.1
vm_dns: 1.1.1.1
192.168.122.11:
hostname: database
vm_id: 101
os: archlinux
filesystem: btrfs
vm_memory: "6144"
vm_ballo: "3072"
vm_cpus: "4"
vm_size: "40"
vm_nif: vmbr1
vm_gw: 192.168.122.1
vm_dns: 1.1.1.1

8
main.yml
View File

@@ -38,16 +38,16 @@
vars_files: vars.yml
pre_tasks:
- name: Set ansible_python_interpreter
when: os | lower in ["almalinux", "rhel9", "rhel8"]
when: os | lower in ["almalinux", "rhel9", "rhel8", "rocky"]
set_fact:
ansible_python_interpreter: /usr/bin/python3
- name: Validate variables
assert:
that:
- hypervisor in hypervisor_list
- filesystem in filesystem_list
- os in os_list
- hypervisor in ["libvirt", "proxmox", "vmware", "none"]
- filesystem in ["btrfs", "ext4", "xfs"]
- os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rocky"]
fail_msg: "Invalid input specified, please try again"
- name: Set connection

14
roles/bootstrap/tasks/main.yml
View File

@@ -26,14 +26,22 @@
- echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
- arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ role_packages.almalinux | join(' ') }}
- name: Bootstrap Fedora 39
- name: Bootstrap Fedora 40
when: os | lower == 'fedora'
shell: "{{ item }}"
with_items:
- dnf --releasever=39 --best --repo=fedora --repo=fedora-updates --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y critical-path-base core
- arch-chroot /mnt dnf --releasever=39 --setopt=install_weak_deps=False install -y {{ role_packages.fedora | join(' ') }}
- dnf --releasever=40 --best --repo=fedora --repo=fedora-updates --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y critical-path-base core
- arch-chroot /mnt dnf --releasever=40 --setopt=install_weak_deps=False install -y {{ role_packages.fedora | join(' ') }}
- arch-chroot /mnt dnf reinstall -y grub2-efi-x64 kernel
- name: Bootstrap RockyLinux 9
when: os | lower == 'rocky'
shell: "{{ item }}"
with_items:
- dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
- echo "nameserver 1.0.0.1" > /mnt/etc/resolv.conf
- arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ role_packages.rocky | join(' ') }}
- name: Bootstrap RHEL System
when: os | lower in ['rhel8', 'rhel9']
shell: "{{ item }}"

60
roles/bootstrap/vars/packages.yml
View File

@@ -1,7 +1,28 @@
---
almalinux:
- bind-utils
- cloud-init
- dhcp-client
- efibootmgr
- glibc-langpack-en
- glibc-langpack-de
- grub2
- grub2-efi
- lrzsz
- nc
- nfs-utils
- nfsv4-client-utils
- open-vm-tools
- shim
- telnet
- vim
- wget
- zstd
archlinux:
- base
- btrfs-progs
- cloud-init
- cronie
- dhcpcd
- efibootmgr
@@ -50,6 +71,7 @@ debian11:
- python3
- sudo
extra:
- cloud-init
- curl
- firewalld
- htop
@@ -83,6 +105,7 @@ debian12:
- lvm2
extra:
- cloud-init
- apparmor-utils
- chrony
- curl
@@ -110,6 +133,7 @@ debian12:
- wget
fedora:
- cloud-init
- dhcp-client
- efibootmgr
- grub2
@@ -122,20 +146,8 @@ fedora:
- vim-default-editor
- zstd
almalinux:
- dhcp-client
- efibootmgr
- grub2
- grub2-efi-x64-modules
- lrzsz
- nfs-utils
- open-vm-tools
- shims
- telnet
- vim
- zstd
rhel8:
- cloud-init
- dhcp-client
- efibootmgr
- grub2
@@ -148,6 +160,7 @@ rhel8:
- zstd
rhel9:
- cloud-init
- dhcp-client
- efibootmgr
- grub2
@@ -157,4 +170,25 @@ rhel9:
- open-vm-tools
- shim
- telnet
- zstd
rocky:
- bind-utils
- cloud-init
- dhcp-client
- efibootmgr
- glibc-langpack-en
- glibc-langpack-de
- grub2
- grub2-efi
- lrzsz
- nc
- nfs-utils
- nfsv4-client-utils
- open-vm-tools
- shim
- telnet
- util-linux-core
- vim
- wget
- zstd

26
roles/configuration/tasks/main.yml
View File

@@ -27,6 +27,7 @@
- name: Setup locales
block:
- name: Configure locale.gen
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
lineinfile:
dest: /mnt/etc/locale.gen
regexp: '{{ item.regex }}'
@@ -34,7 +35,8 @@
loop:
- {regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8}
- name: Generate locales
- name: Generate locales\
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
command: arch-chroot /mnt /usr/sbin/locale-gen
- name: Set hostname
@@ -50,7 +52,7 @@
- name: Create vconsole.conf
copy:
content: "KEYMAP=de-latin1-nodeadkeys"
content: "KEYMAP=us-intl"
dest: /mnt/etc/vconsole.conf
- name: Create locale.conf
@@ -68,10 +70,10 @@
block:
- name: Enable sshd
when: os | lower == "archlinux"
command: arch-chroot /mnt systemctl enable sshd NetworkManager logrotate
command: arch-chroot /mnt systemctl enable sshd logrotate systemd-resolved systemd-timesyncd NetworkManager
- name: Configure grub
when: os | lower != "fedora" and os | lower != "almalinux" and os | lower != "rhel8" and os | lower != "rhel9"
when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
block:
- name: Add commandline information to grub config
lineinfile:
@@ -88,17 +90,21 @@
- name: Configure Bootloader
block:
- name: Install Bootloader
command: arch-chroot /mnt {% if os | lower != "archlinux" and os | lower != "debian11" and os | lower != "debian12" %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -wwp 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id={{ os }}{% endif %}
command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12"] %}/usr/sbin/efibootmgr -c -L '{{ os }}' -d "{{ install_drive }}" -wwp 1 -l '\efi\EFI\{{ os }}\shimx64.efi'{% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id={{ os }}{% endif %}
- name: Generate grub config
command: arch-chroot /mnt {% if os | lower != "archlinux" and os | lower != "debian11" and os | lower != "debian12" %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg{% endif %}
command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12"] %}/usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{{ os }}/grub.cfg{% else %}/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg{% endif %}
- name: Regenerate initramfs
command: arch-chroot /mnt {% if os | lower not in ["archlinux", "debian11", "debian12"] %}/usr/bin/dracut --regenerate-all --force{% else %}/usr/sbin/mkinitcpio -P{% endif %}
- name: Extra Configuration
when: os | lower != "archlinux"
block:
- name: Append lines to vimrc
ignore_errors: true
lineinfile:
path: "{{ '/mnt/etc/vim/vimrc' if os|lower == 'debian11' or os|lower == 'debian12' else '/mnt/etc/vimrc' }}"
path: "{{ '/mnt/etc/vim/vimrc' if os|lower in ['debian11' ,'debian12'] else '/mnt/etc/vimrc' }}"
line: "{{ item }}"
insertafter: EOF
with_items:
@@ -140,7 +146,7 @@
- name: Create user account
command: '{{ item }}'
with_items:
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower == "debian11" or os|lower == "debian12" else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
- arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups {{ "sudo" if os|lower in ["debian11", "debian12"] else "wheel" }} {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
- arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
- name: Add SSH public key to authorized_keys
@@ -155,11 +161,11 @@
- name: Give sudo access to wheel group
copy:
content: "{{ '%sudo ALL=(ALL) ALL' if os|lower == 'debian11' or os|lower == 'debian12' else '%wheel ALL=(ALL) ALL' }}"
content: "{{ '%sudo ALL=(ALL) ALL' if os|lower in ['debian11', 'debian12'] else '%wheel ALL=(ALL) ALL' }}"
dest: /mnt/etc/sudoers.d/01-wheel
mode: 0440
validate: /usr/sbin/visudo --check --file=%s
- name: Fix SELinux
when: (os | lower == "almalinux" or os | lower == "fedora" or os | lower == "rhel8" or os | lower == "rhel9")
when: os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
command: touch /mnt/.autorelabel

4
roles/environment/tasks/main.yml
View File

@@ -53,7 +53,7 @@
state: latest
loop:
- { name: 'glibc' }
- { name: 'dnf', os: ['almalinux', 'rhel9', 'rhel8'] }
- { name: 'dnf', os: ['almalinux', 'fedora', 'rhel9', 'rhel8', 'rocky'] }
- { name: 'debootstrap', os: ['debian11', 'debian12'] }
- { name: 'debian-archive-keyring', os: ['debian11', 'debian12'] }
when: "'os' not in item or os in item.os"
@@ -61,7 +61,7 @@
delay: 15
- name: Configure RHEL Repos for installation
when: os | lower == "almalinux" or os | lower == "fedora"
when: os | lower in ["almalinux", "fedora", "rocky"]
block:
- name: Create directories for repository files and RPM GPG keys
file:

2
roles/partitioning/tasks/ext4.yml
View File

@@ -13,7 +13,7 @@
- { lv: var_log_audit }
- name: Remove Unsupported features for older Systems
when: (os | lower == 'debian11') and (cis == true or item.lv not in ['var_log', 'var_log_audit'])
when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis == true or item.lv not in ['var_log', 'var_log_audit'])
command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
loop:
- { lv: root }

10
templates/rocky.repo.j2 Normal file
View File

@@ -0,0 +1,10 @@
[rocky-baseos]
name=Rocky Linux $releasever - BaseOS
mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever
#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
countme=1
gpgkey=https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-$releasever
metadata_expire=86400
enabled_metadata=1

3
vars_example.yml
View File

@@ -4,9 +4,6 @@ ansible_become_password: "{{ user_password }}"
ansible_ssh_extra_args: '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
vm_ip: "{{ inventory_hostname }}/24"
hypervisor_list: ["libvirt", "proxmox", "vmware", "none"]
filesystem_list: ["btrfs", "ext4", "xfs"]
os_list: ["archlinux", "almalinux", "debian11", "debian12", "fedora"]
install_type: "virtual"
cis: false