Adjust examples

Remove non RHEL configuration
Remove RHEL ISO variable
2024-11-07 15:02:49 +01:00 · 2024-11-07 14:57:39 +01:00 · 2024-11-07 14:26:02 +01:00 · 2024-11-07 14:19:52 +01:00
23 changed files with 86 additions and 1002 deletions
--- a/README.md
+++ b/README.md
@ -1,31 +1,18 @@
 # Ansible-Bootstrap
-An Ansible playbook for automating system bootstrap processes in an Infrastructure-as-Code manner, utilizing ArchISO as the foundational tool.
+An Ansible playbook for automating system bootstrap processes in an Infrastructure-as-Code manner.
 # Info
 Most of the roles are adaptable for use with systems beyond ArchLinux, requiring only that the target system can install a necessary package manager, such as `dnf` for RHEL-based systems. Additionally, a replacement for the `arch-chroot` command may be required for these systems.
 **NOTE**:
 - For RHEL 8 and RHEL 9, repository access requires the `rhel_iso` variable. This variable specifies a local ISO or proxy repository.
 - RHEL systems do not support `btrfs`. Use `ext4` or `xfs` as alternatives.
 - For RHEL 8, `xfs` may cause installation issues; `ext4` is recommended.
 # Supported Distributions
 This playbook supports multiple Linux distributions with specific versions tailored to each. Below is a list of supported distributions:
 | `os`       | Distribution                       |
 |------------|------------------------------------|
 | archlinux  | ArchLinux (Latest rolling release) |
 | almalinux  | AlmaLinux 9.x                      |
 | debian11   | Debian 11 (Bullseye)               |
 | debian12   | Debian 12 (Bookworm)               |
 | fedora     | Fedora 41                          |
 | rhel8      | Red Hat Enterprise Linux 8         |
 | rhel9      | Red Hat Enterprise Linux 9         |
 | rocky      | Rocky Linux 9.x                    |
 | ubuntu     | Ubuntu 24.10 (Oracular Oriole)     |
 | ubuntu-lts | Ubuntu 24.04 LTS (Noble Numbat)    |
 # Documentation
@ -41,7 +28,7 @@ This playbook supports multiple Linux distributions with specific versions tailo
 ## 1. Overview
-The playbook uses the ArchLinux ISO as a foundational tool to provides an efficient and systematic method for the automatic deployment of a variety of Linux distributions on designated target systems. It ensures a standardized setup across different platforms, equipping each system with the essential configurations and software necessary for its designated role.
+The playbook uses the RHEL ISO to configure and bootstrap an RHEL system from the ground up.
 ## 2. Global Variables
@ -51,7 +38,7 @@ Global variables apply across your Ansible project and are loaded from `vars.yml
 |-----------------------|--------------------------------------------------------------------|-----------------------------------------|
 | `boot_iso`            | Path to the boot ISO image.                                        | `local-btrfs:iso/archlinux-x86_64.iso`  |
 | `rhel_iso`            | Path to the RHEL ISO file, required for RHEL 8 and RHEL 9.         |`local-btrfs:iso/rhel-9.4-x86_64-dvd.iso`|
-| `hypervisor`          | Type of hypervisor.                                                | `libvirt`, `proxmox`, `vmware`, `none`  |
+| `hypervisor`          | Type of hypervisor.                                                | `vmware`                                |
 | `hypervisor_cluster`  | Name of the hypervisor cluster.                                    | `default-cluster`                       |
 | `hypervisor_node`     | Hypervisor node name.                                              | `node01`                                |
 | `hypervisor_password` | Password for hypervisor authentication.                            | `123456`                                |
@ -59,7 +46,7 @@ Global variables apply across your Ansible project and are loaded from `vars.yml
 | `hypervisor_url`      | URL/IP address for the hypervisor interface.                       | `192.168.0.2`                           |
 | `hypervisor_username` | Username for hypervisor authentication.                            | `root@pam`                              |
 | `install_drive`       | Drive where the system will be installed.                          | `/dev/sda`                              |
-| `install_type`        | Type of installation.                                              | `virtual`, `physical`                   |
+| `install_type`        | Type of installation.                                              | `virtual`                               |
 | `vlan_name` (optional)| VLAN for the VM's network interface.                               | `vlan100`                               |
 To protect sensitive information, such as passwords, API keys, and other confidential variables (e.g., `hypervisor_password`), **it is recommended to use Ansible Vault**.
@ -71,9 +58,9 @@ Inventory variables are defined for individual hosts or VMs in the inventory fil
 | Variable                | Description                                                                       | Example Value                                      |
 |-------------------------|-----------------------------------------------------------------------------------|----------------------------------------------------|
 | `cis` (optional)        | Adjusts the installation to be CIS level 3 conformant.                            | `true`, `false`                                    |
-| `filesystem`            | Filesystem type for the VM's primary storage.                                     | `btrfs`, `ext4`, `xfs`                             |
+| `filesystem`            | Filesystem type for the VM's primary storage.                                     | `ext4`, `xfs`                                      |
 | `hostname`              | The hostname assigned to the virtual machine or system.                           | `vm01`                                             |
-| `os`                    | Operating system to be installed on the VM.                                       | `archlinux`, `almalinux`, `debian11`, `debian12`, `fedora`, `rhel8`, `rhel9`, `rocky`, `ubuntu`, `ubuntu-lts` |
+| `os`                    | Operating system to be installed on the VM.                                       | `rhel8`, `rhel9`                                   |
 | `root_password`         | Root password for the VM or system, used for initial setup or secure access.      | `SecurePass123`                                    |
 | `user_name`             | Username for a user account within the VM, often used with cloud-init.            | `adminuser`                                        |
 | `user_password`         | Password for the user account within the VM.                                      | `UserPass123`                                      |
--- a/inventory_example.ini
+++ b/inventory_example.ini
@ -8,22 +8,18 @@ vm_dns=1.1.1.1
 [192.168.122.10]
 hostname=proxy
-vm_id=300
+os=rhel8
-os=archlinux
+filesystem=ext4
 filesystem=btrfs
 vm_memory=2048
 vm_ballo=1024
 vm_cpus=2
 vm_size=5
 vm_nif=vmbr1
 [192.168.122.11]
 hostname=database
-vm_id=101
+os=rhel9
-os=archlinux
+filesystem=xfs
 filesystem=btrfs
 vm_memory=6144
 vm_ballo=3072
 vm_cpus=4
 vm_size=40
 vm_nif=vmbr1
--- a/inventory_example.yml
+++ b/inventory_example.yml
@ -1,33 +1,56 @@
 all:
  vars:
    hypervisor: 'proxmox'
    install_drive: '/dev/sda'
    cis: true
  children:
-      promox-kvm:
+      first:
        hosts:
          192.168.122.10:
            hostname: proxy
-            vm_id: 100
+            os: rhel8
-            os: archlinux
+            filesystem: ext4
            filesystem: btrfs
            vm_memory: "2048"
            vm_ballo: "1024"
            vm_cpus: "2"
            vm_size: "5"
            vm_nif: vmbr1
            vm_gw: 192.168.122.1
            vm_dns: 1.1.1.1
          192.168.122.11:
            hostname: database
            vm_id: 101
            os: rhel9
            filesystem: xfs
            vm_memory: "6144"
            vm_ballo: "3072"
            vm_cpus: "4"
            vm_size: "40"
            vm_nif: vmbr1
            vm_gw: 192.168.122.1
            vm_dns: 1.1.1.1
-            rhel_iso: "local-btrfs:iso/rhel-9.4-x86_64-dvd.iso"
+          192.168.122.12:
            hostname: storage
            os: rhel9
            filesystem: xfs
            vm_memory: "2048"
            vm_ballo: "1024"
            vm_cpus: "2"
            vm_size: "40"
            vm_gw: 192.168.122.1
            vm_dns: 1.1.1.1
      second:
        hosts:
          192.168.122.13:
            hostname: proxy02
            os: rhel8
            filesystem: ext4
            vm_memory: "2048"
            vm_ballo: "1024"
            vm_cpus: "2"
            vm_size: "5"
            vm_gw: 192.168.122.1
            vm_dns: 1.1.1.1
          192.168.122.14:
            hostname: database02
            os: rhel9
            filesystem: xfs
            vm_memory: "6144"
            vm_ballo: "3072"
            vm_cpus: "4"
            vm_size: "40"
            vm_gw: 192.168.122.1
            vm_dns: 1.1.1.1
--- a/main.yml
+++ b/main.yml
@ -22,45 +22,33 @@
  vars_files: vars.yml
  pre_tasks:
    - name: Set ansible_python_interpreter
-      when: os | lower in ["almalinux", "rhel9", "rhel8", "rocky"]
+      when: os | lower in ["rhel9", "rhel8"]
      ansible.builtin.set_fact:
        ansible_python_interpreter: /usr/bin/python3
    - name: Set SSH Access
      when: hypervisor != "vmware"
      ansible.builtin.set_fact:
        ansible_user: "{{ user_name }}"
        ansible_password: "{{ user_password }}"
        ansible_become_password: "{{ user_password }}"
        ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
    - name: Validate variables
      ansible.builtin.assert:
        that:
-          - hypervisor in ["libvirt", "proxmox", "vmware", "none"]
+          - filesystem in ["ext4", "xfs"]
          - filesystem in ["btrfs", "ext4", "xfs"]
          - install_drive is defined
-          - os in ["archlinux", "almalinux", "debian11", "debian12", "fedora", "rhel8", "rhel9", "rocky", "ubuntu", "ubuntu-lts"]
+          - os in ["rhel8", "rhel9"]
-          - os not in ["rhel8", "rhel9"] or rhel_iso is defined
+          - (vm_size | int) >= 20)
          - (filesystem == "btrfs" and (vm_size | int) >= 10) or (filesystem != "btrfs" and (vm_size | int) >= 20)
          - (vm_size | float) >= ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory | float / 2048), [vm_memory | float / 1024, 4.0] | max) + 16)
        fail_msg: Invalid input specified, please try again.
    - name: Set connection
      when: hypervisor == "vmware"
      ansible.builtin.set_fact:
        ansible_connection: vmware_tools
  roles:
    - role: virtualization
      when: install_type == "virtual"
      become: false
      vars:
        ansible_connection: local
    - role: environment
      vars:
-        ansible_connection: "{{ 'vmware_tools' if hypervisor == 'vmware' else 'ssh' }}"
+        ansible_connection: vmware
    - role: partitioning
      vars:
@ -75,13 +63,12 @@
      when: cis | bool
    - role: cleanup
      when: install_type == "virtual"
      vars:
        ansible_connection: local
  tasks:
    - name: Set final SSH Credentials
-      when: hypervisor == 'vmware' and vmware_ssh | bool
+      when: vmware_ssh | bool
      ansible.builtin.set_fact:
        ansible_user: "{{ user_name }}"
        ansible_password: "{{ user_password }}"
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@ -6,72 +6,7 @@
 - name: Run OS-specific bootstrap process
  block:
    - name: Bootstrap ArchLinux
      when: os | lower == 'archlinux'
      ansible.builtin.command: pacstrap /mnt {{ role_packages.archlinux | join(' ') }} --asexplicit
      changed_when: result.rc == 0
      register: result
    - name: Bootstrap Debian System
      when: os | lower in ['debian11', 'debian12']
      ansible.builtin.command: "{{ item }}"
      changed_when: result.rc == 0
      register: result
      with_items:
        - debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'bullseye' if os == 'debian11' else 'bookworm' }}
          /mnt http://deb.debian.org/debian/
        - arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }}
        - arch-chroot /mnt apt remove -y libcups2 libavahi-common3 libavahi-common-data
    - name: Bootstrap Ubuntu System
      when: os | lower in ['ubuntu', 'ubuntu-lts']
      ansible.builtin.command: "{{ item }}"
      changed_when: result.rc == 0
      register: result
      with_items:
        - debootstrap --include={{ role_packages[os].base | join(',') }} {{ 'oracular' if os == 'ubuntu' else 'noble' }}
          /mnt http://archive.ubuntu.com/ubuntu/
        - ln -sf /run/systemd/resolve/resolv.conf /mnt/etc/resolv.conf
        - arch-chroot /mnt sed -i '1s|$| universe|' /etc/apt/sources.list
        - arch-chroot /mnt apt update -y
        - arch-chroot /mnt apt install -y {{ role_packages[os].extra | join(' ') }}
    - name: Bootstrap AlmaLinux 9
      when: os | lower == 'almalinux'
      ansible.builtin.command: "{{ item }}"
      changed_when: result.rc == 0
      register: result
      with_items:
        - dnf --releasever=9 --best --repo=alma-baseos --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y base core
        - ln -sf /run/systemd/resolve/resolv.conf /mnt/etc/resolv.conf
        - arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ role_packages.almalinux | join(' ') }}
    - name: Bootstrap Fedora 41
      when: os | lower == 'fedora'
      ansible.builtin.command: "{{ item }}"
      changed_when: result.rc == 0
      register: result
      with_items:
        - dnf --releasever=41 --best --repo=fedora --repo=fedora-updates
          --installroot=/mnt --setopt=install_weak_deps=False groupinstall -y critical-path-base core
        - ln -sf /run/systemd/resolve/resolv.conf /mnt/etc/resolv.conf
        - arch-chroot /mnt dnf --releasever=41 --setopt=install_weak_deps=False install -y {{ role_packages.fedora | join(' ') }}
        - arch-chroot /mnt dnf reinstall -y kernel-core
    - name: Bootstrap RockyLinux 9
      when: os | lower == 'rocky'
      ansible.builtin.command: "{{ item }}"
      changed_when: result.rc == 0
      register: result
      with_items:
        - dnf --releasever=9 --best --repo=rocky-baseos --installroot=/mnt
          --setopt=install_weak_deps=False --setopt=optional_metadata_types=filelists
          groupinstall -y base core
        - ln -sf /run/systemd/resolve/resolv.conf /mnt/etc/resolv.conf
        - arch-chroot /mnt dnf --releasever=9 --setopt=install_weak_deps=False install -y {{ role_packages.rocky | join(' ') }}
    - name: Bootstrap RHEL System
      when: os | lower in ['rhel8', 'rhel9']
      block:
        - name: Install base packages in chroot environment
          ansible.builtin.command: >-
--- a/roles/bootstrap/vars/packages.yml
+++ b/roles/bootstrap/vars/packages.yml
@ -1,201 +1,3 @@
 almalinux:
  - bind-utils
  - dbus-daemon
  - dhcp-client
  - efibootmgr
  - glibc-langpack-de
  - glibc-langpack-en
  - grub2
  - grub2-efi
  - lrzsz
  - lvm2
  - nc
  - nfs-utils
  - nfsv4-client-utils
  - mtr
  - open-vm-tools
  - ppp
  - shim
  - telnet
  - tmux
  - vim
  - wget
  - zram-generator
  - zstd
 archlinux:
  - base
  - btrfs-progs
  - cronie
  - dhcpcd
  - efibootmgr
  - firewalld
  - fish
  - fzf
  - grub
  - htop
  - libpwquality
  - linux
  - logrotate
  - lrzsz
  - lsof
  - lvm2
  - ncdu
  - neofetch
  - networkmanager
  - nfs-utils
  - open-vm-tools
  - openssh
  - ppp
  - prometheus-node-exporter
  - python-psycopg2
  - qemu-guest-agent
  - reflector
  - rsync
  - screen
  - sudo
  - tldr
  - vim
  - wireguard-tools
  - zram-generator
 debian11:
  base:
    - apparmor-utils
    - btrfs-progs
    - chrony
    - cron
    - gnupg
    - grub-efi
    - grub-efi-amd64-signed
    - grub2-common
    - linux-image-amd64
    - locales
    - logrotate
    - lvm2
    - net-tools
    - openssh-server
    - python3
    - sudo
    - xfsprogs
  extra:
    - bat
    - curl
    - entr
    - firewalld
    - fish
    - fzf
    - htop
    - jq
    - libpam-pwquality
    - lrzsz
    - mtr
    - ncdu
    - neofetch
    - network-manager
    - open-vm-tools
    - python-is-python3
    - ripgrep
    - rsync
    - screen
    - software-properties-common
    - syslog-ng
    - tcpd
    - tldr
    - vim
    - wget
    - zstd
 debian12:
  base:
    - btrfs-progs
    - cron
    - gnupg
    - grub-efi
    - grub-efi-amd64-signed
    - grub2-common
    - linux-image-amd64
    - locales
    - logrotate
    - lvm2
    - xfsprogs
  extra:
    - apparmor-utils
    - bat
    - chrony
    - curl
    - duf
    - entr
    - firewalld
    - fish
    - fzf
    - htop
    - jq
    - libpam-pwquality
    - logrotate
    - lrzsz
    - mtr
    - ncdu
    - neofetch
    - net-tools
    - network-manager
    - open-vm-tools
    - openssh-server
    - python-is-python3
    - python3
    - ripgrep
    - rsync
    - screen
    - software-properties-common
    - sudo
    - syslog-ng
    - systemd-zram-generator
    - tcpd
    - tldr
    - vim
    - wget
    - zstd
 fedora:
  - bat
  - bind-utils
  - btrfs-progs
  - cronie
  - dhcp-client
  - duf
  - dust
  - efibootmgr
  - entr
  - eza
  - fish
  - fzf
  - glibc-langpack-de
  - glibc-langpack-en
  - grub2
  - grub2-efi
  - htop
  - iperf3
  - logrotate
  - lrzsz
  - lvm2
  - nc
  - nfs-utils
  - nfsv4-client-utils
  - open-vm-tools
  - polkit
  - ppp
  - ripgrep
  - shim
  - telnet
  - tmux
  - vim-default-editor
  - wget
  - zoxide
  - zram-generator
  - zstd
 rhel8:
  - dhcp-client
  - efibootmgr
@ -228,145 +30,3 @@ rhel9:
  - vim
  - zram-generator
  - zstd
 rocky:
  - bind-utils
  - dbus-daemon
  - dhcp-client
  - efibootmgr
  - glibc-langpack-de
  - glibc-langpack-en
  - grub2
  - grub2-efi
  - lrzsz
  - lvm2
  - mtr
  - nc
  - nfs-utils
  - nfsv4-client-utils
  - open-vm-tools
  - ppp
  - shim
  - telnet
  - tmux
  - util-linux-core
  - vim
  - wget
  - zram-generator
  - zstd
 ubuntu:
  base:
    - btrfs-progs
    - cron
    - gnupg
    - grub-efi
    - grub-efi-amd64-signed
    - grub2-common
    - initramfs-tools
    - linux-image-generic
    - locales
    - lvm2
    - xfsprogs
  extra:
    - apparmor-utils
    - bash-completion
    - bat
    - chrony
    - curl
    - dnsutils
    - duf
    - entr
    - eza
    - fdupes
    - fio
    - firewalld
    - fish
    - htop
    - jq
    - libpam-pwquality
    - logrotate
    - lrzsz
    - mtr
    - ncdu
    - net-tools
    - network-manager
    - open-vm-tools
    - openssh-server
    - python-is-python3
    - python3
    - ripgrep
    - rsync
    - screen
    - software-properties-common
    - sudo
    - syslog-ng
    - systemd-zram-generator
    - tcpd
    - tldr
    - tmux
    - traceroute
    - vim
    - wget
    - yq
    - zoxide
    - zstd
 ubuntu-lts:
  base:
    - btrfs-progs
    - cron
    - gnupg
    - grub-efi
    - grub-efi-amd64-signed
    - grub2-common
    - initramfs-tools
    - linux-image-generic
    - locales
    - lvm2
    - xfsprogs
  extra:
    - apparmor-utils
    - bash-completion
    - bat
    - chrony
    - curl
    - dnsutils
    - duf
    - entr
    - eza
    - fdupes
    - fio
    - firewalld
    - fish
    - htop
    - jq
    - libpam-pwquality
    - logrotate
    - lrzsz
    - mtr
    - ncdu
    - net-tools
    - network-manager
    - open-vm-tools
    - openssh-server
    - python-is-python3
    - python3
    - ripgrep
    - rsync
    - screen
    - software-properties-common
    - sudo
    - syslog-ng
    - systemd-zram-generator
    - tcpd
    - tldr
    - tmux
    - traceroute
    - vim
    - wget
    - yq
    - zoxide
    - zstd
--- a/roles/cis/tasks/main.yml
+++ b/roles/cis/tasks/main.yml
@ -91,17 +91,15 @@
        - { path: /mnt/etc/security/pwquality.conf, content: ucredit = -1 }
        - { path: /mnt/etc/security/pwquality.conf, content: ocredit = -1 }
        - { path: /mnt/etc/security/pwquality.conf, content: lcredit = -1 }
-        - { path: '/mnt/etc/{{ "bashrc" if os in ["almalinux", "fedora", "rhel8", "rhel9", "rocky"] else "bash.bashrc" }}', content: umask 077 }
+        - { path: '/mnt/etc/bashrc', content: umask 077 }
-        - { path: '/mnt/etc/{{ "bashrc" if os in ["almalinux", "fedora", "rhel8", "rhel9", "rocky"] else "bash.bashrc" }}', content: export TMOUT=3000 }
+        - { path: '/mnt/etc/bashrc', content: export TMOUT=3000 }
-        - { path: '/mnt/{{ "usr/lib/systemd/journald.conf" if os == "fedora" else "etc/systemd/journald.conf" }}', content: Storage=persistent }
+        - { path: '/mnt/etc/systemd/journald.conf', content: Storage=persistent }
        - { path: /mnt/etc/sudoers, content: Defaults        logfile="/var/log/sudo.log" }
        - { path: /mnt/etc/pam.d/su, content: auth required pam_wheel.so }
-        - { path: '/mnt/etc/{{ "pam.d/common-auth" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
+        - { path: '/mnt/etc/pam.d/system-auth',
            else "authselect/system-auth" if os == "fedora" else "pam.d/system-auth" }}',
            content: auth required pam_faillock.so onerr=fail audit silent deny=5 unlock_time=900 }
-        - { path: '/mnt/etc/{{ "pam.d/common-account" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "authselect/system-auth"
+        - { path: '/mnt/etc/pam.d/system-auth', content: account required pam_faillock.so }
-            if os == "fedora" else "pam.d/system-auth" }}', content: account required pam_faillock.so }
+        - { path: '/mnt/etc/pam.d/passwd',
        - { path: '/mnt/etc/pam.d/{{ "common-password" if os in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "passwd" }}',
            content: "password [success=1 default=ignore] pam_unix.so obscure sha512 remember=5" }
        - { path: /mnt/etc/hosts.deny, content: "ALL: ALL" }
        - { path: /mnt/etc/hosts.allow, content: "sshd: ALL" }
@ -122,10 +120,10 @@
          { "path": "/mnt/etc/cron.d", "mode": "0700" },
          { "path": "/mnt/etc/crontab", "mode": "0600" },
          { "path": "/mnt/etc/logrotate.conf", "mode": "0644" },
-          { "path": "/mnt/usr/sbin/pppd", "mode": "0754" } if os not in ["rhel8", "rhel9"] else None,
+          { "path": "/mnt/usr/sbin/pppd", "mode": "0754" },
-          { "path": "/mnt/usr/bin/" + ("fusermount3" if os in ["almalinux", "archlinux", "debian12", "fedora", "rhel9", "rocky"]
+          { "path": "/mnt/usr/bin/" + ("fusermount3" if os in ["rhel9"]
            else "fusermount"), "mode": "755" },
-          { "path": "/mnt/usr/bin/" + ("write.ul" if os == "debian11" else "write"), "mode": "755" }
+          { "path": "/mnt/usr/bin/write", "mode": "755" }
        ] | reject("none") }}
    - name: Adjust SSHD config
--- a/roles/cleanup/tasks/main.yml
+++ b/roles/cleanup/tasks/main.yml
@ -4,31 +4,7 @@
  vars:
    ansible_connection: ssh
 - name: Setup Cleanup
  when: hypervisor == "proxmox"
  delegate_to: localhost
  become: false
  block:
    - name: Cleanup Setup Disks
      community.general.proxmox_disk:
        api_host: "{{ hypervisor_url }}"
        api_user: "{{ hypervisor_username }}"
        api_password: "{{ hypervisor_password }}"
        name: "{{ hostname }}"
        vmid: "{{ vm_id }}"
        disk: "{{ item }}"
        state: absent
      loop:
        - ide0
        - ide2
    - name: Reboot system
      ansible.builtin.command: reboot
      failed_when: false
      changed_when: false
 - name: Clean vCenter VM
  when: hypervisor == "vmware"
  delegate_to: localhost
  become: false
  block:
@ -66,39 +42,3 @@
        datacenter: "{{ hypervisor_cluster }}"
        name: "{{ hostname }}"
        state: powered-on
 - name: Remove Archiso and cloud-init disks
  when: hypervisor == "libvirt"
  delegate_to: localhost
  become: false
  block:
    - name: Remove cloud-init disk
      ansible.builtin.file:
        path: "{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}-cloudinit.iso"
        state: absent
    - name: Get list of CD-ROM devices
      ansible.builtin.shell: set -o pipefail && virsh --connect qemu:///system domblklist {{ hostname }} --details | grep 'cdrom' | awk '{print $3}'
      changed_when: false
      register: cdrom_devices
    - name: Wait for VM to spin down
      ansible.builtin.wait_for:
        timeout: 15
    - name: Remove CD-ROM devices
      when: cdrom_devices.stdout_lines | length > 0
      ansible.builtin.command: virsh --connect qemu:///system detach-disk {{ hostname }} {{ item }} --persistent
      with_items: "{{ cdrom_devices.stdout_lines | select('ne', 'sdc') | list }}"
      changed_when: result.rc == 0
      register: result
    - name: Start the VM
      community.libvirt.virt:
        name: "{{ hostname }}"
        state: running
    - name: Wait for VM to boot up
      delegate_to: "{{ inventory_hostname }}"
      ansible.builtin.wait_for_connection:
        timeout: 300
--- a/roles/configuration/tasks/main.yml
+++ b/roles/configuration/tasks/main.yml
@ -6,13 +6,6 @@
      changed_when: result.rc == 0
      register: result
    - name: Remove depricated attr2 and disable large extent
      when: os in ["almalinux", "rhel8", "rhel9", "rocky"] and filesystem == "xfs"
      ansible.builtin.replace:
        path: /mnt/etc/fstab
        regexp: '(xfs.*?)(attr2)'
        replace: '\1allocsize=64m'
    - name: Replace ISO UUID entry with /dev/sr0 in fstab
      when: os in ["rhel8", "rhel9"]
      ansible.builtin.lineinfile:
@ -24,7 +17,6 @@
        backrefs: true
    - name: Write image from RHEL ISO to the target machine
      when: os in ["rhel8", "rhel9"] and hypervisor == 'vmware'
      ansible.builtin.command: dd if=/dev/sr1 of=/mnt/usr/local/install/redhat/rhel.iso bs=4M
      changed_when: result.rc == 0
      register: result
@ -51,21 +43,6 @@
    - name: Setup locales
      block:
        - name: Configure locale.gen
          when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
          ansible.builtin.lineinfile:
            dest: /mnt/etc/locale.gen
            regexp: "{{ item.regex }}"
            line: "{{ item.line }}"
          loop:
            - { regex: en_US\.UTF-8 UTF-8, line: en_US.UTF-8 UTF-8 }
        - name: Generate locales
          when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
          ansible.builtin.command: arch-chroot /mnt /usr/sbin/locale-gen
          changed_when: result.rc == 0
          register: result
        - name: Set hostname
          ansible.builtin.copy:
            content: "{{ hostname }}"
@ -103,72 +80,27 @@
            replace: "PermitRootLogin yes"
    - name: Enable Systemd Services
-      ansible.builtin.command: >
+      ansible.builtin.command: arch-chroot /mnt systemctl enable NetworkManager sshd
        arch-chroot /mnt systemctl enable NetworkManager
        {{
          ' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
          (' sshd' if os | lower not in ['debian11', 'debian12'] else '')
        }}
        {{
          'logrotate systemd-resolved systemd-timesyncd systemd-networkd'
          if os | lower == 'archlinux' else ''
        }}
      changed_when: result.rc == 0
      register: result
    - name: Configure grub
      when: os | lower not in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rocky']
      block:
        - name: Add commandline information to grub config
          ansible.builtin.lineinfile:
            dest: /mnt/etc/default/grub
            regexp: ^GRUB_CMDLINE_LINUX_DEFAULT=
            line: GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3"
        - name: Change Grub time
          ansible.builtin.lineinfile:
            dest: /mnt/etc/default/grub
            regexp: ^GRUB_TIMEOUT=
            line: GRUB_TIMEOUT=1
    - name: Configure Bootloader
      block:
        - name: Install Bootloader
-          ansible.builtin.command: arch-chroot /mnt
+          ansible.builtin.command: arch-chroot /mnt /usr/sbin/efibootmgr -c -L '{{ os }}'
-            {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %} /usr/sbin/efibootmgr
+            -d "{{ install_drive }}" -p 1
-            -c -L '{{ os }}' -d "{{ install_drive }}" -p 1
+            -l '\efi\EFI\redhat\shimx64.efi'
            -l '\efi\EFI\{% if os | lower in ["rhel8", "rhel9"] %}redhat{% else %}{{ os | lower }}{% endif %}\shimx64.efi'
            {% else %}/usr/sbin/grub-install --target=x86_64-efi --efi-directory={{ "/boot/efi" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot" }}
            --bootloader-id={{ "ubuntu" if os | lower in ["ubuntu", "ubuntu-lts"] else os }}
            {% endif %}
          changed_when: result.rc == 0
          register: result
        - name: Generate grub config
-          ansible.builtin.command: arch-chroot /mnt
+          ansible.builtin.command: arch-chroot /mnt /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
            {% if os | lower not in ["archlinux", "debian11", "debian12", "ubuntu", "ubuntu-lts"] %}
            /usr/sbin/grub2-mkconfig -o /boot/efi/EFI/{% if os | lower in ["rhel8", "rhel9"] %}redhat{% else %}{{ os | lower }}{% endif %}/grub.cfg
            {% else %}
            /usr/sbin/grub-mkconfig -o {{ "/boot/efi/EFI/ubuntu/grub.cfg" if os | lower in ["ubuntu", "ubuntu-lts"] else "/boot/grub/grub.cfg" }}
            {% endif %}
          changed_when: result.rc == 0
          register: result
        - name: Ensure lvm2 for non btrfs filesystems
          when: os | lower == "archlinux" and filesystem != "btrfs"
          ansible.builtin.lineinfile:
            path: /mnt/etc/mkinitcpio.conf
            regexp: '^(HOOKS=.*block)(?!.*lvm2)(.*)'
            line: '\1 lvm2\2'
            backrefs: true
        - name: Regenerate initramfs
          when: os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts"]
-          ansible.builtin.command: arch-chroot /mnt
+          ansible.builtin.command: arch-chroot /mnt /usr/bin/dracut --regenerate-all --force
            {% if os | lower == "archlinux" %} /usr/sbin/mkinitcpio -P
            {% elif os | lower not in ["debian11", "debian12", "ubuntu", "ubuntu-lts", "archlinux"] %} /usr/bin/dracut --regenerate-all --force
            {% else %} echo "Skipping initramfs regeneration"
            {% endif %}
          changed_when: result.rc == 0
          register: result
@ -177,8 +109,7 @@
        - name: Append vim configurations to vimrc
          failed_when: false
          ansible.builtin.blockinfile:
-            path: "{{ '/mnt/etc/vim/vimrc' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts']
+            path: "/mnt/etc/vimrc"
                  else '/mnt/etc/vimrc' }}"
            block: |
              set encoding=utf-8
              set number
@ -202,7 +133,7 @@
            mode: '0644'
        - name: Create zram config
-          when: os not in ['debian11', 'rhel8']
+          when: os not in ['rhel8']
          ansible.builtin.copy:
            dest: /mnt/etc/systemd/zram-generator.conf
            content: |
@ -214,7 +145,6 @@
            mode: '0644'
        - name: Copy FirstRun Script
          when: os | lower != "archlinux"
          ansible.builtin.template:
            src: firstrun.sh.j2
            dest: /mnt/root/firstrun.sh
@ -249,20 +179,12 @@
            dest: /mnt/etc/NetworkManager/system-connections/LAN.nmconnection
            mode: "0600"
        - name: Fix Ubuntu unmanaged devices
          when: os | lower in ["ubuntu", "ubuntu-lts"]
          ansible.builtin.file:
            path: /mnt/etc/NetworkManager/conf.d/10-globally-managed-devices.conf
            state: touch
            mode: '0644'
    - name: Setup user account
      block:
        - name: Create user account
          ansible.builtin.command: "{{ item }}"
          with_items:
-            - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups
+            - arch-chroot /mnt /usr/sbin/useradd --create-home --user-group --groups wheel
              {{ "sudo" if os | lower in ["debian11", "debian12", "ubuntu", "ubuntu-lts"] else "wheel" }}
              {{ user_name }} --password {{ user_password | password_hash('sha512') }} --shell /bin/bash
            - arch-chroot /mnt /usr/sbin/usermod --password '{{ root_password | password_hash('sha512') }}' root --shell /bin/bash
          changed_when: result.rc == 0
@ -280,22 +202,12 @@
    - name: Give sudo access to wheel group
      ansible.builtin.copy:
-        content: "{{ '%sudo ALL=(ALL) ALL' if os | lower in ['debian11', 'debian12', 'ubuntu', 'ubuntu-lts'] else '%wheel ALL=(ALL) ALL' }}"
+        content: "%wheel ALL=(ALL) ALL"
        dest: /mnt/etc/sudoers.d/01-wheel
        mode: "0440"
        validate: /usr/sbin/visudo --check --file=%s
    - name: Fix SELinux
-      block:
+      ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot"
-        - name: Relabel the filesystem
+      changed_when: result.rc == 0
-          when: os | lower in ['almalinux', 'rhel8', 'rhel9', 'rocky']
+      register: result
          ansible.builtin.command: "arch-chroot /mnt /sbin/fixfiles onboot"
          changed_when: result.rc == 0
          register: result
        - name: Disable SELinux
          when: os | lower == "fedora"
          ansible.builtin.lineinfile:
            path: /mnt/etc/selinux/config
            regexp: ^SELINUX=
            line: SELINUX=permissive
--- a/roles/environment/tasks/main.yml
+++ b/roles/environment/tasks/main.yml
@ -21,19 +21,16 @@
      when: not archiso_stat.stat.exists
    - name: Setect Interface
      when: hypervisor == "vmware"
      ansible.builtin.shell: "set -o pipefail && ip l | awk -F': ' '!/lo/{print $2; exit}'"
      changed_when: interface_name.rc == 0
      register: interface_name
    - name: Set IP-Address
      when: hypervisor == "vmware"
      ansible.builtin.command: "ip addr replace {{ ansible_host }}/{{ vm_nms | default(24) }} dev {{ interface_name.stdout }}"
      changed_when: result.rc == 0
      register: result
    - name: Set Default Gateway
      when: hypervisor == "vmware"
      ansible.builtin.command: "ip route replace default via {{ vm_gw }}"
      changed_when: result.rc == 0
      register: result
@ -44,7 +41,7 @@
      register: result
    - name: Configure SSH for root login
-      when: hypervisor == "vmware" and vmware_ssh | bool
+      when: vmware_ssh | bool
      block:
        - name: Allow empty passwords temporarily
          ansible.builtin.replace:
@ -85,15 +82,11 @@
      community.general.pacman:
        update_cache: true
        force: true
-        name: "{{ item.name }}"
+        name: "{{ item }}"
        state: latest
      loop:
-        - { name: glibc }
+        - glibc
-        - { name: dnf, os: [almalinux, fedora, rhel9, rhel8, rocky] }
+        - dnf
        - { name: debootstrap, os: [debian11, debian12, ubuntu, ubuntu-lts] }
        - { name: debian-archive-keyring, os: [debian11, debian12] }
        - { name: ubuntu-keyring, os: [ubuntu, ubuntu-lts] }
      when: "'os' not in item or os in item.os"
      retries: 4
      delay: 15
@ -108,14 +101,13 @@
        - name: Mount RHEL ISO
          ansible.posix.mount:
-            src: "{{ '/dev/sr1' if hypervisor == 'vmware' else '/dev/sr2' }}"
+            src: "/dev/sr1"
            path: /usr/local/install/redhat/dvd
            fstype: iso9660
            opts: "ro,loop"
            state: mounted
    - name: Configure RHEL Repos for installation
      when: os | lower in ["almalinux", "fedora", "rhel8", "rhel9", "rocky"]
      block:
        - name: Create directories for repository files and RPM GPG keys
          ansible.builtin.file:
--- a/roles/partitioning/tasks/btrfs.yml
+++ b/roles/partitioning/tasks/btrfs.yml
@ -1,56 +0,0 @@
 ---
 - name: Setup BTRFS
  block:
    - name: Create btrfs filesystem in main volume
      community.general.filesystem:
        dev: "{{ install_drive }}{{ main_partition_suffix }}"
        fstype: btrfs
        force: true
    - name: Prepare BTRFS Subvolume
      ansible.posix.mount:
        path: /mnt
        src: "{{ install_drive }}{{ main_partition_suffix }}"
        fstype: btrfs
        opts: rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async
        state: mounted
    - name: Enable quotas on Btrfs filesystem
      ansible.builtin.command: btrfs quota enable /mnt
      changed_when: result.rc == 0
      register: result
    - name: Make root subvolumes
      when: cis | bool or item.subvol not in ['var_log_audit']
      ansible.builtin.command: btrfs su cr /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
      changed_when: result.rc == 0
      register: result
      loop:
        - { subvol: root }
        - { subvol: swap }
        - { subvol: home }
        - { subvol: var }
        - { subvol: var_log }
        - { subvol: var_log_audit }
    - name: Set quotas for subvolumes
      when: cis | bool or item.subvol not in ['var_log_audit']
      ansible.builtin.command: btrfs qgroup limit {{ item.quota }} /mnt/{{ '@' if item.subvol == 'root' else '@' + item.subvol }}
      changed_when: result.rc == 0
      register: result
      loop:
        - { subvol: home, quota: 2G }
    - name: Create a Btrfs swap file
      ansible.builtin.command: >-
        btrfs filesystem mkswapfile --size {{ ((vm_memory | float / 1024 >= 16.0) | ternary((vm_memory
        | float / 2048) | int, [vm_memory | float / 1024, 4.0] | max) | int) }}g --uuid clear /mnt/@swap/swapfile
      changed_when: result.rc == 0
      register: result
    - name: Unmount Partition
      ansible.posix.mount:
        path: /mnt
        src: "{{ install_drive }}{{ main_partition_suffix }}"
        fstype: btrfs
        state: unmounted
--- a/roles/partitioning/tasks/ext4.yml
+++ b/roles/partitioning/tasks/ext4.yml
@ -11,15 +11,3 @@
    - { lv: var }
    - { lv: var_log }
    - { lv: var_log_audit }
 - name: Remove Unsupported features for older Systems
  when: (os | lower in ['almalinux', 'debian11', 'rhel8', 'rhel9', 'rocky']) and (cis | bool or item.lv not in ['home', 'var', 'var_log', 'var_log_audit'])
  ansible.builtin.command: tune2fs -O "^orphan_file,^metadata_csum_seed" "/dev/sys/{{ item.lv }}"
  changed_when: result.rc == 0
  register: result
  loop:
    - { lv: root }
    - { lv: home }
    - { lv: var }
    - { lv: var_log }
    - { lv: var_log_audit }
--- a/roles/partitioning/tasks/main.yml
+++ b/roles/partitioning/tasks/main.yml
@ -28,7 +28,6 @@
        - { number: 2, part_start: 500MiB, name: root }
 - name: Create LVM logical volumes
  when: filesystem != 'btrfs'
  block:
    - name: Create LVM volume group
      community.general.lvg:
@ -92,7 +91,6 @@
        force: true
    - name: Create swap filesystem
      when: filesystem != 'btrfs'
      community.general.filesystem:
        fstype: swap
        dev: /dev/sys/swap
@ -111,7 +109,7 @@
      register: main_uuid
    - name: Get UUIDs for LVM filesystems
-      when: filesystem != 'btrfs' and (cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit'])
+      when: cis | bool or item not in ['home', 'var', 'var_log', 'var_log_audit']
      ansible.builtin.command: blkid -s UUID -o value /dev/sys/{{ item }}
      changed_when: false
      register: uuid_result
@ -124,7 +122,6 @@
        - var_log_audit
    - name: Assign UUIDs to Variables
      when: filesystem != 'btrfs'
      ansible.builtin.set_fact:
        uuid_root: "{{ uuid_result.results[0].stdout_lines }}"
        uuid_swap: "{{ uuid_result.results[1].stdout_lines }}"
@ -139,7 +136,6 @@
      when:
        - cis | bool or (not cis and (item.path == '/var/log' and filesystem == 'btrfs')
          or (item.path not in ['/home', '/var', '/var/log', '/var/log/audit']))
        - not (item.path == '/swap' and filesystem != 'btrfs')
      ansible.posix.mount:
        path: /mnt{{ item.path }}
        src: "{{ 'UUID=' + (main_uuid.stdout if filesystem == 'btrfs' else item.uuid) }}"
@ -149,25 +145,20 @@
      loop:
        - path: ""
          uuid: "{{ uuid_root[0] | default(omit) }}"
-          opts: "{{ 'defaults' if filesystem != 'btrfs' else 'rw,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@' }}"
+          opts: "defaults"
        - path: /swap
          opts: "rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@swap"
        - path: /home
          uuid: "{{ uuid_home[0] | default(omit) }}"
          opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
                else 'rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@home' }}"
        - path: /var
          uuid: "{{ uuid_var[0] | default(omit) }}"
-          opts: "{{ 'defaults,nosuid,nodev' if filesystem != 'btrfs'
+          opts: "defaults,nosuid,nodev"
                else 'rw,nosuid,nodev,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var' }}"
        - path: /var/log
          uuid: "{{ uuid_var_log[0] | default(omit) }}"
-          opts: "{{ 'defaults,nosuid,nodev,noexec' if filesystem != 'btrfs'
+          opts: "defaults,nosuid,nodev,noexec"
                else 'rw,nosuid,nodev,noexec,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var_log' }}"
        - path: /var/log/audit
          uuid: "{{ uuid_var_log_audit[0] | default(omit) }}"
-          opts: "{{ 'defaults,nosuid,nodev,noexec' if filesystem != 'btrfs'
+          opts: "defaults,nosuid,nodev,noexec"
                else 'rw,nosuid,nodev,noexec,relatime,compress=zstd:15,ssd,space_cache=v2,discard=async,subvol=@var_log_audit' }}"
    - name: Mount tmp and var_tmp filesystems
      ansible.posix.mount:
@ -182,12 +173,12 @@
    - name: Mount boot filesystem
      ansible.posix.mount:
-        path: "{{ '/mnt/boot/efi' if os | lower in ['rhel8', 'ubuntu', 'ubuntu-lts'] else '/mnt/boot' }}"
+        path: "{{ '/mnt/boot/efi' if os | lower in ['rhel8'] else '/mnt/boot' }}"
        src: UUID={{ boot_uuid.stdout }}
        fstype: vfat
        state: mounted
    - name: Activate swap
-      ansible.builtin.command: "{{ 'swapon /mnt/swap/swapfile' if filesystem == 'btrfs' else 'swapon -U ' + uuid_swap[0] }}"
+      ansible.builtin.command: "{{ 'swapon -U ' + uuid_swap[0] }}"
      changed_when: result.rc == 0
      register: result
--- a/roles/virtualization/tasks/libvirt.yml
+++ b/roles/virtualization/tasks/libvirt.yml
@ -1,50 +0,0 @@
 ---
 - name: Check if VM disk exists
  delegate_to: localhost
  ansible.builtin.stat:
    path: "{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2"
  register: vm_disk_stat
 - name: Create VM disk
  when: not vm_disk_stat.stat.exists
  delegate_to: localhost
  ansible.builtin.command: qemu-img create -f qcow2 {{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2 {{ vm_size }}G
  changed_when: result.rc == 0
  register: result
 - name: Generate Random MAC Address
  delegate_to: localhost
  ansible.builtin.shell: set -o pipefail && openssl rand -hex 5 | sed 's/\(..\)/\1:/g; s/.$//' | sed 's/^/02:/'
  changed_when: false
  register: mac_address_output
 - name: Render cloud config templates
  delegate_to: localhost
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml
    mode: '0644'
  loop:
    - { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data }
    - { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config }
 - name: Create cloud-init disk
  delegate_to: localhost
  ansible.builtin.command: >
    cloud-localds {{ vm_path | default('/var/lib/libvirt/images/') }}/{{ hostname }}-cloudinit.iso
    /tmp/cloud-user-data-{{ hostname }}.yml
    -N /tmp/cloud-network-config-{{ hostname }}.yml
  changed_when: result.rc == 0
  register: result
 - name: Create VM using libvirt
  delegate_to: localhost
  community.libvirt.virt:
    command: define
    xml: "{{ lookup('template', 'vm.xml.j2') }}"
 - name: Start vm
  delegate_to: localhost
  community.libvirt.virt:
    name: "{{ hostname }}"
    state: running
--- a/roles/virtualization/tasks/proxmox.yml
+++ b/roles/virtualization/tasks/proxmox.yml
@ -1,51 +0,0 @@
 ---
 - name: Deploy VM on Proxmox
  delegate_to: localhost
  community.general.proxmox_kvm:
    api_host: "{{ hypervisor_url }}"
    api_user: "{{ hypervisor_username }}"
    api_password: "{{ hypervisor_password }}"
    ciuser: "{{ user_name }}"
    cipassword: "{{ user_password }}"
    ciupgrade: false
    node: "{{ hypervisor_node }}"
    vmid: "{{ vm_id }}"
    name: "{{ hostname }}"
    cpu: host
    cores: "{{ vm_cpus }}"
    memory: "{{ vm_memory }}"
    balloon: "{{ vm_ballo | default(omit) }}"
    numa_enabled: true
    hotplug: network,disk
    bios: ovmf
    boot: ac
    scsihw: virtio-scsi-single
    scsi:
      scsi0: "{{ hypervisor_storage }}:{{ vm_size }}"
    efidisk0:
      efitype: 4m
      format: raw
      pre_enrolled_keys: false
      storage: "{{ hypervisor_storage }}"
    ide:
      ide0: "{{ boot_iso }},media=cdrom"
      ide1: "{{ rhel_iso | default(omit) }},media=cdrom"
      ide2: "{{ hypervisor_storage }}:cloudinit"
    net:
      net0: virtio,bridge={{ vm_nif }}{% if vlan_name is defined and vlan_name %},tag={{ vlan_name }}{% endif %}
    ipconfig:
      ipconfig0: ip={{ vm_ip }},gw={{ vm_gw }}
    nameservers: "{{ vm_dns }}"
    onboot: true
    state: present
 - name: Start VM on Proxmox
  delegate_to: localhost
  community.general.proxmox_kvm:
    api_host: "{{ hypervisor_url }}"
    api_user: "{{ hypervisor_username }}"
    api_password: "{{ hypervisor_password }}"
    node: "{{ hypervisor_node }}"
    name: "{{ hostname }}"
    vmid: "{{ vm_id }}"
    state: started
--- a/roles/virtualization/tasks/vmware.yml
+++ b/roles/virtualization/tasks/vmware.yml
@ -27,12 +27,6 @@
        state: present
        type: iso
        iso_path: "{{ boot_iso }}"
      - controller_number: 0
        unit_number: 1
        controller_type: sata
        state: present
        type: iso
        iso_path: "{{ rhel_iso | default(omit) }}"
    networks:
      - name: "{{ vm_nif }}"
        type: dhcp
--- a/roles/virtualization/templates/cloud-network-config.yml.j2
+++ b/roles/virtualization/templates/cloud-network-config.yml.j2
@ -1,11 +0,0 @@
 network:
  version: 2
  ethernets:
    id0:
      match:
        macaddress: "{{ mac_address_output.stdout }}"
      addresses:
        - "{{ vm_ip }}"
      gateway4: "{{ vm_gw }}"
      nameservers:
        addresses: ['1.1.1.1', '1.0.0.1']
--- a/roles/virtualization/templates/cloud-user-data.yml.j2
+++ b/roles/virtualization/templates/cloud-user-data.yml.j2
@ -1,10 +0,0 @@
 #cloud-config
 hostname: "archiso"
 ssh_pwauth: true
 users:
  - name: "{{ user_name }}"
    primary_group: "{{ user_name }}"
    groups: users
    sudo: ALL=(ALL) NOPASSWD:ALL
    passwd: "{{ user_password | password_hash('sha512') }}"
    lock_passwd: False
--- a/roles/virtualization/templates/vm.xml.j2
+++ b/roles/virtualization/templates/vm.xml.j2
@ -1,62 +0,0 @@
 <domain type='kvm'>
  <name>{{ hostname }}</name>
  <memory>{{ vm_memory | int * 1024 }}</memory>
  {% if vm_ballo is defined %}<currentMemory>{{ vm_ballo | int * 1024 }}</currentMemory>{% endif %}
  <vcpu placement='static'>{{ vm_cpus }}</vcpu>
  <os>
    <type arch='x86_64' machine="pc-q35-8.0">hvm</type>
    <bootmenu enable='no'/>
    <boot dev='hd'/>
    <boot dev='cdrom'/>
    <loader readonly="yes" type="pflash">/usr/share/edk2/x64/OVMF_CODE.secboot.fd</loader>
    <nvram template="/usr/share/edk2/x64/OVMF_VARS.fd"/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <cpu mode="host-passthrough" check="none" migratable="on"/>
  <clock offset="utc"/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}.qcow2'/>
      <target dev='vda' bus='virtio'/>
    </disk>
    <disk type="file" device="cdrom">
      <driver name="qemu" type="raw"/>
      <source file="{{ boot_iso }}"/>
      <target dev="sda" bus="sata"/>
    </disk>
    <disk type="file" device="cdrom">
      <driver name="qemu" type="raw"/>
      <source file="{{ vm_path | default('/var/lib/libvirt/images/') }}{{ hostname }}-cloudinit.iso"/>
      <target dev="sdb" bus="sata"/>
    </disk>
    {% if rhel_iso is defined %}
    <disk type="file" device="cdrom">
      <driver name="qemu" type="raw"/>
      <source file="{{ rhel_iso }}"/>
      <target dev="sdc" bus="sata"/>
    </disk>
    {% endif %}
    <interface type='network'>
      <mac address="{{ mac_address_output.stdout }}"/>
      <source network='default'/>
      <model type='virtio'/>
    </interface>
    <input type="tablet" bus="usb"/>
    <input type="mouse" bus="ps2"/>
    <input type="keyboard" bus="ps2"/>
    <graphics type='spice' autoport="yes">
      <listen type="address"/>
    </graphics>
    <video>
      <model type="virtio" heads="1" primary="yes"/>
    </video>
  </devices>
 </domain>
--- a/templates/almalinux.repo.j2
+++ b/templates/almalinux.repo.j2
@ -1,43 +0,0 @@
 [alma-appstream]
 name=AlmaLinux $releasever - AppStream
 mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/appstream
 # baseurl=https://repo.almalinux.org/almalinux/$releasever/AppStream/$basearch/os/
 enabled=1
 gpgcheck=1
 countme=1
 gpgkey=https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-$releasever
 metadata_expire=86400
 enabled_metadata=1
 [alma-baseos]
 name=AlmaLinux $releasever - BaseOS
 mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/baseos
 # baseurl=https://repo.almalinux.org/almalinux/$releasever/BaseOS/$basearch/os/
 enabled=1
 gpgcheck=1
 countme=1
 gpgkey=https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-$releasever
 metadata_expire=86400
 enabled_metadata=1
 [alma-extras]
 name=AlmaLinux $releasever - Extras
 mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/extras
 # baseurl=https://repo.almalinux.org/almalinux/$releasever/extras/$basearch/os/
 enabled=1
 gpgcheck=1
 countme=1
 gpgkey=https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-$releasever
 metadata_expire=86400
 enabled_metadata=0
 [alma-highavailability]
 name=AlmaLinux $releasever - HighAvailability
 mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/highavailability
 # baseurl=https://repo.almalinux.org/almalinux/$releasever/HighAvailability/$basearch/os/
 enabled=1
 gpgcheck=1
 countme=1
 gpgkey=https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-$releasever
 metadata_expire=86400
 enabled_metadata=0
--- a/templates/fedora.repo.j2
+++ b/templates/fedora.repo.j2
@ -1,25 +0,0 @@
 [fedora]
 name=Fedora $releasever - $basearch
 #baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
 metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
 enabled=1
 countme=1
 metadata_expire=86400
 repo_gpgcheck=0
 type=rpm
 gpgcheck=1
 gpgkey=https://getfedora.org/static/fedora.gpg
 skip_if_unavailable=False
 [fedora-updates]
 name=Fedora $releasever - $basearch - Updates
 #baseurl=http://download.example/pub/fedora/linux/updates/$releasever/Everything/$basearch/
 metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
 enabled=1
 countme=1
 repo_gpgcheck=0
 type=rpm
 gpgcheck=1
 metadata_expire=86400
 gpgkey=https://getfedora.org/static/fedora.gpg
 skip_if_unavailable=False
--- a/templates/rocky.repo.j2
+++ b/templates/rocky.repo.j2
@ -1,10 +0,0 @@
 [rocky-baseos]
 name=Rocky Linux $releasever - BaseOS
 mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever
 #baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
 gpgcheck=1
 enabled=1
 countme=1
 gpgkey=https://dl.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-$releasever
 metadata_expire=86400
 enabled_metadata=1
--- a/vars_example.yml
+++ b/vars_example.yml
@ -7,8 +7,7 @@ hypervisor_username: "root@pam"
 hypervisor_password: "SomePassword"
 hypervisor_node:     "NodeName"
 hypervisor_storage:  "local-btrfs"
-boot_iso: "local-btrfs:iso/archlinux-x86_64.iso"
+boot_iso: "local-btrfs:rhel-9.4-x86_64-dvd.iso"
 rhel_iso: "local-btrfs:rhel-9.4-x86_64-dvd.iso"
 # For VMware-Tools
 ansible_vmware_host: "{{ hypervisor_url }}"
Author	SHA1	Message	Date
Sandwich	cdf2b9fdd7	Adjust examples	2024-11-07 15:02:49 +01:00
Sandwich	6df7d5ccfc	Remove non RHEL configuration	2024-11-07 14:57:39 +01:00
Sandwich	75b0e41be6	Remove RHEL ISO variable	2024-11-07 14:26:02 +01:00
Sandwich	38defef1a0	Adjust README for RHEL systems	2024-11-07 14:19:52 +01:00