--- - name: Create and configure VMs hosts: all strategy: free # noqa: run-once[play] gather_facts: false become: true vars_prompt: - name: user_name prompt: | What is your username? private: false - name: user_public_key prompt: | What is your ssh key? private: false - name: user_password prompt: | What is your password? confirm: true - name: root_password prompt: | What is your root password? confirm: true vars_files: vars.yml pre_tasks: - name: Load global defaults ansible.builtin.import_role: name: global_defaults - name: Apply global defaults vars: global_defaults_hypervisor_value: >- {{ hypervisor if hypervisor is defined else global_defaults_hypervisor }} global_defaults_custom_iso_value: >- {{ custom_iso if custom_iso is defined else global_defaults_custom_iso }} global_defaults_cis_value: >- {{ cis if cis is defined else global_defaults_cis }} global_defaults_selinux_value: >- {{ selinux if selinux is defined else global_defaults_selinux }} global_defaults_vmware_ssh_value: >- {{ vmware_ssh if vmware_ssh is defined else global_defaults_vmware_ssh }} global_defaults_firewalld_enabled_value: >- {{ firewalld_enabled if firewalld_enabled is defined else global_defaults_firewalld_enabled }} global_defaults_luks_enabled_value: >- {{ luks_enabled if luks_enabled is defined else global_defaults_luks_enabled }} global_defaults_luks_mapper_name_value: >- {{ luks_mapper_name if luks_mapper_name is defined else global_defaults_luks_mapper_name }} global_defaults_luks_auto_decrypt_value: >- {{ luks_auto_decrypt if luks_auto_decrypt is defined else global_defaults_luks_auto_decrypt }} global_defaults_luks_auto_decrypt_method_value: >- {{ luks_auto_decrypt_method if luks_auto_decrypt_method is defined else global_defaults_luks_auto_decrypt_method }} global_defaults_luks_tpm2_device_value: >- {{ luks_tpm2_device if luks_tpm2_device is defined else global_defaults_luks_tpm2_device }} global_defaults_luks_tpm2_pcrs_value: >- {{ luks_tpm2_pcrs if luks_tpm2_pcrs is defined else global_defaults_luks_tpm2_pcrs }} global_defaults_luks_keyfile_size_value: >- {{ luks_keyfile_size if luks_keyfile_size is defined else global_defaults_luks_keyfile_size }} global_defaults_luks_options_value: >- {{ luks_options if luks_options is defined else global_defaults_luks_options }} global_defaults_luks_type_value: >- {{ luks_type if luks_type is defined else global_defaults_luks_type }} global_defaults_luks_cipher_value: >- {{ luks_cipher if luks_cipher is defined else global_defaults_luks_cipher }} global_defaults_luks_hash_value: >- {{ luks_hash if luks_hash is defined else global_defaults_luks_hash }} global_defaults_luks_iter_time_value: >- {{ luks_iter_time if luks_iter_time is defined else global_defaults_luks_iter_time }} global_defaults_luks_key_size_value: >- {{ luks_key_size if luks_key_size is defined else global_defaults_luks_key_size }} global_defaults_luks_pbkdf_value: >- {{ luks_pbkdf if luks_pbkdf is defined else global_defaults_luks_pbkdf }} global_defaults_luks_use_urandom_value: >- {{ luks_use_urandom if luks_use_urandom is defined else global_defaults_luks_use_urandom }} global_defaults_luks_verify_passphrase_value: >- {{ luks_verify_passphrase if luks_verify_passphrase is defined else global_defaults_luks_verify_passphrase }} ansible.builtin.set_fact: hypervisor: "{{ global_defaults_hypervisor_value }}" custom_iso: "{{ global_defaults_custom_iso_value }}" cis: "{{ global_defaults_cis_value }}" selinux: "{{ global_defaults_selinux_value }}" vmware_ssh: "{{ global_defaults_vmware_ssh_value }}" firewalld_enabled: "{{ global_defaults_firewalld_enabled_value }}" cis_enabled: "{{ global_defaults_cis_value | bool }}" custom_iso_enabled: "{{ global_defaults_custom_iso_value | bool }}" luks_enabled: "{{ global_defaults_luks_enabled_value }}" luks_mapper_name: "{{ global_defaults_luks_mapper_name_value }}" luks_auto_decrypt: "{{ global_defaults_luks_auto_decrypt_value }}" luks_auto_decrypt_method: "{{ global_defaults_luks_auto_decrypt_method_value }}" luks_tpm2_device: "{{ global_defaults_luks_tpm2_device_value }}" luks_tpm2_pcrs: "{{ global_defaults_luks_tpm2_pcrs_value }}" luks_keyfile_size: "{{ global_defaults_luks_keyfile_size_value }}" luks_options: "{{ global_defaults_luks_options_value }}" luks_type: "{{ global_defaults_luks_type_value }}" luks_cipher: "{{ global_defaults_luks_cipher_value }}" luks_hash: "{{ global_defaults_luks_hash_value }}" luks_iter_time: "{{ global_defaults_luks_iter_time_value }}" luks_key_size: "{{ global_defaults_luks_key_size_value }}" luks_pbkdf: "{{ global_defaults_luks_pbkdf_value }}" luks_use_urandom: "{{ global_defaults_luks_use_urandom_value }}" luks_verify_passphrase: "{{ global_defaults_luks_verify_passphrase_value }}" changed_when: false - name: Validate variables ansible.builtin.assert: that: - install_type is defined and install_type in ["virtual", "physical"] - hypervisor in ["libvirt", "proxmox", "vmware", "none"] - >- install_type is defined and ( install_type == "physical" or hypervisor in ["libvirt", "proxmox", "vmware"] ) - filesystem is defined and filesystem in ["btrfs", "ext4", "xfs"] - install_drive is defined and install_drive | length > 0 - hostname is defined and hostname | length > 0 - >- os is defined and os in [ "archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts" ] - >- os is defined and ( os not in ["rhel8", "rhel9", "rhel10"] or (rhel_iso is defined and rhel_iso | length > 0) ) - >- install_type is defined and ( install_type == "physical" or (boot_iso is defined and boot_iso | length > 0) ) - >- install_type is defined and ( install_type == "physical" or (vm_cpus is defined and (vm_cpus | int) > 0) ) - >- install_type is defined and ( install_type == "physical" or (vm_size is defined and (vm_size | float) > 0) ) - >- install_type is defined and ( install_type == "physical" or (vm_memory is defined and (vm_memory | float) > 0) ) - >- install_type is defined and filesystem is defined and ( install_type == "physical" or ( vm_size is defined and ( (filesystem == "btrfs" and (vm_size | int) >= 10) or (filesystem != "btrfs" and (vm_size | int) >= 20) ) ) ) - >- install_type is defined and ( install_type == "physical" or ( vm_size is defined and vm_memory is defined and ( (vm_size | float) >= ( (vm_memory | float / 1024 >= 16.0) | ternary( (vm_memory | float / 2048), [vm_memory | float / 1024, 4.0] | max ) + 16 ) ) ) ) - >- vm_ip is not defined or vm_ip | length == 0 or (vm_nms is defined and (vm_nms | int) > 0) fail_msg: Invalid input specified, please try again. - name: Set OS family flags ansible.builtin.set_fact: is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}" is_debian: "{{ os | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}" changed_when: false - name: Set Python interpreter for RHEL-based installers when: - ansible_python_interpreter is not defined - os | lower in ["almalinux", "rhel8", "rhel9", "rhel10", "rocky"] ansible.builtin.set_fact: ansible_python_interpreter: /usr/bin/python3 changed_when: false - name: Set SSH access when: - install_type == "virtual" - hypervisor != "vmware" ansible.builtin.set_fact: ansible_user: "{{ user_name }}" ansible_password: "{{ user_password }}" ansible_become_password: "{{ user_password }}" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - name: Set connection for VMware when: hypervisor == "vmware" ansible.builtin.set_fact: ansible_connection: vmware_tools roles: - role: virtualization when: install_type == "virtual" become: false vars: ansible_connection: local - role: environment vars: ansible_connection: "{{ 'vmware_tools' if hypervisor == 'vmware' else 'ssh' }}" - role: partitioning vars: partitioning_boot_partition_suffix: 1 partitioning_main_partition_suffix: 2 - role: bootstrap - role: configuration - role: cis when: cis_enabled - role: cleanup when: install_type in ["virtual", "physical"] become: false post_tasks: - name: Set post-reboot connection flags ansible.builtin.set_fact: post_reboot_can_connect: >- {{ (ansible_connection | default('ssh')) != 'ssh' or (vm_ip is defined and (vm_ip | string | length) > 0) or ( install_type == 'physical' and (ansible_host | default('') | string | length) > 0 ) }} changed_when: false - name: Set final SSH credentials for post-reboot tasks when: - post_reboot_can_connect | bool ansible.builtin.set_fact: ansible_user: "{{ user_name }}" ansible_password: "{{ user_password }}" ansible_become_password: "{{ user_password }}" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - name: Install post-reboot extra packages when: - post_reboot_can_connect | bool - extra_packages is defined - extra_packages | length > 0 block: - name: Normalize extra package list ansible.builtin.set_fact: post_install_extra_packages: >- {{ ( extra_packages if (extra_packages is iterable and extra_packages is not string) else (extra_packages | string).split(',') ) | map('trim') | reject('equalto', '') | list }} changed_when: false - name: Install extra packages when: post_install_extra_packages | length > 0 ansible.builtin.package: name: "{{ post_install_extra_packages }}" state: present