--- - name: Create and configure VMs hosts: all strategy: free # noqa: run-once[play] gather_facts: false become: true vars_prompt: - name: system_user_name prompt: | What is your username? private: false - name: system_user_public_key prompt: | What is your ssh key? private: false - name: system_user_password prompt: | What is your password? confirm: true - name: system_root_password prompt: | What is your root password? confirm: true pre_tasks: - name: Apply prompted authentication values to system input vars: system_input: "{{ system | default({}) }}" system_user_input: "{{ (system_input.user | default({})) if (system_input.user is mapping) else {} }}" system_root_input: "{{ (system_input.root | default({})) if (system_input.root is mapping) else {} }}" system_user_name_effective: >- {{ (system_user_input.name | default('') | string) if (system_user_input.name | default('') | string | length) > 0 else (system_user_name | default('') | string) }} system_user_public_key_effective: >- {{ (system_user_input.public_key | default('') | string) if (system_user_input.public_key | default('') | string | length) > 0 else (system_user_public_key | default('') | string) }} system_user_password_effective: >- {{ (system_user_input.password | default('') | string) if (system_user_input.password | default('') | string | length) > 0 else (system_user_password | default('') | string) }} system_root_password_effective: >- {{ (system_root_input.password | default('') | string) if (system_root_input.password | default('') | string | length) > 0 else (system_root_password | default('') | string) }} ansible.builtin.set_fact: system: >- {{ system_input | combine( { 'user': { 'name': system_user_name_effective, 'public_key': system_user_public_key_effective, 'password': system_user_password_effective }, 'root': { 'password': system_root_password_effective } }, recursive=True ) }} changed_when: false - name: Load global defaults ansible.builtin.import_role: name: global_defaults - name: Perform safety checks ansible.builtin.import_role: name: system_check roles: - role: virtualization when: system_cfg.type == "virtual" become: false vars: ansible_connection: local - role: environment vars: ansible_connection: "{{ 'vmware_tools' if hypervisor_type == 'vmware' else 'ssh' }}" - role: partitioning vars: partitioning_boot_partition_suffix: 1 partitioning_main_partition_suffix: 2 - role: bootstrap - role: configuration - role: cis when: system_cfg.features.cis.enabled | bool - role: cleanup when: system_cfg.type in ["virtual", "physical"] become: false post_tasks: - name: Set post-reboot connection flags ansible.builtin.set_fact: post_reboot_can_connect: >- {{ (ansible_connection | default('ssh')) != 'ssh' or ((system_cfg.ip | default('') | string | length) > 0) or ( system_cfg.type == 'physical' and (ansible_host | default('') | string | length) > 0 ) }} changed_when: false - name: Set final SSH credentials for post-reboot tasks when: - post_reboot_can_connect | bool ansible.builtin.set_fact: ansible_user: "{{ system_cfg.user.name }}" ansible_password: "{{ system_cfg.user.password }}" ansible_become_password: "{{ system_cfg.user.password }}" ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" - name: Install post-reboot packages when: - post_reboot_can_connect | bool - system_cfg.packages is defined - system_cfg.packages | length > 0 ansible.builtin.package: name: "{{ system_cfg.packages }}" state: present