78 lines
2.5 KiB
YAML
78 lines
2.5 KiB
YAML
---
|
|
- name: Validate bootstrap input
|
|
ansible.builtin.import_tasks: _validate.yml
|
|
|
|
- name: Create API filesystem mountpoints in installroot
|
|
when: os_family == 'RedHat'
|
|
ansible.builtin.file:
|
|
path: "/mnt/{{ item }}"
|
|
state: directory
|
|
mode: "0755"
|
|
loop:
|
|
- dev
|
|
- proc
|
|
- sys
|
|
|
|
- name: Mount API filesystems into installroot
|
|
when: os_family == 'RedHat'
|
|
ansible.posix.mount:
|
|
src: "{{ item.src }}"
|
|
path: "/mnt/{{ item.path }}"
|
|
fstype: "{{ item.fstype }}"
|
|
opts: "{{ item.opts | default(omit) }}"
|
|
state: ephemeral
|
|
loop:
|
|
- { src: proc, path: proc, fstype: proc }
|
|
- { src: sysfs, path: sys, fstype: sysfs }
|
|
- { src: /dev, path: dev, fstype: none, opts: bind }
|
|
- { src: devpts, path: dev/pts, fstype: devpts, opts: "gid=5,mode=620" }
|
|
loop_control:
|
|
label: "{{ item.path }}"
|
|
|
|
# Installers write their cache inside the installroot; redirect it off the 2 GiB CIS /var LV.
|
|
- name: Create bootstrap package-cache directory
|
|
ansible.builtin.file:
|
|
path: /mnt/.bootstrap-cache
|
|
state: directory
|
|
mode: "0755"
|
|
|
|
- name: Redirect package cache off the CIS /var LV
|
|
ansible.posix.mount:
|
|
src: /mnt/.bootstrap-cache
|
|
path: /mnt/var/cache
|
|
fstype: none
|
|
opts: bind
|
|
state: ephemeral
|
|
|
|
- name: Run OS-specific bootstrap process
|
|
vars:
|
|
bootstrap_var_key: "{{ 'bootstrap_' + (os | replace('-lts', '') | replace('-', '_')) }}"
|
|
ansible.builtin.include_tasks: "{{ bootstrap_os_task_map[os] }}"
|
|
|
|
# dnf --installroot never runs anaconda, so no authselect profile is selected and
|
|
# /etc/pam.d/system-auth is missing, leaving the system unable to authenticate.
|
|
# local is the right profile: local-auth only, no pam_sss.so, still CIS-capable.
|
|
- name: Select default authselect profile for the PAM stack
|
|
when: is_authselect | bool
|
|
ansible.builtin.command: "{{ chroot_command }} authselect select local --force"
|
|
register: bootstrap_authselect_result
|
|
changed_when: bootstrap_authselect_result.rc == 0
|
|
|
|
- name: Install hardware-matched firmware/microcode/GPU/peripheral packages
|
|
when: >-
|
|
(system_cfg.features.firmware.enabled | bool)
|
|
or (system_cfg.features.gpu.enabled | bool)
|
|
or (system_cfg.features.peripherals.enabled | bool)
|
|
ansible.builtin.include_tasks: _hardware.yml
|
|
|
|
- name: Install desktop environment packages
|
|
when: system_cfg.features.desktop.enabled | bool
|
|
ansible.builtin.include_tasks: _desktop.yml
|
|
|
|
- name: Ensure chroot uses live environment DNS
|
|
ansible.builtin.file:
|
|
src: /run/NetworkManager/resolv.conf
|
|
dest: /mnt/etc/resolv.conf
|
|
state: link
|
|
force: true
|