167 lines
5.2 KiB
YAML
167 lines
5.2 KiB
YAML
---
|
|
- name: Create and configure VMs
|
|
hosts: all
|
|
strategy: free # noqa: run-once[play]
|
|
gather_facts: false
|
|
become: true
|
|
vars_prompt:
|
|
- name: user_name
|
|
prompt: |
|
|
What is your username?
|
|
private: false
|
|
|
|
- name: user_public_key
|
|
prompt: |
|
|
What is your ssh key?
|
|
private: false
|
|
|
|
- name: user_password
|
|
prompt: |
|
|
What is your password?
|
|
confirm: true
|
|
|
|
- name: root_password
|
|
prompt: |
|
|
What is your root password?
|
|
confirm: true
|
|
vars_files: vars.yml
|
|
pre_tasks:
|
|
- name: Validate variables
|
|
ansible.builtin.assert:
|
|
that:
|
|
- install_type in ["virtual", "physical"]
|
|
- hypervisor in ["libvirt", "proxmox", "vmware", "none"]
|
|
- filesystem in ["btrfs", "ext4", "xfs"]
|
|
- install_drive | length > 0
|
|
- install_type == "physical" or (vm_size | float) > 0
|
|
- install_type == "physical" or (vm_memory | float) > 0
|
|
- os in ["archlinux", "almalinux", "debian11", "debian12", "debian13", "fedora", "rhel8", "rhel9", "rhel10", "rocky", "ubuntu", "ubuntu-lts"]
|
|
- os not in ["rhel8", "rhel9", "rhel10"] or rhel_iso | length > 0
|
|
- >-
|
|
install_type == "physical"
|
|
or (
|
|
(filesystem == "btrfs" and (vm_size | int) >= 10)
|
|
or (filesystem != "btrfs" and (vm_size | int) >= 20)
|
|
)
|
|
- >-
|
|
install_type == "physical"
|
|
or (
|
|
(vm_size | float)
|
|
>= (
|
|
(vm_memory | float / 1024 >= 16.0)
|
|
| ternary(
|
|
(vm_memory | float / 2048),
|
|
[vm_memory | float / 1024, 4.0] | max
|
|
)
|
|
+ 16
|
|
)
|
|
)
|
|
fail_msg: Invalid input specified, please try again.
|
|
|
|
- name: Normalize optional flags
|
|
ansible.builtin.set_fact:
|
|
cis: "{{ cis | bool }}"
|
|
custom_iso: "{{ custom_iso | bool }}"
|
|
is_rhel: "{{ os | lower in ['almalinux', 'fedora', 'rhel8', 'rhel9', 'rhel10', 'rocky'] }}"
|
|
is_debian: "{{ os | lower in ['debian11', 'debian12', 'debian13', 'ubuntu', 'ubuntu-lts'] }}"
|
|
changed_when: false
|
|
|
|
- name: Set Python interpreter for RHEL-based installers
|
|
when:
|
|
- ansible_python_interpreter is not defined
|
|
- os | lower in ["almalinux", "rhel8", "rhel9", "rhel10", "rocky"]
|
|
ansible.builtin.set_fact:
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
changed_when: false
|
|
|
|
- name: Set SSH access
|
|
when:
|
|
- install_type == "virtual"
|
|
- hypervisor != "vmware"
|
|
ansible.builtin.set_fact:
|
|
ansible_user: "{{ user_name }}"
|
|
ansible_password: "{{ user_password }}"
|
|
ansible_become_password: "{{ user_password }}"
|
|
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
|
|
|
- name: Set connection for VMware
|
|
when: hypervisor == "vmware"
|
|
ansible.builtin.set_fact:
|
|
ansible_connection: vmware_tools
|
|
|
|
roles:
|
|
- role: virtualization
|
|
when: install_type == "virtual"
|
|
become: false
|
|
vars:
|
|
ansible_connection: local
|
|
|
|
- role: environment
|
|
vars:
|
|
ansible_connection: "{{ 'vmware_tools' if hypervisor == 'vmware' else 'ssh' }}"
|
|
|
|
- role: partitioning
|
|
vars:
|
|
partitioning_boot_partition_suffix: 1
|
|
partitioning_main_partition_suffix: 2
|
|
|
|
- role: bootstrap
|
|
|
|
- role: configuration
|
|
|
|
- role: cis
|
|
when: cis | bool
|
|
|
|
- role: cleanup
|
|
when: install_type in ["virtual", "physical"]
|
|
become: false
|
|
|
|
post_tasks:
|
|
- name: Set post-reboot connection flags
|
|
ansible.builtin.set_fact:
|
|
post_reboot_can_connect: >-
|
|
{{
|
|
(ansible_connection | default('ssh')) != 'ssh'
|
|
or ((vm_ip | string | length) > 0)
|
|
or (
|
|
install_type == 'physical'
|
|
and (ansible_host | default('') | string | length) > 0
|
|
)
|
|
}}
|
|
changed_when: false
|
|
|
|
- name: Set final SSH credentials for post-reboot tasks
|
|
when:
|
|
- post_reboot_can_connect | bool
|
|
ansible.builtin.set_fact:
|
|
ansible_user: "{{ user_name }}"
|
|
ansible_password: "{{ user_password }}"
|
|
ansible_become_password: "{{ user_password }}"
|
|
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
|
|
|
- name: Install post-reboot extra packages
|
|
when:
|
|
- post_reboot_can_connect | bool
|
|
- extra_packages | length > 0
|
|
block:
|
|
- name: Normalize extra package list
|
|
ansible.builtin.set_fact:
|
|
post_install_extra_packages: >-
|
|
{{
|
|
(
|
|
extra_packages
|
|
if (extra_packages is iterable and extra_packages is not string)
|
|
else (extra_packages | string).split(',')
|
|
)
|
|
| map('trim')
|
|
| reject('equalto', '')
|
|
| list
|
|
}}
|
|
changed_when: false
|
|
|
|
- name: Install extra packages
|
|
when: post_install_extra_packages | length > 0
|
|
ansible.builtin.package:
|
|
name: "{{ post_install_extra_packages }}"
|
|
state: present
|