164 lines
5.3 KiB
YAML
164 lines
5.3 KiB
YAML
---
|
|
- name: Create and configure VMs
|
|
hosts: all
|
|
strategy: free # noqa: run-once[play]
|
|
gather_facts: false
|
|
become: true
|
|
vars_prompt:
|
|
- name: user_name
|
|
prompt: |
|
|
What is your username?
|
|
private: false
|
|
|
|
- name: user_public_key
|
|
prompt: |
|
|
What is your ssh key?
|
|
private: false
|
|
|
|
- name: user_password
|
|
prompt: |
|
|
What is your password?
|
|
confirm: true
|
|
|
|
- name: root_password
|
|
prompt: |
|
|
What is your root password?
|
|
confirm: true
|
|
pre_tasks:
|
|
- name: Apply prompted authentication values to system input
|
|
vars:
|
|
system_input: "{{ system | default({}) }}"
|
|
system_users_input: "{{ system_input.users | default([]) }}"
|
|
system_first_user: >-
|
|
{{
|
|
system_users_input[0]
|
|
if (system_users_input is iterable and system_users_input is not string
|
|
and system_users_input is not mapping and system_users_input | length > 0)
|
|
else {}
|
|
}}
|
|
system_root_input: "{{ (system_input.root | default({})) if (system_input.root is mapping) else {} }}"
|
|
prompt_user_name: "{{ user_name | default(system_user_name | default(''), true) | string }}"
|
|
prompt_user_key: "{{ user_public_key | default(user_key | default(system_user_key | default(''), true), true) | string | trim }}"
|
|
prompt_user_password: "{{ user_password | default(system_user_password | default(''), true) | string }}"
|
|
prompt_root_password: "{{ root_password | default(system_root_password | default(''), true) | string }}"
|
|
resolved_user:
|
|
name: >-
|
|
{{
|
|
system_first_user.name | string
|
|
if (system_first_user.name | default('') | string | length) > 0
|
|
else prompt_user_name
|
|
}}
|
|
keys: >-
|
|
{{
|
|
system_first_user['keys']
|
|
if (system_first_user['keys'] is defined
|
|
and system_first_user['keys'] is iterable
|
|
and system_first_user['keys'] is not string
|
|
and system_first_user['keys'] | length > 0)
|
|
else (
|
|
[prompt_user_key]
|
|
if (prompt_user_key | length > 0)
|
|
else []
|
|
)
|
|
}}
|
|
password: >-
|
|
{{
|
|
system_first_user.password | string
|
|
if (system_first_user.password | default('') | string | length) > 0
|
|
else prompt_user_password
|
|
}}
|
|
ansible.builtin.set_fact:
|
|
system: >-
|
|
{{
|
|
system_input
|
|
| combine(
|
|
{
|
|
'users': (
|
|
[resolved_user]
|
|
+ (system_users_input[1:]
|
|
if (system_users_input is sequence
|
|
and system_users_input is not string
|
|
and system_users_input | length > 1)
|
|
else [])
|
|
),
|
|
'root': {
|
|
'password': (
|
|
(system_root_input.password | default('') | string | length) > 0
|
|
) | ternary(system_root_input.password | string, prompt_root_password)
|
|
}
|
|
},
|
|
recursive=True
|
|
)
|
|
}}
|
|
|
|
- name: Load global defaults
|
|
ansible.builtin.import_role:
|
|
name: global_defaults
|
|
|
|
- name: Perform safety checks
|
|
ansible.builtin.import_role:
|
|
name: system_check
|
|
|
|
roles:
|
|
- role: virtualization
|
|
when: system_cfg.type == "virtual"
|
|
become: false
|
|
vars:
|
|
ansible_connection: local
|
|
|
|
- role: environment
|
|
vars:
|
|
ansible_connection: "{{ 'vmware_tools' if hypervisor_type == 'vmware' else 'ssh' }}"
|
|
|
|
- role: partitioning
|
|
vars:
|
|
partitioning_boot_partition_suffix: 1
|
|
partitioning_main_partition_suffix: 2
|
|
|
|
- role: bootstrap
|
|
|
|
- role: configuration
|
|
|
|
- role: cis
|
|
when: system_cfg.features.cis.enabled | bool
|
|
|
|
- role: cleanup
|
|
when: system_cfg.type in ["virtual", "physical"]
|
|
become: false
|
|
|
|
post_tasks:
|
|
- name: Set post-reboot connection flags
|
|
ansible.builtin.set_fact:
|
|
post_reboot_can_connect: >-
|
|
{{
|
|
(ansible_connection | default('ssh')) != 'ssh'
|
|
or ((system_cfg.network.ip | default('') | string | length) > 0)
|
|
or (
|
|
system_cfg.type == 'physical'
|
|
and (ansible_host | default('') | string | length) > 0
|
|
)
|
|
}}
|
|
|
|
- name: Reset SSH connection before post-reboot tasks
|
|
when:
|
|
- post_reboot_can_connect | bool
|
|
ansible.builtin.meta: reset_connection
|
|
|
|
- name: Set final SSH credentials for post-reboot tasks
|
|
when:
|
|
- post_reboot_can_connect | bool
|
|
ansible.builtin.set_fact:
|
|
ansible_user: "{{ system_cfg.users[0].name }}"
|
|
ansible_password: "{{ system_cfg.users[0].password }}"
|
|
ansible_become_password: "{{ system_cfg.users[0].password }}"
|
|
ansible_ssh_extra_args: "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
|
|
|
|
- name: Install post-reboot packages
|
|
when:
|
|
- post_reboot_can_connect | bool
|
|
- system_cfg.packages is defined
|
|
- system_cfg.packages | length > 0
|
|
ansible.builtin.package:
|
|
name: "{{ system_cfg.packages }}"
|
|
state: present
|