feat: reworked most of the ansible playbooks and roles

ansible/roles/clean/tasks/debian.yml

@@ -1,81 +1,93 @@
 ---
+# Tasks for setting custom facts.
+- name: "Setting custom facts."
+  set_fact:
+    enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
 
-- name: Remove audit log files
-  ansible.builtin.file:
+# # Tasks for removing the cloud-init package.
+# - name: "Removing the cloud-init package."
+#   apt:
+#     name: cloud-init
+#     state: absent
+#   when: ansible_distribution == 'Ubuntu' and enable_cloudinit == 'false'
+
+# Tasks to clean the audit logs.
+- name: "Cleaning the audit logs."
+  file:
     path: "{{ item }}"
     state: absent
   loop:
-    - "/var/log/audit/audit.log"
-    - "/var/log/wtmp"
-    - "/var/log/lastlog"
+    - /var/log/audit/audit.log
+    - /var/log/auth.log
+    - /var/log/btmp
+    - /var/log/dpkg.log
+    - /var/log/faillog
+    - /var/log/kern.log
+    - /var/log/lastlog
+    - /var/log/syslog
+    - /var/log/wtmp
 
-- name: Check to see if the /var/log/audit directory exists
-  ansible.builtin.stat:
-    path: "/var/log/audit"
-  register: audit_directory
-
-- name: Ensure /var/log/audit directory exists
-  ansible.builtin.file:
-    path: /var/log/audit
-    state: directory
-    mode: "0750"
-    owner: root
-    group: adm
-  when: audit_directory.stat.exists
-
-- name: Ensure /var/log/audit/audit.log exists
-  ansible.builtin.file:
-    path: /var/log/audit/audit.log
-    state: touch
-    mode: "0640"
-    owner: root
-    group: adm
-  when: audit_directory.stat.exists
-
-- name: Ensure wtmp and lastlog exist with the correct permissions
-  ansible.builtin.copy:
-    dest: "{{ item }}"
-    content: ""
-    mode: "0664"
-    owner: root
-    group: utmp
-  loop:
-    - "/var/log/wtmp"
-    - "/var/log/lastlog"
-
-- name: Cleaning persistent udev rules
-  ansible.builtin.file:
+# Tasks to clean the persistent udev rules.
+- name: "Cleaning persistent udev rules."
+  file:
     path: /etc/udev/rules.d/70-persistent-net.rules
     state: absent
 
-- name: "Cleaning the /tmp directories"
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  loop:
-    - "/tmp/*"
-    - "/var/tmp/*"
+# Tasks to find the /tmp directories.
+- name: "Finding the /tmp directories."
+  find:
+    paths:
+      - /tmp
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
 
+# Tasks to clean the /tmp directories.
+- name: "Cleaning the /tmp directories."
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+# Tasks to find the SSH host keys.
+- name: "Finding the SSH host keys."
+  find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
+
+# Tasks to clean the SSH host keys.
 - name: "Cleaning the SSH host keys."
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
-
-- name: remove /etc/machine-id
   file:
-    path: /etc/machine-id
+    path: "{{ item.path }}"
     state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
 
-- name: remove /var/lib/dbus/machine-id
-  file:
-    path: /var/lib/dbus/machine-id
-    state: absent
+# Tasks to clean the machine-id.
+- name: "Cleaning the machine-id."
+  block:
+    - name: "Emptying the /etc/machine-id."
+      community.general.filesize:
+        path: /etc/machine-id
+        size: 0
+    - name: "Removing /var/lib/dbus/machine-id."
+      file:
+        path: /var/lib/dbus/machine-id
+        state: absent
+    - name: "Creating a symbolic link to /etc/machine-id."
+      file:
+        src: /etc/machine-id
+        dest: /var/lib/dbus/machine-id
+        state: link
 
-- name: generate new machine-id
-  command: systemd-machine-id-setup
-
-- name: Cleaning the shell history
-  shell: |
-    unset HISTFILE
-    history -cw
-    echo > ~/.bash_history
-    rm -fr /root/.bash_history
+# Tasks to clean the shell history.
+- name: "Cleaning the shell history."
+  block:
+  - name: "Cleaning the shell history."
+    file:
+      path: "{{ ansible_env.HOME }}/.bash_history"
+      state: absent

ansible/roles/clean/tasks/main.yml

@@ -12,8 +12,8 @@
   include_tasks: redhat.yml
   when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux', 'OracleLinux']"
 
-- name: Prepare the {{ ansible_facts['distribution'] }} guest operating system
-  include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml"
-  when: "ansible_facts['distribution'] == 'Suse'"
+- name: Cleaning tasks for the {{ ansible_facts['distribution'] }} guest operating system
+  include_tasks: suse.yml
+  when: "ansible_facts['distribution'] in ['openSUSE Leap', 'Suse']"
 
 ...

ansible/roles/clean/tasks/redhat.yml

@@ -1,59 +1,92 @@
 ---
-
-- name: "Cleaning all audit logs."
-  shell: |
-    if [ -f /var/log/audit/audit.log ]; then
-    cat /dev/null > /var/log/audit/audit.log
-    fi
-    if [ -f /var/log/wtmp ]; then
-    cat /dev/null > /var/log/wtmp
-    fi
-    if [ -f /var/log/lastlog ]; then
-    cat /dev/null > /var/log/lastlog
-    fi
-
-- name: "Cleaning persistent udev rules."
-  shell: |
-    if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
-    rm /etc/udev/rules.d/70-persistent-net.rules
-    fi
-
-- name: "Cleaning the /tmp directories"
-  shell: |
-    rm -rf /tmp/*
-    rm -rf /var/tmp/*
-    rm -rf /var/cache/dnf/*
-
+# Tasks to clean the Red Hat Subscription Manager logs.
 - name: "Cleaning the Red Hat Subscription Manager logs."
-  shell: |
-    rm -rf /var/log/rhsm/*
-  when: "ansible_facts['distribution'] == 'RedHat'"
+  ansible.builtin.file:
+    path: /var/log/rhsm
+    state: absent
+  when: ansible_distribution == 'RedHat'
 
+# Tasks to clean the audit logs.
+- name: "Cleaning the audit logs."
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /var/log/audit/audit.log
+    - /var/log/btmp
+    - /var/log/boot.log
+    - /var/log/cron
+    - /var/log/dnf.log
+    - /var/log/lastlog
+    - /var/log/maillog
+    - /var/log/messages
+    - /var/log/secure
+    - /var/log/wtmp
+    - /var/log/yum.log
+
+# Tasks to clean the persistent udev rules.
+- name: "Cleaning persistent udev rules."
+  ansible.builtin.file:
+    path: /etc/udev/rules.d/70-persistent-net.rules
+    state: absent
+
+# Tasks to find the /tmp directories.
+- name: "Finding the /tmp directories."
+  ansible.builtin.find:
+    paths:
+      - /tmp
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
+
+# Tasks to clean the /tmp directories.
+- name: "Cleaning the /tmp directories."
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+# Tasks to find the SSH host keys.
+- name: "Finding the SSH host keys."
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
+
+# Tasks to clean the SSH host keys.
 - name: "Cleaning the SSH host keys."
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+# Tasks to clean the machine-id.
+- name: "Emptying the /etc/machine-id."
+  community.general.filesize:
+    path: /etc/machine-id
+    size: 0
 
 - name: "Cleaning the machine-id."
-  when: 'ansible_facts[''distribution_major_version''] <= "8"'
-  shell: |
-    truncate -s 0 /etc/machine-id
-    rm /var/lib/dbus/machine-id
-    ln -s /etc/machine-id /var/lib/dbus/machine-id
-
-- name: "Cleaning the machine-id."
-  when: 'ansible_facts[''distribution_major_version''] >= "9"'
-  shell: |
-    truncate -s 0 /etc/machine-id
+  block:
+    - name: "Removing /var/lib/dbus/machine-id."
+      ansible.builtin.file:
+        path: /var/lib/dbus/machine-id
+        state: absent
+    - name: "Creating a symbolic link to /etc/machine-id."
+      ansible.builtin.file:
+        src: /etc/machine-id
+        dest: /var/lib/dbus/machine-id
+        state: link
+  when: ansible_distribution_major_version | int <= 8
 
+# Tasks to clean the shell history.
 - name: "Cleaning the shell history."
-  shell: |
-    unset HISTFILE
-    history -cw
-    echo > ~/.bash_history
-    rm -fr /root/.bash_history
-
-- name: "Running a sync."
-  shell: |
-    sync && sync
-
-...
+  block:
+  - name: "Cleaning the shell history."
+    ansible.builtin.file:
+      path: "{{ ansible_env.HOME }}/.bash_history"
+      state: absent

ansible/roles/clean/tasks/suse.yml

@@ -2,13 +2,14 @@
 
 # Tasks to clean the SUSE Customer Center file.
 - name: "Cleaning the SUSE Customer Center file."
-  file:
+  ansible.builtin.file:
     path: /etc/SUSEConnect
     state: absent
+  when: "ansible_facts['distribution'] != 'openSUSE Leap'"
 
 # Tasks to clean the audit logs.
 - name: "Cleaning the audit logs."
-  file:
+  ansible.builtin.file:
     path: "{{ item }}"
     state: absent
   loop:
@@ -24,13 +25,13 @@
 
 # Tasks to clean the persistent udev rules.
 - name: "Cleaning persistent udev rules."
-  file:
+  ansible.builtin.file:
     path: /etc/udev/rules.d/70-persistent-net.rules
     state: absent
 
 # Tasks to find the /tmp directories.
 - name: "Finding the /tmp directories."
-  find:
+  ansible.builtin.find:
     paths:
       - /tmp
       - /var/tmp
@@ -40,7 +41,7 @@
 
 # Tasks to clean the /tmp directories.
 - name: "Cleaning the /tmp directories."
-  file:
+  ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
   loop: "{{ find_tmp_directories.files }}"
@@ -49,14 +50,14 @@
 
 # Tasks to find the SSH host keys.
 - name: "Finding the SSH host keys."
-  find:
+  ansible.builtin.find:
     paths: /etc/ssh
     patterns: 'ssh_host_*'
   register: find_ssh_host_keys
 
 # Tasks to clean the SSH host keys.
 - name: "Cleaning the SSH host keys."
-  file:
+  ansible.builtin.file:
     path: "{{ item.path }}"
     state: absent
   loop: "{{ find_ssh_host_keys.files }}"
@@ -73,7 +74,7 @@
 - name: "Cleaning the shell history."
   block:
   - name: "Cleaning the shell history."
-    file:
+    ansible.builtin.file:
       path: "{{ ansible_env.HOME }}/.bash_history"
       state: absent
 

ansible/roles/clean/tasks/ubuntu.yml

@@ -1,93 +1,93 @@
 ---
+# Tasks for setting custom facts.
+- name: "Setting custom facts."
+  ansible.builtin.set_fact:
+    enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
 
-- name: Remove audit log files
+# Tasks for removing the cloud-init package.
+- name: "Removing the cloud-init package."
+  ansible.builtin.apt:
+    name: cloud-init
+    state: absent
+  when: enable_cloudinit == 'false'
+
+# Tasks to clean the audit logs.
+- name: "Cleaning the audit logs."
   ansible.builtin.file:
     path: "{{ item }}"
     state: absent
   loop:
-    - "/var/log/audit/audit.log"
-    - "/var/log/wtmp"
-    - "/var/log/lastlog"
+    - /var/log/audit/audit.log
+    - /var/log/auth.log
+    - /var/log/btmp
+    - /var/log/dpkg.log
+    - /var/log/faillog
+    - /var/log/kern.log
+    - /var/log/lastlog
+    - /var/log/syslog
+    - /var/log/wtmp
 
-- name: Check to see if the /var/log/audit directory exists
-  ansible.builtin.stat:
-    path: "/var/log/audit"
-  register: audit_directory
-
-- name: Ensure /var/log/audit directory exists
-  ansible.builtin.file:
-    path: /var/log/audit
-    state: directory
-    mode: "0750"
-    owner: root
-    group: adm
-  when: audit_directory.stat.exists
-
-- name: Ensure /var/log/audit/audit.log exists
-  ansible.builtin.file:
-    path: /var/log/audit/audit.log
-    state: touch
-    mode: "0640"
-    owner: root
-    group: adm
-  when: audit_directory.stat.exists
-
-- name: Ensure wtmp and lastlog exist with the correct permissions
-  ansible.builtin.copy:
-    dest: "{{ item }}"
-    content: ""
-    mode: "0664"
-    owner: root
-    group: utmp
-  loop:
-    - "/var/log/wtmp"
-    - "/var/log/lastlog"
-
-- name: Cleaning persistent udev rules
+# Tasks to clean the persistent udev rules.
+- name: "Cleaning persistent udev rules."
   ansible.builtin.file:
     path: /etc/udev/rules.d/70-persistent-net.rules
     state: absent
 
-- name: "Cleaning the /tmp directories"
+# Tasks to find the /tmp directories.
+- name: "Finding the /tmp directories."
+  ansible.builtin.find:
+    paths:
+      - /tmp
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
+
+# Tasks to clean the /tmp directories.
+- name: "Cleaning the /tmp directories."
   ansible.builtin.file:
-    path: "{{ item }}"
+    path: "{{ item.path }}"
     state: absent
-  loop:
-    - "/tmp/*"
-    - "/var/tmp/*"
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
 
-- name: Cleaning the SSH host keys
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
+# Tasks to find the SSH host keys.
+- name: "Finding the SSH host keys."
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
 
-- name: remove /etc/machine-id
-  file:
-    path: /etc/machine-id
+# Tasks to clean the SSH host keys.
+- name: "Cleaning the SSH host keys."
+  ansible.builtin.file:
+    path: "{{ item.path }}"
     state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
 
-- name: remove /var/lib/dbus/machine-id
-  file:
-    path: /var/lib/dbus/machine-id
-    state: absent
+# Tasks to clean the machine-id.
+- name: "Cleaning the machine-id."
+  block:
+    - name: "Emptying the /etc/machine-id."
+      community.general.filesize:
+        path: /etc/machine-id
+        size: 0
+    - name: "Removing /var/lib/dbus/machine-id."
+      ansible.builtin.file:
+        path: /var/lib/dbus/machine-id
+        state: absent
+    - name: "Creating a symbolic link to /etc/machine-id."
+      ansible.builtin.file:
+        src: /etc/machine-id
+        dest: /var/lib/dbus/machine-id
+        state: link
 
-- name: generate new machine-id
-  command: systemd-machine-id-setup
-
-- name: Clean apt
-  ansible.builtin.apt:
-    autoclean: yes
-    autoremove: yes
-    clean: yes
-
-- name: Cleaning the shell history
-  shell: |
-    unset HISTFILE
-    history -cw
-    echo > ~/.bash_history
-    rm -fr /root/.bash_history
-
-- name: Clean cloud-init
-  ansible.builtin.command: cloud-init clean
-  when: cloud_init | bool
-
-...
+# Tasks to clean the shell history.
+- name: "Cleaning the shell history."
+  block:
+  - name: "Cleaning the shell history."
+    ansible.builtin.file:
+      path: "{{ ansible_env.HOME }}/.bash_history"
+      state: absent