easylinux/proxmox-packer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: reworked most of the ansible playbooks and roles

Browse Source
This commit is contained in:
AJ Schroeder
2024-06-29 10:26:52 -05:00
parent 0eadf8fba9
commit b885f907db
22 changed files with 524 additions and 365 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
ansible/roles/configure/tasks/debian.yml
View File

@@ -1,37 +1,54 @@
---
- name: "Configure SSH for Public Key Authentication."
shell: |
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# Tasks for setting custom facts.
- name: "Setting custom facts."
set_fact:
enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
- name: Creating SSH key regeneration service file
ansible.builtin.copy:
dest: /etc/systemd/system/regenerate_ssh_host_keys.service
# Tasks for configuring SSH for public key authentication.
- name: "Configuring SSH for Public Key Authentication."
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PubkeyAuthentication'
line: 'PubkeyAuthentication yes'
# Tasks for setting the hostname.
- name: "Setting the hostname."
hostname:
name: "localhost"
# Tasks for restarting the SSH daemon.
- name: "Restarting the SSH daemon."
systemd:
name: ssh
state: restarted
daemon_reload: true
# Tasks for disabling systemd-tmpfiles.
- name: "Disabling systemd-tmpfiles."
replace:
path: /usr/lib/tmpfiles.d/tmp.conf
regexp: '^D'
replace: '#D'
# Tasks for configuring cloud-init.
- name: "Configuring cloud-init."
block:
- name: "Message: Configuring cloud-init"
ansible.builtin.debug:
msg: "Configuring cloud-init"
- ansible.builtin.copy:
content: 'datasource_list: [ ConfigDrive, NoCloud ]'
dest: /etc/cloud/cloud.cfg.d/90_dpkg.cfg
when: enable_cloudinit == 'true'
# Tasks for setting SSH keys to regenerate.
- name: "Setting SSH keys to regenerate."
copy:
dest: /etc/rc.local
content: |
[Unit]
Description=Regenerate SSH host keys
Before=ssh.service
ConditionFileIsExecutable=/usr/bin/ssh-keygen
[Service]
Type=oneshot
ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
ExecStart=/usr/bin/ssh-keygen -A -v
ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
[Install]
WantedBy=multi-user.target
when: not cloud_init | bool
- name: Reload systemd to re-read configurations
ansible.builtin.systemd:
daemon-reload: true
when: not cloud_init | bool
- name: Enable regenerate_ssh_host_keys service
ansible.builtin.systemd:
name: regenerate_ssh_host_keys
enabled: true
when: not cloud_init | bool
...
#!/bin/bash
if test -z "$(find /etc/ssh/ -iname 'ssh_host_*_key*')"; then
dpkg-reconfigure openssh-server
fi
exit 0
mode: 0755

6
ansible/roles/configure/tasks/main.yml
View File

@@ -12,8 +12,8 @@
include_tasks: redhat.yml
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux', 'OracleLinux']"
- name: Prepare the {{ ansible_facts['distribution'] }} guest operating system
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml"
when: "ansible_facts['distribution'] == 'Suse'"
- name: Configuration tasks for the {{ ansible_facts['distribution'] }} guest operating system
include_tasks: suse.yml
when: "ansible_facts['distribution'] in ['openSUSE Leap', 'Suse']"
...

39
ansible/roles/configure/tasks/redhat.yml
View File

@@ -1,5 +1,36 @@
---
- name: "Configure SSH for Public Key Authentication."
shell: |
sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# Tasks for unregistering from Red Hat Subscription Manager.
- name: "Unregistering from Red Hat Subscription Manager."
community.general.redhat_subscription:
state: absent
when: ansible_distribution == 'RedHat'
# Tasks for configuring SSH for public key authentication.
- name: "Configuring SSH for Public Key Authentication."
block:
- ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
- ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PubkeyAuthentication'
line: 'PubkeyAuthentication yes'
# Tasks for setting the hostname.
- name: "Setting the hostname."
ansible.builtin.hostname:
name: "localhost"
# Tasks for disabling SELinux.
- name: "Disabling SELinux."
ansible.builtin.selinux:
state: disabled
policy: targeted
# Tasks for restarting the SSH daemon.
- name: "Restarting the SSH daemon."
ansible.builtin.systemd:
name: sshd
state: restarted
daemon_reload: true

27
ansible/roles/configure/tasks/suse.yml
View File

@@ -1,35 +1,52 @@
---
# Tasks for setting custom facts.
- name: "Setting custom facts."
set_fact:
enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
# Tasks for unregistering from SUSE Customer Center.
- name: "Unregistering from SUSE Customer Center."
command:
ansible.builtin.command:
cmd: "{{ item }}"
loop:
- SUSEConnect -d
- SUSEConnect --cleanup
when: "ansible_facts['distribution'] != 'openSUSE Leap'"
# Tasks for configuring SSH for public key authentication.
- name: "Configuring SSH for Public Key Authentication."
block:
- lineinfile:
- ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
- lineinfile:
- ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PubkeyAuthentication'
line: 'PubkeyAuthentication yes'
# Tasks for setting the hostname.
- name: "Setting the hostname."
hostname:
ansible.builtin.hostname:
name: "localhost"
# Tasks for restarting the SSH daemon.
- name: "Restarting the SSH daemon."
systemd:
ansible.builtin.systemd:
name: sshd
state: restarted
daemon_reload: true
# Tasks for configuring cloud-init.
- name: "Configuring cloud-init."
block:
- name: "Message: Configuring cloud-init"
ansible.builtin.debug:
msg: "Configuring cloud-init"
- ansible.builtin.copy:
content: 'datasource_list: [ ConfigDrive, NoCloud ]'
dest: /etc/cloud/cloud.cfg.d/90_dpkg.cfg
when: enable_cloudinit == 'true'
...

128
ansible/roles/configure/tasks/ubuntu.yml
View File

@@ -1,88 +1,62 @@
---
- name: "Configure SSH for Public Key Authentication"
shell: |
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# Tasks for setting custom facts.
- name: "Setting custom facts."
ansible.builtin.set_fact:
enable_cloudinit: "{{ enable_cloudinit | default('false') }}"
- name: Restarting the SSH daemon
ansible.builtin.service:
# Tasks for configuring SSH for public key authentication.
- name: "Configuring SSH for Public Key Authentication."
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PubkeyAuthentication'
line: 'PubkeyAuthentication yes'
# Tasks for setting the hostname.
- name: "Setting the hostname."
ansible.builtin.hostname:
name: "localhost"
# Tasks for restarting the SSH daemon.
- name: "Restarting the SSH daemon."
ansible.builtin.systemd:
name: ssh
state: restarted
daemon_reload: true
- name: Remove cloud-init files
ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
- /etc/cloud/cloud.cfg.d/50-curtin-networking.cfg
- /etc/cloud/cloud.cfg.d/curtin-preserve-sources.cfg
- /etc/cloud/cloud.cfg.d/99-installer.cfg
- /etc/netplan/00-installer-config.yaml
when:
- cloud_init | bool
- ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04" or ansible_distribution_version == "24.04"
# Tasks for disabling systemd-tmpfiles.
- name: "Disabling systemd-tmpfiles."
ansible.builtin.replace:
path: /usr/lib/tmpfiles.d/tmp.conf
regexp: '^D'
replace: '#D'
- name: Disable cloud-init if configured to
# Tasks for configuring cloud-init.
- name: "Configuring cloud-init."
block:
- name: Check if /etc/cloud/ exists
ansible.builtin.stat:
path: '/etc/cloud/'
register: etc_cloud_folder
- name: "Message: Configuring cloud-init"
ansible.builtin.debug:
msg: "Configuring cloud-init"
- ansible.builtin.file:
path: "{{ item }}"
state: absent
loop:
- /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
- /etc/cloud/cloud.cfg.d/99-installer.cfg
- /etc/netplan/00-installer-config.yaml
- ansible.builtin.copy:
content: 'datasource_list: [ VMware, OVF, None ]'
dest: /etc/cloud/cloud.cfg.d/90_dpkg.cfg
when: enable_cloudinit == 'true'
- name: 'Generate /etc/cloud/cloud-init.disabled'
ansible.builtin.copy:
dest: '/etc/cloud/cloud-init.disabled'
content: 'disabled by ansible\n'
owner: 'root'
group: 'root'
mode: '0644'
when:
- 'etc_cloud_folder.stat.exists'
when:
- not cloud_init | bool
- ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04" or ansible_distribution_version == "24.04"
- name: Copy cloud-init PVE default file
# Tasks for setting SSH keys to regenerate.
- name: "Setting SSH keys to regenerate."
ansible.builtin.copy:
dest: /etc/cloud/cloud.cfg.d/90_dpkg.cfg
dest: /etc/rc.local
content: |
datasource_list: [ ConfigDrive, NoCloud ]
when: cloud_init | bool
- name: "Modifying GRUB."
shell: |
sed -i -e "s/GRUB_CMDLINE_LINUX_DEFAULT=\"\(.*\)\"/GRUB_CMDLINE_LINUX_DEFAULT=\"\"/" /etc/default/grub
update-grub
when: ansible_distribution_version == "20.04" or ansible_distribution_version == "22.04" or ansible_distribution_version == "24.04"
- name: Creating SSH key regeneration service file
ansible.builtin.copy:
dest: /etc/systemd/system/regenerate_ssh_host_keys.service
content: |
[Unit]
Description=Regenerate SSH host keys
Before=ssh.service
ConditionFileIsExecutable=/usr/bin/ssh-keygen
[Service]
Type=oneshot
ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
ExecStart=/usr/bin/ssh-keygen -A -v
ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
[Install]
WantedBy=multi-user.target
when: not cloud_init | bool
- name: Reload systemd to re-read configurations
ansible.builtin.systemd:
daemon-reload: true
when: not cloud_init | bool
- name: Enable regenerate_ssh_host_keys service
ansible.builtin.systemd:
name: regenerate_ssh_host_keys
enabled: true
when: not cloud_init | bool
#!/bin/bash
if test -z "$(find /etc/ssh/ -iname 'ssh_host_*_key*')"; then
dpkg-reconfigure openssh-server
fi
exit 0
mode: 0755