ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update role dependencies

Browse Source
This commit is contained in:
Patrick Toal
2024-02-08 15:55:01 -05:00
parent e09a7f7d45
commit bb21e8d5c6
507 changed files with 1270 additions and 28219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
roles/oatakan.rhel_template_build/README.md
View File

@@ -1,2 +1,39 @@
# oatakan.rhel_template_build
Ansible role to configure RHEL/CentOS via Packer Ansible provisioner
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of roles that this role utilizes, you can add them into your projects roles/requirements.txt:
- oatakan.linux_parallels_tools # only required if running on a parallels VM on a desktop
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- oatakan.rhel_template_build
License
-------
MIT
Author Information
------------------
Orcun Atakan

11
roles/oatakan.rhel_template_build/defaults/main.yml
View File

@@ -1,10 +1,9 @@
---
target_vagrant: no
target_ovirt: no
target_vagrant: false
target_ovirt: false
local_account_username: ansible
local_account_password: Chang3MyP@ssw0rd21
ovirt_guest_agent_service_name: ovirt-guest-agent
qemu_guest_agent_service_name: qemu-guest-agent
@@ -15,5 +14,9 @@ ovirt_guest_agent_package_name:
qemu_guest_agent_package_name: qemu-guest-agent
parallels_tools_role: oatakan.linux_parallels_tools
the_root_vgname: vg00
the_root_lvname: root
the_root_lvname: root
permit_root_login_with_password: true

2
roles/oatakan.rhel_template_build/meta/.galaxy_install_info
View File

@@ -1,2 +1,2 @@
install_date: Fri Oct 15 18:59:20 2021
install_date: Thu 08 Feb 2024 08:54:04 PM
version: master

22
roles/oatakan.rhel_template_build/meta/main.yml
View File

@@ -1,20 +1,22 @@
---
dependencies: []
galaxy_info:
author: oatakan
description: RedHat/CentOS template build.
author: Orcun Atakan
description: Ansible role to configure RHEL/CentOS, it can be used as part of an os build process.
role_name: rhel_template_build
company: "Red Hat"
license: "license (BSD, MIT)"
min_ansible_version: 2.4
namespace: oatakan
company: Red Hat
license: MIT
min_ansible_version: '2.9'
platforms:
- name: EL
versions:
- 6
- 7
- 8
- all
galaxy_tags:
- rhel
- cloud
- system
- packaging

45
roles/oatakan.rhel_template_build/tasks/cloud-init.yml
View File

@@ -1,21 +1,56 @@
---
- name: ensure cloud-init packages are installed
package:
ansible.builtin.package:
name:
- cloud-init
- cloud-utils-growpart
- gdisk
- block:
- name: enable cloud-init related services
ansible.builtin.service:
name: '{{ item }}'
enabled: true
loop:
- cloud-init
- cloud-init-local
- cloud-config
- cloud-final
when: ansible_distribution_major_version|int >= 9
- name: cloud-init config
block:
- name: check for cloud.cfg file
ansible.builtin.stat:
path: /etc/cloud/cloud.cfg
register: check_cloud_cfg
- name: ensure root login
block:
- name: ensure root login is enabled in cloud-init config
ansible.builtin.replace:
path: /etc/cloud/cloud.cfg
regexp: '^(disable_root\: ).*$'
replace: '\1false'
- name: ensure password login is enabled in cloud-init config
ansible.builtin.replace:
path: /etc/cloud/cloud.cfg
regexp: '^(ssh_pwauth\: ).*$'
replace: '\1true'
when: check_cloud_cfg.stat.exists
when: permit_root_login_with_password|bool
- name: ensure script created
block:
- name: ensure cloud-init scripts directory exists
file:
ansible.builtin.file:
path: /var/lib/cloud/scripts/per-instance
state: directory
mode: '0755'
- name: create growpart cloud-init script to grow partition on boot
template:
ansible.builtin.template:
src: grow_part.sh.j2
dest: /var/lib/cloud/scripts/per-instance/grow_part.sh
mode: u=rwx,g=rx,o=rx
@@ -28,4 +63,4 @@
# - ansible_lvm.pvs is defined
# - ansible_cmdline is defined
# - ansible_cmdline.root is defined
# - ansible_lvm.lvs[the_root_lvname].vg in ansible_cmdline.root
# - ansible_lvm.lvs[the_root_lvname].vg in ansible_cmdline.root

15
roles/oatakan.rhel_template_build/tasks/grow_part.yml
View File

@@ -1,25 +1,26 @@
---
- name: ensure growpart packages are installed
package:
ansible.builtin.package:
name:
- cloud-utils-growpart
- gdisk
- name: create growpart cloud-init script to grow partition on boot
template:
ansible.builtin.template:
src: grow_part.sh.j2
dest: /usr/local/bin/grow_part.sh
mode: u=rwx,g=rx,o=rx
- name: copy growpart service
copy:
ansible.builtin.copy:
src: growpart.service
dest: /etc/systemd/system/growpart.service
mode: '0755'
- name: reload service
systemd:
ansible.builtin.systemd:
name: growpart
daemon_reload: yes
enabled: yes
state: stopped
daemon_reload: true
enabled: true
state: stopped

157
roles/oatakan.rhel_template_build/tasks/main.yml
View File

@@ -1,12 +1,12 @@
---
- name: Get the current kernel release.
command: uname -r
ansible.builtin.command: uname -r
changed_when: false
register: kernel_release
- name: Ensure necessary packages are installed.
yum:
ansible.builtin.yum:
name:
- wget
- perl
@@ -20,23 +20,38 @@
- cifs-utils
state: present
- name: install dbus-tools on RHEL 8+
ansible.builtin.yum:
name:
- dbus-tools
state: present
when: ansible_distribution_major_version|int >= 8
- name: Ensure libselinux-python package is installed.
yum:
ansible.builtin.yum:
name:
- libselinux-python
state: present
when: ansible_distribution_major_version|int < 8
- name: Ensure python3-libselinux package is installed.
yum:
name:
- python3-libselinux
state: present
- name: set python
block:
- name: Ensure python3 packages are installed.
ansible.builtin.yum:
name:
- python3
- python3-libselinux
state: present
- name: set python
community.general.alternatives:
name: python
path: /usr/bin/python3
when: ansible_distribution_major_version|int == 8
# Fix slow DNS.
- name: Fix slow DNS (adapted from Bento).
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/sysconfig/network
regexp: '^RES_OPTIONS'
line: 'RES_OPTIONS="single-request-reopen"'
@@ -44,31 +59,32 @@
# see https://fedoraproject.org/wiki/Changes/NetworkManager_keyfile_instead_of_ifcfg_rh
- name: ensure older style network config files for greater compatibility
copy:
ansible.builtin.copy:
dest: /etc/NetworkManager/conf.d/99-main-plugins.conf
mode: '0644'
content: |
[main]
plugins=ifcfg-rh
when: ansible_distribution_major_version|int == 8
- name: Restart network service (explicitly).
service:
ansible.builtin.service:
name: network
state: restarted
when: ansible_distribution_major_version|int < 8
- name: Restart NetworkManager service (explicitly).
service:
ansible.builtin.service:
name: NetworkManager
state: restarted
when: ansible_distribution_major_version|int == 8
- name: Ensure we can still connect
wait_for_connection:
ansible.builtin.wait_for_connection:
# SSH daemon configuration.
- name: Configure SSH daemon.
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
@@ -79,60 +95,70 @@
# Local user SSH configuration.
- name: Configure local user .ssh directory.
file:
ansible.builtin.file:
path: /home/{{ local_account_username }}/.ssh
state: directory
owner: "{{ local_account_username }}"
group: "{{ local_account_username }}"
mode: 0700
mode: '0700'
- name: Get Vagrant's public key.
get_url:
url: https://github.com/mitchellh/vagrant/raw/master/keys/vagrant.pub
ansible.builtin.get_url:
url: https://github.com/hashicorp/vagrant/raw/master/keys/vagrant.pub
dest: /home/{{ local_account_username }}/.ssh/authorized_keys
owner: "{{ local_account_username }}"
group: "{{ local_account_username }}"
mode: 0600
ignore_errors: yes
mode: '0600'
ignore_errors: true
when: target_vagrant | bool
- name: autolabel on boot
command: fixfiles onboot
changed_when: False
ansible.builtin.command: fixfiles onboot
changed_when: false
- include_tasks: cloud-init.yml
- name: cloud init
ansible.builtin.include_tasks: cloud-init.yml
when: target_ovirt | bool
- include_tasks: grow_part.yml
- name: grow partition
ansible.builtin.include_tasks: grow_part.yml
when: not (target_ovirt | bool)
- include_tasks: ovirt.yml
- name: ovirt agent
ansible.builtin.include_tasks: ovirt.yml
when: target_ovirt | bool
# VirtualBox tools installation.
- name: Check if VirtualBox is running the guest VM.
stat:
ansible.builtin.stat:
path: /home/{{ local_account_username }}/.vbox_version
register: virtualbox_check
- include_tasks: virtualbox.yml
- name: virtualbox guest additions
ansible.builtin.include_tasks: virtualbox.yml
when: virtualbox_check.stat.exists
# VMware tools installation.
- name: Check if VMWare is running the guest VM.
shell: |
ansible.builtin.shell: |
set -o pipefail
cat /proc/scsi/scsi | grep VMware
changed_when: false
failed_when: false
register: vmware_check
- include_tasks: vmware.yml
- name: vmware tools
ansible.builtin.include_tasks: vmware.yml
when: vmware_check.rc == 0
- name: parallels tools
ansible.builtin.include_role:
name: "{{ parallels_tools_role }}"
when: ('Parallels' in (ansible_product_name | default('', true))) or (ansible_product_name == None and 'Parallels' in ansible_interfaces[0].interface_name)
# Cleanup tasks.
- name: Remove unneeded packages.
yum:
ansible.builtin.yum:
name:
- cpp
- kernel-devel
@@ -141,57 +167,64 @@
state: absent
- name: Clean up yum.
command: yum clean all
args:
warn: no
ansible.builtin.command: yum clean all
changed_when: false
no_log: true
- name: Flag the system for re-configuration
file:
ansible.builtin.file:
path: /.unconfigured
state: touch
mode: '0644'
- name: Reset hostname to localhost.localadmin
copy:
ansible.builtin.copy:
content: 'localhost.localdomain'
dest: /etc/hostname
mode: '0644'
- name: Remove RedHat interface persistence (step 1).
file:
ansible.builtin.file:
path: /etc/udev/rules.d/70-persistent-net.rules
state: absent
- name: Ensure NetworkManager config file is removed
ansible.builtin.file:
path: /etc/NetworkManager/system-connections/{{ ansible_default_ipv4.interface | default('eth0') }}.nmconnection
state: absent
- name: Check for network config file
stat:
ansible.builtin.stat:
path: /etc/sysconfig/network-scripts/ifcfg-{{ ansible_default_ipv4.interface | default('eth0') }}
register: network_config_file
- name: Remove RedHat interface persistence (step 2).
lineinfile:
dest: "{{ network_config_file.stat.path }}"
regexp: "{{ item }}"
state: absent
loop:
- '^HWADDR'
- '^UUID'
- '^IPADDR'
- '^NETMASK'
- '^GATEWAY'
when: network_config_file.stat.exists
- name: Remove interface
block:
- name: Remove RedHat interface persistence (step 2).
ansible.builtin.lineinfile:
dest: "{{ network_config_file.stat.path }}"
regexp: "{{ item }}"
state: absent
loop:
- '^HWADDR'
- '^UUID'
- '^IPADDR'
- '^NETMASK'
- '^GATEWAY'
- name: Set interface to DHCP
lineinfile:
dest: "{{ network_config_file.stat.path }}"
regexp: '^BOOTPROTO='
line: BOOTPROTO=dhcp
- name: Set interface to DHCP
ansible.builtin.lineinfile:
dest: "{{ network_config_file.stat.path }}"
regexp: '^BOOTPROTO='
line: BOOTPROTO=dhcp
when: network_config_file.stat.exists
- name: Force logs to rotate (step 1)
shell: /usr/sbin/logrotate -f /etc/logrotate.conf
ansible.builtin.command: /usr/sbin/logrotate -f /etc/logrotate.conf
changed_when: false
- name: Find any log files to delete
find:
ansible.builtin.find:
paths: /var/log
patterns:
- "*-????????"
@@ -199,21 +232,21 @@
register: find_log_files
- name: Force logs to rotate (step 2)
file:
ansible.builtin.file:
path: "{{ item.path }}"
state: absent
loop: "{{ find_log_files.files }}"
failed_when: false
- name: Clear audit log and wtmp (step 1)
shell: cat /dev/null > /var/log/audit/audit.log
ansible.builtin.shell: cat /dev/null > /var/log/audit/audit.log
changed_when: false
- name: Clear audit log and wtmp (step 2)
shell: cat /dev/null > /var/log/wtmp
ansible.builtin.shell: cat /dev/null > /var/log/wtmp
changed_when: false
- name: Remove ssh-host files
command: rm -fr /etc/ssh/ssh_host_*
ansible.builtin.command: rm -fr /etc/ssh/ssh_host_*
changed_when: false
args:
warn: false
no_log: true

63
roles/oatakan.rhel_template_build/tasks/ovirt.yml
View File

@@ -1,48 +1,47 @@
---
- name: import epel gpg key
rpm_key:
state: present
key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
when: ansible_distribution == 'CentOS'
- name: epel
block:
- name: import epel gpg key
ansible.builtin.rpm_key:
state: present
key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}
- name: ensure epel is installed
yum:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
state: present
register: install_epel
until: '"error" not in install_epel'
retries: 5
delay: 10
- name: ensure epel is installed
ansible.builtin.yum:
name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
state: present
register: install_epel
until: '"error" not in install_epel'
retries: 5
delay: 10
when: ansible_distribution == 'CentOS'
# rhevm-guest-agent-common package is not yet available for RHEL 8
- name: ensure ovirt guest agent package is installed
package:
ansible.builtin.package:
name: "{{ ovirt_guest_agent_package_name[ansible_distribution] }}"
register: ovirt_package_installation
when: ansible_distribution_major_version|int < 8
# try installing qemu package on RHEL/CentOS 8 for now
- name: ensure qemu guest agent package is installed
package:
ansible.builtin.package:
name: "{{ qemu_guest_agent_package_name }}"
when: ansible_distribution_major_version|int == 8
when: ansible_distribution_major_version|int >= 8
register: qemu_package_installation
ignore_errors: yes
ignore_errors: true
- name: ensure ovirt guest agent is enabled
service:
name: "{{ ovirt_guest_agent_service_name }}"
enabled: yes
when:
- ansible_distribution_major_version|int < 8
- ovirt_package_installation is succeeded
- name: enable ovirt guest agent
block:
- name: ensure ovirt guest agent is enabled (RHEL < 8)
ansible.builtin.service:
name: "{{ ovirt_guest_agent_service_name }}"
enabled: true
when: ansible_distribution_major_version|int < 8
- name: ensure qemu guest agent is enabled
service:
name: "{{ qemu_guest_agent_service_name }}"
enabled: yes
when:
- ansible_distribution_major_version|int == 8
- qemu_package_installation is succeeded
- name: ensure qemu guest agent is enabled (RHEL >= 8)
ansible.builtin.service:
name: "{{ qemu_guest_agent_service_name }}"
enabled: true
when: ansible_distribution_major_version|int >= 8
when: qemu_package_installation is succeeded

49
roles/oatakan.rhel_template_build/tasks/virtualbox.yml
View File

@@ -1,34 +1,37 @@
---
- name: Get VirtualBox version.
slurp:
ansible.builtin.slurp:
src: /home/{{ local_account_username }}/.vbox_version
register: get_virtualbox_version
- name: Set VirtualBox version.
set_fact:
ansible.builtin.set_fact:
virtualbox_version: "{{ get_virtualbox_version['content'] | b64decode }}"
- name: Mount VirtualBox guest additions ISO.
mount:
name: /tmp/vbox
src: "/home/{{ local_account_username }}/VBoxGuestAdditions_{{ virtualbox_version }}.iso"
opts: loop
state: mounted
fstype: iso9660
- name: install virtualbox guest additions
block:
- name: Mount VirtualBox guest additions ISO.
ansible.posix.mount:
name: /tmp/vbox
src: "/home/{{ local_account_username }}/VBoxGuestAdditions_{{ virtualbox_version }}.iso"
opts: loop
state: mounted
fstype: iso9660
- name: Run VirtualBox guest additions installation.
shell: sh /tmp/vbox/VBoxLinuxAdditions.run
changed_when: false
failed_when: false
- name: Run VirtualBox guest additions installation.
ansible.builtin.shell: sh /tmp/vbox/VBoxLinuxAdditions.run
changed_when: false
failed_when: false
- name: Unmount VirtualBox guest additions ISO.
mount:
name: /tmp/vbox
src: "/home/{{ local_account_username }}/VBoxGuestAdditions_{{ virtualbox_version }}.iso"
state: absent
fstype: iso9660
always:
- name: Unmount VirtualBox guest additions ISO.
ansible.posix.mount:
name: /tmp/vbox
src: "/home/{{ local_account_username }}/VBoxGuestAdditions_{{ virtualbox_version }}.iso"
state: absent
fstype: iso9660
- name: Delete VirtualBox guest additions ISO.
file:
path: "/home/{{ local_account_username }}/VBoxGuestAdditions_{{ virtualbox_version }}.iso"
state: absent
- name: Delete VirtualBox guest additions ISO.
ansible.builtin.file:
path: "/home/{{ local_account_username }}/VBoxGuestAdditions_{{ virtualbox_version }}.iso"
state: absent

104
roles/oatakan.rhel_template_build/tasks/vmware-tools.yml
View File

@@ -1,65 +1,71 @@
---
- name: Add VMWare tools repository.
template:
ansible.builtin.template:
src: vmware-tools.repo.j2
dest: /etc/yum.repos.d/vmware-tools.repo
mode: '0644'
- name: Import VMWare tools GPG keys.
rpm_key:
ansible.builtin.rpm_key:
key: "https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub"
state: present
- name: Create temporary directories for VMware tools.
file:
path: "/tmp/{{ item }}"
state: directory
loop:
- vmfusion
- vmfusion-archive
- name: Install vmware tools
block:
- name: Create temporary directories for VMware tools.
ansible.builtin.file:
path: "/tmp/{{ item }}"
state: directory
mode: '0755'
loop:
- vmfusion
- vmfusion-archive
- name: Mount VMware tools.
mount:
name: /tmp/vmfusion
src: /home/{{ local_account_username }}/linux.iso
fstype: iso9660
opts: loop
state: mounted
- name: Mount VMware tools.
ansible.posix.mount:
name: /tmp/vmfusion
src: /home/{{ local_account_username }}/linux.iso
fstype: iso9660
opts: loop
state: mounted
- name: Find any VMwareTools file.
find:
paths: /tmp/vmfusion
patterns: "^VMwareTools-*.tar.gz"
use_regex: yes
register: vmware_tools_files
- name: Find any VMwareTools file.
ansible.builtin.find:
paths: /tmp/vmfusion
patterns: "^VMwareTools-*.tar.gz"
use_regex: true
register: vmware_tools_files
- block:
- name: Decompress VMware Tools installer into archive folder.
unarchive:
src: "{{ vmware_tools_files.files[0] }}"
dest: /tmp/vmfusion-archive
remote_src: yes
- name: run the installer
block:
- name: Decompress VMware Tools installer into archive folder.
ansible.builtin.unarchive:
src: "{{ vmware_tools_files.files[0] }}"
dest: /tmp/vmfusion-archive
remote_src: true
- name: Run the VMware tools installer.
shell: /tmp/vmfusion-archive/vmware-tools-distrib/vmware-install.pl --default
changed_when: false
when: vmware_tools_files.matched > 0
- name: Run the VMware tools installer.
ansible.builtin.shell: /tmp/vmfusion-archive/vmware-tools-distrib/vmware-install.pl --default
changed_when: false
when: vmware_tools_files.matched > 0
- name: Unmount VMware tools.
mount:
name: /tmp/vmfusion
src: /home/{{ local_account_username }}/linux.iso
fstype: iso9660
state: absent
always:
- name: Unmount VMware tools.
ansible.posix.mount:
name: /tmp/vmfusion
src: /home/{{ local_account_username }}/linux.iso
fstype: iso9660
state: absent
- name: Remove temporary directories for VMware tools.
file:
path: "/tmp/{{ item }}"
state: absent
loop:
- vmfusion
- vmfusion-archive
- name: Remove temporary directories for VMware tools.
ansible.builtin.file:
path: "/tmp/{{ item }}"
state: absent
loop:
- vmfusion
- vmfusion-archive
- name: Delete VMware Tools.
file:
path: /home/{{ local_account_username }}/linux.iso
state: absent
- name: Delete VMware Tools.
ansible.builtin.file:
path: /home/{{ local_account_username }}/linux.iso
state: absent

9
roles/oatakan.rhel_template_build/tasks/vmware.yml
View File

@@ -1,16 +1,17 @@
---
- name: Add vmhgfs module (RHEL 6).
template:
ansible.builtin.template:
src: vmhgfs.modules.j2
dest: /etc/sysconfig/modules/vmhgfs.modules
mode: 0755
mode: '0755'
when: ansible_distribution_major_version|int <= 6
- name: Install open-vm-tools.
yum:
ansible.builtin.yum:
name: open-vm-tools
state: present
when: ansible_distribution_major_version|int >= 7
- include_tasks: vmware-tools.yml
- name: vmware tools installation
ansible.builtin.include_tasks: vmware-tools.yml
when: ansible_distribution_major_version|int <= 6

12
roles/oatakan.rhel_template_build/templates/grow_part.sh.j2
View File

@@ -2,9 +2,19 @@
the_root_vgname='{{ ansible_lvm.lvs[the_root_lvname].vg | default('vg00') }}'
the_root_lvname='{{ the_root_lvname | default('root') }}'
error=$(vgdisplay $the_root_vgname 2>&1 >/dev/null)
device_name=$(echo "$error" | grep -o '/dev/[^[:space:]]*')
if [[ -n "$device_name" ]]; then
# need to remove the lvmdevice and add it back
lvmdevices --yes --deldev $device_name
lvmdevices --yes --adddev $device_name
fi
the_root_pvname=$(vgdisplay -v $the_root_vgname 2> /dev/null | awk '/PV Name/ {print $3}')
the_root_pv_partnum=$(echo $the_root_pvname | grep -o '[0-9]$')
the_root_pv_device=$(echo $the_root_pvname | grep -o '.*[^0-9]')
the_root_pv_device="/dev/$(lsblk -ndo PKNAME $the_root_pvname)"
the_root_mount_point=$(lsblk -l -o NAME,MOUNTPOINT | grep $the_root_vgname-$the_root_lvname | awk '{print $2}')
/usr/bin/growpart $the_root_pv_device $the_root_pv_partnum