Update roles
This commit is contained in:
116
roles/oatakan.rhel_ovirt_template/tasks/provision.yml
Normal file
116
roles/oatakan.rhel_ovirt_template/tasks/provision.yml
Normal file
@@ -0,0 +1,116 @@
|
||||
---
|
||||
|
||||
- block:
|
||||
- include_tasks: make_iso.yml
|
||||
|
||||
- include_tasks: provision_vm.yml
|
||||
|
||||
- name: refresh inventory
|
||||
meta: refresh_inventory
|
||||
|
||||
- name: clear gathered facts
|
||||
meta: clear_facts
|
||||
|
||||
- name: clear any host errors
|
||||
meta: clear_host_errors
|
||||
|
||||
- name: add host
|
||||
add_host:
|
||||
hostname: template_vm
|
||||
ansible_host: '{{ template_vm_ip_address }}'
|
||||
host_key_checking: false
|
||||
ansible_user: "{{ local_account_username }}"
|
||||
ansible_password: "{{ local_account_password }}"
|
||||
ansible_port: "{{ vm_ansible_port | default('22') }}"
|
||||
ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null'
|
||||
ansible_python_interpreter: auto
|
||||
|
||||
- name: run setup module
|
||||
setup:
|
||||
delegate_to: template_vm
|
||||
connection: ssh
|
||||
|
||||
- block:
|
||||
- include_role:
|
||||
name: oatakan.rhn
|
||||
apply:
|
||||
delegate_to: template_vm
|
||||
connection: ssh
|
||||
become: yes
|
||||
|
||||
- include_role:
|
||||
name: oatakan.rhel_upgrade
|
||||
apply:
|
||||
delegate_to: template_vm
|
||||
connection: ssh
|
||||
become: yes
|
||||
when: install_updates|bool
|
||||
|
||||
- include_role:
|
||||
name: oatakan.rhel_template_build
|
||||
apply:
|
||||
delegate_to: template_vm
|
||||
connection: ssh
|
||||
become: yes
|
||||
vars:
|
||||
target_ovirt: yes
|
||||
|
||||
always:
|
||||
- include_role:
|
||||
name: oatakan.rhn
|
||||
apply:
|
||||
delegate_to: template_vm
|
||||
connection: ssh
|
||||
become: yes
|
||||
vars:
|
||||
role_action: unregister
|
||||
|
||||
- name: force handlers to run before stoppping the vm
|
||||
meta: flush_handlers
|
||||
|
||||
- name: refresh SSO credentials
|
||||
ovirt.ovirt.ovirt_auth:
|
||||
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
|
||||
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
|
||||
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
|
||||
insecure: yes
|
||||
|
||||
- include_tasks: stop_vm.yml
|
||||
|
||||
- include_tasks: convert_to_template.yml
|
||||
|
||||
- include_tasks: export_ovf.yml
|
||||
when: export_ovf|bool
|
||||
|
||||
rescue:
|
||||
- name: refresh SSO credentials
|
||||
ovirt.ovirt.ovirt_auth:
|
||||
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
|
||||
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
|
||||
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
|
||||
insecure: yes
|
||||
|
||||
- include_tasks: remove_template.yml
|
||||
when: remove_vm_on_error|bool
|
||||
|
||||
always:
|
||||
- name: refresh SSO credentials
|
||||
ovirt.ovirt.ovirt_auth:
|
||||
url: "{{ lookup('env', 'OVIRT_URL')|default(ovirt.url, true) }}"
|
||||
username: "{{ lookup('env', 'OVIRT_USERNAME')|default(ovirt.username, true) }}"
|
||||
password: "{{ lookup('env', 'OVIRT_PASSWORD')|default(ovirt.password, true) }}"
|
||||
insecure: yes
|
||||
|
||||
- include_tasks: remove_vm.yml
|
||||
|
||||
- include_tasks: datastore_iso_remove.yml
|
||||
|
||||
- name: remove temporary directory
|
||||
file:
|
||||
path: "{{ temp_directory }}"
|
||||
state: absent
|
||||
|
||||
- name: logout from oVirt
|
||||
ovirt.ovirt.ovirt_auth:
|
||||
state: absent
|
||||
ovirt_auth: "{{ ovirt_auth }}"
|
||||
115
roles/oatakan.rhel_ovirt_template/templates/rhel9/ks.cfg.j2
Normal file
115
roles/oatakan.rhel_ovirt_template/templates/rhel9/ks.cfg.j2
Normal file
@@ -0,0 +1,115 @@
|
||||
firewall --disabled
|
||||
|
||||
cdrom
|
||||
lang en_US.UTF-8
|
||||
keyboard us
|
||||
timezone UTC
|
||||
|
||||
{% if template.networks is defined and template.networks[0].ip is defined and template.networks[0].gateway is defined and template.networks[0].netmask is defined %}
|
||||
network --bootproto=static --ip={{ template.networks[0].ip }} --netmask={{ template.networks[0].netmask }} --gateway={{ template.networks[0].gateway }}{% if template.networks[0].dns_servers is defined %} --nameserver={{ template.networks[0].dns_servers|join(',') }}{% endif %}
|
||||
{% else %}
|
||||
network --bootproto=dhcp
|
||||
{% endif %}
|
||||
|
||||
network --hostname=localhost.localdomain
|
||||
rootpw {{ local_administrator_password }}
|
||||
authselect --enableshadow --passalgo=sha512
|
||||
|
||||
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
|
||||
selinux --disabled
|
||||
{% endif %}
|
||||
text
|
||||
skipx
|
||||
|
||||
eula --agreed
|
||||
|
||||
bootloader --append="no_timer_check"
|
||||
clearpart --all --initlabel
|
||||
part /boot/efi --fstype="efi" --size=200 --fsoptions="umask=0077,shortname=winnt" --asprimary
|
||||
part /boot --fstype="xfs" --size=1024 --asprimary
|
||||
part pv.00 --fstype="lvmpv" --size=1 --grow --asprimary
|
||||
volgroup vg00 --pesize=4096 pv.00
|
||||
logvol swap --fstype="swap" --size=4096 --name=swap --vgname=vg00
|
||||
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
|
||||
|
||||
authselect --useshadow --enablemd5
|
||||
firstboot --disabled
|
||||
services --enabled=NetworkManager,sshd
|
||||
reboot
|
||||
# this doesn't seem to work in RHEL 8.0
|
||||
#user --name={{ local_account_username }} --plaintext --password {{ local_account_password }} --groups={{ local_account_username }},wheel
|
||||
|
||||
%packages --ignoremissing --excludedocs
|
||||
@Base
|
||||
@Core
|
||||
openssh-clients
|
||||
sudo
|
||||
openssl-devel
|
||||
readline-devel
|
||||
zlib-devel
|
||||
kernel-headers
|
||||
kernel-devel
|
||||
gcc
|
||||
make
|
||||
perl
|
||||
curl
|
||||
wget
|
||||
ntp
|
||||
nfs-utils
|
||||
net-tools
|
||||
vim
|
||||
curl
|
||||
unbound-libs
|
||||
bzip2
|
||||
sshpass
|
||||
openssl
|
||||
|
||||
# unnecessary firmware
|
||||
-aic94xx-firmware
|
||||
-atmel-firmware
|
||||
-b43-openfwwf
|
||||
-bfa-firmware
|
||||
-ipw2100-firmware
|
||||
-ipw2200-firmware
|
||||
-ivtv-firmware
|
||||
-iwl100-firmware
|
||||
-iwl1000-firmware
|
||||
-iwl3945-firmware
|
||||
-iwl4965-firmware
|
||||
-iwl5000-firmware
|
||||
-iwl5150-firmware
|
||||
-iwl6000-firmware
|
||||
-iwl6000g2a-firmware
|
||||
-iwl6050-firmware
|
||||
-libertas-usb8388-firmware
|
||||
-ql2100-firmware
|
||||
-ql2200-firmware
|
||||
-ql23xx-firmware
|
||||
-ql2400-firmware
|
||||
-ql2500-firmware
|
||||
-rt61pci-firmware
|
||||
-rt73usb-firmware
|
||||
-xorg-x11-drv-ati-firmware
|
||||
-zd1211-firmware
|
||||
%end
|
||||
|
||||
%post
|
||||
# update root certs
|
||||
# wget -O/etc/pki/tls/certs/ca-bundle.crt https://curl.haxx.se/ca/cacert.pem --no-check-certificate
|
||||
# yum reinstall ca-certificates
|
||||
|
||||
{% if permit_root_login_with_password %}
|
||||
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
|
||||
{% endif %}
|
||||
|
||||
# sudo
|
||||
groupadd {{ local_account_username }}
|
||||
useradd -g {{ local_account_username }} -G {{ local_account_username }},wheel -d /home/{{ local_account_username }} -m -p $(openssl passwd -1 {{ local_account_password }}) {{ local_account_username }}
|
||||
yum install -y sudo
|
||||
echo "{{ local_account_username }} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/{{ local_account_username }}
|
||||
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
|
||||
{% if template_selinux_enabled is undefined or not template_selinux_enabled %}
|
||||
sed -i s'/SELINUX=enforcing/SELINUX=disabled'/g /etc/selinux/config
|
||||
{% endif %}
|
||||
yum clean all
|
||||
%end
|
||||
Reference in New Issue
Block a user