Add deploy_linux_vm role with LVM and SSH hardening

Features:
- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE)
- LVM configuration with meaningful volume groups and logical volumes
- 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap
- Security mount options on sensitive directories

SSH Hardening:
- GSSAPI authentication disabled
- GSSAPI cleanup credentials disabled
- Root login disabled via SSH
- Password authentication disabled
- Key-based authentication only
- MaxAuthTries: 3, ClientAliveInterval: 300s

Security Features:
- SELinux enforcing (RHEL family)
- AppArmor enabled (Debian family)
- Firewall configuration (UFW/firewalld)
- Automatic security updates
- Audit daemon (auditd) enabled
- Time synchronization (chrony)
- Essential security packages (aide, auditd)

Role Structure:
- Modular task organization (validate, install, download, storage, deploy, lvm)
- Tag-based execution for selective deployment
- OS-family specific cloud-init templates
- Comprehensive variable defaults (100+ configurable options)
- Post-deployment validation tasks

roles/deploy_linux_vm/tasks/deploy.yml

@@ -0,0 +1,84 @@
+---
+# =============================================================================
+# Deployment Tasks - Create and Start VM
+# =============================================================================
+
+- name: Build virt-install disk parameters
+  set_fact:
+    deploy_linux_vm_disk_params: >-
+      --disk path={{ deploy_linux_vm_disk_path }},format=qcow2,bus=virtio
+      {% if deploy_linux_vm_use_lvm | bool %}
+      --disk path={{ deploy_linux_vm_images_dir }}/{{ deploy_linux_vm_name }}-lvm.qcow2,format=qcow2,bus=virtio
+      {% endif %}
+      --disk path={{ deploy_linux_vm_cloud_init_iso_path }},device=cdrom
+  tags: [deploy]
+
+- name: Create VM using virt-install
+  command: >
+    virt-install
+    --name {{ deploy_linux_vm_name }}
+    --memory {{ deploy_linux_vm_memory_mb }}
+    --vcpus {{ deploy_linux_vm_vcpus }}
+    {{ deploy_linux_vm_disk_params }}
+    --network network={{ deploy_linux_vm_network }},model=virtio
+    --os-variant {{ deploy_linux_vm_distro_config.os_variant }}
+    --graphics none
+    --console pty,target_type=serial
+    --import
+    --noautoconsole
+  register: deploy_linux_vm_create
+  tags: [deploy]
+
+- name: Display VM creation result
+  debug:
+    msg:
+      - "=== VM Created ==="
+      - "VM Name: {{ deploy_linux_vm_name }}"
+      - "Distribution: {{ deploy_linux_vm_os_distribution }}"
+      - "Waiting for boot and cloud-init..."
+  tags: [deploy]
+
+- name: Wait for VM to boot and cloud-init to complete
+  pause:
+    seconds: "{{ deploy_linux_vm_wait_for_boot_seconds }}"
+    prompt: "Waiting for VM to boot and cloud-init to complete configuration..."
+  tags: [deploy]
+
+- name: Get VM IP address
+  shell: |
+    virsh domifaddr {{ deploy_linux_vm_name }} | grep -oP '(\d{1,3}\.){3}\d{1,3}' | head -1
+  register: deploy_linux_vm_ip_result
+  retries: 15
+  delay: 10
+  until: deploy_linux_vm_ip_result.stdout != ""
+  changed_when: false
+  tags: [deploy]
+
+- name: Set VM IP fact
+  set_fact:
+    deploy_linux_vm_ip: "{{ deploy_linux_vm_ip_result.stdout }}"
+  tags: [deploy]
+
+- name: Display VM information
+  debug:
+    msg:
+      - "=== VM Deployment Successful ==="
+      - "VM Name: {{ deploy_linux_vm_name }}"
+      - "Distribution: {{ deploy_linux_vm_os_distribution }}"
+      - "IP Address: {{ deploy_linux_vm_ip }}"
+      - "vCPUs: {{ deploy_linux_vm_vcpus }}"
+      - "Memory: {{ deploy_linux_vm_memory_mb }} MB"
+      - "Disk: {{ deploy_linux_vm_disk_size_gb }} GB"
+      - "OS Variant: {{ deploy_linux_vm_distro_config.os_variant }}"
+      - "Package Manager: {{ deploy_linux_vm_distro_config.package_manager }}"
+      - "LVM Enabled: {{ deploy_linux_vm_use_lvm }}"
+      - "Access: ssh {{ deploy_linux_vm_ansible_user }}@{{ deploy_linux_vm_ip }}"
+  tags: [deploy]
+
+- name: Test SSH connectivity to new VM
+  wait_for:
+    host: "{{ deploy_linux_vm_ip }}"
+    port: 22
+    timeout: "{{ deploy_linux_vm_ssh_wait_timeout }}"
+    state: started
+  tags: [deploy]