eec15a1cc2
Features: - Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE) - LVM configuration with meaningful volume groups and logical volumes - 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap - Security mount options on sensitive directories SSH Hardening: - GSSAPI authentication disabled - GSSAPI cleanup credentials disabled - Root login disabled via SSH - Password authentication disabled - Key-based authentication only - MaxAuthTries: 3, ClientAliveInterval: 300s Security Features: - SELinux enforcing (RHEL family) - AppArmor enabled (Debian family) - Firewall configuration (UFW/firewalld) - Automatic security updates - Audit daemon (auditd) enabled - Time synchronization (chrony) - Essential security packages (aide, auditd) Role Structure: - Modular task organization (validate, install, download, storage, deploy, lvm) - Tag-based execution for selective deployment - OS-family specific cloud-init templates - Comprehensive variable defaults (100+ configurable options) - Post-deployment validation tasks
83 lines
3.6 KiB
YAML
83 lines
3.6 KiB
YAML
---
|
|
# =============================================================================
|
|
# Post-Validation Tasks - Validate Deployed VM
|
|
# =============================================================================
|
|
|
|
- name: Get VM details
|
|
command: virsh dominfo {{ deploy_linux_vm_name }}
|
|
register: deploy_linux_vm_details
|
|
changed_when: false
|
|
tags: [validate, post-deploy]
|
|
|
|
- name: Display VM details
|
|
debug:
|
|
var: deploy_linux_vm_details.stdout_lines
|
|
tags: [validate, post-deploy]
|
|
|
|
- name: Check VM is running
|
|
command: virsh list --name
|
|
register: deploy_linux_vm_running_vms
|
|
changed_when: false
|
|
failed_when: deploy_linux_vm_name not in deploy_linux_vm_running_vms.stdout_lines
|
|
tags: [validate, post-deploy]
|
|
|
|
- name: Validate SSH connectivity
|
|
wait_for:
|
|
host: "{{ deploy_linux_vm_ip }}"
|
|
port: 22
|
|
timeout: 60
|
|
state: started
|
|
when: not deploy_linux_vm_skip_validation
|
|
tags: [validate, post-deploy]
|
|
|
|
- name: Gather system information from VM
|
|
delegate_to: "{{ deploy_linux_vm_ip }}"
|
|
setup:
|
|
register: deploy_linux_vm_facts
|
|
vars:
|
|
ansible_user: "{{ deploy_linux_vm_ansible_user }}"
|
|
ansible_ssh_common_args: '-o ProxyJump={{ inventory_hostname }} -o StrictHostKeyChecking=accept-new'
|
|
when: not deploy_linux_vm_skip_validation
|
|
tags: [validate, post-deploy]
|
|
|
|
- name: Display VM system information
|
|
debug:
|
|
msg:
|
|
- "=== System Information ==="
|
|
- "OS: {{ deploy_linux_vm_facts.ansible_facts.ansible_distribution }} {{ deploy_linux_vm_facts.ansible_facts.ansible_distribution_version }}"
|
|
- "Kernel: {{ deploy_linux_vm_facts.ansible_facts.ansible_kernel }}"
|
|
- "Architecture: {{ deploy_linux_vm_facts.ansible_facts.ansible_architecture }}"
|
|
- "Hostname: {{ deploy_linux_vm_facts.ansible_facts.ansible_hostname }}"
|
|
- "FQDN: {{ deploy_linux_vm_facts.ansible_facts.ansible_fqdn }}"
|
|
- "Python: {{ deploy_linux_vm_facts.ansible_facts.ansible_python_version }}"
|
|
when: not deploy_linux_vm_skip_validation
|
|
tags: [validate, post-deploy]
|
|
|
|
- name: Display deployment summary
|
|
debug:
|
|
msg:
|
|
- "╔════════════════════════════════════════════════════════════════╗"
|
|
- "║ VM Deployment Successfully Completed ║"
|
|
- "╚════════════════════════════════════════════════════════════════╝"
|
|
- ""
|
|
- "VM Details:"
|
|
- " Name: {{ deploy_linux_vm_name }}"
|
|
- " Distribution: {{ deploy_linux_vm_os_distribution }}"
|
|
- " IP Address: {{ deploy_linux_vm_ip }}"
|
|
- " Resources: {{ deploy_linux_vm_vcpus }} vCPUs, {{ deploy_linux_vm_memory_mb }}MB RAM, {{ deploy_linux_vm_disk_size_gb }}GB Disk"
|
|
- " LVM: {{ 'Enabled' if deploy_linux_vm_use_lvm else 'Disabled' }}"
|
|
- ""
|
|
- "Access:"
|
|
- " ssh {{ deploy_linux_vm_ansible_user }}@{{ deploy_linux_vm_ip }}"
|
|
- " ssh -J {{ inventory_hostname }} {{ deploy_linux_vm_ansible_user }}@{{ deploy_linux_vm_ip }}"
|
|
- ""
|
|
- "Add to Ansible inventory:"
|
|
- " {{ deploy_linux_vm_name }}:"
|
|
- " ansible_host: {{ deploy_linux_vm_ip }}"
|
|
- " ansible_user: {{ deploy_linux_vm_ansible_user }}"
|
|
- " ansible_ssh_common_args: '-o ProxyJump={{ inventory_hostname }} -o StrictHostKeyChecking=accept-new'"
|
|
- " os_distribution: {{ deploy_linux_vm_os_distribution }}"
|
|
- " os_family: {{ deploy_linux_vm_distro_config.family }}"
|
|
- ""
|
|
tags: [validate, post-deploy]
|