eec15a1cc2
Features: - Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE) - LVM configuration with meaningful volume groups and logical volumes - 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap - Security mount options on sensitive directories SSH Hardening: - GSSAPI authentication disabled - GSSAPI cleanup credentials disabled - Root login disabled via SSH - Password authentication disabled - Key-based authentication only - MaxAuthTries: 3, ClientAliveInterval: 300s Security Features: - SELinux enforcing (RHEL family) - AppArmor enabled (Debian family) - Firewall configuration (UFW/firewalld) - Automatic security updates - Audit daemon (auditd) enabled - Time synchronization (chrony) - Essential security packages (aide, auditd) Role Structure: - Modular task organization (validate, install, download, storage, deploy, lvm) - Tag-based execution for selective deployment - OS-family specific cloud-init templates - Comprehensive variable defaults (100+ configurable options) - Post-deployment validation tasks
158 lines
6.2 KiB
YAML
158 lines
6.2 KiB
YAML
---
|
|
# =============================================================================
|
|
# Deploy Linux VM Role - Role Variables
|
|
# =============================================================================
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# Cloud Image Repository Configuration
|
|
# -----------------------------------------------------------------------------
|
|
deploy_linux_vm_cloud_images:
|
|
# Debian
|
|
debian-11:
|
|
url: "https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2"
|
|
checksum_url: "https://cloud.debian.org/images/cloud/bullseye/latest/SHA512SUMS"
|
|
checksum_type: "sha512"
|
|
os_variant: "debian11"
|
|
cache_name: "debian-11-generic-amd64.qcow2"
|
|
package_manager: "apt"
|
|
family: "debian"
|
|
|
|
debian-12:
|
|
url: "https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2"
|
|
checksum_url: "https://cloud.debian.org/images/cloud/bookworm/latest/SHA512SUMS"
|
|
checksum_type: "sha512"
|
|
os_variant: "debian12"
|
|
cache_name: "debian-12-generic-amd64.qcow2"
|
|
package_manager: "apt"
|
|
family: "debian"
|
|
|
|
# Ubuntu
|
|
ubuntu-20.04:
|
|
url: "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"
|
|
checksum_url: "https://cloud-images.ubuntu.com/focal/current/SHA256SUMS"
|
|
checksum_type: "sha256"
|
|
os_variant: "ubuntu20.04"
|
|
cache_name: "ubuntu-20.04-server-cloudimg-amd64.img"
|
|
package_manager: "apt"
|
|
family: "debian"
|
|
|
|
ubuntu-22.04:
|
|
url: "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img"
|
|
checksum_url: "https://cloud-images.ubuntu.com/jammy/current/SHA256SUMS"
|
|
checksum_type: "sha256"
|
|
os_variant: "ubuntu22.04"
|
|
cache_name: "ubuntu-22.04-server-cloudimg-amd64.img"
|
|
package_manager: "apt"
|
|
family: "debian"
|
|
|
|
ubuntu-24.04:
|
|
url: "https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"
|
|
checksum_url: "https://cloud-images.ubuntu.com/noble/current/SHA256SUMS"
|
|
checksum_type: "sha256"
|
|
os_variant: "ubuntu24.04"
|
|
cache_name: "ubuntu-24.04-server-cloudimg-amd64.img"
|
|
package_manager: "apt"
|
|
family: "debian"
|
|
|
|
# RHEL (requires subscription)
|
|
rhel-8:
|
|
url: "https://access.redhat.com/downloads/content/rhel/8/x86_64/latest/rhel-8-x86_64-kvm.qcow2"
|
|
os_variant: "rhel8.0"
|
|
cache_name: "rhel-8-x86_64-kvm.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
note: "Requires Red Hat subscription and manual download"
|
|
|
|
rhel-9:
|
|
url: "https://access.redhat.com/downloads/content/rhel/9/x86_64/latest/rhel-9-x86_64-kvm.qcow2"
|
|
os_variant: "rhel9.0"
|
|
cache_name: "rhel-9-x86_64-kvm.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
note: "Requires Red Hat subscription and manual download"
|
|
|
|
# CentOS Stream
|
|
centos-stream-8:
|
|
url: "https://cloud.centos.org/centos/8-stream/x86_64/images/CentOS-Stream-GenericCloud-8-latest.x86_64.qcow2"
|
|
checksum_url: "https://cloud.centos.org/centos/8-stream/x86_64/images/CHECKSUM"
|
|
checksum_type: "sha256"
|
|
os_variant: "centos-stream8"
|
|
cache_name: "centos-stream-8-genericcloud-amd64.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
|
|
centos-stream-9:
|
|
url: "https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-9-latest.x86_64.qcow2"
|
|
checksum_url: "https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM"
|
|
checksum_type: "sha256"
|
|
os_variant: "centos-stream9"
|
|
cache_name: "centos-stream-9-genericcloud-amd64.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
|
|
# Rocky Linux
|
|
rocky-8:
|
|
url: "https://download.rockylinux.org/pub/rocky/8/images/x86_64/Rocky-8-GenericCloud-Base.latest.x86_64.qcow2"
|
|
checksum_url: "https://download.rockylinux.org/pub/rocky/8/images/x86_64/CHECKSUM"
|
|
checksum_type: "sha256"
|
|
os_variant: "rocky8"
|
|
cache_name: "rocky-8-genericcloud-amd64.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
|
|
rocky-9:
|
|
url: "https://download.rockylinux.org/pub/rocky/9/images/x86_64/Rocky-9-GenericCloud-Base.latest.x86_64.qcow2"
|
|
checksum_url: "https://download.rockylinux.org/pub/rocky/9/images/x86_64/CHECKSUM"
|
|
checksum_type: "sha256"
|
|
os_variant: "rocky9"
|
|
cache_name: "rocky-9-genericcloud-amd64.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
|
|
# AlmaLinux
|
|
almalinux-8:
|
|
url: "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-GenericCloud-latest.x86_64.qcow2"
|
|
checksum_url: "https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/CHECKSUM"
|
|
checksum_type: "sha256"
|
|
os_variant: "almalinux8"
|
|
cache_name: "almalinux-8-genericcloud-amd64.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
|
|
almalinux-9:
|
|
url: "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-GenericCloud-latest.x86_64.qcow2"
|
|
checksum_url: "https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/CHECKSUM"
|
|
checksum_type: "sha256"
|
|
os_variant: "almalinux9"
|
|
cache_name: "almalinux-9-genericcloud-amd64.qcow2"
|
|
package_manager: "dnf"
|
|
family: "rhel"
|
|
|
|
# SLES (requires registration)
|
|
sles-15:
|
|
url: "https://download.suse.com/Download?buildid=XXXXX"
|
|
os_variant: "sles15"
|
|
cache_name: "sles-15-genericcloud-amd64.qcow2"
|
|
package_manager: "zypper"
|
|
family: "suse"
|
|
note: "Requires SUSE subscription and manual download"
|
|
|
|
# openSUSE Leap
|
|
opensuse-leap-15.5:
|
|
url: "https://download.opensuse.org/distribution/leap/15.5/appliances/openSUSE-Leap-15.5-Minimal-VM.x86_64-Cloud.qcow2"
|
|
checksum_url: "https://download.opensuse.org/distribution/leap/15.5/appliances/openSUSE-Leap-15.5-Minimal-VM.x86_64-Cloud.qcow2.sha256"
|
|
checksum_type: "sha256"
|
|
os_variant: "opensuse15.5"
|
|
cache_name: "opensuse-leap-15.5-minimal-vm-amd64.qcow2"
|
|
package_manager: "zypper"
|
|
family: "suse"
|
|
|
|
opensuse-leap-15.6:
|
|
url: "https://download.opensuse.org/distribution/leap/15.6/appliances/openSUSE-Leap-15.6-Minimal-VM.x86_64-Cloud.qcow2"
|
|
checksum_url: "https://download.opensuse.org/distribution/leap/15.6/appliances/openSUSE-Leap-15.6-Minimal-VM.x86_64-Cloud.qcow2.sha256"
|
|
checksum_type: "sha256"
|
|
os_variant: "opensuse15.6"
|
|
cache_name: "opensuse-leap-15.6-minimal-vm-amd64.qcow2"
|
|
package_manager: "zypper"
|
|
family: "suse"
|