eec15a1cc2
Features: - Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE) - LVM configuration with meaningful volume groups and logical volumes - 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap - Security mount options on sensitive directories SSH Hardening: - GSSAPI authentication disabled - GSSAPI cleanup credentials disabled - Root login disabled via SSH - Password authentication disabled - Key-based authentication only - MaxAuthTries: 3, ClientAliveInterval: 300s Security Features: - SELinux enforcing (RHEL family) - AppArmor enabled (Debian family) - Firewall configuration (UFW/firewalld) - Automatic security updates - Audit daemon (auditd) enabled - Time synchronization (chrony) - Essential security packages (aide, auditd) Role Structure: - Modular task organization (validate, install, download, storage, deploy, lvm) - Tag-based execution for selective deployment - OS-family specific cloud-init templates - Comprehensive variable defaults (100+ configurable options) - Post-deployment validation tasks
45 lines
870 B
YAML
45 lines
870 B
YAML
---
|
|
# =============================================================================
|
|
# Deploy Linux VM Role - Metadata
|
|
# =============================================================================
|
|
|
|
galaxy_info:
|
|
author: Infrastructure Team
|
|
description: Deploy Linux VMs with LVM on KVM hypervisor with security hardening
|
|
company: Organization
|
|
license: MIT
|
|
min_ansible_version: "2.12"
|
|
|
|
platforms:
|
|
- name: Debian
|
|
versions:
|
|
- bullseye
|
|
- bookworm
|
|
- name: Ubuntu
|
|
versions:
|
|
- focal
|
|
- jammy
|
|
- noble
|
|
- name: EL
|
|
versions:
|
|
- 8
|
|
- 9
|
|
- name: opensuse
|
|
versions:
|
|
- 15.5
|
|
- 15.6
|
|
|
|
galaxy_tags:
|
|
- virtualization
|
|
- kvm
|
|
- libvirt
|
|
- lvm
|
|
- cloud-init
|
|
- security
|
|
- infrastructure
|
|
- deployment
|
|
|
|
dependencies: []
|
|
|
|
allow_duplicates: false
|