eec15a1cc2
Features: - Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE) - LVM configuration with meaningful volume groups and logical volumes - 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap - Security mount options on sensitive directories SSH Hardening: - GSSAPI authentication disabled - GSSAPI cleanup credentials disabled - Root login disabled via SSH - Password authentication disabled - Key-based authentication only - MaxAuthTries: 3, ClientAliveInterval: 300s Security Features: - SELinux enforcing (RHEL family) - AppArmor enabled (Debian family) - Firewall configuration (UFW/firewalld) - Automatic security updates - Audit daemon (auditd) enabled - Time synchronization (chrony) - Essential security packages (aide, auditd) Role Structure: - Modular task organization (validate, install, download, storage, deploy, lvm) - Tag-based execution for selective deployment - OS-family specific cloud-init templates - Comprehensive variable defaults (100+ configurable options) - Post-deployment validation tasks
71 lines
2.1 KiB
YAML
71 lines
2.1 KiB
YAML
---
|
|
# =============================================================================
|
|
# Cloud-Init Tasks - Generate Cloud-Init Configuration
|
|
# =============================================================================
|
|
|
|
- name: Create cloud-init directory
|
|
file:
|
|
path: /tmp/cloud-init-{{ deploy_linux_vm_name }}
|
|
state: directory
|
|
mode: '0755'
|
|
tags: [cloud-init]
|
|
|
|
- name: Create cloud-init meta-data
|
|
template:
|
|
src: meta-data.j2
|
|
dest: /tmp/cloud-init-{{ deploy_linux_vm_name }}/meta-data
|
|
mode: '0644'
|
|
tags: [cloud-init]
|
|
|
|
- name: Create cloud-init user-data for Debian/Ubuntu
|
|
template:
|
|
src: user-data-debian.j2
|
|
dest: /tmp/cloud-init-{{ deploy_linux_vm_name }}/user-data
|
|
mode: '0644'
|
|
when: deploy_linux_vm_distro_config.family == "debian"
|
|
tags: [cloud-init]
|
|
|
|
- name: Create cloud-init user-data for RHEL/CentOS/Rocky/Alma
|
|
template:
|
|
src: user-data-rhel.j2
|
|
dest: /tmp/cloud-init-{{ deploy_linux_vm_name }}/user-data
|
|
mode: '0644'
|
|
when: deploy_linux_vm_distro_config.family == "rhel"
|
|
tags: [cloud-init]
|
|
|
|
- name: Create cloud-init user-data for SUSE/openSUSE
|
|
template:
|
|
src: user-data-suse.j2
|
|
dest: /tmp/cloud-init-{{ deploy_linux_vm_name }}/user-data
|
|
mode: '0644'
|
|
when: deploy_linux_vm_distro_config.family == "suse"
|
|
tags: [cloud-init]
|
|
|
|
- name: Create cloud-init ISO
|
|
command: >
|
|
genisoimage -output {{ deploy_linux_vm_cloud_init_iso_path }}
|
|
-volid cidata -joliet -rock
|
|
/tmp/cloud-init-{{ deploy_linux_vm_name }}/user-data
|
|
/tmp/cloud-init-{{ deploy_linux_vm_name }}/meta-data
|
|
args:
|
|
creates: "{{ deploy_linux_vm_cloud_init_iso_path }}"
|
|
tags: [cloud-init]
|
|
|
|
- name: Set proper permissions on cloud-init ISO (Debian/Ubuntu)
|
|
file:
|
|
path: "{{ deploy_linux_vm_cloud_init_iso_path }}"
|
|
owner: libvirt-qemu
|
|
group: kvm
|
|
mode: '0644'
|
|
when: ansible_os_family == "Debian"
|
|
tags: [cloud-init]
|
|
|
|
- name: Set proper permissions on cloud-init ISO (RHEL)
|
|
file:
|
|
path: "{{ deploy_linux_vm_cloud_init_iso_path }}"
|
|
owner: qemu
|
|
group: qemu
|
|
mode: '0644'
|
|
when: ansible_os_family == "RedHat"
|
|
tags: [cloud-init]
|