ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eec15a1cc20b7f31fedd537704828b79d9730352
infra-automation/roles/deploy_linux_vm/tasks/deploy.yml
Infrastructure Team eec15a1cc2 Add deploy_linux_vm role with LVM and SSH hardening 
Features:
- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE)
- LVM configuration with meaningful volume groups and logical volumes
- 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap
- Security mount options on sensitive directories

SSH Hardening:
- GSSAPI authentication disabled
- GSSAPI cleanup credentials disabled
- Root login disabled via SSH
- Password authentication disabled
- Key-based authentication only
- MaxAuthTries: 3, ClientAliveInterval: 300s

Security Features:
- SELinux enforcing (RHEL family)
- AppArmor enabled (Debian family)
- Firewall configuration (UFW/firewalld)
- Automatic security updates
- Audit daemon (auditd) enabled
- Time synchronization (chrony)
- Essential security packages (aide, auditd)

Role Structure:
- Modular task organization (validate, install, download, storage, deploy, lvm)
- Tag-based execution for selective deployment
- OS-family specific cloud-init templates
- Comprehensive variable defaults (100+ configurable options)
- Post-deployment validation tasks
2025-11-10 22:51:51 +01:00

85 lines
2.8 KiB
YAML
Raw Blame History

---
# =============================================================================
# Deployment Tasks - Create and Start VM
# =============================================================================
- name: Build virt-install disk parameters
set_fact:
deploy_linux_vm_disk_params: >-
--disk path={{ deploy_linux_vm_disk_path }},format=qcow2,bus=virtio
{% if deploy_linux_vm_use_lvm | bool %}
--disk path={{ deploy_linux_vm_images_dir }}/{{ deploy_linux_vm_name }}-lvm.qcow2,format=qcow2,bus=virtio
{% endif %}
--disk path={{ deploy_linux_vm_cloud_init_iso_path }},device=cdrom
tags: [deploy]
- name: Create VM using virt-install
command: >
virt-install
--name {{ deploy_linux_vm_name }}
--memory {{ deploy_linux_vm_memory_mb }}
--vcpus {{ deploy_linux_vm_vcpus }}
{{ deploy_linux_vm_disk_params }}
--network network={{ deploy_linux_vm_network }},model=virtio
--os-variant {{ deploy_linux_vm_distro_config.os_variant }}
--graphics none
--console pty,target_type=serial
--import
--noautoconsole
register: deploy_linux_vm_create
tags: [deploy]
- name: Display VM creation result
debug:
msg:
- "=== VM Created ==="
- "VM Name: {{ deploy_linux_vm_name }}"
- "Distribution: {{ deploy_linux_vm_os_distribution }}"
- "Waiting for boot and cloud-init..."
tags: [deploy]
- name: Wait for VM to boot and cloud-init to complete
pause:
seconds: "{{ deploy_linux_vm_wait_for_boot_seconds }}"
prompt: "Waiting for VM to boot and cloud-init to complete configuration..."
tags: [deploy]
- name: Get VM IP address
shell: |
virsh domifaddr {{ deploy_linux_vm_name }} | grep -oP '(\d{1,3}\.){3}\d{1,3}' | head -1
register: deploy_linux_vm_ip_result
retries: 15
delay: 10
until: deploy_linux_vm_ip_result.stdout != ""
changed_when: false
tags: [deploy]
- name: Set VM IP fact
set_fact:
deploy_linux_vm_ip: "{{ deploy_linux_vm_ip_result.stdout }}"
tags: [deploy]
- name: Display VM information
debug:
msg:
- "=== VM Deployment Successful ==="
- "VM Name: {{ deploy_linux_vm_name }}"
- "Distribution: {{ deploy_linux_vm_os_distribution }}"
- "IP Address: {{ deploy_linux_vm_ip }}"
- "vCPUs: {{ deploy_linux_vm_vcpus }}"
- "Memory: {{ deploy_linux_vm_memory_mb }} MB"
- "Disk: {{ deploy_linux_vm_disk_size_gb }} GB"
- "OS Variant: {{ deploy_linux_vm_distro_config.os_variant }}"
- "Package Manager: {{ deploy_linux_vm_distro_config.package_manager }}"
- "LVM Enabled: {{ deploy_linux_vm_use_lvm }}"
- "Access: ssh {{ deploy_linux_vm_ansible_user }}@{{ deploy_linux_vm_ip }}"
tags: [deploy]
- name: Test SSH connectivity to new VM
wait_for:
host: "{{ deploy_linux_vm_ip }}"
port: 22
timeout: "{{ deploy_linux_vm_ssh_wait_timeout }}"
state: started
tags: [deploy]
Reference in New Issue View Git Blame Copy Permalink