ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eec15a1cc20b7f31fedd537704828b79d9730352
infra-automation/roles/deploy_linux_vm/tasks/main.yml
Infrastructure Team eec15a1cc2 Add deploy_linux_vm role with LVM and SSH hardening 
Features:
- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE)
- LVM configuration with meaningful volume groups and logical volumes
- 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap
- Security mount options on sensitive directories

SSH Hardening:
- GSSAPI authentication disabled
- GSSAPI cleanup credentials disabled
- Root login disabled via SSH
- Password authentication disabled
- Key-based authentication only
- MaxAuthTries: 3, ClientAliveInterval: 300s

Security Features:
- SELinux enforcing (RHEL family)
- AppArmor enabled (Debian family)
- Firewall configuration (UFW/firewalld)
- Automatic security updates
- Audit daemon (auditd) enabled
- Time synchronization (chrony)
- Essential security packages (aide, auditd)

Role Structure:
- Modular task organization (validate, install, download, storage, deploy, lvm)
- Tag-based execution for selective deployment
- OS-family specific cloud-init templates
- Comprehensive variable defaults (100+ configurable options)
- Post-deployment validation tasks
2025-11-10 22:51:51 +01:00

43 lines
1.1 KiB
YAML
Raw Blame History

---
# =============================================================================
# Deploy Linux VM Role - Main Tasks
# =============================================================================
- name: Include validation tasks
include_tasks: validate.yml
tags: [validate, preflight, always]
- name: Include installation tasks
include_tasks: install.yml
tags: [install]
- name: Include download tasks
include_tasks: download.yml
tags: [download]
- name: Include storage tasks
include_tasks: storage.yml
tags: [storage]
- name: Include cloud-init tasks
include_tasks: cloud-init.yml
tags: [cloud-init]
- name: Include deployment tasks
include_tasks: deploy.yml
tags: [deploy]
- name: Include LVM configuration tasks
include_tasks: lvm.yml
when: deploy_linux_vm_use_lvm | bool
tags: [lvm, post-deploy]
- name: Include validation tasks (post-deployment)
include_tasks: post-validate.yml
tags: [validate, post-deploy]
- name: Include cleanup tasks
include_tasks: cleanup.yml
when: deploy_linux_vm_cleanup_temp_files | bool
tags: [cleanup]
Reference in New Issue View Git Blame Copy Permalink