forked from vmware-samples/packer-examples-for-vsphere
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Ansible roles for Linux; address project chores (vmware-samples#156)
**Linux machine images**: - Adds Ansible roles (`users`, `configure`, and `clean`) for Linux machine image builds. [vmware-samples#54](vmware-samples#54) - Updates GHA to ignore Ansible since the linter errors on a required configuration. **Windows machine images**: - Condenses Windows machine image scripts. **Chores**: - Updates to minimum Packer version to `v1.7.10`. - Updates to minimum Terraform version to `v1.1.5`. - Resolve linter issue on` CODE_OF_CONDUCT.md`. - Update dates in `LICENSE` and `NOTICE` to 2022. - Simplifies terms or phrases in `build.sh`, `config.sh`, and `set-envvars.sh`
- Loading branch information
1 parent
f80292a
commit 12d5c48
Showing
86 changed files
with
518 additions
and
1,537 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,3 +7,6 @@ | |
hosts: all | ||
roles: | ||
- base | ||
- users | ||
- configure | ||
- clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,10 @@ | ||
--- | ||
- name: "Prepare {{ ansible_facts['distribution'] }} distribution." | ||
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." | ||
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml" | ||
when: "ansible_facts['distribution'] == 'Ubuntu'" | ||
- name: "Prepare {{ ansible_facts['distribution'] }} distribution." | ||
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." | ||
include_tasks: redhat.yml | ||
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" | ||
- name: "Prepare {{ ansible_facts['os_family'] }} distribution." | ||
- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system." | ||
include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml" | ||
when: "ansible_facts['os_family'] == 'VMware Photon OS'" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- | ||
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." | ||
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml" | ||
when: "ansible_facts['distribution'] == 'Ubuntu'" | ||
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." | ||
include_tasks: redhat.yml | ||
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" | ||
- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system." | ||
include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml" | ||
when: "ansible_facts['os_family'] == 'VMware Photon OS'" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- | ||
- name: "Cleaning tdnf cache." | ||
shell: | | ||
tdnf clean all | ||
args: | ||
warn: false | ||
- name: "Cleaning log files." | ||
shell: | | ||
find /var/log -type f -delete | ||
rm -rf /var/log/journal/* | ||
args: | ||
warn: false | ||
- name: "Cleaning SSH host keys." | ||
shell: | | ||
rm -f /etc/ssh/ssh_host_* | ||
args: | ||
warn: false | ||
- name: "Cleaning the machine-id." | ||
shell: | | ||
truncate -s 0 /etc/machine-id | ||
rm /var/lib/dbus/machine-id | ||
ln -s /etc/machine-id /var/lib/dbus/machine-id | ||
args: | ||
warn: false | ||
- name: "Cleaning the shell history." | ||
shell: | | ||
history -c | ||
args: | ||
warn: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
- name: "Cleaning all audit logs." | ||
shell: | | ||
if [ -f /var/log/audit/audit.log ]; then | ||
cat /dev/null > /var/log/audit/audit.log | ||
fi | ||
if [ -f /var/log/wtmp ]; then | ||
cat /dev/null > /var/log/wtmp | ||
fi | ||
if [ -f /var/log/lastlog ]; then | ||
cat /dev/null > /var/log/lastlog | ||
fi | ||
args: | ||
warn: false | ||
- name: "Cleaning persistent udev rules." | ||
shell: | | ||
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then | ||
rm /etc/udev/rules.d/70-persistent-net.rules | ||
fi | ||
args: | ||
warn: false | ||
- name: "Cleaning the /tmp directories" | ||
shell: | | ||
rm -rf /tmp/* | ||
rm -rf /var/tmp/* | ||
rm -rf /var/cache/dnf/* | ||
args: | ||
warn: false | ||
- name: "Cleaning the Red Hat Subscription Manager logs." | ||
shell: | | ||
rm -rf /var/log/rhsm/* | ||
when: "ansible_facts['distribution'] == 'RedHat'" | ||
args: | ||
warn: false | ||
- name: "Cleaning the SSH host keys." | ||
shell: | | ||
rm -f /etc/ssh/ssh_host_* | ||
args: | ||
warn: false | ||
- name: "Cleaning the machine-id." | ||
shell: | | ||
truncate -s 0 /etc/machine-id | ||
rm /var/lib/dbus/machine-id | ||
ln -s /etc/machine-id /var/lib/dbus/machine-id | ||
args: | ||
warn: false | ||
- name: "Cleaning the shell history." | ||
shell: | | ||
unset HISTFILE | ||
history -cw | ||
echo > ~/.bash_history | ||
rm -fr /root/.bash_history | ||
args: | ||
warn: false | ||
- name: "Running a sync." | ||
shell: | | ||
sync && sync | ||
args: | ||
warn: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
--- | ||
- name: "Cleaning all audit logs." | ||
shell: | | ||
if [ -f /var/log/audit/audit.log ]; then | ||
cat /dev/null > /var/log/audit/audit.log | ||
fi | ||
if [ -f /var/log/wtmp ]; then | ||
cat /dev/null > /var/log/wtmp | ||
fi | ||
if [ -f /var/log/lastlog ]; then | ||
cat /dev/null > /var/log/lastlog | ||
fi | ||
args: | ||
warn: false | ||
- name: "Cleaning persistent udev rules." | ||
shell: | | ||
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then | ||
rm /etc/udev/rules.d/70-persistent-net.rules | ||
fi | ||
args: | ||
warn: false | ||
- name: "Cleaning the /tmp directories" | ||
shell: | | ||
rm -rf /tmp/* | ||
rm -rf /var/tmp/* | ||
args: | ||
warn: false | ||
- name: "Cleaning the SSH host keys." | ||
shell: | | ||
rm -f /etc/ssh/ssh_host_* | ||
args: | ||
warn: false | ||
- name: "Cleaning the machine-id." | ||
shell: | | ||
truncate -s 0 /etc/machine-id | ||
rm /var/lib/dbus/machine-id | ||
ln -s /etc/machine-id /var/lib/dbus/machine-id | ||
args: | ||
warn: false | ||
- name: "Cleaning the shell history." | ||
shell: | | ||
unset HISTFILE | ||
history -cw | ||
echo > ~/.bash_history | ||
rm -fr /root/.bash_history | ||
args: | ||
warn: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." | ||
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml" | ||
when: "ansible_facts['distribution'] == 'Ubuntu'" | ||
- name: "Prepare {{ ansible_facts['distribution'] }} ansible_facts['os_family']." | ||
include_tasks: redhat.yml | ||
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" | ||
- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system." | ||
include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml" | ||
when: "ansible_facts['os_family'] == 'VMware Photon OS'" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
--- | ||
- name: "Configure SSH for Public Key Authentication." | ||
shell: | | ||
sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config | ||
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config | ||
args: | ||
warn: false | ||
- name: "Setting hostname to localhost." | ||
shell: | | ||
hostnamectl set-hostname localhost | ||
args: | ||
warn: false | ||
- name: "Disable IPv6." | ||
shell: | | ||
sudo echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf | ||
args: | ||
warn: false |
Oops, something went wrong.