Test dependencies

ansible/roles/providers/tasks/aws.yml

@@ -0,0 +1,74 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: upgrade pip to latest
+  pip:
+    name: pip
+    executable: pip3
+    state: latest
+
+- name: install aws clients
+  pip:
+    name: "{{ packages }}"
+    executable: pip3
+  vars:
+    packages:
+      - awscli
+  when: ansible_distribution != "Amazon"
+
+# Remove after https://github.com/aws/amazon-ssm-agent/issues/235 is fixed.
+- name: install aws agents RPM on Redhat distributions
+  package:
+    name: "{{ item }}"
+    state: present
+    disable_gpg_check: true
+  with_items:
+    - "{{ amazon_ssm_agent_rpm }}"
+  when:
+    - ansible_os_family == "RedHat"
+    - ansible_distribution != "Amazon"
+
+- name: install aws agents RPM
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - amazon-ssm-agent
+    - awscli
+  when: ansible_distribution == "Amazon"
+
+- name: Ensure ssm agent is running RPM
+  service:
+    name: amazon-ssm-agent
+    state: started
+    enabled: yes
+  when: ansible_os_family == "RedHat"
+
+- name: install aws agents Ubuntu
+  shell: snap install amazon-ssm-agent --classic
+  when: ansible_distribution == "Ubuntu"
+
+- name: Ensure ssm agent is running Ubuntu
+  service:
+    name: snap.amazon-ssm-agent.amazon-ssm-agent.service
+    state: started
+    enabled: yes
+  when: ansible_distribution == "Ubuntu"
+
+- name: Disable Hyper-V KVP protocol daemon on Ubuntu
+  systemd:
+    name: hv-kvp-daemon
+    state: stopped
+    enabled: false
+  when: ansible_os_family == "Debian"

ansible/roles/providers/tasks/azure.yml

@@ -0,0 +1,67 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- import_tasks: redhat.yml
+  when: ansible_os_family == "RedHat"
+
+- import_tasks: debian.yml
+  when: ansible_os_family == "Debian"
+
+- name: Configure PTP
+  lineinfile:
+    path: /etc/chrony/chrony.conf
+    create: yes
+    line: refclock PHC /dev/ptp0 poll 3 dpoll -2 offset 0
+
+- name: Ensure makestep parameter set as per Azure recommendation
+  lineinfile:
+    path: /etc/chrony/chrony.conf
+    regexp: '^makestep'
+    line: makestep 1.0 -1
+
+- name: Install iptables persistence
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+      - iptables-persistent
+  when: ansible_os_family == "Debian"
+
+- name: Block traffic to 168.63.129.16 port 80 for cve-2021-27075
+  copy:
+    src: files/etc/azure/iptables
+    dest: /etc/iptables/rules.v4
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_os_family == "Debian"
+
+- name: Load iptable rules from file
+  community.general.iptables_state:
+    state: restored
+    path: /etc/iptables/rules.v4
+  when: ansible_os_family == "Debian"
+
+- name: Install netbase and nfs-common
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+    - netbase
+    - nfs-common
+  when: ansible_os_family == "Debian"

ansible/roles/providers/tasks/cloudstack.yml

@@ -0,0 +1,39 @@
+# Copyright 2022 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Add CloudStack Datasource
+  copy:
+    dest: /etc/cloud/cloud.cfg.d/cloudstack.cfg
+    content: |-
+      datasource_list: ['CloudStack']
+      datasource:
+        CloudStack:
+          max_wait: 120
+          timeout: 50
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Run dracut cmd to regenerate initramfs with all drivers - needed when converting to different hypervisor templates
+  shell: dracut --force --no-hostonly
+  when: ansible_os_family == "RedHat"
+
+- name: Add draut cmd to regenerate initramfs with only necessary drivers on first boot
+  lineinfile:
+    state: present
+    path: /etc/cloud/cloud.cfg.d/cloudstack.cfg
+    line: |-
+      bootcmd:
+        - dracut --force
+  when: ansible_os_family == "RedHat"

ansible/roles/providers/tasks/debian.yml

@@ -0,0 +1,34 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: upgrade pip to latest
+  pip:
+    name: pip
+    executable: pip3
+    state: latest
+
+- name: upgrade pyOpenSSL and cryptography
+  pip:
+    name:
+      - pyOpenSSL==22.0.*
+      - cryptography==38.0.*
+    executable: pip3
+
+- name: install Azure clients
+  pip:
+    executable: pip3
+    name: "{{ packages }}"
+  vars:
+    packages:
+      - azure-cli

ansible/roles/providers/tasks/googlecompute.yml

@@ -0,0 +1,47 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Download gcloud SDK
+  get_url:
+    url:  https://sdk.cloud.google.com/
+    dest: /tmp/install-gcloud.sh
+    mode: 0700
+
+- name: Execute install-gcloud.sh
+  shell: bash -o errexit -o pipefail /tmp/install-gcloud.sh --disable-prompts --install-dir=/
+
+- name: Remove install-gcloud.sh
+  file:
+    path:  /tmp/install-gcloud.sh
+    state: absent
+
+- name: Find all files in /google-cloud-sdk/bin/
+  find:
+    paths: /google-cloud-sdk/bin/
+  register: find
+
+- name: Create symlinks to /bin
+  become: True
+  file:
+    src: "{{ item.path }}"
+    path: "/bin/{{ item.path | basename }}"
+    state: link
+  with_items: "{{ find.files }}"
+
+- name: Disable Hyper-V KVP protocol daemon on Ubuntu
+  systemd:
+    name: hv-kvp-daemon
+    state: stopped
+    enabled: false
+  when: ansible_os_family == "Debian"

ansible/roles/providers/tasks/main.yml

@@ -0,0 +1,120 @@
+# Copyright 2018 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- include_tasks: aws.yml
+  when: packer_builder_type.startswith('amazon')
+
+- include_tasks: azure.yml
+  when: packer_builder_type.startswith('azure')
+
+- include_tasks: outscale.yml
+  when: packer_builder_type.startswith('outscale')
+
+- include_tasks: vmware.yml
+  when: packer_builder_type is search('vmware') or
+    packer_builder_type is search('vsphere')
+
+- include_tasks: googlecompute.yml
+  when: packer_builder_type.startswith('googlecompute')
+
+- include_tasks: oci.yml
+  when: packer_builder_type.startswith('oracle-oci')
+
+- include_tasks: qemu.yml
+  when: packer_builder_type is search('qemu') and
+    build_target is not search('raw')
+
+- include_tasks: cloudstack.yml
+  when: packer_builder_type is search('qemu') and
+    provider is defined and
+    provider is search('cloudstack')
+
+- include_tasks: raw.yml
+  when: packer_builder_type is search('qemu') and
+    build_target is search('raw')
+
+- include_tasks: nutanix.yml
+  when: packer_builder_type is search('nutanix')
+
+# Create a boot order configuration
+# b/w containerd and cloud final, cloud config services
+
+- name: Creates unit file directory for cloud-final
+  file:
+    path: /etc/systemd/system/cloud-final.service.d
+    state: directory
+
+- name: Create cloud-final boot order drop in file
+  copy:
+    dest: /etc/systemd/system/cloud-final.service.d/boot-order.conf
+    src: etc/systemd/system/cloud-final.service.d/boot-order.conf
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Creates unit file directory for cloud-config
+  file:
+    path: /etc/systemd/system/cloud-config.service.d
+    state: directory
+
+- name: Create cloud-final boot order drop in file
+  copy:
+    dest: /etc/systemd/system/cloud-config.service.d/boot-order.conf
+    src: etc/systemd/system/cloud-config.service.d/boot-order.conf
+    owner: root
+    group: root
+    mode: "0755"
+
+# Some OS might disable cloud-final service on boot (rhel 7).
+# Enable all cloud-init services on boot.
+- name: Make sure all cloud init services are enabled
+  service:
+    name: "{{ item }}"
+    enabled: yes
+  with_items:
+    - cloud-final
+    - cloud-config
+    - cloud-init
+    - cloud-init-local
+  when: ansible_os_family != "Flatcar"
+
+- name: Create cloud-init config file
+  copy:
+    src: files/etc/cloud/cloud.cfg.d/05_logging.cfg
+    dest: /etc/cloud/cloud.cfg.d/05_logging.cfg
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_os_family != "Flatcar"
+
+- name: set cloudinit feature flags
+  copy:
+    src: usr/lib/python3/dist-packages/cloudinit/feature_overrides.py
+    dest: /usr/lib/python3/dist-packages/cloudinit/feature_overrides.py
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_os_family == "Debian"
+
+- name: Ensure chrony is running
+  systemd:
+    enabled: yes
+    state: started
+    daemon_reload: yes
+    name: chronyd
+  when: (packer_builder_type.startswith('amazon') or
+    packer_builder_type.startswith('azure') or
+    packer_builder_type is search('vmware') or
+    packer_builder_type is search('vsphere')) and
+    ansible_os_family != "Flatcar"

ansible/roles/providers/tasks/nutanix.yml

@@ -0,0 +1,76 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Install cloud-init packages
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+      - cloud-init
+      - cloud-guest-utils
+      - cloud-initramfs-copymods
+      - cloud-initramfs-dyn-netconf
+  when: ansible_os_family == "Debian"
+
+- name: Install cloud-init packages
+  yum:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+      - cloud-init
+      - cloud-utils-growpart
+  when: ansible_os_family == "RedHat"
+
+- name: Install CSI prerequisites on Ubuntu
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+      - nfs-common
+      - open-iscsi
+      - lvm2
+      - xfsprogs
+  when: ansible_os_family == "Debian"
+
+- name: Install CSI prerequisites on RedHat
+  yum:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+      - iscsi-initiator-utils
+      - nfs-utils
+      - lvm2
+      - xfsprogs
+  when: ansible_os_family == "RedHat"
+
+- name: Enable iSCSI initiator daemon on Ubuntu or RedHat
+  systemd:
+    name: iscsid
+    state: started
+    enabled: true
+  when: ansible_os_family == "Debian" or
+    ansible_os_family == "RedHat"
+
+- name: Disable Hyper-V KVP protocol daemon on Ubuntu
+  systemd:
+    name: hv-kvp-daemon
+    state: stopped
+    enabled: false
+  when: ansible_os_family == "Debian"

ansible/roles/providers/tasks/oci.yml

@@ -0,0 +1,34 @@
+# Copyright 2021 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Remove the default input reject all iptable rule
+  lineinfile:
+    path: /etc/iptables/rules.v4
+    state: absent
+    regexp: "-A INPUT -j REJECT --reject-with icmp-host-prohibited"
+  when: ansible_distribution == "Ubuntu"
+
+- name: Remove the default input reject all iptable rule
+  lineinfile:
+    path: /etc/iptables/rules.v4
+    state: absent
+    regexp: "-A FORWARD -j REJECT --reject-with icmp-host-prohibited"
+  when: ansible_distribution == "Ubuntu"
+
+- name: Disable firewalld service
+  systemd:
+    name: firewalld
+    state: stopped
+    enabled: false
+  when: ansible_distribution == "OracleLinux"

ansible/roles/providers/tasks/outscale.yml

@@ -0,0 +1,24 @@
+- name: Download cloud-int outscale package for Ubuntu
+  copy:
+    src: files/tmp/cloud-init_22.2-outscale.deb
+    dest: /tmp/cloud-init_22.2-outscale.deb
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_distribution == "Ubuntu"
+
+- name: Install cloud-init outscale package
+  apt:
+    deb: /tmp/cloud-init_22.2-outscale.deb
+    force: True
+    force_apt_get: True
+  when: ansible_distribution == "Ubuntu"
+
+- name: Change cloud-init metadata outscale config in Ubuntu
+  copy:
+    src: files/etc/cloud/cloud.cfg.d/99_metadata.cfg 
+    dest: /etc/cloud/cloud.cfg.d/99_metadata.cfg 
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_distribution == "Ubuntu"

ansible/roles/providers/tasks/qemu.yml

@@ -0,0 +1,49 @@
+# Copyright 2020 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Install cloud-init packages
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+    - cloud-init
+    - cloud-guest-utils
+    - cloud-initramfs-copymods
+    - cloud-initramfs-dyn-netconf
+  when: ansible_os_family == "Debian"
+
+- name: Install cloud-init packages
+  yum:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+    - cloud-init
+    - cloud-utils-growpart
+  when: ansible_os_family == "RedHat"
+
+#- name: Unlock password
+#  replace:
+#    path: /etc/cloud/cloud.cfg
+#    regexp: '(?i)lock_passwd: True'
+#    replace: 'lock_passwd: False'
+
+- name: Disable Hyper-V KVP protocol daemon on Ubuntu
+  systemd:
+    name: hv-kvp-daemon
+    state: stopped
+    enabled: false
+  when: ansible_os_family == "Debian"

ansible/roles/providers/tasks/raw.yml

@@ -0,0 +1,57 @@
+# Copyright 2021 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Install cloud-init packages
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+    - cloud-init
+    - cloud-guest-utils
+    - cloud-initramfs-copymods
+    - cloud-initramfs-dyn-netconf
+  when: ansible_os_family == "Debian"
+
+- name: Install cloud-init packages
+  yum:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+    - cloud-init
+    - cloud-utils-growpart
+  when: ansible_os_family == "RedHat"
+
+#- name: Unlock password
+#  replace:
+#    path: /etc/cloud/cloud.cfg
+#    regexp: '(?i)lock_passwd: True'
+#    replace: 'lock_passwd: False'
+
+- name: Symlink /usr/libexec/cloud-init to /usr/lib/cloud-init
+  file:
+    src:   /usr/libexec/cloud-init
+    dest:  /usr/lib/cloud-init
+    mode: 0777
+    state: link
+  when: ansible_os_family == "RedHat"
+
+- name: Disable Hyper-V KVP protocol daemon on Ubuntu
+  systemd:
+    name: hv-kvp-daemon
+    state: stopped
+    enabled: false
+  when: ansible_os_family == "Debian"

ansible/roles/providers/tasks/redhat.yml

@@ -0,0 +1,30 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: import the Microsoft repository key
+  command: rpm --import https://packages.microsoft.com/keys/microsoft.asc
+
+- name: Add the yum repository for the azure cli
+  yum_repository:
+    name: azure_cli
+    description: Azure CLI
+    baseurl: https://packages.microsoft.com/yumrepos/azure-cli
+    gpgkey: https://packages.microsoft.com/keys/microsoft.asc
+    gpgcheck: yes
+    enabled: yes
+
+- name: install Azure CLI
+  package:
+    name: azure-cli
+    state: present

ansible/roles/providers/tasks/vmware-photon.yml

@@ -0,0 +1,79 @@
+# Copyright 2021 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Install cloud-init and tools for VMware Photon OS
+  command: tdnf install {{ packages }} -y
+  vars:
+    packages: "cloud-init cloud-utils python3-netifaces"
+
+- name: Remove cloud-init /etc/cloud/cloud.cfg.d/99-disable-networking-config.cfg
+  file:
+    path: /etc/cloud/cloud.cfg.d/99-disable-networking-config.cfg
+    state: absent
+
+- name: Install networkd-dispatcher service (Download from source)
+  unarchive:
+    src: "{{ networkd_dispatcher_download_url }}"
+    dest: /tmp
+    remote_src: yes
+
+- name: Create needed directories
+  file:
+    path: "{{ item.dir }}"
+    state: directory
+  loop:
+    - { dir: /etc/conf.d }
+    - { dir: /etc/networkd-dispatcher/carrier.d }
+    - { dir: /etc/networkd-dispatcher/configured.d }
+    - { dir: /etc/networkd-dispatcher/configuring.d }
+    - { dir: /etc/networkd-dispatcher/degraded.d }
+    - { dir: /etc/networkd-dispatcher/dormant.d }
+    - { dir: /etc/networkd-dispatcher/no-carrier.d }
+    - { dir: /etc/networkd-dispatcher/off.d }
+    - { dir: /etc/networkd-dispatcher/routable.d }
+
+- name: Install networkd-dispatcher service (Move files)
+  command: mv "{{ item.src }}" "{{ item.dest }}"
+  loop:
+    - { src: /tmp/networkd-dispatcher-2.1/networkd-dispatcher, dest: /usr/bin }
+    - { src: /tmp/networkd-dispatcher-2.1/networkd-dispatcher.service, dest: /etc/systemd/system }
+    - { src: /tmp/networkd-dispatcher-2.1/networkd-dispatcher.conf, dest: /etc/conf.d }
+
+- name: Install networkd-dispatcher service (Run networkd-dispatcher)
+  systemd:
+    name: networkd-dispatcher
+    state: started
+    enabled: yes
+
+- name: Copy networkd-dispatcher scripts to add DHCP provided NTP servers
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: a+x
+  vars:
+    server_dir: "/var/lib/dhclient"
+    chrony_helper_dir: "/usr/libexec"
+  loop:
+    - { src: files/etc/networkd-dispatcher/routable.d/20-chrony.j2, dest: /etc/networkd-dispatcher/routable.d/20-chrony }
+    - { src: files/etc/networkd-dispatcher/off.d/20-chrony.j2, dest: /etc/networkd-dispatcher/off.d/20-chrony }
+    - { src: files/etc/networkd-dispatcher/no-carrier.d/20-chrony.j2, dest: /etc/networkd-dispatcher/no-carrier.d/20-chrony }
+
+- name: Copy chrony-helper script
+  copy:
+    src: files/usr/libexec/chrony-helper
+    dest: /usr/libexec/chrony-helper
+    owner: root
+    group: root
+    mode: a+x

ansible/roles/providers/tasks/vmware-redhat.yml

@@ -0,0 +1,51 @@
+# Copyright 2022 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Install cloud-init packages
+  yum:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+    - cloud-init
+    - cloud-utils-growpart
+    - python2-pip
+
+# pip on CentOS needs to be upgraded, but since it's still
+# Python 2.7, need < 21.0
+- name: Upgrade pip
+  pip:
+    name: pip<21.0
+    state: forcereinstall
+  when: ansible_distribution_major_version == '7'
+
+# Directly installing Guestinfo datasource is needed so long as
+# cloud-init is < 21.3
+- name: Download cloud-init datasource for VMware Guestinfo
+  get_url:
+    url:  '{{ guestinfo_datasource_script }}'
+    dest: /tmp/cloud-init-vmware.sh
+    mode: 0700
+
+- name: Execute cloud-init-vmware.sh
+  shell: bash -o errexit -o pipefail /tmp/cloud-init-vmware.sh
+  environment:
+    REPO_SLUG: '{{ guestinfo_datasource_slug }}'
+    GIT_REF:   '{{ guestinfo_datasource_ref }}'
+
+- name: Remove cloud-init-vmware.sh
+  file:
+    path:  /tmp/cloud-init-vmware.sh
+    state: absent

ansible/roles/providers/tasks/vmware-ubuntu.yml

@@ -0,0 +1,45 @@
+# Copyright 2021 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+- name: Install cloud-init packages
+  apt:
+    name: "{{ packages }}"
+    state: present
+    force_apt_get: yes
+  vars:
+    packages:
+    - cloud-init
+    - cloud-guest-utils
+    - cloud-initramfs-copymods
+    - cloud-initramfs-dyn-netconf
+
+- name: Disable Hyper-V KVP protocol daemon on Ubuntu
+  systemd:
+    name: hv-kvp-daemon
+    state: stopped
+    enabled: false
+
+- name: Copy networkd-dispatcher scripts to add DHCP provided NTP servers
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: a+x
+  vars:
+    server_dir: "/var/lib/dhcp"
+    chrony_helper_dir: "/usr/lib/chrony"
+  loop:
+    - { src: files/etc/networkd-dispatcher/routable.d/20-chrony.j2, dest: /etc/networkd-dispatcher/routable.d/20-chrony }
+    - { src: files/etc/networkd-dispatcher/off.d/20-chrony.j2, dest: /etc/networkd-dispatcher/off.d/20-chrony }
+    - { src: files/etc/networkd-dispatcher/no-carrier.d/20-chrony.j2, dest: /etc/networkd-dispatcher/no-carrier.d/20-chrony }

ansible/roles/providers/tasks/vmware.yml

@@ -0,0 +1,57 @@
+# Copyright 2019 The Kubernetes Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- include_tasks: vmware-photon.yml
+  when: ansible_os_family == "VMware Photon OS"
+
+- include_tasks: vmware-ubuntu.yml
+  when: ansible_os_family == "Debian"
+
+- include_tasks: vmware-redhat.yml
+  when: ansible_os_family == "RedHat"
+
+- name: Create provider vmtools config drop-in file
+  copy:
+    src: files/etc/vmware-tools/tools.conf
+    dest: /etc/vmware-tools/tools.conf
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_os_family != "Flatcar"
+
+- name: Create service to modify cloud-init config
+  copy:
+    src: files/etc/systemd/system/modify-cloud-init-cfg.service
+    dest: /etc/systemd/system/modify-cloud-init-cfg.service
+    owner: root
+    group: root
+    mode: 0644
+  when: ansible_os_family != "Flatcar"
+
+- name: Copy cloud-init modification script
+  copy:
+    src: files/usr/local/bin/modify-cloud-init-cfg.sh
+    dest: /usr/local/bin/modify-cloud-init-cfg.sh
+    owner: root
+    group: root
+    mode: 0755
+  when: ansible_os_family != "Flatcar"
+
+- name: Enable modify-cloud-init-cfg.service
+  systemd:
+    name: modify-cloud-init-cfg.service
+    daemon_reload: yes
+    enabled: True
+    state: stopped
+  when: ansible_os_family != "Flatcar"