This commit is contained in:
95
ansible/roles/sysprep/tasks/debian.yml
Normal file
95
ansible/roles/sysprep/tasks/debian.yml
Normal file
@ -0,0 +1,95 @@
|
||||
# Copyright 2019 The Kubernetes Authors.
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
- name: Define file modes
|
||||
set_fact:
|
||||
last_log_mode: "0664"
|
||||
machine_id_mode: "0644"
|
||||
|
||||
- name: apt-mark all installed packages
|
||||
shell: dpkg-query -f '${binary:Package}\n' -W | xargs apt-mark hold
|
||||
|
||||
- name: Remove extra repos
|
||||
file:
|
||||
path: "/etc/apt/sources.list.d/{{ item | basename }}"
|
||||
state: absent
|
||||
loop: "{{ extra_repos.split() }}"
|
||||
when: remove_extra_repos and extra_repos != ""
|
||||
|
||||
- name: Find disabled repo files
|
||||
find:
|
||||
depth: 1
|
||||
paths:
|
||||
- /etc/apt
|
||||
- /etc/apt/sources.list.d
|
||||
patterns: '*.list.disabled'
|
||||
register: repo_files
|
||||
when: disable_public_repos|default(false)|bool and reenable_public_repos|default(true)|bool
|
||||
|
||||
- name: Enable repos
|
||||
command: "mv {{ item.path }} {{ item.path | regex_replace('.disabled') }}"
|
||||
loop: "{{ repo_files.files }}"
|
||||
when: disable_public_repos|default(false)|bool and reenable_public_repos|default(true)|bool
|
||||
|
||||
- name: Remove templated apt.conf.d/90proxy used for http(s)_proxy support
|
||||
file:
|
||||
path: etc/apt/apt.conf.d/90proxy
|
||||
state: absent
|
||||
when: http_proxy is defined or https_proxy is defined
|
||||
|
||||
- name: Stop auditing
|
||||
service:
|
||||
name: rsyslog
|
||||
state: stopped
|
||||
|
||||
- name: Remove apt package caches
|
||||
apt:
|
||||
autoclean: yes
|
||||
autoremove: yes
|
||||
force_apt_get: yes
|
||||
|
||||
- name: Remove apt package lists
|
||||
file:
|
||||
state: "{{ item.state }}"
|
||||
path: "{{ item.path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "{{ item.mode }}"
|
||||
loop:
|
||||
- { path: /var/lib/apt/lists, state: absent, mode: "0755" }
|
||||
- { path: /var/lib/apt/lists, state: directory, mode: "0755" }
|
||||
|
||||
- name: Disable apt-daily services
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
state: stopped
|
||||
enabled: false
|
||||
loop:
|
||||
- apt-daily.timer
|
||||
- apt-daily-upgrade.timer
|
||||
|
||||
- name: Get installed packages
|
||||
package_facts:
|
||||
|
||||
- name: Disable unattended upgrades if installed
|
||||
systemd:
|
||||
name: unattended-upgrades
|
||||
state: stopped
|
||||
enabled: false
|
||||
when: "'unattended-upgrades' in ansible_facts.packages"
|
||||
|
||||
- name: Reset network interface IDs
|
||||
file:
|
||||
state: absent
|
||||
path: /etc/udev/rules.d/70-persistent-net.rules
|
||||
Reference in New Issue
Block a user