96 lines
2.6 KiB
YAML
96 lines
2.6 KiB
YAML
# Copyright 2019 The Kubernetes Authors.
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
---
|
|
- name: Define file modes
|
|
set_fact:
|
|
last_log_mode: "0664"
|
|
machine_id_mode: "0644"
|
|
|
|
- name: apt-mark all installed packages
|
|
shell: dpkg-query -f '${binary:Package}\n' -W | xargs apt-mark hold
|
|
|
|
- name: Remove extra repos
|
|
file:
|
|
path: "/etc/apt/sources.list.d/{{ item | basename }}"
|
|
state: absent
|
|
loop: "{{ extra_repos.split() }}"
|
|
when: remove_extra_repos and extra_repos != ""
|
|
|
|
- name: Find disabled repo files
|
|
find:
|
|
depth: 1
|
|
paths:
|
|
- /etc/apt
|
|
- /etc/apt/sources.list.d
|
|
patterns: '*.list.disabled'
|
|
register: repo_files
|
|
when: disable_public_repos|default(false)|bool and reenable_public_repos|default(true)|bool
|
|
|
|
- name: Enable repos
|
|
command: "mv {{ item.path }} {{ item.path | regex_replace('.disabled') }}"
|
|
loop: "{{ repo_files.files }}"
|
|
when: disable_public_repos|default(false)|bool and reenable_public_repos|default(true)|bool
|
|
|
|
- name: Remove templated apt.conf.d/90proxy used for http(s)_proxy support
|
|
file:
|
|
path: etc/apt/apt.conf.d/90proxy
|
|
state: absent
|
|
when: http_proxy is defined or https_proxy is defined
|
|
|
|
- name: Stop auditing
|
|
service:
|
|
name: rsyslog
|
|
state: stopped
|
|
|
|
- name: Remove apt package caches
|
|
apt:
|
|
autoclean: yes
|
|
autoremove: yes
|
|
force_apt_get: yes
|
|
|
|
- name: Remove apt package lists
|
|
file:
|
|
state: "{{ item.state }}"
|
|
path: "{{ item.path }}"
|
|
owner: root
|
|
group: root
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- { path: /var/lib/apt/lists, state: absent, mode: "0755" }
|
|
- { path: /var/lib/apt/lists, state: directory, mode: "0755" }
|
|
|
|
- name: Disable apt-daily services
|
|
systemd:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
enabled: false
|
|
loop:
|
|
- apt-daily.timer
|
|
- apt-daily-upgrade.timer
|
|
|
|
- name: Get installed packages
|
|
package_facts:
|
|
|
|
- name: Disable unattended upgrades if installed
|
|
systemd:
|
|
name: unattended-upgrades
|
|
state: stopped
|
|
enabled: false
|
|
when: "'unattended-upgrades' in ansible_facts.packages"
|
|
|
|
- name: Reset network interface IDs
|
|
file:
|
|
state: absent
|
|
path: /etc/udev/rules.d/70-persistent-net.rules
|