ClusterAPI.imageBuilder/ansible/roles/sysprep/tasks/debian.yml

108 lines
3.0 KiB
YAML

# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Define file modes
set_fact:
last_log_mode: "0664"
machine_id_mode: "0644"
- name: apt-mark all installed packages
shell: dpkg-query -f '${binary:Package}\n' -W | xargs apt-mark hold
- name: Remove extra repos
file:
path: "/etc/apt/sources.list.d/{{ item | basename }}"
state: absent
loop: "{{ extra_repos.split() }}"
when: remove_extra_repos and extra_repos != ""
- name: Find disabled repo files
find:
depth: 1
paths:
- /etc/apt
- /etc/apt/sources.list.d
patterns: '*.list.disabled'
register: repo_files
when: disable_public_repos|default(false)|bool and reenable_public_repos|default(true)|bool
- name: Enable repos
command: "mv {{ item.path }} {{ item.path | regex_replace('.disabled') }}"
loop: "{{ repo_files.files }}"
when: disable_public_repos|default(false)|bool and reenable_public_repos|default(true)|bool
- name: Remove templated apt.conf.d/90proxy used for http(s)_proxy support
file:
path: etc/apt/apt.conf.d/90proxy
state: absent
when: http_proxy is defined or https_proxy is defined
- name: Stop auditing
service:
name: rsyslog
state: stopped
- name: Remove apt package caches
apt:
autoclean: yes
autoremove: yes
force_apt_get: yes
- name: Remove apt package lists
file:
state: "{{ item.state }}"
path: "{{ item.path }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- { path: /var/lib/apt/lists, state: absent, mode: "0755" }
- { path: /var/lib/apt/lists, state: directory, mode: "0755" }
- name: Disable apt-daily services
systemd:
name: "{{ item }}"
state: stopped
enabled: false
loop:
- apt-daily.timer
- apt-daily-upgrade.timer
- name: Get installed packages
package_facts:
- name: Disable unattended upgrades if installed
systemd:
name: unattended-upgrades
state: stopped
enabled: false
when: "'unattended-upgrades' in ansible_facts.packages"
- name: Reset network interface IDs
file:
state: absent
path: /etc/udev/rules.d/70-persistent-net.rules
- name: Remove subiquity disable cloud-init networking config
file:
path: /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
state: absent
when: ansible_distribution_version is version('22.04', '>=')
- name: Remove 99-installer.cfg which sets the cloud-init datasource to None
file:
path: /etc/cloud/cloud.cfg.d/99-installer.cfg
state: absent
when: ansible_distribution_version is version('22.04', '>=')