djpbessems/ClusterAPI.imageBuilder
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
fce6d2c2a8
ClusterAPI.imageBuilder/ansible/roles/sysprep/tasks/main.yml
Danny Bessems f2b0a5e7c7
Some checks failed
continuous-integration/drone Build is failing
Details
Test dependencies
2023-02-22 21:24:42 +01:00

235 lines
6.1 KiB
YAML
Raw Blame History

# Copyright 2019 The Kubernetes Authors.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- import_tasks: debian.yml
when: ansible_os_family == "Debian"
- import_tasks: flatcar.yml
when: ansible_os_family == "Flatcar"
- import_tasks: redhat.yml
when: ansible_os_family == "RedHat"
- import_tasks: photon.yml
when: ansible_os_family == "VMware Photon OS"
- name: Remove containerd http proxy conf file if needed
file:
path: /etc/systemd/system/containerd.service.d/http-proxy.conf
state: absent
when: http_proxy is defined or https_proxy is defined
- name: Remove pip conf file if needed
file:
path: /etc/pip.conf
state: absent
when: remove_extra_repos and pip_conf_file != ""
- name: Truncate machine id
file:
state: "{{ item.state }}"
path: "{{ item.path }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- { path: /etc/machine-id, state: absent, mode: "{{ machine_id_mode }}" }
- { path: /etc/machine-id, state: touch, mode: "{{ machine_id_mode }}" }
when: ansible_os_family != "Flatcar"
- name: Truncate hostname file
file:
state: "{{ item.state }}"
path: "{{ item.path }}"
owner: root
group: root
mode: "{{ item.mode }}"
loop:
- { path: /etc/hostname, state: absent, mode: "0644" }
- { path: /etc/hostname, state: touch, mode: "0644" }
- name: Set hostname
hostname:
name: localhost.local
when: ansible_os_family != "VMware Photon OS" and ansible_os_family != "Flatcar" and packer_build_name != "nutanix"
- name: Reset hosts file
copy:
src: files/etc/hosts
dest: /etc/hosts
owner: root
group: root
mode: "0644"
- name: Truncate audit logs
file:
state: "{{ item.state }}"
path: "{{ item.path }}"
owner: root
group: utmp
mode: "{{ item.mode }}"
loop:
- { path: /var/log/wtmp, state: absent, mode: "0664" }
- { path: /var/log/lastlog, state: absent, mode: "{{ last_log_mode }}" }
- { path: /var/log/wtmp, state: touch, mode: "0664" }
- { path: /var/log/lastlog, state: touch, mode: "{{ last_log_mode }}" }
- name: Remove cloud-init lib dir and logs
file:
state: absent
path: "{{ item }}"
loop:
- /var/lib/cloud
- /var/log/cloud-init.log
- /var/log/cloud-init-output.log
- /var/run/cloud-init
# A shallow search in /tmp and /var/tmp is used to declare which files or
# directories will be removed as part of resetting temp space. The reason
# a state absent->directory task isn't used is because Ansible's own data
# directory on the remote host(s) is /tmp/.ansible. Thus, by removing /tmp,
# Ansible can no longer access the remote host.
- name: Find temp files
find:
depth: 1
file_type: any
paths:
- /tmp
- /var/tmp
pattern: '*'
register: temp_files
- name: Reset temp space
file:
state: absent
path: "{{ item.path }}"
loop: "{{ temp_files.files }}"
- name: Find netplan files
find:
depth: 1
file_type: any
paths:
- /lib/netplan
- /etc/netplan
- /run/netplan
pattern: '*.yaml'
register: netplan_files
- name: Delete netplan files
file:
state: absent
path: "{{ item.path }}"
loop: "{{ netplan_files.files }}"
when: netplan_files.files is defined and (netplan_files.files|length>0)
- name: Create netplan for KubeVirt
vars:
kubevirt: "{{ lookup('env', 'KUBEVIRT') }}"
copy:
src: files/etc/netplan/51-kubevirt-netplan.yaml
dest: /etc/netplan/51-kubevirt-netplan.yaml
mode: "0644"
when: ansible_os_family == "Debian" and kubevirt == "true"
- name: Find SSH host keys
find:
path: /etc/ssh
pattern: 'ssh_host_*'
register: ssh_host_keys
- name: Remove SSH host keys
file:
state: absent
path: "{{ item.path }}"
loop: "{{ ssh_host_keys.files }}"
- name: Remove SSH authorized users
file:
state: absent
path: "{{ item.path }}"
loop:
- { path: /root/.ssh/authorized_keys }
- { path: "/home/{{ ansible_env.SUDO_USER | default(ansible_user_id) }}/.ssh/authorized_keys" }
when: ansible_os_family != "Flatcar"
- name: Remove SSH authorized users for Flatcar
file:
state: absent
path: "{{ item.path }}"
loop:
- { path: /root/.ssh/authorized_keys }
when: ansible_os_family == "Flatcar"
- name: Truncate all remaining log files in /var/log
shell:
cmd: |
find /var/log -type f -iname '*.log' | xargs truncate -s 0
when: ansible_os_family != "Flatcar"
- name: Delete all logrotated log zips
shell:
cmd: |
find /var/log -type f -name '*.gz' -exec rm {} +
when: ansible_os_family != "Flatcar"
- name: Remove swapfile
file:
state: "{{ item.state }}"
path: "{{ item.path }}"
loop:
- { path: /swapfile, state: absent }
- { path: /mnt/resource/swapfile, state: absent }
when: ansible_memory_mb.swap.total != 0
- name: Truncate shell history
file:
state: absent
path: "{{ item.path }}"
loop:
- { path: /root/.bash_history }
- { path: "/home/{{ ansible_env.SUDO_USER | default(ansible_user_id) }}/.bash_history" }
- name: Rotate journalctl to archive logs
shell:
cmd: |
journalctl --rotate
when: not ( ansible_os_family == "RedHat" and ansible_distribution_major_version|int <= 7 )
- name: Remove archived journalctl logs
shell:
cmd: |
journalctl -m --vacuum-time=1s
- name: Ensure ignition runs on next boot
file:
state: touch
path: /boot/flatcar/first_boot
owner: root
group: root
when: ansible_os_family == "Flatcar"
- name: Remove any default Ignition files used by Packer
file:
state: absent
path: /usr/share/oem/config.ign
when: ansible_os_family == "Flatcar"
- name: start ssh
systemd:
name: ssh
enabled: yes
when: ansible_os_family == "Debian"
View Git Blame Copy Permalink