Add playbooks to role os-linux-prep-default

ansible/roles/clean-templ-pole/defaults/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/clean-templ-pole/handlers/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/clean-templ-pole/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Ping
+  import_tasks: ping.yml
+
+

ansible/roles/clean-templ-pole/tasks/ping.yml

@@ -0,0 +1,4 @@
+---
+
+- name: ping
+  ping:

ansible/roles/clean-templ-pole/vars/main.yml

@@ -0,0 +1,2 @@
+---
+

ansible/roles/os-linux-prep-default/defaults/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/os-linux-prep-default/files/first_start.sh

@@ -0,0 +1,84 @@
+#!/bin/bash
+
+echo "First start VM"
+echo "Resize root partition..."
+parted /dev/sda resizepart 2 100%
+pvresize /dev/sda2
+lvextend -y -f -l +100%FREE /dev/vg01/root
+resize2fs /dev/vg01/root
+
+echo "Generete new machine-id"
+rm /etc/machine-id
+systemd-machine-id-setup
+echo "Clean all logs"
+find /var/log -type f,l | xargs rm -f
+
+echo "Recreate new SSHd keys"
+rm -f /etc/ssh/ssh_host_*
+dpkg-reconfigure openssh-server --force -f noninteractive
+
+echo "Make right /etc/network/interfaces"
+if [ -z "$(cat /etc/network/interfaces | grep "inet dhcp")" ]; then
+    # No DHCP
+    iface=$(cat /etc/network/interfaces | grep "iface" | sed '/loopback/d' | awk '{print $2}')
+    ip_add=$(cat /etc/network/interfaces | grep "address" | awk '{print $2}')
+    ip_netm=$(cat /etc/network/interfaces | grep "netmask" | awk '{print $2}')
+    ip_gw=$(cat /etc/network/interfaces | grep "gateway" | awk '{print $2}')
+    echo "
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto $iface
+allow-hotplug $iface
+iface $iface inet static
+        address $ip_add
+        netmask $ip_netm
+        gateway $ip_gw
+" > /etc/network/interfaces
+
+echo "Create hostname and hosts"
+ipaddr=$(ip a | grep "scope global" | awk '{print $2}' | sed -r 's/\/.+//')
+host_name=$(hostname -f)
+host_shot_name=$(hostname -s)
+
+echo $host_name > /etc/hostname
+echo "127.0.0.1		localhost" > /etc/hosts
+echo "$ipaddr		$host_name		$host_shot_name" >> /etc/hosts
+
+else
+    # Yes DHCP
+    iface=$(cat /etc/network/interfaces | grep "iface" | sed '/loopback/d' | awk '{print $2}')
+
+    echo "
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto $iface
+allow-hotplug $iface
+iface $iface inet dhcp
+" > /etc/network/interfaces
+
+fi
+rm -f /etc/network/*.BeforeVMwareCustomization
+
+sed '/^\/root\/first_start.sh &/d' -i /etc/rc.local
+
+rm /root/first_start.sh
+
+sleep 5
+
+reboot

ansible/roles/os-linux-prep-default/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+
+- name: Update config grub on Debian like
+  shell: "update-grub"
+  when: ansible_os_family == "Debian"
+
+- name: Reboot the server from shell
+  shell: 'shutdown -r now "Reboot the server by Ansible"'
+#  ignore_errors: true
+  async: 30
+  poll: 0

ansible/roles/os-linux-prep-default/tasks/add-users-admins.yml

@@ -0,0 +1,60 @@
+---
+
+- include_vars: vars/os-creds-admins.yml
+
+- name: Set host facts group for use sudo
+  set_fact: os_group_for_sudo="sudo"
+  when: ansible_os_family == "Debian"
+
+- name: Set host facts group for use sudo
+  set_fact: os_group_for_sudo="wheel"
+  when: ansible_os_family == "RedHat"
+
+- name: Change default for add user create params perm 755 to 700 (Debian)
+  block:
+    - name: Edit options in /etc/adduser.conf
+      lineinfile:
+        path: /etc/adduser.conf
+        line: "{{ item }}"
+      loop:
+        - DIR_MODE=0700
+        - SYS_DIR_MODE=0700
+      when: ansible_os_family == "Debian"
+    - name: Edit options in /etc/login.defs
+      lineinfile:
+        path: /etc/login.defs
+        line: "{{ item }}"
+      loop:
+        - HOME_MODE 0700
+  when: ansible_os_family == "Debian"
+
+- name: Add admins users
+  user:
+    name: "{{ item.username }}"
+    shell: /bin/bash
+    groups: "{{ os_group_for_sudo }}"
+    password: "{{ item.password }}"
+    comment: "{{ item.comment }}"
+    append: yes
+  loop: "{{ os_creds_sysadmins }}"
+  no_log: true
+
+- name: Add SSH keys for admins users
+  authorized_key:
+    user:  "{{ item.username }}"
+    state: present
+    key: "{{ item.ssh_key }}"
+  loop: "{{ os_creds_sysadmins }}"
+  no_log: true
+
+- name: Add admins users to /etc/sudoers.d/
+  copy:
+    dest: "/etc/sudoers.d/{{ item.username }}"
+    content: |
+      {{ item.username }} ALL=(ALL) NOPASSWD:ALL
+
+    owner: root
+    group: root
+    mode: '0444'
+  loop: "{{ os_creds_sysadmins }}"
+  no_log: true

ansible/roles/os-linux-prep-default/tasks/ipv6-disable.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Disable IPv6
+  block:
+  - name: Add to /etc/default/grub option ipv6.disable=1
+    ansible.builtin.lineinfile:
+      path: /etc/default/grub
+      regexp: '^GRUB_CMDLINE_LINUX="'
+      line: GRUB_CMDLINE_LINUX="ipv6.disable=1"
+    notify:
+      - Update config grub on Debian like
+  when: ansible_os_family == "Debian"

ansible/roles/os-linux-prep-default/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+#- name: Ping
+#  import_tasks: ping.yml
+
+- name: Upload sctipts for first starting system
+  import_tasks: scripts-first-start.yml
+
+- name: IPv6 disable
+  import_tasks: ipv6-disable.yml
+
+- name: Add admins users
+  import_tasks: add-users-admins.yml
+
+- name: Install basic pkg
+  import_tasks: pkg-install.yml

ansible/roles/os-linux-prep-default/tasks/ping.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Prepare default config for OS type of Debian
+  block:
+    - name: Debug
+      debug:
+        msg: '{{ role_path }}'
+  when: ansible_os_family == "Debian"

ansible/roles/os-linux-prep-default/tasks/pkg-install.yml

@@ -0,0 +1,14 @@
+---
+
+- include_vars: os-pkg-list.yml
+
+- name: Install from list of packages for Debian
+  block:
+  - name: Install from list of packages for Debian
+    apt:
+      state: latest
+      pkg: "{{ debian_install_pkg_list }}"
+  - name: Run "apt-get clean"
+    apt:
+      clean: yes
+  when: ansible_distribution == "Debian"

ansible/roles/os-linux-prep-default/tasks/scripts-first-start.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Prepare scripts for custom VMs (First start)
+  block:
+  - name: Copy files to remote system
+    ansible.builtin.copy:
+      src: files/first_start.sh
+      dest: /root/first_start.sh
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Edit /etc/rc.local
+    ansible.builtin.lineinfile:
+      path: /etc/rc.local
+      regexp: '^(exit 0.*)$'
+      line: |
+        /root/first_start.sh &
+        $(sleep 2; chmod 755 /root/first_start.sh |  sed '/chmod 755 \/root\/first_start.sh/d' -i /etc/rc.local) &
+        exit 0
+
+  when: ansible_os_family == "Debian"

ansible/roles/os-linux-prep-default/vars/main.yml

@@ -0,0 +1,2 @@
+---
+

ansible/roles/os-linux-prep-default/vars/os-creds-admins.yml

@@ -0,0 +1,4 @@
+---
+
+os_creds_sysadmins:
+  - { username: "user", password: "*", comment: "mr. User", ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC21HOAhC6o25M1oKxKsZxIoxUUeIpb4oqtAdPRNGU4PhJL1g1Cnro+YeF36YnvTKHRzDxS211y/zZBkt7BxOM7qj6dTQSH23jRwGLyfcYv7VyrK1YoxUAXumOJYnhfjVhXoznKnY9++GO9a/1gxQCzjGFMoxAQxFiBMbR/3Ic92ix2SM5aftXl1Mvu3mv45iZimyVIOH5cXdC0XtDSC7EEsdp1Ex6H/GfYabS+cJ55Uyct3orVBSf1LYFLaBNpIx7evXe+bXl81pvW8k/JhYTizoYNEA9rCi+1zaLQMb5LviHM3QqiYjkJbdt2Bd6TVmAfXrJKkj5XXnaMcDqXg8VUKqBenWOSugwagjYYjPRN/pyOeucL+pW1+iv8rAsVxn/0/eliNMn4rExN+Bj6kOmmdrsfqfierffW4DGDJtZlZhfXeZTX8XhdwMt7QUsUdK/Mr14uaEGjhWywX7uqSTnySV1mG4f6vJOyJksZKNSDzK8zH4k3u3onBFbut6NRG+cW4DaScmDbxAkUyurpesPlQkZzcKit6LLscJWZqCrd09zUvHuktnLuhlcicPQPD0B3VhbqVjTvjTDqZX8ZdxrHaRFwfKtv+gqo5Xb2ziS9MxsslxrSe9Ss4w4XkfbZ3BMnyfJWgxHuuyp4Y9gVRE4pFmsoR3v1zpTTHzMGKJKXWw== user@user" }

ansible/roles/os-linux-prep-default/vars/os-pkg-list.yml

@@ -0,0 +1,45 @@
+---
+
+debian_install_pkg_list:
+  - net-tools
+  - mc
+  - htop
+  - bash-completion
+  - iotop
+  - iftop
+  - bwm-ng
+  - sysstat
+  - iptraf-ng
+  - iperf3
+  - tcpdump
+  - scsitools
+  - lsscsi
+  - kpartx
+  - toilet
+  - figlet
+  - git
+  - apt-transport-https
+  - sysfsutils
+  - curl
+  - gpg
+  - secure-delete
+  - dnsutils
+  - rpm2cpio
+  - dos2unix
+  - telnet
+  - rsync
+  - sudo
+  - whois
+  - pv
+  - lsof
+  - tmux
+  - hping3
+  - nload
+  - parted
+  - netcat-openbsd
+  - wget
+  - ftp
+  - vim
+  - rsyslog
+  - iptables
+  - man