dfritz/playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
playbooks/lxc/playbook-base-lxc.yaml

182 lines
5.3 KiB
YAML
Raw Normal View History

inital commit of LXC base image creation
2025-01-01 17:02:38 -06:00
---
- name: Create Fritzlab Base LXC Container
hosts:
- "host201"
become: true
vars:
debian_os: "debian"
debian_version: "bookworm"
lxc_name: "fritzlab-base"
lxc_image_artifact_name: "{{ lxc_name }}-{{ timestamp }}.tar.gz"
lxc_base_dir: "/var/lib/lxc"
lxc_template_dir: "/var/lib/vz/template/cache"
working_lxc_dir: "{{ lxc_base_dir }}/{{ lxc_name }}"
working_rootfs_dir: "{{ working_lxc_dir }}/rootfs"
working_chroot: "chroot {{ working_rootfs_dir }}"
lxc_unnecessary_units:
- nftables.service
- systemd-logind.service
- systemd-sysusers.service
- systemd-tmpfiles-setup-dev.service
- systemd-tmpfiles-setup.service
- postfix.service
- iperf3.service
- sys-kernel-config.mount
- sys-kernel-debug.mount
debian_apt_packages:
- openssh-server
- htop
- nano
- wget
- curl
- iperf3
- tree
- tmux
- dnsutils
- iftop
- net-tools
tasks:
# Set the timestamp to ensure it is the same across all tasks
- name: Generate static timestamp
set_fact:
timestamp: "{{ '%Y%m%d-%H%M%S' | strftime }}"
#- name: Update apt repos
# apt:
# update_cache: yes
#- name: Ensure required packages are installed
# apt:
# state: present
# name:
# - debootstrap
# - tar
- name: Check if LXC container directory exists on host
stat:
path: "{{ working_lxc_dir }}"
register: lxc_dir_check
- name: Ensure clean LXC container root filesystem on host
ignore_errors: yes
when: lxc_dir_check.stat.exists
command:
cmd: "rm -rf {{ working_lxc_dir }}"
- name: Download and create LXC container root filesystem on host
command:
cmd: "debootstrap --arch=amd64 {{ debian_version }} {{ working_rootfs_dir }} https://deb.debian.org/debian/"
args:
creates: "{{ working_rootfs_dir }}"
- name: Update apt in the container
command:
cmd: "{{ working_chroot }} /bin/bash -c 'apt update'"
- name: Install additional packages in the container
command:
cmd: "{{ working_chroot }} /bin/bash -c 'DEBIAN_FRONTEND=noninteractive apt install -y {{ debian_apt_packages | join(' ') }}'"
- name: Configure environment variables
template:
src: environment.j2
dest: "{{ working_rootfs_dir }}/etc/environment"
- name: Set up Message of the Day (MOTD)
template:
src: motd.j2
dest: "{{ working_rootfs_dir }}/etc/motd"
- name: Set Authorized SSH Keys
template:
src: authorized_keys.j2
dest: "{{ working_rootfs_dir }}/root/.ssh/authorized_keys"
- name: Create managed .bashrc file
template:
src: bash.bashrc.j2
dest: "{{ working_rootfs_dir }}/etc/bash.bashrc"
- name: Create .digrc file
template:
src: digrc.j2
dest: "{{ working_rootfs_dir }}/root/.digrc"
- name: Create locale file
template:
src: locale.j2
dest: "{{ working_rootfs_dir }}/etc/default/locale"
- name: Check if SSH configuration directory exists
stat:
path: "{{ working_rootfs_dir }}/etc/ssh/sshd_config.d"
register: ssh_config_dir_check
- name: SSH Configuration
template:
src: sshd_config.j2
dest: "{{ working_rootfs_dir }}/etc/ssh/sshd_config.d/fritzlab.conf"
when: ssh_config_dir_check.stat.exists
- name: SSH Banner
template:
src: sshd_banner.j2
dest: "{{ working_rootfs_dir }}/etc/ssh/banner.txt"
when: ssh_config_dir_check.stat.exists
- name: Sysctl Configuration
template:
src: sysctl.j2
dest: "{{ working_rootfs_dir }}/etc/sysctl.d/s99-fritzlab.conf"
- name: Mask unnecessary systemd units
command:
cmd: "{{ working_chroot }} /bin/bash -c 'systemctl mask {{ lxc_unnecessary_units | join(' ') }}'"
- name: Clean APT cache in the container
command:
cmd: "{{ working_chroot }} /bin/bash -c 'apt clean'"
- name: Remove unnecessary locale files in the container
command:
cmd: "{{ working_chroot }} /bin/bash -c 'rm -rf /usr/share/locale/* /usr/share/man/* /usr/share/doc/*'"
- name: Remove temporary files in the container
command:
cmd: "{{ working_chroot }} /bin/bash -c 'rm -rf /var/tmp/* /var/cache/* /tmp/*'"
- name: Remove device files before archiving in the container
command:
cmd: "rm -rf {{ working_rootfs_dir }}/dev/*"
- name: Create LXC image artifact by archiving rootfs on host
command:
cmd: "tar --exclude='./dev' --exclude='./dev/*' -czvf /tmp/{{ lxc_image_artifact_name }} -C {{ working_rootfs_dir }} ."
args:
creates: /tmp/{{ lxc_image_artifact_name }}
- name: Move artifact to destination on host
command:
cmd: "mv /tmp/{{ lxc_image_artifact_name }} {{ lxc_template_dir }}"
- name: Cleanup temporary artifact on host
file:
path: /tmp/{{ lxc_image_artifact_name }}
state: absent
- name: Cleanup LXC container root filesystem on host
ignore_errors: yes
when: lxc_dir_check.stat.exists
command:
cmd: "rm -rf {{ working_lxc_dir }}"
- name: Display LXC image artifact name
debug:
msg: "LXC Image Artifact Name: {{ lxc_image_artifact_name }}"
Reference in New Issue Copy Permalink