-
Notifications
You must be signed in to change notification settings - Fork 4
/
prepare_vm.yml
201 lines (191 loc) · 6.15 KB
/
prepare_vm.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
- hosts: vcenter
gather_facts: false
tasks:
- raw: |
shell
chsh -s /bin/bash root
- meta: reset_connection
become: true
- hosts: vcenter
tasks:
- name: Ensure the root user is not locked
command: "usermod -U root"
- name: install growfs
shell: |
yum install -y cloud-utils
yum clean all
when: ansible_distribution_version != '1.0'
- command: service-control --stop
ignore_errors: yes
- systemd:
state: stopped
name: '{{ item }}'
with_items:
- multi-user.target
- applmgmt
- getty@tty1.service
- getty@tty2.service
- vami-lighttp
- dnsmasq
- vmafdd
- vmcad
- vmdird
- vmdnsd
- vmtoolsd
- vmware-firewall
- vmware-pod
- xinetd
- vmware-vpxd
- vmware-stsd
- vmware-sts-idmd
- vmware-vmon
- syslog
- syslog.socket
- lwsmd
ignore_errors: yes
- command: "pkill -f '/usr/bin/python /usr/lib/applmgmt/ddns/py/ddns.py'"
ignore_errors: yes
- command: "pkill -f /usr/lib/vmware-capengine/capengine"
ignore_errors: yes
- shell: |
set -eux
for mount_point in $(mount|awk '/mapper/ { print $3 }'); do
echo $mount_point
if [ $mount_point = "/" ]; then
continue
fi
if ! test -d ${mount_point}.new; then
cp -Rvpa ${mount_point} ${mount_point}.new
fi
umount ${mount_point}
rm -r ${mount_point}
mv -f ${mount_point}.new ${mount_point}
done
- command: swapon --ifexists --show=UUID
register: swap_list
- copy:
content: |
{% for i in ansible_mounts %}
{% if i.mount in ['/', '/boot'] %}
UUID={{ i.uuid }} {{ i.mount }} {{ i.fstype }} defaults 1 1
{% endif %}
{% endfor %}
# /dev/mapper/swap_vg-swap1 swap swap defaults 0 0
dest: /etc/fstab
- name: Refresh the initrd to include virtio drivers
shell: |
set -eux
target=$(ls /boot/initrd.img-*)
modules="tmem cn $(find /lib/modules -type f -name *virt* -exec basename -s .ko.xz {} \;)"
dracut -H -f --add-drivers "$modules" --force-drivers virtio-blk -o resume --no-hostonly-cmdline $target 2>&1| tee /root/dracut.log
when: ansible_distribution_version != '1.0'
- name: Turn on serial console
lineinfile:
path: /boot/photon.cfg
regexp: '^photon_cmdline=.*'
line: photon_cmdline=init=/lib/systemd/systemd ro loglevel=7 no-vmw-sta console=ttyS0,9600 console=ttyS0 systemd.journald.forward_to_console=1 systemd.log_level=debug systemd.debug-shell=1
# path: /boot/grub/grub.cfg
#serial --unit=0 --speed=9600
#terminal --timeout=5 serial console
- name: Turn off pam_tally2
lineinfile:
path: /etc/pam.d/system-auth
regexp: '^auth.*pam_tally2.so.*'
state: absent
- name: Configure Cloud-init
copy:
dest: /etc/cloud/cloud.cfg
content: |
users:
- name: root
lock-passwd: false
disable_root: false
disable_vmware_customization: true
preserve_hostname: true
datasource_list: [
NoCloud,
ConfigDrive,
OpenStack,
None
]
cloud_init_modules:
- bootcmd
- write-files
- growpart
- resizefs
- users-groups
- ssh
cloud_config_modules:
- package-update-upgrade-install
- runcmd
- yum-add-repo
cloud_final_modules:
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- final-message
system_info:
distro: photon
paths:
cloud_dir: /var/lib/cloud/
templates_dir: /etc/cloud/templates/
default_user:
name: root
lock_passwd: False
ssh_svcname: sshd
- name: 'Update the growpart copy (Fix: https://bugs.launchpad.net/cloud-utils/+bug/1799953)'
get_url:
url: https://raw.githubusercontent.com/canonical/cloud-utils/master/bin/growpart
dest: /usr/bin/growpart
mode: '0755'
- name: vSphere 7.0.2 uses LVM and cloud-init cannot resize that
copy:
dest: /etc/rc.d/rc.local
content: |
#!/bin/sh
## workaround for vcsa_to_qcow2
# Ensure we can resize the LVL root FS, cloud-init cannot do it.
growpart /dev/vda 4
pvresize /dev/vda4
growpart /dev/sda 4
pvresize /dev/sda4
lvextend -l 100%FREE /dev/vg_root_0/lv_root_0
resize2fs /dev/vg_root_0/lv_root_0
# Ensure netmgr can 'see' nic0
netmgr link_info --set --interface eth0 --state up
netmgr ip4_address --set --interface eth0 --mode dhcp
netmgr dns_servers --set --mode dhcp
exit 0
mode: '0755'
- lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin Yes'
- lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^Banner'
line: '# Banner /etc/issue'
- lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^MaxAuthTries'
state: absent
- name: Purge cloud-init files
file:
path: '{{ item }}'
state: absent
with_items:
- /var/lib/cloud
- /var/log/cloud-init.log
- /var/log/cloud-init-output.log
- command: "systemctl enable {{ item }}"
with_items:
- cloud-init
- cloud-config
- cloud-init-local
- name: Disable root's password
user:
name: root
password: '!'