forked from MindPointGroup/ansible-vmware-provisioning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
prepimage.yml
66 lines (60 loc) · 2.94 KB
/
prepimage.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
---
- hosts: all
gather_facts: true
connection: local
tasks:
- name: "INCLUDES | Include vaulted credentials"
include_vars: group_vars/vaulted.yml
no_log: true
# The following prep tasks are taken from:
# https://access.redhat.com/solutions/198693
# https://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
- name: "CLEANUP | Standard VM template cleanup"
local_action:
module: vmware_vm_shell
validate_certs: "{{ validate_certs }}"
hostname: "{{ vcenter_host }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
datacenter: "{{ datacenter }}"
folder: /templates
vm_id: "{{ name }}"
vm_username: root
vm_password: "{{ rooter }}"
vm_shell: "{{ item.cmd }}"
vm_shell_args: "{{ item.args }}"
with_items:
- { cmd: /usr/bin/rm, args: " -f /etc/udev/rules.d/70*" }
- { cmd: /usr/bin/yum, args: " clean all" }
- { cmd: /usr/bin/rm, args: " -rf /tmp/*" }
- { cmd: /usr/bin/rm, args: " -rf /var/tmp/*" }
- { cmd: /bin/sed, args: " -i '/^NAME=/d' /etc/sysconfig/network-scripts/ifcfg-ens192" }
- { cmd: /bin/sed, args: " -i '/^HWADDR=/d' /etc/sysconfig/network-scripts/ifcfg-ens192" }
- { cmd: /bin/sed, args: " -i '/^UUID=/d' /etc/sysconfig/network-scripts/ifcfg-ens192" }
- { cmd: /usr/bin/rm, args: " -rf /etc/ssh/ssh_host_*" }
- { cmd: /sbin/shutdown, args: " now" }
ignore_errors: true
- name: "WAIT | Wait for the VM to power off"
wait_for:
timeout: 60
delegate_to: localhost
- name: "TEMPLATE | Create template from VM"
vmware_guest:
validate_certs: "{{ validate_certs }}"
hostname: "{{ vcenter_host }}"
username: "{{ vcenter_username }}"
password: "{{ vcenter_password }}"
datacenter: "{{ datacenter }}"
name: "{{ name }}"
folder: /templates
is_template: true
state: present
annotation: |
This VM was created as part of normal template maintenance on {{ ansible_date_time.date }} using Ansible. It is a basic install of CentOS 7 using the Infrastructure Server install profile. No STIGs are applied because we do that via Ansible, but the disk partitioning is set up in accordance with STIG requirements. The file systems in the template are laid out as:
- /dev/mapper/centos-root : 4096MB
- /dev/mapper/centos-opt : 1020MB
- /dev/mapper/centos-home : 1024MB
- /dev/mapper/centos-tmp : 1024MB
- /dev/mapper/centos-var : 1024MB
- /boot : 1024MB
This template is configured to come up with the IP address of 192.168.1.180, and our provisioning playbook then uses vmware_vm_shell to configure the end-state IP addressing in order to make the system reachable via SSH even when provisioning multiple hosts at once. Please refer questions regarding the template to the Ops team at [email protected].