-
Notifications
You must be signed in to change notification settings - Fork 34
/
Copy pathprovision_template.yml
116 lines (96 loc) · 3.78 KB
/
provision_template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
- name: scripts to enable/disable zram
template: src=template/scripts/{{ item }} dest=/usr/local/bin/{{ item }} mode=0755
with_items:
- zram-start.sh
- zram-stop.sh
- name: systemd service to enable zram
template: src=template/systemd/system/zram.service dest=/etc/systemd/system/zram.service mode=0644
- name: enable systemd service to enable zram
service: name=zram.service enabled=yes
- name: install apt sources.list
template: src=common/apt/sources.list dest=/etc/apt/sources.list mode=0644
register: apt_sources_list
- name: update apt cache
apt: update_cache=yes
when: apt_sources_list is changed
- name: disable apt periodic update
template: src=template/{{ item }} dest=/etc/{{ item }}
with_items: [ apt/apt.conf.d/10periodic ]
# Apparmor profiles do not work with custom mounting scheme for rootfs
- name: remove apparmor and snapd
apt:
state: absent
purge: yes
package:
- apparmor
- snapd
- name: remove unnecessary packages
apt: package="{{ packages_to_remove }}" state=absent purge=yes
- name: upgrade all packages
apt:
upgrade: dist
- name: remove dependencies that are no longer required
apt:
autoremove: yes
- name: disable sshd password login
lineinfile: path=/etc/ssh/sshd_config regexp='^PasswordAuthentication' line='PasswordAuthentication no'
notify: reload sshd
- name: install required packages
apt:
state: latest
package:
- initramfs-tools
- squashfs-tools
# - aufs-tools
- cpio
# console autologin
- mingetty
# required for uvesafb framebuffer module
# this package has built-in hooks for initramfs-tools
- v86d
- name: remove virtual linux kernel packages and headers
apt:
state: absent
package:
- linux-image-virtual
- linux-headers-virtual
- name: install generic linux kernel and firmware packages
apt:
state: latest
package:
- "{{ linux_kernel_package }}"
- linux-firmware
- amd64-microcode
- intel-microcode
# We do not need old kernels and modules to take space in rootfs image
- name: remove old linux kernel and header packages
shell: |
export DEBIAN_FRONTEND=noninteractive
dpkg -l 'linux-image-[0-9]*' | grep ^i | tr -s ' ' | cut -d' ' -f2 | sort -r | sed 1d | xargs apt purge --allow-remove-essential -y
dpkg -l 'linux-modules-[0-9]*' | grep ^i | tr -s ' ' | cut -d' ' -f2 | sort -r | sed 1d | xargs apt purge --allow-remove-essential -y
dpkg -l 'linux-modules-extra-[0-9]*' | grep ^i | tr -s ' ' | cut -d' ' -f2 | sort -r | sed 1d | xargs apt purge --allow-remove-essential -y
apt-get purge --allow-remove-essential -y 'linux-headers-*' 'linux-tools-*' 'linux-cloud-tools-*'
- name: install initramfs hook script and config
copy: src=template/{{ item }} dest=/etc/{{ item }} mode=0755
with_items:
- initramfs-tools/hooks/zz_custom
- initramfs-tools/scripts/ram
- initramfs-tools/initramfs.conf
notify: update initramfs
register: initramfs_config
tags: initramfs-conf
# This also may be done by handler, but if playbook fails at any step, handler doesn't start and we have initrd without boot script
- name: update initramfs
shell: update-initramfs -u
when: initramfs_config is changed
- name: create helper directory for aufs
file: path=/AUFS state=directory mode=0755
- name: create config directory [email protected]
file: path=/etc/systemd/system/[email protected] state=directory
- name: config autologin on first console
template: src=template/{{ item }} dest=/etc/{{ item }} mode=0644
with_items:
- systemd/system/[email protected]/override.conf
notify: systemctl daemon-reload
- name: set password for autologin user to enable autologin
user: name={{ autologin_user }} password={{ autologin_user | password_hash('sha512', 'salt') }}