admin/resf-testing-repo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor golden image role: update variable names and remove obsolete customize script

Browse Source 
Signed-off-by: Stephen Simpson <ssimpson89@users.noreply.github.com>
This commit is contained in:
Stephen Simpson
2025-12-29 16:07:28 -06:00
parent ec04f0bec5
commit abf773c8ec
3 changed files with 14 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ansible/roles/golden_image/tasks/customize.sh
View File

@@ -1,17 +0,0 @@
#!/bin/bash
set -eux
# Create user if it doesn't exist
if ! id -u rocky >/dev/null 2>&1; then
useradd -m rocky
fi
# Set password
echo "rocky:rockypass" | chpasswd
# Sudoers
echo "rocky ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/rocky
chmod 0440 /etc/sudoers.d/rocky
# Enable ssh
systemctl enable sshd

23
ansible/roles/golden_image/tasks/main.yml
View File

@@ -1,35 +1,38 @@
---
- name: Verify base image exists
ansible.builtin.stat:
path: "{{ golden_image_base_image_path }}"
register: golden_image_base_image_stat
failed_when: not golden_image_base_image_stat.stat.exists
stat:
path: "{{ base_image_path }}"
register: base_image_stat
failed_when: not base_image_stat.stat.exists
- name: Ensure golden image directory exists
ansible.builtin.file:
file:
path: "{{ golden_image_path | dirname }}"
state: directory
mode: '0755'
become: true
- name: Copy base image to golden image
ansible.builtin.copy:
src: "{{ golden_image_base_image_path }}"
copy:
src: "{{ base_image_path }}"
dest: "{{ golden_image_path }}"
remote_src: true
mode: '0644'
become: true
- name: Customize golden image
ansible.builtin.command: >
command: >
virt-customize -a {{ golden_image_path }}
--install perl,git,wget,tar,openssh-server,vim
--run {{ role_path }}/tasks/customize.sh
--run-command 'useradd -m rocky 2>/dev/null || true'
--run-command 'echo "rocky:rockypass" | chpasswd'
--run-command 'echo "rocky ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/rocky'
--run-command 'chmod 0440 /etc/sudoers.d/rocky'
--run-command 'systemctl enable sshd'
--ssh-inject root:file:{{ ssh_public_key_path }}
--ssh-inject rocky:file:{{ ssh_public_key_path }}
--root-password password:{{ root_password }}
--selinux-relabel
changed_when: false
environment:
LIBGUESTFS_BACKEND: direct
become: true