--- # Tasks file for the luks_ssh role # Infrastructure # Ansible instructions to deploy the infrastructure # Copyright (C) 2019-2020 Christoph (Sheogorath) Kern # Copyright (C) 2020 Saibotk # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 3 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . - name: Create dracut extension file: path: "{{ dracut_ssh_dir }}" state: directory mode: '0755' owner: 'root' group: 'root' become: true - name: Add SSH keys for grub2 authorized_key: user: "root" state: present key: "{{ lookup('file', item.ssh_key) }}" comment: "{{ item.owner }} - {{ item.comment }} | Managed by Ansible" path: "{{ dracut_ssh_dir }}/authorized_keys" with_items: - "{{ dracut_authorized_keys }}" become: true notify: Regenerate dracut - name: Copy module setup file copy: src: "module-setup.sh" dest: "{{ dracut_ssh_dir }}/module-setup.sh" mode: '0755' owner: 'root' group: 'root' become: true notify: Regenerate dracut - name: Copy module files copy: src: "{{ item }}" dest: "{{ dracut_ssh_dir }}/{{ item }}" mode: '0644' owner: 'root' group: 'root' become: true with_items: - "sshd.service" notify: Regenerate dracut - name: Copy templated module files template: src: "{{ item }}" dest: "{{ dracut_ssh_dir }}/{{ item }}" mode: '0644' owner: 'root' group: 'root' become: true with_items: - "sshd_config" notify: Regenerate dracut - name: Install dracut network package: name: dracut-network state: present become: true notify: Regenerate dracut - name: Check if line is present shell: cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT changed_when: false ignore_errors: true register: luks_ssh_grub_default - name: Ensure that GRUB_CMDLINE_LINUX_DEFAULT is present lineinfile: path: /etc/default/grub regexp: '^GRUB_CMDLINE_LINUX_DEFAULT' line: 'GRUB_CMDLINE_LINUX_DEFAULT=""' become: true notify: Regenerate grub config when: luks_ssh_grub_default.rc != 0 # This method will only add the parameter if it was not already added # NOTICE: If the parameter was manually added, it will not be altered! - name: Enable early networking kernel parameter (rd.neednet=1) replace: path: /etc/default/grub regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=\"((?:(?!rd\.neednet=).)*?)"$' replace: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 rd.neednet=1"' become: true notify: Regenerate grub config # This method will only add the parameter if it was not already added # NOTICE: If the parameter was manually added, it will not be altered! - name: Enable early networking kernel parameter (ip=dhcp) replace: path: /etc/default/grub regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=\"((?:(?!ip=).)*?)"$' replace: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 ip=dhcp"' become: true notify: Regenerate grub config - name: Disable rhel-import-state service, so that it doesn not overwrite ifcfg scripts. systemd: name: "rhel-import-state" enabled: false masked: true become: true when: - ansible_os_family == "RedHat" and not ansible_distribution == "Rocky" - luks_ssh_disable_state_import - name: Disable import-state service, so that it doesn not overwrite ifcfg scripts. systemd: name: "import-state" enabled: false masked: true become: true when: - ansible_distribution == "Rocky" - luks_ssh_disable_state_import