main.yml 6.73 KB
Newer Older
1
2
3
4
5
---

- name: read /etc/motd
  command: cat /etc/motd
  register: motd_contents
6
  changed_when: motd_contents.stdout | length > 0
7

8
9
10
11
12
13
14
- name: check whether we're running in Hetzner or Packet.net rescue environment
  fail: msg="Not running in rescue system!"
  when: "'Hetzner Rescue' not in motd_contents.stdout and 'Rescue environment based on Alpine Linux' not in motd_contents.stdout"

- name: make sure all required packages are installed in the rescue system for installation
  apk: name=sgdisk,btrfs-progs,tar update_cache=yes
  when: ansible_facts['os_family'] == "Alpine"
15

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
16
17
- name: create GRUB embed partitions
  command: sgdisk -g --clear -n 1:0:+10M {{ item }} -c 1:boot -t 1:ef02
18
  with_items:
19
    - "{{ system_disks }}"
20
  register: sgdisk
21
  changed_when: "sgdisk.rc == 0"
22

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
23
24
- name: create root partitions
  command: sgdisk -n 2:0:0 {{ item }} -c 2:root
25
  with_items:
26
    - "{{ system_disks }}"
27
  register: sgdisk
28
  changed_when: "sgdisk.rc == 0"
29

30
- name: partition and format the disks (btrfs RAID)
31
32
  command: mkfs.btrfs -f -L root -d {{ raid_level|default('raid1') }} -m {{ raid_level|default('raid1') }} -O no-holes {{ system_disks | map('regex_replace', '^(.*)$', '\g<1>p2' if 'nvme' in system_disks[0] else '\g<1>2') | join(' ') }}
  when: filesystem == "btrfs" and system_disks|length >= 2
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
33

34
- name: partition and format the disks (btrfs single)
35
  command: mkfs.btrfs -f -L root -d single -m single -O no-holes {{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
36
37
  when: filesystem == "btrfs" and system_disks|length == 1

38
- name: mount the filesystem (btrfs)
39
  mount: src="{{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}" path=/mnt state=mounted fstype=btrfs opts="compress-force=zstd,space_cache=v2"
40
41
  when: filesystem == "btrfs"

42
- name: touch LOCK file on mountpoint
43
  file: path=/mnt/LOCK state=touch owner=root group=root mode=0644
44
45

- name: download bootstrap image
46
  get_url:
47
    url: https://mirrors.kernel.org/archlinux/iso/{{ bootstrap_version }}/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
48
    dest: /tmp/
49

50
- name: extract boostrap image  # noqa 208
51
52
53
  unarchive:
    src: /tmp/archlinux-bootstrap-{{ bootstrap_version }}-x86_64.tar.gz
    dest: /tmp
Kristian Klausen's avatar
Kristian Klausen committed
54
    remote_src: true
55
56
57
    creates: /tmp/root.x86_64

- name: copy resolv.conf to bootstrap chroot
Kristian Klausen's avatar
Kristian Klausen committed
58
  copy: remote_src=true src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
59
60

- name: mount /proc to bootstrap chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
61
  command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime  # noqa 303
62
63

- name: mount /sys to bootstrap chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
64
  command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev  # noqa 303
65
66

- name: mount /dev to bootstrap chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
67
  command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero  # noqa 303
68
69

- name: mount /mnt to bootstrap chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
70
  command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK  # noqa 303
71

72
73
- name: configure pacman mirror
  template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644
74

75
76
- name: initialize pacman keyring inside bootstrap chroot
  command: chroot /tmp/root.x86_64 pacman-key --init
77
78
  register: chroot_pacman_key_init
  changed_when: "chroot_pacman_key_init.rc == 0"
79

80
81
- name: populate pacman keyring inside bootstrap chroot
  command: chroot /tmp/root.x86_64 pacman-key --populate archlinux
82
83
  register: chroot_pacman_key_populate
  changed_when: "chroot_pacman_key_populate.rc == 0"
84

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
85
86
87
88
89
90
91
92
- name: install ucode update for Intel
  set_fact: ucode="intel-ucode"
  when: "'GenuineIntel' in ansible_facts['processor']"

- name: install ucode update for AMD
  set_fact: ucode="amd-ucode"
  when: "'AuthenticAMD' in ansible_facts['processor']"

93
- name: install arch base from bootstrap chroot
94
  command: chroot /tmp/root.x86_64 pacstrap /mnt base linux btrfs-progs grub openssh python-requests python-yaml inetutils {{ ucode }}
95
96
  args:
    creates: /tmp/root.x86_64/mnt/bin
97
98

- name: mount /proc to new chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
99
  command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime  # noqa 303
100
101

- name: mount /sys to new chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
102
  command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev  # noqa 303
103
104

- name: mount /dev to new chroot
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
105
  command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero  # noqa 303
106

107
- name: configure locale.gen
108
  lineinfile: dest=/mnt/etc/locale.gen line="en_US.UTF-8 UTF-8" owner=root group=root mode=0644
109
110
111

- name: run locale-gen inside chroot
  command: chroot /mnt locale-gen
112
113
  register: chroot_locale_gen
  changed_when: "chroot_locale_gen.rc == 0"
114
115
116

- name: run systemd-firstboot
  command: chroot /mnt systemd-firstboot --locale=en_US.UTF-8 --timezone=UTC --hostname={{ hostname }}
117
118
  register: chroot_systemd_firstboot
  changed_when: "chroot_systemd_firstboot.rc == 0"
119
120

- name: run mkinitcpio
121
  command: chroot /mnt mkinitcpio -p linux
122
123
  register: chroot_mkinitcpio
  changed_when: "chroot_mkinitcpio.rc == 0"
124

125
126
127
128
129
- name: configure networking
  include_role:
    name: networking
  vars:
    chroot_path: "/mnt"
130

131
132
133
- name: provide default mount options (btrfs)
  lineinfile:
    path: /mnt/etc/default/grub
134
135
136
    owner: root
    group: root
    mode: 0644
137
    regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
138
    line: "GRUB_CMDLINE_LINUX_DEFAULT=\"rootflags=compress-force=zstd\""
139
  when: filesystem == "btrfs"
140
141

- name: install grub
142
  command: chroot /mnt grub-install --recheck {{ item }}
143
  with_items:
144
    - "{{ system_disks }}"
145
146
  register: chroot_grub_install
  changed_when: "chroot_grub_install.rc == 0"
147
148

- name: configure grub
149
  command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
150
151
  register: chroot_grub_mkconfig
  changed_when: "chroot_grub_mkconfig.rc == 0"
152

153
154
155
156
157
158
159
160
161
- name: setup pacman-init.service on first boot
  copy: src=pacman-init.service dest=/mnt/etc/systemd/system/ owner=root group=root mode=0644

- name: remove generated keyring in the installation process
  file: path=/mnt/etc/pacman.d/gnupg state=absent

- name: make sure /etc/machine-id is absent
  file: path=/mnt/etc/machine-id state=absent

162
- name: enable services inside chroot
163
  command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved fstrim.timer pacman-init
164
165
  register: chroot_systemd_services
  changed_when: "chroot_systemd_services.rc == 0"
166
167

- name: add authorized key for root
168
169
170
171
  include_role:
    name: root_ssh
  vars:
    root_ssh_directory: /tmp/root.x86_64/mnt/root/.ssh
172
173
174
175

- name: configure sshd
  template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644

176
- name: clean pacman cache
177
  shell: yes | chroot /mnt pacman -Scc  # noqa risky-shell-pipe ("Illegal option -o pipefail" in Hetzner's recovery environment (dash?))
178
179
  register: chroot_pacman_clean_cache
  changed_when: "chroot_pacman_clean_cache.rc == 0"
180

181
182
- name: remove LOCK file on mountpoint
  file: path=/mnt/LOCK state=absent