From 6683cc645802a20d76381570642400146371437d Mon Sep 17 00:00:00 2001 From: Marcin Bojko Date: Wed, 4 May 2022 20:22:25 +0200 Subject: [PATCH] Version 1.9.6 --- .gitignore | 1 + .gitlab-ci.yml | 101 ++++++++++- CHANGELOG.md | 9 +- README.md | 4 +- extra/files/gen2-linux/ansible.sh | 23 ++- extra/files/gen2-ubuntu2004/provision.sh | 12 +- extra/files/gen2-ubuntu2004/puppet.conf | 2 +- extra/playbooks/provision_alma8_variables.yml | 1 + extra/playbooks/provision_centos.yaml | 45 +++-- .../playbooks/provision_centos7_variables.yml | 12 +- .../playbooks/provision_centos8_variables.yml | 159 ++++++++++++++++++ .../playbooks/provision_oracle8_variables.yml | 9 +- .../playbooks/provision_rocky8_variables.yml | 9 +- extra/playbooks/provision_vagrant.yaml | 4 +- extra/scripts/oci/bootstrap.ps1 | 16 ++ extra/scripts/phase-3.ps1 | 4 +- variables/variables_ubuntu2004.pkvars.hcl | 4 +- variables/variables_win2022_dc.pkvars.hcl | 4 +- variables/variables_win2022_std.pkvars.hcl | 4 +- 19 files changed, 351 insertions(+), 72 deletions(-) create mode 100644 extra/playbooks/provision_centos8_variables.yml create mode 100644 extra/scripts/oci/bootstrap.ps1 diff --git a/.gitignore b/.gitignore index 9a8b3ef..7ac9dcc 100755 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ extra/.snippets* vbox/* *.box .scripts/* +.vscode/* \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 06d6e56..b910255 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,11 +1,13 @@ variables: - packer_version: "1.7.10" + packer_version: "1.8.0" dind: 20.10-dind build_alma: "false" build_centos: "false" build_rocky: "false" build_oracle: "false" build_ubuntu: "false" + build_windows2022_std: "true" + build_windows2022_dc: "true" stages: - get-packer - centos7-validate @@ -16,11 +18,13 @@ stages: - windows2019-validate - windows2022-validate - ansible-lint + - install_packer - build_alma - build_rocky - build_centos - build_oracle - build_ubuntu + - build_windows2022 get-packer: stage: get-packer image: alpine @@ -53,6 +57,8 @@ centos79: tags: - docker - packer + needs: + - get-packer centos79-docker: stage: centos7-validate image: alpine @@ -67,6 +73,8 @@ centos79-docker: tags: - docker - packer + needs: + - get-packer centos79-vagrant: stage: centos7-validate image: alpine @@ -81,6 +89,8 @@ centos79-vagrant: tags: - docker - packer + needs: + - get-packer alma85: stage: alma8-validate image: alpine @@ -95,6 +105,8 @@ alma85: tags: - docker - packer + needs: + - get-packer alma85-vagrant: stage: alma8-validate image: alpine @@ -109,6 +121,8 @@ alma85-vagrant: tags: - docker - packer + needs: + - get-packer alma85-docker: stage: alma8-validate image: alpine @@ -123,6 +137,8 @@ alma85-docker: tags: - docker - packer + needs: + - get-packer # Rocky rocky85: stage: rocky8-validate @@ -138,6 +154,8 @@ rocky85: tags: - docker - packer + needs: + - get-packer rocky85-vagrant: stage: rocky8-validate image: alpine @@ -152,6 +170,8 @@ rocky85-vagrant: tags: - docker - packer + needs: + - get-packer rocky85-docker: stage: rocky8-validate image: alpine @@ -166,6 +186,8 @@ rocky85-docker: tags: - docker - packer + needs: + - get-packer # Validate Oracle oracle85: stage: oracle8-validate @@ -181,6 +203,8 @@ oracle85: tags: - docker - packer + needs: + - get-packer oracle85-vagrant: stage: oracle8-validate image: alpine @@ -195,6 +219,8 @@ oracle85-vagrant: tags: - docker - packer + needs: + - get-packer oracle85-docker: stage: oracle8-validate image: alpine @@ -209,6 +235,8 @@ oracle85-docker: tags: - docker - packer + needs: + - get-packer ubuntu2004: stage: ubuntu20-validate image: alpine @@ -223,6 +251,8 @@ ubuntu2004: tags: - docker - packer + needs: + - get-packer lts2019-std: stage: windows2019-validate image: alpine @@ -237,6 +267,8 @@ lts2019-std: tags: - docker - packer + needs: + - get-packer lts2019-std-vagrant: stage: windows2019-validate image: alpine @@ -251,6 +283,8 @@ lts2019-std-vagrant: tags: - docker - packer + needs: + - get-packer lts2019-dc: stage: windows2019-validate image: alpine @@ -265,6 +299,8 @@ lts2019-dc: tags: - docker - packer + needs: + - get-packer lts2019-dc-vagrant: stage: windows2019-validate image: alpine @@ -279,6 +315,8 @@ lts2019-dc-vagrant: tags: - docker - packer + needs: + - get-packer # Windows Server 2022 lts2022-std: stage: windows2022-validate @@ -294,7 +332,9 @@ lts2022-std: tags: - docker - packer -lts2012-dc: + needs: + - get-packer +lts2022-dc: stage: windows2022-validate image: alpine services: @@ -308,6 +348,8 @@ lts2012-dc: tags: - docker - packer + needs: + - get-packer lts2022-std-vagrant: stage: windows2022-validate image: alpine @@ -322,7 +364,9 @@ lts2022-std-vagrant: tags: - docker - packer -lts2012-dc-vagrant: + needs: + - get-packer +lts2022-dc-vagrant: stage: windows2022-validate image: alpine services: @@ -336,15 +380,14 @@ lts2012-dc-vagrant: tags: - docker - packer - + needs: + - get-packer ansible-lint: stage: ansible-lint - image: python:3-slim + image: marcinbojko/pipetools-ansible services: - docker:$dind before_script: - - /usr/local/bin/python -m pip install --upgrade pip - - pip install --upgrade ansible-lint yamllint ansible - yamllint --version - ansible-lint --version script: @@ -354,8 +397,18 @@ ansible-lint: tags: - docker - packer + needs: + - get-packer # Here building starts - +# Install required packer choco package +install_packer: + stage: install_packer + script: + - choco upgrade packer --version $packer_version -y + - packer --version + tags: + - windows + - hyperv build_alma: stage: build_alma script: @@ -572,4 +625,34 @@ build_ubuntu: tags: - windows - hyperv - +# build windows 2022 std +build_windows_2022_std: + stage: build_windows2022 + script: + - pwd + - '$env:PACKER_CACHE_DIR="e:\packer_cache"' + - "Get-Vm -name packer-*|Stop-VM -Force" + - Sleep 120 + - "Get-Vm -name packer-*|Remove-VM -Force" + - .\hv_win2022_std.ps1 + rules: + - if: $build_windows2022_std == "true" + when: on_success + tags: + - windows + - hyperv +build_windows_2022_dc: + stage: build_windows2022 + script: + - pwd + - '$env:PACKER_CACHE_DIR="e:\packer_cache"' + - "Get-Vm -name packer-*|Stop-VM -Force" + - Sleep 120 + - "Get-Vm -name packer-*|Remove-VM -Force" + - .\hv_win2022_dc.ps1 + rules: + - if: $build_windows2022_dc == "true" + when: on_success + tags: + - windows + - hyperv diff --git a/CHANGELOG.md b/CHANGELOG.md index 54b0ba3..700df66 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Changelog -## Version 1.9.5 20202-02-20 +## Version 1.9.6 2022-05-04 + +* [BREAKING_CHANGE] bumped `puppet` package and repository to version 7, for all Linux RHEL-based machines +* [BREAKING_CHANGE] bumped `zabbix` package and repository version to 6 LTS for all Linux RHEL-based machines +* [BREAKING_CHANGE] bumped `puppet-agent` version to 7.14.0 (7.x branch) for all Windows machines +* `extra` scripts optimizations + +## Version 1.9.5 2022-02-20 * [Ubuntu] fixed `boot_command` variable not being passed properly, thus failing Ubuntu builds diff --git a/README.md b/README.md index 73479d5..e992f30 100644 --- a/README.md +++ b/README.md @@ -144,10 +144,10 @@ To adjust to your Hyper-V, please check variables below and/or in ./variables fi |tabby|latest| - latest Nuget poweshell module -- `phase3.ps1` Puppet agent settings will be customized (`server=foreman.spcph.local`) with parameters: +- `phase3.ps1` Puppet agent settings will be customized (`server=foreman.example.com`) with parameters: - `Version` - puppet chocolatey version, for example "6.26.0" - `AddPrivateChoco` ($true/$false) - if set to true, private MyGet repository will be added as `public` - - `PuppetMaster` (foreman.spcph.local) - if set, in `puppet.conf` section server will point to that variable + - `PuppetMaster` (foreman.example.com) - if set, in `puppet.conf` section server will point to that variable Example of usage: diff --git a/extra/files/gen2-linux/ansible.sh b/extra/files/gen2-linux/ansible.sh index 69758bc..9992154 100755 --- a/extra/files/gen2-linux/ansible.sh +++ b/extra/files/gen2-linux/ansible.sh @@ -4,7 +4,7 @@ # vars # set ansible-core version due to python requirements in ansible 2.12 -ansible_core="2.11.7" +ansible_core="2.11.11" usage() { echo "Usage: $0 [-i Install or uninstall ansible ]" 1>&2; } @@ -22,6 +22,7 @@ while getopts :i: option done # what os we're dealing with OS=$(grep -e '^ID_LIKE=' /etc/os-release|tr -d '"'|sed -e "s/^ID_LIKE=//"|tr "[:upper:]" "[:lower:]") +VERSION_ID=$(grep -e '^VERSION_ID=' /etc/os-release|tr -d '"'|sed -e "s/^VERSION_ID=//"|tr "[:upper:]" "[:lower:]") if [ -z "$OS" ];then echo "Couldn't recognise os, exiting" @@ -38,7 +39,21 @@ fi function install_ansible { echo "Starting ansible installation step, ansible-core in version: $ansible_core" /usr/bin/python3 -m pip install --upgrade pip - /usr/bin/python3 -m pip install --upgrade jmespath jsonlint yamllint ansible-core==$ansible_core ansible pywinrm requests-kerberos requests-ntlm requests-credssp pypsrp + # let's prepare for ansible dependency in CentOS 7 + if [ "$VERSION_ID" == '7' ];then + # RHEL 7, constrain ansible-core to 2.11.11 + /usr/bin/python3 -m pip install --upgrade jmespath jsonlint yamllint ansible-core==2.11.11 ansible pywinrm requests-kerberos requests-ntlm requests-credssp pypsrp + else + # RHEL 8 or higher + /usr/bin/python3 -m pip install --upgrade jmespath jsonlint yamllint ansible-core==$ansible_core ansible pywinrm requests-kerberos requests-ntlm requests-credssp pypsrp + fi + + # build a block to supress warnings and other ansible configs + mkdir -p /etc/ansible && chmod 755 /etc/ansible + echo "[defaults]" > /etc/ansible/ansible.cfg + echo "deprecation_warnings=False" >> /etc/ansible/ansible.cfg + + # let's install required modules, use --upgrade if possible /usr/local/bin/ansible-galaxy collection install --upgrade ansible.posix /usr/local/bin/ansible-galaxy collection install --upgrade community.general /usr/local/bin/ansible-galaxy collection install --upgrade community.crypto @@ -77,7 +92,7 @@ if [ "$INSTALL" == "true" ] && [[ "$OS" =~ rhel|centos|fedora ]];then $manager makecache -y $manager remove ansible ansible-base ansible-core -y -q ||true # repeat code from kickstart - $manager install -y chrony mc curl wget yum-priorities yum-versionlock yum-utils yum-cron openssh-server openssh-clients openssh kernel-devel kernel-headers make patch gcc + $manager install -y chrony mc curl wget yum-utils openssh-server openssh-clients openssh kernel-devel kernel-headers make patch gcc $manager install ca-certificates python3 python3-devel python3-pip python3-wheel krb5-devel krb5-workstation -y $manager install python3-setuptools python3-psutil -y /usr/bin/python3 -m pip install --upgrade setuptools-rust @@ -87,7 +102,7 @@ fi if [ "$INSTALL" == "false" ] && [[ "$OS" =~ rhel|centos|fedora ]];then echo "Removing ansible on RHEL/related" - if which dnf;then + if command -v dnf >/dev/null 2>&1;then manager=dnf else manager=yum diff --git a/extra/files/gen2-ubuntu2004/provision.sh b/extra/files/gen2-ubuntu2004/provision.sh index 927f947..4ef32be 100644 --- a/extra/files/gen2-ubuntu2004/provision.sh +++ b/extra/files/gen2-ubuntu2004/provision.sh @@ -83,9 +83,9 @@ fi if [ "$INSTALL_ZABBIX" == true ]; then echo "Provisioning phase 2 - Zabbix" # zabbix 5.2 repository - wget https://repo.zabbix.com/zabbix/5.2/ubuntu/pool/main/z/zabbix-release/zabbix-release_5.2-1+ubuntu20.04_all.deb - dpkg -i zabbix-release_5.2-1+ubuntu20.04_all.deb - rm -rfv zabbix-release_5.2-1+ubuntu20.04_all.deb + wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-1+ubuntu20.04_all.deb + dpkg -i zabbix-release_6.0-1+ubuntu20.04_all.deb + rm -rfv zabbix-release_6.0-1+ubuntu20.04_all.deb apt-get update -y apt-get install zabbix-agent -y systemctl enable zabbix-agent @@ -98,9 +98,9 @@ if [ "$INSTALL_PUPPET" == "true" ]; then echo "Provisioning phase 2 - Puppet Agent" # puppet 6.x repository - wget https://apt.puppetlabs.com/puppet6-release-focal.deb - dpkg -i puppet6-release-focal.deb - rm -rfv puppet6-release-focal.deb + wget https://apt.puppet.com/puppet7-release-focal.deb + dpkg -i puppet7-release-focal.deb + rm -rfv puppet7-release-focal.deb apt-get update -y apt-get -y install puppet-agent diff --git a/extra/files/gen2-ubuntu2004/puppet.conf b/extra/files/gen2-ubuntu2004/puppet.conf index aea6e2d..e276910 100644 --- a/extra/files/gen2-ubuntu2004/puppet.conf +++ b/extra/files/gen2-ubuntu2004/puppet.conf @@ -5,4 +5,4 @@ # - https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html # - https://docs.puppetlabs.com/puppet/latest/reference/configuration.html runinterval = 1800 -server = foreman.spcph.local +server = foreman.example.com diff --git a/extra/playbooks/provision_alma8_variables.yml b/extra/playbooks/provision_alma8_variables.yml index 5abf214..6e349be 100644 --- a/extra/playbooks/provision_alma8_variables.yml +++ b/extra/playbooks/provision_alma8_variables.yml @@ -13,6 +13,7 @@ initial_packages: - langpacks-en - glibc-all-langpacks - ca-certificates + - yum-utils yum_extra_groups: - "@base" - "@core" diff --git a/extra/playbooks/provision_centos.yaml b/extra/playbooks/provision_centos.yaml index c416109..bb4e6ff 100644 --- a/extra/playbooks/provision_centos.yaml +++ b/extra/playbooks/provision_centos.yaml @@ -26,7 +26,7 @@ gather_facts: false pre_tasks: - name: verify_ansible_meets_version_requirements - assert: + ansible.builtin.assert: that: "ansible_version.full is version_compare('2.10', '>=')" msg: > "You must update Ansible to at least 2.10 to use this version of playbook" @@ -52,7 +52,7 @@ - assert tasks: - name: display_initial_values - debug: + ansible.builtin.debug: msg: - "Ansible package manager :{{ ansible_pkg_mgr }}" - "Extra volume name :{{ extra_device }}" @@ -71,7 +71,7 @@ - "Reboot server :{{ reboot_server }}" # initial cleaning and refreshing metadata for packages - name: initial_clean - debug: + ansible.builtin.debug: msg: "Starting provision" notify: clean-metadata changed_when: true @@ -93,7 +93,7 @@ ansible.builtin.yum: name: "{{ item }}" state: latest - disable_gpg_check: yes + disable_gpg_check: true retries: "{{ retries_count }}" loop: "{{ epel_package }}" delay: "{{ delay_time }}" @@ -137,7 +137,7 @@ - base # let's install extra yumgroups - name: refresh_repos - debug: + ansible.builtin.debug: msg: "Refreshing repos" notify: makecache changed_when: true @@ -322,7 +322,7 @@ - clean-metadata - makecache - name: install_puppet_repository - yum: + ansible.builtin.yum: name: "{{ item.url }}" state: present loop: "{{ puppet.repository }}" @@ -346,7 +346,7 @@ until: r_puppet_repository_priority is success notify: makecache - name: install_puppet_package - yum: + ansible.builtin.yum: name: "{{ puppet.package.name }}" state: latest retries: "{{ retries_count }}" @@ -354,7 +354,7 @@ register: r_install_puppet_package until: r_install_puppet_package is success - name: set_puppet_service_state - systemd: + ansible.builtin.systemd: name: "{{ item.name }}" state: "{{ item.state }}" enabled: "{{ item.enabled }}" @@ -365,7 +365,7 @@ until: r_set_puppet_service is success when: r_install_puppet_package is success - name: remove_temp_ssl_keys - file: + ansible.builtin.file: path: /etc/puppetlabs/puppet/ssl state: absent register: r_remove_temp_ssl_keys @@ -374,7 +374,7 @@ until: r_remove_temp_ssl_keys is success when: r_install_puppet_package is success and remove_puppet_ssl_keys - name: create_puppet_config - file: + ansible.builtin.file: path: "{{ puppet.config.location }}" state: touch mode: "{{ puppet.config.mode }}" @@ -424,7 +424,7 @@ until: r_install_neofetch_package is success when: r_neofetch_repository is success - name: neofetch_first_run - command: neofetch + ansible.builtin.command: neofetch when: r_neofetch_repository is success changed_when: false ignore_errors: true @@ -513,7 +513,7 @@ when: r_check_for_extra_device.stat.exists and r_check_for_extra_device is defined register: r_partition_docker_volume - name: display_info - debug: + ansible.builtin.debug: var: r_partition_docker_volume - name: create_docker_filesystem community.general.filesystem: @@ -532,11 +532,6 @@ register: setup_status until: setup_status is success changed_when: false -# - name: get_extra_volume_uid -# ansible.builtin.stat: -# path: "{{ extra_device }}1" -# register: r_check_for_extra_device_uuid -# when: r_create_docker_filesystem is defined and r_create_docker_filesystem is success - name: prepare_docker_folder ansible.builtin.file: name: /var/lib/docker @@ -610,7 +605,7 @@ until: r_start_firewalld is success # set default zone - name: display_interface_info - debug: + ansible.builtin.debug: msg: "Primary network interface is: {{ ansible_default_ipv4.interface }}" when: ansible_default_ipv4.interface is defined - name: make_default_zone @@ -763,7 +758,7 @@ machine_type: "{{ ansible_virtualization_role }}" when: ansible_virtualization_role is defined - name: display_machine_type - debug: + ansible.builtin.debug: msg: "Machine type is: {{ machine_type }}" when: ansible_virtualization_role is defined - name: set_tuned_for_baremetal @@ -821,33 +816,33 @@ notify: - clean-metadata - name: reboot_server - reboot: + ansible.builtin.reboot: pre_reboot_delay: 20 post_reboot_delay: 20 reboot_timeout: 1200 when: reboot_server # end play - name: end_host - meta: end_host + ansible.builtin.meta: end_host handlers: - name: makecache - command: "{{ ansible_pkg_mgr }} makecache -y" + ansible.builtin.command: "{{ ansible_pkg_mgr }} makecache -y" args: warn: false changed_when: false - name: clean-metadata - command: "{{ ansible_pkg_mgr }} clean metadata all -y" + ansible.builtin.command: "{{ ansible_pkg_mgr }} clean metadata all -y" args: warn: false changed_when: false - name: switch_default_firewalld_zone - shell: "firewall-cmd --set-default-zone={{ firewalld.default_zone }}" + ansible.builtin.shell: "firewall-cmd --set-default-zone={{ firewalld.default_zone }}" args: warn: false changed_when: false when: (firewalld.default_zone is defined) and (firewalld.default_zone|length>0) - name: reload_firewalld - shell: "firewall-cmd --reload" + ansible.builtin.shell: "firewall-cmd --reload" args: warn: false changed_when: false diff --git a/extra/playbooks/provision_centos7_variables.yml b/extra/playbooks/provision_centos7_variables.yml index b8c03b1..f4548a5 100644 --- a/extra/playbooks/provision_centos7_variables.yml +++ b/extra/playbooks/provision_centos7_variables.yml @@ -70,7 +70,7 @@ webmin: enabled: 1 zabbix: repository: - - url: https://repo.zabbix.com/zabbix/5.2/rhel/7/x86_64/zabbix-release-5.2-1.el7.noarch.rpm + - url: https://repo.zabbix.com/zabbix/6.0/rhel/7/x86_64/zabbix-release-6.0-1.el7.noarch.rpm name: zabbix-agent2 file: /etc/yum.repos.d/zabbix.repo gpgkey: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 @@ -82,16 +82,16 @@ zabbix: service: zabbix-agent2 puppet: repository: - - url: https://yum.puppet.com/puppet6-release-el-7.noarch.rpm + - url: https://yum.puppet.com/puppet7-release-el-7.noarch.rpm gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 service: - name: puppet state: stopped enabled: no priorities: - - name: puppet6 + - name: puppet7 priority: 10 - path: /etc/yum.repos.d/puppet6.repo + path: /etc/yum.repos.d/puppet7.repo package: name: puppet-agent config: @@ -150,8 +150,8 @@ sysctl: state: present tuned_profile: throughput-performance locale: - language: en_US.utf8 - keymap: us + language: "en_US.utf8" + keymap: "us" hyperv: - name: hypervfcopyd - name: hypervkvpd diff --git a/extra/playbooks/provision_centos8_variables.yml b/extra/playbooks/provision_centos8_variables.yml new file mode 100644 index 0000000..59a906e --- /dev/null +++ b/extra/playbooks/provision_centos8_variables.yml @@ -0,0 +1,159 @@ +initial_packages: + - curl + - mc + - wget + - tar + - bzip2 + - kernel-devel + - kernel-headers + - perl + - gcc + - make + - elfutils-libelf-devel + - langpacks-en + - glibc-all-langpacks + - ca-certificates + - yum-utils +yum_extra_groups: + - "@base" + - "@core" +yum_extra_packages: + - adcli + - firefox + - gcc + - hdparm + - iotop + - krb5-workstation + - make + - nmap + - chrony + - oddjob + - oddjob-mkhomedir + - parted + - patch + - realmd + - samba + - samba-common + - screen + - smartmontools + - sssd + - sssd-tools + - telnet + - tmux + - xauth + - zsh +yum_extra_epel_packages: + - atop + - bmon + - gparted + - htop + - iftop + - jq + - multitail + - ncdu + - nmon + - pv + - rkhunter +epel: + priority: 60 +epel_package: + - epel-release +selinux: + state: disabled +webmin: + - file: webmin + gpgkey: http://www.webmin.com/jcameron-key.asc + name: Webmin Distribution Neutral + timeout: 120 + mirrorlist: http://download.webmin.com/download/yum/mirrorlist + enabled: 1 +zabbix: + repository: + - url: https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm + name: zabbix-agent2 + file: /etc/yum.repos.d/zabbix.repo + gpgkey: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 + priorities: + - name: zabbix + priority: 20 + path: /etc/yum.repos.d/zabbix.repo + package: + service: zabbix-agent2 +puppet: + repository: + - url: https://yum.puppet.com/puppet7-release-el-8.noarch.rpm + gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 + service: + - name: puppet + state: stopped + enabled: no + priorities: + - name: puppet7 + priority: 20 + path: /etc/yum.repos.d/puppet7.repo + package: + name: puppet-agent + config: + location: /etc/puppetlabs/puppet/puppet.conf + mode: "0644" + agent: + - key: runinterval + value: 1800 + - key: server + value: foreman.example.com +neofetch: + repository: + - url: https://copr.fedorainfracloud.org/coprs/konimex/neofetch/repo/epel-8/konimex-neofetch-epel-8.repo + dest: /etc/yum.repos.d/konimex-neofetch.repo + package: + name: neofetch + options: + - option: (\s*[^#]info "Packages" packages).* + line: ' #info "Packages" packages' +timezone: "Europe/Copenhagen" +remote_files: + - url: https://raw.githubusercontent.com/marcinbojko/hv-packer/master/extra/files/gen2-linux/prepare_neofetch.sh + dest: /tmp/prepare_neofetch.sh + mode: "0755" +firewalld: + default_zone: work + rich_rules: + - rule: 'rule family="ipv4" source address="0.0.0.0/0" port port="22" protocol="tcp" accept' + zabbix_rich_rules: + - rule: 'rule family="ipv4" source address="0.0.0.0/0" port port="10050-10051" protocol="tcp" accept' + webmin_rich_rules: + - rule: 'rule family="ipv4" source address="0.0.0.0/0" port port="10000" protocol="tcp" accept' + cockpit_rich_rules: + - rule: 'rule family="ipv4" source address="0.0.0.0/0" port port="9090" protocol="tcp" accept' + services_remove: + - ssh +services: + - name: firewalld + state: started + enabled: true + - name: chronyd + state: started + enabled: true + - name: sshd + state: started + enabled: true +sysctl: + - key: net.ipv4.ip_forward + value: 1 + state: present +tuned_profile: throughput-performance +locale: + language: "en_US.utf8" + keymap: "us" +hyperv: + - name: hypervfcopyd + - name: hypervkvpd + - name: hypervvssd +motd: | + #!/bin/bash + neofetch --config /etc/neofetch/config.conf + if [ -f ~/.Xauthority ]; then + xauth merge ~/.Xauthority + fi + export XAUTHORITY=$HOME/.Xauthority + export PATH="/usr/local/bin:$PATH" diff --git a/extra/playbooks/provision_oracle8_variables.yml b/extra/playbooks/provision_oracle8_variables.yml index 256907d..e8e88f2 100644 --- a/extra/playbooks/provision_oracle8_variables.yml +++ b/extra/playbooks/provision_oracle8_variables.yml @@ -13,6 +13,7 @@ initial_packages: - langpacks-en - glibc-all-langpacks - ca-certificates + - yum-utils yum_extra_groups: - "@base" - "@core" @@ -68,7 +69,7 @@ webmin: enabled: 1 zabbix: repository: - - url: https://repo.zabbix.com/zabbix/5.2/rhel/8/x86_64/zabbix-release-5.2-1.el8.noarch.rpm + - url: https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm name: zabbix-agent2 file: /etc/yum.repos.d/zabbix.repo gpgkey: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 @@ -80,16 +81,16 @@ zabbix: service: zabbix-agent2 puppet: repository: - - url: https://yum.puppet.com/puppet6-release-el-8.noarch.rpm + - url: https://yum.puppet.com/puppet7-release-el-8.noarch.rpm gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 service: - name: puppet state: stopped enabled: no priorities: - - name: puppet6 + - name: puppet7 priority: 20 - path: /etc/yum.repos.d/puppet6.repo + path: /etc/yum.repos.d/puppet7.repo package: name: puppet-agent config: diff --git a/extra/playbooks/provision_rocky8_variables.yml b/extra/playbooks/provision_rocky8_variables.yml index 21bfaa3..f76150d 100644 --- a/extra/playbooks/provision_rocky8_variables.yml +++ b/extra/playbooks/provision_rocky8_variables.yml @@ -13,6 +13,7 @@ initial_packages: - langpacks-en - glibc-all-langpacks - ca-certificates + - yum-utils yum_extra_groups: - "@base" - "@core" @@ -68,7 +69,7 @@ webmin: enabled: 1 zabbix: repository: - - url: https://repo.zabbix.com/zabbix/5.2/rhel/8/x86_64/zabbix-release-5.2-1.el8.noarch.rpm + - url: https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-1.el8.noarch.rpm name: zabbix-agent2 file: /etc/yum.repos.d/zabbix.repo gpgkey: https://repo.zabbix.com/RPM-GPG-KEY-ZABBIX-A14FE591 @@ -80,16 +81,16 @@ zabbix: service: zabbix-agent2 puppet: repository: - - url: https://yum.puppet.com/puppet6-release-el-8.noarch.rpm + - url: https://yum.puppet.com/puppet7-release-el-8.noarch.rpm gpgkey: https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 service: - name: puppet state: stopped enabled: no priorities: - - name: puppet6 + - name: puppet7 priority: 20 - path: /etc/yum.repos.d/puppet6.repo + path: /etc/yum.repos.d/puppet7.repo package: name: puppet-agent config: diff --git a/extra/playbooks/provision_vagrant.yaml b/extra/playbooks/provision_vagrant.yaml index f6084ab..9c3f27f 100644 --- a/extra/playbooks/provision_vagrant.yaml +++ b/extra/playbooks/provision_vagrant.yaml @@ -12,7 +12,7 @@ gather_facts: false pre_tasks: - name: verify_ansible_meets_version_requirements - assert: + ansible.builtin.assert: that: "ansible_version.full is version_compare('2.10', '>=')" msg: > "You must update Ansible to at least 2.10 to use this version of playbook" @@ -30,7 +30,7 @@ - assert tasks: - name: display_initial_values - debug: + ansible.builtin.debug: msg: - "Ansible package manager :{{ ansible_pkg_mgr }}" - "vagrant username :{{ vagrant_username }}" diff --git a/extra/scripts/oci/bootstrap.ps1 b/extra/scripts/oci/bootstrap.ps1 new file mode 100644 index 0000000..7067a0c --- /dev/null +++ b/extra/scripts/oci/bootstrap.ps1 @@ -0,0 +1,16 @@ + +net user opc "P@$$w0rd" /logonpasswordchg:no /active:yes +netsh advfirewall firewall set rule group="remote administration" new enable=yes +netsh advfirewall firewall add rule name="WinRM open Port 5985" dir=in action=allow protocol=TCP localport=5985 +winrm quickconfig -q +winrm quickconfig -transport:http +winrm set winrm/config '@{MaxTimeoutms="7200000"}' +winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}' +winrm set winrm/config/winrs '@{MaxProcessesPerShell="0"}' +winrm set winrm/config/winrs '@{MaxShellsPerUser="0"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service/auth '@{Basic="true"}' +winrm set winrm/config/client/auth '@{Basic="true"}' +net stop winrm +sc.exe config winrm start= auto +net start winrm \ No newline at end of file diff --git a/extra/scripts/phase-3.ps1 b/extra/scripts/phase-3.ps1 index fa2a32c..fd69ac8 100755 --- a/extra/scripts/phase-3.ps1 +++ b/extra/scripts/phase-3.ps1 @@ -4,14 +4,14 @@ param( [Parameter()] [ValidateNotNullOrEmpty()] - [string]$Version="6.26.0", + [string]$Version="7.14.0", [Parameter()] [ValidateNotNullOrEmpty()] [ValidateSet('true','false','$true','$false','0','1')] [boolean]$AddPrivateChoco=$true, [Parameter()] [ValidateNotNullOrEmpty()] - [string]$PuppetMaster="foreman.spcph.local" + [string]$PuppetMaster="foreman.example.com" ) Write-Output "Phase 3 [START] - Start of Phase 3" diff --git a/variables/variables_ubuntu2004.pkvars.hcl b/variables/variables_ubuntu2004.pkvars.hcl index 315aae2..e148f7f 100644 --- a/variables/variables_ubuntu2004.pkvars.hcl +++ b/variables/variables_ubuntu2004.pkvars.hcl @@ -1,6 +1,6 @@ -iso_url="https://ubuntu.man.lodz.pl/ubuntu-releases/20.04.3/ubuntu-20.04.3-live-server-amd64.iso" +iso_url="https://ubuntu.man.lodz.pl/ubuntu-releases/focal/ubuntu-20.04.4-live-server-amd64.iso" iso_checksum_type="sha256" -iso_checksum="f8e3086f3cea0fb3fefb29937ab5ed9d19e767079633960ccb50e76153effc98" +iso_checksum="28ccdb56450e643bad03bb7bcf7507ce3d8d90e8bf09e38f6bd9ac298a98eaad" vm_name="packer-ubuntu2004-g2" disk_size="70000" disk_additional_size=["150000"] diff --git a/variables/variables_win2022_dc.pkvars.hcl b/variables/variables_win2022_dc.pkvars.hcl index 281b136..545440c 100644 --- a/variables/variables_win2022_dc.pkvars.hcl +++ b/variables/variables_win2022_dc.pkvars.hcl @@ -1,6 +1,6 @@ -iso_url="./iso/20348.169.210806-2348.fe_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso" +iso_url="https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/SERVER_EVAL_x64FRE_en-us.iso" iso_checksum_type="sha256" -iso_checksum="4f1457c4fe14ce48c9b2324924f33ca4f0470475e6da851b39ccbf98f44e7852" +iso_checksum="3e4fa6d8507b554856fc9ca6079cc402df11a8b79344871669f0251535255325" switch_name="vSwitch" vlan_id="" vm_name="packer-windows2022dc-g2" diff --git a/variables/variables_win2022_std.pkvars.hcl b/variables/variables_win2022_std.pkvars.hcl index f2e67bd..f8d5d8e 100644 --- a/variables/variables_win2022_std.pkvars.hcl +++ b/variables/variables_win2022_std.pkvars.hcl @@ -1,6 +1,6 @@ -iso_url="./iso/20348.169.210806-2348.fe_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso" +iso_url="https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/SERVER_EVAL_x64FRE_en-us.iso" iso_checksum_type="sha256" -iso_checksum="4f1457c4fe14ce48c9b2324924f33ca4f0470475e6da851b39ccbf98f44e7852" +iso_checksum="3e4fa6d8507b554856fc9ca6079cc402df11a8b79344871669f0251535255325" switch_name="vSwitch" vlan_id="" vm_name="packer-windows2022-g2"