64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
---
|
|
# Bootstrap playbook for new VMs
|
|
#
|
|
# Run FIRST on newly provisioned VMs before security/nebula playbooks.
|
|
# Updates system packages and reboots if kernel changed.
|
|
#
|
|
# Usage: ansible-playbook -i inventory.ini playbooks/bootstrap.yml --limit "new-vm"
|
|
|
|
- name: Bootstrap New VMs
|
|
hosts: all
|
|
become: true
|
|
tasks:
|
|
- name: Initialize pacman keyring
|
|
command: pacman-key --init
|
|
args:
|
|
creates: /etc/pacman.d/gnupg/trustdb.gpg
|
|
|
|
- name: Populate pacman keyring with Arch Linux keys
|
|
command: pacman-key --populate archlinux
|
|
register: populate_result
|
|
changed_when: "'locally signed' in populate_result.stdout"
|
|
|
|
- name: Update archlinux-keyring package first
|
|
community.general.pacman:
|
|
name: archlinux-keyring
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- name: Get current running kernel version
|
|
command: uname -r
|
|
register: running_kernel
|
|
changed_when: false
|
|
|
|
- name: Update all packages
|
|
community.general.pacman:
|
|
update_cache: true
|
|
upgrade: true
|
|
register: update_result
|
|
|
|
- name: Install essential packages
|
|
community.general.pacman:
|
|
name:
|
|
- rsync
|
|
state: present
|
|
|
|
- name: Get installed kernel version
|
|
shell: pacman -Q linux | awk '{print $2}' | sed 's/\.arch/-arch/'
|
|
register: installed_kernel
|
|
changed_when: false
|
|
|
|
- name: Check if reboot is needed (kernel updated)
|
|
set_fact:
|
|
reboot_needed: "{{ running_kernel.stdout not in installed_kernel.stdout }}"
|
|
|
|
- name: Display kernel status
|
|
debug:
|
|
msg: "Running: {{ running_kernel.stdout }}, Installed: {{ installed_kernel.stdout }}, Reboot needed: {{ reboot_needed }}"
|
|
|
|
- name: Reboot if kernel was updated
|
|
reboot:
|
|
msg: "Kernel updated, rebooting"
|
|
reboot_timeout: 300
|
|
when: reboot_needed | bool
|