--- - name: read /etc/motd command: cat /etc/motd register: motd_contents - name: check whether we're running in the Hetzner rescue system fail: msg="Not running in Hetzner rescue system!" when: "'Hetzner Rescue' not in motd_contents.stdout" - name: partition and format the disks command: mkfs.btrfs -f -L rootfs -d raid1 /dev/sda /dev/sdb when: filesystem == "btrfs" - name: create BIOS boot partitions command: sgdisk -n 1:0:10M /dev/{{ item }} when: filesystem == "ext4" with_items: - sda - sdb - name: create RAID partitions command: sgdisk -n 2:0:0 /dev/{{ item }} when: filesystem == "ext4" with_items: - sda - sdb - name: set BIOS boot partition types command: sgdisk -t 1:ef02 /dev/{{ item }} when: filesystem == "ext4" with_items: - sda - sdb - name: set RAID partition types command: sgdisk -t 2:fd00 when: filesystem == "ext4" with_items: - sda - sdb - name: create MDADM array command: mdadm --create --level=1 --raid-devices=2 --run /dev/md0 /dev/sda2 /dev/sdb2 when: filesystem == "ext4" - name: format the MDADM array filesystem: dev=/dev/md0 fstype=ext4 when: filesystem == "ext4" - name: mount the filesystem (btrfs) mount: name=/mnt src='LABEL=rootfs' fstype=btrfs state=mounted when: filesystem == "btrfs" - name: mount the filesystem (ext4) mount: name=/mnt src=/dev/md0 fstype=ext4 state=mounted when: filesystem == "ext4" - name: touch LOCK file on mountpoint file: path=/mnt/LOCK state=touch - name: download bootstrap image unarchive: src: https://mirrors.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2018.05.01-x86_64.tar.gz dest: /tmp/ copy: no creates: /tmp/root.x86_64 - name: copy resolv.conf to bootstrap chroot copy: remote_src=True src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf - name: mount /proc to bootstrap chroot command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime - name: mount /sys to bootstrap chroot command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev - name: mount /dev to bootstrap chroot command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero - name: mount /mnt to bootstrap chroot command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK - name: configure pacman mirror template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644 - name: initialize pacman keyring inside bootstrap chroot command: chroot /tmp/root.x86_64 pacman-key --init - name: populate pacman keyring inside bootstrap chroot command: chroot /tmp/root.x86_64 pacman-key --populate archlinux - name: install arch base from bootstrap chroot command: chroot /tmp/root.x86_64 pacstrap /mnt base base-devel btrfs-progs grub openssh python2 creates=/tmp/root.x86_64/mnt/bin - name: mount /proc to new chroot command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime - name: mount /sys to new chroot command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev - name: mount /dev to new chroot command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero - name: generate mdadm.conf shell: mdadm --detail --scan >> /mnt/etc/mdadm.conf when: filesystem == "ext4" - name: setup locale.gen lineinfile: path: /mnt/etc/locale.gen line: "de_DE.UTF-8 UTF-8 \nen_US.UTF-8 UTF-8" - name: run locale-gen inside chroot command: chroot /mnt locale-gen - name: run systemd-firstboot command: chroot /mnt systemd-firstboot --locale=de_DE.UTF-8 --timezone=UTC --hostname={{ hostname }} - name: add mdadm_udev to mkinitcpio.conf lineinfile: dest: /mnt/etc/mkinitcpio.conf backrefs: yes regexp: '^(.*)block filesystems(.*)$' line: '\1block mdadm_udev filesystems\2' when: filesystem == "ext4" - name: run mkinitcpio command: chroot /mnt mkinitcpio -p linux - name: configure network template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644 with_items: - { src: 'eth0.j2' , dest: '/mnt/etc/netctl/eth0' } - { src: '99-hetzner.conf.j2' , dest: '/mnt/etc/sysctl.d/99-hetzner.conf' } - { src: '80-net-setup-link.rules.j2', dest: '/mnt/etc/udev/rules.d/80-net-setup-link.rules' } - name: disable systemd-networkd command: chroot /mnt systemctl disable systemd-networkd.service - name: enable netctl command: chroot /mnt netctl enable eth0 - name: install grub command: chroot /mnt grub-install --recheck {{ item }} with_items: - /dev/sda - /dev/sdb - name: configure grub command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg - name: configure nss lineinfile: dest: /mnt/etc/nsswitch.conf regexp: '^hosts:' line: 'hosts: files mymachines resolve myhostname' - name: enable services inside chroot command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved - set_fact: pubkey_list="{{ lookup('file', '../pubkeys/' + item) }}" register: pubkeys with_items: "{{ root_ssh_keys }}" - set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }} - name: add authorized key for root authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes - name: configure sshd template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644 - name: create symlink to resolv.conf file: src=/run/systemd/resolve/resolv.conf dest=/mnt/etc/resolv.conf state=link force=yes - name: remove LOCK file on mountpoint file: path=/mnt/LOCK state=absent - name: reboot into new system shell: sleep 5 && reboot & args: executable: /bin/bash async: 10 poll: 0 - name: waiting for server to go down local_action: module: wait_for host: "{{ inventory_hostname }}" port: 22 delay: 1 timeout: 60 state: stopped - name: remove server from local known_hosts file local_action: shell ssh-keygen -R {{ inventory_hostname }} ignore_errors: true - name: waiting for server to come back local_action: module: wait_for host: "{{ inventory_hostname }}" port: 22 delay: 1 timeout: 60