mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
incease-debuginfo-ftpdir
infrastructure/roles/install_arch/tasks/main.yml
Evangelos Foutras 32a8970819
install_arch: skip UEFI partition on cloud servers 
The need for UEFI booting originates from dedicated server and it does
not benefit cloud servers. It therefore makes sense to skip it on them.
2024-08-06 20:41:22 +03:00

240 lines
9.5 KiB
YAML
Raw Permalink Blame History

- name: Read /etc/motd
command: cat /etc/motd
register: motd_contents
changed_when: motd_contents.stdout | length > 0
- name: Check whether we're running in Hetzner or Equinix Metal rescue environment
fail: msg="Not running in rescue system!"
when:
- "'Hetzner Rescue' not in motd_contents.stdout"
- "'Rescue environment based on Alpine Linux' not in motd_contents.stdout"
- "'OS Rescue Environment' not in motd_contents.stdout"
# It sources some files which sets TMPDIR=/tmp/hwc which breaks mkinitcpio
- name: Remove problematic ~/.bashrc
file: path=/root/.bashrc state=absent
when: "'Hetzner Rescue' in motd_contents.stdout"
- name: Prepare Equinix Metal rescue system
when: ansible_facts['os_family'] == "Alpine"
block:
- name: Make sure all required packages are installed in the rescue system
apk: name=sgdisk,btrfs-progs,tar,gnupg update_cache=yes
- name: Create the GnuPG home directory for the root user
file: path=/root/.gnupg state=directory owner=root group=root mode=0700
# Need to set no-use-tor otherwise dirmngr hangs at startup checking if
# 127.0.0.1:9050 works and remains in SYN-SENT state for about a minute
- name: Set the no-use-tor option in dirmngr.conf
lineinfile: name=/root/.gnupg/dirmngr.conf create=yes line=no-use-tor owner=root group=root mode=0644
- name: Create partitions
command: >
sgdisk
--align-end
--clear
--new=0:0:+1M --change-name=0:'BIOS boot partition' --typecode=0:ef02
{% if ansible_virtualization_role == 'host' %}
--new=0:0:+512M --change-name=0:'EFI system partition' --typecode=0:ef00
{% endif %}
--new=0:0:0 --change-name=0:root --typecode=0:8304
{{ item }}
with_items:
- "{{ system_disks }}"
register: sgdisk
changed_when: "sgdisk.rc == 0"
- name: Store root partition number for later steps
set_fact:
root_partno: "{{ '3' if ansible_virtualization_role == 'host' else '2' }}"
- name: Partition and format the disks (btrfs RAID) # noqa no-changed-when
command: mkfs.btrfs -f -L root -d {{ raid_level | default('raid1') }} -m {{ raid_level | default('raid1') }} -O no-holes {{ system_disks | map('regex_replace', '^(.*)$', '\g<1>p' ~ root_partno if 'nvme' in system_disks[0] else '\g<1>' ~ root_partno) | join(' ') }}
when: filesystem == "btrfs" and system_disks | length >= 2
- name: Partition and format the disks (btrfs single) # noqa no-changed-when
command: mkfs.btrfs -f -L root -d single -m single -O no-holes {{ system_disks[0] }}{{ 'p' if 'nvme' in system_disks[0] }}{{ root_partno }}
when: filesystem == "btrfs" and system_disks | length == 1
- name: Mount the filesystem (btrfs)
mount: src="{{ system_disks[0] }}{{ 'p' if 'nvme' in system_disks[0] }}{{ root_partno }}" path=/mnt state=mounted fstype=btrfs opts="compress-force=zstd,space_cache=v2"
when: filesystem == "btrfs"
- name: Format and mount the EFI system partition
when: ansible_virtualization_role == 'host'
block:
- name: Format the EFI system partition # noqa no-changed-when
command: mkfs.fat -F 32 -S 4096 -n ESP {{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}
- name: Create the efi mountpoint
file: path=/mnt/efi state=directory mode='0755'
- name: Mount the efi filesystem
mount: src="{{ system_disks[0] }}{{ 'p2' if 'nvme' in system_disks[0] else '2' }}" path=/mnt/efi state=mounted fstype=vfat
- name: Touch LOCK file on mountpoint
file: path=/mnt/LOCK state=touch owner=root group=root mode=0644
- name: Download bootstrap image
get_url:
url: "{{ item }}"
dest: /tmp/
mode: '0644'
loop:
- https://geo.mirror.pkgbuild.com/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.zst
- https://archlinux.org/iso/{{ bootstrap_version }}/archlinux-bootstrap-x86_64.tar.zst.sig
- name: Get pierre's key
command: gpg --locate-keys pierre@archlinux.org
changed_when: false
- name: Verify bootstrap image signature
command: gpg --verify /tmp/archlinux-bootstrap-x86_64.tar.zst.sig
changed_when: false
- name: Extract boostrap image # noqa risky-file-permissions
unarchive:
src: /tmp/archlinux-bootstrap-x86_64.tar.zst
dest: /tmp
remote_src: true
creates: /tmp/root.x86_64
- name: Copy resolv.conf to bootstrap chroot
copy: remote_src=true src=/etc/resolv.conf dest=/tmp/root.x86_64/etc/resolv.conf owner=root group=root mode=0644
- name: Mount /proc to bootstrap chroot # noqa command-instead-of-module
command: mount --rbind /proc /tmp/root.x86_64/proc creates=/tmp/root.x86_64/proc/uptime
- name: Mount /sys to bootstrap chroot # noqa command-instead-of-module
command: mount --rbind /sys /tmp/root.x86_64/sys creates=/tmp/root.x86_64/sys/dev
- name: Mount /dev to bootstrap chroot # noqa command-instead-of-module
command: mount --rbind /dev /tmp/root.x86_64/dev creates=/tmp/root.x86_64/dev/zero
- name: Mount /mnt to bootstrap chroot # noqa command-instead-of-module
command: mount --rbind /mnt /tmp/root.x86_64/mnt creates=/tmp/root.x86_64/mnt/LOCK
- name: Configure pacman mirror
template: src=mirrorlist.j2 dest=/tmp/root.x86_64/etc/pacman.d/mirrorlist owner=root group=root mode=0644
- name: Initialize pacman keyring inside bootstrap chroot
command: chroot /tmp/root.x86_64 pacman-key --init
register: chroot_pacman_key_init
changed_when: "chroot_pacman_key_init.rc == 0"
- name: Populate pacman keyring inside bootstrap chroot
command: chroot /tmp/root.x86_64 pacman-key --populate archlinux
register: chroot_pacman_key_populate
changed_when: "chroot_pacman_key_populate.rc == 0"
- name: Install ucode update
when: ansible_virtualization_role == 'host'
block:
- name: Install ucode update for Intel
set_fact: ucode="intel-ucode"
when: "'GenuineIntel' in ansible_facts['processor']"
- name: Install ucode update for AMD
set_fact: ucode="amd-ucode"
when: "'AuthenticAMD' in ansible_facts['processor']"
- name: Install arch base from bootstrap chroot
command: chroot /tmp/root.x86_64 pacstrap /mnt base linux btrfs-progs grub openssh python-requests python-yaml inetutils {{ ucode | default('') }}
args:
creates: /tmp/root.x86_64/mnt/bin
- name: Mount /proc to new chroot # noqa command-instead-of-module
command: mount --rbind /proc /mnt/proc creates=/mnt/proc/uptime
- name: Mount /sys to new chroot # noqa command-instead-of-module
command: mount --rbind /sys /mnt/sys creates=/mnt/sys/dev
- name: Mount /dev to new chroot # noqa command-instead-of-module
command: mount --rbind /dev /mnt/dev creates=/mnt/dev/zero
- name: Run systemd-firstboot
command: chroot /mnt systemd-firstboot --locale=C.UTF-8 --timezone=UTC --hostname={{ hostname }}
register: chroot_systemd_firstboot
changed_when: "chroot_systemd_firstboot.rc == 0"
- name: Run mkinitcpio
command: chroot /mnt mkinitcpio -p linux
register: chroot_mkinitcpio
changed_when: "chroot_mkinitcpio.rc == 0"
- name: Configure networking
include_role:
name: networking
vars:
chroot_path: "/mnt"
- name: Provide default mount options (btrfs)
lineinfile:
path: /mnt/etc/default/grub
owner: root
group: root
mode: '0644'
regexp: "^GRUB_CMDLINE_LINUX_DEFAULT="
line: "GRUB_CMDLINE_LINUX_DEFAULT=\"rootflags=compress-force=zstd\""
when: filesystem == "btrfs"
- name: Install grub (legacy mode)
command: chroot /mnt grub-install --target=i386-pc --recheck {{ item }}
with_items:
- "{{ system_disks }}"
register: chroot_grub_install_legacy
changed_when: "chroot_grub_install_legacy.rc == 0"
- name: Install grub (uefi mode)
command: chroot /mnt grub-install --target=x86_64-efi --efi-directory=/efi --removable --recheck {{ item }}
with_items:
- "{{ system_disks }}"
register: chroot_grub_install_uefi
changed_when: "chroot_grub_install_uefi.rc == 0"
when: ansible_virtualization_role == 'host'
- name: Configure grub
command: chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
register: chroot_grub_mkconfig
changed_when: "chroot_grub_mkconfig.rc == 0"
- name: Setup pacman-init.service on first boot
copy: src=pacman-init.service dest=/mnt/etc/systemd/system/ owner=root group=root mode=0644
- name: Setup ec2-public-keys on first boot
copy: src={{ item.src }} dest=/mnt/{{ item.dest }} owner=root group=root mode={{ item.mode }}
loop:
- {src: ec2-public-keys, dest: /usr/local/bin/, mode: 755}
- {src: ec2-public-keys.service, dest: /etc/systemd/system/, mode: 644}
when: install_ec2_public_keys_service | default(false)
- name: Remove generated keyring in the installation process
file: path=/mnt/etc/pacman.d/gnupg state=absent
- name: Make sure /etc/machine-id is absent
file: path=/mnt/etc/machine-id state=absent
- name: Enable services inside chroot
command: chroot /mnt systemctl enable sshd systemd-networkd systemd-resolved pacman-init {{ 'ec2-public-keys' if install_ec2_public_keys_service | default(false) }}
register: chroot_systemd_services
changed_when: "chroot_systemd_services.rc == 0"
- name: Add authorized key for root
include_role:
name: root_ssh
vars:
root_ssh_directory: /tmp/root.x86_64/mnt/root/.ssh
when: not install_ec2_public_keys_service | default(false)
- name: Configure sshd via drop-in
template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config.d/override.conf owner=root group=root mode=0644
- name: Clean pacman cache # noqa risky-shell-pipe ("Illegal option -o pipefail" in Hetzner's recovery environment (dash?))
shell: yes | chroot /mnt pacman -Scc
register: chroot_pacman_clean_cache
changed_when: "chroot_pacman_clean_cache.rc == 0"
- name: Remove LOCK file on mountpoint
file: path=/mnt/LOCK state=absent
View Git Blame Copy Permalink