4b177b71b5
Addressing need to lock down system users Change-Id: I76c3772bda963bff1e861e6361977010d5964ef3
68 lines
2.3 KiB
YAML
68 lines
2.3 KiB
YAML
- name: "Including any user-defined vars"
|
|
include_vars:
|
|
file: main.yaml
|
|
name: user-vars
|
|
|
|
# Tasks run when building image-builder container
|
|
- name: "configure cloud-init"
|
|
include_tasks: cloud-init.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure modules"
|
|
include_tasks: modules.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure limits"
|
|
include_tasks: limits.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure sysctl"
|
|
include_tasks: sysctl.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure grub"
|
|
include_tasks: grub.yaml
|
|
when: run_context == default_run_context or run_context == qcow_run_context
|
|
- name: "configure kdump-tools"
|
|
include_tasks: kdump-tools.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure kubernetes"
|
|
include_tasks: kubernetes.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure locale"
|
|
include_tasks: locale.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure hostname and hosts"
|
|
include_tasks: hostname-hosts.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure banners"
|
|
include_tasks: banners.yaml
|
|
when: run_context == default_run_context
|
|
- name: "unattended upgrades"
|
|
include_tasks: unattended-upgrades.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure systemd-resolved"
|
|
include_tasks: systemd-resolved.yaml
|
|
when: run_context == default_run_context
|
|
- name: "configure base systemd"
|
|
include_tasks: systemd.yaml
|
|
when: run_context == default_run_context
|
|
- name: "fetch url resource"
|
|
include_tasks: fetch-from-url.yaml
|
|
when: run_context == default_run_context
|
|
|
|
# Context-dependent tasks
|
|
- name: "write user-provided files"
|
|
include_tasks: write-user-files.yaml
|
|
- name: "configure user-defined systemd"
|
|
include_tasks: systemd-user.yaml
|
|
- name: "run system-defined scripts for qcow"
|
|
include_tasks: runtime-system-scripts.yaml
|
|
when: run_context == qcow_run_context
|
|
- name: "run user-defined scripts"
|
|
include_tasks: user-scripts.yaml
|
|
- name: "configure file permissions"
|
|
include_tasks: file-permissions.yaml
|
|
- name: "configure user password settings"
|
|
include_tasks: user-management.yaml
|
|
|
|
# Context-independent cleanup tasks
|
|
- name: "finalize rootfs"
|
|
include_tasks: finalize-rootfs.yaml
|