131 lines
3.1 KiB
YAML
131 lines
3.1 KiB
YAML
---
|
|
- name: Set hostname to generic localhost
|
|
ansible.builtin.hostname:
|
|
name: localhost.localdomain
|
|
# use: systemd
|
|
|
|
- name: Ensure IPv4 localhost entry exists in /etc/hosts
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
line: "127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4"
|
|
state: present
|
|
create: yes
|
|
regexp: '^127\.0\.0\.1\s+localhost'
|
|
|
|
- name: Remove IPv6 localhost entry (::1) from /etc/hosts
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/hosts
|
|
regexp: '^::1\s+localhost'
|
|
state: absent
|
|
|
|
- name: Clean APT cache
|
|
ansible.builtin.apt:
|
|
autoclean: yes
|
|
autoremove: yes
|
|
update_cache: no
|
|
|
|
# - name: Remove xbazzi user
|
|
# ansible.builtin.user:
|
|
# name: xbazzi
|
|
# state: absent
|
|
# remove: true
|
|
|
|
- name: Truncate machine-id
|
|
ansible.builtin.command: truncate -s 0 /etc/machine-id
|
|
|
|
- name: Remove DBus machine-id if exists
|
|
ansible.builtin.file:
|
|
path: /var/lib/dbus/machine-id
|
|
state: absent
|
|
|
|
- name: Remove root SSH folder
|
|
ansible.builtin.file:
|
|
path: /root/.ssh
|
|
state: absent
|
|
|
|
- name: Remove anaconda kickstart config
|
|
ansible.builtin.file:
|
|
path: /root/anaconda-ks.cfg
|
|
state: absent
|
|
|
|
- name: Truncate logs
|
|
ansible.builtin.shell: |
|
|
find /var/log -type f -exec truncate -s 0 {} \;
|
|
|
|
# - name: Clear logs
|
|
# ansible.builtin.file:
|
|
# path: "{{ item }}"
|
|
# state: absent
|
|
# loop:
|
|
# - /var/log/boot.log
|
|
# - /var/log/cron
|
|
# - /var/log/dmesg
|
|
# - /var/log/grubby
|
|
# - /var/log/lastlog
|
|
# - /var/log/maillog
|
|
# - /var/log/messages
|
|
# - /var/log/secure
|
|
# - /var/log/spooler
|
|
# - /var/log/tallylog
|
|
# - /var/log/wtmp
|
|
# - /var/log/yum.log
|
|
# - /var/log/audit/audit.log
|
|
# - /var/log/tuned/tuned.log
|
|
# - /var/log/wpa_supplicant.log
|
|
# - /var/log/ovirt-guest-agent/ovirt-guest-agent.log
|
|
|
|
- name: Truncate logs
|
|
ansible.builtin.shell: |
|
|
find /var/log -type f -exec truncate -s 0 {} \;
|
|
|
|
|
|
- name: Rotate and vacuum journal logs
|
|
ansible.builtin.shell: |
|
|
journalctl --rotate
|
|
journalctl --vacuum-time=1s
|
|
when: ansible_facts['distribution_major_version'] is version('8', '>=')
|
|
|
|
- name: Clear bash history
|
|
ansible.builtin.shell: |
|
|
unset HISTFILE
|
|
rm -f /root/.bash_history
|
|
find /home -name .bash_history -exec rm -f {} \;
|
|
become: true
|
|
|
|
- name: Find all SSH keys
|
|
ansible.builtin.find:
|
|
paths:
|
|
- /etc/ssh
|
|
- /home/
|
|
patterns:
|
|
- "ssh_host*"
|
|
- "id_*"
|
|
- "authorized_keys"
|
|
- "known_hosts"
|
|
use_regex: false
|
|
recurse: true
|
|
file_type: file
|
|
register: ssh_files
|
|
|
|
- name: Debug found SSH keys
|
|
debug:
|
|
msg: "{{ item.path }}"
|
|
loop: "{{ ssh_files.files }}"
|
|
|
|
- name: Remove SSH keys
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
loop: "{{ ssh_files.files }}"
|
|
# loop: "{{ ssh_keys.results | map(attribute='files') | flatten }}"
|
|
|
|
- name: Sync changes to disk
|
|
ansible.builtin.command: sync
|
|
|
|
- name: Remove old local SSH known_hosts entry (necessary to avoid fingerprint warning)
|
|
become_user: xbazzi
|
|
local_action:
|
|
module: command
|
|
args:
|
|
cmd: ssh-keygen -R "{{ hostvars['sysprep_vm'].ansible_host }}"
|