Quattor role #75
Draft
Quattor role #75
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
khalford
force-pushed
the
quattor-role-rebase
branch
from
27ca000 to
cd1ac22
Compare
meoflynn
requested changes
Nov 18, 2025
khalford
force-pushed
the
quattor-role-rebase
branch
2 times, most recently
from
cf91ce4 to
6ba7bdf
Compare
Member
Author
|
To be merged after #76 |
Removing all this code as it is either duplicated or not used in the new workflow.
Having the playbooks in this directory means we have to specify the path to the roles. By moving it into the root level we can use roles the way ansible intended by just specifying the name
We only have one build file so it doesn't need to be in a directory
Adding more comprehensive instructions to how to use the image builders for release and bug fixing. Add python requirements for ansible version as Rocky 8 requires an old version of ansible. Remove requirements for Ansible Galaxy as the only collections listed are available in the default installation. Pin openstackcli version as it is most compatible for openstack yoga
Moving the become statement to each task rather than running the entire playbook as root. This is safer as any new task added will not be run as root by default. It is better practice. Adding whitespaces to jinja templates and triple dashes to start files. Removing ansible.cfg as the default role path is "roles" anyway. This was here because the playbooks were in a separate directory.
Updating the GitHub workflow as the directories have changed and the inventory has been removed
In case images are not cleaned up we should append the timedate to the name so we can track which ones they are.
Adding an inventory file so people can test changes to the images on a VM without using Packer to avoid long pipeline wait times.
khalford
force-pushed
the
quattor-role-rebase
branch
from
6ba7bdf to
a885a81
Compare
Rename the VM baseline playbook to describe what it does. We should have individual playbooks using multiple roles
This allows the playbooks to be run separately which reduces the pipeline time when bug fixing
Move wazuh into its own role rather than the vm baseline
This task does not do anything for us anymore as we are not building on top of old images so there won't be any other client keys in the file
Adding a role for image fixes so it isn't included in the VM baseline
Move the fix into the image_fixes role
This role should include packages that must be installed by the system but require no other configuration
Moving cron into the packages role as it doesn't require any config
Moving this task into the packages role to be installed
Add the full ansible task name as is best practice and become to the tasks. We should be using become on a task level not a playbook level
Moving pakiti from the baseline role into its own. This is because we should include it in the baseline playbook as a role
OpenScap has been replaced by Wazuh
This should be it's own role to apply to any image and the baseline
Tidy the task and files by adding fully qualified ansible task names and become statements. Also remove commented code in the script
Move this task into the packages role as it doesn't require any configuration
Move the tasks into a single task using conditional blocks.
Move to os_family for ubuntu/rocky checks incase we move from rocky or ubuntu to another os in the families.
Move rsyslog out of vm baseline into a role
Add become on task level and fully qualified ansible task names
Moving grub from the baseline role into it's own
Each task in the VM baseline role has been moved into it's own role or a shared role. This way playbooks can determine what tasks to do rather than one giant role. merge remove baseline
All roles to do with VM baseline and compliance have been moved to the common directory. They are still atomic but neater in a single directory
Adds the new playbooks to the github workflow to make sure they are working
Updating the docs to add the 2 new playbooks
This allows us to keep the base metadata the same for all images and merge on top metadata for aq images. Using a second provisioner for quattor ensures that the aq images start from the same base
We don't use this interface as we use eth0 instead. Having this interface stops network.service from starting
We don't need to tidy quattor as the base images don't have quattor and we are not building off of old images
Installs quattor onto a Rocky machine
Update the readme to include the quattor changes too.
khalford
force-pushed
the
quattor-role-rebase
branch
from
a885a81 to
a3014a3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add role to install quattor onto rocky images. Adds separate builders for aquilon images