forked from msvsphere/cloud-images
149 lines
3.6 KiB
149 lines
3.6 KiB
2 years ago
|
---
|
||
|
- name: Remove old kernels
|
||
|
ansible.builtin.shell: dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)
|
||
|
|
||
|
- name: Delete DNF cache
|
||
|
ansible.builtin.command: dnf clean all
|
||
|
|
||
|
- name: Find DNF history files
|
||
|
ansible.builtin.find:
|
||
|
paths: /var/lib/dnf
|
||
|
patterns: "history*"
|
||
|
register: dnf_history
|
||
|
|
||
|
- name: Reset DNF history
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item.path }}"
|
||
|
state: absent
|
||
|
loop: "{{ dnf_history.files }}"
|
||
|
|
||
|
- name: Find temporary files
|
||
|
ansible.builtin.find:
|
||
|
file_type: any
|
||
|
paths:
|
||
|
- /tmp
|
||
|
- /var/tmp
|
||
|
patterns: '*'
|
||
|
register: tmp_files
|
||
|
|
||
|
- name: Remove temporary files
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item.path }}"
|
||
|
state: absent
|
||
|
loop: "{{ tmp_files.files }}"
|
||
|
|
||
|
- name: Find SSH host keys
|
||
|
ansible.builtin.find:
|
||
|
paths: /etc/ssh
|
||
|
patterns: '*host*key*'
|
||
|
register: host_keys
|
||
|
|
||
|
- name: Remove SSH host keys
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item.path }}"
|
||
|
state: absent
|
||
|
loop: "{{ host_keys.files }}"
|
||
|
|
||
|
- name: Remove kickstart files
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item }}"
|
||
|
state: absent
|
||
|
loop:
|
||
|
- /root/anaconda-ks.cfg
|
||
|
- /root/original-ks.cfg
|
||
|
|
||
|
- name: Truncate files
|
||
|
ansible.builtin.command: "truncate -s 0 {{ item }}"
|
||
|
loop:
|
||
|
- /etc/machine-id
|
||
|
- /etc/resolv.conf
|
||
|
- /var/log/audit/audit.log
|
||
|
- /var/log/wtmp
|
||
|
- /var/log/lastlog
|
||
|
- /var/log/btmp
|
||
|
- /var/log/cron
|
||
|
- /var/log/maillog
|
||
|
- /var/log/messages
|
||
|
- /var/log/secure
|
||
|
- /var/log/spooler
|
||
|
|
||
|
- name: Remove log folders.
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item }}"
|
||
|
state: absent
|
||
|
loop:
|
||
|
- /var/log/anaconda
|
||
|
- /var/log/qemu-ga
|
||
|
- /var/log/tuned
|
||
|
- /var/lib/cloud
|
||
|
- /etc/hostname
|
||
|
- /etc/machine-info
|
||
|
- /var/lib/systemd/credential.secret
|
||
|
|
||
|
- name: Find log files.
|
||
|
ansible.builtin.find:
|
||
|
paths:
|
||
|
- /var/log
|
||
|
- /var/log/sssd
|
||
|
patterns: '*log,*.old,*.log.gz,*.[0-9],*.gz,*-????????'
|
||
|
register: log_files
|
||
|
|
||
|
- name: Remove log files
|
||
|
ansible.builtin.file:
|
||
|
path: "{{ item.path }}"
|
||
|
state: absent
|
||
|
loop: "{{ log_files.files }}"
|
||
|
|
||
|
- name: Remove random-seed
|
||
|
ansible.builtin.file:
|
||
|
path: /var/lib/systemd/random-seed
|
||
|
state: absent
|
||
|
|
||
|
- name: Disable root SSH login via password
|
||
|
ansible.builtin.file:
|
||
|
path: /etc/ssh/sshd_config.d/01-permitrootlogin.conf
|
||
|
state: absent
|
||
|
when: ansible_facts['distribution_major_version'] == '9'
|
||
|
|
||
|
- name: Fill free space with zeroes
|
||
|
ansible.builtin.shell: dd if=/dev/zero of=/zeroed_file bs=1M oflag=direct || rm -f /zeroed_file
|
||
|
|
||
|
- name: Detect swap partition
|
||
|
ansible.builtin.command: grep -oP '^/dev/[\w-]+' /proc/swaps
|
||
|
register: swaps
|
||
|
ignore_errors: true
|
||
|
|
||
|
- name: Wipe out swap data
|
||
|
block:
|
||
|
- name: Get swap partition UUID
|
||
|
ansible.builtin.command: "blkid {{ swaps.stdout }} -s UUID -o value"
|
||
|
register: swap_blkid
|
||
|
|
||
|
- name: Unmount swap partition
|
||
|
ansible.builtin.command: "swapoff {{ swaps.stdout }}"
|
||
|
|
||
|
- name: Fill swap partition with zeroes
|
||
|
ansible.builtin.shell: "dd if=/dev/zero of={{ swaps.stdout }} bs=1M oflag=direct || /bin/true"
|
||
|
|
||
|
- name: Format swap partition
|
||
|
ansible.builtin.command: "mkswap -U {{ swap_blkid.stdout }} -f {{ swaps.stdout }}"
|
||
|
|
||
|
- name: Mount swap partition
|
||
|
ansible.builtin.command: "swapon {{ swaps.stdout }}"
|
||
|
when: swaps.rc == 0
|
||
|
|
||
|
- name: Sync disc
|
||
|
ansible.builtin.command: sync
|
||
|
|
||
|
- name: Clear shell history
|
||
|
ansible.builtin.shell: history -c
|
||
|
|
||
|
- name: Check if WALinuxAgent is installed
|
||
|
ansible.builtin.stat:
|
||
|
path: /usr/sbin/waagent
|
||
|
register: cleanup_vm_waagent
|
||
|
|
||
|
- name: Deprovision WALinuxAgent
|
||
|
ansible.builtin.command: waagent -deprovision+user -force
|
||
|
when: cleanup_vm_waagent.stat.exists
|