Add Ansible provisioner and playbook for Ubuntu 20.04 + 18.04 (#109)

Initial introduction of Ansible use for Ubuntu :
- Adds `ansible-local` provisioner to Ubuntu builds.
- Adde an initial playbook to remove steps from the `shell` build's provisioner scripts.
- Removes steps in the `ubuntu*.sh` scripts for which Ansible now performs.

More to come for #54. Stay tuned!

builds/linux/ubuntu-server-18-04-lts/linux-ubuntu-server.pkr.hcl

@@ -138,6 +138,10 @@ build {
     source      = "${path.cwd}/certificates/root-ca.crt"
   }
 
+  provisioner "ansible-local" {
+    playbook_file = "${path.cwd}/scripts/ansible/playbook.yml"
+  }
+
   provisioner "shell" {
     execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'"
     environment_vars = [

builds/linux/ubuntu-server-20-04-lts/linux-ubuntu-server.pkr.hcl

@@ -136,8 +136,12 @@ build {
     source      = "${path.cwd}/certificates/root-ca.crt"
   }
 
+  provisioner "ansible-local" {
+    playbook_file = "${path.cwd}/scripts/ansible/playbook.yml"
+  }
+
   provisioner "shell" {
-    execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'"
+    execute_command  = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'"
     environment_vars = [
       "BUILD_USERNAME=${var.build_username}",
       "BUILD_KEY=${var.build_key}",

scripts/ansible/playbook.yml

@@ -0,0 +1,51 @@
+---
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
+# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+- hosts: localhost
+  gather_facts: yes
+  become: true
+  tasks:
+  - name: System Details
+    debug: msg="{{ item }}"
+    with_items: 
+    - "{{ ansible_distribution }}"
+
+  - block: # Ubuntu Distributions
+    - name: Update Cache and Upgrade Packages
+      apt:
+        name: "*"
+        state: latest
+        update_cache: yes
+        force_apt_get: true
+
+    - name: Install Additional Packages
+      apt:
+        name:
+          - bash-completion
+          - curl
+          - wget
+          - git
+          - net-tools
+          - unzip
+          - ca-certificates
+        state: latest
+
+    - name: Install CA Certificate
+      copy:
+        src: /tmp/root-ca.crt
+        dest: /usr/local/share/ca-certificates/
+        owner: root
+        group: root
+        mode: 0644
+      notify:
+      - Ubuntu - Update Trusted CA
+      when:
+        - ansible_distribution == "Ubuntu"
+
+  handlers:
+      - name: Ubuntu - Update Trusted CA
+        shell: /usr/sbin/update-ca-certificates

scripts/linux/ubuntu-server-18.sh

@@ -13,29 +13,6 @@ export BUILD_KEY
 export ANSIBLE_USERNAME
 export ANSIBLE_KEY
 
-### Update the guest operating system. ###
-echo '> Updating the guest operating system ...'
-sudo apt-get update
-sudo apt-get upgrade -y
-
-### Install additional packages. ### 
-echo '> Installing additional packages ...'
-sudo apt-get install -y \
-    curl \
-    wget \
-    git \
-    net-tools \
-    unzip \
-    ca-certificates
-
-### Install the Certificate Authority certificates and add to the certificate authority trust. ###
-echo '> Installing the Certificate Authority certificates and adding to the certificate authority trust ...'
-sudo chown -R root:root /tmp/root-ca.crt
-sudo chmod 644 /tmp/root-ca.crt
-sudo cp /tmp/root-ca.crt /usr/local/share/ca-certificates/
-sudo update-ca-certificates
-sudo rm -rf /tmp/root-ca.crt
-
 ### Update the default local user. ###
 echo '> Updating the default local user ...'
 echo '> Adding authorized_keys for the default local user ...'
@@ -78,10 +55,10 @@ sudo systemctl restart sshd
 
 ### Create the clean script. ###
 echo '> Creating the clean script ...'
-sudo cat <<EOF > /tmp/clean.sh
+sudo cat <<EOF > /home/$BUILD_USERNAME/clean.sh
 #!/bin/bash
 
-###  Cleans all audit logs. ### 
+###  Cleans all audit logs. ###
 echo '> Cleaning all audit logs ...'
 if [ -f /var/log/audit/audit.log ]; then
 cat /dev/null > /var/log/audit/audit.log
@@ -93,7 +70,7 @@ if [ -f /var/log/lastlog ]; then
 cat /dev/null > /var/log/lastlog
 fi
 
-### Cleans persistent udev rules. ### 
+### Cleans persistent udev rules. ###
 echo '> Cleaning persistent udev rules ...'
 if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
 rm /etc/udev/rules.d/70-persistent-net.rules
@@ -132,18 +109,17 @@ echo > ~/.bash_history
 rm -fr /root/.bash_history
 EOF
 
-### Change the permissions on /tmp/clean.sh. ###
-echo '> Changing the permissions on /tmp/clean.sh ...'
-sudo chmod +x /tmp/clean.sh
+### Change the permissions on /home/$BUILD_USERNAME/clean.sh. ###
+echo '> Changing the permissions on /home/$BUILD_USERNAME/clean.sh ...'
+sudo chmod +x /home/$BUILD_USERNAME/clean.sh
 
-### Run the clean script. ### 
+### Run the clean script. ###
 echo '> Running the clean script ...'
-sudo /tmp/clean.sh
+sudo /home/$BUILD_USERNAME/clean.sh
 
-### Generate the host keys using ssh-keygen. ### 
+### Generate the host keys using ssh-keygen. ###
 echo '> Generating the host keys using ssh-keygen ...'
 sudo ssh-keygen -A
 
-### Done. ### 
-echo '> Done.'  
-
+### Done. ###
+echo '> Done.'

scripts/linux/ubuntu-server-2x.sh

@@ -13,29 +13,6 @@ export BUILD_KEY
 export ANSIBLE_USERNAME
 export ANSIBLE_KEY
 
-### Update the guest operating system. ###
-echo '> Updating the guest operating system ...'
-sudo apt-get update
-sudo apt-get upgrade -y
-
-### Install additional packages. ### 
-echo '> Installing additional packages ...'
-sudo apt-get install -y \
-    curl \
-    wget \
-    git \
-    net-tools \
-    unzip \
-    ca-certificates
-
-### Install the Certificate Authority certificates and add to the certificate authority trust. ###
-echo '> Installing the Certificate Authority certificates and adding to the certificate authority trust ...'
-sudo chown -R root:root /tmp/root-ca.crt
-sudo chmod 644 /tmp/root-ca.crt
-sudo cp /tmp/root-ca.crt /usr/local/share/ca-certificates/
-sudo update-ca-certificates
-sudo rm -rf /tmp/root-ca.crt
-
 ### Update the default local user. ###
 echo '> Updating the default local user ...'
 echo '> Adding authorized_keys for the default local user ...'
@@ -78,10 +55,10 @@ sudo systemctl restart sshd
 
 ### Create the clean script. ###
 echo '> Creating the clean script ...'
-sudo cat <<EOF > /tmp/clean.sh
+sudo cat <<EOF > /home/$BUILD_USERNAME/clean.sh
 #!/bin/bash
 
-###  Cleans all audit logs. ### 
+###  Cleans all audit logs. ###
 echo '> Cleaning all audit logs ...'
 if [ -f /var/log/audit/audit.log ]; then
 cat /dev/null > /var/log/audit/audit.log
@@ -93,7 +70,7 @@ if [ -f /var/log/lastlog ]; then
 cat /dev/null > /var/log/lastlog
 fi
 
-### Cleans persistent udev rules. ### 
+### Cleans persistent udev rules. ###
 echo '> Cleaning persistent udev rules ...'
 if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
 rm /etc/udev/rules.d/70-persistent-net.rules
@@ -139,17 +116,17 @@ echo > ~/.bash_history
 rm -fr /root/.bash_history
 EOF
 
-### Change the permissions on /tmp/clean.sh . ###
-echo '> Changing the permissions on /tmp/clean.sh ...'
-sudo chmod +x /tmp/clean.sh
+### Change the permissions on /home/$BUILD_USERNAME/clean.sh . ###
+echo '> Changing the permissions on /home/$BUILD_USERNAME/clean.sh ...'
+sudo chmod +x /home/$BUILD_USERNAME/clean.sh
 
-### Run the clean script. ### 
+### Run the clean script. ###
 echo '> Running the clean script ...'
-sudo /tmp/clean.sh
+sudo /home/$BUILD_USERNAME/clean.sh
 
-### Generate the host keys using ssh-keygen. ### 
+### Generate the host keys using ssh-keygen. ###
 echo '> Generating the host keys using ssh-keygen ...'
 sudo ssh-keygen -A
 
-### Done. ### 
+### Done. ###
 echo '> Done.'