refactor: Use dedicated Ansible modules to clean up the VM

ansible/roles/clean/tasks/debian.yml

@@ -1,32 +1,64 @@
 ---
-- name: "Cleaning all audit logs."
-  shell: |
-    if [ -f /var/log/audit/audit.log ]; then
-    cat /dev/null > /var/log/audit/audit.log
-    fi
-    if [ -f /var/log/wtmp ]; then
-    cat /dev/null > /var/log/wtmp
-    fi
-    if [ -f /var/log/lastlog ]; then
-    cat /dev/null > /var/log/lastlog
-    fi
-- name: "Cleaning persistent udev rules."
-  shell: |
-    if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
-    rm /etc/udev/rules.d/70-persistent-net.rules
-    fi
+- name: "Cleaning all audit logs"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /var/log/audit/audit.log
+    - /var/log/lastlog
+    - /var/log/wtmp
+
+- name: "Cleaning persistent udev rules"
+  ansible.builtin.file:
+    path: /etc/udev/rules.d/70-persistent-net.rules
+    state: absent
+
+- name: "Find the /tmp directories"
+  ansible.builtin.find:
+    paths:
+      - /tmp
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
+
 - name: "Cleaning the /tmp directories"
-  shell: |
-    rm -rf /tmp/*
-    rm -rf /var/tmp/*
-- name: "Cleaning the SSH host keys."
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
-- name: "Cleaning the machine-id."
-  shell: |
-    truncate -s 0 /etc/machine-id
-    rm /var/lib/dbus/machine-id
-    ln -s /etc/machine-id /var/lib/dbus/machine-id
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: "Find the SSH host keys"
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
+
+- name: "Cleaning the SSH host keys"
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: "Cleaning the machine-id"
+  block:
+    - name: "Resize /etc/machine-id"
+      community.general.filesize:
+        path: /etc/machine-id
+        size: 0B
+    - name: "Remove /var/lib/dbus/machine-id"
+      ansible.builtin.file:
+        path: /var/lib/dbus/machine-id
+        state: absent
+    - name: "Create a sybmolic link"
+      ansible.builtin.file:
+        src: /etc/machine-id
+        dest: /var/lib/dbus/machine-id
+        state: link
+
 - name: "Cleaning the shell history."
   shell: |
     unset HISTFILE

ansible/roles/clean/tasks/redhat.yml

@@ -1,42 +1,74 @@
 ---
-- name: "Cleaning all audit logs."
-  shell: |
-    if [ -f /var/log/audit/audit.log ]; then
-    cat /dev/null > /var/log/audit/audit.log
-    fi
-    if [ -f /var/log/wtmp ]; then
-    cat /dev/null > /var/log/wtmp
-    fi
-    if [ -f /var/log/lastlog ]; then
-    cat /dev/null > /var/log/lastlog
-    fi
-- name: "Cleaning persistent udev rules."
-  shell: |
-    if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
-    rm /etc/udev/rules.d/70-persistent-net.rules
-    fi
+- name: "Cleaning all audit logs"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /var/log/audit/audit.log
+    - /var/log/lastlog
+    - /var/log/wtmp
+
+- name: "Cleaning persistent udev rules"
+  ansible.builtin.file:
+    path: /etc/udev/rules.d/70-persistent-net.rules
+    state: absent
+
+- name: "Find the /tmp directories"
+  ansible.builtin.find:
+    paths:
+      - /tmp
+      - /var/cache/dnf
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
+
 - name: "Cleaning the /tmp directories"
-  shell: |
-    rm -rf /tmp/*
-    rm -rf /var/tmp/*
-    rm -rf /var/cache/dnf/*
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
 - name: "Cleaning the Red Hat Subscription Manager logs."
   shell: |
     rm -rf /var/log/rhsm/*
   when: "ansible_facts['distribution'] == 'RedHat'"
-- name: "Cleaning the SSH host keys."
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
-- name: "Cleaning the machine-id."
-  when: 'ansible_facts[''distribution_major_version''] <= "8"'
-  shell: |
-    truncate -s 0 /etc/machine-id
-    rm /var/lib/dbus/machine-id
-    ln -s /etc/machine-id /var/lib/dbus/machine-id
-- name: "Cleaning the machine-id."
-  when: 'ansible_facts[''distribution_major_version''] >= "9"'
-  shell: |
-    truncate -s 0 /etc/machine-id
+  args:
+    warn: false
+
+- name: "Find the SSH host keys"
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
+
+- name: "Cleaning the SSH host keys"
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: "Cleaning the machine-id"
+  block:
+    - name: "Resize /etc/machine-id"
+      community.general.filesize:
+        path: /etc/machine-id
+        size: 0B
+    - name: "Remove /var/lib/dbus/machine-id"
+      ansible.builtin.file:
+        path: /var/lib/dbus/machine-id
+        state: absent
+      when: 'ansible_facts[''distribution_major_version''] <= "8"'
+    - name: "Create a sybmolic link"
+      ansible.builtin.file:
+        src: /etc/machine-id
+        dest: /var/lib/dbus/machine-id
+        state: link
+      when: 'ansible_facts[''distribution_major_version''] <= "8"'
+
 - name: "Cleaning the shell history."
   shell: |
     unset HISTFILE

ansible/roles/clean/tasks/sles.yml

@@ -1,35 +1,61 @@
 ---
-- name: "Cleaning all audit logs."
-  shell: |
-    if [ -f /var/log/audit/audit.log ]; then
-    cat /dev/null > /var/log/audit/audit.log
-    fi
-    if [ -f /var/log/wtmp ]; then
-    cat /dev/null > /var/log/wtmp
-    fi
-    if [ -f /var/log/lastlog ]; then
-    cat /dev/null > /var/log/lastlog
-    fi
-- name: "Cleaning persistent udev rules."
-  shell: |
-    if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
-    rm /etc/udev/rules.d/70-persistent-net.rules
-    fi
+- name: "Cleaning all audit logs"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /var/log/audit/audit.log
+    - /var/log/lastlog
+    - /var/log/wtmp
+    - /var/log/zypper.log
+
+- name: "Cleaning persistent udev rules"
+  ansible.builtin.file:
+    path: /etc/udev/rules.d/70-persistent-net.rules
+    state: absent
+
+- name: "Find the /tmp directories"
+  ansible.builtin.find:
+    paths:
+      - /tmp
+      - /var/cache/zypp
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
+
 - name: "Cleaning the /tmp directories"
-  shell: |
-    rm -rf /tmp/*
-    rm -rf /var/tmp/*
-    rm -rf /var/cache/zypp/*
-    rm -f /var/log/zypper.log
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
 - name: "Cleaning the SCC files."
   shell: |
     rm -rf /etc/SUSEConnect
-- name: "Cleaning the SSH host keys."
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
-- name: "Cleaning the machine-id."
-  shell: |
-    truncate -s 0 /etc/machine-id
+  args:
+    warn: false
+
+- name: "Find the SSH host keys"
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
+
+- name: "Cleaning the SSH host keys"
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: "Cleaning the machine-id"
+  community.general.filesize:
+    path: /etc/machine-id
+    size: 0B
+
 - name: "Cleaning the shell history."
   shell: |
     unset HISTFILE

ansible/roles/clean/tasks/ubuntu.yml

@@ -1,32 +1,64 @@
 ---
-- name: "Cleaning all audit logs."
-  shell: |
-    if [ -f /var/log/audit/audit.log ]; then
-    cat /dev/null > /var/log/audit/audit.log
-    fi
-    if [ -f /var/log/wtmp ]; then
-    cat /dev/null > /var/log/wtmp
-    fi
-    if [ -f /var/log/lastlog ]; then
-    cat /dev/null > /var/log/lastlog
-    fi
-- name: "Cleaning persistent udev rules."
-  shell: |
-    if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
-    rm /etc/udev/rules.d/70-persistent-net.rules
-    fi
+- name: "Cleaning all audit logs"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /var/log/audit/audit.log
+    - /var/log/lastlog
+    - /var/log/wtmp
+
+- name: "Cleaning persistent udev rules"
+  ansible.builtin.file:
+    path: /etc/udev/rules.d/70-persistent-net.rules
+    state: absent
+
+- name: "Find the /tmp directories"
+  ansible.builtin.find:
+    paths:
+      - /tmp
+      - /var/tmp
+    file_type: any
+  register: find_tmp_directories
+
 - name: "Cleaning the /tmp directories"
-  shell: |
-    rm -rf /tmp/*
-    rm -rf /var/tmp/*
-- name: "Cleaning the SSH host keys."
-  shell: |
-    rm -f /etc/ssh/ssh_host_*
-- name: "Cleaning the machine-id."
-  shell: |
-    truncate -s 0 /etc/machine-id
-    rm /var/lib/dbus/machine-id
-    ln -s /etc/machine-id /var/lib/dbus/machine-id
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_tmp_directories.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: "Find the SSH host keys"
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: 'ssh_host_*'
+  register: find_ssh_host_keys
+
+- name: "Cleaning the SSH host keys"
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_ssh_host_keys.files }}"
+  loop_control:
+    label: "{{ item.path }}"
+
+- name: "Cleaning the machine-id"
+  block:
+    - name: "Resize /etc/machine-id"
+      community.general.filesize:
+        path: /etc/machine-id
+        size: 0B
+    - name: "Remove /var/lib/dbus/machine-id"
+      ansible.builtin.file:
+        path: /var/lib/dbus/machine-id
+        state: absent
+    - name: "Create a sybmolic link"
+      ansible.builtin.file:
+        src: /etc/machine-id
+        dest: /var/lib/dbus/machine-id
+        state: link
+
 - name: "Cleaning the shell history."
   shell: |
     unset HISTFILE