From 86ba83741fc4ef5fe326f573584f451968c41b27 Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Tue, 13 Dec 2022 09:11:06 +0100 Subject: [PATCH] refactor: Use dedicated Ansible modules to clean up the VM --- ansible/roles/clean/tasks/debian.yml | 86 ++++++++++++++++-------- ansible/roles/clean/tasks/redhat.yml | 98 ++++++++++++++++++---------- ansible/roles/clean/tasks/sles.yml | 80 +++++++++++++++-------- ansible/roles/clean/tasks/ubuntu.yml | 86 ++++++++++++++++-------- 4 files changed, 236 insertions(+), 114 deletions(-) diff --git a/ansible/roles/clean/tasks/debian.yml b/ansible/roles/clean/tasks/debian.yml index edf0de5f1..61ebf0e50 100644 --- a/ansible/roles/clean/tasks/debian.yml +++ b/ansible/roles/clean/tasks/debian.yml @@ -1,32 +1,64 @@ --- -- name: "Cleaning all audit logs." - shell: | - if [ -f /var/log/audit/audit.log ]; then - cat /dev/null > /var/log/audit/audit.log - fi - if [ -f /var/log/wtmp ]; then - cat /dev/null > /var/log/wtmp - fi - if [ -f /var/log/lastlog ]; then - cat /dev/null > /var/log/lastlog - fi -- name: "Cleaning persistent udev rules." - shell: | - if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then - rm /etc/udev/rules.d/70-persistent-net.rules - fi +- name: "Cleaning all audit logs" + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - /var/log/audit/audit.log + - /var/log/lastlog + - /var/log/wtmp + +- name: "Cleaning persistent udev rules" + ansible.builtin.file: + path: /etc/udev/rules.d/70-persistent-net.rules + state: absent + +- name: "Find the /tmp directories" + ansible.builtin.find: + paths: + - /tmp + - /var/tmp + file_type: any + register: find_tmp_directories + - name: "Cleaning the /tmp directories" - shell: | - rm -rf /tmp/* - rm -rf /var/tmp/* -- name: "Cleaning the SSH host keys." - shell: | - rm -f /etc/ssh/ssh_host_* -- name: "Cleaning the machine-id." - shell: | - truncate -s 0 /etc/machine-id - rm /var/lib/dbus/machine-id - ln -s /etc/machine-id /var/lib/dbus/machine-id + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_tmp_directories.files }}" + loop_control: + label: "{{ item.path }}" + +- name: "Find the SSH host keys" + ansible.builtin.find: + paths: /etc/ssh + patterns: 'ssh_host_*' + register: find_ssh_host_keys + +- name: "Cleaning the SSH host keys" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_ssh_host_keys.files }}" + loop_control: + label: "{{ item.path }}" + +- name: "Cleaning the machine-id" + block: + - name: "Resize /etc/machine-id" + community.general.filesize: + path: /etc/machine-id + size: 0B + - name: "Remove /var/lib/dbus/machine-id" + ansible.builtin.file: + path: /var/lib/dbus/machine-id + state: absent + - name: "Create a sybmolic link" + ansible.builtin.file: + src: /etc/machine-id + dest: /var/lib/dbus/machine-id + state: link + - name: "Cleaning the shell history." shell: | unset HISTFILE diff --git a/ansible/roles/clean/tasks/redhat.yml b/ansible/roles/clean/tasks/redhat.yml index 2e89bf587..4f9f10d2b 100644 --- a/ansible/roles/clean/tasks/redhat.yml +++ b/ansible/roles/clean/tasks/redhat.yml @@ -1,42 +1,74 @@ --- -- name: "Cleaning all audit logs." - shell: | - if [ -f /var/log/audit/audit.log ]; then - cat /dev/null > /var/log/audit/audit.log - fi - if [ -f /var/log/wtmp ]; then - cat /dev/null > /var/log/wtmp - fi - if [ -f /var/log/lastlog ]; then - cat /dev/null > /var/log/lastlog - fi -- name: "Cleaning persistent udev rules." - shell: | - if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then - rm /etc/udev/rules.d/70-persistent-net.rules - fi +- name: "Cleaning all audit logs" + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - /var/log/audit/audit.log + - /var/log/lastlog + - /var/log/wtmp + +- name: "Cleaning persistent udev rules" + ansible.builtin.file: + path: /etc/udev/rules.d/70-persistent-net.rules + state: absent + +- name: "Find the /tmp directories" + ansible.builtin.find: + paths: + - /tmp + - /var/cache/dnf + - /var/tmp + file_type: any + register: find_tmp_directories + - name: "Cleaning the /tmp directories" - shell: | - rm -rf /tmp/* - rm -rf /var/tmp/* - rm -rf /var/cache/dnf/* + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_tmp_directories.files }}" + loop_control: + label: "{{ item.path }}" + - name: "Cleaning the Red Hat Subscription Manager logs." shell: | rm -rf /var/log/rhsm/* when: "ansible_facts['distribution'] == 'RedHat'" -- name: "Cleaning the SSH host keys." - shell: | - rm -f /etc/ssh/ssh_host_* -- name: "Cleaning the machine-id." - when: 'ansible_facts[''distribution_major_version''] <= "8"' - shell: | - truncate -s 0 /etc/machine-id - rm /var/lib/dbus/machine-id - ln -s /etc/machine-id /var/lib/dbus/machine-id -- name: "Cleaning the machine-id." - when: 'ansible_facts[''distribution_major_version''] >= "9"' - shell: | - truncate -s 0 /etc/machine-id + args: + warn: false + +- name: "Find the SSH host keys" + ansible.builtin.find: + paths: /etc/ssh + patterns: 'ssh_host_*' + register: find_ssh_host_keys + +- name: "Cleaning the SSH host keys" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_ssh_host_keys.files }}" + loop_control: + label: "{{ item.path }}" + +- name: "Cleaning the machine-id" + block: + - name: "Resize /etc/machine-id" + community.general.filesize: + path: /etc/machine-id + size: 0B + - name: "Remove /var/lib/dbus/machine-id" + ansible.builtin.file: + path: /var/lib/dbus/machine-id + state: absent + when: 'ansible_facts[''distribution_major_version''] <= "8"' + - name: "Create a sybmolic link" + ansible.builtin.file: + src: /etc/machine-id + dest: /var/lib/dbus/machine-id + state: link + when: 'ansible_facts[''distribution_major_version''] <= "8"' + - name: "Cleaning the shell history." shell: | unset HISTFILE diff --git a/ansible/roles/clean/tasks/sles.yml b/ansible/roles/clean/tasks/sles.yml index a8122f6ee..c19a09fdf 100644 --- a/ansible/roles/clean/tasks/sles.yml +++ b/ansible/roles/clean/tasks/sles.yml @@ -1,35 +1,61 @@ --- -- name: "Cleaning all audit logs." - shell: | - if [ -f /var/log/audit/audit.log ]; then - cat /dev/null > /var/log/audit/audit.log - fi - if [ -f /var/log/wtmp ]; then - cat /dev/null > /var/log/wtmp - fi - if [ -f /var/log/lastlog ]; then - cat /dev/null > /var/log/lastlog - fi -- name: "Cleaning persistent udev rules." - shell: | - if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then - rm /etc/udev/rules.d/70-persistent-net.rules - fi +- name: "Cleaning all audit logs" + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - /var/log/audit/audit.log + - /var/log/lastlog + - /var/log/wtmp + - /var/log/zypper.log + +- name: "Cleaning persistent udev rules" + ansible.builtin.file: + path: /etc/udev/rules.d/70-persistent-net.rules + state: absent + +- name: "Find the /tmp directories" + ansible.builtin.find: + paths: + - /tmp + - /var/cache/zypp + - /var/tmp + file_type: any + register: find_tmp_directories + - name: "Cleaning the /tmp directories" - shell: | - rm -rf /tmp/* - rm -rf /var/tmp/* - rm -rf /var/cache/zypp/* - rm -f /var/log/zypper.log + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_tmp_directories.files }}" + loop_control: + label: "{{ item.path }}" + - name: "Cleaning the SCC files." shell: | rm -rf /etc/SUSEConnect -- name: "Cleaning the SSH host keys." - shell: | - rm -f /etc/ssh/ssh_host_* -- name: "Cleaning the machine-id." - shell: | - truncate -s 0 /etc/machine-id + args: + warn: false + +- name: "Find the SSH host keys" + ansible.builtin.find: + paths: /etc/ssh + patterns: 'ssh_host_*' + register: find_ssh_host_keys + +- name: "Cleaning the SSH host keys" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_ssh_host_keys.files }}" + loop_control: + label: "{{ item.path }}" + +- name: "Cleaning the machine-id" + community.general.filesize: + path: /etc/machine-id + size: 0B + - name: "Cleaning the shell history." shell: | unset HISTFILE diff --git a/ansible/roles/clean/tasks/ubuntu.yml b/ansible/roles/clean/tasks/ubuntu.yml index edf0de5f1..61ebf0e50 100644 --- a/ansible/roles/clean/tasks/ubuntu.yml +++ b/ansible/roles/clean/tasks/ubuntu.yml @@ -1,32 +1,64 @@ --- -- name: "Cleaning all audit logs." - shell: | - if [ -f /var/log/audit/audit.log ]; then - cat /dev/null > /var/log/audit/audit.log - fi - if [ -f /var/log/wtmp ]; then - cat /dev/null > /var/log/wtmp - fi - if [ -f /var/log/lastlog ]; then - cat /dev/null > /var/log/lastlog - fi -- name: "Cleaning persistent udev rules." - shell: | - if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then - rm /etc/udev/rules.d/70-persistent-net.rules - fi +- name: "Cleaning all audit logs" + ansible.builtin.file: + path: "{{ item }}" + state: absent + with_items: + - /var/log/audit/audit.log + - /var/log/lastlog + - /var/log/wtmp + +- name: "Cleaning persistent udev rules" + ansible.builtin.file: + path: /etc/udev/rules.d/70-persistent-net.rules + state: absent + +- name: "Find the /tmp directories" + ansible.builtin.find: + paths: + - /tmp + - /var/tmp + file_type: any + register: find_tmp_directories + - name: "Cleaning the /tmp directories" - shell: | - rm -rf /tmp/* - rm -rf /var/tmp/* -- name: "Cleaning the SSH host keys." - shell: | - rm -f /etc/ssh/ssh_host_* -- name: "Cleaning the machine-id." - shell: | - truncate -s 0 /etc/machine-id - rm /var/lib/dbus/machine-id - ln -s /etc/machine-id /var/lib/dbus/machine-id + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_tmp_directories.files }}" + loop_control: + label: "{{ item.path }}" + +- name: "Find the SSH host keys" + ansible.builtin.find: + paths: /etc/ssh + patterns: 'ssh_host_*' + register: find_ssh_host_keys + +- name: "Cleaning the SSH host keys" + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + loop: "{{ find_ssh_host_keys.files }}" + loop_control: + label: "{{ item.path }}" + +- name: "Cleaning the machine-id" + block: + - name: "Resize /etc/machine-id" + community.general.filesize: + path: /etc/machine-id + size: 0B + - name: "Remove /var/lib/dbus/machine-id" + ansible.builtin.file: + path: /var/lib/dbus/machine-id + state: absent + - name: "Create a sybmolic link" + ansible.builtin.file: + src: /etc/machine-id + dest: /var/lib/dbus/machine-id + state: link + - name: "Cleaning the shell history." shell: | unset HISTFILE