base und sysupgrade role, some hardening

roles/virt_vm/tasks/create_vm.yml

@@ -77,23 +77,29 @@
 
 # CLOUD-INIT CLEANUP
 
-- name: shutdown VM
-  delegate_to: "{{ virt.host }}"
-  virt:
-    name: "{{ inventory_hostname }}"
-    state: shutdown
+# FEDORA-34: after rebooting the ssh login via key does not work anymore. weird.
+# name: shutdown VM
+# delegate_to: "{{ virt.host }}"
+# virt:
+#   name: "{{ inventory_hostname }}"
+#   state: shutdown
 
-- name: wait for shutdown
-  delegate_to: "{{ virt.host }}"
-  virt:
-    name: "{{ inventory_hostname }}"
-    command: status
-  register: vmstate
-  retries: 11
-  delay: 10
-  until: vmstate.status == "shutdown"
+# name: wait for shutdown
+# delegate_to: "{{ virt.host }}"
+# virt:
+#   name: "{{ inventory_hostname }}"
+#   command: status
+# register: vmstate
+# retries: 11
+# delay: 10
+# until: vmstate.status == "shutdown"
 
-- name: detach CI from vm
+- name: detach CI from vm (live)
+  delegate_to: "{{ virt.host }}"
+  shell:
+    cmd: virsh change-media "{{ inventory_hostname }}" sda --eject
+
+- name: detach CI from vm (config)
   delegate_to: "{{ virt.host }}"
   shell:
     cmd: virsh change-media "{{ inventory_hostname }}" sda --eject --config

roles/virt_vm/templates/ci-userdata.j2

@@ -10,7 +10,5 @@ users:
     sudo: ['ALL=(ALL) NOPASSWD:ALL']
     groups: sudo
     shell: /bin/bash
-
-runcmd:
-  - eject /dev/sr0
-  - systemctl disable cloud-init
+    lock_passwd: false
+    hased_passwd: $6$Cn$5aLlLb270IIO2zBMWL1/qOMiWeXABYIdYYRF7cSMXEisUUgEHxCq81sJyF9LNBxKbBv5XyJ9OWwWrt/o6qus./