ClarifiedSecurity · AllRWeak · Feb 19, 2026 · Feb 17, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/nova/core/roles/machine_operations/tasks/vsphere/create.yml b/nova/core/roles/machine_operations/tasks/vsphere/create.yml
@@ -207,6 +207,7 @@
     - name: Getting {{ custom_vm_name | default(vm_name) }} interfaces...
       community.vmware.vmware_guest_info:
         datacenter: "{{ datacenter }}"
+        folder: "{{ folder }}"
         name: "{{ custom_vm_name | default(vm_name) }}"
       register: existing_vm_info
 
@@ -218,6 +219,7 @@
     - name: Removing existing network interfaces from {{ custom_vm_name | default(vm_name) }}...
       community.vmware.vmware_guest_network:
         datacenter: "{{ datacenter }}"
+        folder: "{{ folder }}"
         name: "{{ custom_vm_name | default(vm_name) }}"
         state: absent
         mac_address: "{{ item.value.macaddress }}"
@@ -231,6 +233,7 @@
     - name: Attaching following network interfaces to {{ custom_vm_name | default(vm_name) }}...
       community.vmware.vmware_guest_network:
         datacenter: "{{ datacenter }}"
+        folder: "{{ folder }}"
         name: "{{ custom_vm_name | default(vm_name) }}"
         state: present
         force: true
@@ -245,6 +248,8 @@
     - name: Adding attributes to {{ custom_vm_name | default(vm_name) }}...
       community.vmware.vmware_guest_custom_attributes:
         name: "{{ custom_vm_name | default(vm_name) }}"
+        datacenter: "{{ datacenter }}"
+        folder: "{{ folder }}"
         state: present
         attributes: "{{ machine_operations_vsphere_custom_attributes }}"
       when: machine_operations_vsphere_custom_attributes != []

diff --git a/nova/core/roles/monolith/tasks/dc.yml b/nova/core/roles/monolith/tasks/dc.yml
@@ -39,7 +39,7 @@
         - vault_seal_status.json.sealed is defined
         - not vault_seal_status.json.sealed
       retries: 12
-      delay: 5
+      delay: 10
 
     # Including to create domain accounts since Monolith is now a Domain Controller
     - name: Including nova.core.accounts role...

diff --git a/nova/core/roles/monolith/templates/create_samba_dns_records.sh b/nova/core/roles/monolith/templates/create_samba_dns_records.sh
@@ -19,7 +19,7 @@ do
         echo "DNS record for $fqdn already exists."
     else
         echo "Creating DNS record for $fqdn..."
-        if [ "$CONNECTION_IPV4_FAMILY" == "true" ]; then
+        if [ "$CONNECTION_IPV4_FAMILY" == "True" ]; then
             RECORD_TYPE="A"
         else
             RECORD_TYPE="AAAA"

diff --git a/nova/core/roles/outline/defaults/main.yml b/nova/core/roles/outline/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-outline_version: 1.4.0
+outline_version: 1.5.0
 outline_postgres_version: 17 # POSTGRES_VERSION_TAG
 
 # Pre-generated secret key for Outline

diff --git a/nova/core/roles/template_os_configuration/tasks/vsphere.yml b/nova/core/roles/template_os_configuration/tasks/vsphere.yml
@@ -8,27 +8,43 @@
   delegate_to: localhost
   become: false
   block:
-    - name: Keeping only one cdrom for {{ custom_vm_name | default(vm_name) }}...
-      vmware.vmware.vm:
-        name: "{{ custom_vm_name | default(vm_name) }}"
-        cdroms:
-          - device_node: IDE(0:0)
+    - name: Looking up the {{ custom_vm_name | default(vm_name) }} VM...
+      vmware.vmware.guest_info:
+        guest_name: "{{ custom_vm_name | default(vm_name) }}"
+      register: vcenter_vm_info
+      delegate_to: localhost
+      become: false
 
-  rescue:
-    - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM...
-      ansible.builtin.include_role:
-        name: nova.core.powerstate
-      vars:
-        shutdown: true
+    - name: Listing all {{ custom_vm_name | default(vm_name) }} cdroms...
+      vmware.vmware_rest.vcenter_vm_hardware_cdrom_info:
+        vm: "{{ vcenter_vm_info.guests[0].moid }}"
+      register: existing_cdroms
+      until: not existing_cdroms.failed
+      retries: 5
+      delay: 2
 
-    - name: Keeping only one cdrom for {{ custom_vm_name | default(vm_name) }}...
-      vmware.vmware.vm:
-        name: "{{ custom_vm_name | default(vm_name) }}"
-        cdroms:
-          - device_node: IDE(0:0)
+    - name: Removing extra cdroms if they exist...
+      when: existing_cdroms.value | length > 1
+      block:
+        - name: Shutting down {{ custom_vm_name | default(vm_name) }} VM...
+          ansible.builtin.include_role:
+            name: nova.core.powerstate
+          vars:
+            shutdown: true
 
-    - name: Starting {{ custom_vm_name | default(vm_name) }} VM...
-      ansible.builtin.include_role:
-        name: nova.core.powerstate
-      vars:
-        poweron: true
+        - name: Removing following cdroms...
+          vmware.vmware_rest.vcenter_vm_hardware_cdrom:
+            vm: "{{ vcenter_vm_info.guests[0].moid }}"
+            cdrom: "{{ item.cdrom }}"
+            state: absent
+          loop: "{{ existing_cdroms.value[1:] }}"
+          register: removed_cdroms
+          until: not removed_cdroms.failed
+          retries: 5
+          delay: 2
+
+        - name: Starting {{ custom_vm_name | default(vm_name) }} VM...
+          ansible.builtin.include_role:
+            name: nova.core.powerstate
+          vars:
+            poweron: true
diff --git a/nova/core/roles/vault/defaults/main.yml b/nova/core/roles/vault/defaults/main.yml
@@ -35,7 +35,7 @@ vault_root_cas:
     vault_root_ca_name: "{{ environment_name }} {{ project_fullname }} RootCA"
     vault_root_ca_ou: "{{ project_fullname }}"
     vault_root_ca_org: "{{ environment_name }}"
-    vault_root_ca_country: US
+    vault_root_ca_country: "{{ vault_ca_country | default('US') }}"
     vault_root_ca_key_type: ECC # https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_pipe_module.html#parameter-type
     vault_root_ca_key_curve: secp384r1 # https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_privatekey_module.html#parameter-curve
     vault_root_ca_key_bits: 384
@@ -82,7 +82,7 @@ vault_intermediate_cas:
     vault_intermediate_ca_name: "{{ environment_name }} {{ project_fullname }} IntermediateCA"
     vault_intermediate_ca_ou: "{{ project_fullname }}"
     vault_intermediate_ca_org: "{{ environment_name }}"
-    vault_intermediate_ca_country: US
+    vault_intermediate_ca_country: "{{ vault_ca_country | default('US') }}"
     vault_intermediate_ca_key_type: ec
     vault_intermediate_ca_key_bits: 384
     vault_intermediate_ca_crl_distribution_points: http://{{ vault_crl_fqdn }}/v1/IntermediateCA/crl/pem
@@ -99,7 +99,7 @@ vault_intermediate_ca_roles_defaults:
     vault_cert_key_type: rsa
     vault_cert_ou: "{{ project_fullname }}"
     vault_cert_organization: "{{ environment_name }}"
-    vault_cert_country: US
+    vault_cert_country: "{{ vault_ca_country | default('US') }}"
     vault_cert_code_signing: false
 
   # EC Client/Server certificate
@@ -108,15 +108,15 @@ vault_intermediate_ca_roles_defaults:
     vault_cert_key_type: ec
     vault_cert_ou: "{{ project_fullname }}"
     vault_cert_organization: "{{ environment_name }}"
-    vault_cert_country: US
+    vault_cert_country: "{{ vault_ca_country | default('US') }}"
     vault_cert_code_signing: false
 
   - vault_cert_path: code_signing
     vault_cert_key_bits: 384
     vault_cert_key_type: ec
     vault_cert_ou: "{{ project_fullname }}"
     vault_cert_organization: "{{ environment_name }}"
-    vault_cert_country: US
+    vault_cert_country: "{{ vault_ca_country | default('US') }}"
     vault_cert_code_signing: true
 
 vault_create_mitm_ca: false # Create a Man-in-the-Middle (TLS termination) CA(s)
@@ -126,7 +126,7 @@ vault_mitm_cas:
     vault_mitm_ca_name: "{{ environment_name }} {{ project_fullname }} MiTMCA"
     vault_mitm_ca_ou: "{{ project_fullname }}"
     vault_mitm_ca_org: "{{ environment_name }}"
-    vault_mitm_ca_country: US
+    vault_mitm_ca_country: "{{ vault_ca_country | default('US') }}"
     vault_mitm_ca_key_type: ec
     vault_mitm_ca_key_bits: 384
     vault_mitm_ca_crl_distribution_points: http://{{ vault_crl_fqdn }}/v1/MiTMCA/crl/pem