Работает, поправил чтоб определялся корректно партиция для корневого раздела+всякие приколы с определением проца в ВМ

\

@@ -0,0 +1,16 @@
+#Check BareMetall or VM
+- name: Check if scaling governor
+  stat:
+    path: /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
+  register: scaling_governor_file
+
+- name: Output result
+  debug:
+    var: scaling_governor_file.stat.exists
+      #    msg: "File exists" if scaling_governor_file.stat.exists else "File does not exist"
+
+- include_tasks: encrypt_disks.yml
+- include_tasks: encrypt_disks_rroot.yml
+- include_tasks: cpu_configuration.yml
+- include_tasks: network_configuration.yml
+

roles/start/tasks/encrypt_disks_rroot.yml

@@ -2,48 +2,54 @@
 - name: rroot disk name
   ansible.builtin.shell: |
    fdisk -l | grep -E '^(Devi|/dev)' | sort -nk2,2  |grep -B1 -A1 -w `findmnt -n -o SOURCE /` >/tmp/disks;  if [[ `wc -l /tmp/disks |awk '{print $1}'` -gt 1 && `wc -l /tmp/disks |awk '{print $1}'` -ne 3 ]]; then sed '1!D' /tmp/disks; elif [[ `wc -l /tmp/disks |awk '{print $1}'` -eq 3 ]]; then sed '3!D' /tmp/disks; fi |awk '{print $1}'|grep -o '[^/]*$'
+  args:
+    executable: /bin/bash
   register: rroot_disk
   ignore_errors: true
+
+- name: Output result
+  debug:
+    var: rroot_disk.stdout  
   
 - name: Create keyfile
   ansible.builtin.shell: |
     openssl genrsa -out /root/keyfile_rroot; chmod 0400 /root/keyfile_rroot
   ignore_errors: true
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 
 - name: Encrypt rroot disk
   ansible.builtin.shell: |
-    cryptsetup -q luksFormat /dev/{{ rroot_disk }} --key-file /root/keyfile_rroot
+    cryptsetup -q luksFormat /dev/{{ rroot_disk.stdout }} --key-file /root/keyfile_rroot
   ignore_errors: true
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 
 - name: Open encrypted rroot disk
   ansible.builtin.shell: |
-    cryptsetup luksOpen /dev/{{ rroot_disk }} {{ rroot_disk }} --key-file /root/keyfile_rroot
+    cryptsetup luksOpen /dev/{{ rroot_disk.stdout }} {{ rroot_disk.stdout }} --key-file /root/keyfile_rroot
   ignore_errors: true
   register: rroot_disk_status
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 
 - name: Format the encrypted rroot disk
-  command: mkfs.ext4 /dev/mapper/{{ rroot_name }}
+  command: mkfs.ext4 /dev/mapper/{{ rroot_disk.stdout }}
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 
 - name: Ensure the mount point exists
   file:
-    path: /mnt/{{ rroot_name }}
+    path: /mnt/{{ rrot_disk.stdout }}
     state: directory
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 
 - name: Mount the encrypted second disk
   mount:
-    path: /mnt/{{ rroot_disk }}
+    path: /mnt/{{ rroot_disk.stdout }}
-    src: /dev/mapper/{{ rroot_disk }}
+    src: /dev/mapper/{{ rroot_disk.stdout }}
     fstype: ext4
     state: mounted
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 
 - name: Add crypttab
   ansible.builtin.shell: |
-    printf "{{ rroot_disk }} /dev/{{ rroot_disk }}  /root/keyfile luks\n">/etc/crypttab
+    printf "{{ rroot_disk.stdout }} /dev/{{ rroot_disk.stdout }}  /root/keyfile luks\n">/etc/crypttab
-  when: rroot_disk is undefined or rroot_disk == None or rroot_disk | length == 0
+  when: rroot_disk.stdout | length > 0
 

roles/start/tasks/main.yml

@@ -1,4 +1,32 @@
+#root encrypt check partition
+- name: rroot partition type
+  ansible.builtin.shell: |
+   fdisk -l | grep -E '^(Devi|/dev)' | sort -nk2,2  |grep -B1 -A1 -w `findmnt -n -o SOURCE /` >/tmp/disks;  if [[ `wc -l /tmp/disks |awk '{print $1}'` -gt 1 && `wc -l /tmp/disks |awk '{print $1}'` -ne 3 ]]; then sed '1!D' /tmp/disks; elif [[ `wc -l /tmp/disks |awk '{print $1}'` -eq 3 ]]; then sed '3!D' /tmp/disks; fi |awk '{print $1}'|grep -o '[^/]*$'>/tmp/disk;fdisk -l  |grep `cat /tmp/disk` | awk '{print $6 " " $7 }'
+  args:
+    executable: /bin/bash
+  register: rroot_part_type
+  ignore_errors: true
+
+- name: Output result partition
+  debug:
+    var: rroot_part_type.stdout
+  register: rroot_part_check
+
+#Check BareMetall or VM
+- name: Check if scaling governor
+  stat:
+    path: /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
+  register: scaling_governor_file
+
+- name: Output result governor
+  debug:
+    var: scaling_governor_file.stat.exists
+  register: scaling_governor
+
 - include_tasks: encrypt_disks.yml
+- include_tasks: encrypt_disks_rroot.yml
+  when: rroot_part_type.stdout == 'Linux filesystem'
 - include_tasks: cpu_configuration.yml
+  when: scaling_governor|bool == true
 - include_tasks: network_configuration.yml
 

start.yml

@@ -1,7 +1,8 @@
 - name: StartOperation
   hosts: test
   become: yes
- 
+  remote_user: ubuntu
+
   vars:
     sdisk_disk: "xvdb"
     sdisk_name: "sdisk_crypt"