/ansible-linux-postinstall

Ansible role. Post-install configuration of Linux.

Primary LanguageShellBSD 2-Clause "Simplified" LicenseBSD-2-Clause

linux_postinstall

quality Build Status Documentation Status GitHub tag

Ansible role. Configure Linux: acpi, aliases, apparmor, apt, authorized keys, autofs, automatic upgrades, bluetooth, cron, debsums, dnsmasq, fstab, gpg, gpsd, groups, grub, hostname, hosts, chrony, iptables, kvm, latex, libvirt, lid, logrotate, modem manager, modules, netplan, networkd, networkmanager, nfsd, packages, passwords, pm-utils, postfix, rc.local, repos, resolvconf, service, smart, speech-dispatcher, ssh, sshd, sudoers, swap, sysctl, systemd, timesyncd, timezone, tlp, udev, ufw, users, virtualbox, wpa_gui, wpa_supplicant, xen, xorg.conf.d, zfs, (wip ...)

Documentation at readthedocs.io

This role and the documentation is work in progress. If the documentation of a task is missing it's necessary to review the source code to learn how to use it. If a functionality is missing consider role config_light. See various examples. If config_light is not able to do what you want create new tasks.

Feel free to share your feedback and report issues.

Contributions are welcome.

Supported platforms

This role has been developed and tested in

Support for other platforms is work in progress. Some tasks are supported also by Centos. You're encouraged to fit the variables in vars/defaults and test the tasks on your own.

Requirements

Roles

Collections

  • ansible.posix
  • ansible.utils
  • community.general

Role Variables

See defaults and examples in vars.

Workflow

  1. Install the roles and collections

Install roles

shell> ansible-galaxy role install vbotka.linux_postinstall
shell> ansible-galaxy role install vbotka.ansible_lib
shell> ansible-galaxy role install vbotka.linux_lib

The collections ansible.posix and community.general are included in the mainstream ansible packages. If they are missing install them

shell> ansible-galaxy collection install ansible.posix
shell> ansible-galaxy collection install ansible.utils
shell> ansible-galaxy collection install community.general
  1. Change variables, e.g. in vars/main.yml
shell> editor vbotka.linux_postinstall/vars/main.yml
  • See OS specific variables in vars/defaults
  • See examples in vars/main.yml.sample
  • Customize and/or add Flavor specific variables in vars/flavors
  • Optionally enable lp_flavors_enable: true. This will slowdown the playbook
  • Optionally put customized OS specific variables into the vars directory
  • See tasks/vars.yml for the naming conventions and precedence
  • OS specific variables will overwrite variables in var/main.yml
  1. Create the inventory
shell> cat hosts
[group1]
host1.example.com
[group1:vars]
ansible_user=admin
ansible_connection=ssh
ansible_python_interpreter=/usr/bin/python3.8
ansible_perl_interpreter=/usr/bin/perl
  1. Create the playbook
shell> cat lp.yml
- hosts: group1
  become: yes
  become_user: root
  become_method: sudo
  roles:
    - vbotka.linux_postinstall
  1. Run the playbook
shell> ansible-playbook lp.yml

Best practice

Check syntax of the playbook

shell> ansible-playbook lp.yml --syntax-check

Review variables. Optionally detect and store flavors

shell> ansible-playbook lp.yml -t lp_vars

Run the playbook in check mode

shell> ansible-playbook lp.yml --check

If all is right run the playbook twice. In second run all tasks shall be OK and 0 changed, unreachable and failed.

shell> ansible-playbook lp.yml

Auto-installation of packages

Packages listed in the variables lp_*_packages will be automatically installed by the tasks/packages.yml if enabled by variables lp_*_install . For example,

lp_libvirt_install: true
lp_libvirt_packages:
  - libvirt0
  - libvirt-bin
  - libvirt-daemon
  - libvirt-daemon-driver-storage-rbd
  - libvirt-daemon-system
  - virtinst

The packages listed in lp_libvirt_packages will be included in the packages installed by

shell> ansible-playbook lp.yml -t lp_packages_auto -e lp_packages_auto=true

See:

Auto-management of services

Variable lp_service_auto contains a list of services automatically managed by the task service.yml. A service will be manged by the task service.yml if lp_<service>: true. Setting lp_<service>: false will disable management of the service by the task service.yml. Variables lp_<service>_enable and lp_<service>_state control the enablement and state of the service. For example, service udev, if set lp_udev: true, will be enabled and started because it is listed among lp_service_auto and by default (precedence 2.):

lp_udev: true
lp_udev_enable: true
lp_udev_state: started

Run the below command to see what services will be managed.

shell> ansible-playbook lp.yml -e lp_service_debug=true -t lp_service_debug

See:

Recommended configuration after the installation of OS

  1. Configure users, sudoers and persistent network interfaces
ansible-playbook lp.yml -t lp_vars
ansible-playbook lp.yml -t lp_hostname
ansible-playbook lp.yml -t lp_groups
ansible-playbook lp.yml -t lp_users
ansible-playbook lp.yml -t lp_sudoers
ansible-playbook lp.yml -t lp_udev
ansible-playbook lp.yml -t lp_netplan
ansible-playbook lp.yml -t lp_wpasupplicant
ansible-playbook lp.yml -t lp_reboot -e 'lp_reboot=true lp_reboot_force=true'
  1. Configure the firewall. For example iptables
shell> ansible-playbook lp.yml -t lp_iptables
  1. Test installation of the packages
shell> ansible-playbook -t lp_packages -e 'lp_package_install_dryrun=true' lp.yml
  1. Install packages
shell> ansible-playbook -t lp_packages lp.yml
  1. Check, install and configure other tasks
shell> ansible-playbook lp.yml --check
shell> ansible-playbook lp.yml

Ansible lint

Use the configuration file .ansible-lint.local when running ansible-lint. Some rules might be disabled and some warnings might be ignored. See the notes in the configuration file.

shell> ansible-lint -c .ansible-lint.local

License

license

Author Information

Vladimir Botka

References