# Ansible-Linux_Base Configures a Linux machine to the corporate base image from default install media ## Requirements --- If the "base_core_hostname" variable is defined, it is recommended to set the ansible_ssh_common_args variable for the host to the following setting so the regeneration of the SSH host keys will not cause an error. | Variable | Value | | ----------------------- | ------------------------------------------------------------- | | ansible_ssh_common_args | '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' | ## Role Variables --- ### Core Variables | Variable | Required | Default | Choices | Comments | | -------------------------------------------- | -------- | ------------ | ----------- | ---------------------------------------------------------------------- | | base_core_management_user | No | ansible_user | | Defines the account that ansible will use for management in the future | | base_core_install_updates | Yes | True | True, False | Install all available updates for the distro at runtime | | base_core_hostname | No | "" | | Defines the computer hostname | | base_core_motd_banner | No | "" | | Banner to be added to MOTD if desired | | base_core_ssh_permit_root_login | Yes | False | True, False | Permits the use of root logins for ssh | | base_core_ssh_permit_password_authentication | Yes | False | True, False | Permits the use of passwords for ssh | | base_core_cert_common_name | No | nodename | | Common name for created self-signed cert | | base_core_root_ca_basename | No | "" | | Basename of the cert for local system reference | | base_core_root_ca_convert | Yes | False | True, False | Converts the defined certificate from DER to PEM type | | base_core_root_ca_url | No | "" | | URL of a Root CA to install | | base_core_web_management | Yes | False | True, False | Enables installation of the Cockpit web management package(s) | ## Example --- Execute playbook with needed variables `ansible-playbook -i hosts site.yml --ask-pass --ask-become-pass` Inventory File: ```yaml --- # file: hosts.yml prod: hosts: prod-svr01: ansible_host: 192.168.0.10 base_core_hostname: "prod-svr01" prod-svr02: ansible_host: 192.168.0.11 vars: ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' base_core_ssh_permit_password_authentication: true ansible_user: haletek base_core_motd_banner: "##########################################\n __ __ __ __ __ \n / / / /____ _ / /___ / /_ ___ / /__\n / /_/ // __ `// // _ \\ / __// _ \\ / //_/\n / __ // /_/ // // __// /_ / __// ,< \n/_/ /_/ \\__,_//_/ \\___/ \\__/ \\___//_/|_| \n##########################################" base_core_root_ca_url: "http://cert.haletek.cloud/PKI/RootCA.cer" base_core_root_ca_basename: "HLTKCL_RootCA" base_core_root_ca_convert: false ``` ### Tags --- Available tags for the role: | Role | Tags | | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | Base | all, authorized_key, automatic_updates, cert, firewall, hostname, kernel, motd, password_auth, root_ca, root_login, ssh, time_sync, web_management |