Configures a Linux machine to the corporate base image from default install media with a minimal install
Find a file
2021-09-09 15:16:55 -06:00
roles/base Adding curve25519 for work machine 2021-09-09 15:16:55 -06:00
.gitignore Initial commit 2021-08-31 06:08:53 -06:00
base.yml Initial commit 2021-09-01 17:31:49 -06:00
hosts.yml Initial commit 2021-09-01 17:31:49 -06:00
README.md Swap to proper org for example 2021-09-01 17:38:12 -06:00
site.yml Initial commit 2021-09-01 17:31:49 -06:00

Ansible-Linux_Base

Configures a Linux machine to the corporate base image from default install media

Requirements

If the "base_core_hostname" variable is defined, it is recommended to set the ansible_ssh_common_args variable for the host to the following setting so the regeneration of the SSH host keys will not cause an error.

Variable Value
ansible_ssh_common_args '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'

Role Variables

Core Variables

Variable Required Default Choices Comments
base_core_management_user No ansible_user Defines the account that ansible will use for management in the future
base_core_install_updates Yes True True, False Install all available updates for the distro at runtime
base_core_hostname No "" Defines the computer hostname
base_core_motd_banner No "" Banner to be added to MOTD if desired
base_core_ssh_permit_root_login Yes False True, False Permits the use of root logins for ssh
base_core_ssh_permit_password_authentication Yes False True, False Permits the use of passwords for ssh
base_core_cert_common_name No nodename Common name for created self-signed cert
base_core_root_ca_basename No "" Basename of the cert for local system reference
base_core_root_ca_convert Yes False True, False Converts the defined certificate from DER to PEM type
base_core_root_ca_url No "" URL of a Root CA to install
base_core_web_management Yes False True, False Enables installation of the Cockpit web management package(s)

Example

Execute playbook with needed variables

ansible-playbook -i hosts site.yml --ask-pass --ask-become-pass

Inventory File:

---
# file: hosts.yml

prod:
  hosts:
    prod-svr01:
      ansible_host: 192.168.0.10
      base_core_hostname: "prod-svr01"
    prod-svr02:
      ansible_host: 192.168.0.11

  vars:
    ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
    base_core_ssh_permit_password_authentication: true
    ansible_user: ansible
   "#########################################################################################\n    ___                         _                _____            __                     \n   /   |_   _____  ____  ____ _(_)___  ____ _   / ___/__  _______/ /____  ____ ___  _____\n  / /| | | / / _ \\/ __ \\/ __ `/ / __ \\/ __ `/   \\__ \\/ / / / ___/ __/ _ \\/ __ `__ \\/ ___/\n / ___ | |/ /  __/ / / / /_/ / / / / / /_/ /   ___/ / /_/ (__  ) /_/  __/ / / / / (__  ) \n/_/  |_|___/\\___/_/ /_/\\__, /_/_/ /_/\\__, /   /____/\\__, /____/\\__/\\___/_/ /_/ /_/____/  \n                      /____/        /____/         /____/                                \n                                                                                         \n#########################################################################################"

Tags

Available tags for the role:

Role Tags
Base all, authorized_key, automatic_updates, cert, firewall, hostname, kernel, motd, password_auth, root_ca, root_login, ssh, time_sync, web_management