4.6 KiB
4.6 KiB
Ansible-Linux_Base
Configures a Linux machine to the corporate base image from default install media with a minimal install
Requirements
If the "base_core_hostname" variable is defined, it is recommended to set the ansible_ssh_common_args variable for the host to the following setting so the regeneration of the SSH host keys will not cause an error.
Variable | Value |
---|---|
ansible_ssh_common_args | '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' |
Role Variables
Core Variables
Variable | Default | Choices | Comments |
---|---|---|---|
base_core_cert_common_name | nodename | Common name for created self-signed cert | |
base_core_firewall_configure | True | True, False | Allows the firewall to be configured |
base_core_hostname | "" | Defines the computer hostname | |
base_core_install_updates | True | True, False | Install all available updates for the distro at runtime |
base_core_management_user | ansible_user | Defines the account that ansible will use for management in the future | |
base_core_management_user_disable_password | False | True, False | When enabled the password for the management user account will be disabled |
base_core_motd_banner | "" | Banner to be added to MOTD if desired | |
base_core_motd_configure | True | True, False | Allows the MOTD to be configured |
base_core_root_ca_basename | "" | Basename of the cert for local system reference | |
base_core_root_ca_convert | False | True, False | Converts the defined certificate from DER to PEM type |
base_core_root_ca_url | "" | URL of a Root CA to install | |
base_core_secondary_user | "" | Defines a secondary account that ansible configure for management in the future | |
base_core_secondary_user_disable_password | False | True, False | When enabled the password for the secondary user account will be disabled |
base_core_ssh_permit_password_authentication | False | True, False | Permits the use of passwords for ssh |
base_core_ssh_permit_root_login | False | True, False | Permits the use of root logins for ssh |
base_core_timezone | America/Boise | Defines the timezone to apply to the client | |
base_core_web_management | False | True, False | Enables installation of the Cockpit web management package(s) |
Example
Execute playbook with needed variables
ansible-playbook -i hosts site.yml --ask-pass --ask-become-pass
Inventory File:
---
# file: hosts.yml
prod:
hosts:
prod-svr01:
ansible_host: 192.168.0.10
base_core_hostname: "prod-svr01"
prod-svr02:
ansible_host: 192.168.0.11
vars:
ansible_user: ansible
ansible_ssh_common_args: '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'
base_core_ssh_permit_password_authentication: true
Tags
Available tags for the role:
Role | Tags |
---|---|
Base | all, authorized_key, automatic_updates, cert, firewall, hostname, kernel, motd, password_auth, root_ca, root_login, ssh, time_sync, web_management |