Common - Base System Role

• CA x509
• OpenLDAP Client + Configuration
• Mail Relay Configuration (only if is_mailrelay == False and mailrelay != '')
  • Debian: postfix
  • FreeBSD: sendmail
  • OpenBSD: smtpd
• SSHD Configuration Lines (in variables, see defaults/main.yml)
• Centralized Syslog:
  • Except if is_syslogd=True
  • Only if syslog_server exists
• Deployment of SSH keys from files/cles_ssh/*.pub
• Fetch /usr/local/admin/sysutils/common from GIT (and more, depending on variables)
• Daily/Weekly Cron Jobs for ecm (and remove old ones from CVS)
• SNMPD (TODO: Debian and OpenBSD)
• Preferred Shell for root + its configuration + aliases
• Additional Packages (variable pkgs)

Templates and Files

SSHD Config and Authorized Keys

• Files matching cles_ssh/*.pub will be authorized for the root account
• Files matching cles_ssh/*.del will be removed
• The vimrc file in files/ will be installed as /root/.vimrc

SSH Keys

• Files matching {{ playbook_dir }}/files/ssh/{{ inventory_hostname }}/ssh_host.*_key(.pub)? will be installed on the host's SSH daemon.

Variables

• host_timezone (Europe/Paris)
• is_resolver (False) If True, will use 127.0.0.1 in resolv.conf first
• resolvers ([{ network='0.0.0.0/0', ip='8.8.8.8' }]) List of IPs used for resolution based on the host's network.
• dns64_resolvers ([]) For IP6-only hosts, overrides resolvers with DNS64-enabled resolvers
• rootmailto () Mail address to forward root's emails
• gits_root ('/root') Path for relative paths in gits
• gits_group ('') Group that owns gits_root
• gits_mode ('0750') Directory mode for gits_root
• gits, host_gits, group_gits, and role_gits ([]) Lists of dictionaries: each MUST include
  • repo: Git URL to clone
  • dest: Destination path (absolute or relative to gits_root) And MAY include:
  • umask ('0022')
  • update (False)
  • version (master)
• crons, host_crons, role_crons: Lists of dictionaries for the cron module
• ocsinventory_server ('') If present, installs and configures openinventory-agent
• root_shell (zsh) Set your preferred shell here :) (or leave blank to skip this) Place your rc file in {{ playbook_dir }}/files/{{ root_shell }}rc
• do_smart (True if not in jail/VM) Configures smartd for disk alerts
• smart_mailto ('') Your email address to receive alerts
• backup_dir (files/backups/{{ inventory_hostname }}) Copy SSH host keys and restore /root/ files from here if there are any
• monitoring_from ([]) List of networks allowed for SNMP
• http_proxy ('') To set global http_proxy and https_proxy values (FreeBSD only)

FreeBSD Specific

• pkg_repo_conf (pkgecm.conf) Name of the pkg repo config file to be installed first
• is_jail (False) If True, will skip hardware monitoring tools
• freebsd_base_pkgs ([git, rsync, vim-console, root_shell]) List of packages to install

OpenBSD Specific

• openbsd_base_pkgs ([git, rsync, vim--no_x11, root_shell]) List of packages to install
• openbsd_pkg_mirror ("http://ftp.openbsd.org") Mirror to use

Debian Specific

• debian_base_pkgs ([git, rsync, vim, root_shell]) List of packages to install

Packages

• pkgs ([]) Additional packages to install using the distribution's package system
• host_pkgs role_pkgs ([]) Other packages defined in inventory or roles

Syslog

• syslog_server () If defined, all logs will be sent there
• syslog_auth_server (syslog_server) Auth logs will be sent there

x509

• x509_ca_file ('') Source file for x509 CA certificates
• x509_ca_path (/etc/ssl/ca.crt) Destination path for the above certificate file

Mail Relay

• is_mailrelay (False) Does not configure mail relay if True
• mailrelay () If defined, name/IP of the mail relay

SSH

• sshd_allow_groups ('') Define AllowGroups in /etc/ssh/sshd_config

LDAP Basic Config

• ldap_base ('') Base DN for LDAP (for ldap.conf)
• ldap_uri ('ldaps://ldapr.univ.fr/ ldaps://ldap.univ.fr/') URI for ldap.conf
• ldap_tls_reqcert (never) Value for the same name in ldap.conf

Network Time Protocol (NTP)

If either ntp_servers or ntp_pools is not empty, the role will manage ntp(d).conf and the NTP service:

• ntp_servers ([]) List of NTP servers
• ntp_pools ([]) List of NTP pools
• ntp_listen_addrs ([]) IPs to listen to (OpenBSD won't listen anywhere without this; can be '*')