opsta.host_preparation

Host Preparation

This is an Ansible role for preparing an Ubuntu host. It does the following:

• Set the hostname (optional)
• Set up apt-cacher-ng (optional)
• Update all packages, including the kernel, to the latest version
• Install various tools (see Role Variables)
• Fine-tune the system (see Role Variables)
• Set up NTP (Network Time Protocol)
• Allow a user to use sudo without entering a password
• Set up SSH key access

For examples on creating a playbook, configurations, and sample commands, you can refer to this link.

Requirements

Before using this role, prepare your public key for authorized_keys and set the host_preparation_authorized_keys_path to point to your file containing authorized keys.

Role Variables

Here are the default settings available:

# Default variables
host_preparation_reboot_timeout: 600
host_preparation_ntp_server: ntp.ubuntu.com
host_preparation_sshd_config: /etc/ssh/sshd_config
host_preparation_sshd_port: 22
host_preparation_group_authorized_keys_path: "{{ playbook_dir }}/files/groups/{{ group_names[-1] }}/authorized_keys"
host_preparation_global_authorized_keys_path: "{{ playbook_dir }}/files/authorized_keys"
host_preparation_base_packages:
  - htop
  - iotop
  - sysstat
  - iftop
host_preparation_is_config_hostname: false
host_preparation_is_tuning: false
host_preparation_sysctl_vars:
  - { regexp: '^fs\.file-max \= ', line: 'fs.file-max = 1000000' }
  - { regexp: '^net\.ipv4\.tcp_max_syn_backlog \= ', line: 'net.ipv4.tcp_max_syn_backlog = 65535' }
  # More configurations...
host_preparation_rc_vars:
  - { regexp: '^echo never > /sys/kernel/mm/transparent_hugepage/enabled', line: 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' }
  - { regexp: '^echo never > /sys/kernel/mm/transparent_hugepage/defrag', line: 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' }
  # More configurations...
host_preparation_limits_vars:
  - { regexp: '^\* soft nofile ', line: '* soft nofile 1000000' }
  - { regexp: '^\* hard nofile ', line: '* hard nofile 1000000' }
  # More configurations...

# Optional variables
host_preparation_apt_cacher_ng: http://apt-cacher-ng.example.com:3142

Dependencies

None required.

Example Playbook

Since Ubuntu Xenial doesn't come with Python 2 by default, the playbook installs Python 2 first without gathering facts.

- hosts: all
  gather_facts: no
  become: true
  pre_tasks:
    - name: Install Python 2 first
      raw: python --version || apt update && apt install -y python
  roles:
    - winggundamth.host_preparation
  vars_files:
    - "{{ host_preparation_vars_file }}"

Useful Tags

You can use the following tags to manage your Ubuntu host:

• host-preparation-apt-cacher-ng
• host-preparation-configure-hostname
• host-preparation-configure-ntp
• host-preparation-install-base-packages
• host-preparation-update-packages
• host-preparation-tuning
• host-preparation-configure-authorized_keys
• host-preparation-configure-user
• host-preparation-reboot (requires setting host_preparation_need_reboot to true)

To run a specific tag, use --tag. For example, to configure authorized_keys only for the production and database server group, run:

ansible-playbook -i inventories/host_preparation --limit production:database \
--tag host-preparation-configure-authorized_keys host-preparation.yml

License

MIT

Author Information

You can see more of my work at GitHub.