linux_postinstall

Ansible role. Set up your Linux system with various configurations like ACPI, aliases, apparmor, apt, authorized keys, and more.

Documentation available here

This role and its documentation are still being developed. If you find a task without documentation, you can refer to the source code to understand how to use it. If you need features that aren't available, check out the role config_light and explore the examples. If config_light doesn't meet your needs, you can create new tasks.

Please share your feedback or report any issues.

Contributions are welcome.

Supported Platforms

This role has been developed and tested on:

• Supported Ubuntu Releases
• Armbian 5.90

Work is ongoing to support additional platforms. Some tasks may work on CentOS as well. You can customize variables in vars/defaults and test the tasks yourself.

Requirements

Required Roles

• ansible_lib
• linux_lib

Required Collections

• ansible.posix
• ansible.utils
• community.general

Role Variables

Check the default and example variables in the vars directory.

Workflow

1. Install the roles and collections

To install the roles:

shell> ansible-galaxy role install vbotka.linux_postinstall
shell> ansible-galaxy role install vbotka.ansible_lib
shell> ansible-galaxy role install vbotka.linux_lib

The collections ansible.posix and community.general are included with ansible by default. If they're missing, install them using:

shell> ansible-galaxy collection install ansible.posix
shell> ansible-galaxy collection install ansible.utils
shell> ansible-galaxy collection install community.general

2. Adjust variables, for instance in vars/main.yml:

shell> editor vbotka.linux_postinstall/vars/main.yml

• Check the OS-specific variables in vars/defaults
• Look at examples in vars/main.yml.sample
• Modify or add specific variables in vars/flavors
• Optional: enable lp_flavors_enable: true (this may make the playbook slower)
• Optionally, add specific OS variables to the vars directory
• Review tasks/vars.yml for rules on naming and precedence
• OS-specific variables will take priority over those in var/main.yml

3. Prepare the inventory

shell> cat hosts
[group1]
host1.example.com
[group1:vars]
ansible_user=admin
ansible_connection=ssh
ansible_python_interpreter=/usr/bin/python3.8
ansible_perl_interpreter=/usr/bin/perl

4. Create the playbook

shell> cat lp.yml
- hosts: group1
  become: yes
  become_user: root
  become_method: sudo
  roles:
    - vbotka.linux_postinstall

5. Execute the playbook

shell> ansible-playbook lp.yml

Best Practices

Validate the playbook's syntax

shell> ansible-playbook lp.yml --syntax-check

Review variables and optionally detect and store flavors

shell> ansible-playbook lp.yml -t lp_vars

Run the playbook in check mode

shell> ansible-playbook lp.yml --check

Once everything checks out, run the playbook again. In the second run, all tasks should show as OK, with 0 changes, unreachable, or failures.

shell> ansible-playbook lp.yml

Auto-installation of Packages

Packages defined in the lp_*_packages variables will be automatically installed if lp_*_install is enabled. For example:

lp_libvirt_install: true
lp_libvirt_packages:
  - libvirt0
  - libvirt-bin
  - libvirt-daemon
  - libvirt-daemon-driver-storage-rbd
  - libvirt-daemon-system
  - virtinst

The packages listed above will be installed with:

shell> ansible-playbook lp.yml -t lp_packages_auto -e lp_packages_auto=true

Refer to:

• Packages Section
• Source Code for packages.yml

Auto-management of Services

The variable lp_service_auto lists services that will be managed automatically. A service will be managed if lp_<service>: true. Setting it to false will stop auto-management. Use lp_<service>_enable and lp_<service>_state to control the service's status. For instance, for the udev service, if you set:

lp_udev: true
lp_udev_enable: true
lp_udev_state: started

You can check which services will be managed using:

shell> ansible-playbook lp.yml -e lp_service_debug=true -t lp_service_debug

Refer to:

• Service Section
• Source Code for service.yml

Recommended Configuration After OS Installation

1. Set up users, sudoers, and persistent network interfaces:

ansible-playbook lp.yml -t lp_vars
ansible-playbook lp.yml -t lp_hostname
ansible-playbook lp.yml -t lp_groups
ansible-playbook lp.yml -t lp_users
ansible-playbook lp.yml -t lp_sudoers
ansible-playbook lp.yml -t lp_udev
ansible-playbook lp.yml -t lp_netplan
ansible-playbook lp.yml -t lp_wpasupplicant
ansible-playbook lp.yml -t lp_reboot -e 'lp_reboot=true lp_reboot_force=true'

2. Configure the firewall, like iptables:

shell> ansible-playbook lp.yml -t lp_iptables

3. Test package installations:

shell> ansible-playbook -t lp_packages -e 'lp_package_install_dryrun=true' lp.yml

4. Install the packages:

shell> ansible-playbook -t lp_packages lp.yml

5. Check, install, and configure other tasks:

shell> ansible-playbook lp.yml --check
shell> ansible-playbook lp.yml

Ansible Lint

Use the configuration file .ansible-lint.local when running ansible-lint. Some rules may be turned off and certain warnings ignored. See the configuration file for details.

shell> ansible-lint -c .ansible-lint.local

License

Author Information

Vladimir Botka

References

• Official Ubuntu Documentation

• Ubuntu Releases

• Armbian for ARM Development Boards

• RHEL 7 System Administrator's Guide

• ACPI - Ubuntu Wiki

• Apt Configuration - Debian Wiki

• apt.conf - Ubuntu Man

• AppArmor Wiki

• Automatic Updates - Ubuntu Help

• Bluetooth Headphones

• Cron Howto - Ubuntu Help

• Debsums - Debian Man

• Dnsmasq Documentation

• GPG - GnuPG

• GPG Best Practices

• KVM - Ubuntu Help

• LaTeX - Ubuntu Help

• libvirt Documentation

• NTP - Ubuntu Help

• Netplan Documentation

• UFW - Uncomplicated Firewall - Ubuntu Help

• VirtualBox - Ubuntu Help Community

• wpa_supplicant - ArchLinux Wiki

• ZFS - Ubuntu Wiki