Base system

Linux systems base settings.

Running roles in containers is not common, but this use case is supported for Ansible testing with Molecule. In this case, just the package manager cache will be configured and updated if needed, the other system component will be not managed since it is the reponsibility of the container engine.

GitLab project: yoanncolin/ansible/roles/system

Requirements

This role as been writen to be run as non root user, so Sudo has to be installed and configured.

For network configuration, the netaddr Python package is required, You also need the ansible.utils Ansible module.

For filesystems management, the jmespath Python package is required, You also need the community.general and ansible.posix Ansible modules.

Facts

Defined facts of this role :

• system_packages
• system_shells
• system_sudo_version

Look at the facts documentation for more details.

Tags

Because some values are dispatched in multiple tasks. You can quickly update some of them with tags :

• ca - SSL certificates authorities
• firewall
• hosts - Update /etc/hosts file
• networks
• packages
• proxies
• storages
• sudoers
• time
• users

Usage :

ansible-playbook -t tag1[,tag2[,...]] my_play.yml

Tasks

System composents are managed through separated tasks that could be called independently.

Of course, all tasks are called in the main.yml. See each task documentation :

• facts
• proxies
• hosts
• packages
• networks
• storages
• sudo
• users
• zsh
• ca
• time
• firewall

Role Variables

Feature flipping

Look at defaults/main/feature-flipping.yml.

Enable/disable some features by setting them to true/false.

Shared variables

Look at defaults/main/shared.yml.

system_bin_path: /usr/local/bin
system_profile: server
system_retries: 2

Some distributions does not provide command line to easily know if a reboot is required, or if the packages cache is outdated. So we put scripts to do it.

You can change those scripts location through the system_bin_path.

The system_profile can impact the behaviour of some parts of the system, for example the packages to install (or not).

If You have some network troubles during installation, you can increase the system_retries value.

Dependencies

A reachable Linux system with Python installed.

Example Playbook

First deployment or distribution upgrade, 10 steps rolling update :

---
- name: Rolling update
  hosts: all
  serial: 10%
  roles:
    - role: gwerlas.system
      vars:
        system_packages_upgrade: true

Use just one task :

---
- name: Package managers
  hosts: all
  tasks:
    - name: Just get the package manager upready
      ansible.builtin.import_role:
        name: gwerlas.system
        tasks_from: package-managers

License

BSD 3-Clause License.