linux_postinstall

Ansible role. Configure Linux: acpi, aliases, apparmor, apt, authorized keys, autofs, automatic upgrades, bluetooth, cron, debsums, dnsmasq, fstab, gpg, gpsd, groups, grub, hostname, hosts, chrony, iptables, kvm, latex, libvirt, lid, logrotate, modem manager, modules, netplan, networkd, networkmanager, nfsd, packages, passwords, pm-utils, postfix, rc.local, repos, resolvconf, service, smart, speech-dispatcher, ssh, sshd, sudoers, swap, sysctl, systemd, timesyncd, timezone, tlp, udev, ufw, users, virtualbox, wpa_gui, wpa_supplicant, xen, xorg.conf.d, zfs, (wip ...)

Documentation at readthedocs.io

This role and the documentation is work in progress. If the documentation of a task is missing it's necessary to review the source code to learn how to use it. If a functionality is missing consider role config_light. See various examples. If config_light is not able to do what you want create new tasks.

Feel free to share your feedback and report issues.

Contributions are welcome.

Supported platforms

This role has been developed and tested in

• Ubuntu Supported Releases
• Armbian 5.90

Support for other platforms is work in progress. Some tasks are supported also by Centos. You're encouraged to fit the variables in vars/defaults and test the tasks on your own.

Requirements

Roles

• ansible_lib
• linux_lib

Collections

• ansible.posix
• ansible.utils
• community.general

Role Variables

See defaults and examples in vars.

Workflow

1. Install the roles and collections

Install roles

shell> ansible-galaxy role install vbotka.linux_postinstall
shell> ansible-galaxy role install vbotka.ansible_lib
shell> ansible-galaxy role install vbotka.linux_lib

The collections ansible.posix and community.general are included in the mainstream ansible packages. If they are missing install them

shell> ansible-galaxy collection install ansible.posix
shell> ansible-galaxy collection install ansible.utils
shell> ansible-galaxy collection install community.general

2. Change variables, e.g. in vars/main.yml

shell> editor vbotka.linux_postinstall/vars/main.yml

• See OS specific variables in vars/defaults
• See examples in vars/main.yml.sample
• Customize and/or add Flavor specific variables in vars/flavors
• Optionally enable lp_flavors_enable: true. This will slowdown the playbook
• Optionally put customized OS specific variables into the vars directory
• See tasks/vars.yml for the naming conventions and precedence
• OS specific variables will overwrite variables in var/main.yml

3. Create the inventory

shell> cat hosts
[group1]
host1.example.com
[group1:vars]
ansible_user=admin
ansible_connection=ssh
ansible_python_interpreter=/usr/bin/python3.8
ansible_perl_interpreter=/usr/bin/perl

4. Create the playbook

shell> cat lp.yml
- hosts: group1
  become: yes
  become_user: root
  become_method: sudo
  roles:
    - vbotka.linux_postinstall

5. Run the playbook

shell> ansible-playbook lp.yml

Best practice

Check syntax of the playbook

shell> ansible-playbook lp.yml --syntax-check

Review variables. Optionally detect and store flavors

shell> ansible-playbook lp.yml -t lp_vars

Run the playbook in check mode

shell> ansible-playbook lp.yml --check

If all is right run the playbook twice. In second run all tasks shall be OK and 0 changed, unreachable and failed.

shell> ansible-playbook lp.yml

Auto-installation of packages

Packages listed in the variables lp_*_packages will be automatically installed by the tasks/packages.yml if enabled by variables lp_*_install . For example,

lp_libvirt_install: true
lp_libvirt_packages:
  - libvirt0
  - libvirt-bin
  - libvirt-daemon
  - libvirt-daemon-driver-storage-rbd
  - libvirt-daemon-system
  - virtinst

The packages listed in lp_libvirt_packages will be included in the packages installed by

shell> ansible-playbook lp.yml -t lp_packages_auto -e lp_packages_auto=true

See:

• chapter Packages
• source code packages.yml

Auto-management of services

Variable lp_service_auto contains a list of services automatically managed by the task service.yml. A service will be manged by the task service.yml if lp_<service>: true. Setting lp_<service>: false will disable management of the service by the task service.yml. Variables lp_<service>_enable and lp_<service>_state control the enablement and state of the service. For example, service udev, if set lp_udev: true, will be enabled and started because it is listed among lp_service_auto and by default (precedence 2.):

lp_udev: true
lp_udev_enable: true
lp_udev_state: started

Run the below command to see what services will be managed.

shell> ansible-playbook lp.yml -e lp_service_debug=true -t lp_service_debug

See:

• chapter Service
• source code service.yml

Recommended configuration after the installation of OS

1. Configure users, sudoers and persistent network interfaces

ansible-playbook lp.yml -t lp_vars
ansible-playbook lp.yml -t lp_hostname
ansible-playbook lp.yml -t lp_groups
ansible-playbook lp.yml -t lp_users
ansible-playbook lp.yml -t lp_sudoers
ansible-playbook lp.yml -t lp_udev
ansible-playbook lp.yml -t lp_netplan
ansible-playbook lp.yml -t lp_wpasupplicant
ansible-playbook lp.yml -t lp_reboot -e 'lp_reboot=true lp_reboot_force=true'

2. Configure the firewall. For example iptables

shell> ansible-playbook lp.yml -t lp_iptables

3. Test installation of the packages

shell> ansible-playbook -t lp_packages -e 'lp_package_install_dryrun=true' lp.yml

4. Install packages

shell> ansible-playbook -t lp_packages lp.yml

5. Check, install and configure other tasks

shell> ansible-playbook lp.yml --check
shell> ansible-playbook lp.yml

Ansible lint

Use the configuration file .ansible-lint.local when running ansible-lint. Some rules might be disabled and some warnings might be ignored. See the notes in the configuration file.

shell> ansible-lint -c .ansible-lint.local

License

Author Information

Vladimir Botka

References

• Ubuntu Official Documentation

• Ubuntu Releases

• Armbian linux for ARM development boards

• RHEL 7 System Administrator's Guide

• ACPI - Ubuntu Wiki

• AptConfiguration - Debian Wiki

• apt.conf - Ubuntu man

• AppArmor Wiki

• AppArmor - Ubuntu Wiki

• AppArmor - Ubuntu Help community

• Automatic Updates - Ubuntu Help

• Autofs - Ubuntu Help

• Bluetooth headphones

• Cron Howto - Ubuntu Help

• Debsums - Debian man

• Dnsmasq - DNS, DHCP, router advertisement and network boot

• Dnsmasq - Ubuntu Help

• GCP Configuring Imported Images

• GPG - GnuPG

• GPG - GnuPG HowTo - Ubuntu Help community

• GPG - OpenPGP Best Practices

• GPG - Ubuntu Security Team

• GPSD Bluetooth

• GPSD Troubleshooting

• GPSD cannot create rfcomm0 - SO

• GRUB - Ubuntu Help

• Chrony - implementation of NTP

• Chrony - ArchLinux Wiki

• Chrony - Ubuntu Blog: Bionic: Using chrony to configure NTP

• Chrony - RHEL 7 System Administrator's Guide: CHAPTER 18. CONFIGURING NTP USING THE CHRONY SUITE

• Chrony - RHEL 7 System Administrator's Guide: CHAPTER 3. CONFIGURING THE DATE AND TIME

• Iptables HowTo - Ubuntu Help community

• How To Implement a Basic Firewall Template with Iptables on Ubuntu 14.04 - DO tutorial

• KVM Ubuntu - Ubuntu Help community

• LaTeX - Ubuntu Help community

• LaTeX CTAN: Comprehensive TEX Archive Network

• LaTeX CTAN: macros/latex/contrib/

• LaTeX How to install LaTeX on Ubuntu 22.04 Jammy Jellyfish - LinuxConfig

• libvirt

• libvirt - Ubuntu Help

• libvirt Xen4 - CentOS Wiki

• Lid - Ubuntu Ask

• Logrotate - How to Setup and Manage Log Rotation

• ModemManager - FreeDesktop Wiki

• ModemManager. Remove from boot - Ubuntu Ask

• modules - CentOS Persistent Module Loading

• modules - Disable and blacklist Linux modules

• NTP - Ubuntu Help

• Netplan

• Network configuration - ArchLinux Wiki

• Networkd systemd-networkd - ArchLinux Wiki

• Networkd Managing WPA wireless with systemd-networkd - ArchLinux BBS

• Networkd systemd-networkd - Freedesktop.org

• Networkd systemd.network - Freedesktop.org

• NetworkManager disabling - Ubuntu Help

• NFS - Centos

• NFS - Ubuntu

• Packages - How to prevent updating of a specific package? - Ubuntu Ask

• Password(store) - pass the standard Unix password manager

• PM pm-utils - ArchLinux Wiki

• Postfix Basic Setup Howto - Ubuntu Help

• rc.local - AskUbuntu: How can I make /etc/rc.local run on startup?

• Smartmontools

• Smartmontools - Ubuntu Help

• SMART - Wikipedia

• speech-dispatcher

• SSH - Ubuntu Help

• SSH - OpenSSH

• SSH - Passwordless Setup on Ubuntu

• ssh_config man

• SwapFaq - Ubuntu Help

• systemd - Freedesktop.org

• systemd - ArchLinux Wiki

• systemd - Ubuntu Wiki

• TLP - Linux Advanced Power Management Tool

• timesyncd - FreeDesktop man

• timesyncd - ArchLinux Wiki

• timesyncd - AskUbuntu: NTP not supported

• timesyncd - Centos Forum

• udev - ArchLinux Wiki

• udev - Debian Wiki

• udev debugging - Ubuntu Wiki

• UFW - Uncomplicated Firewall - Ubuntu Help

• UFW - Uncomplicated Firewall - Ubuntu Wiki

• UFW - How do I get ufw to start on boot? - AskUbuntu

• VirtualBox

• VirtualBox - Ubuntu Help community

• VirtualBox - Install Oracle VM VirtualBox in Ubuntu - eLinuxBook

• wpa_supplicant - upstream

• wpa_supplicant.conf - upstream

• wpa_supplicant - ArchLinux Wiki

• wpa_supplicant 10-wpa_supplicant dhcpcd hook

• Xen - Ubuntu Help community

• Xen - Ubuntu Wiki

• Xen Tuning for Performance - Xen Wiki

• Xen Project Best Practices - Xen Wiki

• Xorg Guide - Gentoo Wiki

• ZFS - Ubuntu Wiki