ansible-playbooks/ubuntu/roles/common/tasks/main.yml

---
# This playbook contains common plays that will be run all nodes.

- name: Install python-apt, aptitude, and debconf-utils
  shell: apt-get update && apt-get -y install python-apt aptitude debconf-utils
- name: Do any package upgrades
  apt: upgrade=dist
- name: Set default locale to en_US.UTF-8
  debconf: name=locales question='locales/default_environment_locale' value=en_US.UTF-8 vtype='select'
- name: Generate locales
  debconf: name=locales question='locales/locales_to_be_generated'  value='en_US.UTF-8 UTF-8' vtype='multiselect'
- name: Set timezone area
  debconf: name=tzdata question='tzdata/Areas' value='Etc' vtype='select'
- name: Set timezone
  debconf: name=tzdata question='tzdata/Zones/Etc' value='UTC' vtype='select'
  notify:
  - restart rsyslog
  - restart cron
- name: Install required packages
  apt:
    name: "{{ packages }}"
    state: latest
  vars:
    packages:
    - most
    - zsh
    - vim
    - vim-scripts
    - git
    - tmux
    - multitail
    - mtr-tiny
    - curl
    - dnsutils
    - sudo
    - gnupg
    - traceroute
    - htop
    - haveged
    - build-essential
    - vnstat
    - chrony
    - unattended-upgrades
    - iptables-persistent
    - netfilter-persistent
    - mailutils
    - postfix
- name: Remove packages we do not need
  apt:
    name: "{{ packages }}"
    state: absent
  vars:
    packages:
    - exim4-daemon-light
    - consolekit
    - snapd
    - lxcfs
    - rpcbind
- name: Ensure haveged, ntp, and vnstat are started on boot
  service: name={{ item }} enabled=yes
  with_items:
     - haveged
     - vnstat
     - chrony
- name: Ensure that the periodic APT cron task clears out old kernels and does unattended security upgrades
  copy: src=10periodic dest=/etc/apt/apt.conf.d/10periodic backup=yes owner=root group=root mode=0644
- name: Copy our sshd_config over and restart sshd
  copy: src=sshd_config dest=/etc/ssh/sshd_config backup=yes owner=root group=root mode=0644
  notify:
  - restart sshd
Add a slightly modified playbook for Ubuntu systems. - No need for nginx repo anymore. 2015-05-24 17:22:57 +00:00			`---`
			`# This playbook contains common plays that will be run all nodes.`

			`- name: Install python-apt, aptitude, and debconf-utils`
			`shell: apt-get update && apt-get -y install python-apt aptitude debconf-utils`
			`- name: Do any package upgrades`
			`apt: upgrade=dist`
			`- name: Set default locale to en_US.UTF-8`
			`debconf: name=locales question='locales/default_environment_locale' value=en_US.UTF-8 vtype='select'`
			`- name: Generate locales`
			`debconf: name=locales question='locales/locales_to_be_generated' value='en_US.UTF-8 UTF-8' vtype='multiselect'`
			`- name: Set timezone area`
			`debconf: name=tzdata question='tzdata/Areas' value='Etc' vtype='select'`
			`- name: Set timezone`
			`debconf: name=tzdata question='tzdata/Zones/Etc' value='UTC' vtype='select'`
			`notify:`
			`- restart rsyslog`
			`- restart cron`
			`- name: Install required packages`
stop using with_items for apt in ubuntu/roles/common/tasks/main.yml 2019-07-22 00:34:13 +00:00			`apt:`
			`name: "{{ packages }}"`
			`state: latest`
			`vars:`
			`packages:`
			`- most`
			`- zsh`
			`- vim`
			`- vim-scripts`
			`- git`
			`- tmux`
			`- multitail`
			`- mtr-tiny`
			`- curl`
			`- dnsutils`
			`- sudo`
			`- gnupg`
			`- traceroute`
			`- htop`
			`- haveged`
			`- build-essential`
			`- vnstat`
			`- chrony`
			`- unattended-upgrades`
make sure iptables-persistent and netfilter-persistent is installed via common playbook 2019-08-21 22:45:23 +00:00			`- iptables-persistent`
			`- netfilter-persistent`
remove duplicity/python-boto, add postfix, mailutils 2019-11-17 04:12:07 +00:00			`- mailutils`
			`- postfix`
Update package removal list add snapd and lxcfs to removal list 2019-01-16 02:22:27 +00:00			`- name: Remove packages we do not need`
stop using with_items for apt in ubuntu/roles/common/tasks/main.yml 2019-07-22 00:34:13 +00:00			`apt:`
			`name: "{{ packages }}"`
			`state: absent`
			`vars:`
			`packages:`
			`- exim4-daemon-light`
			`- consolekit`
			`- snapd`
			`- lxcfs`
add rpcbind to list of packages we remove on setup 2020-03-27 17:08:01 +00:00			`- rpcbind`
Remove unbound from boot check list. 2017-01-12 20:27:22 +00:00			`- name: Ensure haveged, ntp, and vnstat are started on boot`
Add a slightly modified playbook for Ubuntu systems. - No need for nginx repo anymore. 2015-05-24 17:22:57 +00:00			`service: name={{ item }} enabled=yes`
			`with_items:`
			`- haveged`
			`- vnstat`
Check that chrony service is enabled instead of ntpd 2018-02-12 22:21:28 +00:00			`- chrony`
Add some custom APT periodic task configuration Ensure that the periodic APT cron task clears out old kernels and does unattended security upgrades 2017-08-06 20:24:25 +00:00			`- name: Ensure that the periodic APT cron task clears out old kernels and does unattended security upgrades`
			`copy: src=10periodic dest=/etc/apt/apt.conf.d/10periodic backup=yes owner=root group=root mode=0644`
common role is now copying over a sshd_config 2020-03-24 14:27:09 +00:00			`- name: Copy our sshd_config over and restart sshd`
			`copy: src=sshd_config dest=/etc/ssh/sshd_config backup=yes owner=root group=root mode=0644`
			`notify:`
			`- restart sshd`