From bd86aff06b4d4fc2c15f7f2f9c159b8897779164 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Mon, 3 Apr 2017 20:05:20 +0300 Subject: Add a basic "sane Debias jessie system" role --- roles/sane_jessie_system/README | 10 ++++++++++ roles/sane_jessie_system/defaults/main.yml | 16 ++++++++++++++++ roles/sane_jessie_system/tasks/apt.yml | 22 ++++++++++++++++++++++ roles/sane_jessie_system/tasks/env.yml | 19 +++++++++++++++++++ roles/sane_jessie_system/tasks/main.yml | 2 ++ roles/sane_jessie_system/templates/sources.list.j2 | 3 +++ 6 files changed, 72 insertions(+) create mode 100644 roles/sane_jessie_system/README create mode 100644 roles/sane_jessie_system/defaults/main.yml create mode 100644 roles/sane_jessie_system/tasks/apt.yml create mode 100644 roles/sane_jessie_system/tasks/env.yml create mode 100644 roles/sane_jessie_system/tasks/main.yml create mode 100644 roles/sane_jessie_system/templates/sources.list.j2 (limited to 'roles') diff --git a/roles/sane_jessie_system/README b/roles/sane_jessie_system/README new file mode 100644 index 0000000..a0799a8 --- /dev/null +++ b/roles/sane_jessie_system/README @@ -0,0 +1,10 @@ +This role, sane_jessie_system, set up a Debian system to run jessie, +and does some setup so the system meets minimal criteria for sanity. +Specifically: + +- APT is configured with all the sources.list entries required by the + playbook +- all packages are upgraded to current versions +- hostname is set +- the clock is kept accurate with NTP +- locales are available diff --git a/roles/sane_jessie_system/defaults/main.yml b/roles/sane_jessie_system/defaults/main.yml new file mode 100644 index 0000000..2f2f3b2 --- /dev/null +++ b/roles/sane_jessie_system/defaults/main.yml @@ -0,0 +1,16 @@ +# These are the variables expected by this role. + +# The desired hostname. Default is empty, which means hostname won't +# be set. +hostname: "" + + +# Default Debian mirror to use. Default should work everywhere, but if +# needed, pick a faster mirror, perhaps a local one. +debian_mirror: http.debian.net + + +# A list of extra APT repositories to add. Each list entry should be a +# dict with the key "repo", which is the sources.list line to add. If +# list is empty (as it is by default), nothing extra is added. +sources_lists: [] diff --git a/roles/sane_jessie_system/tasks/apt.yml b/roles/sane_jessie_system/tasks/apt.yml new file mode 100644 index 0000000..4977683 --- /dev/null +++ b/roles/sane_jessie_system/tasks/apt.yml @@ -0,0 +1,22 @@ +# This is installed before updating sources lists, so that if they +# happen to use https URLs the package lists can still be update. +- name: install apt-transport-https + apt: + name: apt-transport-https + +- name: configure main sources.list + copy: + src: source.list + dest: /etc/apt/sources.list + +- name: additional sources.list.d/* + with_items: "{{ sources_lists }}" + apt_repository: + repo: "{{ item.repo }}" + update_cache: no + +- name: dist-upgrade so everything is up to date + apt: + upgrade: dist + update_cache: yes + cache_valid_time: 0 diff --git a/roles/sane_jessie_system/tasks/env.yml b/roles/sane_jessie_system/tasks/env.yml new file mode 100644 index 0000000..d1e7cab --- /dev/null +++ b/roles/sane_jessie_system/tasks/env.yml @@ -0,0 +1,19 @@ +- name: set /etc/hostname + copy: + content: "{{ hostname }}" + dest: /etc/hostname + when: hostname + +- name: add hostname to /etc/hosts + lineinfile: + dest: /etc/hosts + regexp: '^127\.0\.1\.1 ' + line: "127.0.1.1 {{ hostname }}" + when: hostname + +- name: install environment packages + apt: + name: "{{ item }}" + with_items: + - locales-all + - ntp diff --git a/roles/sane_jessie_system/tasks/main.yml b/roles/sane_jessie_system/tasks/main.yml new file mode 100644 index 0000000..dcb3b60 --- /dev/null +++ b/roles/sane_jessie_system/tasks/main.yml @@ -0,0 +1,2 @@ +- include: apt.yml +- include: env.yml diff --git a/roles/sane_jessie_system/templates/sources.list.j2 b/roles/sane_jessie_system/templates/sources.list.j2 new file mode 100644 index 0000000..4701d19 --- /dev/null +++ b/roles/sane_jessie_system/templates/sources.list.j2 @@ -0,0 +1,3 @@ +deb http://{{ debian_mirror }}/debian jessie main +deb http://security.debian.org/ jessie/updates main +deb {{ debian_mirror }} jessie-updates main -- cgit v1.2.1