Ansible role to install packages on a host
Minimum required ansible version is 2.0.
None.
ansible-galaxy install archf.packages
Basic usage is:
- hosts: all
roles:
- role: archf.packages
If you do not want a global installation, clone it into your roles_path
.
git clone git@github.com:archf/ansible-packages.git /path/to/roles_path
But I often add it as a submdule in a given playbook_dir
repository.
git submodule add git@github.com:archf/ansible-packages.git <playbook_dir>/roles/packages
As the role is not managed by Ansible Galaxy, you do not have to specify the github user account.
Basic usage is:
- hosts: all
roles:
- role: packages
Ansible role to perform:
/etc/sudoers
adjustement- disable
requiretty
to allow enabling ansible pipelining (faster execution) - disable
always_set_home
(allow runningsudo -E
and avoidssudo make install
issues) - prepend
/usr/local/bin
tosecure_path
to allow running priviledged compiled programs
- disable
- grub templating
- install default packages
- configure repositories (currently only yum repos)
- configure yum or dnf repository
- apply centos6 quirks (yum ipv6 issues)
- disable selinux on rhel
- add mounts in the fstree
A lot of things are hardcoded for now.
Adding mounts to fstab
This is using the Ansible mount
module.
mounts:
- dev: '/dev/mapper/data_vg-home_lv'
path: '/media/home_lv'
state: mounted
fstype: ext4
opts: 'defaults,acl'
group: users
passno: X # defaults to 2
dump: Y # defaults to 1
Configure Repos on RedHat and derivatives
This structure allows you to group repos on a per file basis.
packages_repos:
- file: base
repos:
- name: base
baseurl: "http://<your host>/centos/$releasever/os/$basearch"
- name: updates
baseurl: "http://<your host>/centos/$releasever/updates/$basearch"
- name: extras
baseurl: "http://<your host>/centos/$releasever/extras/$basearch"
- name: contrib
baseurl: "http://<your host>/centos/$releasever/contrib/$basearch"
- name: centosplus
baseurl: "http://<your host>/centos/$releasever/centosplus/$basearch"
- file: epel
repos:
- name: epel
baseurl: "http://<your host>/epel/$releasever/$basearch"
Variables are divided in three types.
The default vars section shows you which variables you may override in your ansible inventory. As a matter of fact, all variables should be defined there for explicitness, ease of documentation as well as overall role manageability.
The mandatory variables section contains variables that for several reasons do not fit into the default variables. As name implies, they must absolutely be defined in the inventory or else the role will fail. It is a good thing to avoid reach for these as much as possible and/or design the role with clear behavior when they're undefined.
The context variables are shown in section below hint you on how runtime context may affects role execution.
Role default variables from defaults/main.yml
.
# Packages installation behavior.
packages_state: latest
# Selinux state.
packages_selinux_state: disabled
# List of grub boot options assigned to GRUB_CMDLINE_LINUX_DEFAULT.
# Many distribution defaults to GRUB_CMDLINE_LINUX_DEFAULT="quiet splash".
packages_grub_cmdline_linux_default:
- quiet
- splash
# List of boot option a assigned both to normal and recovery entry of each
# kernel.
packages_grub_cmdline_linux: []
None.
Those variables from vars/*.{yml,json}
are loaded dynamically during task
runtime using the include_vars
module.
Variables loaded from vars/CentOS.yml
.
# List of packages to install by default on any CentOS family system
common_pkgs:
- urlview
- sudo
- git
- tree
- openssh-server
- gdisk
- rsync
- lvm2
- ncurses-devel
- ncurses
- nmap
- vim-common
- vim-X11
- vim-enhanced
- zsh
- curl
- wget
- libselinux-python
- man
- tcpdump
- iotop
- iftop
- strace
- mlocate
- unzip
# versatile replacement for vmstat, iostat and ifstat
- dstat
- yum-utils
# - sysstat
# - tmux
# requires epel-release packages on CentOS
# - htop
# - python34
# - sshpass
Variables loaded from vars/OpenWrt.yml
.
# List of packages to install by default on any openwrt system
common_pkgs:
- 6rd
- zsh
- vim
- tmux
- git
- tcpdump
- nmap
- mtr
- rsync
- shadow
- sudo
- bind-dig
- python
- block-mount
- kmod-usb-storage
- kmod-fs-ext4
- curl
- wget
- wol
- etherwake
- less
- zsh
- openssh-client
- openssh-server
- openssh-keygen
- openssh-sftp-server
- openssh-client-utils
- ca-certificates
- python-openssl
# cobbler requirements
# createrepo
# httpd (apache2 for Debian/Ubuntu)
# mkisofs
# mod_wsgi (libapache2-mod-wsgi for Debian/Ubuntu)
# mod_ssl (libapache2-mod-ssl)
# python-cheetah
# python-netaddr
# python-simplejson
# python-urlgrabber
# PyYAML (python-yaml for Debian/Ubuntu)
# rsync
# syslinux
# tftp-server (atftpd for Debian/Ubuntu, though others may work)
# yum-utils
Variables loaded from vars/Debian.yml
.
# List of packages to install by default on any debian family system.
common_pkgs:
- tmux
- urlview
- mosh
- git
- vim-gtk3
- vim
- htop
- fakeroot
- tree
- openssh-server
- gdisk
- rsync
- lvm2
- libncurses5-dev
- libncurses5
- nmap
- linux-kernel-headers
- zsh
- ssh-askpass
- sshpass
- curl
- wget
- python-selinux
- python3
- python3-venv
- tcpdump
- iotop
- iftop
- strace
- mlocate
- unzip
# versatile replacement for vmstat, iostat and ifstat
- dstat
- pv
- progress
- xauth
# - sysstat
# - ntopng
Variables loaded from vars/RedHat.yml
.
# List of packages to install by default on any rhel family system.
common_pkgs:
- urlview
- mosh
- sudo
- git
- tree
- openssh-server
- gdisk
- rsync
- lvm2
- ncurses-devel
- ncurses
- nmap
- vim-common
- vim-X11
- zsh
- curl
- wget
- libselinux-python
- man
- tcpdump
- iotop
- iftop
- strace
- mlocate
- unzip
# versatile replacement for vmstat, iostat and ifstat
- dstat
- yum-utils
- xorg-x11-xauth
# - sysstat
# - tmux
# - htop
# - python3
You want to contribute? Here's a wishlist:
- use quiet and splash grub options only on desktop, leave servers as they are
Consider opening an issue to share your intent and avoid work duplication!
MIT.
Felix Archambault.
Please do not edit this file. This role README.md
was generated using the
'ansidoc' python tool available on pypi!
Installation:
pip3 install ansidoc
Basic usage:
Validate output by running a dry-run (will output result to stdout)
ansidoc --dry-run <rolepath>
Generate you role readme file. Will write a README.md
file under
<rolepath>/README.md
.
ansidoc <rolepath>
Also usable programatically from Sphinx.