city-of-bloomington / ansible-role-linux Goto Github PK
View Code? Open in Web Editor NEWAnsible role for common settings across linux servers
License: GNU General Public License v3.0
Ansible role for common settings across linux servers
License: GNU General Public License v3.0
So far, we provide a custom NTP conf file as a template. However, this does not allow for the distro to provide variations over time.
Instead of writing a template, we should just make sure the server lines are added to the ntp.conf file.
Cloud-config makes it more difficult to make network changes. We should have Ansbile turn this off for us, as part of a base linux install.
Ubuntu's default configuration sets cron.daily stuff to start running at 6:00 am. Unattended upgrades are part of that, and occur fairly late in the process. By the time Unattended Upgrades run and reboot, it's usually 8:00 am. This is putting upgrades and reboots into normal working hours.
We should adjust crontab to start the cron.daily stuff earlier.
I know Ubuntu is usuing Anacron, so we'll need to make sure we understand how to control when things run.
Ansible does not have namespacing, and variables are read from ALL group_vars files. We need to make sure to distinguish similar variables from different roles.
We must rename all variables declared in the linux role to be linux_*
We use the staff group to control permissions on the content of /srv. However, we never set a umask, so when one staff member adds a file, the file is still not editable by the next staff member.
We should set a good umask for this.
Ubuntu uses a local systemd-resolv deamon. It keeps getting in the way of our local DNS environment, though.
We should have ansible disable this service, and replace it with static nameservers in resolv.conf
When a playbook or role errors out, any handlers notified during that run are forgotten. However, subsequent runs of the same playbook or role will not re-notify the handler.
On a given run, the cert is correctly copied to the host. Then, later on during that run, there's an error in the role, and it fails out. Subsequent runs of the playbook will not, then, notify the handler, since the presence of the correct cert file means it shouldn't re-notify.
Ubuntu 20.04 has started adding directory restrictions to services, such as Tomcat. When we deploy apps that need access to config or data directories, we have to override the service definition. The app's playbook will be responsible for providing a systemd drop-in unit file, but we'll need to call systemctl daemon-reload for it to take effect.
We are starting to want to run CentOS on servers. We need to update our Ansible roles to work with RPM based distros as well as DEB.
The README does not mention the vars that are expected by this role and what they are used for. It would be nice to not have to read through all the task YML files to discover this.
The linux role is currently hard coded to open the nagios monitoring port. This role is not the place for open firewall ports for monitoring software. There should be a seperate role for monitoring software.
https://github.com/City-of-Bloomington/ansible-role-zabbix-agent
We want to allow for hosts to customize the base package list. The packages should not be hard coded in the role. For instance, we now have a line for VM-tools; however, we use this on physical machines as well.
We should be able to customize the base packages.
You must specify a direction when declaring default deny. I think this is something that changed in 18.04. Ansible's latest version has been updated to throw an error if you do not declare a direction.
We have been installing open-vm-tools on all machines. Recently we moved it's declaration out of the main task, and declared it in group_vars.
OpenVM tools should be installed by core, but only when the host is a virtual machine. We'll need to check the CPU the kernel is running on to see if it's a VM.
If you want to run this role, but desire no addtional packages, you still must declare the "linux_packages" var. Otherwise it crashes.
Our web applications usually require locales (en_US) for the i18n to work. Ubuntu 20.04 server no longer installs any locales, by default. (It used to install en_US).
We'll need to add the locale installation to our Ansible scripts.
The linux role already creates a standard place for cron backup scripts, and sets permissions on /srv. We should go ahead and create the /srv/backups directory. This is the directory all applications should use to send nightly backups.
We neet to switch to using "import_tasks" to organize our tasks
The old way of doing apt with-items is deprecated. The new way is to declare a variable for all the package names.
- name: "Install Dependencies"
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- "postgis"
- name: "Install Dependencies"
apt:
name: "{{ item }}"
state: present
with_items:
- "postgis"
Some servers we want to turn on unattended upgrades, and some servers we don't want rebooting. We should add a configuration variable that controls modifications to 50unattended-upgrades
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.