2015-05-28 11:32:57 +02:00
|
|
|
---
|
|
|
|
|
#
|
|
|
|
|
# Use the apt proxy
|
|
|
|
|
#
|
|
|
|
|
use_apt_proxy: False
|
|
|
|
|
|
2015-07-28 19:27:25 +02:00
|
|
|
pkg_state: installed
|
2015-05-28 11:32:57 +02:00
|
|
|
common_packages:
|
2015-05-31 19:35:38 +02:00
|
|
|
- acl
|
2015-05-28 11:32:57 +02:00
|
|
|
- zile
|
|
|
|
|
- dstat
|
|
|
|
|
- iotop
|
2015-12-14 11:31:01 +01:00
|
|
|
- curl
|
2015-05-28 11:32:57 +02:00
|
|
|
- wget
|
|
|
|
|
- vim-tiny
|
|
|
|
|
- psmisc
|
|
|
|
|
- tcpdump
|
|
|
|
|
- lsof
|
|
|
|
|
- strace
|
|
|
|
|
- rsync
|
|
|
|
|
- multitail
|
|
|
|
|
- unzip
|
|
|
|
|
- htop
|
|
|
|
|
- tree
|
|
|
|
|
- bind9-host
|
|
|
|
|
- bash-completion
|
2015-07-23 22:05:06 +02:00
|
|
|
- sudo
|
2016-02-12 10:55:49 +01:00
|
|
|
- apt-transport-https
|
2016-03-03 18:55:27 +01:00
|
|
|
- nano
|
2016-07-07 17:39:27 +02:00
|
|
|
- xmlstarlet
|
2016-10-21 15:21:47 +02:00
|
|
|
- bsdutils
|
2015-05-28 11:32:57 +02:00
|
|
|
|
2017-02-22 18:18:10 +01:00
|
|
|
default_python_packages:
|
|
|
|
|
- python-software-properties
|
|
|
|
|
- python-lxml
|
|
|
|
|
- python-boto
|
|
|
|
|
|
|
|
|
|
|
2015-07-28 19:27:25 +02:00
|
|
|
# Set this variable in your playbook
|
|
|
|
|
# additional_packages:
|
|
|
|
|
# - pkg1
|
|
|
|
|
# - pkg2
|
|
|
|
|
|
2015-05-28 11:32:57 +02:00
|
|
|
# Unattended upgrades
|
|
|
|
|
unatt_allowed_origins:
|
|
|
|
|
- '${distro_id}:${distro_codename}-security'
|
|
|
|
|
#unatt_blacklisted:
|
|
|
|
|
# - libc6
|
|
|
|
|
unatt_autofix: "true"
|
|
|
|
|
# When true, the procedure is really slow
|
|
|
|
|
unatt_minimalsteps: "false"
|
|
|
|
|
unatt_install_on_shutdown: "false"
|
|
|
|
|
#unatt_email: sysadmin@isti.cnr.it
|
|
|
|
|
unatt_email_on_error: "false"
|
|
|
|
|
unatt_autoremove: "true"
|
|
|
|
|
unatt_autoreboot: "false"
|
|
|
|
|
unatt_autoreboot_time: "now"
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Defaults
|
|
|
|
|
#
|
|
|
|
|
cleanup_base_packages: True
|
|
|
|
|
base_packages_to_remove:
|
|
|
|
|
- ppp
|
|
|
|
|
- at
|
|
|
|
|
|
|
|
|
|
cleanup_x_base_packages: False
|
|
|
|
|
x_base_packages_to_remove:
|
|
|
|
|
- firefox-locale-en
|
|
|
|
|
- x11-common
|
|
|
|
|
|
|
|
|
|
cleanup_nfs_packages: False
|
|
|
|
|
nfs_packages:
|
|
|
|
|
- nfs-common
|
|
|
|
|
- portmap
|
|
|
|
|
|
|
|
|
|
cleanup_rpcbind_packages: False
|
|
|
|
|
rpcbind_packages:
|
|
|
|
|
- rpcbind
|
|
|
|
|
|
2015-07-06 17:46:26 +02:00
|
|
|
cleanup_exim_email_server: True
|
|
|
|
|
exim_email_server_pkgs:
|
|
|
|
|
- exim4
|
|
|
|
|
- exim4-base
|
|
|
|
|
- exim4-config
|
|
|
|
|
- exim4-daemon-light
|
|
|
|
|
|
2016-07-12 16:37:27 +02:00
|
|
|
disable_some_not_needed_services: False
|
2015-12-27 13:52:58 +01:00
|
|
|
services_to_be_disabled:
|
|
|
|
|
- rpcbind
|
|
|
|
|
- atd
|
|
|
|
|
- acpid
|
2016-04-08 18:16:00 +02:00
|
|
|
|
|
|
|
|
# A generic PKI directory where the local certificates will be stored
|
|
|
|
|
pki_dir: /etc/pki
|
|
|
|
|
pki_subdirs:
|
|
|
|
|
- certs
|
|
|
|
|
- keys
|
2015-12-27 13:52:58 +01:00
|
|
|
|
2015-05-28 11:32:57 +02:00
|
|
|
# Install our /etc/resolv.conf
|
|
|
|
|
install_resolvconf: True
|
|
|
|
|
|
|
|
|
|
# Install and configure munin
|
2015-06-19 19:34:45 +02:00
|
|
|
configure_munin: False
|
2015-05-28 11:32:57 +02:00
|
|
|
|
|
|
|
|
# Manage the root ssh keys
|
2017-02-09 15:33:41 +01:00
|
|
|
manage_root_ssh_keys: True
|
2015-05-31 19:35:38 +02:00
|
|
|
|
2015-08-06 13:56:20 +02:00
|
|
|
install_additional_ca_certs: False
|
|
|
|
|
additional_ca_dest_dir: /usr/local/share/ca-certificates
|
|
|
|
|
# IMPORTANT: the destination file extension must be .crt
|
|
|
|
|
#x509_additional_ca_certs:
|
|
|
|
|
# - { url: "https://security.fi.infn.it/CA/mgt/INFNCA.pem", dest_file: '{{ additional_ca_dest_dir }}/infn-ca.crt' }
|
|
|
|
|
|
2016-07-26 12:51:34 +02:00
|
|
|
#
|
|
|
|
|
default_security_limits:
|
|
|
|
|
- { domain: 'root', l_item: 'nofile', type: 'soft', value: '8192' }
|
2016-07-28 15:34:55 +02:00
|
|
|
- { domain: 'root', l_item: 'nofile', type: 'hard', value: '8192' }
|
2016-07-26 12:51:34 +02:00
|
|
|
|
2016-10-13 19:59:54 +02:00
|
|
|
# default_rsyslog_custom_rules:
|
|
|
|
|
# - ':msg, contains, "icmp6_send: no reply to icmp error" ~'
|
|
|
|
|
# - ':msg, contains, "[PYTHON] Can\'t call the metric handler function for" ~'
|
2016-07-26 12:51:34 +02:00
|
|
|
|
2015-05-31 19:35:38 +02:00
|
|
|
#
|
|
|
|
|
# debian/ubuntu distributions controllers
|
|
|
|
|
#
|
2015-09-03 02:36:22 +02:00
|
|
|
has_default_grub: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} >= 6"
|
2015-05-31 19:35:38 +02:00
|
|
|
|
|
|
|
|
has_htop: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04 or {{ ansible_distribution_version }} == 12.04)"
|
|
|
|
|
|
2015-09-03 02:36:22 +02:00
|
|
|
has_apt: "('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and '{{ ansible_distribution_major_version }}' >= 5"
|
2015-05-31 19:35:38 +02:00
|
|
|
|
2015-09-03 02:36:22 +02:00
|
|
|
has_fail2ban: "(('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_distribution_major_version }} >= 14)) or (('{{ ansible_distribution }}' == 'Debian') and ({{ ansible_distribution_major_version }} >= 8))"
|
2015-08-07 11:25:06 +02:00
|
|
|
|
2015-05-31 19:35:38 +02:00
|
|
|
is_debian: "'{{ ansible_distribution }}' == 'Debian'"
|
2015-06-14 23:39:13 +02:00
|
|
|
is_debian8: "'{{ ansible_distribution_release }}' == 'jessie'"
|
2015-05-31 19:35:38 +02:00
|
|
|
is_debian7: "'{{ ansible_distribution_release }}' == 'wheezy'"
|
2015-09-03 02:36:22 +02:00
|
|
|
is_debian6: "('{{ ansible_distribution }}' == 'Debian' and {{ ansible_distribution_major_version }} == 6)"
|
|
|
|
|
is_debian5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} == 5"
|
|
|
|
|
is_debian4: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} == 4"
|
|
|
|
|
is_not_debian6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} != 6"
|
2015-08-12 19:54:14 +02:00
|
|
|
is_debian_7_or_older: "'{{ ansible_distribution }}' == 'Debian' and {{ ansible_distribution_major_version }} <= 7"
|
|
|
|
|
is_debian_less_than6: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} < 6"
|
2015-09-03 02:36:22 +02:00
|
|
|
is_not_debian_less_than_6: "('{{ ansible_distribution }}' != 'Debian') or (('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} >= 6)"
|
2016-06-21 14:03:02 +02:00
|
|
|
is_not_debian_less_than_7: "('{{ ansible_distribution }}' != 'Debian') or (('{{ ansible_distribution }}' == 'Debian' or '{{ ansible_distribution }}' == 'Ubuntu') and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} >= 7)"
|
2015-05-31 19:35:38 +02:00
|
|
|
|
|
|
|
|
is_hardy: "'{{ ansible_distribution_release }}' == 'hardy'"
|
|
|
|
|
is_broken_hardy_lts: "'{{ ansible_distribution }}'== 'Debian' and '{{ ansible_distribution_release }}' == 'NA'"
|
|
|
|
|
is_jaunty: "'{{ ansible_distribution_release }}' == 'jaunty'"
|
|
|
|
|
is_quantal: "'{{ ansible_distribution_release }}' == 'quantal'"
|
|
|
|
|
is_natty: "'{{ ansible_distribution_release }}' == 'natty'"
|
|
|
|
|
is_precise: "'{{ ansible_distribution_release }}' == 'precise'"
|
|
|
|
|
is_trusty: "'{{ ansible_distribution_release }}' == 'trusty'"
|
|
|
|
|
is_ubuntu: "'{{ ansible_distribution }}' == 'Ubuntu'"
|
|
|
|
|
is_not_precise: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 12.04) or '{{ ansible_distribution }}' == 'Debian'"
|
|
|
|
|
is_not_trusty: "('{{ ansible_distribution }}' == 'Ubuntu' and {{ ansible_distribution_version }} != 14.04) or '{{ ansible_distribution }}' == 'Debian'"
|
2015-09-03 02:36:22 +02:00
|
|
|
is_not_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_distribution_major_version }} >= 12)"
|
2016-06-21 14:03:02 +02:00
|
|
|
is_not_ubuntu_less_than_trusty: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_distribution_major_version }} >= 14)"
|
2015-09-03 02:36:22 +02:00
|
|
|
is_ubuntu_less_than_precise: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_distribution_major_version }} < 12)"
|
|
|
|
|
is_ubuntu_less_than_trusty: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_distribution_major_version }} < 14)"
|
2015-05-31 19:35:38 +02:00
|
|
|
# Ubuntu < 10.04 or Debian 4
|
|
|
|
|
is_ubuntu_between_8_and_9_and_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 8.04 or {{ ansible_distribution_version }} == 8.10 or {{ ansible_distribution_version }} == 9.04)) or ({{ is_debian4 }})"
|
2015-09-03 02:36:22 +02:00
|
|
|
#is_ubuntu_between_8_and_9_or_is_debian_4: "('{{ ansible_distribution }}' == 'Ubuntu') and ({{ ansible_distribution_major_version }} < 12) or ({{ is_debian4 }})"
|
2015-05-31 19:35:38 +02:00
|
|
|
is_ubuntu_between_8_and_9_or_is_debian_4: "'{{ is_ubuntu_between_8_and_9_and_is_debian_4 }}'"
|
|
|
|
|
# Ubuntu between 10.04 and 11.04
|
|
|
|
|
is_ubuntu_between_10_04_and_11_04: "'{{ ansible_distribution }}' == 'Ubuntu' and ({{ ansible_distribution_version }} == 10.04 or {{ ansible_distribution_version }} == 10.10 or {{ ansible_distribution_version }} == 11.04)"
|
|
|
|
|
# Ubuntu between 10.04 and 11.04, or Debian 6
|
|
|
|
|
is_ubuntu_between_10_04_and_11_04_and_is_debian_6: "({{ is_ubuntu_between_10_04_and_11_04 }} or {{ is_debian6 }})"
|
|
|
|
|
# Debian >=6
|
2015-09-03 02:36:22 +02:00
|
|
|
is_debian_greater_than_5: "'{{ ansible_distribution }}' == 'Debian' and '{{ ansible_distribution_version }}' != 'lenny/sid' and {{ ansible_distribution_major_version }} >= 6"
|
2015-05-31 19:35:38 +02:00
|
|
|
|
|
|
|
|
is_trusty_or_debian7: "('{{ ansible_distribution_release }}' == 'trusty') or ('{{ ansible_distribution_release }}' == 'wheezy')"
|
|
|
|
|
|
