Skip to content

Latest commit

 

History

History
106 lines (84 loc) · 4.21 KB

README.md

File metadata and controls

106 lines (84 loc) · 4.21 KB

Ansible Role - Minimal CentOS Server

What is this?

  • A simple Ansible role that checks and ensures that non-essential packages are removed from a new CentOS server installation.
    • To review the list of packages that will be removed (if applicable), check the main.yml file in the tasks directory.

Resource Requirements

Dependencies

  • ansible-vault - [optional] - can be used in the minimal_centos.yaml playbook to encrypt and store sensitive data "at rest".
    • In this use case, the ansible_sudo_password variable, which is used as the privilege escalation password, is stored in a vault.
    • Once the secret has been created and added to the playbook, in order for a user be able to become sudo to run the playbook, they will need to decrypt the vault to access the variable.
    • This can be achieved by passing one of the following flags listed below when executing the the playbook;
      • --ask-vault-pass
      • --vault-password-file
    • Below is a demonstration of how the encrypted variable is defined in the playbook;
---
# playbook for the minimal-centos role.
- hosts: all
  vars_files:
    - become-secret
  become: true
  roles:
    - minimal_centos

Supported Distributions

  • Tested on;
    • centos-8-stream

Quick-start & Usage

# clone the repository
$ git clone [email protected]:hubvu/minimal-centos-ansible.git

# navigate into the directory
$ cd minimal-centos-ansible/

# run the master playbook `site.yaml` with verbosity
# for non Ansible Vault users
$ ansible-playbook site.yaml \
  --inventory-file=hosts \
  --ask-become-pass \
  --verbose

# run the master playbook `site.yaml` with verbosity
# for Ansible Vault users
$ ansible-playbook site.yaml \
  --inventory-file=hosts \
  --ask-vault-pass \
  --verbose

Contributing

  • Contribution guidelines for this project can be found in the Contributing document.

Acknowledgements

License