This collection includes Ansible roles and plugins for opinionated, portable configuration of hosts with an emphasis on complete automation. Manual intervention is limited as much as possible, including writes to the Ansible inventory. Storage, network and service configuration are intentionally not included here (they are handled or will be handled by other o0_o collections).
Be excellent to each other.
Releases and other important changes will be announced through the Github repository.
Contributions are welcome, especially support for additional platforms! Contribute via the normal pull request process on Github.
oØ.o is the sole maintainer of this collection.
This project is solely run by me, oØ.o. I have final say in all aspects of it. If this is not to your liking, please fork.
Versions 2.11+
paramiko or ansible-pylibssh
Note that there is currently a bug with libssh on RouterOS. paramiko is the only option for RouterOS hosts until that is resolved.
ansible-collections/community.routeros#132
sshansible.netcommon.network_cli
first_found_by_host_attributes
connectionprivilege_escalationtimesoftwarepython_interpreterfactsmandatory_access_controlusers
- name: Example playbook using the o0_o.host collection
hosts: all
gather_facts: false
any_errors_fatal: true
roles:
- o0_o.host.python_interpreterRealistically, the included playbook(s) are best for most cases. These will run a collection of roles that bring hosts to a configuration milestone.
ansible-playbook -i inventory o0_o.host.milestone_001Symlinks provide convenient abbreviations. Milestone playbooks always target the all hosts group. It is assumed that the user will use ansible-playbook flags to specific which hosts will be targeted.
ansible-playbook -i inventory o0_o.host.m1 -l "www*"The milestone playbooks also implement a Role Call feature which prints a summary of roles as they were executed at the end of the play (even if the play fails). Tabbing indicates parent/dependency relationships.
ok: [debian11.hq.example.com] => {
"role_call": [
"o0_o.host.connection",
" o0_o.inventory",
"o0_o.host.time",
" o0_o.host.facts",
" o0_o.host.privilege_escalation",
" o0_o.host.software_management",
" o0_o.host.time",
" o0_o.host.python_interpreter",
" o0_o.host.facts",
" o0_o.host.software_management",
" o0_o.host.mandatory_access_control"
]
}
ok: [openbsd7.hq.example.com] => {
"role_call": [
"o0_o.host.connection",
" o0_o.inventory",
"o0_o.host.time",
" o0_o.host.facts",
" o0_o.host.privilege_escalation",
" o0_o.host.software_management",
" o0_o.host.time",
" o0_o.host.python_interpreter",
" o0_o.host.mandatory_access_control"
]
}
ok: [routeros7.hq.example.com] => {
"role_call": [
"o0_o.host.connection",
" o0_o.inventory",
"o0_o.host.time",
" o0_o.host.facts",
" o0_o.host.privilege_escalation",
"o0_o.host.python_interpreter",
"o0_o.host.software_management",
"o0_o.host.mandatory_access_control"
]
}In this example, 3 hosts take different paths through milestone 1. In this case, Debian was newly provisioned so the dependencies were more complex. OpenBSD here was already configured so it's run is simpler and there were no changes. Many of the roles are not applicable to RouterOS so it's run is simpler.
pip install paramiko #o0_o.inventory will do this for you
# OR #
pip install ansible-pylibssh #o0_o.inventory will do this for you
ansible-galaxy collection install ansible.netcommon
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.general
ansible-galaxy collection install community.routeros
ansible-galaxy collection install community.network
ansible-galaxy role install o0_o.inventory
ansible-galaxy collection install o0_o.hostYou can also include Ansible dependencies in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:
---
roles:
- name: o0_o.inventory
collections:
- name: ansible.netcommon
- name: ansible.posix
- name: community.general
- name: community.routeros
- name: community.networkA requirements.yml is included with this collection.
Note that if you install the collection from Ansible Galaxy, it will not be upgraded automatically when you upgrade the ansible package. To upgrade the collection to the latest available version, run the following command:
ansible-galaxy collection install o0_o.host --upgradeYou can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 1.0.0:
ansible-galaxy collection install o0_o.host:==1.0.0See Ansible Using collections for more details.
Italics imply completion (if there is a strikethrough format that works across Github Markdown and reStructedText, please let me know).
- First found tasks, vars or template file based on system attributes
-
Connection
-
Privilege escalation
-
Time
-
Software Management
- Handle
/etc/sources.list.dinstead of only/etc/sources.liston Debian distributions, specifically for Raspbian - Parse current repository state instead of maintaining defaults
- Handle
-
Python interpreter
-
Facts
- Identify Raspbian vs plain Debian
-
Mandatory access control (MAC)
- Implement bootloader dependency
-
Users
- Add privileged user to ancillary admin groups
-
Bootloader
-
Schedule
-
System-specific sane defaults and hardening
- Arch Linux
- Centos/RHEL 7
- Rocky/RHEL 8
- Fedora
- Debian
- Ubuntu
- FreeBSD
- OpenBSD
- macOS
- RouterOS
-
Antivirus
-
Auditing
-
Intrusion detection
- Milestone 1
- Ansible Collection overview
- Ansible User guide
- Ansible Developer guide
- Ansible Collections Checklist
- Ansible Community code of conduct
- The Bullhorn (the Ansible Contributor newsletter)
- News for Maintainers
This collection uses the MIT license.
See LICENSE to see the full text.
This file was written using boilerplate from the Ansible collection template repository.