Kowabunga Ansible Collection Documentation

kowabunga.cloud.os role – Install and configure core operating system settings.

Note

This role is part of the kowabunga.cloud collection (version 0.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install kowabunga.cloud.

To use it in a playbook, specify: kowabunga.cloud.os.

Entry point `main` – Install and configure core operating system settings.

Synopsis 

Install and configure Kowabunga core operating system settings.

Parameters 

Parameter	Comments
kowabunga_os_sysctl_settings_extra list / elements=dictionary	Defines custom sysctl tuning settings Default: `[]`
enabled boolean	Ansible condition for setting’s application. Always enabled if unspecified. Choices: `false` `true` ← (default)
name string / required	Sysctl setting name Example: ‘net.ipv4.ip_forward’
reload boolean	Defines whether to reload sysctl daemon after setting’s enablement. Always enabled if unspecified. Choices: `false` `true` ← (default)
set boolean	Whether to keep setting persistent across reboots. Always enabled if unspecified. Choices: `false` `true` ← (default)
state string	Ansible sysctl state. Use ‘absent’ for setting removal. Choices: `"present"` ← (default) `"absent"`
value string / required	Sysctl setting value
kowabunga_os_timezone string	Defines the system’s current timezone for proper time management. Refer to system’s /usr/share/zoneinfo/ content for list of eligible timezones. It is highly recommended to keep it set to UTC (default, Universal Time Coordinated), making any collaboration between global teams way easier when it comes to troubleshooting. Default: `"UTC"`
kowabunga_os_user_admin_accounts_disabled list / elements=string	Optionally defines a list of deprecated UNIX admin accounts to be removed locally from the system. Default: `[]`
kowabunga_os_user_admin_accounts_enabled list / elements=string	Optionally defines a list of UNIX admin accounts to be created locally on system. Admin accounts are nominative (one per user). Admin accounts have password-less escalation privileges. sudo command grants root rights. Admin accounts have no password set. Admin accounts require public key SSH authentication. Default: `[]`
kowabunga_os_user_admin_accounts_pubkey_dirs list / elements=string	Defines a list of local directories (relative to playbook execution one) where to look for public SSH key files. Multiple directories can be passed for Ansible to look into. Public SSH certificates must be PEM-formatted and labelled per account. Example: If <jdoe> is part of `kowabunga_os_user_admin_accounts_enabled` list, Ansible will look for a pem-formatted <jdoe> file in one of the directories provided in `kowabunga_os_user_admin_accounts_pubkey_dirs` variable. If found, user’s public key will be automatically pushed to the system. Default: `[]`
kowabunga_os_user_extra_groups list / elements=string	Optionally defines list of extra UNIX groups to be created. All enabled user admin accounts will be part of the specified groups. Default: `[]`
kowabunga_os_user_root_password string	Optionally allows setting a password for root/admin system user. Note that SSH server policy strictly prohibits remote root login, making it safe against remote brute-force attacks. Setting root password can however comes in handy when system is stuck and you need physical terminal access to the system as last resort option. Defaults to vault-encrypted `secret_kowabunga_os_user_root_password` secret variable, if unspecified. Default: `"{{ secret_kowabunga_os_user_root_password \| default('') }}"`

Collection links

Repository (Sources)