Production ready, continuously tested collection of Ansible roles targeting Centos and RHEL operating systems.
- Python 3 support
- Tracking most recent major Ansible release
- Namespaced role variables
- Continously tested on Docker, AWS EC2 and baremetal [1,2]
- docker
- dotfiles
- duo_unix
- epel
- ferm
- logrotate
- lvm
- ntp
- packagecloud
- ssh
- sudo
- tunnelbroker
- unnatended upgrades
- virtualbox
Docker configuration tailored for the enterprise linux operating system.
- Docker best practices and guidelines
- Support for docker community and enterprise edition
- Devicemapper storage driver with thinly provisioned logical volumes [3]
- Systemd execution order tailored for network mounted block storage
$ ansible-galaxy install escapace.docker| Variable | Default | Description |
|---|---|---|
docker_lvm_data_volume_size |
95%VG |
Docker LVM volume size |
docker_volume_name |
docker |
Docker LVM volume name |
docker_volume_group_name |
default |
Docker LVM volume group name |
docker_icc_enabled |
false |
Docker inter-containter networking |
docker_ipv4_cidr |
192.168.0.0/16 |
Docker IPv4 network CIDR |
docker_ipv6_enabled |
false |
Docker IPv6 support |
docker_ipv6_cidr |
2001:db8:1::/64 |
Docker IPv6 network CIDR |
docker_edition |
ce |
Docker edition |
docker_gc_install |
true |
Docker garbage collection of containers and images |
docker_selinux_enabled |
true |
Docker SELinux support |
docker_ipv4_dmz |
[] |
List of IPv4 networks to to include in DMZ |
docker_ipv6_dmz |
[] |
List of IPv6 networks to to include in DMZ |
Drop-in user-space, user-agnostic zsh; tmux; git &c configuration. [4,5]
$ ansible-galaxy install escapace.dotfiles| Variable | Default | Description |
|---|---|---|
dotfiles_username |
Username | |
dotfiles_key |
OpenSSH publick key | |
dotfiles_keyboard_interactive_group |
OpenSSH keyboard interactive group |
Two factor, keyboard interactive OpenSSH and PAM authentication for users in a predefined group. [6]
$ ansible-galaxy install escapace.duo_unix| Variable | Default | Description |
|---|---|---|
duo_unix_duo_ikey |
Duo Security integration key | |
duo_unix_duo_skey |
Duo Security secret key | |
duo_unix_duo_host |
Duo Security API hostname | |
duo_unix_groups |
Comma-separated list of groups | |
duo_unix_duo_pushinfo |
no |
Include information in the Duo Push message |
duo_unix_duo_failmode |
secure |
fail “safe” (allow access) or “secure” (deny access) |
duo_unix_duo_prompts |
3 |
Maximum number of prompts before denying access |
duo_unix_autopush |
no |
automatically send a push login request |
Ansible role for the extra packages for enterprise linux repository. [7]
$ ansible-galaxy install escapace.epel| Variable | Default | Description |
|---|---|---|
epel_url |
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm |
epel-release package url |
Ansible role for ferm [8] iptables manager. Includes sensible systemctl defaults and implementation of the recommendations for filtering ICMPv6 messages (RFC4890) [9]
$ ansible-galaxy install escapace.ferm| Variable | Default | Description |
|---|---|---|
ferm_ipv4_forwarding |
true |
Enable IPv4 forwarding |
ferm_ipv6_forwarding |
true |
Enable IPv6 forwarding |
ferm_ipv6_accept_ra |
false |
Accept router advertisements |
Log file automatic rotation, compression and removal.
$ ansible-galaxy install escapace.logrotateA declarative LVM partitioner solution. The partition layout is described in a declarative manner which is then processed on startup by the storage setup service effectively reconciling the configuration state with the actual partitioning layout.
$ ansible-galaxy install escapace.lvm| Variable | Default | Description |
|---|---|---|
lvm_volume_group_name |
default |
Volume group name |
lvm_physical_device |
Physical device such as /dev/xvdb |
Ansible role for the chrony [10] network time protocol daemon.
$ ansible-galaxy install escapace.ntp| Variable | Default | Description |
|---|---|---|
ntp_server_options |
iburst |
Server options |
ntp_stratumweight |
0.001 |
How important is stratum when selecting source |
Ansible role for the escapace’s software repository. [11,12]
$ ansible-galaxy install escapace.packagecloudAnsible role for OpenSSH configuration implementing Mozilla’s OpenSSH security guidelines [13] and support for optional keyboard interactive authentication.
$ ansible-galaxy install escapace.ssh| Variable | Default | Description |
|---|---|---|
ssh_keyboard_interactive_group |
kbd-interactive |
OpenSSH keyboard interactive group |
Ansible role implementing sensible sudo defaults.
$ ansible-galaxy install escapace.sudoAnsible role for Hurricane Electric’s IPv6 tunnel broker.
$ ansible-galaxy install escapace.tunnelbroker| Variable | Default | Description |
|---|---|---|
tunnelbroker_interface |
sit1 |
Network interface name |
tunnelbroker_defaultgw |
true |
Route all IPv6 traffic through tunnel broker |
tunnelbroker_client_ipv6 |
Client IPv6 addresss with the mask | |
tunnelbroker_client_ipv6 |
Server IPv4 address | |
tunnelbroker_server_ipv6 |
Server IPv6 address (without the mask) |
Ansible role implementing unnatended security update policy.
$ ansible-galaxy install escapace.unattended-upgrades| Variable | Default | Description |
|---|---|---|
unattended_upgrades_yum_update_cmd |
security |
Update kind (default, security, security-severity:critical, minimal, minimal-security, minimal-security-severity:critical) |
Ansible role for Oracle VM VirtualBox hypervisor.
$ ansible-galaxy install escapace.virtualbox| Variable | Default | Description |
|---|---|---|
virtualbox_version |
5.2 |
VirtualBox version |
This software is released under the terms of the Apache-2.0 license.
This software includes or is derivative of works listed below. Please refer to the specific files and/or packages for more detailed information about the authors, copyright notices, and licenses.
- mantl Copyright © 2015 Cisco Systems, Inc.