This is an automated process to rapidly configure Linux hosts - this is the Remote Host Version. There are two versions, each with their own git branch. Make sure you download the correct one:
- Remote: for configuring a host from a separate control computer. ex: configure a notebook from your desktop.
- Local: for configuring a host directly. ex: configure a notebook directly from that notebook.
This process supports across a variety of device types, including: notebooks, desktops, servers, cloud hosts, and embedded devices. The initial release supports the configuration of Ubuntu-based hosts, with Redhat/Centos and Windows support planned.
This is implemented using a free, open-source utility called Ansible which runs on Windows, Mac and Linux. Use of this process does not require previous knowledge of Ansible.
The requirements are minimal:
- The "remote-host" to be configured (referred to as "target host" below)
- SSH server installed and running (instructions below)
- A user account that allows SSH access and sudo capabilities
- A second computer to use as the "control computer"
- If you want to configure it directly, switch to the "local" branch of this repo.
- Ansible and the repo files are installed on the "control computer"
- Ansible version 2.4.0.0 or later is required.
Ensure SSH is installed on target (if required)
- If you're installing Linux on a local machine or notebook, you may need to install it.
- Typing the following command into the terminal on the target will install it:
sudo apt-get install openssh-server
- Typing the following command into the terminal on the target will install it:
- On cloud instances/VMs, SSH is installed & running by default.
Install Ansible on the main computer
Install Ansible via pip, package manager, or git
- If you have Python and pip installed you can type
pip install ansible
- on linux, type
sudo apt-get install ansible
- on a mac with brew installed, type
brew install ansible
Clone this repo to your main computer
Create a directory, download the repo into it and cd
to it with the following commands:
mkdir host-config
git clone https://github.com/robertpeteuil/auto-host-config host-config
cd host-config
Note: you can replace host-config
with a different folder-name, just make sure to use the same name in all three commands.
Rename example Inventory & Config files Create copies of the inventory and configuration files without the ".example" suffix
- The included script does this for you:
./rename-examples.sh
- The files can also be copied or renamed manually
Adjust "inventory" file
Open the inventory
file with your editor
- replace
hostname.local
with the IP address or hostname of the target host - if the username on the target host is different than your main computer
- add the parameter
ansible_user=username
after the target hostname / IP address - change
username
to match the username for the target host
- add the parameter
Adjust settings in "config.yml"
open the config.yml
file with your editor.
ssh_pub_key_path
specifies the public ssh-key that can be added as an authorized_user on the target host, review, edit, change or delete as necessary- you can disable this by commenting-out or deleting the line
- Review and adjust options for
reboot_after_fixes
,set_pwless_sudo
andssh_disable_pw_logon
to your liking- By default, all options except
reboot_after_fixes
are set to False
- By default, all options except
- Any of the package lists below may be commented out as necessary
- System package lists:
install_packages
- specifies packages to install via the package managerremove_packages
- specifies packages to remove
- Python package lists
python_upgrade_user
- libraries to upgrade to the latest version in the user directorypython_install_user
- libraries to install in the user context directorypython_install_sys
- libraries to install for the entire systempython_upgrade_sys
- libraries to upgrade to the latest version for the entire system
Select and run a playbook to configure target host(s)
- Run the primary playbook (you will be prompted for the password):
./main.yml
- Run an alternate playbook if you have certificate-authentication and passwordless sudo configured (this runs without a password prompt):
./main-sudo.yml
- Run a playbook that applies only the notebook and mac related hardware fixes (you will be prompted for a password):
./mac-fixes-only.yml
Playbooks
main.yml
- the primary method of execution. It prompts for the target host password and executes all three roles (described below).main-sudo.yml
- this is only for users who have configured the host for Ansible use (by running main.yml with ssh_pub_key_path pointing to their SSH certificate, and set_pwless_sudo set to True).mac-fixes-only.yml
- for users who only want to apply the hardware adjustments for Linux on a notebook or Mac.
Roles
config-linux-hw
: current HW adjustments are for linux installs on notebooks and macsconfig-linux-base
: installs/removes apt packages and installs/updates python modulesconfig-linux-sys
: configure SSH security, enable no-spoof, install fail2ban and (optionally) set user account for Ansible use
Settings
- The host inventory file is the file named
inventory
- Configuration settings are consolidated in the file
config.yml
- Settings also exist in the default folder for each role
- Advanced Ansible users can use settings files within each role by removing the
vars_files
section from each playbooks
- Advanced Ansible users can use settings files within each role by removing the
This playbook includes the mountopts module by Uberspace in the library directory. It's only used if the target computer is a notebook and the primary drive is an SSD.