Basic setup for Ubuntu 20.04/Debian 11
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Karthic Kumaran 51975823e4
add oci-instance-3
9 months ago
bin add local script 11 months ago
inventory add local script 11 months ago
roles disable snapd only on ubuntu 11 months ago
ssh add oci-instance-3 9 months ago
.gitignore add oci-instance-3 9 months ago
LICENSE fail2ban ssh jail 1 year ago
README.md Update README.md 10 months ago
site.yml disable snapd only on ubuntu 11 months ago

README.md

Ansible — Basic Setup for Ubuntu 20.04/Debian 11

The Ansible playbook in this repository performs the following tasks,

  1. Update apt repositories
  2. Install and configure fail2ban for SSH
  3. Install daily rootkit detection scripts using chkrootkit and rkhunter
  4. Install and configure swap space equal to total memory
  5. Disable snapd on Ubuntu for lower memory consumption
  6. Install weekly script to update and reboot the system

Code Mirrors

Local Instance

Configuration

The file roles/swap/vars/main.yml contains the following variables that you can change,

  1. swap_file_path: File path for the swapfile. (Default: /swapfile.swap)
  2. swap_swappiness: Kernel parameter to change how often it will use swap. (Default: 60)

Deployment

Run the playbook using the following command,

$ ./bin/apply_local.sh

Oracle Cloud Instance

Assumption: The instance runs in Oracle Cloud using either of the scripts below,

Requirements

Install the following before running the playbook,

$ pip install oci
$ ansible-galaxy collection install oracle.oci

Dynamic Inventory

The Oracle Ansible Inventory Plugin populates public Ubuntu instances.

All target Ubuntu instances must have the freeform tag os: ubuntu.

Configuration

  1. Update inventory/oracle.oci.yml,
    1. Specify the region where you have deployed your server on Oracle Cloud. List of regions are at docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm.
    2. Configure the authentication as per the Oracle Guide
  2. Set username and ssh authentication in inventory/group_vars/

To use more than a single SSH keypair (with passphrases), use ssh-agent to store them.

Run the following command to start ssh-agent,

$ eval "$(ssh-agent -s)"

Add each keypair using the following command,

$ ssh-add <path to keypair>

Swap

The file roles/swap/vars/main.yml contains the following variables that you can change,

  1. swap_file_path: File path for the swapfile. (Default: /swapfile.swap)
  2. swap_swappiness: Kernel parameter to change how often it will use swap. (Default: 60)

Deployment

Run the playbook using the following command,

$ ./bin/apply.sh

Encryption

Encrypt sensitive files (SSH private keys) before saving them. .gitignore must contain the unencrypted file paths.

Use the following command to decrypt the files after cloning the repository,

$ ./bin/decrypt.sh

Use the following command after running terraform to update the encrypted files,

$ ./bin/encrypt.sh <gpg key id>