- A simple Ansible role that checks and ensures that non-essential packages are removed from a new Debian server installation.
- To review the list of packages that will be removed (if applicable), check the
main.yml
file in the tasks directory.
- To review the list of packages that will be removed (if applicable), check the
- Debian host(s) that the playbook will be run against.
ansible-vault
- [optional] - can be used in theminimal_debian.yaml
playbook to encrypt and store sensitive data "at rest".- In this use case, the
ansible_sudo_password
variable, which is used as the privilege escalation password, is stored in a vault. - Once the secret has been created and added to the playbook, in order for a user be able to become
sudo
to run the playbook, they will need to decrypt the vault to access the variable. - This can be achieved by passing one of the following flags listed below when executing the the playbook;
--ask-vault-pass
--vault-password-file
- Below is a demonstration of how the encrypted variable is defined in the playbook;
- In this use case, the
---
# playbook for the minimal_debian role.
- hosts: all
vars_files:
- become-secret
become: true
roles:
- minimal_debian
- For more information on how to create encrypted variables, please review the official
ansible
documentation.
- Tested on;
debian-10
# clone the repository
$ git clone git@github.com:hubvu/minimal-debian-ansible.git
# navigate into the directory
$ cd minimal-debian-ansible/
# run the master playbook `site.yaml` with verbosity
# for non Ansible Vault users
$ ansible-playbook site.yaml \
--inventory-file=hosts \
--ask-become-pass \
--verbose
# run the master playbook `site.yaml` with verbosity
# for Ansible Vault users
$ ansible-playbook site.yaml \
--inventory-file=hosts \
--ask-vault-pass \
--verbose
- Contribution guidelines for this project can be found in the Contributing document.
- Licenced under the MIT License.