Category Archives: Ansible

ansible-role-auto-upgrade – An Ansible role that automates upgrading Linux operating systems

Reply

The auto-upgrade Ansible role automates regular upgrades of supported operating systems:

  • Debian-based systems (e.g., Ubuntu, Debian, Linux Mint). This role provides a simpler alternative to unattended-upgrades for applying system updates.

(In future versions, Arch Linux and Gentoo will also be supported.)

License

Copyright (c) 2025 James Cherti.

Distributed under terms of the MIT license.

Do you like ansible-role-auto-upgrade?

Please star ansible-role-auto-upgrade on GitHub.

Links

ansible-role-reniced – An Ansible role that configures reniced on Debian and Ubuntu based operating systems

Reply

The ansible-role-reniced Ansible role configures reniced on Debian and Ubuntu based operating systems.

Customizations

When reniced_conf is defined, it is used as the configuration content.

Include the role using:

- name: Import role reniced
  when: ansible_os_family == "Debian"
  ansible.builtin.import_role:
    name: reniced

Variables:

reniced_conf: |
  # high prio network services
  0 ^apache
  0 ^nfsd
  0 ^ntpd
  0 ^openvpn
  0 ^portmap
  0 ^ppp
  0 ^rpc.
  0 ^sshd

  # medium prio network services
  5 ^inn$
  5 ^mysqld

  # low prio network services
  15i ^amavisd-new
  15i ^clamd
  15 ^controlchan
  15 ^exim4
  15 ^freshclam
  15 ^innwatch
  12 ^mailman
  15 ^rc.news
  15i ^spamd

  # long running user processes (screen)
  3 ^irssi

  # test OOM settings
  o1 bash

Author and license

Copyright (C) 2024-2025 James Cherti.

Distributed under terms of the MIT license.

Links

ansible-role-apt – An Ansible role that manages the APT configuration and updates the /etc/apt/sources.list for Debian and Ubuntu systems

Reply

The ansible-role-apt Ansible role manages the APT configuration and updates the /etc/apt/sources.list for Debian and Ubuntu systems.

Role variables

Important variables:

VariableDescriptionDefault
apt_debian_communityEnables community repositories (Debian contrib and main, or Ubuntu universe)true
apt_debian_nonfreeEnables non-free repositories (Debian non-free, non-free-firmware, or Ubuntu multiverse)true
apt_debian_backportsEnables the backports repository on Debian (no effect on Ubuntu systems)false
apt_deb_srcEnables source package repositories (deb-src entries)false

Other variables:

VariableDescriptionDefault
apt_mirror_url_debianDebian mirror URL"http://deb.debian.org/debian"
apt_mirror_url_debian_securityDebian security mirror URL"http://deb.debian.org/debian-security"
apt_mirror_url_ubuntuUbuntu mirror URL"http://archive.ubuntu.com/ubuntu"

Links

Ansible: ansible-role-tuned, an Ansible role which configures tuned

Reply

License

The ansible-role-tuned Ansible playbook manages the installation, configuration, and activation of the tuned service.

Tuned is a dynamic adaptive system tuning tool used in Linux environments to optimize performance by adjusting various system settings dynamically. It provides pre-defined profiles that target specific use cases, such as high throughput, low latency, and energy saving, and automatically applies these configurations based on system activity.

For high traffic servers, using Tuned is beneficial as it can enhance network throughput and responsiveness by adjusting parameters like CPU frequency scaling, I/O scheduling, and network stack settings. This optimization results in improved server performance, reduced latency, and better handling of high loads, ultimately leading to a more efficient and reliable infrastructure for handling significant network traffic.

Features

  • Install tuned and configure it using the Ansible variables: tuned_daemon, tuned_dynamic_tuning, tuned_sleep_interval, tuned_update_interval, and tuned_recommend_command.
  • Activate the specified tuned profile using the tuned_profile variable. (When the tuned_profile is not set, the role installs only tuned.)
  • Supports Debian/Ubuntu and RedHat family based operating systems.

Usage

Example Playbook

Here is an example of how to use ansible-role-tuned after installing it in the roles/tuned directory:

- hosts: SERVER
  roles:
    - {role: tuned,
       tuned_profile: "throughput-performance"}

Author and license

Copyright (C) 2020-2025 James Cherti.

Distributed under terms of the MIT license.

Links

Ansible: Installing and configuring Gitolite using Ansible for secure Git repository management

Reply

License

The ansible-role-gitolite Ansible role automates the installation and configuration of Gitolite, a Git repository management system. It facilitates the setup of Gitolite on remote servers, including user access control and repository creation, ensuring a consistent and reproducible deployment.

Requirements

  • Operating system: Debian-based (e.g., Ubuntu, Mint), RedHat-based (e.g., CentOS, Fedora), or Arch Linux

Author and License

Copyright (C) 2024-2025 James Cherti.

Distributed under terms of the MIT license.

Links

Ansible: Reintegrating /etc/rc.local in Linux systems that use Systemd as their init system

Reply

For years, /etc/rc.local has been a staple in Linux administration, providing a straightforward means to execute scripts or commands automatically upon system startup. However, with the transition to newer init systems like systemd, the /etc/rc.local script is no longer executed at boot time.

Ansible tasks that restore the /etc/rc.local script

The following Ansible tasks will create and configure /etc/rc.local and also ensure its execution by Systemd at boot time.

---
# Description: Reintegrate /etc/rc.local in Linux systems that use Systemd 
#              as their init system.
# Author: James Cherti
# License: MIT
# URL: https://www.jamescherti.com/ansible-config-etc-rc-local-linux-systemd/

- name: Check if /etc/rc.local exists
  stat:
    path: "/etc/rc.local"
  register: etc_rc_local_file

- name: Create the file /etc/rc.local should it not already exist
  copy:
    dest: /etc/rc.local
    owner: root
    group: root
    mode: 0750
    content: |
      #!/usr/bin/env bash
  when: not etc_rc_local_file.stat.exists

- name: Create the systemd service rc-local.service
  register: rc_local
  copy:
    dest: /etc/systemd/system/rc-local.service
    owner: root
    group: root
    mode: 0644
    content: |
      [Unit]
      Description=/etc/rc.local compatibility

      [Service]
      Type=oneshot
      ExecStart=/etc/rc.local
      TimeoutSec=0
      RemainAfterExit=yes
      SysVStartPriority=99

      [Install]
      WantedBy=multi-user.target

- name: Reload systemd daemon
  systemd:
    daemon_reload: yes
  when: rc_local.changed|bool

- name: Enable rc-local.service
  systemd:
    name: rc-local
    enabled: true
Code language: YAML (yaml)