preseed file per server.

Parameters

~~~~~~~~~~

**ansible_key** (string, mandatory)

  SSH public key that should be deployed to authorized_keys truststore for

  operating system user ``root``. This is necessary for the bootstrap process

  to work since Debian does not allow password-based logins for root.

**preseed_country** (string, optional, ``SE``)

  Country.

**preseed_directory** (string, mandatory)

  Destination directory where the preseed files should be stored.

  .. warning::

     Do not name this directory ``preseed`` if it lies on a path where Ansible

     would normally look-up the roles (it will conflict with the role name).

**preseed_dns** (string, mandatory if **preseed_network_auto** is ``no``)

  Comma-separated list of DNS servers.

**preseed_domain** (string, mandatory if **preseed_network_auto** is ``no``)

  Server domain.

**preseed_gateway** (string, mandatory if **preseed_network_auto** is ``no``)

  Default gateway for the server.

**preseed_hostname** (string, mandatory if **preseed_network_auto** is ``no``)

  Server hostname.

**preseed_ip** (string, mandatory if **preseed_network_auto** is ``no``)

  IP address for the server network interface.

**preseed_keymap** (string, optional, ``us``)

  Keymap.

**preseed_language** (string, optional, ``en``)

  Language.

**preseed_locale** (string, optional, ``en_US.UTF-8``)

  Locale.

**preseed_mirror_directory** (string, optional, ``/debian``)

  Directory under which the Debian apt repositories can be found on the

  specified mirror.

**preseed_mirror_hostname** (string, optional, ``ftp.se.debian.org``)

  Resolvable hostname of FQDN where the Debian apt repositories can be

  found. Only HTTP mirrors are supported.

**preseed_mirror_proxy** (string, optional, ``None``)

  An HTTP proxy that should be used for accessing the Debian apt

  repositories.

**preseed_netmask** (string, mandatory if **preseed_network_auto** is ``no``)

  Netmask for the server network interface.

**preseed_network_auto** (boolean, optional, ``yes``)

  Specifies whether the network configuration should be automatic (using DHCP)

  or manual. If manual configuration is selected a number of additional options

  needs to be specified: ``preseed_hostname``, ``preseed_domain``,

  ``preseed_ip``, ``preseed_netmask``, ``preseed_gateway``,

  ``preseed_dns``. For some of these values you may want to use per-server

  overrides - see parameter ``preseed_server_overrides``.

**preseed_network_interface** (string, optional, ``eth0``)

  Name of network interface (for example ``eth0``, ``eth1`` etc) that should be

  configured.

**preseed_root_password** (string, optional, ``root``)

  Initial password that should be set for the server during the installation.

**preseed_server_overrides** (string, optional, ``{}``)

  A dictionary consisting out of one or more entries where individual values for

  preseed files can be overridden per-server. Each entry's key should be the

  name of the server, as specified in the inventory. Each value should also be a

  dictionary, where valid keys are: ``country``, ``dns``, ``domain``,

  ``gateway``, ``hostname``, ``ip``, ``keymap``, ``language``, ``locale``,

  ``mirror_directory``, ``mirror_hostname``, ``mirror_proxy``, ``netmask``,

  ``network_auto``, ``network_interface``, ``root_password``,

  ``timezone``. These have the same meaning as their ``preseed_`` counterparts.

**preseed_timezone** (string, optional, ``Europe/Stockholm``)

  Timezone that should be used when calculating server time. It is assumed that

  the local hardware clock is set to UTC.

Distribution compatibility

~~~~~~~~~~~~~~~~~~~~~~~~~~

Role is compatible with the following distributions:

- Debian 11 (Bullseye)

Examples

~~~~~~~~

Here is an example configuration for a preseed file that sets some global

defaults to be used for all servers, and then overrides it for one server:

.. code-block:: yaml

  ---

  ansible_key: {{ lookup('file', '~/.ssh/id_rsa.pub') }}

  preseed_country: UK

  preseed_directory: /var/www/preseed

  preseed_keymap: UK

  preseed_language: en

  preseed_locale: en_UK.UTF-8

  preseed_mirror_directory: /debian

  preseed_mirror_hostname: ftp.uk.debian.org

  preseed_mirror_proxy: ""

  preseed_network_auto: yes

  preseed_network_interface: eth0

  preseed_root_password: secret

  preseed_timezone: Europe/London

  preseed_server_overrides:

    ldap.example.com:

      network_auto: no

      hostname: ldap

      domain: example.com

      ip: 192.168.1.20

      netmask: 255.255.255.0

      gateway: 192.168.1.1

      dns: 192.168.1.1,192.168.1.2

      timezone: Europe/Stockholm

Bootstrap

---------

The ``bootstrap`` role can be used for bootstraping a new server with

Ansible. In order to apply this role to a server, all that is necessary is root

access to the server (either via SSH or locally).

The role implements the following:

* Installs sudo package.

* Creates operating system user and group for Ansible (``ansible``).

* Sets-up an authorized_key for operating system user ``ansible`` (for remote

  SSH access).

* Configures sudo to allow operating system user ``ansible`` to run sudo

  commands without password authentication.

* Removes the Ansible user's key from the list of authorized keys for user root

  at the end of bootstrap process. This key was necessary only for the bootstrap

  process.

Parameters

~~~~~~~~~~

**ansible_key** (string, mandatory)

  SSH public key that should be deployed to authorized_keys truststore for

  operating system user ``ansible``.

Distribution compatibility

~~~~~~~~~~~~~~~~~~~~~~~~~~

Role is compatible with the following distributions:

- Debian 11 (Bullseye)

- Debian 12 (Bookworm)

Examples

~~~~~~~~

Since the role is meant to be used just after the server has been installed, and

using the ``root`` account, it is probably going to be invoked from a separate

playbook.

For example, a playbook (``bootstrap.yml``) could look something similar to:

.. code-block:: yaml

  ---

  - hosts: "{{ server }}"

    remote_user: root

    roles:

      - bootstrap

    vars:

      ansible_key: "{{ lookup('file', 'authorized_keys/ansible.pub') }}"

With such a playbook in place, it would be invoked with::

---

galaxy_info:

  author: Branko Majic

  description: Generates preseed files for Debian

  license: BSD

  min_ansible_version: 2.9

  platforms:

    - name: Debian

      versions:

        - 11

---

ansible_key: MY_ANSIBLE_KEY

preseed_directory: "/tmp/preseed_files/"

preseed_server_overrides:

  parameters-optional-with-overrides-bullseye:

    country: RS

    dns: 1.1.1.1

    domain: example.com

    gateway: 2.2.2.2

    hostname: testing

    ip: 3.3.3.3

    keymap: sv

    language: sr

    locale: en_UK.UTF-8

    mirror_directory: /

    mirror_hostname: ftp.de.debian.org

    mirror_proxy: http://proxy.local

    netmask: 255.255.0.0

    network_auto: false

    network_interface: eth1

    root_password: myrootpassword

    timezone: Europe/Belgrade

---

dependency: {}

driver:

  name: vagrant

  provider:

    name: virtualbox

lint:

  name: yamllint

  options:

    config-file: ../../.yamllint.yml

platforms:

  - name: parameters-mandatory-bullseye

    groups:

      - parameters-mandatory

    box: debian/bullseye64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

  - name: parameters-optional-bullseye

    groups:

      - parameters-optional

    box: debian/bullseye64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

  - name: parameters-optional-with-overrides-bullseye

    groups:

      - parameters-optional-with-overrides

    box: debian/bullseye64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

provisioner:

  name: ansible

  config_options:

    defaults:

      force_valid_group_names: "ignore"

      interpreter_python: "/usr/bin/python3"

    ssh_connection:

      pipelining: "True"

  lint:

    name: ansible-lint

scenario:

  name: default

verifier:

  name: testinfra

  lint:

    name: flake8