Default variables¶
Sections
Preseed server configuration¶
-
preseed__subdomain
¶
Name of the subdomain which will be used to serve Preseed files.
preseed__subdomain: 'seed'
-
preseed__base_domain
¶
Full base domain on which the Preseed files are located, required for download of postinst scripts.
preseed__base_domain: '{{ preseed__subdomain + "." + ansible_domain }}'
-
preseed__domains
¶
A set of domains configured in nginx which server Preseed files. First element of the list should be a "normal" domain, the rest are regular expressions which look up correct subdirectories to serve files.
preseed__domains:
- '{{ preseed__base_domain }}'
- '{{ preseed__base_domain | split(".") | first }}'
- '{{ "~^(?<preseed>.+)\." + preseed__base_domain | replace(".","\.") + "$" }}'
- '{{ "~^(?<preseed>.+)\." + ansible_domain | replace(".","\.") + "$" }}'
- '{{ "~^(?<preseed>.+)\." + preseed__subdomain | replace(".","\.") + "$" }}'
- '{{ "~^(?<preseed>.+)$" }}'
-
preseed__www
¶
Path to main directory where Preseed files are served from.
preseed__www: '{{ ansible_local.nginx.www|d("/srv/www") + "/preseed/configs" }}'
-
preseed__www_webserver
¶
Path to "current" Preseed root directory, configured in the webserver
preseed__www_webserver: '{{ preseed__www + "/$preseed" }}'
-
preseed__nginx_auth_realm
¶
Text displayed in the web browser login dialog when debops.nginx access policy is enabled.
preseed__nginx_auth_realm: 'Preseed access is restricted'
-
preseed__nginx_access_policy
¶
Name of the nginx access policy to configure for Preseed server. See debops.nginx role for more details.
preseed__nginx_access_policy: ''
-
preseed__user
¶
System user account which owns the Preseed files.
preseed__user: 'preseed'
-
preseed__group
¶
System group which owns the Preseed files.
preseed__group: 'preseed'
-
preseed__home
¶
Home directory of the Pressed user account.
preseed__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + preseed__user }}'
Default Preseed list¶
-
preseed__distribution
¶
Linux distribution configured by default for preseeding
preseed__distribution: '{{ ansible_distribution }}'
-
preseed__release
¶
Linux distribution release configured by default for preseeding
preseed__release: '{{ ansible_distribution_release }}'
-
preseed__configs
¶
List of Preseed definitions. See preseed__configs for more details.
preseed__configs:
# Debian - default configuration which will ask the user for disk
# configuration during installation.
- name: 'debian'
type: 'debian'
release: 'wheezy'
- name: 'debian'
type: 'debian'
release: 'jessie'
# Automated Debian configuration which will format the first disk as a ``/``
# (system) partition. Useful for virtual machines, but nothing else. Use at
# your own risk.
- name: 'debian-vm'
type: 'debian-destroy'
release: 'wheezy'
- name: 'debian-vm'
type: 'debian-destroy'
release: 'jessie'
Administrator account options¶
-
preseed__admin
¶
Enable or disable creation of an administrator account using a
postinst.sh
script.
preseed__admin: True
-
preseed__admin_system
¶
If enabled, administrator account will be created as a "system" account (UID < 1000, usually ~104). If disabled (default), administrator account will be a regular user account (UID >= 1000).
preseed__admin_system: True
-
preseed__admin_name
¶
Name of the administrator account. By default the same as the user that runs Ansible, taken from Ansible Controller.
preseed__admin_name: '{{ (ansible_ssh_user
if (ansible_ssh_user|d() and
ansible_ssh_user != "root")
else lookup("env","USER")) }}'
-
preseed__admin_groups
¶
Default system groups to add the administrator account to. They will be created if not present.
preseed__admin_groups: [ 'admins', 'staff', 'adm' ]
-
preseed__admin_home
¶
Home directory of the administrator account, when it's a regular user account.
preseed__admin_home: '{{ "/home/" + preseed__admin_name }}'
-
preseed__admin_system_home
¶
Home directory of the administrator account, when it's a system account.
preseed__admin_system_home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + preseed__admin_name }}'
-
preseed__admin_home_group
¶
Specify administrator account home directory group
preseed__admin_home_group: '{{ preseed__admin_groups[0] }}'
-
preseed__admin_home_mode
¶
Specify permissions for administrator account home directory
preseed__admin_home_mode: '0750'
-
preseed__admin_comment
¶
A contents of the GECOS field of the administrator account.
preseed__admin_comment: "System Administrator"
-
preseed__admin_shell
¶
Shell set by default on administrator account.
preseed__admin_shell: '/bin/bash'
-
preseed__sudo
¶
If enabled, specified admin group will be configured in sudo to allow
access to root
account without password.
preseed__sudo: True
-
preseed__sudo_group
¶
Name of the system group which will be configured with passwordless sudo
access. By default it's the first group set in preseed__admin_groups
.
preseed__sudo_group: '{{ preseed__admin_groups[0] }}'
-
preseed__admin_sshkeys
¶
List of SSH public keys installed on administrator account, as well as the
root
account.
preseed__admin_sshkeys: [ '{{ lookup("pipe", "ssh-add -L | grep ^\\\(sk-\\\)\\\?ssh || cat ~/.ssh/id_rsa.pub || true") }}' ]
Debian Preseed configuration¶
This is a non-exhaustive list of parameters that can be used to configure
Debian Preseed provided with the role. More parameters can be found inside
the preseed.cfg
as well as the postinst.sh
script.
-
preseed__debian_locale
¶
Default locale configuration enabled during installation.
preseed__debian_locale: 'en_US.UTF-8'
-
preseed__debian_keyboard_keymap
¶
Keyboard layout enabled during installation. The current keymap layout can be looked up via setxkbmap -query.
preseed__debian_keyboard_keymap: 'en'
-
preseed__debian_language
¶
Default interface language enabled during installation.
preseed__debian_language: 'English'
-
preseed__debian_timezone
¶
Time zone configured on the host during installation.
preseed__debian_timezone: 'Etc/UTC'
-
preseed__debian_ntp_server
¶
NTP server to get the time from when installing. If False, the default will not be changed.
preseed__debian_ntp_server: False
-
preseed__debian_mirror_hostname
¶
Address of HTTP mirror used during installation.
preseed__debian_mirror_hostname: 'httpredir.debian.org'
-
preseed__debian_mirror_directory
¶
Subdirectory on the HTTP mirror which holds the Debian repository.
preseed__debian_mirror_directory: '/debian'
-
preseed__debian_mirror_proxy
¶
Proxy server to use for APT. Be careful when you set because of a bug which causes this proxy to be used for all programs and not just apt as one might expect. The default scripts use a workaround to still allow the apt proxy preseeding.
preseed__debian_mirror_proxy: ''
-
preseed__debian_packages
¶
List of base Debian packages to install on the new host
preseed__debian_packages: [ 'ed', 'lsb-release', 'wget',
'make', 'sudo', 'gnupg-curl', 'git',
'curl', 'rsync', 'netcat-openbsd', 'vlan',
'bridge-utils', 'openssh-server', 'bsdutils',
'acl', 'apt-transport-https', 'resolvconf' ]
-
preseed__debian_root_password_length
¶
Length of the root
account password generated by Ansible
preseed__debian_root_password_length: '32'
-
preseed__debian_root_password
¶
Encrypted random root
password generated by Ansible and saved in
secret/
directory. See debops.secret role for more details.
preseed__debian_root_password: "{{ lookup('password', secret + '/credentials/' + inventory_hostname +
'/preseed/debian/root/password encrypt=sha512_crypt length=' +
preseed__debian_root_password_length) }}"
-
preseed__debian_ask_for_additional_install_media
¶
Should the installer when configuring APT ask for additional installation media? This seems to be only relevant when not installing from network/PXE.
preseed__debian_ask_for_additional_install_media: False
Debian Preseed GRUB configuration¶
-
preseed__grub_preseed
¶
Should GRUB be configured by this role?
If set to False
, all following options in the preseed__grub_
namespace will not have any effect.
preseed__grub_preseed: True
-
preseed__grub_timeout
¶
GRUB timeout for devices. debops.grub can be used to set different timeout values for phyisical and virtual machines.
preseed__grub_timeout: 1
-
preseed__grub_kernel_options
¶
Kernel options.
preseed__grub_kernel_options:
## Linux I/O Scheduler
- 'elevator=noop'
- 'cgroup_enable=memory'
- 'swapaccount=1'
SaltStack options¶
-
preseed__salt
¶
Enable SaltStack support, salt-minion
will be installed on the host and
started at boot.
preseed__salt: False
-
preseed__salt_packages
¶
List of packages to install for Salt.
preseed__salt_packages: [ 'salt-minion' ]
-
preseed__salt_apt_key_url
¶
SaltStack Debian repository GPG key.
preseed__salt_apt_key_url: 'http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key'
-
preseed__salt_upstream_repository
¶
SaltStack Debian APT repository.
preseed__salt_upstream_repository: 'deb http://debian.saltstack.com/debian {{ ansible_distribution_release.split("/")[0] }}-saltstack main'
-
preseed__salt_options
¶
Additional options for Salt defined as a text block; they will be added to
the /etc/salt/minion.d/ansible.conf
file.
preseed__salt_options: ''
Role-dependent configuration¶
-
preseed__nginx__server_location
¶
nginx server locations managed by the debops.nginx role.
preseed__nginx__server_location:
'/': |
try_files $uri $uri/ $uri.html /index.html =404;
autoindex on;
types {
text/plain cfg sh;
}
'~ /d-i/': |
index index.html index.htm preseed.cfg ;
try_files $uri $uri/ $uri.html /index.html =404;
autoindex on;
types {
text/plain cfg sh;
}
-
preseed__nginx__server_http
¶
HTTP nginx server configurations managed by the debops.nginx role.
preseed__nginx__server_http:
by_role: 'debops.preseed'
enabled: True
ssl: False
filename: '{{ preseed__domains[0] + "_http" }}'
name: '{{ preseed__domains }}'
root: '{{ preseed__www_webserver }}'
webroot_create: False
access_policy: '{{ preseed__nginx_access_policy }}'
auth_basic_realm: '{{ preseed__nginx_auth_realm }}'
location: '{{ preseed__nginx__server_location }}'
-
preseed__nginx__server_https
¶
HTTPS nginx server configurations managed by the debops.nginx role.
preseed__nginx__server_https:
by_role: 'debops.preseed'
enabled: True
listen: False
filename: '{{ preseed__domains[0] + "_https" }}'
name: '{{ preseed__domains }}'
root: '{{ preseed__www_webserver }}'
webroot_create: False
state: '{{ "present"
if (ansible_local|d() and ansible_local.pki|d() and
(ansible_local.pki.enabled|d())|bool)
else "absent" }}'
access_policy: '{{ preseed__nginx_access_policy }}'
auth_basic_realm: '{{ preseed__nginx_auth_realm }}'
location: '{{ preseed__nginx__server_location }}'
-
preseed__nginx__servers
¶
List of nginx server configurations managed by the debops.nginx role.
preseed__nginx__servers:
- '{{ preseed__nginx__server_http }}'
- '{{ preseed__nginx__server_https }}'
Configuration for other Ansible roles¶
-
preseed__python__dependent_packages3
¶
Configuration for the debops.python Ansible role.
preseed__python__dependent_packages3:
- 'python3'
- 'python3-apt'
- 'python3-pycurl'
- 'python3-httplib2'
-
preseed__python__dependent_packages2
¶
Configuration for the debops.python Ansible role.
preseed__python__dependent_packages2:
- 'python'
- 'python-apt'
- 'python-pycurl'
- 'python-httplib2'