Default variables

Sections

Preseed server configuration
Default Preseed list
Administrator account options
Debian Preseed configuration
Debian Preseed GRUB configuration
SaltStack options
Role-dependent configuration
- Configuration for other Ansible roles

Preseed server configuration 

preseed__subdomain

Name of the subdomain which will be used to serve Preseed files.

preseed__subdomain: 'seed'

preseed__base_domain

Full base domain on which the Preseed files are located, required for download of postinst scripts.

preseed__base_domain: '{{ preseed__subdomain + "." + ansible_domain }}'

preseed__domains

A set of domains configured in nginx which server Preseed files. First element of the list should be a "normal" domain, the rest are regular expressions which look up correct subdirectories to serve files.

preseed__domains:
  - '{{ preseed__base_domain }}'
  - '{{ preseed__base_domain | split(".") | first }}'
  - '{{ "~^(?<preseed>.+)\." + preseed__base_domain | replace(".","\.") + "$" }}'
  - '{{ "~^(?<preseed>.+)\." + ansible_domain      | replace(".","\.") + "$" }}'
  - '{{ "~^(?<preseed>.+)\." + preseed__subdomain   | replace(".","\.") + "$" }}'
  - '{{ "~^(?<preseed>.+)$" }}'

preseed__www

Path to main directory where Preseed files are served from.

preseed__www: '{{ ansible_local.nginx.www|d("/srv/www") + "/preseed/configs" }}'

preseed__www_webserver

Path to "current" Preseed root directory, configured in the webserver

preseed__www_webserver: '{{ preseed__www + "/$preseed" }}'

preseed__nginx_auth_realm

Text displayed in the web browser login dialog when debops.nginx access policy is enabled.

preseed__nginx_auth_realm: 'Preseed access is restricted'

preseed__nginx_access_policy

Name of the nginx access policy to configure for Preseed server. See debops.nginx role for more details.

preseed__nginx_access_policy: ''

preseed__user

System user account which owns the Preseed files.

preseed__user: 'preseed'

preseed__group

System group which owns the Preseed files.

preseed__group: 'preseed'

preseed__home

Home directory of the Pressed user account.

preseed__home: '{{ (ansible_local.fhs.home | d("/var/local"))
                   + "/" + preseed__user }}'

Default Preseed list 

preseed__distribution

Linux distribution configured by default for preseeding

preseed__distribution: '{{ ansible_distribution }}'

preseed__release

Linux distribution release configured by default for preseeding

preseed__release: '{{ ansible_distribution_release }}'

preseed__configs

List of Preseed definitions. See preseed__configs for more details.

preseed__configs:

  # Debian - default configuration which will ask the user for disk
  # configuration during installation.
  - name: 'debian'
    type: 'debian'
    release: 'wheezy'

  - name: 'debian'
    type: 'debian'
    release: 'jessie'

  # Automated Debian configuration which will format the first disk as a ``/``
  # (system) partition. Useful for virtual machines, but nothing else. Use at
  # your own risk.
  - name: 'debian-vm'
    type: 'debian-destroy'
    release: 'wheezy'

  - name: 'debian-vm'
    type: 'debian-destroy'
    release: 'jessie'

Administrator account options 

preseed__admin

Enable or disable creation of an administrator account using a postinst.sh script.

preseed__admin: True

preseed__admin_system

If enabled, administrator account will be created as a "system" account (UID < 1000, usually ~104). If disabled (default), administrator account will be a regular user account (UID >= 1000).

preseed__admin_system: True

preseed__admin_name

Name of the administrator account. By default the same as the user that runs Ansible, taken from Ansible Controller.

preseed__admin_name: '{{ (ansible_ssh_user
                          if (ansible_ssh_user|d() and
                              ansible_ssh_user != "root")
                          else lookup("env","USER")) }}'

preseed__admin_groups

Default system groups to add the administrator account to. They will be created if not present.

preseed__admin_groups: [ 'admins', 'staff', 'adm' ]

preseed__admin_home

Home directory of the administrator account, when it's a regular user account.

preseed__admin_home: '{{ "/home/" + preseed__admin_name }}'

preseed__admin_system_home

Home directory of the administrator account, when it's a system account.

preseed__admin_system_home: '{{ (ansible_local.fhs.home | d("/var/local"))
                                + "/" + preseed__admin_name }}'

preseed__admin_home_group

Specify administrator account home directory group

preseed__admin_home_group: '{{ preseed__admin_groups[0] }}'

preseed__admin_home_mode

Specify permissions for administrator account home directory

preseed__admin_home_mode: '0750'

preseed__admin_comment

A contents of the GECOS field of the administrator account.

preseed__admin_comment: "System Administrator"

preseed__admin_shell

Shell set by default on administrator account.

preseed__admin_shell: '/bin/bash'

preseed__sudo

If enabled, specified admin group will be configured in sudo to allow access to root account without password.

preseed__sudo: True

preseed__sudo_group

Name of the system group which will be configured with passwordless sudo access. By default it's the first group set in preseed__admin_groups.

preseed__sudo_group: '{{ preseed__admin_groups[0] }}'

preseed__admin_sshkeys

List of SSH public keys installed on administrator account, as well as the root account.

preseed__admin_sshkeys: [ '{{ lookup("pipe", "ssh-add -L | grep ^\\\(sk-\\\)\\\?ssh || cat ~/.ssh/id_rsa.pub || true") }}' ]

Debian Preseed configuration 

This is a non-exhaustive list of parameters that can be used to configure Debian Preseed provided with the role. More parameters can be found inside the preseed.cfg as well as the postinst.sh script.

preseed__debian_locale

Default locale configuration enabled during installation.

preseed__debian_locale: 'en_US.UTF-8'

preseed__debian_keyboard_keymap

Keyboard layout enabled during installation. The current keymap layout can be looked up via setxkbmap -query.

preseed__debian_keyboard_keymap: 'en'

preseed__debian_language

Default interface language enabled during installation.

preseed__debian_language: 'English'

preseed__debian_timezone

Time zone configured on the host during installation.

preseed__debian_timezone: 'Etc/UTC'

preseed__debian_ntp_server

NTP server to get the time from when installing. If False, the default will not be changed.

preseed__debian_ntp_server: False

preseed__debian_mirror_hostname

Address of HTTP mirror used during installation.

preseed__debian_mirror_hostname: 'httpredir.debian.org'

preseed__debian_mirror_directory

Subdirectory on the HTTP mirror which holds the Debian repository.

preseed__debian_mirror_directory: '/debian'

preseed__debian_mirror_proxy

Proxy server to use for APT. Be careful when you set because of a bug which causes this proxy to be used for all programs and not just apt as one might expect. The default scripts use a workaround to still allow the apt proxy preseeding.

preseed__debian_mirror_proxy: ''

preseed__debian_packages

List of base Debian packages to install on the new host

preseed__debian_packages: [ 'ed', 'lsb-release', 'wget',
                            'make', 'sudo', 'gnupg-curl', 'git',
                            'curl', 'rsync', 'netcat-openbsd', 'vlan',
                            'bridge-utils', 'openssh-server', 'bsdutils',
                            'acl', 'apt-transport-https', 'resolvconf' ]

preseed__debian_root_password_length

Length of the root account password generated by Ansible

preseed__debian_root_password_length: '32'

preseed__debian_root_password

Encrypted random root password generated by Ansible and saved in secret/ directory. See debops.secret role for more details.

preseed__debian_root_password: "{{ lookup('password', secret + '/credentials/' + inventory_hostname +
                                  '/preseed/debian/root/password encrypt=sha512_crypt length=' +
                                  preseed__debian_root_password_length) }}"

preseed__debian_ask_for_additional_install_media

Should the installer when configuring APT ask for additional installation media? This seems to be only relevant when not installing from network/PXE.

preseed__debian_ask_for_additional_install_media: False

Debian Preseed GRUB configuration 

preseed__grub_preseed

Should GRUB be configured by this role? If set to False, all following options in the preseed__grub_ namespace will not have any effect.

preseed__grub_preseed: True

preseed__grub_timeout

GRUB timeout for devices. debops.grub can be used to set different timeout values for phyisical and virtual machines.

preseed__grub_timeout: 1

preseed__grub_kernel_options

Kernel options.

preseed__grub_kernel_options:

  ## Linux I/O Scheduler
  - 'elevator=noop'

  - 'cgroup_enable=memory'

  - 'swapaccount=1'

SaltStack options 

preseed__salt

Enable SaltStack support, salt-minion will be installed on the host and started at boot.

preseed__salt: False

preseed__salt_packages

List of packages to install for Salt.

preseed__salt_packages: [ 'salt-minion' ]

preseed__salt_apt_key_url

SaltStack Debian repository GPG key.

preseed__salt_apt_key_url: 'http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key'

preseed__salt_upstream_repository

SaltStack Debian APT repository.

preseed__salt_upstream_repository: 'deb http://debian.saltstack.com/debian {{ ansible_distribution_release.split("/")[0] }}-saltstack main'

preseed__salt_options

Additional options for Salt defined as a text block; they will be added to the /etc/salt/minion.d/ansible.conf file.

preseed__salt_options: ''

Role-dependent configuration 

preseed__nginx__server_location

nginx server locations managed by the debops.nginx role.

preseed__nginx__server_location:
  '/': |
    try_files $uri $uri/ $uri.html /index.html =404;
    autoindex on;
    types {
            text/plain cfg sh;
    }

  '~ /d-i/': |
    index index.html index.htm preseed.cfg ;
    try_files $uri $uri/ $uri.html /index.html =404;
    autoindex on;
    types {
            text/plain cfg sh;
    }

preseed__nginx__server_http

HTTP nginx server configurations managed by the debops.nginx role.

preseed__nginx__server_http:
  by_role: 'debops.preseed'
  enabled: True
  ssl: False
  filename: '{{ preseed__domains[0] + "_http" }}'
  name: '{{ preseed__domains }}'
  root: '{{ preseed__www_webserver }}'
  webroot_create: False

  access_policy: '{{ preseed__nginx_access_policy }}'
  auth_basic_realm: '{{ preseed__nginx_auth_realm }}'

  location: '{{ preseed__nginx__server_location }}'

preseed__nginx__server_https

HTTPS nginx server configurations managed by the debops.nginx role.

preseed__nginx__server_https:
  by_role: 'debops.preseed'
  enabled: True
  listen: False
  filename: '{{ preseed__domains[0] + "_https" }}'
  name: '{{ preseed__domains }}'
  root: '{{ preseed__www_webserver }}'
  webroot_create: False
  state: '{{ "present"
             if (ansible_local|d() and ansible_local.pki|d() and
                 (ansible_local.pki.enabled|d())|bool)
             else "absent" }}'

  access_policy: '{{ preseed__nginx_access_policy }}'
  auth_basic_realm: '{{ preseed__nginx_auth_realm }}'

  location: '{{ preseed__nginx__server_location }}'

preseed__nginx__servers

List of nginx server configurations managed by the debops.nginx role.

preseed__nginx__servers:
  - '{{ preseed__nginx__server_http }}'
  - '{{ preseed__nginx__server_https }}'

Configuration for other Ansible roles 

preseed__python__dependent_packages3

Configuration for the debops.python Ansible role.

preseed__python__dependent_packages3:

  - 'python3'
  - 'python3-apt'
  - 'python3-pycurl'
  - 'python3-httplib2'

preseed__python__dependent_packages2

Configuration for the debops.python Ansible role.

preseed__python__dependent_packages2:

  - 'python'
  - 'python-apt'
  - 'python-pycurl'
  - 'python-httplib2'