Alan Orth 691deb4fa7
roles/common: Use a persistent systemd journal
The default systemd journal configuration on CentOS 7 and Ubuntu
16.04 does not keep journal logs for multiple boots. This limits
the usefulness of the journal entirely (for example, try to see
sshd logs from even two or three months ago!).

Changing the storage to "persistent" makes systemd keep the logs
on disk in /var/log/journal for up to 2% of the partition size.
2018-12-07 23:46:18 +02:00

65 lines
1.9 KiB
YAML

---
- name: Import OS-specific variables
include_vars: "vars/{{ ansible_distribution }}.yml"
tags: always
- name: Configure network time
import_tasks: ntp.yml
tags: ntp
- name: Install common packages
include_tasks: packages_Debian.yml
when: ansible_distribution == 'Debian'
tags: packages
- name: Install common packages
include_tasks: packages_Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
tags: packages
- name: Configure firewall
include_tasks: firewall_Debian.yml
when: ansible_distribution == 'Debian'
tags: firewall
- name: Configure firewall
include_tasks: firewall_Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
tags: firewall
- name: Configure secure shell daemon
import_tasks: sshd.yml
tags: sshd
# this should work on CentOS 7+ and Ubuntu 16.04+
- block:
- name: Create systemd-journald drop-in config directory
file: path=/etc/systemd/journald.conf.d owner=root group=root mode=0755 state=directory
- name: Enable persistent systemd journal
copy: src=00-persistent-journal.conf dest=/etc/systemd/journald.conf.d/00-persistent-journal.conf owner=root group=root mode=0644
when: ansible_service_mgr == 'systemd'
tags: systemd-journald
# containers identify as virtualization hosts, which makes this tricky, because we have actual Debian VM hosts!
- name: Reconfigure /etc/sysctl.conf
when: ansible_virtualization_role != 'host'
template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
notify:
- reload sysctl
tags: sysctl
- name: Reconfigure /etc/rc.local
when: ansible_distribution == 'Ubuntu'
template: src=rc.local_Ubuntu.j2 dest=/etc/rc.local owner=root group=root mode=0755
- name: Set I/O scheduler
template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
tags: udev
- name: Copy admin SSH keys
import_tasks: ssh-keys.yml
tags: ssh-keys
# vim: set sw=2 ts=2: