Configuration options

Ansible options

ansible_ssh_pipelining

ansible_ssh_pipelining: true

The Plone server role uses ssh pipelining to avoid security errors from Ansible when running operations without superuser rights. SSH pipelining for this purpose may require the disabling of ‘requiretty’ in /etc/sudoers. If you get a pipelining error and cannot disable requiretty, set this variable to false and instead turn on allow_world_readable_tmpfiles in your ansible.cfg. See http://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user for a discussion.

System options

admin_email

admin_email: sysadmin@yourdomain.com

It is important that you update this setting. The admin_email address will receive system mail, some of which is vitally important.

If you don’t set this variable, the playbook won’t run.

motd

motd: |
    Message of the day
    for your server

Sets the server’s message of the day, which is displayed on login.

Defaults to:

motd: |
    This server is configured via Ansible.
    Do not change configuration settings directly.

auto_upgrades

auto_upgrades: (yes|no)

Should the operating system’s auto-update feature be turned on. You will still need to monitor for updates that cannot be automatically applied and for cases where a system restart is required after an update.

Defaults to yes

Warning

Turning on automatic updates does not relieve you of the duty of actively administering the server. Many updates, including vital security updates, will not happen or take effect without direct action.

additional_packages

additional_packages:
    - sockstat

List any additional operating system packages you wish to install. Default is empty.

Note

The operating system packages necessary for the components in this kit are automatically handled when a part is installed.

timezone

timezone: "America/Los_Angeles"

Specify the timezone that should be set on the server. Default is “UTC”.

Note

The timezone string must be terminated with a newline character (n).

set_timezone

set_timezone: no

If you have a reason to prevent setting the timezone, set this to “no”. Default is “yes”.

logwatch_ignore

Sets the contents of the logwatch ignore.conf file. Each line should be a regular expression. If matched, the log line will be ignored and unconsidered in any log-based report. Use with great caution to reduce noice in your logwatch report.