Basic management of filesystems.
This role requires at least the following filesystems (and that they have a label applied before use).
- Root filesystem (to be marked read only)
- Home filesystem (which will remain r/w)
- var filesystem (which will remain r/w)
If you wish you could partially work around the requirement for the second r/w partition by making home and var the same filesystem by bind mounting them before running this role.
If the role is run without updating filesystems_configuration_mounted to 'mounted' filesystems will need to be manually remounted or the server rebooted to pick up the new configuration. The current setting is the safe default.
The role isn't comprehensive (see next section) - there are other things living in /etc/ that need moving which might affect you - I'm happy to update the role if you encounter any.
There are several things which are known to write to /etc/ which are left alone by this role. An example of something that hasn't been moved/updated is resolv.conf. How it should be handled is an administrator choice (static file? no file? install resolvconf to replace it?) so it has been left alone.
Known items:
- resolv.conf
- Alsa/Pulse .pulse files
- CUPS
filesystems_configuration_ro: []
filesystems_configuration_noexec: []
filesystems_configuration_mounted: 'present'
filesystems_ro_move_root: true
filesystems_noexec_opts: 'noexec,nosuid'
filesystems_rofs_opts: 'ro,data=writeback,errors=remount-ro'
filesystems_with_lvm: false
N/A
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
vars:
- filesystems_configuration_ro:
- { name: '/', label: 'ROOTFS', filesystem: 'ext4' }
- filesystems_configuration_noexec:
- { name: '/tmp', label: 'TEMPFS', filesystem: 'tmpfs'}
- filesystems_ro_move_root: true
roles:
- { role: goetzk.filesystems }
GPL2+
Issues or feedback can be reported to the author at [email protected]; please prefix the subject with 'ansible' or 'role'.