Bootstrap an Ubuntu server with Ansible

The included tasks are following:

• Update and upgrade Ubuntu packages via apt-get
• Configure locale
• Install ntp to synchronize time
• Install vim
• Install fail2ban
• Delete root password
• Lock down ssh to prevent root
• Setup the ufw firewall
• Configure unattended security upgrades
• Install collectd deamon and collect-web front-end client
• Create users

Install the latest version of Ansible, in Ubuntu:

$ sudo apt-get install software-properties-common
$ sudo apt-add-repository ppa:ansible/ansible
$ sudo apt-get update
$ sudo apt-get install ansible

Copy sample configuration files:

$ cp hosts.sample hosts
$ cp group_vars/server.yml.sample global_vars/server.yml

Edit configuration files (hosts and group_vars/server.yml) with your own configuration.

• To add local machine to host file: localhost ansible_connection=local

Create admin user and assing this user to sudoers group.

$ ansible-playbook user.yml --user root

Enter username: admin
Enter password: 
confirm Enter password: 
Enter id_rsa.pub path [~/.ssh/id_rsa.pub]: 
Add user to sudoers group (y/n) [n]: y

Execute bootstrap Ansible task for admin user:

$ ansible-playbook bootstrap.yml --ask-sudo
sudo password:

Reboot, if kernel updates.

$ ansible-playbook reboot.yml --ask-sudo
sudo password: 
Are you sure you want to reboot server (yes/no)? [no]: yes

Collectd

$ ansible-playbook collectd.yml --ask-sudo

Users

$ ansible-playbook user.yml --ask-sudo

Inspired by zenzire