The Linux System Roles are a set of Ansible Roles, also available as an Ansible Collection, used to manage and configure common GNU/Linux operating system components. Conceptually, the intent is to provide for the operating system components an automation “API” that is consistent across multiple major and minor releases. The roles are available in Ansible Galaxy at linux-system-roles. If you would prefer to use a collection instead of individual roles, see fedora.linux_system_roles collection
Consistent and abstract
A major objective is that a role will provide a consistent user interface to provide settings to a given subsystem that is abstract from any particular implementation. For example, assigning an IP Address to a network interface should be a generic concept separate from any particular implementations such as init networking scripts, NetworkManager, or systemd-networkd.
Another part of the consistency is a set of Good Practices which role users and developers follow in order to maintain a consistent behavior and interface for all of the roles.
Utilize the subsystems’ native libraries
Whenever possible, the modules for this effort will take advantage of the native libraries and interfaces provided by the distribution, rather than calling upon CLI commands. Example libraries include dbus, libnm, and similar interfaces which provide robust and strictly defined inputs.
Currently supported distributions
- Fedora
- Red Hat Enterprise Linux (RHEL 6+)
- CentOS and CentOS Stream
Note that some components are not available on EL6, and some are available only on EL8+/Fedora. See the documentation for the individual roles.
Collection
If you would prefer to use a collection instead of individual roles, see Linux System Roles Collection
Submit an Issue
If the issue is specific to a role, file an issue at the role repository - for example, network issues
If the issue is not specific to a role e.g. a general question, or a request to add a new role, use General issues
Demos
Currently supported subsystems
- email (postfix)
- kdump (kernel crash dump)
- network
- selinux
- timesync
- storage
- tlog (terminal logging, session recording)
- logging
- metrics
- nbde_server
- nbde_client
- certificate
- kernel_settings (sysctl, sysfs, etc.)
- SSH server (used in the collection) ansible-sshd
- SSH client
- VPN (IPSec - libreswan)
- Microsoft SQL Server
- Crypto policies
- Cluster HA (pacemaker/corosync)
- Cockpit
- firewall
- Systemd journald
- Active Directory join
- podman
- Red Hat Subscription Management and Insights
- PostgreSQL
- keylime_server
- fapolicyd
- snapshot (lvm)
- bootloader
- gfs2
- sudo
Subsystems on the roadmap
- pam_pwd
- AuditD
- Kerberos authentication
- tuned (power management)