algo/roles/common/tasks/ubuntu.yml

---
- name: Cloud only tasks
  block:
  - name: Install software updates
    apt:
      update_cache: true
      install_recommends: true
      upgrade: dist

  - name: Upgrade the ca certificates
    apt:
      name: ca-certificates
      state: latest

  - name: Check if reboot is required
    shell: >
      if [[ -e /var/run/reboot-required ]]; then echo "required"; else echo "no"; fi
    args:
      executable: /bin/bash
    register: reboot_required

  - name: Reboot
    shell: sleep 2 && shutdown -r now "Ansible updates triggered"
    async: 1
    poll: 0
    when: reboot_required is defined and reboot_required.stdout == 'required'
    ignore_errors: true

  - name: Wait until SSH becomes ready...
    local_action:
      module: wait_for
      port: 22
      host: "{{ inventory_hostname }}"
      search_regex: OpenSSH
      delay: 10
      timeout: 320
    when: reboot_required is defined and reboot_required.stdout == 'required'
    become: false

  - name: Include unatteded upgrades configuration
    include_tasks: unattended-upgrades.yml

  - name: Disable MOTD on login and SSHD
    replace: dest="{{ item.file }}" regexp="{{ item.regexp }}" replace="{{ item.line }}"
    with_items:
      - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' }
      - { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' }
  tags:
    - cloud

- name: Install system specific tools
  package: name="{{ item }}" state=present
  with_items:
    - ifupdown
  tags:
    - always

- name: Ensure the interfaces directory exists
  file:
    path: /etc/network/interfaces.d/
    state: directory
    mode: 0755
    owner: root
    group: root
  tags:
    - always

- name: Loopback for services configured
  template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
  notify:
    - restart loopback
  tags:
    - always

- name: Loopback included into the network config
  lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
  notify:
    - restart loopback
  tags:
    - always

- meta: flush_handlers
  tags:
    - always

- name: Check apparmor support
  shell: apparmor_status
  ignore_errors: yes
  register: apparmor_status

- set_fact:
    apparmor_enabled: true
  when: '"profiles are in enforce mode" in apparmor_status.stdout'

- set_fact:
    tools:
      - git
      - screen
      - apparmor-utils
      - uuid-runtime
      - coreutils
      - iptables-persistent
      - cgroup-tools
      - openssl
    sysctl:
      - item: net.ipv4.ip_forward
        value: 1
      - item: net.ipv4.conf.all.forwarding
        value: 1
      - item: net.ipv6.conf.all.forwarding
        value: 1
  tags:
    - always