Getting started¶
Example inventory¶
To install and configure AppArmor, add the hosts to the
debops_service_apparmor
Ansible inventory host group:
[debops_service_apparmor]
hostname
Example playbook¶
Here's an example playbook that can be used to install and configure AppArmor:
---
- name: Install and configure AppArmor
hosts: [ 'debops_service_apparmor' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: debops.grub
grub_dependent_kernel_options: '{{ apparmor__kernel_options }}'
when: (not (apparmor__manage_grub|d() | bool))
tags: [ 'role::grub' ]
- role: debops-contrib.apparmor
tags: [ 'role::apparmor' ]
The playbooks is shipped with this role under
docs/playbooks/apparmor.yml
from which you can symlink it to your
playbook directory.
In case you use multiple DebOps Contrib roles, consider
using the DebOps Contrib playbooks.
Ansible tags¶
You can use Ansible --tags
or --skip-tags
parameters to limit what
tasks are performed during Ansible run. This can be used after a host was first
configured to speed up playbook execution, when you are sure that most of the
configuration is already in the desired state.
Available role tags:
role::apparmor
- Main role tag, should be used in the playbook to execute all of the role tasks as well as role dependencies.