Scenario

Ansible is an automation & configuration management tool which can be used to automate and maintain UCS configurations.
While there is no restriction on when to use Ansible it does make sense if:

1. You want to roll out the same configuration multiple times, e.g. similar servers or redeploying of the same machine
2. You want to maintain your UCS configuration like code (see also: Infrastructure as code - Wikipedia)
3. You want to build multiple environments like test beds as close to each other as possible

This guide assumes that you are familiar with Ansibles core concepts.

Collections provided by Univention

Collections are components like modules, roles or playbooks that can be reused for your own use case.
Univention provides two collections via Ansible Galaxy:

1. UCS Modules
2. UCS Roles

Both have their sources published via github:

1. GitHub - univention/ansible-modules: Ansible Modules for UCS
2. GitHub - univention/ansible-roles: Ansible roles to setup, configure and deploy UCS

UCS Modules

Modules provide an interface to manage UCS specific components directly in Ansible. They can be used to write own tasks.
Currently two modules are available: UDM and UCR.
The installation can be done via ansible-galaxy:

ansible-galaxy collection install univention.ucs_modules

Afterwards they can be used directly inside your plays:

- name: "Disable HTTP"
  univention.ucs_modules.univention_config_registry:
    keys:
      apache2/force_https: "yes"

- name: "delete a user with a search filter"
  univention.ucs_modules.univention_directory_manager:
    module: "users/user"
    state: "absent"
    filter: "(uid=testuser1)"

Additional uses can be found inside their docs.

UCS Roles

Roles contain multiple tasks to add, alter or remove components or configuration to/from UCS. They can be used within a playbook.
Installation is done similar:

ansible-galaxy collection install univention.ucs_roles

Afterwards they can be included in into your play:

- name: "Enable Cookie banner"
  ansible.builtin.include_role:
    name: "univention.ucs_roles.portal_cookie_banner"
  vars:
    portal_cookie_banner_enabled: true
    portal_cookie_banner_data: "{}"

- name: "Install directory logger"
  ansible.builtin.include_role:
    name: "univention.ucs_roles.univention_install"
  vars:
    univention_install_name: "univention-directory-logger"

To use a role successfully there might be mandatory variables or other requirements, therefore reading the role doc beforehand is advisable.

Further reading

• Getting started with Ansible — Ansible Documentation
• Using Ansible collections — Ansible Documentation
• Schulangebot powered by UCS@school hosted by Hostern
• Usage of Ansible within the Sovereign Productivity Suite deployment: GitHub - univention/sovereign-productivity-suite: SPS will offer an web-based Open-Source office workplace for communication and collaboration tasks.

Questions?

If you’re not sure whether the recommendations will fit into your scenario, please ask your Professional Services contact person, or create a new topic referencing this article.