-name:Disable install of additional recommends and suggests packagescopy:mode:0444src:95disable-recommendsdest:/etc/apt/apt.conf.d/owner:rootgroup:root# NOTE(ianw) There are ordering issues with this. Hopefully when# we're bionic only we can just remove ntp-name:Install NTPwhen:ansible_distribution_version is version('18.04', '<')block:-name:Install ntppackage:name:ntpstate:present-name:Ensure NTP service is runningservice:name:ntpenabled:yesstate:started-name:Remove ntp and run timesyncdwhen:ansible_distribution_version is version('18.04', '>=')block:-name:Remove ntppackage:name:ntpstate:absent-name:Ensure systemd-timesyncd is runningservice:name:systemd-timesyncdenabled:yesstate:started-name:Remove packages that make no sense for our serverspackage:name:-apport-whoopsie-popularity-contest-lxd-lxd-client-cloud-init-open-vm-tools-snapd-sosreportstate:absent-name:Get rid of extra dependscommand:apt-get autoremove -y-name:Configure file limitscopy:mode:0644src:debian_limits.confdest:/etc/security/limits.d/60-nofile-limit.conf# The next two files share a source file. Different packages manage# each of these and we do not want them to get out of sync with each# other as that can impact the configuration that apt sees based on# priority rules. We address this by making the two files have the same# content.-name:Install apt-daily 10periodic file for unattended-upgradescopy:mode:0444src:XYperiodic-updatesdest:/etc/apt/apt.conf.d/10periodicowner:rootgroup:root-name:Install 20auto-upgrades file for unattended-upgradescopy:mode:0444src:XYperiodic-updatesdest:/etc/apt/apt.conf.d/20auto-upgradesowner:rootgroup:root-name:Install 50unattended-upgrades file for unattended-upgradescopy:mode:0444src:50unattended-upgradesdest:/etc/apt/apt.conf.d/50unattended-upgradesowner:rootgroup:root-name:Ensure required build packages for non-wheel architecturesapt:update_cache:yesname:-libffi-dev-libssl-dev-build-essentialwhen:ansible_architecture == 'aarch64'