AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Ubuntu 22.04 LTS Jammy Jellyfish Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Ubuntu 22.04 LTS (Jammy Jellyfish) servers with Ansible: APT, users, SSH, UFW, systemd, Docker, Kubernetes, hardening, and patching.

Ubuntu 22.04 LTS (Jammy Jellyfish) was released on April 21, 2022 and remains one of the most deployed Linux server platforms in 2026. Standard support runs until April 2027, and Ubuntu Pro / ESM extends security maintenance to April 2032. With Linux kernel 5.15 (HWE 6.8 available), OpenSSH 8.9, Python 3.10, and systemd 249, Jammy is the stable workhorse LTS for Kubernetes nodes, application servers, CI runners, and ML workstations.

Ubuntu 22.04 release facts

| Item | Value | |---|---| | Code name | Jammy Jellyfish | | Release | 2022-04-21 | | Standard support | until 2027-04 | | ESM (Ubuntu Pro) | until 2032-04 | | Default kernel | 5.15 (HWE 6.8 optional) | | Default Python | 3.10 | | Default OpenSSH | 8.9p1 | | systemd | 249 |

See also: Ansible on Ubuntu 24.04 LTS Noble Numbat Automation Complete Guide

Ansible-core compatibility

| ansible-core | Status (May 2026) | Python | Ubuntu 22.04 | |---|---|---|---| | 2.16 | EOL | 3.10–3.12 | Yes | | 2.18 | LTS | 3.11–3.13 | Recommended | | 2.19 / 2.20 | Stable / Latest | 3.11–3.14 | Yes |

System Python on Jammy is 3.10, which works as the managed-node interpreter for all current ansible-core releases. Use ansible_python_interpreter=/usr/bin/python3.

Inventory

[ubuntu22]
web01.example.com
web02.example.com

[ubuntu22:vars]
ansible_user=ubuntu
ansible_python_interpreter=/usr/bin/python3

See also: Ansible on Ubuntu 26.04 LTS Automation Complete Guide

Baseline playbook

---
- name: Ubuntu 22.04 LTS baseline
  hosts: ubuntu22
  become: true
  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 3600

- name: Install baseline packages
      ansible.builtin.apt:
        name:
          - vim
          - curl
          - htop
          - unattended-upgrades
          - ufw
          - fail2ban
          - chrony
        state: present


- name: Enable unattended security upgrades
      ansible.builtin.copy:
        dest: /etc/apt/apt.conf.d/20auto-upgrades
        content: |
          APT::Periodic::Update-Package-Lists "1";
          APT::Periodic::Unattended-Upgrade "1";
          APT::Periodic::AutocleanInterval "7";
        owner: root
        mode: "0644"


- name: Set timezone
      community.general.timezone:
        name: UTC

OpenSSH hardening

- name: Harden OpenSSH on Ubuntu 22.04
  hosts: ubuntu22
  become: true
  handlers:
    - name: restart sshd
      ansible.builtin.service:
        name: ssh
        state: restarted
  tasks:
    - name: Disable password authentication
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?PasswordAuthentication'
        line: 'PasswordAuthentication no'
        validate: 'sshd -tf %s'
      notify: restart sshd

- name: Disable root login
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: '^#?PermitRootLogin'
        line: 'PermitRootLogin no'
        validate: 'sshd -tf %s'
      notify: restart sshd

See also: Ansible on Debian 12 Bookworm Automation Complete Guide

UFW firewall

- name: Configure UFW on Ubuntu 22.04
  hosts: ubuntu22
  become: true
  tasks:
    - name: Default deny incoming
      community.general.ufw:
        default: deny
        direction: incoming

- name: Allow SSH
      community.general.ufw:
        rule: limit
        port: '22'
        proto: tcp


- name: Allow HTTPS
      community.general.ufw:
        rule: allow
        port: '443'
        proto: tcp


- name: Enable UFW
      community.general.ufw:
        state: enabled
        logging: 'on'

Docker CE on Ubuntu 22.04

- name: Install Docker CE on Jammy
  hosts: ubuntu22
  become: true
  tasks:
    - name: Add Docker GPG key
      ansible.builtin.get_url:
        url: https://download.docker.com/linux/ubuntu/gpg
        dest: /etc/apt/keyrings/docker.asc
        mode: "0644"

- name: Add Docker apt repo
      ansible.builtin.apt_repository:
        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu jammy stable"
        state: present
        filename: docker


- name: Install Docker engine
      ansible.builtin.apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose-plugin
        state: present
        update_cache: true


- name: Enable docker
      ansible.builtin.service:
        name: docker
        enabled: true
        state: started

Kubernetes node bootstrap (kubeadm)

- name: Bootstrap Kubernetes 1.31 node on Ubuntu 22.04
  hosts: ubuntu22
  become: true
  tasks:
    - name: Disable swap
      ansible.posix.mount:
        name: swap
        fstype: swap
        state: absent

- name: Load kernel modules
      community.general.modprobe:
        name: "{{ item }}"
        state: present
      loop:
        - br_netfilter
        - overlay


- name: Add Kubernetes apt repo
      ansible.builtin.apt_repository:
        repo: "deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /"
        state: present


- name: Install kubeadm/kubelet/kubectl
      ansible.builtin.apt:
        name:
          - kubelet
          - kubeadm
          - kubectl
        state: present

Patching with apt and unattended-upgrades

- name: Patch Ubuntu 22.04 fleet
  hosts: ubuntu22
  become: true
  serial: 25%
  tasks:
    - name: Apply security updates only
      ansible.builtin.apt:
        upgrade: dist
        update_cache: true
        only_upgrade: true
        autoremove: true

- name: Reboot if required
      ansible.builtin.reboot:
      when: ansible_facts['kernel'] != lookup('ansible.builtin.file', '/proc/version')

Best practices

• Pin to HWE 6.8 kernel if you need newer hardware support, otherwise stay on 5.15 GA. • Enroll in Ubuntu Pro for livepatch, FIPS, and ESM access. • Use the ansible-pull model for ephemeral CI runners. • Replace cron jobs with systemd timers (Ansible's systemd module). • Always set cache_valid_time: 3600 to avoid unnecessary apt update runs.

Conclusion

Ubuntu 22.04 LTS Jammy Jellyfish is the safest LTS bet through 2027 (and through 2032 with Pro). Combine ansible-core 2.18 with ansible.builtin, ansible.posix, and community.general to ship a hardened, patched, container-ready Jammy host in a single playbook run.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home