AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Ubuntu 24.04 LTS Noble Numbat Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Ubuntu 24.04 LTS (Noble Numbat) servers with Ansible: APT, AppArmor, UFW, systemd, Netplan, Docker, Kubernetes, hardening, patching.

Ubuntu 24.04 LTS (Noble Numbat) was released on April 25, 2024. With Linux kernel 6.8, OpenSSH 9.6, Python 3.12, systemd 255, and Netplan 1.0, it is the modern LTS baseline for cloud workloads, AI/ML training nodes, and Kubernetes 1.30+ clusters in 2026. Standard support runs until April 2029, and Ubuntu Pro / ESM extends to April 2034.

Ubuntu 24.04 release facts

| Item | Value | |---|---| | Code name | Noble Numbat | | Release | 2024-04-25 | | Standard support | until 2029-04 | | ESM (Ubuntu Pro) | until 2034-04 | | Default kernel | 6.8 (HWE 6.11 optional) | | Default Python | 3.12 | | Default OpenSSH | 9.6p1 | | systemd | 255 | | Default firewall | UFW + nftables |

See also: Ansible on Ubuntu 26.04 LTS Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS or newer with ansible_python_interpreter=/usr/bin/python3. Python 3.12 is fully supported.

Inventory

[ubuntu24]
app-01.example.com
app-02.example.com

[ubuntu24:vars]
ansible_user=ubuntu
ansible_python_interpreter=/usr/bin/python3

See also: Ansible on Ubuntu 22.04 LTS Jammy Jellyfish Automation Complete Guide

Baseline playbook

---
- name: Ubuntu 24.04 LTS baseline
  hosts: ubuntu24
  become: true
  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 3600

- name: Install baseline packages
      ansible.builtin.apt:
        name:
          - vim
          - curl
          - htop
          - chrony
          - ufw
          - fail2ban
          - apparmor-utils
          - unattended-upgrades
        state: present


- name: Enable AppArmor
      ansible.builtin.service:
        name: apparmor
        enabled: true
        state: started


- name: Set timezone
      community.general.timezone:
        name: UTC

Netplan-based network configuration

- name: Configure Netplan on Noble
  hosts: ubuntu24
  become: true
  handlers:
    - name: apply netplan
      ansible.builtin.command: netplan apply
  tasks:
    - name: Write netplan config
      ansible.builtin.copy:
        dest: /etc/netplan/01-ansible.yaml
        mode: "0600"
        content: |
          network:
            version: 2
            ethernets:
              eth0:
                dhcp4: false
                addresses: ["{{ host_ip }}/24"]
                routes:
                  - to: default
                    via: "{{ gateway_ip }}"
                nameservers:
                  addresses: [1.1.1.1, 9.9.9.9]
      notify: apply netplan

See also: Ansible on Ubuntu 20.04 LTS: Kubernetes kubeadm Bootstrap Complete Guide

OpenSSH hardening (OpenSSH 9.6 defaults)

- name: SSH hardening on Noble
  hosts: ubuntu24
  become: true
  handlers:
    - name: restart ssh
      ansible.builtin.service:
        name: ssh
        state: restarted
  tasks:
    - name: Tight SSH config
      ansible.builtin.copy:
        dest: /etc/ssh/sshd_config.d/10-hardened.conf
        owner: root
        mode: "0644"
        content: |
          PasswordAuthentication no
          PermitRootLogin no
          KbdInteractiveAuthentication no
          ClientAliveInterval 300
          ClientAliveCountMax 2
          MaxAuthTries 3
          AllowGroups sudo ansible
        validate: 'sshd -tf %s'
      notify: restart ssh

Docker / Kubernetes 1.32

- name: Bootstrap K8s 1.32 worker on Ubuntu 24.04
  hosts: ubuntu24
  become: true
  tasks:
    - name: Disable swap
      ansible.posix.mount:
        name: swap
        fstype: swap
        state: absent

- name: Add Kubernetes 1.32 repo
      ansible.builtin.apt_repository:
        repo: "deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /"


- name: Install kubeadm/kubelet/kubectl
      ansible.builtin.apt:
        name: [kubelet, kubeadm, kubectl, containerd]
        state: present
        update_cache: true


- name: Hold packages
      ansible.builtin.dpkg_selections:
        name: "{{ item }}"
        selection: hold
      loop: [kubelet, kubeadm, kubectl]

Patching at scale

- name: Patch Ubuntu 24.04 fleet
  hosts: ubuntu24
  become: true
  serial: 25%
  max_fail_percentage: 10
  tasks:
    - name: Apply security updates
      ansible.builtin.apt:
        upgrade: dist
        update_cache: true
        autoremove: true

- name: Reboot if needed
      ansible.builtin.reboot:
        msg: "Reboot scheduled by Ansible"
        post_reboot_delay: 30

Best practices

• Use /etc/ssh/sshd_config.d/ drop-ins, not edits to sshd_config, to survive package upgrades. • Prefer Netplan over /etc/network/interfaces. Validate with netplan generate --debug before apply. • Enable livepatch via Ubuntu Pro to reduce reboot windows. • Use ansible.builtin.dpkg_selections to hold Kubernetes packages. • Keep ufw and fail2ban enabled by default; layer cloud security groups on top.

Conclusion

Ubuntu 24.04 LTS is the modern long-haul Ubuntu LTS for 2026–2029. Pair ansible-core 2.18+ with ansible.builtin, ansible.posix, and community.general to deliver a fully configured, patched, AppArmor-hardened Noble Numbat host with a single playbook run.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home