AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on Ubuntu 26.04 LTS Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate Ubuntu 26.04 LTS servers with Ansible: APT, sudo-rs, Wayland, Netplan, AppArmor, Docker, Kubernetes, hardening, patching.

Ubuntu 26.04 LTS is the next Ubuntu Long-Term Support release, scheduled for April 2026. It introduces sudo-rs (the Rust rewrite of sudo) as default, the Linux 6.14 kernel, Python 3.13, OpenSSH 10.0, Netplan 1.2, and improved immutable variant (Ubuntu Core/Snap-based) options. Standard support runs until April 2031, ESM until April 2036. This guide is the master overview for automating 26.04 with Ansible. For deep dives, see our companion guide on sudo-rs, APT rollback, and Wayland automation.

Ubuntu 26.04 release facts

| Item | Value | |---|---| | Release | 2026-04 | | Standard support | until 2031-04 | | ESM (Ubuntu Pro) | until 2036-04 | | Default kernel | 6.14 | | Default Python | 3.13 | | Default sudo | sudo-rs (Rust) | | Default OpenSSH | 10.0 | | systemd | 256 |

See also: Ansible on Ubuntu 26.04 LTS: sudo-rs, APT Rollback, and Automating Resolute Raccoon

Ansible-core compatibility

Use ansible-core 2.20 (or the next LTS, 2.21, when published). Python 3.13 on the managed node requires ansible-core >= 2.18. Pin ansible_python_interpreter=/usr/bin/python3.

Inventory

[ubuntu26]
node-01.cloud.example.com
node-02.cloud.example.com

[ubuntu26:vars]
ansible_user=ubuntu
ansible_python_interpreter=/usr/bin/python3
ansible_become_method=sudo

ansible_become_method=sudo works transparently with sudo-rs; the binary at /usr/bin/sudo is the Rust implementation but presents the same CLI.

See also: Ansible on Ubuntu 24.04 LTS Noble Numbat Automation Complete Guide

Baseline playbook

---
- name: Ubuntu 26.04 LTS baseline
  hosts: ubuntu26
  become: true
  tasks:
    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: true
        cache_valid_time: 3600

- name: Install baseline packages
      ansible.builtin.apt:
        name:
          - vim
          - curl
          - htop
          - chrony
          - ufw
          - apparmor-utils
          - unattended-upgrades
          - sudo-rs
        state: present


- name: Confirm sudo-rs is the active sudo
      ansible.builtin.command: sudo --version
      register: sudo_v
      changed_when: false
      failed_when: "'sudo-rs' not in sudo_v.stdout"


- name: Set timezone
      community.general.timezone:
        name: UTC

sudo-rs configuration

- name: Configure sudo-rs policies
  hosts: ubuntu26
  become: true
  tasks:
    - name: Drop a sudoers.d policy for ansible group
      ansible.builtin.copy:
        dest: /etc/sudoers.d/ansible
        owner: root
        mode: "0440"
        content: |
          %ansible ALL=(ALL) NOPASSWD: /usr/bin/apt, /bin/systemctl
        validate: '/usr/sbin/visudo -cf %s'

See also: Ansible on Ubuntu 22.04 LTS Jammy Jellyfish Automation Complete Guide

APT rollback (transactional updates)

Ubuntu 26.04 ships an APT rollback feature usable from Ansible:

- name: Patch with APT rollback snapshot
  hosts: ubuntu26
  become: true
  tasks:
    - name: Create pre-patch snapshot
      ansible.builtin.command: apt-snapshot create pre-patch-{{ ansible_date_time.iso8601_basic_short }}
      register: snap

- name: Apply security upgrades
      ansible.builtin.apt:
        upgrade: dist
        update_cache: true


- name: Roll back on failure
      ansible.builtin.command: "apt-snapshot rollback {{ snap.stdout }}"
      when: ansible_failed_task is defined

Wayland-aware desktop tasks

- name: Configure GNOME Wayland session defaults
  hosts: ubuntu26_desktop
  become: true
  tasks:
    - name: Force Wayland session for GDM
      ansible.builtin.lineinfile:
        path: /etc/gdm3/custom.conf
        regexp: '^#?WaylandEnable'
        line: 'WaylandEnable=true'

Kubernetes 1.32 worker

- name: K8s 1.32 worker on Ubuntu 26.04
  hosts: ubuntu26
  become: true
  tasks:
    - name: Disable swap
      ansible.posix.mount: { name: swap, fstype: swap, state: absent }

- name: Add Kubernetes 1.32 repo
      ansible.builtin.apt_repository:
        repo: "deb [signed-by=/etc/apt/keyrings/kubernetes.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /"


- name: Install components
      ansible.builtin.apt:
        name: [kubelet, kubeadm, kubectl, containerd]
        state: present
        update_cache: true

Best practices

• Use apt-snapshot + Ansible block/rescue for safe staged rollouts. • Keep sudo-rs policies in /etc/sudoers.d/ drop-ins; never edit /etc/sudoers directly. • Prefer Wayland sessions; only fall back to X11 for legacy desktop tooling. • Run ansible-lint --profile production against your 26.04 playbooks; new modules emit deprecation warnings on 2.20+.

Conclusion

Ubuntu 26.04 LTS modernizes the Ubuntu server experience with sudo-rs, kernel 6.14, Python 3.13, and APT rollback. Combined with ansible-core 2.20+, it gives you safer transactional updates and a stronger memory-safe security foundation while preserving full backward compatibility with existing Ansible playbooks.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home