Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

source: MondoRescue/branches/3.3/ansible/roles/system/tasks/main.yml@ 3657

Visit:

Last change on this file since 3657 was 3657, checked in by Bruno Cornec, 7 years ago
Adds system role and fix many other ones
File size: 2.2 KB

Rev	Line
[3657]	1	---
	2
	3	- name: Check that IP address is setup
	4	copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
	5	tags: system
	6
	7	- name: Check that GW is setup
	8	copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
	9	tags: system
	10
	11	# Validate the sudoers file before saving
	12	- name: Check that sudo is configured
	13	lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
	14	with_items:
	15	- fwadmin
	16	- bruno
	17	tags: system
	18
	19	- name: Check that sshd is installed
	20	urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
	21	tags: system
	22
	23	- name: Check that sshd is configured
	24	#lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
	25	lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
	26	notify:
	27	- restart sshd
	28	tags: system
	29
	30	- name: Ensure the fwadmin group exists
	31	group: name=fwadmin state=present
	32	tags: system
	33
	34	- name: Ensure the fwadmin account exists
	35	user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes
	36	tags: system
	37
	38	- name: Copy public for fwadmin access
	39	lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes
	40	with_items:
	41	- fwadmin
	42	- bruno
	43	tags: system
	44
	45	- name: Check that sshd is running and enabled
	46	service: name=sshd state=running enabled=yes
	47	tags: system
	48
	49	- name: Check that sshutout is installed
	50	urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
	51	tags: system
	52
	53	- name: Check that sshutout is configured
	54	copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes
	55	notify:
	56	- restart sshutout
	57	tags: system
	58
	59	- name: Check that sshutout is running and enabled
	60	service: name=sshutout state=running enabled=yes
	61	tags: system
	62
	63	- name: Setup autoupdate via cron
	64	cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
	65	tags: system

Note: See TracBrowser for help on using the repository browser.

Download in other formats: