Context Navigation

source: MondoRescue/branches/3.3/ansible/roles/system/tasks/main.yml@ 3674

Visit:

Last change on this file since 3674 was 3674, checked in by Bruno Cornec, 7 years ago
use started keyword
File size: 2.9 KB

Line
1	---
2
3	- name: Check that IP address is setup
4	template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
5	tags: system
6
7	- name: Check that GW is setup
8	template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
9	tags: system
10
11	# Validate the sudoers file before saving
12	- name: Check that sudo is configured
13	lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
14	with_items:
15	- fwadmin
16	- bruno
17	tags: system
18
19	- name: Check that sshd is installed
20	urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
21	tags: system
22
23	- name: Check that sshd is configured
24	#lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
25	lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
26	notify:
27	- restart sshd
28	tags: system
29
30	- name: Ensure the groups exists
31	group: name={{ item }} state=present
32	tags: system
33	with_items:
34	- fwadmin
35	- bruno
36
37	- name: Ensure the accounts exists
38	user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
39	tags: system
40	with_items:
41	- fwadmin
42	- bruno
43
44	- name: Copy special keys for remote access (git...)
45	copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
46	with_items:
47	- { f: .ssh, m: 700 }
48	- { f: .ssh/id_rsa, m: 600 }
49	- { f: .ssh/id_rsa.pub, m: 644 }
50
51	- name: Copy public keys for access
52	lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
53	with_items:
54	- fwadmin
55	- bruno
56	tags: system
57
58	- name: Check that sshd is running and enabled
59	service: name=sshd state=started enabled=yes
60	tags: system
61
62	- name: Check that sshutout is installed
63	urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
64	tags: system
65
66	- name: Check that sshutout is configured
67	template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
68	notify:
69	- restart sshutout
70	tags: system
71
72	- name: Check that sshutout is running and enabled
73	service: name=sshutout state=started enabled=yes
74	tags: system
75
76	- name: Setup backup script
77	copy: src=files/{{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755 backup=yes
78	with_items:
79	- mkbkp
80	tags: system
81
82	- name: Setup autoupdate via cron
83	cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
84	tags: system
85
86	- name: Setup backup for bruno via cron
87	cron: name=bkp minute=43 hour=02 user=bruno job="/usr/local/bin/mkbkp" cron_file=bkp state=present backup=yes
88	tags: system

Note: See TracBrowser for help on using the repository browser.

Download in other formats: