source: branches/3.3/ansible/roles/system/tasks/main.yml @ 3657

Last change on this file since 3657 was 3657, checked in by bruno, 3 years ago

Adds system role and fix many other ones

File size: 2.2 KB
Line 
1---
2
3- name: Check that IP address is setup
4  copy: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
5  tags: system
6
7- name: Check that GW is setup
8  copy: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
9  tags: system
10
11# Validate the sudoers file before saving
12- name: Check that sudo is configured
13  lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
14  with_items:
15    - fwadmin
16    - bruno
17  tags: system
18
19- name: Check that sshd is installed
20  urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
21  tags: system
22
23- name: Check that sshd is configured
24  #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
25  lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
26  notify:
27    - restart sshd
28  tags: system
29
30- name: Ensure the fwadmin group exists
31  group: name=fwadmin state=present
32  tags: system
33
34- name: Ensure the fwadmin account exists
35  user: name=fwadmin state=present group=fwadmin home=/home/fwadmin move_home=yes
36  tags: system
37
38- name: Copy public for fwadmin access
39  lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' owner={{item }} group={{item }} mode=0600 backup=yes
40  with_items:
41    - fwadmin
42    - bruno
43  tags: system
44
45- name: Check that sshd is running and enabled
46  service: name=sshd state=running enabled=yes
47  tags: system
48
49- name: Check that sshutout is installed
50  urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
51  tags: system
52
53- name: Check that sshutout is configured
54  copy: src=templates/sshutout.conf dest=/etc/sshtout.conf owner=root group=root mode=0600 backup=yes
55  notify:
56    - restart sshutout
57  tags: system
58
59- name: Check that sshutout is running and enabled
60  service: name=sshutout state=running enabled=yes
61  tags: system
62
63- name: Setup autoupdate via cron
64  cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
65  tags: system
Note: See TracBrowser for help on using the repository browser.