source: branches/3.3/ansible/roles/system/tasks/main.yml @ 3667

Last change on this file since 3667 was 3667, checked in by bruno, 2 years ago

Many updates to MR setup

File size: 2.6 KB
Line 
1---
2
3- name: Check that IP address is setup
4  template: src=templates/ifcfg-enp2s0f0 dest=/etc/sysconfig/network-scripts/ifcfg-enp2s0f0 owner=root group=root mode=0600 backup=yes
5  tags: system
6
7- name: Check that GW is setup
8  template: src=templates/network dest=/etc/sysconfig/network owner=root group=root mode=0600 backup=yes
9  tags: system
10
11# Validate the sudoers file before saving
12- name: Check that sudo is configured
13  lineinfile: destfile=/etc/sudoers state=present line='{{ item }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' mode=0600 backup=yes
14  with_items:
15    - fwadmin
16    - bruno
17  tags: system
18
19- name: Check that sshd is installed
20  urpmi: name=openssh-server state=installed update_cache=yes no-recommends=yes
21  tags: system
22
23- name: Check that sshd is configured
24  #lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin prohibit-password' mode=0600 backup=yes
25  lineinfile: destfile=/etc/ssh/sshd_config state=present line='PermitRootLogin no' mode=0600 backup=yes
26  notify:
27    - restart sshd
28  tags: system
29
30- name: Ensure the groups exists
31  group: name={{ item }} state=present
32  tags: system
33  with_items:
34    - fwadmin
35    - bruno
36
37- name: Ensure the accounts exists
38  user: name={{ item }} state=present group={{ item }} home=/home/{{ item }} move_home=yes
39  tags: system
40  with_items:
41    - fwadmin
42    - bruno
43
44- name: Copy special keys for remote access (git...)
45  copy: src=/users/bruno/prj/musique-ancienne.org/mondorescue.org/{{ item.f }} dest=/home/bruno/{{ item.f }} mode={{ item.m }} backup=yes owner=bruno group=bruno
46  with_items:
47    - { f: .ssh, m: 700 }
48    - { f: .ssh/id_rsa, m: 600 }
49    - { f: .ssh/id_rsa.pub, m: 644 }
50
51- name: Copy public keys for access
52  lineinfile: destfile=/home/{{ item }}/.ssh/authorized_keys state=present line='{{ sshkey }}' mode=0600 backup=yes owner={{ item }} group={{ item }}
53  with_items:
54    - fwadmin
55    - bruno
56  tags: system
57
58- name: Check that sshd is running and enabled
59  service: name=sshd state=running enabled=yes
60  tags: system
61
62- name: Check that sshutout is installed
63  urpmi: name=sshutout state=installed update_cache=yes no-recommends=yes
64  tags: system
65
66- name: Check that sshutout is configured
67  template: src=templates/sshutout.conf dest=/etc/sshutout.conf owner=root group=root mode=0600 backup=yes
68  notify:
69    - restart sshutout
70  tags: system
71
72- name: Check that sshutout is running and enabled
73  service: name=sshutout state=running enabled=yes
74  tags: system
75
76- name: Setup autoupdate via cron
77  cron: name=urpmi-upd minute=43 hour=03 user=root job="/usr/local/bin/upd" cron_file=urpmi-upd state=present backup=yes
78  tags: system
Note: See TracBrowser for help on using the repository browser.