8025-awxRefactor-debianBootStrap-FinishWorks #32
|
@ -1,5 +0,0 @@
|
|||
- name: First time host configuration
|
||||
hosts: all
|
||||
tasks:
|
||||
- import_role:
|
||||
name: debian-once
|
|
@ -1,6 +1,5 @@
|
|||
vn_witness: false
|
||||
vn_first_time: false
|
||||
default_user: user
|
||||
root_password: Pa$$w0rd
|
||||
fail2ban:
|
||||
email: "{{ sysadmin_mail }}"
|
||||
bantime: 600
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
- import_tasks: witness.yml
|
||||
tags: witness
|
||||
- import_tasks: root.yml
|
||||
tags: root
|
||||
- import_tasks: resolv.yml
|
||||
tags: resolv
|
||||
- import_tasks: timesync.yml
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
- name: Generate root password
|
||||
when: vn_first_time
|
||||
block:
|
||||
- name: Search root password into Passbolt
|
||||
set_fact:
|
||||
qst: >
|
||||
{{
|
||||
lookup(passbolt, inventory_hostname_short,
|
||||
username='root',
|
||||
uri='ssh://'+hostname_fqdn
|
||||
)
|
||||
}}
|
||||
ignore_errors: true
|
||||
- name: Generate and save root password if not found in Passbolt
|
||||
when: qst is not defined
|
||||
block:
|
||||
- name: Generate a random root password
|
||||
set_fact:
|
||||
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
|
||||
- name: Save root password into Passbolt
|
||||
set_fact:
|
||||
msg: >
|
||||
{{
|
||||
lookup(passbolt, inventory_hostname_short,
|
||||
username='root',
|
||||
password=root_password,
|
||||
uri='ssh://'+hostname_fqdn
|
||||
)
|
||||
}}
|
||||
environment:
|
||||
PASSBOLT_CREATE_NEW_RESOURCE: true
|
||||
- name: Change root password
|
||||
user:
|
||||
name: root
|
||||
password: "{{ root_password | password_hash('sha512') }}"
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
path: "/etc/ssh/ssh_host_{{ item.type }}_key"
|
||||
type: "{{ item.type }}"
|
||||
force: yes
|
||||
when: vn_witness
|
||||
when: vn_first_time
|
||||
loop:
|
||||
- { type: 'rsa' }
|
||||
- { type: 'ecdsa' }
|
||||
|
|
|
@ -4,9 +4,9 @@
|
|||
register: keys_generated_marker
|
||||
- name: Generate variable if not exists
|
||||
set_fact:
|
||||
vn_witness: "{{ not keys_generated_marker.stat.exists }}"
|
||||
vn_first_time: "{{ not keys_generated_marker.stat.exists }}"
|
||||
- name: Create marker file to indicate vn happends
|
||||
file:
|
||||
path: /etc/vn.witness
|
||||
state: touch
|
||||
when: vn_witness
|
||||
when: vn_first_time
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
root_password: Pa$$w0rd
|
|
@ -1,2 +0,0 @@
|
|||
- import_tasks: root.yml
|
||||
tags: root
|
|
@ -1,26 +0,0 @@
|
|||
- name: Generate a random root password
|
||||
set_fact:
|
||||
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
|
||||
- name: Save root password into Passbolt
|
||||
set_fact:
|
||||
msg: >
|
||||
{{
|
||||
lookup(passbolt, inventory_hostname_short,
|
||||
username='root',
|
||||
password=root_password,
|
||||
uri='ssh://'+hostname_fqdn
|
||||
)
|
||||
}}
|
||||
environment:
|
||||
PASSBOLT_CREATE_NEW_RESOURCE: true
|
||||
- name: Save the root password to file
|
||||
copy:
|
||||
content: "{{ root_password }}\n"
|
||||
dest: /root/root_password.txt
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0600'
|
||||
- name: Change root password
|
||||
user:
|
||||
name: root
|
||||
password: "{{ root_password | password_hash('sha512') }}"
|
|
@ -1 +1,6 @@
|
|||
homes_path: /mnt/homes
|
||||
autofs_packages:
|
||||
- nfs-common
|
||||
- autofs
|
||||
- libnfs-utils
|
||||
- autofs-ldap
|
||||
|
|
|
@ -1,12 +1,7 @@
|
|||
- name: Install autofs packages
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name: "{{ autofs_packages }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nfs-common
|
||||
- autofs
|
||||
- libnfs-utils
|
||||
- autofs-ldap
|
||||
- name: Create homes directory
|
||||
file:
|
||||
path: "{{ homes_path }}"
|
||||
|
@ -33,6 +28,6 @@
|
|||
mode: '0644'
|
||||
notify: restart-autofs
|
||||
- name: Service autofs service
|
||||
service:
|
||||
systemd:
|
||||
name: autofs
|
||||
enabled: yes
|
|
@ -12,5 +12,7 @@
|
|||
mode: u=rw,g=r,o=r
|
||||
owner: root
|
||||
group: root
|
||||
register: grub
|
||||
- name: Generate GRUB configuration
|
||||
command: update-grub
|
||||
when: grub.changed
|
||||
|
|
Loading…
Reference in New Issue