p216149
/
docs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of https://git.webhosting.rug.nl/p216149/docs

This commit is contained in:
G.J.C. Strikwerda 2018-04-12 21:59:28 +02:00
parent f4f02652f9 c3d0008101
commit deec0e70ab
2 changed files with 139 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts Normal file
View File

@ -0,0 +1,16 @@
[rugcms]
cms-fa21 ansible_host=cms-fa21.service.rug.nl ansible_port=22
cms-fa22 ansible_host=cms-fa22.service.rug.nl ansible_port=22
cms-fa23 ansible_host=cms-fa23.service.rug.nl ansible_port=22
cms-fa24 ansible_host=cms-fa24.service.rug.nl ansible_port=22
cms-fp21 ansible_host=cms-fp21.service.rug.nl ansible_port=22
cms-fp22 ansible_host=cms-fp22.service.rug.nl ansible_port=22
cms-fp23 ansible_host=cms-fp23.service.rug.nl ansible_port=22
[acc]
cms-fa[21:24]
[prod]
cms-fp[21:23]

123
rugcms.yml Normal file
View File

@ -0,0 +1,123 @@
# catchall rugcms ansible uitrol script:
#
# - create rugcms group
# - create rugmcs user, lid van rugcms en homedir /local_disk
# - push ssh-keys rugcms user
# - copy .profile rugcms user
# - install packages
# - upgrade all rpms
# - disable selinux
# - disable firewalld
# - copy firewall.sh script
# - run firewall script
# - copy yum_debug_file for input on all installed packages
# - copy resolv.conf
# - copy sshd_conf
#
# Usage: $ ansible-playbook rugcms.yml
---
- name: rugcms ansible
hosts: "{{ myhosts | default('acc')}}"
tasks:
- group:
name: rugcms
state: present
- user:
name: rugcms
comment: "rugcms user"
state: present
group: rugcms
home: /local_disk
- authorized_key:
user: rugcms
key: '{{ item }}'
state: present
with_items:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
- name: copy profile rugcms-user
copy:
src: files/profile_rugcms
dest: /local_disk/.profile
owner: rugcms
group: rugcms
mode: 0700
- name: Install epel-repo
yum: name=epel-release state=latest
- name: Install ntp package
yum: name=ntp state=latest
- name: Install yum-utils
yum: name=yum-utils state=latest
- name: disable selinux
selinux: state=disabled
- name: start ntp service
systemd:
name: ntpd.service
state: started
enabled: yes
- name: disable firewalld
systemd:
name: firewalld.service
enabled: no
- name: copy firewall
copy:
src: files/firewall_acc.sh
dest: /root/firewall/firewall.sh
owner: root
group: root
mode: 0700
- script: chdir=/root/firewall firewall.sh
- name: copy yum_debug_dump
copy:
src: files/yum_debug_dump.txt.gz
dest: /root/yum_debug_dump.txt.gz
owner: root
group: root
mode: 0600
- command: yum-debug-restore /root/yum_debug_dump.txt.gz
- name: upgrade all packages
yum: name=* state=latest
- name: copy /etc/resolv.conf
copy:
src: files/resolv.conf
dest: /etc/resolv.conf
owner: root
group: root
mode: 0644
- name: copy /etc/ssh/sshd_config
copy:
src: files/sshd_config
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0600
- name: start sshd service
systemd:
name: sshd.service
state: started
enabled: yes
- name: start postfix service
systemd:
name: postfix.service
state: started
enabled: yes