From 091ecb76b2b3e327d0d5cfbff332c383f864394a Mon Sep 17 00:00:00 2001 From: Ger Strikwerda Date: Thu, 5 Apr 2018 17:04:05 +0200 Subject: [PATCH 1/2] rugcms --- hosts | 16 +++++++++++++++ rugcms.yml | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 hosts create mode 100644 rugcms.yml diff --git a/hosts b/hosts new file mode 100644 index 0000000..be70a33 --- /dev/null +++ b/hosts @@ -0,0 +1,16 @@ +[rugcms] + +cms-fa21 ansible_host=cms-fa21.service.rug.nl ansible_port=22 +cms-fa22 ansible_host=cms-fa22.service.rug.nl ansible_port=22 +cms-fa23 ansible_host=cms-fa23.service.rug.nl ansible_port=22 +cms-fa24 ansible_host=cms-fa24.service.rug.nl ansible_port=22 + +cms-fp21 ansible_host=cms-fp21.service.rug.nl ansible_port=22 +cms-fp22 ansible_host=cms-fp22.service.rug.nl ansible_port=22 +cms-fp23 ansible_host=cms-fp23.service.rug.nl ansible_port=22 + +[acc] +cms-fa[21:24] + +[prod] +cms-fp[21:23] diff --git a/rugcms.yml b/rugcms.yml new file mode 100644 index 0000000..12655a1 --- /dev/null +++ b/rugcms.yml @@ -0,0 +1,58 @@ +# catchall rugcms ansible uitrol script: +# +# - create rugcms group +# - create rugmcs user, lid van rugcms en homedir /local_disk +# - push ssh-keys rugcms user +# - install packages +# - upgrade all rpms +# - disable selinux +# +# Usage: $ ansible-playbook rugcms.yml +--- +- name: rugcms ansible + hosts: "{{ myhosts | default('acc')}}" + + tasks: + - group: + name: rugcms + state: present + + - user: + name: rugcms + comment: "rugcms user" + state: present + group: rugcms + home: /local_disk + + - authorized_key: + user: rugcms + key: '{{ item }}' + state: present + with_items: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga' + + - name: Install epel-repo + yum: name=epel-release state=latest + + - name: Install ntp package + yum: name=ntp state=latest + + - name: Install yum-utils + yum: name=yum-utils state=latest + + - name: upgrade all packages + yum: name=* state=latest + + - name: disable selinux + selinux: state=disabled + + - name: start ntp service + systemd: + name: ntpd.service + state: started + + - name: disable firewalld + systemd: + name: firewalld.service + state: stopped From c3d0008101a734a2c46b70cf48f22758a0c968d6 Mon Sep 17 00:00:00 2001 From: Ger Strikwerda Date: Fri, 6 Apr 2018 16:56:05 +0200 Subject: [PATCH 2/2] rugcms ansible uitrol script --- rugcms.yml | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 69 insertions(+), 4 deletions(-) diff --git a/rugcms.yml b/rugcms.yml index 12655a1..382fdf0 100644 --- a/rugcms.yml +++ b/rugcms.yml @@ -3,9 +3,16 @@ # - create rugcms group # - create rugmcs user, lid van rugcms en homedir /local_disk # - push ssh-keys rugcms user +# - copy .profile rugcms user # - install packages # - upgrade all rpms # - disable selinux +# - disable firewalld +# - copy firewall.sh script +# - run firewall script +# - copy yum_debug_file for input on all installed packages +# - copy resolv.conf +# - copy sshd_conf # # Usage: $ ansible-playbook rugcms.yml --- @@ -32,6 +39,15 @@ - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl' - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga' + - name: copy profile rugcms-user + copy: + src: files/profile_rugcms + dest: /local_disk/.profile + owner: rugcms + group: rugcms + mode: 0700 + + - name: Install epel-repo yum: name=epel-release state=latest @@ -41,9 +57,6 @@ - name: Install yum-utils yum: name=yum-utils state=latest - - name: upgrade all packages - yum: name=* state=latest - - name: disable selinux selinux: state=disabled @@ -51,8 +64,60 @@ systemd: name: ntpd.service state: started + enabled: yes - name: disable firewalld systemd: name: firewalld.service - state: stopped + enabled: no + + - name: copy firewall + copy: + src: files/firewall_acc.sh + dest: /root/firewall/firewall.sh + owner: root + group: root + mode: 0700 + + - script: chdir=/root/firewall firewall.sh + + - name: copy yum_debug_dump + copy: + src: files/yum_debug_dump.txt.gz + dest: /root/yum_debug_dump.txt.gz + owner: root + group: root + mode: 0600 + + - command: yum-debug-restore /root/yum_debug_dump.txt.gz + + - name: upgrade all packages + yum: name=* state=latest + + - name: copy /etc/resolv.conf + copy: + src: files/resolv.conf + dest: /etc/resolv.conf + owner: root + group: root + mode: 0644 + + - name: copy /etc/ssh/sshd_config + copy: + src: files/sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: 0600 + + - name: start sshd service + systemd: + name: sshd.service + state: started + enabled: yes + + - name: start postfix service + systemd: + name: postfix.service + state: started + enabled: yes