Commit 6b0c16d9 authored by Rafael Monnerat's avatar Rafael Monnerat

Update VM bootstrap configuration

parent cc1a71f9
---
base_open_build_url: http://download.opensuse.org/repositories/home:/VIFIBnexedi/
is_ubuntu: "'{{ ansible_distribution }}' == 'Ubuntu'"
is_debian: "'{{ ansible_distribution }}' == 'Debian'"
is_debian_or_ubuntu: "'{{ ansible_distribution }}' in ['Ubuntu', 'Debian']"
is_centos: "'{{ ansible_distribution }}' == 'CentOS'"
is_ubuntu_precise: "{{ is_ubuntu }} and '{{ ansible_distribution_release }}' == 'precise'"
is_ubuntu_raring: "{{ is_ubuntu }} and '{{ ansible_distribution_release }}' == 'raring'"
is_ubuntu_trusty: "{{ is_ubuntu }} and '{{ ansible_distribution_release }}' == 'trusty'"
is_redhat: "{{ ansible_os_family }} == 'RedHat'"
......@@ -4,7 +4,25 @@
roles:
- vm-bootstrap
- ntp
- { role: vm-disks, vd_disk: b, data_n: 1 }
- { role: vm-disks, vd_disk: c, data_n: 2 }
- { role: vm-disks, vd_disk: d, data_n: 3 }
- { role: vm-disks, vd_disk: e, data_n: 4 }
- { role: vm-disks, vd_disk: f, data_n: 5 }
- { role: vm-disks, vd_disk: g, data_n: 6 }
- { role: vm-disks, vd_disk: h, data_n: 7 }
- { role: vm-disks, vd_disk: i, data_n: 8 }
- { role: vm-disks, vd_disk: j, data_n: 9 }
- { role: vm-disks, vd_disk: k, data_n: 10 }
- { role: vm-disks, vd_disk: l, data_n: 11 }
- { role: vm-disks, vd_disk: m, data_n: 12 }
- { role: vm-disks, vd_disk: n, data_n: 12 }
- { role: vm-disks, vd_disk: o, data_n: 12 }
- { role: vm-disks, vd_disk: p, data_n: 12 }
- { role: vm-disks, vd_disk: q, data_n: 12 }
- { role: vm-disks, vd_disk: r, data_n: 12 }
- { role: vm-disks, vd_disk: s, data_n: 12 }
- { role: vm-disks, vd_disk: t, data_n: 12 }
- { role: vm-disks, vd_disk: u, data_n: 12 }
---
- name: restart ntpd
service: name=ntpd state=restarted
......@@ -9,4 +9,4 @@
when: ansible_os_family == "RedHat"
- name: ensure ntp is runing
service: name=ntp state=started enabled=yes
service: name=ntp state=running enabled=yes
---
- name: Download hostname
get_url: url=http://10.0.2.100/hostname dest=/etc/opt/hostname mode=666
ignore_errors: True
- name: Download ipv4
get_url: url=http://10.0.2.100/ipv4 dest=/etc/opt/ipv4 mode=666
ignore_errors: True
- name: stat /etc/opt/hostname
stat: path=/etc/opt/hostname
register: hostname_file
- name: stat /etc/opt/ipv4
stat: path=/etc/opt/ipv4
register: ipv4_file
- name: replace /etc/hostname
copy: src=/etc/opt/hostname dest=/etc/hostname mode=666
when: hostname_file.stat.exists == True
- name: update hostname
command: hostname -F /etc/hostname
when: hostname_file.stat.exists == True
- name: managing hosts file
lineinfile: dest=/etc/hosts regexp="^127.0.1.1" line=""
when: hostname_file.stat.exists == True
- name: setting hosts special line
lineinfile: dest=/etc/hosts line="{{ lookup('file', '/etc/opt/ipv4') }} {{ lookup('file', '/etc/opt/hostname') }}.tl.teralab-datascience.fr {{ lookup('file', '/etc/opt/hostname') }}"
when: hostname_file.stat.exists == True
- name: managing resolv.conf file
lineinfile: dest=/etc/resolv.conf line="search tl.teralab-datascience.fr"
......@@ -4,6 +4,7 @@
- name: Download configuration
get_url: url=http://10.0.2.100/netconfig.sh dest=/etc/opt/netconfig.sh mode=755
ignore_errors: True
- name: stat /etc/opt/netconfig.sh
stat: path=/etc/opt/netconfig.sh
......@@ -18,18 +19,7 @@
when: netconfig_file.stat.exists == True
ignore_errors: True
- name: Create ~/.ssh
file: path=/root/.ssh state=directory mode=700
- name: Download ssh authorized keys
get_url: url=http://10.0.2.100/authorized_keys dest=/root/.ssh/authorized_keys.download mode=755
ignore_errors: True
- name: stat /root/.ssh/authorized_keys.download
stat: path=/root/.ssh/authorized_keys.download
register: authorized_keys
- name: replace /root/.ssh/authorized_keys
copy: src=/root/.ssh/authorized_keys.download dest=/root/.ssh/authorized_keys mode=755
when: authorized_keys.stat.exists == True
- include: hostname.yml
- include: user.yml
- include: sudo.yml
- include: ssh.yml
---
- name: Create ~/.ssh
file: path=/root/.ssh state=directory mode=700
- name: Create /home/netadmin/.ssh
file: path=/home/netadmin/.ssh state=directory mode=700
- name: Download ssh authorized keys
get_url: url=http://10.0.2.100/authorized_keys dest=/root/.ssh/authorized_keys.download mode=755
ignore_errors: True
- name: stat /root/.ssh/authorized_keys.download
stat: path=/root/.ssh/authorized_keys.download
register: authorized_keys
- name: replace /root/.ssh/authorized_keys
copy: src=/root/.ssh/authorized_keys.download dest=/root/.ssh/authorized_keys mode=755
when: authorized_keys.stat.exists == True
- name: replace /home/netadmin/.ssh/authorized_keys
copy: src=/root/.ssh/authorized_keys.download dest=/home/netadmin/.ssh/authorized_keys mode=755
when: authorized_keys.stat.exists == True
- name: update /etc/ssh/sshd_config
lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin (?!no)" line="PermitRootLogin no"
- name: update /etc/ssh/sshd_config
lineinfile: dest=/etc/ssh/sshd_config line="PermitRootLogin no"
---
- name: Ensure /etc/sudoers.d directory is present
file: path=/etc/sudoers.d state=directory
- name: Ensure /etc/sudoers.d is scanned by sudo
action: lineinfile dest=/etc/sudoers regexp="#includedir\s+/etc/sudoers.d" line="includedir /etc/sudoers.d"
- name: Add hadoop user to the sudoers
lineinfile: dest=/etc/sudoers.d/netadmin state=present create=yes regexp="netadmin .*" line="netadmin ALL=(root) NOPASSWD:ALL"
- name: Ensure /etc/sudoers.d/netadmin file has correct permissions
action: file path=/etc/sudoers.d/netadmin mode=0440 state=file owner=root group=root
---
- name: create netadmin
user: name=netadmin shell=/bin/bash groups=root
- name: remove other unwanted users
user: name={{ item }} state=absent
with_items:
- slapos
- nexedi
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment