You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
117 lines
2.5 KiB
YAML
117 lines
2.5 KiB
YAML
6 years ago
|
|
||
|
- hosts: all
|
||
|
strategy: linear
|
||
|
gather_facts: false
|
||
|
tasks:
|
||
|
- raw: >
|
||
|
if ! python -c ''; then
|
||
|
if type -p yum; then
|
||
|
yum -y install python;
|
||
|
else
|
||
|
apt-get -y update && apt-get -y install python;
|
||
|
fi;
|
||
|
fi
|
||
|
|
||
|
- hosts: all
|
||
|
strategy: mitogen_linear
|
||
|
# Can't gather facts before here.
|
||
|
gather_facts: true
|
||
|
vars:
|
||
|
distro: "{{ansible_distribution}}"
|
||
|
ver: "{{ansible_distribution_major_version}}"
|
||
|
|
||
|
packages:
|
||
|
common:
|
||
|
- git
|
||
|
- openssh-server
|
||
|
- rsync
|
||
|
- strace
|
||
|
- sudo
|
||
|
Debian:
|
||
|
"9":
|
||
|
- libjson-perl
|
||
|
- python-virtualenv
|
||
|
CentOS:
|
||
|
"6":
|
||
|
- perl-JSON
|
||
|
"7":
|
||
|
- perl-JSON
|
||
|
- python-virtualenv
|
||
|
|
||
|
tasks:
|
||
|
- when: ansible_virtualization_type != "docker"
|
||
|
meta: end_play
|
||
|
|
||
|
- apt:
|
||
|
name: "{{packages.common + packages[distro][ver]}}"
|
||
|
state: installed
|
||
|
update_cache: true
|
||
|
when: distro == "Debian"
|
||
|
|
||
|
- yum:
|
||
|
name: "{{packages.common + packages[distro][ver]}}"
|
||
|
state: installed
|
||
|
update_cache: true
|
||
|
when: distro == "CentOS"
|
||
|
|
||
|
- command: apt-get clean
|
||
|
when: distro == "Debian"
|
||
|
|
||
|
- command: yum clean all
|
||
|
when: distro == "CentOS"
|
||
|
|
||
|
- file:
|
||
|
path: /var/cache/apt
|
||
|
state: absent
|
||
|
when: distro == "Debian"
|
||
|
|
||
|
- user:
|
||
|
name: root
|
||
|
password: "{{ 'rootpassword' | password_hash('sha256') }}"
|
||
|
shell: /bin/bash
|
||
|
|
||
|
- file:
|
||
|
path: /var/run/sshd
|
||
|
state: directory
|
||
|
|
||
|
- command: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
|
||
|
args:
|
||
|
creates: /etc/ssh/ssh_host_rsa_key
|
||
|
|
||
|
- group:
|
||
|
name: "{{sudo_group[distro]}}"
|
||
|
|
||
|
- copy:
|
||
|
dest: /etc/sentinel
|
||
|
content: |
|
||
|
i-am-mitogen-test-docker-image
|
||
|
|
||
|
- copy:
|
||
|
dest: /etc/ssh/banner.txt
|
||
|
src: ../data/docker/ssh_login_banner.txt
|
||
|
|
||
|
- copy:
|
||
|
dest: /etc/sudoers.d/001-mitogen
|
||
|
src: ../data/docker/001-mitogen.sudo
|
||
|
|
||
|
- lineinfile:
|
||
|
path: /etc/ssh/sshd_config
|
||
|
line: Banner /etc/ssh/banner.txt
|
||
|
|
||
|
- lineinfile:
|
||
|
path: /etc/ssh/sshd_config
|
||
|
line: PermitRootLogin yes
|
||
|
regexp: '.*PermitRootLogin.*'
|
||
|
|
||
|
- lineinfile:
|
||
|
path: /etc/pam.d/sshd
|
||
|
regexp: '.*session.*required.*pam_loginuid.so'
|
||
|
line: session optional pam_loginuid.so
|
||
|
|
||
|
- copy:
|
||
|
mode: 'u+rwx,go=rx'
|
||
|
dest: /usr/local/bin/pywrap
|
||
|
content: |
|
||
|
#!/bin/bash
|
||
|
exec strace -ff -o /tmp/pywrap$$.trace python2.7 "$@"'
|