- hosts: all strategy: linear gather_facts: false tasks: - raw: > if ! python -c ''; then if type -p yum; then yum -y install python; else apt-get -y update && apt-get -y install python; fi; fi - hosts: all strategy: mitogen_free # Can't gather facts before here. gather_facts: true vars: distro: "{{ansible_distribution}}" ver: "{{ansible_distribution_major_version}}" packages: common: - openssh-server - rsync - strace - sudo Debian: "9": - libjson-perl - python-virtualenv CentOS: "5": - sudo #- perl-JSON -- skipped on CentOS 5, packages are a pain. "6": - perl-JSON "7": - perl-JSON - python-virtualenv tasks: - when: ansible_virtualization_type != "docker" meta: end_play - apt: name: "{{packages.common + packages[distro][ver]}}" state: installed update_cache: true when: distro == "Debian" - yum: name: "{{packages.common + packages[distro][ver]}}" state: installed update_cache: true when: distro == "CentOS" - command: apt-get clean when: distro == "Debian" - command: yum clean all when: distro == "CentOS" - shell: rm -rf {{item}}/* with_items: - /var/cache/apt - /var/lib/apt/lists when: distro == "Debian" # Vanilla Ansible needs simplejson on CentOS 5. - synchronize: dest: /usr/lib/python2.4/site-packages/simplejson/ src: ../../ansible_mitogen/compat/simplejson/ - user: name: root password: "{{ 'rootpassword' | password_hash('sha256') }}" shell: /bin/bash - file: path: /var/run/sshd state: directory - command: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key args: creates: /etc/ssh/ssh_host_rsa_key - group: name: "{{sudo_group[distro]}}" - copy: dest: /etc/sentinel content: | i-am-mitogen-test-docker-image - copy: dest: /etc/ssh/banner.txt src: ../data/docker/ssh_login_banner.txt - name: Ensure /etc/sudoers.d exists file: state: directory path: /etc/sudoers.d mode: 'u=rwx,go=' - blockinfile: path: /etc/sudoers block: | # https://www.toofishes.net/blog/trouble-sudoers-or-last-entry-wins/ %mitogen__sudo_nopw ALL=(ALL:ALL) NOPASSWD:ALL mitogen__has_sudo_nopw ALL = (mitogen__pw_required) ALL mitogen__has_sudo_nopw ALL = (mitogen__require_tty_pw_required) ALL Defaults>mitogen__pw_required targetpw Defaults>mitogen__require_tty requiretty Defaults>mitogen__require_tty_pw_required requiretty,targetpw - lineinfile: path: /etc/sudoers line: "%wheel ALL=(ALL) ALL" when: distro == "CentOS" - lineinfile: path: /etc/ssh/sshd_config line: Banner /etc/ssh/banner.txt - lineinfile: path: /etc/ssh/sshd_config line: PermitRootLogin yes regexp: '.*PermitRootLogin.*' - lineinfile: path: /etc/pam.d/sshd regexp: '.*session.*required.*pam_loginuid.so' line: session optional pam_loginuid.so - copy: mode: 'u+rwx,go=rx' dest: /usr/local/bin/pywrap content: | #!/bin/bash exec strace -ff -o /tmp/pywrap$$.trace python2.7 "$@"'