- hosts: all vars_files: - shared_vars.yml strategy: linear gather_facts: false tasks: - raw: > if ! python -c ''; then if type -p yum; then yum -y install python; else apt-get -y update && apt-get -y install python; fi; fi - hosts: all vars_files: - shared_vars.yml strategy: mitogen_free # Can't gather facts before here. gather_facts: true vars: distro: "{{ansible_distribution}}" ver: "{{ansible_distribution_major_version}}" packages: common: - openssh-server - rsync - strace - sudo Debian: "9": - libjson-perl - python-virtualenv - locales CentOS: "5": - perl - sudo #- perl-JSON -- skipped on CentOS 5, packages are a pain. "6": - perl-JSON "7": - perl-JSON - python-virtualenv tasks: - when: ansible_virtualization_type != "docker" meta: end_play - name: Ensure requisite Debian packages are installed apt: name: "{{packages.common + packages[distro][ver]}}" state: installed update_cache: true when: distro == "Debian" - name: Ensure requisite Red Hat packaed are installed yum: name: "{{packages.common + packages[distro][ver]}}" state: installed update_cache: true when: distro == "CentOS" - name: Clean up apt cache command: apt-get clean when: distro == "Debian" - name: Clean up apt package lists shell: rm -rf {{item}}/* with_items: - /var/cache/apt - /var/lib/apt/lists when: distro == "Debian" - name: Clean up yum cache command: yum clean all when: distro == "CentOS" - name: Enable UTF-8 locale on Debian copy: dest: /etc/locale.gen content: | en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 when: distro == "Debian" - name: Generate UTF-8 locale on Debian shell: locale-gen when: distro == "Debian" - name: Install prebuilt 'doas' binary unarchive: dest: / src: ../data/docker/doas-debian.tar.gz - name: Make prebuilt 'doas' binary executable file: path: /usr/local/bin/doas mode: 'u=rwxs,go=rx' owner: root group: root - name: Install doas.conf copy: dest: /etc/doas.conf content: | permit :mitogen__group permit :root - name: Vanilla Ansible needs simplejson on CentOS 5. shell: mkdir -p /usr/lib/python2.4/site-packages/simplejson/ when: distro == "CentOS" and ver == "5" - name: Vanilla Ansible needs simplejson on CentOS 5. synchronize: dest: /usr/lib/python2.4/site-packages/simplejson/ src: ../../ansible_mitogen/compat/simplejson/ when: distro == "CentOS" and ver == "5" - name: Set root user password and shell user: name: root password: "{{ 'rootpassword' | password_hash('sha256') }}" shell: /bin/bash - name: Ensure /var/run/sshd exists file: path: /var/run/sshd state: directory - name: Generate SSH host key command: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key args: creates: /etc/ssh/ssh_host_rsa_key - name: Ensure correct sudo group exists group: name: "{{sudo_group[distro]}}" - name: Ensure /etc/sentinel exists copy: dest: /etc/sentinel content: | i-am-mitogen-test-docker-image - copy: dest: /etc/ssh/banner.txt src: ../data/docker/ssh_login_banner.txt - name: Ensure /etc/sudoers.d exists file: state: directory path: /etc/sudoers.d mode: 'u=rwx,go=' - name: Install test-related sudo rules blockinfile: path: /etc/sudoers block: | # https://www.toofishes.net/blog/trouble-sudoers-or-last-entry-wins/ %mitogen__sudo_nopw ALL=(ALL:ALL) NOPASSWD:ALL mitogen__has_sudo_nopw ALL = (mitogen__pw_required) ALL mitogen__has_sudo_nopw ALL = (mitogen__require_tty_pw_required) ALL Defaults>mitogen__pw_required targetpw Defaults>mitogen__require_tty requiretty Defaults>mitogen__require_tty_pw_required requiretty,targetpw - name: Prevent permission denied errors. file: path: /etc/sudoers.d/README state: absent - name: Install CentOS wheel sudo rule lineinfile: path: /etc/sudoers line: "%wheel ALL=(ALL) ALL" when: distro == "CentOS" - name: Enable SSH banner lineinfile: path: /etc/ssh/sshd_config line: Banner /etc/ssh/banner.txt - name: Allow remote SSH root login lineinfile: path: /etc/ssh/sshd_config line: PermitRootLogin yes regexp: '.*PermitRootLogin.*' - name: Allow remote SSH root login lineinfile: path: /etc/pam.d/sshd regexp: '.*session.*required.*pam_loginuid.so' line: session optional pam_loginuid.so - name: Install convenience script for running an straced Python copy: mode: 'u+rwx,go=rx' dest: /usr/local/bin/pywrap content: | #!/bin/bash exec strace -ff -o /tmp/pywrap$$.trace python2.7 "$@"'