|
|
|
|
@ -3,9 +3,16 @@
@@ -3,9 +3,16 @@
|
|
|
|
|
# - create rugcms group |
|
|
|
|
# - create rugmcs user, lid van rugcms en homedir /local_disk |
|
|
|
|
# - push ssh-keys rugcms user |
|
|
|
|
# - copy .profile rugcms user |
|
|
|
|
# - install packages |
|
|
|
|
# - upgrade all rpms |
|
|
|
|
# - disable selinux |
|
|
|
|
# - disable firewalld |
|
|
|
|
# - copy firewall.sh script |
|
|
|
|
# - run firewall script |
|
|
|
|
# - copy yum_debug_file for input on all installed packages |
|
|
|
|
# - copy resolv.conf |
|
|
|
|
# - copy sshd_conf |
|
|
|
|
# |
|
|
|
|
# Usage: $ ansible-playbook rugcms.yml |
|
|
|
|
--- |
|
|
|
|
@ -32,6 +39,15 @@
@@ -32,6 +39,15 @@
|
|
|
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl' |
|
|
|
|
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga' |
|
|
|
|
|
|
|
|
|
- name: copy profile rugcms-user |
|
|
|
|
copy: |
|
|
|
|
src: files/profile_rugcms |
|
|
|
|
dest: /local_disk/.profile |
|
|
|
|
owner: rugcms |
|
|
|
|
group: rugcms |
|
|
|
|
mode: 0700 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Install epel-repo |
|
|
|
|
yum: name=epel-release state=latest |
|
|
|
|
|
|
|
|
|
@ -41,9 +57,6 @@
@@ -41,9 +57,6 @@
|
|
|
|
|
- name: Install yum-utils |
|
|
|
|
yum: name=yum-utils state=latest |
|
|
|
|
|
|
|
|
|
- name: upgrade all packages |
|
|
|
|
yum: name=* state=latest |
|
|
|
|
|
|
|
|
|
- name: disable selinux |
|
|
|
|
selinux: state=disabled |
|
|
|
|
|
|
|
|
|
@ -51,8 +64,60 @@
@@ -51,8 +64,60 @@
|
|
|
|
|
systemd: |
|
|
|
|
name: ntpd.service |
|
|
|
|
state: started |
|
|
|
|
enabled: yes |
|
|
|
|
|
|
|
|
|
- name: disable firewalld |
|
|
|
|
systemd: |
|
|
|
|
name: firewalld.service |
|
|
|
|
state: stopped |
|
|
|
|
enabled: no |
|
|
|
|
|
|
|
|
|
- name: copy firewall |
|
|
|
|
copy: |
|
|
|
|
src: files/firewall_acc.sh |
|
|
|
|
dest: /root/firewall/firewall.sh |
|
|
|
|
owner: root |
|
|
|
|
group: root |
|
|
|
|
mode: 0700 |
|
|
|
|
|
|
|
|
|
- script: chdir=/root/firewall firewall.sh |
|
|
|
|
|
|
|
|
|
- name: copy yum_debug_dump |
|
|
|
|
copy: |
|
|
|
|
src: files/yum_debug_dump.txt.gz |
|
|
|
|
dest: /root/yum_debug_dump.txt.gz |
|
|
|
|
owner: root |
|
|
|
|
group: root |
|
|
|
|
mode: 0600 |
|
|
|
|
|
|
|
|
|
- command: yum-debug-restore /root/yum_debug_dump.txt.gz |
|
|
|
|
|
|
|
|
|
- name: upgrade all packages |
|
|
|
|
yum: name=* state=latest |
|
|
|
|
|
|
|
|
|
- name: copy /etc/resolv.conf |
|
|
|
|
copy: |
|
|
|
|
src: files/resolv.conf |
|
|
|
|
dest: /etc/resolv.conf |
|
|
|
|
owner: root |
|
|
|
|
group: root |
|
|
|
|
mode: 0644 |
|
|
|
|
|
|
|
|
|
- name: copy /etc/ssh/sshd_config |
|
|
|
|
copy: |
|
|
|
|
src: files/sshd_config |
|
|
|
|
dest: /etc/ssh/sshd_config |
|
|
|
|
owner: root |
|
|
|
|
group: root |
|
|
|
|
mode: 0600 |
|
|
|
|
|
|
|
|
|
- name: start sshd service |
|
|
|
|
systemd: |
|
|
|
|
name: sshd.service |
|
|
|
|
state: started |
|
|
|
|
enabled: yes |
|
|
|
|
|
|
|
|
|
- name: start postfix service |
|
|
|
|
systemd: |
|
|
|
|
name: postfix.service |
|
|
|
|
state: started |
|
|
|
|
enabled: yes |
|
|
|
|
|
