rugcms ansible uitrol script

rugcms.yml

@@ -3,9 +3,16 @@
 # - create rugcms group
 # - create rugmcs user, lid van rugcms en homedir /local_disk
 # - push ssh-keys rugcms user
+# - copy .profile rugcms user
 # - install packages
 # - upgrade all rpms
 # - disable selinux
+# - disable firewalld
+# - copy firewall.sh script
+# - run firewall script
+# - copy yum_debug_file for input on all installed packages
+# - copy resolv.conf
+# - copy sshd_conf
 #
 # Usage: $ ansible-playbook rugcms.yml 
 ---
@@ -32,6 +39,15 @@
             - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAz/4D/jhUycyYS8gOrQDs+BqK+MLzfB9kb60W9zGTs9KigKGUOtvZ78mb1F2+ouy/uQUbOO4MoUu+fOzSlSE56GdyTSc/RsLaoHde2aRalXnRf55tuIVgv6MNG7siZt1i4iDhm/uql8nzc7m0Ompr9XXLXOQ0ZGFPViLLYyRcLOc= r.m.uittenbroek@rug.nl'
             - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoRM/8ItzD87bvO6WVwDS83mkLUv0fo1dUxBzGB0w9j+a4vtUbcGm13TXp6zIS6zZqj09QD8jznO1OE92tC1axjuwENbAi7WiqaFMJdqB6MLN4Fxo4xa5LaadDTFbd4yLI1lzheowfPvFypUW90L4ToEkKkvgp+r+4C7BrLLUTzksS3PzBB2jp25XimdbxQvbZS74RdEa4O1Xqz0A4+FbM9r90OIJGrexVTKb2jpQk3bhTIpCXDkRldA1PLYSPoUAmCViGPoHCoyNbtZj8MWDjOKH/Ut/WXg5z60JfFqHazkHsQiJ9YkgUk2zy/7cjl5Pl8DVkPp79c/F5YFw492XN rugcms@charanga'
 
+    - name: copy profile rugcms-user 
+      copy:
+          src: files/profile_rugcms
+          dest: /local_disk/.profile
+          owner: rugcms 
+          group: rugcms 
+          mode: 0700
+
+
     - name: Install epel-repo 
       yum: name=epel-release state=latest
 
@@ -41,9 +57,6 @@
     - name: Install yum-utils
       yum: name=yum-utils state=latest
 
-    - name: upgrade all packages
-      yum: name=* state=latest
-
     - name: disable selinux
       selinux: state=disabled
 
@@ -51,8 +64,60 @@
       systemd:
           name: ntpd.service
           state: started
+          enabled: yes 
 
     - name: disable firewalld
       systemd:
          name: firewalld.service
-         state: stopped 
+         enabled: no 
+
+    - name: copy firewall
+      copy: 
+        src: files/firewall_acc.sh 
+        dest: /root/firewall/firewall.sh
+        owner: root
+        group: root
+        mode: 0700
+    
+    - script: chdir=/root/firewall firewall.sh 
+
+    - name: copy yum_debug_dump 
+      copy:
+        src: files/yum_debug_dump.txt.gz
+        dest: /root/yum_debug_dump.txt.gz
+        owner: root
+        group: root
+        mode: 0600
+
+    - command: yum-debug-restore /root/yum_debug_dump.txt.gz 
+
+    - name: upgrade all packages
+      yum: name=* state=latest
+
+    - name: copy /etc/resolv.conf 
+      copy:
+        src: files/resolv.conf
+        dest: /etc/resolv.conf
+        owner: root
+        group: root
+        mode: 0644
+
+    - name: copy /etc/ssh/sshd_config
+      copy:
+        src: files/sshd_config
+        dest: /etc/ssh/sshd_config
+        owner: root
+        group: root
+        mode: 0600
+
+    - name: start sshd service
+      systemd:
+          name: sshd.service
+          state: started
+          enabled: yes
+
+    - name: start postfix service
+      systemd:
+          name: postfix.service
+          state: started
+          enabled: yes