make common roles ec2 linux friendly

0dfd3a21 · Fred Smith · 365d57b9 · 0dfd3a21 · 0dfd3a21 · 0dfd3a21
Unverified Commit 0dfd3a21 authored 8 years ago by Fred Smith
Showing with 69 additions and 12 deletions

playbooks/roles/aws/tasks/main.yml
+23 -9

playbooks/roles/common/tasks/main.yml
+36 -2

playbooks/roles/common_vars/defaults/main.yml
+7 -0

playbooks/roles/server_utils/tasks/main.yml
+3 -1

No files found.
--- a/playbooks/roles/aws/tasks/main.yml
+++ b/playbooks/roles/aws/tasks/main.yml
@@ -63,6 +63,7 @@
    pkg={{','.join(aws_debian_pkgs)}}
    state=present
    update_cache=yes
+  when: ansible_distribution in common_debian_variants

 - name: install aws python packages
  pip: >
@@ -105,6 +106,7 @@
  - "/usr/share/landscape/landscape-sysinfo.wrapper"
  - "/etc/update-motd.d/51-cloudguest"
  - "/etc/update-motd.d/91-release-upgrade"
+  when: ansible_distribution in common_debian_variants

 - name: update /etc/dhcp/dhclient.conf
  template: 
@@ -122,18 +124,30 @@
  with_items:
    - { src: 'etc/motd.tail.j2', dest: '/etc/motd.tail', mode: '755' }

- name: Copy the sshd_config template in place
-  template:
-    dest: "{{ item.dest }}"
-    src: "{{ item.src }}"
-    owner: root 
-    group: root 
-    mode: "{{ item.mode | default(644) }}"
+- name: Update sshd logging to VERBOSE
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    state: present
+    regexp: "^LogLevel .*"        
+    line: "LogLevel VERBOSE"
+  register: sshd_config
+
+- name: Update sshd logging to VERBOSE
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    state: present
+    regexp: "^PasswordAuthentication .*"        
+    line: "PasswordAuthentication {{ COMMON_SSH_PASSWORD_AUTH }}"
  register: sshd_config
-  with_items:
-    - { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }

 - name: restart ssh
  service: name=ssh state=restarted
  sudo: True
  when: sshd_config.changed
+  when: ansible_distribution in common_debian_variants
+
+- name: restart ssh
+  service: name=sshd state=restarted
+  sudo: True
+  when: sshd_config.changed
+  when: ansible_distribution in common_redhat_variants
--- a/playbooks/roles/common/tasks/main.yml
+++ b/playbooks/roles/common/tasks/main.yml
 ---
+# ubuntu
+- stat: 
+    path: "/usr/sbin/update-ca-certificates"
+  register: update_ca_certificates
+
 - name: Update CA Certificates
  shell: /usr/sbin/update-ca-certificates
+  when: update_ca_certificates is defined and update_ca_certificates.stat.exists == True
+
+# ec2-linux
+- stat: path=/usr/bin/update-ca-trust
+  register: update_ca_trust
+
+- name: Update CA Trust
+  shell: /usr/bin/update-ca-trust
+  when: update_ca_trust is defined and update_ca_trust.stat.exists == True
+

- name: Add user www-data
+- name: Add common_users
  # This is the default user for nginx
  user:
-    name: "{{ common_web_user }}"
+    name: "{{ item }}"
    shell: /bin/false
+  with_items:
+    - "{{ common_web_user }}"
+    - "{{ common_log_user }}"

 # Determine if machine is provisioned via vagrant
 # Some EC2-specific steps would need to be skipped
@@ -20,6 +38,8 @@
    id: "{{ COMMON_EDX_PPA_KEY_ID }}"
    keyserver: "{{ COMMON_EDX_PPA_KEY_SERVER }}"
    state: "present"
+  when: ansible_distribution in common_debian_variants
+

 # Ensure that we get a current version of Git and latest version of python 2.7
 # GitHub requires version 1.7.10 or later
@@ -30,6 +50,7 @@
  with_items:
    - "{{ common_git_ppa }}"
    - "{{ COMMON_EDX_PPA }}"
+  when: ansible_distribution in common_debian_variants

 - name: Install role-independent useful system packages
  # do this before log dir setup; rsyslog package guarantees syslog user present
@@ -39,6 +60,16 @@
    state: present 
    update_cache: yes
  with_items: common_debian_pkgs
+  when: ansible_distribution in common_debian_variants
+
+- name: Install role-independent useful system packages
+  yum:
+    name: "{{ item }}"
+    state: present 
+    update_cache: yes
+  with_items: common_redhat_pkgs
+  when: ansible_distribution in common_redhat_variants
+

 - name: Create common directories
  file:
@@ -63,7 +94,10 @@
    name: "{{ item }}" 
    state: present
    extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
+    executable: "/usr/local/bin/pip"
  with_items: common_pip_pkgs
+  when: ansible_distribution in common_debian_variants
+

 - name: update /etc/hosts
  template: 

--- a/playbooks/roles/common_vars/defaults/main.yml
+++ b/playbooks/roles/common_vars/defaults/main.yml
@@ -95,6 +95,13 @@ COMMON_ENABLE_NEWRELIC_APP: False
 COMMON_ENABLE_MINOS: False
 COMMON_TAG_EC2_INSTANCE: False
 common_boto_version: '2.34.0'
+common_redhat_pkgs:
+  - ntp
+  - lynx
+  - logrotate
+  - rsyslog
+  - git
+  - unzip
 common_debian_pkgs:
  - ntp
  - lynx-cur

--- a/playbooks/roles/server_utils/tasks/main.yml
+++ b/playbooks/roles/server_utils/tasks/main.yml
@@ -21,10 +21,12 @@
 #
 #

- name: Install system packages
+- name: Install ubuntu system packages
  apt:
    name: "{{ item }}"
    install_recommends: yes
    state: present 
    update_cache: yes
  with_items: server_utils_debian_pkgs
+  when:
+    - ansible_distribution == 'Ubuntu'