make common roles ec2 linux friendly

parent 365d57b9
......@@ -63,6 +63,7 @@
pkg={{','.join(aws_debian_pkgs)}}
state=present
update_cache=yes
when: ansible_distribution in common_debian_variants
- name: install aws python packages
pip: >
......@@ -105,6 +106,7 @@
- "/usr/share/landscape/landscape-sysinfo.wrapper"
- "/etc/update-motd.d/51-cloudguest"
- "/etc/update-motd.d/91-release-upgrade"
when: ansible_distribution in common_debian_variants
- name: update /etc/dhcp/dhclient.conf
template:
......@@ -122,18 +124,30 @@
with_items:
- { src: 'etc/motd.tail.j2', dest: '/etc/motd.tail', mode: '755' }
- name: Copy the sshd_config template in place
template:
dest: "{{ item.dest }}"
src: "{{ item.src }}"
owner: root
group: root
mode: "{{ item.mode | default(644) }}"
- name: Update sshd logging to VERBOSE
lineinfile:
dest: /etc/ssh/sshd_config
state: present
regexp: "^LogLevel .*"
line: "LogLevel VERBOSE"
register: sshd_config
- name: Update sshd logging to VERBOSE
lineinfile:
dest: /etc/ssh/sshd_config
state: present
regexp: "^PasswordAuthentication .*"
line: "PasswordAuthentication {{ COMMON_SSH_PASSWORD_AUTH }}"
register: sshd_config
with_items:
- { src: 'etc/ssh/sshd_config.j2', dest: '/etc/ssh/sshd_config' }
- name: restart ssh
service: name=ssh state=restarted
sudo: True
when: sshd_config.changed
when: ansible_distribution in common_debian_variants
- name: restart ssh
service: name=sshd state=restarted
sudo: True
when: sshd_config.changed
when: ansible_distribution in common_redhat_variants
---
# ubuntu
- stat:
path: "/usr/sbin/update-ca-certificates"
register: update_ca_certificates
- name: Update CA Certificates
shell: /usr/sbin/update-ca-certificates
when: update_ca_certificates is defined and update_ca_certificates.stat.exists == True
# ec2-linux
- stat: path=/usr/bin/update-ca-trust
register: update_ca_trust
- name: Update CA Trust
shell: /usr/bin/update-ca-trust
when: update_ca_trust is defined and update_ca_trust.stat.exists == True
- name: Add user www-data
- name: Add common_users
# This is the default user for nginx
user:
name: "{{ common_web_user }}"
name: "{{ item }}"
shell: /bin/false
with_items:
- "{{ common_web_user }}"
- "{{ common_log_user }}"
# Determine if machine is provisioned via vagrant
# Some EC2-specific steps would need to be skipped
......@@ -20,6 +38,8 @@
id: "{{ COMMON_EDX_PPA_KEY_ID }}"
keyserver: "{{ COMMON_EDX_PPA_KEY_SERVER }}"
state: "present"
when: ansible_distribution in common_debian_variants
# Ensure that we get a current version of Git and latest version of python 2.7
# GitHub requires version 1.7.10 or later
......@@ -30,6 +50,7 @@
with_items:
- "{{ common_git_ppa }}"
- "{{ COMMON_EDX_PPA }}"
when: ansible_distribution in common_debian_variants
- name: Install role-independent useful system packages
# do this before log dir setup; rsyslog package guarantees syslog user present
......@@ -39,6 +60,16 @@
state: present
update_cache: yes
with_items: common_debian_pkgs
when: ansible_distribution in common_debian_variants
- name: Install role-independent useful system packages
yum:
name: "{{ item }}"
state: present
update_cache: yes
with_items: common_redhat_pkgs
when: ansible_distribution in common_redhat_variants
- name: Create common directories
file:
......@@ -63,7 +94,10 @@
name: "{{ item }}"
state: present
extra_args: "-i {{ COMMON_PYPI_MIRROR_URL }}"
executable: "/usr/local/bin/pip"
with_items: common_pip_pkgs
when: ansible_distribution in common_debian_variants
- name: update /etc/hosts
template:
......
......@@ -95,6 +95,13 @@ COMMON_ENABLE_NEWRELIC_APP: False
COMMON_ENABLE_MINOS: False
COMMON_TAG_EC2_INSTANCE: False
common_boto_version: '2.34.0'
common_redhat_pkgs:
- ntp
- lynx
- logrotate
- rsyslog
- git
- unzip
common_debian_pkgs:
- ntp
- lynx-cur
......
......@@ -21,10 +21,12 @@
#
#
- name: Install system packages
- name: Install ubuntu system packages
apt:
name: "{{ item }}"
install_recommends: yes
state: present
update_cache: yes
with_items: server_utils_debian_pkgs
when:
- ansible_distribution == 'Ubuntu'
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment