~mdw
/
distorted-ansible
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
roles/common/*/main.yml: Rebuild /etc/ssh/sshd_config on change.
[distorted-ansible]
/
roles
/
common
/
tasks
/
main.yml
diff --git
a/roles/common/tasks/main.yml
b/roles/common/tasks/main.yml
index
5d80497
..
bd15a34
100644
(file)
--- a/
roles/common/tasks/main.yml
+++ b/
roles/common/tasks/main.yml
@@
-9,21
+9,21
@@
- name: fix permissions in /root
tags: [perms, root-perms]
- name: fix permissions in /root
tags: [perms, root-perms]
- file:
name=/root
mode=0750 owner=root group=root
+ file:
path=/root/
mode=0750 owner=root group=root
###--------------------------------------------------------------------------
### PKI machinery.
- name: install PKI maintenance scripts
tags: [pki, pki-scripts]
###--------------------------------------------------------------------------
### PKI machinery.
- name: install PKI maintenance scripts
tags: [pki, pki-scripts]
- copy: src=pki/{{ item }} dest=/etc/cron.daily
+ copy: src=pki/{{ item }} dest=/etc/cron.daily
/
with_items:
- update-ca-certs
- check-x509-certs
- name: install common PKI files
tags: [pki, pki-keys]
with_items:
- update-ca-certs
- check-x509-certs
- name: install common PKI files
tags: [pki, pki-keys]
- copy: src=pki/{{ item }} dest=/etc/ca
+ copy: src=pki/{{ item }} dest=/etc/ca
/
with_items:
- ca.cert
- dh-param.pem
with_items:
- ca.cert
- dh-param.pem
@@
-37,9
+37,9
@@
###--------------------------------------------------------------------------
### NTP configuration.
###--------------------------------------------------------------------------
### NTP configuration.
-- name: install NTP configuration files
+- name: install NTP c
lient c
onfiguration files
tags: [ntp, ntp-client]
tags: [ntp, ntp-client]
- copy: src=ntp-client/ntp.conf dest=/etc
+ copy: src=ntp-client/ntp.conf dest=/etc
/
when: ('ntp') not in server |default([])
notify: restart ntpd
when: ('ntp') not in server |default([])
notify: restart ntpd
@@
-48,7
+48,7
@@
- name: install netdb files
tags: netdb
- name: install netdb files
tags: netdb
- copy: src=netdb/{{ item }} dest=/etc
+ copy: src=netdb/{{ item }} dest=/etc
/
with_items:
- hosts
- networks
with_items:
- hosts
- networks
@@
-59,23
+59,29
@@
- name: install SSH configuration files
tags: [ssh, ssh-config]
- name: install SSH configuration files
tags: [ssh, ssh-config]
- copy: src=ssh-config/{{ item }} dest=/etc/ssh
- notify: restart ssh
+ copy: src=ssh-config/{{ item }} dest=/etc/ssh/
+ notify:
+ - make in /etc/ssh/
+ - restart ssh
with_items:
- Makefile
- ssh_config
- sshd_config.m4
- moduli
with_items:
- Makefile
- ssh_config
- sshd_config.m4
- moduli
+- name: "create root's .ssh/ directory"
+ tags: [ssh, ssh-root]
+ file: path=/root/.ssh/ state=directory mode=0750
+
- name: install main keys for root SSH access
tags: [ssh, ssh-root]
template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
- name: install main keys for root SSH access
tags: [ssh, ssh-root]
template: src=ssh-root/authkeys.base dest=/root/.ssh/authkeys.base
- notify: make in /root/.ssh
+ notify: make in /root/.ssh
/
- name: install keys for root SSH access
tags: [ssh, ssh-root]
- name: install keys for root SSH access
tags: [ssh, ssh-root]
- copy: src=ssh-root/{{ item }} dest=/root/.ssh
- notify: make in /root/.ssh
+ copy: src=ssh-root/{{ item }} dest=/root/.ssh
/
+ notify: make in /root/.ssh
/
with_items:
- Makefile
- config.m4
with_items:
- Makefile
- config.m4
@@
-93,7
+99,7
@@
- name: install required backup scripts on non-Debian hosts
tags: [backup, backup-scripts]
- name: install required backup scripts on non-Debian hosts
tags: [backup, backup-scripts]
- copy: src=backup/fshash dest=/usr/local/bin
+ copy: src=backup/fshash dest=/usr/local/bin
/
when: os != 'debian'
###--------------------------------------------------------------------------
when: os != 'debian'
###--------------------------------------------------------------------------
@@
-101,11
+107,11
@@
- name: install sudo configuration
tags: [sudo]
- name: install sudo configuration
tags: [sudo]
- copy: src=sudo/sudoers dest=/etc
+ copy: src=sudo/sudoers dest=/etc
/
- name: install common scripts
tags: [scripts]
- name: install common scripts
tags: [scripts]
- copy: src=scripts/{{ item }} dest=/usr/local/bin
+ copy: src=scripts/{{ item }} dest=/usr/local/bin
/
with_items:
- fetch-unpack-archive
- genx509
with_items:
- fetch-unpack-archive
- genx509