external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1151 from holta/openvpn-rapid-support

Browse source 
Fix & Revision to PR #1148 (OpenVPN rapid start during installs)
This commit is contained in:
A Holt 2018-09-19 21:09:52 -04:00 committed by GitHub
commit 2f94ee0f48
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/1-prep/tasks/main.yml
View file

@ -37,6 +37,12 @@
set_fact:
uuid: "{{ stored_uuid.stdout_lines[0] }}"
- name: SSHD
include_role:
name: sshd
# has no "when: XXXXX_install" flag
tags: base, sshd
- name: OPENVPN
include_role:
name: openvpn

7
roles/4-server-options/tasks/main.yml
View file

@ -3,13 +3,6 @@
- name: ...IS BEGINNING ==================================
command: echo
# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ?
- name: SSHD
include_role:
name: sshd
# has no "when: XXXXX_install" flag
tags: base, sshd
- name: Installing dnsmasq
include_tasks: roles/network/tasks/dnsmasq.yml
when: dnsmasq_install

0
roles/iiab-admin/files/dummy_authorized_keys → roles/sshd/files/dummy_authorized_keys
View file

44
roles/sshd/tasks/main.yml
View file

@ -1,18 +1,40 @@
- name: Disable root login with password
lineinfile: dest=/etc/ssh/sshd_config
regexp='^PermitRootLogin'
line='PermitRootLogin without-password'
state=present
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin without-password'
state: present
#TODO: use handler to reload ssh
- name: Enable sshd
service: name={{ sshd_service }}
enabled=yes
state=started
- name: Create root .ssh
file:
path: /root/.ssh
owner: root
group: root
mode: 0700
state: directory
when: sshd_enabled
- name: Install dummy root keys as placeholder
copy:
src: dummy_authorized_keys
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600
force: no
when: sshd_enabled
- name: Enable & start sshd
service:
name: "{{ sshd_service }}"
enabled: yes
state: started
when: sshd_enabled
- name: Disable sshd
service: name={{ sshd_service }}
enabled=no
state=stopped
service:
name: "{{ sshd_service }}"
enabled: no
state: stopped
when: not sshd_enabled