From faffb7939d6be71482577d71bb525dafa8802990 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 20:41:08 -0400 Subject: [PATCH 1/7] Update main.yml --- roles/4-server-options/tasks/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/roles/4-server-options/tasks/main.yml b/roles/4-server-options/tasks/main.yml index 8989677a6..3dc010450 100644 --- a/roles/4-server-options/tasks/main.yml +++ b/roles/4-server-options/tasks/main.yml @@ -3,13 +3,6 @@ - name: ...IS BEGINNING ================================== command: echo -# MANDATORY SO PERHAPS THIS BELONGS IN 3-BASE-SERVER ? -- name: SSHD - include_role: - name: sshd - # has no "when: XXXXX_install" flag - tags: base, sshd - - name: Installing dnsmasq include_tasks: roles/network/tasks/dnsmasq.yml when: dnsmasq_install From 84eea97af920fc3f550cbfc97ca3aea72bbbce04 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 20:42:37 -0400 Subject: [PATCH 2/7] Update main.yml --- roles/1-prep/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/1-prep/tasks/main.yml b/roles/1-prep/tasks/main.yml index 1845416dc..b0f2df3fe 100644 --- a/roles/1-prep/tasks/main.yml +++ b/roles/1-prep/tasks/main.yml @@ -37,6 +37,12 @@ set_fact: uuid: "{{ stored_uuid.stdout_lines[0] }}" +- name: SSHD + include_role: + name: sshd + # has no "when: XXXXX_install" flag + tags: base, sshd + - name: OPENVPN include_role: name: openvpn From ea6382c2214099cb31b4df4128eb11a03b815bd1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 20:44:42 -0400 Subject: [PATCH 3/7] modern Ansible syntax in roles/sshd --- roles/sshd/tasks/main.yml | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 560774ff3..89e8f444e 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -1,18 +1,21 @@ - name: Disable root login with password - lineinfile: dest=/etc/ssh/sshd_config - regexp='^PermitRootLogin' - line='PermitRootLogin without-password' - state=present + lineinfile: + dest: /etc/ssh/sshd_config + regexp: '^PermitRootLogin' + line: 'PermitRootLogin without-password' + state: present #TODO: use handler to reload ssh - name: Enable sshd - service: name={{ sshd_service }} - enabled=yes - state=started + service: + name: "{{ sshd_service }}" + enabled: yes + state: started when: sshd_enabled - name: Disable sshd - service: name={{ sshd_service }} - enabled=no - state=stopped + service: + name: "{{ sshd_service }}" + enabled: no + state: stopped when: not sshd_enabled From 1a504318b40ec3753c77111cf9bd104a92f44ca1 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 20:47:46 -0400 Subject: [PATCH 4/7] Update main.yml --- roles/sshd/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 89e8f444e..2e602d0fa 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -6,7 +6,7 @@ state: present #TODO: use handler to reload ssh -- name: Enable sshd +- name: Enable & start sshd service: name: "{{ sshd_service }}" enabled: yes From 37b2f947a270ccee2f5c185cda1f7e350c88b0ff Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 20:55:28 -0400 Subject: [PATCH 5/7] Update main.yml --- roles/sshd/tasks/main.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index 2e602d0fa..567fd72dd 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -6,6 +6,25 @@ state: present #TODO: use handler to reload ssh +- name: Create root .ssh + file: + path: /root/.ssh + owner: root + group: root + mode: 0700 + state: directory + when: sshd_enabled + +- name: Install dummy root keys as placeholder + copy: + src: dummy_authorized_keys + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + force: no + when: sshd_enabled + - name: Enable & start sshd service: name: "{{ sshd_service }}" From 3a5bdc4a2be65613019a3c2c49ef6af8425fbdb6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 21:02:11 -0400 Subject: [PATCH 6/7] Rename roles/iiab-admin/files/dummy_authorized_keys to roles/sshd/files/dummy_authorized_keys --- roles/{iiab-admin => sshd}/files/dummy_authorized_keys | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename roles/{iiab-admin => sshd}/files/dummy_authorized_keys (100%) diff --git a/roles/iiab-admin/files/dummy_authorized_keys b/roles/sshd/files/dummy_authorized_keys similarity index 100% rename from roles/iiab-admin/files/dummy_authorized_keys rename to roles/sshd/files/dummy_authorized_keys From 5665f0792aab672041b5751a8367e89a8b61f652 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 19 Sep 2018 21:07:23 -0400 Subject: [PATCH 7/7] Update admin-user.yml --- roles/iiab-admin/tasks/admin-user.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index 9fc481ab4..7fa6ff147 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -21,23 +21,6 @@ name: "{{ iiab_admin_user }}" groups: wheel,sudo -- name: Create root .ssh - file: - path: /root/.ssh - owner: root - group: root - mode: 0700 - state: directory - -- name: Install dummy root keys as placeholder - copy: - src: dummy_authorized_keys - dest: /root/.ssh/authorized_keys - owner: root - group: root - mode: 0600 - force: no - - name: Edit the sudoers file -- first make it editable file: path: /etc/sudoers