From 73005eff348b07e04b910ca172398b2cd223cd26 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Dec 2017 14:41:17 -0500 Subject: [PATCH 1/5] Update access.yml --- roles/iiab-admin/tasks/access.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/iiab-admin/tasks/access.yml b/roles/iiab-admin/tasks/access.yml index dbbff4bbc..6762e5b43 100644 --- a/roles/iiab-admin/tasks/access.yml +++ b/roles/iiab-admin/tasks/access.yml @@ -1,8 +1,9 @@ - name: Install textmode remote access packages - package: name={{ item }} - state=present + package: + name: "{{ item }}" + state: present with_items: - - screen - - lynx + - screen + - lynx tags: - download From 625c4925dbd8da3e00a15cae653d5fbc6f0f19a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Dec 2017 14:44:53 -0500 Subject: [PATCH 2/5] Add "shell: /bin/bash" to iiab-admin so shell works?? SEE https://github.com/iiab/iiab/issues/586 --- roles/iiab-admin/tasks/admin-user.yml | 78 +++++++++++++++------------ 1 file changed, 45 insertions(+), 33 deletions(-) diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index f9c06ca26..23c5b4984 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -1,57 +1,69 @@ - name: Create iiab-admin user and password - user: name={{ iiab_admin_user }} - password={{ iiab_admin_passw_hash }} - update_password=on_create + user: + name: "{{ iiab_admin_user }}" + password: "{{ iiab_admin_passw_hash }}" + update_password: on_create + shell: /bin/bash - name: Create a wheel group - group: name=wheel - state=present + group: + name: wheel + state: present -- name: Create a sudo group - group: name=sudo - state=present +- name: Create a sudo group (redhat) + group: + name: sudo + state: present when: is_redhat - name: Add user to wheel group - user: name={{ iiab_admin_user }} groups=wheel,sudo + user: + name: "{{ iiab_admin_user }}" + groups: wheel,sudo - name: Create root .ssh - file: path=/root/.ssh - mode=0700 - owner=root - group=root - state=directory + file: + path: /root/.ssh + owner: root + group: root + mode: 0700 + state: directory - name: Install dummy root keys as placeholder - copy: src=dummy_authorized_keys - dest=/root/.ssh/authorized_keys - force=no - owner=root - group=root - mode=0600 + copy: + src: dummy_authorized_keys + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + force: no # backup=yes - name: Edit the sudoers file -- first make it editable - file: path=/etc/sudoers - mode=0640 + file: + path: /etc/sudoers + mode: 0640 - name: Have sudo log all commands it handles - lineinfile: regexp=logfile - line='Defaults logfile = /var/log/sudo.log' - state=present - dest=/etc/sudoers + lineinfile: + regexp: logfile + line: 'Defaults logfile = /var/log/sudo.log' + dest: /etc/sudoers + state: present - name: Lets wheel sudo without password lineinfile: - line: "%wheel ALL= NOPASSWD: ALL" - dest: /etc/sudoers + line: "%wheel ALL= NOPASSWD: ALL" + dest: /etc/sudoers - name: Remove the line which requires tty - lineinfile: regexp=requiretty - state=absent - dest=/etc/sudoers + lineinfile: + regexp: requiretty + dest: /etc/sudoers + state: absent - name: End editing the sudoers file -- protect it again - file: path=/etc/sudoers - mode=0440 + file: + path: /etc/sudoers + mode: 0440 From 2c322c4baa99bb84f44fba4beafd3ff9d12206fc Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Dec 2017 14:47:53 -0500 Subject: [PATCH 3/5] for https://github.com/iiab/iiab/issues/586 --- roles/iiab-admin/tasks/main.yml | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 5f609238b..70873324e 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -7,11 +7,12 @@ tags: - base -- name: Add iiab-admin parameters to ini file - ini_file: dest='{{ service_filelist }}' - section=iiab-admin - option='{{ item.option }}' - value='{{ item.value }}' +- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini + ini_file: + dest: "{{ service_filelist }}" + section: iiab-admin + option: "{{ item.option }}" + value: "{{ item.value }}" with_items: - option: name value: iiab-admin @@ -21,19 +22,23 @@ value: "{{ iiab_admin_user }}" - name: Set up to issue warning if iiab-admin password is still default - template: src=profile_ssh_warn.sh - dest=/etc/profile.d/ + template: + src: profile_ssh_warn.sh + dest: /etc/profile.d/ - name: Is this LXDE? - stat: path=/home/pi/.config/lxsession + stat: + path: /home/pi/.config/lxsession register: lx - name: Do the same if running on Raspbian - template: src=lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/ + template: + src: lxde_ssh_warn.sh + dest: /home/pi/.config/lxsession/LXDE-pi/ when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu -- name: Put an autostart line to check for default password in LXDE - lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh - dest=/home/pi/.config/lxsession/LXDE-pi/autostart +- name: Put an autostart line to check for default password in LXDE (raspbian) + lineinfile: + line: @/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh + dest: /home/pi/.config/lxsession/LXDE-pi/autostart when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu From e14a3b7830e95ce0ebb7722ba234e84e546e4749 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Dec 2017 10:26:53 -0500 Subject: [PATCH 4/5] quotes needed around "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh" --- roles/iiab-admin/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/main.yml b/roles/iiab-admin/tasks/main.yml index 70873324e..b13a3d6cb 100644 --- a/roles/iiab-admin/tasks/main.yml +++ b/roles/iiab-admin/tasks/main.yml @@ -39,6 +39,6 @@ - name: Put an autostart line to check for default password in LXDE (raspbian) lineinfile: - line: @/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh + line: "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh" dest: /home/pi/.config/lxsession/LXDE-pi/autostart when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu From b537ee182fd08f982a79473a389a7fe815a1e6d6 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 7 Dec 2017 11:33:33 -0500 Subject: [PATCH 5/5] Update admin-user.yml --- roles/iiab-admin/tasks/admin-user.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index 23c5b4984..8dc95d8ef 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -48,7 +48,7 @@ - name: Have sudo log all commands it handles lineinfile: regexp: logfile - line: 'Defaults logfile = /var/log/sudo.log' + line: "Defaults logfile = /var/log/sudo.log" dest: /etc/sudoers state: present