mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Merge pull request #601 from holta/iiab-admin
Refactor roles/iiab-admin for #586 regression of /bin/bash incl up-arrow etc (interactive shell)
This commit is contained in:
commit
a130bc86dd
3 changed files with 68 additions and 50 deletions
|
@ -1,6 +1,7 @@
|
||||||
- name: Install textmode remote access packages
|
- name: Install textmode remote access packages
|
||||||
package: name={{ item }}
|
package:
|
||||||
state=present
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- screen
|
- screen
|
||||||
- lynx
|
- lynx
|
||||||
|
|
|
@ -1,46 +1,56 @@
|
||||||
- name: Create iiab-admin user and password
|
- name: Create iiab-admin user and password
|
||||||
user: name={{ iiab_admin_user }}
|
user:
|
||||||
password={{ iiab_admin_passw_hash }}
|
name: "{{ iiab_admin_user }}"
|
||||||
update_password=on_create
|
password: "{{ iiab_admin_passw_hash }}"
|
||||||
|
update_password: on_create
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
- name: Create a wheel group
|
- name: Create a wheel group
|
||||||
group: name=wheel
|
group:
|
||||||
state=present
|
name: wheel
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Create a sudo group
|
- name: Create a sudo group (redhat)
|
||||||
group: name=sudo
|
group:
|
||||||
state=present
|
name: sudo
|
||||||
|
state: present
|
||||||
when: is_redhat
|
when: is_redhat
|
||||||
|
|
||||||
- name: Add user to wheel group
|
- name: Add user to wheel group
|
||||||
user: name={{ iiab_admin_user }} groups=wheel,sudo
|
user:
|
||||||
|
name: "{{ iiab_admin_user }}"
|
||||||
|
groups: wheel,sudo
|
||||||
|
|
||||||
- name: Create root .ssh
|
- name: Create root .ssh
|
||||||
file: path=/root/.ssh
|
file:
|
||||||
mode=0700
|
path: /root/.ssh
|
||||||
owner=root
|
owner: root
|
||||||
group=root
|
group: root
|
||||||
state=directory
|
mode: 0700
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Install dummy root keys as placeholder
|
- name: Install dummy root keys as placeholder
|
||||||
copy: src=dummy_authorized_keys
|
copy:
|
||||||
dest=/root/.ssh/authorized_keys
|
src: dummy_authorized_keys
|
||||||
force=no
|
dest: /root/.ssh/authorized_keys
|
||||||
owner=root
|
owner: root
|
||||||
group=root
|
group: root
|
||||||
mode=0600
|
mode: 0600
|
||||||
|
force: no
|
||||||
|
|
||||||
# backup=yes
|
# backup=yes
|
||||||
|
|
||||||
- name: Edit the sudoers file -- first make it editable
|
- name: Edit the sudoers file -- first make it editable
|
||||||
file: path=/etc/sudoers
|
file:
|
||||||
mode=0640
|
path: /etc/sudoers
|
||||||
|
mode: 0640
|
||||||
|
|
||||||
- name: Have sudo log all commands it handles
|
- name: Have sudo log all commands it handles
|
||||||
lineinfile: regexp=logfile
|
lineinfile:
|
||||||
line='Defaults logfile = /var/log/sudo.log'
|
regexp: logfile
|
||||||
state=present
|
line: "Defaults logfile = /var/log/sudo.log"
|
||||||
dest=/etc/sudoers
|
dest: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
|
||||||
- name: Lets wheel sudo without password
|
- name: Lets wheel sudo without password
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -48,10 +58,12 @@
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
|
|
||||||
- name: Remove the line which requires tty
|
- name: Remove the line which requires tty
|
||||||
lineinfile: regexp=requiretty
|
lineinfile:
|
||||||
state=absent
|
regexp: requiretty
|
||||||
dest=/etc/sudoers
|
dest: /etc/sudoers
|
||||||
|
state: absent
|
||||||
|
|
||||||
- name: End editing the sudoers file -- protect it again
|
- name: End editing the sudoers file -- protect it again
|
||||||
file: path=/etc/sudoers
|
file:
|
||||||
mode=0440
|
path: /etc/sudoers
|
||||||
|
mode: 0440
|
||||||
|
|
|
@ -7,11 +7,12 @@
|
||||||
tags:
|
tags:
|
||||||
- base
|
- base
|
||||||
|
|
||||||
- name: Add iiab-admin parameters to ini file
|
- name: Add 'iiab-admin' to list at /etc/iiab/iiab.ini
|
||||||
ini_file: dest='{{ service_filelist }}'
|
ini_file:
|
||||||
section=iiab-admin
|
dest: "{{ service_filelist }}"
|
||||||
option='{{ item.option }}'
|
section: iiab-admin
|
||||||
value='{{ item.value }}'
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
with_items:
|
with_items:
|
||||||
- option: name
|
- option: name
|
||||||
value: iiab-admin
|
value: iiab-admin
|
||||||
|
@ -21,19 +22,23 @@
|
||||||
value: "{{ iiab_admin_user }}"
|
value: "{{ iiab_admin_user }}"
|
||||||
|
|
||||||
- name: Set up to issue warning if iiab-admin password is still default
|
- name: Set up to issue warning if iiab-admin password is still default
|
||||||
template: src=profile_ssh_warn.sh
|
template:
|
||||||
dest=/etc/profile.d/
|
src: profile_ssh_warn.sh
|
||||||
|
dest: /etc/profile.d/
|
||||||
|
|
||||||
- name: Is this LXDE?
|
- name: Is this LXDE?
|
||||||
stat: path=/home/pi/.config/lxsession
|
stat:
|
||||||
|
path: /home/pi/.config/lxsession
|
||||||
register: lx
|
register: lx
|
||||||
|
|
||||||
- name: Do the same if running on Raspbian
|
- name: Do the same if running on Raspbian
|
||||||
template: src=lxde_ssh_warn.sh
|
template:
|
||||||
dest=/home/pi/.config/lxsession/LXDE-pi/
|
src: lxde_ssh_warn.sh
|
||||||
|
dest: /home/pi/.config/lxsession/LXDE-pi/
|
||||||
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
|
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
|
||||||
|
|
||||||
- name: Put an autostart line to check for default password in LXDE
|
- name: Put an autostart line to check for default password in LXDE (raspbian)
|
||||||
lineinfile: line=@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh
|
lineinfile:
|
||||||
dest=/home/pi/.config/lxsession/LXDE-pi/autostart
|
line: "@/home/pi/.config/lxsession/LXDE-pi/lxde_ssh_warn.sh"
|
||||||
|
dest: /home/pi/.config/lxsession/LXDE-pi/autostart
|
||||||
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
|
when: lx.stat.isdir is defined and lx.stat.isdir and is_rpi and is_debuntu
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue