- name: Update Repositories and update Distribution to the latest Version
apt:
update_cache: yes
cache_valid_time: 21600
upgrade: dist
dpkg_options: 'force-confold,force-confdef'
register: update_apt
tags: update_apt
- name: install pip and update to newest version
pip:
name: pip
state: latest
register: pip_update
- name: install paramiko
pip:
name: paramiko
state: latest
register: paramiko_install
- name: check default packages
apt:
name: "{{ item }}"
state: latest
with_items: "{{ default_deb_packages }}"
register: apt_install
Hier wird dann register ausgeführt um das Ergebnis später auswerten zu können.
- name: reboot is required if nfs-common installed for the first time
shell: "sleep 5 && systemctl reboot"
async: 1
poll: 0
when: apt_install is changed
- name: wait for reboot
wait_for_connection:
connection_timeout: 20
sleep: 5
delay: 5
timeout: 300
when: apt_install is changed
ist bestimmt nicht die beste Lösung aber sie funktioniert 
- name: add NTP Server line to chrony.conf
lineinfile:
path: /etc/chrony/chrony.conf
insertbefore: '^server 0.debian'
line: 'server 169.254.169.123 prefer iburst'
state: present
register: chrony_changed
- name: restart chrony
remote_user: admin
become: yes
systemd:
state: restarted
name: chrony
when: chrony_changed is changed
- name: register default ssh admin keys
authorized_key:
user: admin
state: present
key: "{{ lookup('file', '{{ item }}') }}"
with_fileglob:
- "/ansible-deploy/global/ssh-keys/*.pub"
- name: register admin-ssh-key for user app
authorized_key:
user: app
state: present
key: '{{ item }}'
with_file:
- "{{ admin_ssh_pub_file }}"
- name: register default ssh app keys
authorized_key:
user: app
state: present
key: "{{ lookup('file', '{{ item }}') }}"
with_fileglob:
- '/ansible-deploy/global/ssh-keys/*.pub'
# allow developers to access servers
- name: register projekt-ssh keys for user app
authorized_key:
user: app
state: present
key: "{{ lookup('file', '{{ item }}') }}"
with_fileglob:
- '/ansible-deploy/customers/{{ customer }}/project_ssh_keys/*.pub'
# register key for user app to allow access between servers
# to generate a private key for this platform you can change into the project_ssh_keys directory and use
# ssh-keygen -t rsa -b 4096 -f ./id_rsa -P '' -C 'app-key'
- name: copy the app private key
copy:
owner: app
group: app
mode: 0600
src: "/ansible-deploy/customers/{{ customer }}/project_ssh_keys/id_rsa"
dest: "/home/app/.ssh/id_rsa"
“Das einzig sichere System müsste ausgeschaltet, in einem versiegelten und von Stahlbeton ummantelten Raum und von bewaffneten Schutztruppen umstellt sein.”Gene Spafford (Sicherheitsexperte)
Powered by Serendipity » Based on Linear » Ported by Christopher Pope | Impressum | Datenschutz