Projet

Général

Profil

0003-bootstrap.yaml-is-a-playbook-for-preparing-a-remote-.patch

Christophe Siraut, 11 avril 2018 09:54

Télécharger (2,68 ko)

Voir les différences: 

Subject: [PATCH 3/5] bootstrap.yaml is a playbook for preparing a remote host


 bootstrap.yaml | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 group_vars/all |  2 +-
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 bootstrap.yaml
bootstrap.yaml
1 
---
2 
- name: Initialize a container for Publik developer installation
3 
  hosts: all
4 
  gather_facts: False
5 

  		




  
  6
  
    
  tasks:

  		




  
  7
  
    
    - raw: dpkg -s python || (apt update && apt install -y python python-simplejson python-apt)

  		




  
  8
  
    
    - raw: dpkg -s sudo || apt install -y sudo

  		




  
  9
  
    
    - raw: dpkg -s postgresql || apt install -y postgresql

  		




  
  10
  
    
    - raw: dpkg -s git || apt install -y git

  		




  
  11
  
    

  		




  
  12
  
    
    - lineinfile:

  		




  
  13
  
    
          path: /etc/postgresql/9.6/main/pg_hba.conf

  		




  
  14
  
    
          line: 'local all postgres trust'

  		




  
  15
  
    
          insertbefore: '# DO NOT DISABLE!'

  		




  
  16
  
    

  		




  
  17
  
    
    - lineinfile:

  		




  
  18
  
    
          path: /etc/postgresql/9.6/main/pg_hba.conf

  		




  
  19
  
    
          line: 'local all all peer'

  		




  
  20
  
    
          insertafter: 'local all postgres trust'

  		




  
  21
  
    

  		




  
  22
  
    
    - raw: systemctl restart postgresql

  		




  
  23
  
    

  		




  
  24
  
    
    - user:

  		




  
  25
  
    
          name: "{{user}}"

  		




  
  26
  
    
          groups: sudo

  		




  
  27
  
    
          append: yes

  		




  
  28
  
    
          shell: /bin/bash

  		




  
  29
  
    

  		




  
  30
  
    
    # it is strange we need to fix permissions here (ansible 2.4)

  		




  
  31
  
    
    - file:

  		




  
  32
  
    
          path: "~{{user}}"

  		




  
  33
  
    
          state: directory

  		




  
  34
  
    
          owner: "{{user}}"

  		




  
  35
  
    
          group: "{{user}}"

  		




  
  36
  
    

  		




  
  37
  
    
    - lineinfile:

  		




  
  38
  
    
          dest: /etc/sudoers

  		




  
  39
  
    
          regexp: "^%{{user}}"

  		




  
  40
  
    
          line: "{{user}} ALL=(ALL) NOPASSWD: ALL"

  		




  
  41
  
    
          validate: 'visudo -cf %s'

  		




  
  42
  
    

  		




  
  43
  
    
    - file:

  		




  
  44
  
    
          path: "~{{user}}/.ssh"

  		




  
  45
  
    
          state: directory

  		




  
  46
  
    
          owner: "{{user}}"

  		




  
  47
  
    
          mode: 0700

  		




  
  48
  
    
    - copy:

  		




  
  49
  
    
          src: "~/.ssh/id_rsa.pub"

  		




  
  50
  
    
          dest: "~{{user}}/.ssh/authorized_keys"

  		




  
  51
  
    
          owner: "{{user}}"

  		




  
  52
  
    
          mode: 0600

  		




  
  53
  
    

  		




  
  54
  
    
    - lineinfile:

  		




  
  55
  
    
          path: /etc/hosts

  		




  
  56
  
    
          regexp: '^127.0.42.1'

  		




  
  57
  
    
          line: '127.0.42.1 dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik'

  		












  

    
      group_vars/all
    
  





  5
  5
  
    
ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"

  		




  6
  6
  
    
ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"

  		




  7
  7
  
    
venv: "/home/{{user}}/envs/publik-env"

  		




  8
  
  
    
user: publik

  		




  
  8
  
    
user: your_user_name

  		




  9
  9
  
    
apps:

  		




  10
  10
  
    
  authentic:

  		




  11
  11
  
    
    db_name: authentic_multitenant

  		




  12
  
  
    
-