endpoints/endpoints

View on GitHub
deploy/ansible/roles/configure/tasks/main.yml

Summary

Maintainability
Test Coverage
- name: set hostname
  hostname: name={{hostname}}

- name: add loopback references to our domain in /etc/hosts
  lineinfile: "dest=/etc/hosts line='127.0.0.1 {{hostname}} {{fqdn}}'"

- name: get github public key
  command: /usr/bin/ssh-keyscan github.com
  register: github_keyscan

- name: add github key to ssh known hosts
  lineinfile: dest=/etc/ssh/ssh_known_hosts
    create=yes
    regexp='^github.com'
    line="{{github_keyscan.stdout}}"

- name: ensure ssh agent socket environment variable persists when sudoing
  lineinfile: dest=/etc/sudoers
    insertafter='^Defaults'
    line='Defaults env_keep += "SSH_AUTH_SOCK"'
    state=present
    validate='visudo -cf %s'

- name: disallow password authentication
  lineinfile: dest=/etc/ssh/sshd_config regexp="/^PasswordAuthentication/" line="PasswordAuthentication no"

- name: disallow challenge response authentication
  lineinfile: dest=/etc/ssh/sshd_config regexp="/^ChallengeResponseAuthentication/" line="ChallengeResponseAuthentication no"

- name: log file exists
  file: path={{site_log_file}} state=touch owner={{site_user}} group={{site_group}}

- name: sync all users
  user: name={{item.name}} state={{item.state}} groups={{item.groups}} password={{item.shadow_pass}} shell={{item.shell | default("/bin/bash") }} force=yes
  with_items: users

- name: sync all users keys
  authorized_key: user={{item.0.name}} key="{{item.1.key}}" state={{item.1.state}}
  with_subelements:
    - users
    - keys

- name: ensure absent users' home directories are removed
  file: path=/home/{{item.name}} state={{ (item.state == 'present') | ternary('directory', 'absent')}}
  with_items: users