Create common role

author: Matthieu Saulnier <fantom@fedoraproject.org> 2014-05-19 05:04:32 +0200
committer: Matthieu Saulnier <fantom@fedoraproject.org> 2014-05-19 05:04:32 +0200
commit: 9487577f083513c740cd8c8da40bc34d56e71254 (patch)
tree: b89ccbddb48bb203e7467a3e229bc5d84ccd5467 /roles/common/tasks
parent: 97761df44dfd32d86b489275785559dc3393d4ef (diff)
download: playbooks-ansible-9487577f083513c740cd8c8da40bc34d56e71254.tar.gz
playbooks-ansible-9487577f083513c740cd8c8da40bc34d56e71254.tar.xz
playbooks-ansible-9487577f083513c740cd8c8da40bc34d56e71254.zip
11 files changed, 199 insertions, 0 deletions
diff --git a/roles/common/tasks/ca.yml b/roles/common/tasks/ca.yml
new file mode 100644
index 0000000..2bf0e0d
--- /dev/null
+++ b/roles/common/tasks/ca.yml
@@ -0,0 +1,8 @@
+- name: Installation de mon autorité de certification
+  copy: src=root.pem dest=/etc/pki/ca-trust/source/anchors/root.pem mode=444
+
+- name: Installation de l'autorité de certification CACert
+  copy: src=cacert.pem dest=/etc/pki/ca-trust/source/anchors/cacert.pem mode=444
+
+- name: Mise à jour de la base de confiance CA
+  command: /usr/bin/update-ca-trust
diff --git a/roles/common/tasks/cron.yml b/roles/common/tasks/cron.yml
new file mode 100644
index 0000000..01846f5
--- /dev/null
+++ b/roles/common/tasks/cron.yml
@@ -0,0 +1,24 @@
+- name: Rapport disques durs
+  copy: src=diskreport.sh dest=/etc/cron.daily/diskreport.sh mode=755
+  when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host"
+
+- name: Rapport SELinux
+  copy: src=eaureport.sh dest=/etc/cron.daily/eaureport.sh mode=755
+  when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host"
+
+- name: Rapport RPM Verify
+  copy: src=rpmreport.sh dest=/etc/cron.daily/rpmreport.sh mode=755
+  when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host"
+
+- name: Relabel système de fichier
+  copy: src=selinuxresto.sh dest=/etc/cron.monthly/selinuxresto.sh mode=755
+  when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host"
+
+- name: Tests disques durs
+  copy: src=diskcheck.sh dest=/etc/cron.weekly/diskcheck.sh mode=755
+  when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host"
+
+- name: Installation du HIDS AIDE
+  copy: src=z-aidereport.sh dest=/etc/cron.daily/z-aidereport.sh mode=755
+  when: ansible_virtualization_role is not defined or ansible_virtualization_role == "host"
+  notify: initialize aide
diff --git a/roles/common/tasks/logo.yml b/roles/common/tasks/logo.yml
new file mode 100644
index 0000000..bbb55e5
--- /dev/null
+++ b/roles/common/tasks/logo.yml
@@ -0,0 +1,14 @@
+- name: Téléchargement du paquet pour F20
+  get_url: dest=/tmp/linux_logo.rpm url=http://fantom.fedorapeople.org/linux_logo-5.11-6.fc20.x86_64.rpm
+  when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64"
+
+- name: Téléchargement du paquet pour F21
+  get_url: dest=/tmp/linux_logo.rpm url=http://fantom.fedorapeople.org/linux_logo-5.11-6.fc21.x86_64.rpm
+  when: ansible_distribution_version|int == 21 and ansible_architecture == "x86_64"
+
+- name: Installation du paquet
+  yum: pkg=/tmp/linux_logo.rpm state=installed
+
+- name: Ajout du paquet linux_logo en Exclude (yum)
+  lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF
+              line="exclude=linux_logo"
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..c302662
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: Configutation démon SSH
+  include: ssh.yml
+
+- name: Installation des fichiers RC
+  include: rc.yml
+
+- name: Installation des points de montage standard
+  include: mnt.yml
+
+- name: Configurations variables fichier setvars
+  include: setvars.yml
+
+- name: Configuration démon Cron
+  include: cron.yml
+
+- name: Gestion des Autorités de Certification
+  include: ca.yml
+
+- name: Configuration Yum
+  include: yum.yml
+
+- name: Installation linux_logo Fedora
+  include: logo.yml
+  when: ansible_distribution == "Fedora"
+
+- name: Mise à jour et dépôt de mise à jour
+  include: update.yml
+
+- name: Installation des logiciels de base
+  include: pkgs.yml
diff --git a/roles/common/tasks/mnt.yml b/roles/common/tasks/mnt.yml
new file mode 100644
index 0000000..60c2397
--- /dev/null
+++ b/roles/common/tasks/mnt.yml
@@ -0,0 +1,23 @@
+- name: Point de montage nfs1
+  file: name=/mnt/nfs1/ state=directory
+
+- name: Point de montage nfs2
+  file: name=/mnt/nfs2/ state=directory
+
+- name: Point de montage iso1
+  file: name=/mnt/iso1/ state=directory
+
+- name: Point de montage iso2
+  file: name=/mnt/iso2/ state=directory
+
+- name: Point de montage lv1
+  file: name=/mnt/lv1/ state=directory
+
+- name: Point de montage lv2
+  file: name=/mnt/lv2/ state=directory
+
+- name: Point de montage part1
+  file: name=/mnt/part1/ state=directory
+
+- name: Point de montage part2
+  file: name=/mnt/part2/ state=directory
diff --git a/roles/common/tasks/pkgs.yml b/roles/common/tasks/pkgs.yml
new file mode 100644
index 0000000..71438f0
--- /dev/null
+++ b/roles/common/tasks/pkgs.yml
@@ -0,0 +1,52 @@
+- name: Installation des paquets
+  yum: name={{ item }} state=present
+  with_items:
+    - aide
+    - emacs-nox
+    - iotop
+    - nmap
+    - yum-plugin-fastestmirror
+    - yum-plugin-verify
+    - screen
+    - powertop
+    - postfix
+    - ipset
+    - patch
+    - gpm
+    - elinks
+    - vim-enhanced
+    - mutt
+    - nfs-utils
+    - tcpdump
+    - bind-utils
+    - tar
+
+- name: Installation des paquets Centos
+  yum: name={{ item }} state=present
+  with_items:
+    - ntp
+  when: ansible_distribution == "CentOS"
+
+- name: Installation des paquets Fedora
+  yum: name={{ item }} state=present
+  with_items:
+    - tmux
+    - htop
+    - glances
+    - iftop
+    - bvi
+    - whois
+    - systemd-analyze
+    - rpmconf
+    - colordiff
+    - mined
+    - fpaste
+    - wget
+    - bash-completion
+    - pbzip2
+    - pxz
+    - scapy
+    - testdisk
+    - steghide
+    - chrony
+  when: ansible_distribution == "Fedora"
diff --git a/roles/common/tasks/rc.yml b/roles/common/tasks/rc.yml
new file mode 100644
index 0000000..a7ce235
--- /dev/null
+++ b/roles/common/tasks/rc.yml
@@ -0,0 +1,11 @@
+- name: Root bashrc
+  copy: src=bashrc dest=/root/.bashrc mode=644
+
+- name: Root emacs rc
+  copy: src=emacs.rc dest=/root/.emacs mode=644
+
+- name: Squelette bashrc
+  copy: src=bashrc dest=/etc/skel/.bashrc mode=644
+
+- name: Squelette emacs rc
+  copy: src=emacs.rc dest=/etc/skel/.emacs mode=644
diff --git a/roles/common/tasks/setvars.yml b/roles/common/tasks/setvars.yml
new file mode 100644
index 0000000..5ace00c
--- /dev/null
+++ b/roles/common/tasks/setvars.yml
@@ -0,0 +1,3 @@
+- name: Configuration de la variable EDITOR
+  lineinfile: dest=/root/bin/setvars create=yes state=present
+              line="export EDITOR=emacs"
diff --git a/roles/common/tasks/ssh.yml b/roles/common/tasks/ssh.yml
new file mode 100644
index 0000000..09fae77
--- /dev/null
+++ b/roles/common/tasks/ssh.yml
@@ -0,0 +1,7 @@
+- name: Installation de la clé ssh pour l'utilisateur root
+  authorized_key: user=root key="{{lookup('file', 'id_rsa.pub') }}" manage_dir=yes
+
+- name: Accès uniquement par clé ssh
+  lineinfile: dest=/etc/ssh/sshd_config state=present backrefs=yes regexp="^PasswordAuthentication yes"
+              line="PasswordAuthentication no"
+  notify: restart sshd
diff --git a/roles/common/tasks/update.yml b/roles/common/tasks/update.yml
new file mode 100644
index 0000000..065576d
--- /dev/null
+++ b/roles/common/tasks/update.yml
@@ -0,0 +1,15 @@
+- name: Installation du miroir local updates
+  copy: src=updates-fantom.repo dest=/etc/yum.repos.d/updates-fantom.repo
+  when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64"
+
+- name: Désactivation du dépôt Updates
+  lineinfile: dest=/etc/yum.repos.d/fedora-updates.repo state=present backrefs=yes regexp="^enabled=1"
+              line="enabled=0"
+  when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64"
+
+- name: Installation du miroir updates-testing
+  copy: src=updates-testing-fantom.repo dest=/etc/yum.repos.d/updates-testing-fantom.repo
+  when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64"
+
+- name: Mise à jour de tous les paquets du système
+  yum: name=* state=latest
diff --git a/roles/common/tasks/yum.yml b/roles/common/tasks/yum.yml
new file mode 100644
index 0000000..d7584c0
--- /dev/null
+++ b/roles/common/tasks/yum.yml
@@ -0,0 +1,12 @@
+- name: Affichage historique
+  lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF
+              line="history_list_view=cmds"
+
+- name: Clean requirements on remove
+  lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF
+              line="clean_requirements_on_remove=1"
+
+- name: Désactivation delta rpm
+  lineinfile: dest=/etc/yum.conf create=yes state=present insertafter=EOF
+              line="deltarpm=0"
+  when: ansible_distribution_version|int == 20 and ansible_architecture == "x86_64"
author	Matthieu Saulnier <fantom@fedoraproject.org>	2014-05-19 05:04:32 +0200
committer	Matthieu Saulnier <fantom@fedoraproject.org>	2014-05-19 05:04:32 +0200
commit	9487577f083513c740cd8c8da40bc34d56e71254 (patch)
tree	b89ccbddb48bb203e7467a3e229bc5d84ccd5467 /roles/common/tasks
parent	97761df44dfd32d86b489275785559dc3393d4ef (diff)
download	playbooks-ansible-9487577f083513c740cd8c8da40bc34d56e71254.tar.gz playbooks-ansible-9487577f083513c740cd8c8da40bc34d56e71254.tar.xz playbooks-ansible-9487577f083513c740cd8c8da40bc34d56e71254.zip