Skip to content
Snippets Groups Projects
Commit 21144dbb authored by Hervé MENAGER's avatar Hervé MENAGER
Browse files

restructure system.yaml ansible file 

Former-commit-id: a959420df90ee156872d7940ffd86faa5fac7bf9
parent 6192d7f3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 34 additions and 21 deletions
ansible/system.yaml
+ 34
21
View file @ 21144dbb
...@@ -2,6 +2,12 @@ ...@@ -2,6 +2,12 @@
- hosts: all - hosts: all
gather_facts: no gather_facts: no
tasks: tasks:
#
# User and Group configuration
#
# application user ({{deploy_user_name}}) is created
# in the wheel group, which has to be passwordless sudo
# and upload the key as a deploy key to gitlab
- name: Make sure we have a 'wheel' group - name: Make sure we have a 'wheel' group
become: true become: true
group: group:
...@@ -17,16 +23,23 @@ ...@@ -17,16 +23,23 @@
- name: Create {{ deploy_user_name }} user - name: Create {{ deploy_user_name }} user
user: name={{ deploy_user_name }} groups=wheel append=yes state=present createhome=yes generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa user: name={{ deploy_user_name }} groups=wheel append=yes state=present createhome=yes generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
become: true become: true
- name: install git - name: Cat deployer's user public key
yum: name=git state=present shell: "cat /home/{{ deploy_user_name }}/.ssh/id_rsa.pub"
register: key_value
become: true become: true
- name: Add repository - name: Create ssh_key json
template: src=ssh_key.json.j2 dest=/home/{{ deploy_user_name }}/ssh_key.json group={{ deploy_user_name }} owner={{ deploy_user_name }} force=yes
become: true become: true
yum_repository: - name: Cat deployer's user public key
name: epel shell: "cat /home/{{ deploy_user_name }}/ssh_key.json"
description: EPEL YUM repo become: true
gpgcheck: no - name: Upload deploy keys to gitlab
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/ shell: "curl -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -H 'PRIVATE-TOKEN: {{ repo_api_token }}' --data-binary @/home/{{ deploy_user_name }}/ssh_key.json https://gitlab.pasteur.fr/api/v3/projects/198/keys"
become: true
#
# Security configuration
#
# disable SELinux, and open firewall to incoming http
- name: disable SELinux - name: disable SELinux
become: true become: true
selinux: selinux:
...@@ -37,6 +50,19 @@ ...@@ -37,6 +50,19 @@
permanent: true permanent: true
state: enabled state: enabled
become: true become: true
#
# Install basic non-virtualenv requirements
#
- name: install git
yum: name=git state=present
become: true
- name: Add repository
become: true
yum_repository:
name: epel
description: EPEL YUM repo
gpgcheck: no
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: install python3 - name: install python3
yum: name=python34 state=present update_cache=yes yum: name=python34 state=present update_cache=yes
become: true become: true
...@@ -69,16 +95,3 @@ ...@@ -69,16 +95,3 @@
name: "@Development tools" name: "@Development tools"
state: present state: present
become: true become: true
- name: Cat deployer's user public key
shell: "cat /home/{{ deploy_user_name }}/.ssh/id_rsa.pub"
register: key_value
become: true
- name: Create ssh_key json
template: src=ssh_key.json.j2 dest=/home/{{ deploy_user_name }}/ssh_key.json group={{ deploy_user_name }} owner={{ deploy_user_name }} force=yes
become: true
- name: Cat deployer's user public key
shell: "cat /home/{{ deploy_user_name }}/ssh_key.json"
become: true
- name: Upload deploy keys to gitlab
shell: "curl -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -H 'PRIVATE-TOKEN: {{ repo_api_token }}' --data-binary @/home/{{ deploy_user_name }}/ssh_key.json https://gitlab.pasteur.fr/api/v3/projects/198/keys"
become: true
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment