From 21144dbbd8dba551f95964a8204ae23dfaa02aa7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Mon, 7 Aug 2017 15:02:09 +0200
Subject: [PATCH] restructure system.yaml ansible file
Former-commit-id: a959420df90ee156872d7940ffd86faa5fac7bf9
---
ansible/system.yaml | 55 ++++++++++++++++++++++++++++-----------------
1 file changed, 34 insertions(+), 21 deletions(-)
diff --git a/ansible/system.yaml b/ansible/system.yaml
index 218b68d9..bfc48250 100644
--- a/ansible/system.yaml
+++ b/ansible/system.yaml
@@ -2,6 +2,12 @@
- hosts: all
gather_facts: no
tasks:
+ #
+ # User and Group configuration
+ #
+ # application user ({{deploy_user_name}}) is created
+ # in the wheel group, which has to be passwordless sudo
+ # and upload the key as a deploy key to gitlab
- name: Make sure we have a 'wheel' group
become: true
group:
@@ -17,16 +23,23 @@
- name: Create {{ deploy_user_name }} user
user: name={{ deploy_user_name }} groups=wheel append=yes state=present createhome=yes generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
become: true
- - name: install git
- yum: name=git state=present
+ - name: Cat deployer's user public key
+ shell: "cat /home/{{ deploy_user_name }}/.ssh/id_rsa.pub"
+ register: key_value
become: true
- - name: Add repository
+ - name: Create ssh_key json
+ template: src=ssh_key.json.j2 dest=/home/{{ deploy_user_name }}/ssh_key.json group={{ deploy_user_name }} owner={{ deploy_user_name }} force=yes
become: true
- yum_repository:
- name: epel
- description: EPEL YUM repo
- gpgcheck: no
- baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
+ - name: Cat deployer's user public key
+ shell: "cat /home/{{ deploy_user_name }}/ssh_key.json"
+ become: true
+ - name: Upload deploy keys to gitlab
+ shell: "curl -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -H 'PRIVATE-TOKEN: {{ repo_api_token }}' --data-binary @/home/{{ deploy_user_name }}/ssh_key.json https://gitlab.pasteur.fr/api/v3/projects/198/keys"
+ become: true
+ #
+ # Security configuration
+ #
+ # disable SELinux, and open firewall to incoming http
- name: disable SELinux
become: true
selinux:
@@ -37,6 +50,19 @@
permanent: true
state: enabled
become: true
+ #
+ # Install basic non-virtualenv requirements
+ #
+ - name: install git
+ yum: name=git state=present
+ become: true
+ - name: Add repository
+ become: true
+ yum_repository:
+ name: epel
+ description: EPEL YUM repo
+ gpgcheck: no
+ baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
- name: install python3
yum: name=python34 state=present update_cache=yes
become: true
@@ -69,16 +95,3 @@
name: "@Development tools"
state: present
become: true
- - name: Cat deployer's user public key
- shell: "cat /home/{{ deploy_user_name }}/.ssh/id_rsa.pub"
- register: key_value
- become: true
- - name: Create ssh_key json
- template: src=ssh_key.json.j2 dest=/home/{{ deploy_user_name }}/ssh_key.json group={{ deploy_user_name }} owner={{ deploy_user_name }} force=yes
- become: true
- - name: Cat deployer's user public key
- shell: "cat /home/{{ deploy_user_name }}/ssh_key.json"
- become: true
- - name: Upload deploy keys to gitlab
- shell: "curl -X POST -H 'Accept: application/json' -H 'Content-type: application/json' -H 'PRIVATE-TOKEN: {{ repo_api_token }}' --data-binary @/home/{{ deploy_user_name }}/ssh_key.json https://gitlab.pasteur.fr/api/v3/projects/198/keys"
- become: true
--
GitLab