#vim: set ft=ansible:
|
---
|
# tasks file for bastion
|
|
######################### Setting up environment for post deployment administration
|
- name: create /root/.ssh
|
file:
|
dest: /root/.ssh
|
mode: 0700
|
state: directory
|
when: not hostvars.localhost.skip_packer_tasks | d(false)
|
tags: packer
|
|
- name: copy the environment .pem key
|
become: true
|
copy:
|
src: "{{output_dir}}/{{ env_authorized_key }}"
|
dest: /root/.ssh/{{env_authorized_key}}.pem
|
owner: root
|
group: root
|
mode: 0400
|
when: use_own_key|bool
|
|
- name: copy the user's SSH private key
|
become: true
|
copy:
|
src: "~/.ssh/{{key_name}}.pem"
|
dest: "/root/.ssh/{{key_name}}.pem"
|
owner: root
|
group: root
|
mode: 0400
|
when: not use_own_key|bool
|
tags:
|
- copy_env_private_key
|
|
- name: Generate host .ssh/config Template
|
become: no
|
local_action: template src={{ role_path }}/templates/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
|
tags:
|
- gen_sshconfig_file
|
|
- name: copy over host .ssh/config Template
|
become: true
|
copy:
|
src: "{{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}"
|
dest: /root/.ssh/config
|
owner: root
|
group: root
|
mode: 0400
|
tags:
|
- copy_sshconfig_file
|
|
- name: Install python-requests
|
ignore_errors: yes
|
become: true
|
yum:
|
name:
|
- python-requests
|
when: not hostvars.localhost.skip_packer_tasks | d(false)
|
tags: packer
|
|
- name: Install mosh
|
become: true
|
yum:
|
name: https://gpte-public.s3.amazonaws.com/mosh-1.3.2-1.el7.x86_64.rpm
|
ignore_errors: yes
|
when: not hostvars.localhost.skip_packer_tasks | d(false)
|
tags: packer
|
|
- name: Open UDP Ports 60001 - 61000 for Mosh
|
iptables:
|
action: insert
|
protocol: udp
|
destination_port: "60001:61000"
|
state: present
|
chain: INPUT
|
jump: ACCEPT
|
ignore_errors: yes
|
|
- name: Stat /etc/sysconfig/iptables
|
stat:
|
path: /etc/sysconfig/iptables
|
register: statiptables
|
|
- when: statiptables.stat.exists
|
block:
|
- name: Ensure SSH rule is present
|
command: >
|
grep "^-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT"
|
/etc/sysconfig/iptables
|
changed_when: false
|
failed_when: false
|
register: ensuresshpresent
|
|
- name: Open iptables Mosh firewall ports for future sessions
|
lineinfile:
|
insertbefore: "-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT"
|
state: present
|
path: /etc/sysconfig/iptables
|
line: "-A INPUT -p udp -m multiport --dports 60001:61000 -j ACCEPT"
|
when: ensuresshpresent.rc == 0
|
|
- name: Install Python libraries for k8s module/FTL use on bastion
|
include_tasks: k8s.yml
|
when: install_k8s_modules | d(false) or install_ftl | d (false)
|
|
# Add FTL to bastions. Python Dependencies are set up by the previous task
|
- name: Install FTL
|
when: install_ftl | d(False) | bool
|
block:
|
- name: Ensure git is installed
|
yum:
|
name: git
|
state: present
|
- name: Install FTL
|
include_role:
|
name: ftl-injector
|
vars:
|
student_login: "{{ student_name }}"
|
|
- name: Install jq on the bastion
|
get_url:
|
url: https://gpte-public.s3.amazonaws.com/jq-linux64
|
dest: /usr/bin/jq
|
mode: 0775
|
owner: root
|
group: root
|
|
- name: Install stern (multi-pod logging tool) on the bastion
|
get_url:
|
url: https://gpte-public.s3.amazonaws.com/stern_linux_amd64
|
dest: /usr/bin/stern
|
mode: 0775
|
owner: root
|
group: root
|
|
- name: Install bash-git-prompt
|
git:
|
repo: https://github.com/magicmonty/bash-git-prompt.git
|
dest: "{{ item }}/.bash-git-prompt"
|
clone: yes
|
loop:
|
- "/root"
|
- "/home/{{ ansible_user }}"
|
- "/etc/skel"
|
tags:
|
- install_bash_customization
|
|
- name: Change ownership of bash-git-prompt
|
file:
|
path: "{{ item.directory }}/.bash-git-prompt"
|
owner: "{{ item.user }}"
|
group: "{{ item.group }}"
|
recurse: yes
|
loop:
|
- { directory: "/root", user: "root", group: "root" }
|
- { directory: "/etc/skel", user: "root", group: "root" }
|
- directory: /home/{{ ansible_user }}
|
user: "{{ ansible_user }}"
|
group: "{{ ansible_user }}"
|
tags:
|
- install_bash_customization
|
|
- name: Install .bashrc
|
copy:
|
src: ../files/bashrc
|
dest: "{{ item.directory }}/.bashrc"
|
mode: 0644
|
owner: "{{ item.user }}"
|
group: "{{ item.group }}"
|
loop:
|
- { directory: "/root", user: "root", group: "root" }
|
- { directory: "/etc/skel", user: "root", group: "root" }
|
- directory: /home/{{ ansible_user }}
|
user: "{{ ansible_user }}"
|
group: "{{ ansible_user }}"
|
tags:
|
- install_bash_customization
|
|
- name: Install .bash_profile
|
copy:
|
src: ../files/bash_profile
|
dest: "{{ item.directory }}/.bash_profile"
|
mode: 0644
|
owner: "{{ item.user }}"
|
group: "{{ item.group }}"
|
loop:
|
- { directory: "/root", user: "root", group: "root" }
|
- { directory: "/etc/skel", user: "root", group: "root" }
|
- directory: /home/{{ ansible_user }}
|
user: "{{ ansible_user }}"
|
group: "{{ ansible_user }}"
|
tags:
|
- install_bash_customization
|