RedHatTraining/agnosticd.git

#vim: set ft=ansible:
---
# tasks file for bastion
 
######################### Setting up environment for post deployment administration
- name: create /root/.ssh
  file:
    dest: /root/.ssh
    mode: 0700
    state: directory
  when: not hostvars.localhost.skip_packer_tasks | d(false)
  tags: packer
 
- name: copy the environment .pem key
  become: true
  copy:
    src: "{{output_dir}}/{{ env_authorized_key }}"
    dest: /root/.ssh/{{env_authorized_key}}.pem
    owner: root
    group: root
    mode: 0400
  when: use_own_key|bool
 
- name: copy the user's SSH private key
  become: true
  copy:
    src: "~/.ssh/{{key_name}}.pem"
    dest: "/root/.ssh/{{key_name}}.pem"
    owner: root
    group: root
    mode: 0400
  when: not use_own_key|bool
  tags:
    - copy_env_private_key
 
- name: Generate host .ssh/config Template
  become: no
  local_action: template src={{ role_path }}/templates/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
  tags:
    - gen_sshconfig_file
 
- name: copy over host .ssh/config Template
  become: true
  copy:
    src: "{{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}"
    dest: /root/.ssh/config
    owner: root
    group: root
    mode: 0400
  tags:
    - copy_sshconfig_file
 
- name: Install python-requests
  ignore_errors: yes
  become: true
  yum:
    name:
    - python-requests
  when: not hostvars.localhost.skip_packer_tasks | d(false)
  tags: packer
 
- name: Install mosh
  become: true
  yum:
    name: https://gpte-public.s3.amazonaws.com/mosh-1.3.2-1.el7.x86_64.rpm
  ignore_errors: yes
  when: not hostvars.localhost.skip_packer_tasks | d(false)
  tags: packer
 
- name: Open UDP Ports 60001 - 61000 for Mosh
  iptables:
    action: insert
    protocol: udp
    destination_port: "60001:61000"
    state: present
    chain: INPUT
    jump: ACCEPT
  ignore_errors: yes
 
- name: Stat /etc/sysconfig/iptables
  stat:
    path: /etc/sysconfig/iptables
  register: statiptables
 
- when: statiptables.stat.exists
  block:
    - name: Ensure SSH rule is present
      command: >
        grep "^-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT"
        /etc/sysconfig/iptables
      changed_when: false
      failed_when: false
      register: ensuresshpresent
 
    - name: Open iptables Mosh firewall ports for future sessions
      lineinfile:
        insertbefore: "-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT"
        state: present
        path: /etc/sysconfig/iptables
        line: "-A INPUT -p udp -m multiport --dports 60001:61000 -j ACCEPT"
      when: ensuresshpresent.rc == 0
 
- name: Install Python libraries for k8s module/FTL use on bastion
  include_tasks: k8s.yml
  when: install_k8s_modules | d(false) or install_ftl | d (false)
 
# Add FTL to bastions. Python Dependencies are set up by the previous task
- name: Install FTL
  when: install_ftl | d(False) | bool
  block:
  - name: Ensure git is installed
    yum:
      name: git
      state: present
  - name: Install FTL
    include_role:
      name: ftl-injector
    vars:
      student_login: "{{ student_name }}"
 
- name: Install jq on the bastion
  get_url:
    url: https://gpte-public.s3.amazonaws.com/jq-linux64
    dest: /usr/bin/jq
    mode: 0775
    owner: root
    group: root
 
- name: Install stern (multi-pod logging tool) on the bastion
  get_url:
    url: https://gpte-public.s3.amazonaws.com/stern_linux_amd64
    dest: /usr/bin/stern
    mode: 0775
    owner: root
    group: root
 
- name: Install bash-git-prompt
  git:
    repo: https://github.com/magicmonty/bash-git-prompt.git
    dest: "{{ item }}/.bash-git-prompt"
    clone: yes
  loop:
  - "/root"
  - "/home/{{ ansible_user }}"
  - "/etc/skel"
  tags:
  - install_bash_customization
 
- name: Change ownership of bash-git-prompt
  file:
    path: "{{ item.directory }}/.bash-git-prompt"
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
    recurse: yes
  loop:
  - { directory: "/root",          user: "root",     group: "root" }
  - { directory: "/etc/skel",      user: "root",     group: "root" }
  - directory: /home/{{ ansible_user }}
    user: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
  tags:
  - install_bash_customization
 
- name: Install .bashrc
  copy:
    src: ../files/bashrc
    dest: "{{ item.directory }}/.bashrc"
    mode: 0644
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
  loop:
  - { directory: "/root",          user: "root",     group: "root" }
  - { directory: "/etc/skel",      user: "root",     group: "root" }
  - directory: /home/{{ ansible_user }}
    user: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
  tags:
  - install_bash_customization
 
- name: Install .bash_profile
  copy:
    src: ../files/bash_profile
    dest: "{{ item.directory }}/.bash_profile"
    mode: 0644
    owner: "{{ item.user }}"
    group: "{{ item.group }}"
  loop:
  - { directory: "/root",          user: "root",     group: "root" }
  - { directory: "/etc/skel",      user: "root",     group: "root" }
  - directory: /home/{{ ansible_user }}
    user: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
  tags:
  - install_bash_customization