nicolas
/
OpenShift-Implementation-at-ITIX
mirror of https://github.com/nmasse-itix/OpenShift-Implementation-at-ITIX.git
1
0
Fork 0
Code Issues Releases Wiki Activity
OpenShift Origin Implementation at ITIX (mostly Ansible Playbooks)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 Commits
1 Branch
0 Tags
102 KiB
 
Tree: 1188a7ced5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1188a7ced5'
${ noResults }
OpenShift-Implementation-at.../roles/base/tasks/main.yml

80 lines
2.2 KiB
Raw Blame History

---
- name: Tell SSHD not to use DNS
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *UseDNS +" line="UseDNS no"
notify: restart sshd
tags: config
- name: Tell SSHD to forbid root accesses
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PermitRootLogin +" line="PermitRootLogin no"
notify: restart sshd
tags: config
- name: Tell SSHD to forbid password accesses
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PasswordAuthentication +" line="PasswordAuthentication no"
notify: restart sshd
tags: config
- name: Install some software
yum: name={{ item }} state=installed
with_items:
- vim-enhanced
- tmux
- unzip
- tcpdump
- telnet
- strace
- man-pages
- man
- iptraf
- wget
- openssh-clients
tags: rpm
- name: Install Open-VM tools
yum: name=open-vm-tools state=installed
tags: rpm
- name: Fix /etc/environment to include PATH
lineinfile: dest=/etc/environment regexp="^PATH=" line="PATH=/bin:/usr/bin:/sbin:/usr/sbin"
tags: config
- name: Persist the hostname
lineinfile: dest=/etc/sysconfig/network regexp="^HOSTNAME=" line="HOSTNAME={{ inventory_hostname_short }}"
tags:
- config
- dns
- name: Set the hostname
command: hostnamectl set-hostname {{ inventory_hostname_short }} --static
tags:
- config
- dns
- name: Ensure consistent locale across systems (1/2)
lineinfile: dest=/etc/locale.conf regexp="^LANG=" line="LANG=en_US.utf8"
- name: Ensure consistent locale across systems (2/2)
lineinfile: dest=/etc/locale.conf line="LC_CTYPE=en_US.utf8"
- name: Make sure the optional repo is enabled
command: subscription-manager repos --enable rhel-7-server-optional-rpms
- name: Install yum-cron
yum:
name: yum-cron
state: installed
- name: Configure yum-cron to handle only security fixes
lineinfile:
path: /etc/yum/yum-cron.conf
line: "update_cmd = security"
regexp: "^ *update_cmd +="
state: present
- name: Configure yum-cron to install automatically security fixes
lineinfile:
path: /etc/yum/yum-cron.conf
line: "apply_updates = yes"
regexp: "^ *apply_updates +="
state: present