Files
@ a52f9fdabd0f
Branch filter:
Location: majic-ansible-roles/roles/backup_client/molecule/default/prepare.yml - annotation
a52f9fdabd0f
3.3 KiB
text/x-yaml
MAR-132: Added support for Debian 9 (Stretch) to web_server role:
- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.
- Introduced internal parameters for controlling differing package
names, service names, and paths for PHP FPM package.
- Added Debian 9 machines to Molecule configuration, including the
client machine.
- Restructured slightly preparaiton playbook to support both Jessie
and Stretch.
- Added custom pytest fixture for having a better way to determine
expected package names etc related to PHP.
- Created copy of private key/certificate pair used for testing of
mandatory parameters (to be used with Stretch machine).
- Fixed invalid specification for hosts on top of which the
connectivity test should be run.
- Updated a couple of task names (avoiding to reference PHP 5).
- Updated documentation.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 9882e078677e 88290d45ad87 88290d45ad87 88290d45ad87 9882e078677e 9882e078677e 88290d45ad87 88290d45ad87 9882e078677e 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 9882e078677e 9882e078677e 88290d45ad87 88290d45ad87 9882e078677e 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 9882e078677e 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 88290d45ad87 | ---
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Install python for Ansible
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
become: true
changed_when: false
- hosts: all
become: true
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: true
changed_when: false
- hosts: backup-server
become: true
tasks:
- name: Deploy SSH server keys
copy:
content: "{{ lookup('file', item.key) + '\n' }}"
dest: "{{ item.value }}"
owner: root
group: root
mode: 0600
with_dict:
tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key
tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key
tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key
tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key
notify:
- Restart ssh
- name: Deploy custom SSH server configuration that chroots users
copy:
src: "tests/data/backup_server_custom-sshd_config"
dest: "/etc/ssh/sshd_config"
owner: root
group: root
mode: 0600
notify:
- Restart ssh
- name: Set-up backup group that will contain all backup users
group:
name: "backup-users"
- name: Set-up backup user groups
group:
name: "{{ item.name }}"
with_items: "{{ backup_users }}"
- name: Set-up backup users
user:
name: "{{ item.name }}"
group: "{{ item.name }}"
groups:
- "backup-users"
with_items: "{{ backup_users }}"
- name: Set-up authorised keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.key }}"
with_items: "{{ backup_users }}"
- name: Set-up port forwarding
command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22"
changed_when: false
with_items:
- 2222
- 3333
- name: Change ownership of home directories for SFTP chroot to work
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: 0755
with_items:
- /home/backupuser
- /home/bak-parameters-mandatory-s64
- /home/bak-parameters-mandatory-j64
- name: Set-up duplicity backup directories
file:
path: "~{{ item.name }}/duplicity"
state: directory
owner: root
group: backup-users
mode: 0770
with_items: "{{ backup_users }}"
- name: Set-up directories for parameters-optional backups
file:
path: "~backupuser/duplicity/{{ item }}"
state: directory
owner: backupuser
group: backupuser
mode: 0700
with_items:
- "parameters-optional-s64"
- "parameters-optional-j64"
handlers:
- name: Restart ssh
service:
name: ssh
state: restarted
vars:
backup_users:
- name: bak-parameters-mandatory-j64
key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"
- name: bak-parameters-mandatory-s64
key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"
- name: backupuser
key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
|