Changeset - 989f5c583406
Parent rev.
Child rev.
[Not reviewed]
0 1 1
Branko Majic (branko) - 7 years ago 2017-06-09 21:11:09
branko@majic.rs
MAR-107: Minor Ansible linting fixes for backup_server role:

- Use proper mode (with leading zero).
- Deploy the backup server SSH keys via template in order to ensure the files
end with newlines (otherwise OpenSSH server in Debian Jessie might not pick-up
the ed25519 key).
2 files changed with 14 insertions and 9 deletions:
roles/backup_server/tasks/main.yml
13
9
roles/backup_server/templates/ssh_host_key.j2
1
0 comments (0 inline, 0 general)
roles/backup_server/tasks/main.yml
Show inline comments
 
@@ -8,7 +8,7 @@
 

			




	
	
	
		
 
- name: Create directory for storing backups

			




	
	
	
		
 
  file: path="/srv/backups" state=directory

			




	
	
	
		
 
        owner="root" group="root" mode=751

			




	
	
	
		
 
        owner="root" group="root" mode=0751

			




	
	
	
		
 

			




	
	
	
		
 
- name: Create backup client groups

			




	
	
	
		
 
  group: name="{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"

			




	
	
		
 
@@ -58,23 +58,27 @@

			




	
	
	
		
 

			




	
	
	
		
 
- name: Set-up directory for the backup OpenSSH server instance

			




	
	
	
		
 
  file: path="/etc/ssh-backup/" state=directory

			




	
	
	
		
 
        owner="root" group="root" mode="700"

			




	
	
	
		
 
        owner="root" group="root" mode="0700"

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy configuration file for the backup OpenSSH server instance service

			




	
	
	
		
 
  copy: src="ssh-backup.default" dest="/etc/default/ssh-backup"

			




	
	
	
		
 
        owner="root" group="root" mode="644"

			




	
	
	
		
 
        owner="root" group="root" mode="0644"

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart backup SSH server

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy configuration file for the backup OpenSSH server instance

			




	
	
	
		
 
  copy: src="backup-sshd_config" dest="/etc/ssh-backup/sshd_config"

			




	
	
	
		
 
        owner="root" group="root" mode="600"

			




	
	
	
		
 
        owner="root" group="root" mode="0600"

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart backup SSH server

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy the private keys for backup OpenSSH server instance

			




	
	
	
		
 
  copy: content="{{ item.value }}" dest="/etc/ssh-backup/ssh_host_{{ item.key }}_key"

			




	
	
	
		
 
        owner="root" group="root" mode="600"

			




	
	
	
		
 
  template:

			




	
	
	
		
 
    src: "ssh_host_key.j2"

			




	
	
	
		
 
    dest: "/etc/ssh-backup/ssh_host_{{ item.key }}_key"

			




	
	
	
		
 
    owner: root

			




	
	
	
		
 
    group: root

			




	
	
	
		
 
    mode: 0600

			




	
	
	
		
 
  with_dict: "{{ backup_host_ssh_private_keys }}"

			




	
	
	
		
 
  no_log: True

			




	
	
	
		
 
  notify:

			




	
	
		
 
@@ -82,7 +86,7 @@

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy backup OpenSSH server systemd service file

			




	
	
	
		
 
  copy: src="ssh-backup.service" dest="/etc/systemd/system/ssh-backup.service"

			




	
	
	
		
 
        owner=root group=root mode=644

			




	
	
	
		
 
        owner=root group=root mode=0644

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Reload systemd

			




	
	
	
		
 
    - Restart backup SSH server

			




	
	
		
 
@@ -91,7 +95,7 @@

			




	
	
	
		
 
  service: name="ssh-backup" state="started" enabled="yes"

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy firewall configuration for backup server

			




	
	
	
		
 
  template: src="ferm_backup.conf.j2" dest="/etc/ferm/conf.d/40-backup.conf" owner=root group=root mode=640

			




	
	
	
		
 
  template: src="ferm_backup.conf.j2" dest="/etc/ferm/conf.d/40-backup.conf" owner=root group=root mode=0640

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart ferm

			




	
	
	
		
 

			




	
	
		
 
@@ -99,4 +103,4 @@

			




	
	
	
		
 
  include: ../handlers/main.yml

			




	
	
	
		
 
  when: "handlers | default(False) | bool() == True"

			




	
	
	
		
 
  tags:

			




	
	
	
		
 
    - handlers

			




	
	
		
 
\ No newline at end of file

			




	
	
	
		
 
    - handlers

			




        

    


    
    

    

        

                

                    roles/backup_server/templates/ssh_host_key.j2
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
new file 100644

			




	
	
	
		
 
{{ item.value }}

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.