forked from mikecali/ansible-labs-101
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook.yml
executable file
·138 lines (117 loc) · 3.39 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
- hosts: all
become: yes
become_user: root
gather_facts: true
vars:
repository: https://github.com/mikecali/demo_app.git
tasks:
# - name: add epel repository
# apt:
# name: epel-release
# state: present
- name: configure timezone
timezone:
name: America/New_York
- name: run apt-get update
apt:
update_cache: yes
- name: install ansible
apt:
name: ansible
state: latest
when: "'ansible-host' in inventory_hostname"
- name: Install Apache Webserver
apt: name={{ item }} state=present
with_items:
- apache2
- php
- php-mysqlnd
- git
become: true
when: "'web' in inventory_hostname"
- name: http service state
service: name=apache2 state=started enabled=yes
become: true
when: "'web' in inventory_hostname"
- name: enabled mod_rewrite
apache2_module: name=rewrite state=present
notify:
- restart apache2
when: "'web' in inventory_hostname"
# When enabled, this errors out because the detault server files already exist in "dest"
# - name: Copy the code from repository
# git: repo={{ repository }} dest=/var/www/html/
# become: true
# when: "'web' in inventory_hostname"
# This was originally a centos playbook, firewalld doesn't exist.
# To-do: add ufw related commands.
# - name: Start firewalld
# service:
# state: restarted
# name: firewalld
# when: "'web' in inventory_hostname or 'ansible-host' in inventory_hostname"
# become_user: root
# - name: Allow apache
# firewalld:
# service: http
# permanent: true
# state: enabled
# zone: public
# when: "'web' in inventory_hostname"
# become_user: root
- name: Install and start Cockpit
apt:
name: cockpit
# state: latest
become_user: root
- name: enable cockpit
systemd:
name: cockpit
state: started
enabled: yes
become: true
- name: Allow Cockpit to access the vm
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
insertafter: '#PasswordAuthentication'
line: 'PasswordAuthentication yes'
become: yes
- name: Allow root login for cockpit
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
insertafter: '#PermitRootLogin'
line: 'PermitRootLogin yes'
become: yes
- name: Restart sshd
service:
state: restarted
name: sshd
# This was originally a centos playbook, firewalld doesn't exist.
# - name: Allow cockpit on firewalld
# firewalld:
# service: cockpit
# permanent: true
# state: enabled
# zone: public
# become_user: root
# - name: Restart firewalld
# service:
# state: restarted
# name: firewalld
# when: "'web' in inventory_hostname or 'ansible-host' in inventory_hostname"
# become_user: root
- name: Copy vagrant key
copy:
src: keys/vagrant
dest: /home/vagrant/.ssh/
owner: vagrant
group: vagrant
mode: 0600
when: "'ansible-host' in inventory_hostname"
handlers:
- name: restart apache2
service: name=apache2 state=restarted
when: "'web' in inventory_hostname"