diff --git a/ffmwu-servers.yml b/ffmwu-servers.yml new file mode 100755 index 0000000..d47b613 --- /dev/null +++ b/ffmwu-servers.yml @@ -0,0 +1,10 @@ +#!/usr/bin/ansible-playbook +--- + +#- hosts: ff-servers +- hosts: wasserfloh.freifunk-mwu.de + remote_user: admin + strategy: linear + + roles: + - ffmwu-server diff --git a/roles/ffmwu-prereqs/tasks/main.yml b/roles/ffmwu-prereqs/tasks/main.yml new file mode 100755 index 0000000..0a1ca40 --- /dev/null +++ b/roles/ffmwu-prereqs/tasks/main.yml @@ -0,0 +1,23 @@ +--- + +- name: assert IPv4 DNS entry + local_action: shell dig A {{ inventory_hostname }} | egrep '^{{ inventory_hostname }}' + changed_when: False + +- name: assert IPv6 DNS entry + local_action: shell dig AAAA {{ inventory_hostname }} | egrep '^{{ inventory_hostname }}' + changed_when: False + +- name: test access to admin account (ssh key neccessary!) + command: "true" + changed_when: False + +- name: test access to root account + command: "true" + changed_when: False + become: True + become_user: root + +- name: fail on wrong OS type and version # TODO: include debian + fail: msg="unsupported OS type or version - {{ ansible_distribution }} {{ ansible_distribution_major_version }}" + when: not ( ansible_distribution=="Ubuntu" and ansible_distribution_major_version|int==14 ) diff --git a/roles/ffmwu-server/meta/main.yml b/roles/ffmwu-server/meta/main.yml new file mode 100644 index 0000000..db75f76 --- /dev/null +++ b/roles/ffmwu-server/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: +- ffmwu-prereqs diff --git a/roles/ffmwu-server/tasks/main.yml b/roles/ffmwu-server/tasks/main.yml new file mode 100644 index 0000000..edab480 --- /dev/null +++ b/roles/ffmwu-server/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- name: ensure all wanted ssh keys exclusively + authorized_key: exclusive=True state=present user=admin + key={{ mwu_s_admin_keys }} diff --git a/roles/ffmwu-server/vars/main.yml b/roles/ffmwu-server/vars/main.yml new file mode 100644 index 0000000..caedbb9 --- /dev/null +++ b/roles/ffmwu-server/vars/main.yml @@ -0,0 +1,11 @@ +--- + +mwu_s_admin_keys: | + ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA2ProGXZXgOu1qAkY1COL4vvIdMpBAi/eg7/SvQRUrm1H8typyJHJPOvaMO8ozm9r4HQ7hZRL6Mf25IhTx9HFvlKwEbMpqUrIudBV/r07E0q4fjWWEY3OTUjSOUkArviKnYzhM8zYD9pSq6gXcCBXVGgNZsIEIeESvct/p8gB2dPI0DB81HEimCWHu1ge6KqClukxQZtmszT8rQZKWFK/yJkEBdAJtfcZSJg0IhqfJ7Zhuu4qPc8uAy7EkdsaidbU09tWVxdhHD27JAh3gFr62f+L4D9OKhl96sopEqkJmsYQe9GgjoUiKYD4DAvOWU3MmNsgc6xwRmgsaYcQaHVZEy/uF2XCLN1Ahq6UI6R/RDrMkxNVR+AF6BKagPGiId9UTNWM1BvARAMBjakptW6rU3Bwb8In3vItQT9rhG6RQcCBuAqLphXXqlGNsPDeY1E/T9uYRfeS6MIE+3VwuC2Q/NVWMXa2np9JgCjC29ur1w1+BiBeU3iwv+shHqq0zoNyX/EizkPuG8IyK1MrVY1sOUVcQzFFV+PMn8DMWgJpm0eeXJyxa3KBTovtINsFCWfDWtojkB0aC5/XKZAbVC4pOKNRROctRpcdLERNqV9dZ5TkIriB1N2/Z48hjQPimjlFrR8+v1pt37YP/2lvAbOf1sTysu8ey9pFTt7jiiTR5NM= kaba + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9iZOonZ/WGmtgpZgs9vibpq6HJhpvuciBa8vzjysIYYiqNGgLvtZxw/2Af0/ykTdsP09A28RVGJXel6u8I2b16a0e+H2yBbUn8pXFow8xODPXezN0J/U7CDb8mRF9SkBJEzqVt1ndchJWU/qTi/nqbPfNaurB8EXkIDGcmDiCci25RVBDUvSSQBP+XIxQICJgeJ66CYcrD1Sry65H8tVSsWr6+fruNFZQRYyxAFu/7wW3J/RfFJQJFF9WNRzspChsjYRqrYdZCCx6GZ0qQxK4hwqfVbv3cPjZGFfcLrQaOCUMIiDUVEVmmdp0phE7eYDYewxD2Yaw1+fIJ+hWal6F moritz@wwwserv.de + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAgwquzleAfo0ZccCikwh9aD0cBA0XrvEmQIB06XUUyn kokel + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGom9IEjz5utkAWg2wSm0uk+JC0A2tFlz2coAAvA2/An prisma@oimelmobil + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD4s/bIf+tU8/3ClsC3D6Rw7+9lr6Jmt0E1e6S+UVlKGJU9cvYNSQGSKpm7lCaIVUe+j4I4BES/Bkj+ZXvKIpUGTx7R/YnwO+95pS/oiu73QyBORnTeuBfCtz5eQJurD/9Z9OV5VtkleKVGSVwTeiBV+aKD1CrKYLiu5PGxyZsv981TZ6G2uxO3VG+M2OXd0ARV6/Lb5Aw8Xw9bHA4WqVKE6RFVb8va/E+O0hZO0q0ww57P3pfrReSozkZAv7tk/o4wTl+4sPMWhvi/X+KBvHkeiz5lo6eFSZfXzmCTvO8Xb6T8fgMf6fYWUr9+DpmYvjZ5/bBPojbhkQ09JyEirocueYxBqZM7riOeVYG7I941TIWiBpeACv+eGZMFYYNhb8zLW4/Oozk1CKs0Axb3B227+HXWkuB3lh2GKPQBS6lgRWsoCrHGzH1HGLDlt1ucAOwQgI5gJFY+SEjAe7pW+namiR33QaWqoksozwqJCK/1sRB2YUkW5wQ8+YW1hBoudly8sYXxBnwhXygduCmzGAhlTyUN2oLr8X+5UW2jo6jdON1WH8mENfPJc4OSEU1ZHOzeg0d5/48GzrIWWDE9wJzjagLYLA9vK763gM16Y0tG7ZXA5x2UfS1FGM5Yv+jcn0qagBS/bAI27Sa4ZuXXrrBpzzUrEcf/34w63X003PQi3Q== ungenannter@niki + ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEo1sehLaRTeibVbUVuwRQyw7Zi58AzfqGwwRVUKejBWVDqZrFdxP6BpK9BqeVSo46n+Z5RJtOFU+F7wTsMPdRnbwHO/ZOljWV/RoKrNU3ZMRZnI3WWGT4u6zrmkO3rdLshLk8Z5lGIKJQg/vaqUbsHHgPI5BmDxfVyXM70M3922lx41w== juventas + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTwobxZo1wyRFUDZ32jM9AvCDUMTghSDAQMdffOrOaD8AAvVuaFzR6/yNvPHUhMOIb4CQPnaXGiTYumXRXRJrA9X2AgMSRuubySrpwkqRIje9HvQ1WfDdo4OWPYj/ArAlgxUqmLAyEjolmM8TY2aRvCPCrtE39oFfx5eCfLGkh0hn6wOGN7Gz8bh8P9n10ihYLrHhQsjEplXOX28b+9UojjjZX0Sfwk82u+/8f1y3ebT6kcPQx5OKqWU2GGbLgOOptkrguSu+vmF4KyxR9ayEqY2OpNdr7G+xp+4DC1pJhnIWq+GbcsH8xQVMDZPYaUjJQOiduRB0U5CqclSc22d39 belzebub + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/aWNpOlttng5NKzYCnSAIYacPxTB9n9DeUNBmJVC6qd8OTSgAQxYAy4xezgGoNZVDHzIo7ptZgo15XUf4kNQ/p7Qcc4zR5N6ZixY38ZVMMOcxy8bZxVZ7FJBfkLQ3N7Kk1CSXYcxfa0uW9PXkODyatXjeNRNPSxmdNeNdvCMhWmxZDBTM5qwO75SgxmoY3PfCji0Q7hy8guUVVkK0LajPGfKNZ4hyCh0fvi9cSkfzsCbWhcA+eflpgpbQMNXpSVWXcMNViKkIAOjxLQgIgT8tVvM36Rphgit8fF6xt1r8z+KaGzS2M8BVn9vsN7eHulv9vtENsm9pO3eo+5io/DPDgp/ThaRj7BohRlm7a18Mg3Gbe0Tq1LWHI3uTiHSL9sstwUpjND9AeB2NAtq0qHyECIGrnjXwULa7gwcgodE0TA2lLgWaZeUKrsQ//SWgZmOzEQjDVKMiOTSxzkQ2b37XUuYyQXXDuAzE3ksBNeySLWotEBUHuryePEfouV/l7+fbeFDxidZbT9OXB1JnLWyrCLD9V2oRZmE+wKYOagvlj8FY+q+xlL84QUKof0Ati80YoBkfgveEbQPgR7jhOh/V3fqz2DdceAhRHXTwf7SWTYSHyntXKD0o/2ZOHZHKgu0NuUmpaOnf/jyltrlRTqk9IO/vGxsfVub1sBSBPP7IwQ== stonie diff --git a/test-prerequisites.yml b/test-prerequisites.yml index 28808db..7f740e5 100755 --- a/test-prerequisites.yml +++ b/test-prerequisites.yml @@ -5,25 +5,5 @@ remote_user: admin strategy: free - tasks: - - name: assert IPv4 DNS entry - local_action: shell dig A {{ inventory_hostname }} | egrep '^{{ inventory_hostname }}' - changed_when: False - - - name: assert IPv6 DNS entry - local_action: shell dig AAAA {{ inventory_hostname }} | egrep '^{{ inventory_hostname }}' - changed_when: False - - - name: test access to admin account (ssh key neccessary!) - command: "true" - changed_when: False - - - name: test access to root account - command: "true" - changed_when: False - become: True - become_user: root - - - name: fail on wrong OS type and version # TODO: include debian - fail: msg="unsupported OS type or version - {{ ansible_distribution }} {{ ansible_distribution_major_version }}" - when: not ( ansible_distribution=="Ubuntu" and ansible_distribution_major_version|int==14 ) + roles: + - ffmwu-prereqs