安全审计>> ansible-role-server-init>> 返回
项目作者: L-P

项目描述 :
Basic server initialization.
高级语言:
项目地址: git://github.com/L-P/ansible-role-server-init.git
创建时间: 2016-11-17T11:23:31Z
项目社区:https://github.com/L-P/ansible-role-server-init
开源协议:MIT License
下载


server-init

Server initialization, install basic packages, setup basic security stuff and
create ansible user.

This role can be run both as root and as any other sudoer.
This will only disable the root login if it can connect as a sudoer.

Requirements

Role created for Ubuntu 16.04 amd64 and armhf.
become is required to run this role.

Role Variables

Mandatory

  1. # Use this to generate init_user_password_crypted:
  2. # mkpasswd -m sha-512
  4. init_hostname:
  5. init_user_login:
  6. init_user_password_crypted:
  7. init_user_pubkey:  # "ssh-rsa (…)"

Optional

  1. # boolean, should we disable ufw ipv6 support, this is needed on some armhf hosts.
  2. init_disable_ufw_ipv6:
  4. # Ports en open, eg.:
  5. init_ufw_open:
  6.   - to_port: 80
  7.     proto: "tcp"
  9. # Files to write, eg.:
  10. init_files:
  11.   - content="foo"
  12.     dest="/bar"
  13.     owner="root"
  14.     group="root"
  15.     mode="0600"

Dependencies

None.

Example Playbook

Don’t become on the whole play but on the role. If you become on the whole play
you’ll be root when the fact gathering occurs.
This prevents the role from removing password-authenticated remote root access
as we don’t do it if ansible_user_id is root (to avoid locking ourselves
out).

This also means the role should be run at least twice, once as root to create
the ansible user and once as ansible to remove root access.

  1. - hosts: all
  2.   roles:
  3.     - {role: "L-P.server-init", become: true}

License

MIT