Compare revisions

cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · cae6bd7b · 9009e23e
--- a/roles/OpenVPN-Client/handlers/main.yml
+++ b/roles/OpenVPN-Client/handlers/main.yml
 ---
  - name: restart openvpn
    service: name=openvpn state=restarted
-    sudo: true
+    become: true
--- a/roles/OpenVPN-Client/meta/main.yml
+++ b/roles/OpenVPN-Client/meta/main.yml
 ---
 dependencies:
+#  - { role: easy-rsa-CA }
  - { role: easy-rsa-certificate, x509_csr_args: "" }
--- a/roles/OpenVPN-Client/tasks/copyCerts.yml
+++ b/roles/OpenVPN-Client/tasks/copyCerts.yml
--- 
- 
+---
+-
  copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest=/etc/openvpn/ca.crt  mode=644 owner=root group=root"
  name: "Copying CA certificate"
  when: "client_ca_cert.stat.exists == false"
- 
+-
  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.crt dest=/etc/openvpn/{{ inventory_hostname }}.crt mode=644 owner=root group=root"
  name: "Copying Client certificate"
  when: "client_sign_cert.stat.exists == false"
- 
+-
  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.key dest=/etc/openvpn/{{ inventory_hostname }}.key  mode=600 owner=root group=root"
  name: "Copying Client key"
  when: "client_key.stat.exists == false"

--- a/roles/OpenVPN-Client/tasks/installOpenVPN.yml
+++ b/roles/OpenVPN-Client/tasks/installOpenVPN.yml
--- 
+---
 - name: "Install OpenVPN"
  yum: "name=openvpn state=present"
-  sudo: true
+  become: true
  notify: restart openvpn

 - name: "Copying client.conf to the OpenVPN client"
  template: "src=client.conf.j2 dest=/etc/openvpn/client.conf"
-  sudo: true
+  become: true
  notify: restart openvpn

--- a/roles/OpenVPN-Client/tasks/main.yml
+++ b/roles/OpenVPN-Client/tasks/main.yml
@@ -3,6 +3,6 @@
 include: installOpenVPN.yml

 - name: "Start OpenVPN"
-  service: name=openvpn state=started
-  sudo: true
+  service: name=openvpn state=started enabled=yes
+  become: true

--- a/roles/OpenVPN-Client/vars/main.yml
+++ b/roles/OpenVPN-Client/vars/main.yml
---
-x509_csr_args: ""
-x509_cacert_file: "/etc/ssl/certs/cacert.crt"
-x509_key_file: "/etc/ssl/private/client.key"
-x509_cert_file: "/etc/ssl/certs/client.crt"
-x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Client"
--- a/roles/OpenVPN-Client/vars/main.yml
+++ b/roles/OpenVPN-Client/vars/main.yml
+readme.txt
\ No newline at end of file
--- a/roles/OpenVPN-Client/vars/readme.txt
+++ b/roles/OpenVPN-Client/vars/readme.txt
+---
+x509_csr_args: ""
+x509_cacert_file: "/etc/ssl/certs/cacert.crt"
+x509_key_file: "/etc/ssl/private/client.key"
+x509_cert_file: "/etc/ssl/certs/client.crt"
+x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Client"
--- a/roles/OpenVPN-Server/handlers/main.yml
+++ b/roles/OpenVPN-Server/handlers/main.yml
 ---
  - name: restart openvpn
    service: name=openvpn state=restarted
-    sudo: true
+    become: true
--- a/roles/OpenVPN-Server/tasks/installOpenVPN.yml
+++ b/roles/OpenVPN-Server/tasks/installOpenVPN.yml
--- 
+---
 - name: "Install OpenVPN"
  yum: "name=openvpn state=present"
  notify: "restart openvpn"
-  sudo: true
+  become: true
+
+- name: Create path
+  shell: mkdir -p {{ dhparms_file | dirname }}
+  args:
+    creates: "{{ dhparms_file | dirname }}"
+  become: true

 - name: "Generate DH parameters"
  shell: openssl dhparam -out {{ dhparms_file }} 512
  args:
    creates: "{{ dhparms_file }}"
-  sudo: true
+  become: true

 - name: "Configure OpenVPN Server"
  template: "src=server.conf.j2 dest=/etc/openvpn/server.conf"
  notify: "restart openvpn"
-  sudo: true
+  become: true
--- a/roles/OpenVPN-Server/tasks/main.yml
+++ b/roles/OpenVPN-Server/tasks/main.yml
@@ -3,5 +3,5 @@
 include: installOpenVPN.yml

 - name: "Start OpenVPN"
-  service: name=openvpn state=started
-  sudo: true
+  service: name=openvpn state=started enabled=yes
+  become: true
--- a/roles/OpenVPN-Server/vars/main.yml
+++ b/roles/OpenVPN-Server/vars/main.yml
---
-x509_csr_args: "--server"
-x509_cacert_file: "/etc/ssl/certs/ca.crt"
-x509_key_file: "/etc/openvpn/private/server.key"
-x509_cert_file: "/etc/openvpn/certs/server.crt"
-x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
-dhparms_file: "/etc/openvpn/private/dh.pem"
-server_network: "10.8.0.0"
-server_netmask: "255.255.255.0"
--- a/roles/OpenVPN-Server/vars/main.yml
+++ b/roles/OpenVPN-Server/vars/main.yml
+readme.txt
\ No newline at end of file
--- a/roles/OpenVPN-Server/vars/readme.txt
+++ b/roles/OpenVPN-Server/vars/readme.txt
+---
+x509_csr_args: "--server"
+x509_cacert_file: "/etc/ssl/certs/ca.crt"
+x509_key_file: "/etc/openvpn/private/server.key"
+x509_cert_file: "/etc/openvpn/certs/server.crt"
+x509_common_name: "{{ ansible_fqdn }}_OpenVPN_Server"
+dhparms_file: "/etc/openvpn/private/dh.pem"
+server_network: "10.8.0.0"
+server_netmask: "255.255.255.0"
--- a/roles/SSHKnownHosts/tasks/main.yml
+++ b/roles/SSHKnownHosts/tasks/main.yml
+- name: install known hosts file
+  copy: src=files/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts owner=root mode=644
+  become: true
+  become_user: root
--- a/roles/additional_paths/tasks/main.yml
+++ b/roles/additional_paths/tasks/main.yml
+- name: setup additiona PATHs in /etc/profile.d
+  template:
+    src: additional_paths.sh.j2
+    dest: /etc/profile.d/additional_paths.sh
+  become: true
+  when: additional_paths is defined
--- a/roles/additional_paths/templates/additional_paths.sh.j2
+++ b/roles/additional_paths/templates/additional_paths.sh.j2
+export PATH=$PATH:{{ additional_paths|join(":") }}
--- a/roles/allow_stale_nfs/tasks/main.yml
+++ b/roles/allow_stale_nfs/tasks/main.yml
+---
+- name: place /usr/local/ last in the PATH in /etc/profile
+  lineinfile:
+  args:
+    dest: "/etc/profile"
+    insertbefore: BOF
+    line: "PATH=/bin:/usr/bin:/usr/local/bin"
+  become: true
+  become_user: root
+
+- name: remove old line
+  lineinfile:
+  args:
+    dest: "/etc/profile"
+    regexp: "^PATH=/usr/local/bin:/bin:/usr/bin$"
+    state: absent
+  become: true
+  become_user: root
+
+- name: remove /usr/local/ from the PATH in /etc/profile
+  lineinfile:
+  args:
+    dest: "/etc/profile"
+    regexp: ".*pathmunge /usr/local.*"
+    state: absent
+  become: true
+  become_user: root
+
+- name: dont execute abrt-cli on login
+  file: path=/etc/profile.d/abrt-console-notification.sh state=absent
+  become: true
+  become_user: root
--- a/roles/apache2/tasks/apacheDebian.yml
+++ b/roles/apache2/tasks/apacheDebian.yml
+---
+-
+ name: "Install Apache2"
+ apt: name={{ item }} state=present
+ with_items:
+  - apache2
+  - apache2-dev
+ become: true
+
+-
+ name: "Templating default-ssl site"
+ template: src=default-ssl.j2 dest=/etc/apache2/sites-available/default-ssl.conf owner=www-data group=www-data
+ become: true
+-
+ name: "Templating default site"
+ template: src=default.j2 dest=/etc/apache2/sites-available/000-default.conf owner=www-data group=www-data
+ become: true
+
+-
+ name: "Enable ssl module"
+ apache2_module: state=present name=ssl
+ become: true
+
+-
+ name: "Enable default-ssl site"
+ shell: a2ensite default-ssl
+ become: true
+ notify: restart apache2
+
+
--- a/roles/apache2/tasks/apacheRedHat.yml
+++ b/roles/apache2/tasks/apacheRedHat.yml
+---
+
+-
+ name: "Installing Apache"
+ become: true
+ yum: name={{ item }} state=present
+ with_items:
+  - mod_ssl
+  - mod_wsgi
+  - openssl
+  - httpd
+  - httpd-devel
+-
+ name: Setting httpd.conf
+ become: true
+ replace: dest=/etc/httpd/conf/httpd.conf regexp="^#ServerName www.example.com:80" replace="ServerName {{ ansible_fqdn }}"
+
+-
+ name: "Templating default-ssl site"
+ template: src=default-ssl.j2 dest=/etc/httpd/conf.d/ssl.conf owner=apache group=apache
+ become: true
+
+-
+ name: Templating wsgi.conf
+ become: true
+ template: src=wsgi.conf.j2 dest=/etc/httpd/conf.d/wsgi.conf owner=root group=root
+-
+ name: Restarting Apache
+ become: true
+ service: name=httpd state=restarted
No results found