forked from mikecali/ansible-labs-101
-
Notifications
You must be signed in to change notification settings - Fork 0
/
playbook.yml
executable file
·130 lines (110 loc) · 3.01 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
---
- hosts: all
become: yes
become_user: root
gather_facts: true
vars:
repository: https://github.com/mikecali/demo_app.git
tasks:
- name: add epel repository
yum:
name: epel-release
state: present
- name: configure timezone
timezone:
name: Pacific/Auckland
- name: install ansible
yum:
name: ansible
state: latest
when: "'ansible-host' in inventory_hostname"
- name: Install http
yum: name={{ item }} state=present
with_items:
- httpd
- php
- php-mysqlnd
- git
become: true
when: "'web' in inventory_hostname"
- name: http service state
service: name=httpd state=started enabled=yes
become: true
when: "'web' in inventory_hostname"
- name: enabled mod_rewrite
apache2_module: name=rewrite state=present
notify:
- restart apache2
when: "'web' in inventory_hostname"
- name: Copy the code from repository
git: repo={{ repository }} dest=/var/www/html/
become: true
when: "'web' in inventory_hostname"
- name: Start firewalld
service:
state: restarted
name: firewalld
when: "'web' in inventory_hostname or 'ansible-host' in inventory_hostname"
become_user: root
- name: Allow apache
firewalld:
service: http
permanent: true
state: enabled
zone: public
when: "'web' in inventory_hostname"
become_user: root
- name: Install and start Cockpit
yum:
name: cockpit
state: latest
become_user: root
- name: enable cockpit
systemd:
name: cockpit
state: started
enabled: yes
become: true
- name: Allow Cockpit to access the vm
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication'
insertafter: '#PasswordAuthentication'
line: 'PasswordAuthentication yes'
become: yes
- name: Allow root login for cockpit
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
insertafter: '#PermitRootLogin'
line: 'PermitRootLogin yes'
become: yes
- name: Restart sshd
service:
state: restarted
name: sshd
- name: Allow cockpit on firewalld
firewalld:
service: cockpit
permanent: true
state: enabled
zone: public
become_user: root
- name: Restart firewalld
service:
state: restarted
name: firewalld
when: "'web' in inventory_hostname or 'ansible-host' in inventory_hostname"
become_user: root
- name: Copy vagrant key
copy:
src: keys/vagrant
dest: /home/vagrant/.ssh/
owner: vagrant
group: vagrant
mode: 0600
when: "'ansible-host' in inventory_hostname"
handlers:
- name: restart apache2
service: name=apache2 state=restarted
when: "'web' in inventory_hostname"