ansible/tasks/2fa_client.yml

---
- name: install pam_url
  package: name=pam_url state=present
  tags:
  - packages
  when: ansible_distribution_major_version|int < 22

- name: install pam_url
  dnf: name=pam_url state=present
  tags:
  - packages
  when: ansible_distribution_major_version|int > 21

- name: /etc/pki/tls/private/totpcgi.pem
  copy: src="{{ private }}/files/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400
  tags:
  - config

- name: /etc/pki/tls/private/totpcgi-ca.cert
  copy: src="{{ private }}/files/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
  tags:
  - config

- name: /etc/pam_url.conf - split for staging/phx2/everyone else
  template: src={{ item }} dest=/etc/pam_url.conf mode=0644
  with_first_found:
  - "{{ files }}/2fa/pam_url.conf.{{ inventory_hostname }}"
  - "{{ files }}/2fa/pam_url.conf.{{ ansible_domain }}"
  - "{{ files }}/2fa/pam_url.conf.{{ datacenter }}"
  - "{{ files }}/2fa/pam_url.conf.j2"
  tags:
  - config

- name: /etc/pam.d/sudo
  copy: src={{ item }} dest=/etc/pam.d/sudo mode=0644
  with_first_found:
  - "{{ files }}/2fa/sudo.pam.{{ inventory_hostname }}"
  - "{{ files }}/2fa/sudo.pam.{{ ansible_domain }}"
  - "{{ files }}/2fa/sudo.pam"
  tags:
  - config
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00			`---`
			`- name: install pam_url`
Move the rest of yum: to package: as well Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org> 2017-10-09 00:37:39 +02:00			`package: name=pam_url state=present`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`tags:`
			`- packages`
Fix yum/dnf here. 2015-11-09 17:55:30 +00:00			`when: ansible_distribution_major_version\|int < 22`

			`- name: install pam_url`
			`dnf: name=pam_url state=present`
			`tags:`
			`- packages`
			`when: ansible_distribution_major_version\|int > 21`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00
			`- name: /etc/pki/tls/private/totpcgi.pem`
Move all puppet_private stuff to ansible private so we can stop using puppet private. 2015-09-25 18:16:23 +00:00			`copy: src="{{ private }}/files/2fa-certs/keys/{{ inventory_hostname }}.pem" dest=/etc/pki/tls/private/totpcgi.pem mode=0400`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`tags:`
			`- config`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00
			`- name: /etc/pki/tls/private/totpcgi-ca.cert`
Move all puppet_private stuff to ansible private so we can stop using puppet private. 2015-09-25 18:16:23 +00:00			`copy: src="{{ private }}/files/2fa-certs/keys/ca.crt" dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`tags:`
			`- config`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00
			`- name: /etc/pam_url.conf - split for staging/phx2/everyone else`
Fix old variable usage. Patch from janeznemanic. Thanks! 2014-01-01 19:15:11 +00:00			`template: src={{ item }} dest=/etc/pam_url.conf mode=0644`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00			`with_first_found:`
Fix old variable usage. Patch from janeznemanic. Thanks! 2014-01-01 19:15:11 +00:00			`- "{{ files }}/2fa/pam_url.conf.{{ inventory_hostname }}"`
			`- "{{ files }}/2fa/pam_url.conf.{{ ansible_domain }}"`
I think now I can get the datacenter working 2014-11-04 02:21:34 +00:00			`- "{{ files }}/2fa/pam_url.conf.{{ datacenter }}"`
Fix old variable usage. Patch from janeznemanic. Thanks! 2014-01-01 19:15:11 +00:00			`- "{{ files }}/2fa/pam_url.conf.j2"`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`tags:`
			`- config`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00
			`- name: /etc/pam.d/sudo`
Deploy the no-password: prompt fix to prod Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-07-05 16:20:26 +00:00			`copy: src={{ item }} dest=/etc/pam.d/sudo mode=0644`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00			`with_first_found:`
Deploy the no-password: prompt fix to prod Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> 2016-07-05 16:20:26 +00:00			`- "{{ files }}/2fa/sudo.pam.{{ inventory_hostname }}"`
			`- "{{ files }}/2fa/sudo.pam.{{ ansible_domain }}"`
			`- "{{ files }}/2fa/sudo.pam"`
add tags to config/packages/service 2013-05-21 20:15:34 +00:00			`tags:`
			`- config`
first cut of everything we need for 2fa client side 2013-05-18 21:07:10 +00:00