Add some of our roles to fed-cloud09 so we have accounts, 2fa, sudo, etc

2015-01-23 22:58:30 +00:00 · 2015-01-23 22:58:30 +00:00 · 7792f36121
commit 7792f36121
parent 5da470ec26
2 changed files with 35 additions and 0 deletions
--- a/pam_url.conf.fed-cloud09.cloud.fedoraproject.org
+++ b/pam_url.conf.fed-cloud09.cloud.fedoraproject.org
@ -0,0 +1,21 @@
+pam_url:
+{
+	settings:
+	{
+		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
+		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
+		userfield = "user";				# userfield name to send
+		passwdfield = "token";				# passwdfield name to send
+		extradata = "&do=login";			# extradata to send
+		prompt = "Password+Token: ";			# password prompt
+	};
+
+	ssl:
+	{
+		verify_peer = true;				# Should we verify SSL ?
+		verify_host = true;				# Should we verify the CN in the SSL cert?
+		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
+		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
+                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
+	};
+};
--- a/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
@ -10,10 +10,24 @@
   - /srv/web/infra/ansible/vars/fedora-cloud.yml
   - /srv/private/ansible/files/openstack/passwords.yml

+  roles:
+  - rkhunter
+  - nagios_client
+  - hosts
+  - fas_client
+  - sudo
+
  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"
    vars:
      root_auth_users: msuchy
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+
+  - name: set root passwd
+    user: name=root password={{ cloud_rootpw }} state=present
+    tags:
+    - rootpw

  - name: Set the hostname
    action: hostname name=fed-cloud09.cloud.fedoraproject.org