Last change
on this file since 17722 was
15915,
checked in by uli, 5 years ago
|
Rename group [yet-untouched] -> [yet_untouched]
as ansible does not like dashes in groupnames.
|
File size:
939 bytes
|
Rev | Line | |
---|
[14923] | 1 | --- |
---|
| 2 | # This ansible-playbook prepares freshly initiated vagrant |
---|
| 3 | # servers for work with ansible. |
---|
| 4 | # |
---|
| 5 | # It should be played as first thing after running `vagrant` |
---|
| 6 | # on the remote host. |
---|
| 7 | # |
---|
| 8 | # The documentation for this playbook is in `README.vhosts.rst`. Please read |
---|
| 9 | # it! Do not run this playbook without having read the README. |
---|
| 10 | # |
---|
[15915] | 11 | - hosts: yet_untouched |
---|
[14923] | 12 | become: yes |
---|
| 13 | vars: |
---|
| 14 | # Enable root access via SSH? Set to false not before user |
---|
| 15 | # accounts are active. |
---|
| 16 | permit_ssh_root: false |
---|
| 17 | |
---|
| 18 | roles: |
---|
| 19 | - openssh |
---|
| 20 | |
---|
| 21 | handlers: |
---|
| 22 | - name: "Restart sshd" |
---|
| 23 | service: |
---|
| 24 | name="ssh" |
---|
| 25 | enabled=yes |
---|
| 26 | state=restarted |
---|
| 27 | |
---|
| 28 | tasks: |
---|
| 29 | - name: Disable SSH root access |
---|
| 30 | # make sure this is not run before you can log in otherwise! |
---|
| 31 | lineinfile: |
---|
| 32 | dest=/etc/ssh/sshd_config |
---|
| 33 | backrefs=yes |
---|
| 34 | line='PermitRootLogin no' |
---|
| 35 | regexp='^PermitRootLogin yes' |
---|
| 36 | state=present |
---|
| 37 | notify: "restart sshd" |
---|
| 38 | when: not permit_ssh_root |
---|
Note: See
TracBrowser for help on using the repository browser.