125 lines
3.5 KiB
YAML
125 lines
3.5 KiB
YAML
---
|
|
# Tasks file for the luks_ssh role
|
|
|
|
# Infrastructure
|
|
# Ansible instructions to deploy the infrastructure
|
|
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
|
|
# Copyright (C) 2020 Saibotk
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, version 3 of the License.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
- name: Create dracut extension
|
|
file:
|
|
path: "{{ dracut_ssh_dir }}"
|
|
state: directory
|
|
mode: '0755'
|
|
owner: 'root'
|
|
group: 'root'
|
|
become: true
|
|
|
|
- name: Add SSH keys for grub2
|
|
authorized_key:
|
|
user: "root"
|
|
state: present
|
|
key: "{{ lookup('file', item.ssh_key) }}"
|
|
comment: "{{ item.owner }} - {{ item.comment }} | Managed by Ansible"
|
|
path: "{{ dracut_ssh_dir }}/authorized_keys"
|
|
with_items:
|
|
- "{{ dracut_authorized_keys }}"
|
|
become: true
|
|
notify: Regenerate dracut
|
|
|
|
- name: Copy module setup file
|
|
copy:
|
|
src: "module-setup.sh"
|
|
dest: "{{ dracut_ssh_dir }}/module-setup.sh"
|
|
mode: '0755'
|
|
owner: 'root'
|
|
group: 'root'
|
|
become: true
|
|
notify: Regenerate dracut
|
|
|
|
- name: Copy module files
|
|
copy:
|
|
src: "{{ item }}"
|
|
dest: "{{ dracut_ssh_dir }}/{{ item }}"
|
|
mode: '0644'
|
|
owner: 'root'
|
|
group: 'root'
|
|
become: true
|
|
with_items:
|
|
- "sshd.service"
|
|
notify: Regenerate dracut
|
|
|
|
- name: Copy templated module files
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ dracut_ssh_dir }}/{{ item }}"
|
|
mode: '0644'
|
|
owner: 'root'
|
|
group: 'root'
|
|
become: true
|
|
with_items:
|
|
- "sshd_config"
|
|
notify: Regenerate dracut
|
|
|
|
- name: Install dracut network
|
|
package:
|
|
name: dracut-network
|
|
state: present
|
|
become: true
|
|
notify: Regenerate dracut
|
|
|
|
- name: Check if line is present
|
|
shell: cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT
|
|
changed_when: false
|
|
ignore_errors: true
|
|
register: luks_ssh_grub_default
|
|
|
|
- name: Ensure that GRUB_CMDLINE_LINUX_DEFAULT is present
|
|
lineinfile:
|
|
path: /etc/default/grub
|
|
regexp: '^GRUB_CMDLINE_LINUX_DEFAULT'
|
|
line: 'GRUB_CMDLINE_LINUX_DEFAULT=""'
|
|
become: true
|
|
notify: Regenerate grub config
|
|
when: luks_ssh_grub_default.rc != 0
|
|
|
|
# This method will only add the parameter if it was not already added
|
|
# NOTICE: If the parameter was manually added, it will not be altered!
|
|
- name: Enable early networking kernel parameter (rd.neednet=1)
|
|
replace:
|
|
path: /etc/default/grub
|
|
regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=\"((?:(?!rd\.neednet=).)*?)"$'
|
|
replace: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 rd.neednet=1"'
|
|
become: true
|
|
notify: Regenerate grub config
|
|
|
|
# This method will only add the parameter if it was not already added
|
|
# NOTICE: If the parameter was manually added, it will not be altered!
|
|
- name: Enable early networking kernel parameter (ip=dhcp)
|
|
replace:
|
|
path: /etc/default/grub
|
|
regexp: '^GRUB_CMDLINE_LINUX_DEFAULT=\"((?:(?!ip=).)*?)"$'
|
|
replace: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 ip=dhcp"'
|
|
become: true
|
|
notify: Regenerate grub config
|
|
|
|
- name: Disable rhel-import-state service, so that it doesn not overwrite ifcfg scripts.
|
|
systemd:
|
|
name: "rhel-import-state"
|
|
enabled: false
|
|
masked: true
|
|
become: true
|
|
when:
|
|
- luks_ssh_disable_state_import
|