blob: 828dda2b0715ad71b058cc902f1002103fe24c39 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
---
- hosts: all
become: true
vars:
no_rvm: no
myuser: vagrant
mygroup: vagrant
homedir: /home/vagrant
ruby_version: '2.0.0-p598'
ruby_versions:
- '2.5.8'
- '2.6.6'
- '2.7.1'
- '3.0.1'
# - 'ruby-head'
# - 'rbx-3.19'
# - 'jruby-9.0.5.0'
rvm_install_path: '/usr/local/rvm'
foopwd: "$6$mhOzf/yapZwS$3RwDl4GfWZ5VcfcsHrK9xNNTxyzLOJBsmMttDNaegIbXxMahV86.v/5HsNtit16MEl0EFf5CSW8Dz2yXV.8GB0"
foo2pwd: "$6$JiB7y7.M0yI$Abt.ZGIc4DwkRWeI6nKxzzPUZcux7hLRXSdpoKoZvswJz1SZyg5GRQWn9pGID0dgC6e4wFglfW6ev/qZoTqGk/"
pre_tasks:
- name: get currently installed ruby version
command: "{{rvm_install_path}}/rubies/ruby-{{ruby_version}}/bin/ruby -e 'puts \"#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}\"'"
register: current_ruby_version
ignore_errors: True
roles:
- { role: rvm.ruby,
tags: ruby,
become: yes,
rvm1_user: 'root',
rvm1_rubies: "{{ ruby_versions }}",
rvm1_install_path: "{{rvm_install_path}}",
rvm1_install_flags: '--auto-dotfiles', # Make sure RVM sets itself up so the user has access to it
rvm1_gpg_key_server: pool.sks-keyservers.net,
when: "'{{current_ruby_version.stdout|default()}}' != '{{ruby_version}}' and not no_rvm" }
tasks:
- name: Install packages
apt:
pkg:
- libssl-dev
- group: name="{{mygroup}}" state=present
- user: name=net_ssh_1 password="{{foopwd}}" group="{{mygroup}}" state=present
- user: name=net_ssh_2 password="{{foo2pwd}}" group="{{mygroup}}" state=present
- file: dest=/home/net_ssh_1/.ssh/ state=directory mode=0740 owner=net_ssh_1
- file: dest=/home/net_ssh_2/.ssh/ state=directory mode=0740 owner=net_ssh_2
- lineinfile: dest=/etc/sudoers.d/net_ssh_1 mode=0440 state=present create=yes
line='net_ssh_1 ALL=(ALL) NOPASSWD:ALL' regexp=net_ssh_1
- lineinfile: dest=/etc/sudoers.d/net_ssh_1 mode=0440 state=present create=yes
line='net_ssh_2 ALL=(ALL) NOPASSWD:ALL' regexp=net_ssh_2
- unarchive:
src: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
dest: /tmp
remote_src: True
validate_certs: False
- name: building and installing openssh 7.9 (used in forward test)
command: sh -c "./configure --prefix=/opt/net-ssh-openssh && make && sudo make install"
args:
chdir: /tmp/openssh-7.9p1/
- name: drop installed openssh etc/ in favor of symlink
file:
state: absent
path: /opt/net-ssh-openssh/etc
- name: creating symlink between system etc/ssh/ and our etc/
file:
src: /etc/ssh
dest: /opt/net-ssh-openssh/etc
state: link
- command: ssh-keygen -A
args:
creates: /etc/ssh/ssh_host_ed25519_key
notify: restart sshd
- name: sshd debug
lineinfile: dest='/etc/ssh/sshd_config' line='LogLevel DEBUG' regexp=LogLevel
notify: restart sshd
- name: sshd allow interactive
lineinfile: dest='/etc/ssh/sshd_config' line='ChallengeResponseAuthentication yes' regexp='^ChallengeResponseAuthentication.+'
notify: restart sshd
- command: ssh-keygen -f /etc/ssh/users_ca -N ''
args:
creates: /etc/ssh/users_ca.pub
notify: restart sshd
- name: sshd cert auth
lineinfile: dest='/etc/ssh/sshd_config' line='TrustedUserCAKeys /etc/ssh/users_ca.pub'
notify: restart sshd
- name: sshd allow forward
lineinfile: dest='/etc/ssh/sshd_config' line='AllowTcpForwarding all' regexp=AllowTcpForwarding
notify: restart sshd
- name: sshd allow forward
lineinfile: dest='/etc/ssh/sshd_config' line='GatewayPorts yes' regexp=GatewayPorts
notify: restart sshd
- name: disable x11 forward
lineinfile: dest='/etc/ssh/sshd_config' line='X11Forwarding no' regexp=X11Forwarding
notify: restart sshd
- name: sshd allow forward
lineinfile: dest='/etc/ssh/sshd_config' line='#PasswordAuthentication no' regexp='#?PasswordAuthentication.+no'
notify: restart sshd
- name: sshd allow forward
lineinfile: dest='/etc/ssh/sshd_config' line='PasswordAuthentication yes' regexp=PasswordAuthentication
notify: restart sshd
- name: put NET_SSH_RUN_INTEGRATION_TESTS=YES environment
lineinfile: dest='/etc/environment' line='NET_SSH_RUN_INTEGRATION_TESTS=YES'
- name: change dir in bashrc
lineinfile: dest="{{homedir}}/.bashrc" owner="{{myuser}}" mode=0644
regexp='^cd ' line='cd /net-ssh'
- name: add host aliases1
lineinfile: dest='/etc/hosts' owner='root' group='root' mode=0644
regexp='^127\.0\.0\.1\s+gateway.netssh' line='127.0.0.1 gateway.netssh'
- name: add host aliases2
lineinfile: dest='/etc/hosts' owner='root' group='root' mode=0644
regexp='^127\.0\.0\.1\s+one.hosts.netssh' line='127.0.0.1 one.hosts.netssh'
- name: Update APT Cache
apt:
update_cache: yes
force_apt_get: yes
- name: Wait for locfile removal
become: yes
shell: while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 5; done;
- name: Install packages
apt:
pkg:
- pv
- libgmp3-dev
- git
- libssl-dev
state: present
- copy: content='echo "cd /net-ssh ; rake integration-test"' dest=/etc/update-motd.d/99-net-ssh-tests mode=0755
- name: add user to rvm group so they can change gem wrappers
user:
name: "{{myuser}}"
groups: rvm
append: yes
when: "not no_rvm"
handlers:
- name: restart sshd
service: name=ssh state=restarted
|
