File: playbook.yml

package info (click to toggle)
ruby-net-ssh 1%3A6.1.0-2%2Bdeb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 1,884 kB
  • sloc: ruby: 15,997; makefile: 4
file content (119 lines) | stat: -rw-r--r-- 4,880 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
---
- hosts: all
  become: true
  vars:
    no_rvm: no
    myuser: vagrant
    mygroup: vagrant
    homedir: /home/vagrant
    ruby_version: '2.0.0-p598'
    ruby_versions:
      - '2.3.8'
      - '2.4.10'
      - '2.5.8'
      - '2.6.6'
      - '2.7.1'
#      - 'ruby-head'
#      - 'rbx-3.19'
#      - 'jruby-9.0.5.0'
    rvm_install_path: '/usr/local/rvm'
    foopwd: "$6$mhOzf/yapZwS$3RwDl4GfWZ5VcfcsHrK9xNNTxyzLOJBsmMttDNaegIbXxMahV86.v/5HsNtit16MEl0EFf5CSW8Dz2yXV.8GB0"
    foo2pwd: "$6$JiB7y7.M0yI$Abt.ZGIc4DwkRWeI6nKxzzPUZcux7hLRXSdpoKoZvswJz1SZyg5GRQWn9pGID0dgC6e4wFglfW6ev/qZoTqGk/"
  pre_tasks:
    - name: get currently installed ruby version
      command: "{{rvm_install_path}}/rubies/ruby-{{ruby_version}}/bin/ruby -e 'puts \"#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}\"'"
      register: current_ruby_version
      ignore_errors: True
  roles:
    - { role: rvm.ruby,
        tags: ruby,
        become: yes,
        rvm1_user: 'root',
        rvm1_rubies: "{{ ruby_versions }}",
        rvm1_install_path: "{{rvm_install_path}}",
        rvm1_install_flags: '--auto-dotfiles', # Make sure RVM sets itself up so the user has access to it
        rvm1_gpg_key_server: pool.sks-keyservers.net,
        when: "'{{current_ruby_version.stdout|default()}}' != '{{ruby_version}}' and not no_rvm" }
  tasks:
    - group: name="{{mygroup}}" state=present
    - user: name=net_ssh_1 password="{{foopwd}}" group="{{mygroup}}" state=present
    - user: name=net_ssh_2 password="{{foo2pwd}}" group="{{mygroup}}" state=present
    - file: dest=/home/net_ssh_1/.ssh/ state=directory mode=0740 owner=net_ssh_1
    - file: dest=/home/net_ssh_2/.ssh/ state=directory mode=0740 owner=net_ssh_2
    - lineinfile: dest=/etc/sudoers.d/net_ssh_1 mode=0440 state=present create=yes
        line='net_ssh_1 ALL=(ALL) NOPASSWD:ALL' regexp=net_ssh_1
    - lineinfile: dest=/etc/sudoers.d/net_ssh_1 mode=0440 state=present create=yes
        line='net_ssh_2 ALL=(ALL) NOPASSWD:ALL' regexp=net_ssh_2
    - unarchive:
        src: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.9p1.tar.gz
        dest: /tmp
        remote_src: True
        validate_certs: False
    - name: building and installing openssh 7.9 (used in forward test)
      command: sh -c "./configure --prefix=/opt/net-ssh-openssh && make && sudo make install"
      args:
        chdir: /tmp/openssh-7.9p1/
    - name: drop installed openssh etc/ in favor of symlink
      file:
        state: absent
        path: /opt/net-ssh-openssh/etc
    - name: creating symlink between system etc/ssh/ and our etc/
      file:
        src: /etc/ssh
        dest: /opt/net-ssh-openssh/etc
        state: link
    - command: ssh-keygen -A
      args:
        creates: /etc/ssh/ssh_host_ed25519_key
      notify: restart sshd
    - name: sshd debug
      lineinfile: dest='/etc/ssh/sshd_config' line='LogLevel DEBUG' regexp=LogLevel
      notify: restart sshd
    - name: sshd allow interactive
      lineinfile: dest='/etc/ssh/sshd_config' line='ChallengeResponseAuthentication yes' regexp='^ChallengeResponseAuthentication.+'
      notify: restart sshd
    - command: ssh-keygen -f /etc/ssh/users_ca -N ''
      args:
        creates: /etc/ssh/users_ca.pub
      notify: restart sshd
    - name: sshd cert auth
      lineinfile: dest='/etc/ssh/sshd_config' line='TrustedUserCAKeys /etc/ssh/users_ca.pub'
      notify: restart sshd
    - name: sshd allow forward
      lineinfile: dest='/etc/ssh/sshd_config' line='AllowTcpForwarding all' regexp=LogLevel
      notify: restart sshd
    - name: sshd allow forward
      lineinfile: dest='/etc/ssh/sshd_config' line='GatewayPorts yes' regexp=LogLevel
      notify: restart sshd
    - name: put NET_SSH_RUN_INTEGRATION_TESTS=YES environment
      lineinfile: dest='/etc/environment' line='NET_SSH_RUN_INTEGRATION_TESTS=YES'
    - name: change dir in bashrc
      lineinfile: dest="{{homedir}}/.bashrc" owner="{{myuser}}" mode=0644
        regexp='^cd ' line='cd /net-ssh'
    - name: add host aliases
      lineinfile: dest='/etc/hosts' owner='root' group='root' mode=0644
        regexp='^127\.0\.0\.1\s+gateway.netssh' line='127.0.0.1  gateway.netssh'
    - name: Update APT Cache
      apt:
        update_cache: yes
        force_apt_get: yes
    - name: Wait for locfile removal
      become: yes
      shell:  while sudo fuser /var/lib/dpkg/lock >/dev/null 2>&1; do sleep 5; done;
    - name: Install packages
      apt:
        pkg:
          - pv
          - libgmp3-dev
          - git
        state: present
    - copy: content='echo "cd /net-ssh ; rake integration-test"' dest=/etc/update-motd.d/99-net-ssh-tests mode=0755
    - name: add user to rvm group so they can change gem wrappers
      user:
        name: "{{myuser}}"
        groups: rvm
        append: yes
      when: "not no_rvm"
  handlers:
    - name: restart sshd
      service: name=ssh state=restarted