Commit 78f81e91 authored by decentral1se's avatar decentral1se

Merge branch 'simplify' into 'master'

Only run SSH user account management.

See merge request !10
parents 42968b74 8ae41961
Pipeline #2969 passed with stage
in 8 minutes and 23 seconds
......@@ -10,7 +10,7 @@ docker:
before_script:
- apt update && apt install -y curl sshpass
- curl -sSL https://get.docker.com/ | sh
- pip install -U pip setuptools pipenv
- pip install pipenv
- pipenv sync --dev
script:
- pipenv run molecule test
- pipenv run molecule --debug test
......@@ -4,6 +4,10 @@
A role for creating new Linode machines.
Aptivate developer SSH accounts will automatically be created via the [ssh-user-mgmt] role.
[ssh-user-mgmt]: https://git.coop/aptivate/ansible-roles/ssh-user-mgmt
# Requirements
* The `linode-python` python package. This must be installed in the
......@@ -14,9 +18,10 @@ A role for creating new Linode machines.
inventory: `localhost ansible_connection=local ansible_python_interpreter="{{ ansible_playbook_python }}"`.
* The `LINODE_ACCESS_TOKEN` environment variable exposed. This is a variable that
uses the version 4 of the API. A `LINODE_API_TOKEN` from version 3 will not work.
uses the version 4 of the API. A `LINODE_API_TOKEN` from API version 3 will
not work.
* If you have `with_ssh_user_mgmt` defined (the default) you will need to install `sshpass` locally.
* The `sshpass` package.
# Role Variables
......@@ -35,37 +40,13 @@ A role for creating new Linode machines.
* `linode_distribution`: the Linode distribution.
* Default is `linode/centos7`.
* `with_ssh_user_mgmt`: Whether or not to run the [ssh-user-mgmt] role.
* Default is `true`.
* `with_ssh_hardening`: Whether or not to run the [ssh-hardening] role.
* Default is `true`.
* `with_ufw`: Whether or not to run the [ufw] role.
* Default is `true`.
* `with_fail2ban`: Whether or not to run the [fail2ban] role.
* Default is `true`.
[ssh-user-mgmt]: https://git.coop/aptivate/ansible-roles/ssh-user-mgmt
[ssh-hardening]: https://git.coop/aptivate/ansible-roles/ssh-hardening
[ufw]: https://git.coop/aptivate/ansible-roles/ufw
[fail2ban]: https://git.coop/aptivate/ansible-roles/fail2ban
# Role Output
* `linode_creation_details`: The Linode details.
See the example below for which keys to access from this output.
* `linode_creation_details`: The Linode details stored in a variable.
# Dependencies
* https://git.coop/aptivate/ansible-roles/ssh-user-mgmt
* https://git.coop/aptivate/ansible-roles/ssh-hardening
* https://git.coop/aptivate/ansible-roles/ufw
* https://git.coop/aptivate/ansible-roles/fail2ban
Whether or not to run these roles are configurable through the variables.
* https://git.coop/aptivate/ansible-roles/ssh-user-mgmt
# Example Playbook
......@@ -87,9 +68,9 @@ $ pipenv run molecule test
# License
* https://www.gnu.org/licenses/gpl-3.0.en.html
* https://www.gnu.org/licenses/gpl-3.0.en.html
# Author Information
* https://aptivate.org/
* https://git.coop/aptivate
* https://aptivate.org/
* https://git.coop/aptivate
......@@ -3,8 +3,3 @@
linode_type: g6-nanode-1
linode_region: eu-west
linode_image: linode/centos7
with_ssh_user_mgmt: true
with_ssh_hardening: true
with_ufw: true
with_fail2ban: true
......@@ -4,10 +4,6 @@
hosts: all
vars:
linode_label: linode-create-gitlab-ci-153
with_ssh_user_mgmt: false
with_ssh_hardening: false
with_ufw: false
with_fail2ban: false
tasks:
- name: Run the Linode creation role
block:
......
......@@ -5,15 +5,3 @@
- src: https://git.coop/aptivate/ansible-roles/ssh-user-mgmt.git
version: master
scm: git
- src: https://git.coop/aptivate/ansible-roles/ufw.git
version: master
scm: git
- src: https://git.coop/aptivate/ansible-roles/fail2ban.git
version: master
scm: git
- src: https://git.coop/aptivate/ansible-roles/ssh-hardening.git
version: master
scm: git
......@@ -73,32 +73,4 @@
when:
- linode_details is defined
- linode_details.changed
- with_ssh_user_mgmt
delegate_to: freshly-created-linode
- name: Configure UFW.
import_role:
name: ufw
when:
- linode_details is defined
- linode_details.changed
- with_ufw
delegate_to: freshly-created-linode
- name: Configure Fail2Ban.
import_role:
name: fail2ban
when:
- linode_details is defined
- linode_details.changed
- with_fail2ban
delegate_to: freshly-created-linode
- name: Harden the SSH access.
import_role:
name: ssh-hardening
when:
- linode_details is defined
- linode_details.changed
- with_ssh_hardening
delegate_to: freshly-created-linode
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment