From 9584a4e07e772a17e45da1d80ff0000dc423148e Mon Sep 17 00:00:00 2001 From: Christian Martin <25327135+ct-martin@users.noreply.github.com> Date: Tue, 17 Oct 2017 23:13:47 -0400 Subject: [PATCH 1/4] Add Playbook for TigerOS Build Box (to-be) --- build-scripts/playbook.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 build-scripts/playbook.yml diff --git a/build-scripts/playbook.yml b/build-scripts/playbook.yml new file mode 100644 index 0000000..8ec0697 --- /dev/null +++ b/build-scripts/playbook.yml @@ -0,0 +1,25 @@ +--- +- hosts: 127.0.0.1 + tasks: + - name: Install packages + dnf: name="{{ item }}" state=present + become: true + with_items: + - nginx + - jenkins + - mock + - git + - openssh-server + - pungi + - rpm-sign + - certbot + - fedora-packager + - fedpkg + - fail2ban + - fail2ban-server + - iptables + - dnf-automatic + - mosh + - vim + # need to get anaconda install class for TigerOS possibly + #- letsencrypt From cdb9af36617216156e219e57e19f044239fe70a1 Mon Sep 17 00:00:00 2001 From: Christian Martin <25327135+ct-martin@users.noreply.github.com> Date: Wed, 18 Oct 2017 00:06:57 -0400 Subject: [PATCH 2/4] Add firewall and services to playbook --- build-scripts/playbook.yml | 53 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/build-scripts/playbook.yml b/build-scripts/playbook.yml index 8ec0697..1bd8679 100644 --- a/build-scripts/playbook.yml +++ b/build-scripts/playbook.yml @@ -23,3 +23,56 @@ - vim # need to get anaconda install class for TigerOS possibly #- letsencrypt + - name: Allow HTTPS (nginx) + firewalld: + service: https + permanent: true + state: enabled + - name: Allow HTTP (nginx) + firewalld: + service: http + permanent: true + state: enabled + - name: Allow SSH access + firewalld: + service: ssh + permanent: true + state: enabled + - name: Allow 8080 (Jenkins) + firewalld: + port: 8080/tcp + permanent: true + state: enabled + - name: Allow Cockpit + firewalld: + service: cockpit + permanent: true + state: enabled + - name: Enable nginx service + systemd: + name: nginx + enabled: yes + state: started + - name: Enable Jenkins service + systemd: + name: jenkins + enabled: yes + state: started + - name: Enable Cockpit service + systemd: + name: cockpit + enabled: yes + state: started + - name: Enable sshd (openssh-server) service + systemd: + name: sshd + enabled: yes + state: started + - name: Enable fail2ban service + systemd: + name: fail2ban + enabled: yes + state: started + - name: Reload Firewall + command: firewall-cmd --reload + become: true From 5c3e6b454beb4ca6dacc85768ffe930813e0a99a Mon Sep 17 00:00:00 2001 From: Christian Martin <25327135+ct-martin@users.noreply.github.com> Date: Wed, 18 Oct 2017 00:15:28 -0400 Subject: [PATCH 3/4] Add package to let Ansible interact with firewall --- build-scripts/playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/build-scripts/playbook.yml b/build-scripts/playbook.yml index 1bd8679..345a6ee 100644 --- a/build-scripts/playbook.yml +++ b/build-scripts/playbook.yml @@ -21,6 +21,7 @@ - dnf-automatic - mosh - vim + - python-firewall # need to get anaconda install class for TigerOS possibly #- letsencrypt - name: Allow HTTPS (nginx) From ba95db5c75cc7a5dc226de98220f99986a03485f Mon Sep 17 00:00:00 2001 From: Christian Martin <25327135+ct-martin@users.noreply.github.com> Date: Wed, 18 Oct 2017 00:24:12 -0400 Subject: [PATCH 4/4] Add dnf update to playbook --- build-scripts/playbook.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build-scripts/playbook.yml b/build-scripts/playbook.yml index 345a6ee..e130baa 100644 --- a/build-scripts/playbook.yml +++ b/build-scripts/playbook.yml @@ -77,3 +77,6 @@ - name: Reload Firewall command: firewall-cmd --reload become: true + - name: Update packages + command: dnf update + become: true