From: Alfredo Deza <adeza@redhat.com>
Date: Mon, 6 Jul 2015 20:29:44 +0000 (-0400)
Subject: create an init.yml for initial setup of a public master
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bc85da4a45a575d1e8e7aa22fd63948c4a00a416;p=ceph-build.git

create an init.yml for initial setup of a public master

Signed-off-by: Alfredo Deza <adeza@redhat.com>
---

diff --git a/ansible/master/init.yml b/ansible/master/init.yml
new file mode 100644
index 00000000..e5d2d6b0
--- /dev/null
+++ b/ansible/master/init.yml
@@ -0,0 +1,43 @@
+---
+
+- hosts: master
+  user: centos
+  sudo: true
+  tasks:
+
+    - name: uncomment SSH port
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^#Port '
+        line: 'Port 2222'
+        backrefs: yes
+
+    - name: change default port from 22 if set
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^Port '
+        line: 'Port 2222'
+        backrefs: yes
+
+    # this requires the firewalld module that
+    # I couldn't get to work. It exists in the extras modules
+    #- name: enable the port in the firewall
+    #  firewalld:
+    #    port: 2222/tcp
+    #    permanent: true
+    #    state: enabled
+
+    # this is far from ideal, we ignore errors because we can't
+    # condition this if the port was already opened
+    - name: tell selinux that ssh uses a new port
+      command: semanage port -a -t ssh_port_t -p tcp 2222
+      ignore_errors: yes
+
+    # The CentOS Wiki says this should be run but I couldn't find
+    # a firewall-cmd in the remote CentOS 7 box
+    #- name: configure firewall to add new port
+    #  command: firewall-cmd --add-port 2222/tcp --permanent
+
+    # Example action to start service httpd, if not running
+    - name: restart sshd
+      service: name=sshd state=restarted