From bc85da4a45a575d1e8e7aa22fd63948c4a00a416 Mon Sep 17 00:00:00 2001
From: Alfredo Deza <adeza@redhat.com>
Date: Mon, 6 Jul 2015 16:29:44 -0400
Subject: [PATCH] create an init.yml for initial setup of a public master

Signed-off-by: Alfredo Deza <adeza@redhat.com>
---
 ansible/master/init.yml | 43 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 ansible/master/init.yml

diff --git a/ansible/master/init.yml b/ansible/master/init.yml
new file mode 100644
index 00000000..e5d2d6b0
--- /dev/null
+++ b/ansible/master/init.yml
@@ -0,0 +1,43 @@
+---
+
+- hosts: master
+  user: centos
+  sudo: true
+  tasks:
+
+    - name: uncomment SSH port
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^#Port '
+        line: 'Port 2222'
+        backrefs: yes
+
+    - name: change default port from 22 if set
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: '^Port '
+        line: 'Port 2222'
+        backrefs: yes
+
+    # this requires the firewalld module that
+    # I couldn't get to work. It exists in the extras modules
+    #- name: enable the port in the firewall
+    #  firewalld:
+    #    port: 2222/tcp
+    #    permanent: true
+    #    state: enabled
+
+    # this is far from ideal, we ignore errors because we can't
+    # condition this if the port was already opened
+    - name: tell selinux that ssh uses a new port
+      command: semanage port -a -t ssh_port_t -p tcp 2222
+      ignore_errors: yes
+
+    # The CentOS Wiki says this should be run but I couldn't find
+    # a firewall-cmd in the remote CentOS 7 box
+    #- name: configure firewall to add new port
+    #  command: firewall-cmd --add-port 2222/tcp --permanent
+
+    # Example action to start service httpd, if not running
+    - name: restart sshd
+      service: name=sshd state=restarted
-- 
2.39.5