infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-09-21 03:52:35 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #185 from danielkubat/auth

Browse Source 
Make ansible-lint happy
This commit is contained in:
Louis Abel 2020-12-12 14:32:18 -07:00 committed by GitHub
commit 66d0d80807
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/yamllint.yml vendored
View File

@ -1,6 +1,6 @@
--- ---
# https://github.com/ibiqlik/action-yamllint # https://github.com/ibiqlik/action-yamllint
name: YAMLlint name: YAML Lint
on: on:
push: push:

2
ansible/playbooks/init-rocky-ansible-host.yml
View File

@ -31,6 +31,7 @@
{{ ( force_purge | bool ) | ternary('--force','') }} {{ ( force_purge | bool ) | ternary('--force','') }}
--role-file {{ installation_prefix }}roles/requirements.yml --role-file {{ installation_prefix }}roles/requirements.yml
--roles-path {{ installation_prefix }}{{ roles_installation_dir }} --roles-path {{ installation_prefix }}{{ roles_installation_dir }}
changed_when: false
- name: Install needed collections - name: Install needed collections
command: > command: >
@ -38,6 +39,7 @@
{{ ( force_purge | bool ) | ternary('--force-with-deps','') }} {{ ( force_purge | bool ) | ternary('--force-with-deps','') }}
-r {{ installation_prefix }}roles/requirements.yml -r {{ installation_prefix }}roles/requirements.yml
-p {{ installation_prefix }}{{ collection_installation_dir }} -p {{ installation_prefix }}{{ collection_installation_dir }}
changed_when: false
- name: cleanup old ssh known_hosts - remove - name: cleanup old ssh known_hosts - remove
file: file:

19
ansible/playbooks/tasks/authentication.yml
View File

@ -5,10 +5,10 @@
copy: copy:
src: "etc/pam.d/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-system-auth-ac" src: "etc/pam.d/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-system-auth-ac"
dest: "{{ item }}" dest: "{{ item }}"
mode: "0644"
owner: root owner: root
group: root group: root
with_items: mode: '0644'
loop:
- /etc/pam.d/system-auth-ac - /etc/pam.d/system-auth-ac
- /etc/pam.d/password-auth-ac - /etc/pam.d/password-auth-ac
when: when:
@ -16,14 +16,11 @@
- ansible_facts['distribution_major_version'] == '7' - ansible_facts['distribution_major_version'] == '7'
- name: Enterprise Linux 8 PAM Configuration - name: Enterprise Linux 8 PAM Configuration
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '8'
block: block:
- name: Ensure Custom Profile is removed - name: Ensure Custom Profile is removed
file: file:
state: absent
path: /etc/authselect/custom/sssd-rocky path: /etc/authselect/custom/sssd-rocky
state: absent
- name: Create custom authselect profile based on sssd - name: Create custom authselect profile based on sssd
command: > command: >
@ -34,15 +31,16 @@
--symlink=postlogin --symlink=postlogin
--symlink=smartcard-auth --symlink=smartcard-auth
--symlink=fingerprint-auth --symlink=fingerprint-auth
changed_when: false
- name: Override system-auth and password-auth - name: Override system-auth and password-auth
copy: copy:
src: "etc/authselect/custom/sssd-aoc/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-system-auth" src: "etc/authselect/custom/sssd-aoc/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-system-auth"
dest: "{{ item }}" dest: "{{ item }}"
mode: '0644'
owner: root owner: root
group: root group: root
with_items: mode: '0644'
loop:
- /etc/authselect/custom/sssd-aoc/system-auth - /etc/authselect/custom/sssd-aoc/system-auth
- /etc/authselect/custom/sssd-aoc/password-auth - /etc/authselect/custom/sssd-aoc/password-auth
@ -54,12 +52,17 @@
with-mkhomedir with-mkhomedir
with-sudo with-sudo
--force --force
changed_when: false
- name: Apply new settings - name: Apply new settings
command: /usr/bin/authselect apply-changes command: /usr/bin/authselect apply-changes
changed_when: false
- name: Enable oddjobd - name: Enable oddjobd
service: service:
name: oddjobd name: oddjobd
state: started state: started
enabled: yes enabled: yes
when:
- ansible_facts['os_family'] == 'RedHat'
- ansible_facts['distribution_major_version'] == '8'