blob: d1bed558129e4bccbe98c1c90bb52511b2eec302 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
- import_tasks: freeipa.yml
- name: install rsync
dnf:
name: rsync
state: present
- name: create home directory
file:
path: '{{ archive_home }}'
owner: '{{ archive_user }}'
group: '{{ archive_user }}'
mode: 0700
state: directory
- name: create ssh directory
file:
path: '{{ archive_home }}/.ssh'
owner: '{{ archive_user }}'
group: '{{ archive_user }}'
mode: 0700
state: directory
- name: copy ssh privkey
copy:
content: '{{ archive_ssh_privkey }}'
dest: "{{ archive_home }}/.ssh/id_{{ archive_ssh_pubkey | regex_replace('^ssh-(\\w+).*', '\\1') }}"
owner: '{{ archive_user }}'
group: '{{ archive_user }}'
mode: 0600
- name: generate archiver script
template:
src: '{{ archive_script_path[1:] }}.j2'
dest: '{{ archive_script_path }}'
mode: 0555
- name: create plugin directory
file:
path: '{{ archive_plugin_dir }}'
state: directory
- name: copy plugins
copy:
src: '{{ item.src }}'
dest: '{{ archive_plugin_dir }}/{{ item.path }}'
mode: 0555
loop: "{{ lookup('filetree', archive_plugin_dir[1:], wantlist=True) }}"
when: item.state == 'file'
- name: generate configuration
template:
src: '{{ archive_config_path[1:] }}.j2'
dest: '{{ archive_config_path }}'
owner: '{{ archive_user }}'
group: '{{ archive_user }}'
mode: 0440
- name: create SELinux policy to avoid logspam
include_role:
name: selinux_policy
apply:
tags: selinux
vars:
selinux_policy_name: ssh_gssproxy
selinux_policy_te: '{{ archive_selinux_policy_te }}'
tags: selinux
- name: create systemd timer
include_role:
name: systemd_timer
vars:
timer_name: archiver
timer_description: Remote file archiver
timer_after: nss-user-lookup.target network-online.target gssproxy.service
timer_on_calendar: '{{ archive_on_calendar }}'
timer_user: '{{ archive_user }}'
timer_exec: '{{ archive_script_path }}'
timer_persistent: no
|