From dbf4d327cf3b2d5f6fda31a4e1f7fe8b5c35b291 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89lie=20Deloumeau-Prigent?= Date: Tue, 5 Oct 2021 11:46:18 +0200 Subject: [PATCH] split tasks --- tasks/configure_banner.yml | 18 +++++++++++ tasks/configure_motd.yml | 19 +++++++++++ tasks/disable_default_motd.yml | 22 +++++++++++++ tasks/main.yml | 59 +++------------------------------- 4 files changed, 64 insertions(+), 54 deletions(-) create mode 100644 tasks/configure_banner.yml create mode 100644 tasks/configure_motd.yml create mode 100644 tasks/disable_default_motd.yml diff --git a/tasks/configure_banner.yml b/tasks/configure_banner.yml new file mode 100644 index 0000000..e366b6b --- /dev/null +++ b/tasks/configure_banner.yml @@ -0,0 +1,18 @@ +--- +- name: configure_banner | Apply template {{ motd_banner_template }} on {{ _motd_banner_file_path }} + copy: + content: "{{ motd_banner_template_prepend + _motd_banner_template_content + motd_banner_template_append }}" + dest: "{{ _motd_banner_file_path }}" + owner: root + group: root + mode: '0644' + when: motd_banner_template != None and motd_banner_template|length>0 + +- name: configure_banner | Ensure line "Banner {{ _motd_banner_file_path }}" is {{ _motd_banner_state }} in {{ _motd_sshd_config_file_path }} + lineinfile: + path: "{{ _motd_sshd_config_file_path }}" + regexp: "^(#?)Banner " + line: Banner {{ _motd_banner_file_path }} + state: "{{ _motd_banner_state }}" + notify: Restart sshd +... diff --git a/tasks/configure_motd.yml b/tasks/configure_motd.yml new file mode 100644 index 0000000..db1266d --- /dev/null +++ b/tasks/configure_motd.yml @@ -0,0 +1,19 @@ +--- +- name: configure_motd | Apply template {{ motd_template }} on {{ _motd_file_path }} + copy: + content: "{{ motd_template_prepend + _motd_template_content + motd_template_append }}" + dest: "{{ _motd_file_path }}" + owner: root + group: root + mode: '0755' + tags: + - molecule-idempotence-notest + +- name: configure_motd | Add pam_exec {{ _motd_file_path }} in pam + lineinfile: + path: "{{ item }}" + line: session optional pam_exec.so type=open_session stdout {{ _motd_file_path }} + loop: + - "{{ _motd_pam_login_file_path }}" + - "{{ _motd_pam_sshd_file_path }}" +... diff --git a/tasks/disable_default_motd.yml b/tasks/disable_default_motd.yml new file mode 100644 index 0000000..6e56314 --- /dev/null +++ b/tasks/disable_default_motd.yml @@ -0,0 +1,22 @@ +--- +- name: disable_default_motd | Get stats of {{ _motd_sshd_config_file_path }} + stat: + path: "{{ _motd_sshd_config_file_path }}" + register: _motd_sshd_config_file_stat + +- name: disable_default_motd | Ensure PrintMotd is set to "no" in {{ _motd_sshd_config_file_path }} + lineinfile: + path: "{{ _motd_sshd_config_file_path }}" + regexp: "^PrintMotd " + line: PrintMotd no + when: _motd_sshd_config_file_stat.stat.exists + +- name: disable_default_motd | Comment out pam_motd in pam + replace: + path: "{{ item }}" + regexp: '^(session\s+optional\s+pam_motd.so\s+.*)' + replace: '# \1' + loop: + - "{{ _motd_pam_login_file_path }}" + - "{{ _motd_pam_sshd_file_path }}" +... diff --git a/tasks/main.yml b/tasks/main.yml index 7f153fe..6f0cf46 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,58 +1,9 @@ --- -- block: - - name: Get stats of {{ _motd_sshd_config_file_path }} - stat: - path: "{{ _motd_sshd_config_file_path }}" - register: _motd_sshd_config_file_stat +- include_tasks: configure_banner.yml - - name: Ensure PrintMotd is set to "no" in {{ _motd_sshd_config_file_path }} - lineinfile: - path: "{{ _motd_sshd_config_file_path }}" - regexp: "^PrintMotd " - line: PrintMotd no - when: _motd_sshd_config_file_stat.stat.exists - - - name: Comment out pam_motd in pam - replace: - path: "{{ item }}" - regexp: '^(session\s+optional\s+pam_motd.so\s+.*)' - replace: '# \1' - loop: - - "{{ _motd_pam_login_file_path }}" - - "{{ _motd_pam_sshd_file_path }}" +- name: include_tasks disable_default_motd.yml if motd_disable_default_motd is True + include_tasks: disable_default_motd.yml when: motd_disable_default_motd|bool -- name: Apply template {{ motd_banner_template }} on {{ _motd_banner_file_path }} - copy: - content: "{{ motd_banner_template_prepend + _motd_banner_template_content + motd_banner_template_append }}" - dest: "{{ _motd_banner_file_path }}" - owner: root - group: root - mode: '0644' - when: motd_banner_template - -- name: Ensure line "Banner {{ _motd_banner_file_path }}" is {{ _motd_banner_state }} in {{ _motd_sshd_config_file_path }} - lineinfile: - path: "{{ _motd_sshd_config_file_path }}" - regexp: "^(#?)Banner " - line: Banner {{ _motd_banner_file_path }} - state: "{{ _motd_banner_state }}" - notify: Restart sshd - -- name: Apply template {{ motd_template }} on {{ _motd_file_path }} - copy: - content: "{{ motd_template_prepend + _motd_template_content + motd_template_append }}" - dest: "{{ _motd_file_path }}" - owner: root - group: root - mode: '0755' - tags: - - molecule-idempotence-notest - -- name: Add pam_exec {{ _motd_file_path }} in pam - lineinfile: - path: "{{ item }}" - line: session optional pam_exec.so type=open_session stdout {{ _motd_file_path }} - loop: - - "{{ _motd_pam_login_file_path }}" - - "{{ _motd_pam_sshd_file_path }}" +- include_tasks: configure_motd.yml +...