Merge branch 't32502-fix-for-ovh' into 'master'

fix for ovh, refs #32502 See merge request mediaserver/envsetup!14

Merge branch 't32502-fix-for-ovh' into 'master'
a622cc2f · Antoine SCHILDKNECHT · b10fd135 · 6c0982a0 · a622cc2f · a622cc2f
Commit a622cc2f authored 4 years ago by Antoine SCHILDKNECHT
--- a/roles/ceph-rbd/tasks/main.yml
+++ b/roles/ceph-rbd/tasks/main.yml
@@ -23,6 +23,7 @@
  changed_when: ceph_check_image.stdout != ceph_image_name
  command:
    cmd: rbd -n client.{{ ceph_login }} list {{ ceph_pool_name }}
+  ignore_errors: yes

 - name: create rbd image
  when:

--- a/roles/mediaserver/tasks/main.yml
+++ b/roles/mediaserver/tasks/main.yml
@@ -6,6 +6,21 @@
    install_recommends: false
    name: "{{ server_packages }}"

+- name: fetch ssh public key
+  register: root_ssh_pubkey
+  slurp:
+    path: /root/.ssh/id_ed25519.pub
+
+- name: register ssh public key as an ansible fact
+  set_fact:
+    pubkey: "{{ root_ssh_pubkey['content'] | b64decode }}"
+
+- name: share ssh public key between cluster members
+  loop: "{{ groups['mediaserver'] }}"
+  authorized_key:
+    user: root
+    key: "{{ hostvars[item]['pubkey'] }}"
+
 - name: resolve domain name to localhost
  when: not in_docker
  notify: restart nginx
@@ -26,6 +41,7 @@
    dest: "{{ item }}"
    mode: push
    copy_links: yes
+    set_remote_user: no
  delegate_to: "{{ groups['mediaserver'][0] }}"

 - name: create instances

--- a/roles/ocfs2/tasks/main.yml
+++ b/roles/ocfs2/tasks/main.yml
@@ -26,7 +26,7 @@
  when: inventory_hostname == play_hosts[0]
  filesystem:
    fstype: ocfs2
-    opts: -T mail
+    opts: -T mail -Jblock64
    dev: /dev/rbd0

 - name: mount mapped device

--- a/roles/sysconfig/handlers/main.yml
+++ b/roles/sysconfig/handlers/main.yml
@@ -12,6 +12,11 @@
    name: cron
    state: restarted

+- name: restart sshd
+  service:
+    name: sshd
+    state: restarted
+
 - name: update cache
  apt:
    force_apt_get: true

--- a/roles/sysconfig/tasks/main.yml
+++ b/roles/sysconfig/tasks/main.yml
@@ -20,6 +20,19 @@
      APT::Periodic::Update-Package-Lists "1";
      APT::Periodic::Unattended-Upgrade "1";

+- name: enable root login via ssh with key
+  replace:
+    dest: /etc/ssh/sshd_config
+    regexp: '^#PermitRootLogin (yes|without-password|prohibit-password)'
+    replace: "PermitRootLogin without-password"
+  notify: restart sshd
+
+- name: remove disabled root login
+  replace:
+    dest: /root/.ssh/authorized_keys
+    regexp: "^no-port-forwarding,(.+) ssh-"
+    replace: "ssh-"
+
 # FIREWALL

 - name: firewall