Skip to content
Snippets Groups Projects
Commit a622cc2f authored by Antoine SCHILDKNECHT's avatar Antoine SCHILDKNECHT
Browse files

Merge branch 't32502-fix-for-ovh' into 'master' 

fix for ovh, refs #32502

See merge request mediaserver/envsetup!14
parents b10fd135 6c0982a0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/ceph-rbd/tasks/main.yml
+ 1
0
View file @ a622cc2f
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
changed_when: ceph_check_image.stdout != ceph_image_name changed_when: ceph_check_image.stdout != ceph_image_name
command: command:
cmd: rbd -n client.{{ ceph_login }} list {{ ceph_pool_name }} cmd: rbd -n client.{{ ceph_login }} list {{ ceph_pool_name }}
ignore_errors: yes
- name: create rbd image - name: create rbd image
when: when:
......
roles/mediaserver/tasks/main.yml
+ 16
0
View file @ a622cc2f
...@@ -6,6 +6,21 @@ ...@@ -6,6 +6,21 @@
install_recommends: false install_recommends: false
name: "{{ server_packages }}" name: "{{ server_packages }}"
- name: fetch ssh public key
register: root_ssh_pubkey
slurp:
path: /root/.ssh/id_ed25519.pub
- name: register ssh public key as an ansible fact
set_fact:
pubkey: "{{ root_ssh_pubkey['content'] | b64decode }}"
- name: share ssh public key between cluster members
loop: "{{ groups['mediaserver'] }}"
authorized_key:
user: root
key: "{{ hostvars[item]['pubkey'] }}"
- name: resolve domain name to localhost - name: resolve domain name to localhost
when: not in_docker when: not in_docker
notify: restart nginx notify: restart nginx
...@@ -26,6 +41,7 @@ ...@@ -26,6 +41,7 @@
dest: "{{ item }}" dest: "{{ item }}"
mode: push mode: push
copy_links: yes copy_links: yes
set_remote_user: no
delegate_to: "{{ groups['mediaserver'][0] }}" delegate_to: "{{ groups['mediaserver'][0] }}"
- name: create instances - name: create instances
......
roles/ocfs2/tasks/main.yml
+ 1
1
View file @ a622cc2f
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
when: inventory_hostname == play_hosts[0] when: inventory_hostname == play_hosts[0]
filesystem: filesystem:
fstype: ocfs2 fstype: ocfs2
opts: -T mail opts: -T mail -Jblock64
dev: /dev/rbd0 dev: /dev/rbd0
- name: mount mapped device - name: mount mapped device
......
roles/sysconfig/handlers/main.yml
+ 5
0
View file @ a622cc2f
...@@ -12,6 +12,11 @@ ...@@ -12,6 +12,11 @@
name: cron name: cron
state: restarted state: restarted
- name: restart sshd
service:
name: sshd
state: restarted
- name: update cache - name: update cache
apt: apt:
force_apt_get: true force_apt_get: true
......
roles/sysconfig/tasks/main.yml
+ 13
0
View file @ a622cc2f
...@@ -20,6 +20,19 @@ ...@@ -20,6 +20,19 @@
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::Unattended-Upgrade "1";
- name: enable root login via ssh with key
replace:
dest: /etc/ssh/sshd_config
regexp: '^#PermitRootLogin (yes|without-password|prohibit-password)'
replace: "PermitRootLogin without-password"
notify: restart sshd
- name: remove disabled root login
replace:
dest: /root/.ssh/authorized_keys
regexp: "^no-port-forwarding,(.+) ssh-"
replace: "ssh-"
# FIREWALL # FIREWALL
- name: firewall - name: firewall
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment