f57154f91b
I was trying to simplify things by having a restricted shell script run by root. However, our base-setup called my bluff as we also need to setup sshd to allow remote root logins from specific addresses. It's looking easier to create a new user, and give it sudo permissions to run the vos release script. Change-Id: If70b27cb974eb8c1bafec2b7ef86d4f5cba3c4c5
27 lines
732 B
YAML
27 lines
732 B
YAML
- hosts: "afs:afsdb:!disabled"
|
|
name: "Base: install and configure puppet on puppet hosts"
|
|
roles:
|
|
- puppet-install
|
|
- disable-puppet-agent
|
|
|
|
- hosts: "afs:afsdb:!disabled"
|
|
name: "AFS: run puppet on the AFS servers"
|
|
strategy: free
|
|
roles:
|
|
- puppet
|
|
|
|
- hosts: "mirror-update:!disabled"
|
|
name: "Create key for remote vos release"
|
|
tasks:
|
|
# Note done as root because all the update scripts run as root
|
|
- name: Create vos release keypair
|
|
openssh_keypair:
|
|
path: /root/.ssh/id_vos_release
|
|
type: ed25519
|
|
register: vos_release_keypair
|
|
|
|
# Note: relies on vos_release_keypair installed to mirror above
|
|
- hosts: "afs:!disabled"
|
|
name: "Allow remote vos_release"
|
|
roles:
|
|
- vos-release |