PVE-Cluster: Playbooks angepasst

2021-02-14 14:53:52 +01:00 · 2021-02-14 14:53:52 +01:00 · 36ebd32aad
parent 1b5c28dad5
commit 36ebd32aad
5 changed files with 31 additions and 6 deletions
--- a/group_vars/proxmox.yml
+++ b/group_vars/proxmox.yml
@ -13,10 +13,6 @@
  smart_smartctlmail_cron_minutes: "15"
  smart_smartctlmail_cron_hours: "6"
  smart_smartctlmail_cron_weekday: "3"
-  ### mgrote.tmux
-  tmux_conf_destination: "/root/.tmux.conf"
-  tmux_bashrc_destination: "/root/.bashrc"
-  tmux_standardsession_name: "default"
  ### mgrote.zfs_extra # Variablen für mgrote.zfs_health/trim/scrub/zed/arc_mem/ sind zusammengefasst unter zfs_extra_*
  zfs_extra_max_usage_health: "80"

--- a/4
+++ b/4
@ -57,6 +57,8 @@ all:
      hosts:
        gitlab-runner-test.grote.lan:
        gitlab-runner.grote.lan:
+        gitlab-runner2.grote.lan:
+        gitlab-runner3.grote.lan:

    production:
      hosts:
@ -72,6 +74,8 @@ all:
        gitlab-runner.grote.lan:
        pve3.grote.lan:
        pve4.grote.lan:
+        gitlab-runner2.grote.lan:
+        gitlab-runner3.grote.lan:
    test:
      hosts:
        wireguard-test.grote.lan:
--- a/playbooks/base/5_personalisierung.yml
+++ b/playbooks/base/5_personalisierung.yml
@ -2,5 +2,6 @@
  - hosts: all
    roles:
      - { role: mgrote.motd, tags: "motd" }
-      - { role: mgrote.tmux, tags: "tmux", when: "not 'proxmox' in group_names" }
+      - { role: mgrote.tmux, tags: "tmux",
+          when: "not 'proxmox' in group_names" }
      - { role: geerlingguy.dotfiles, become: true, tags: "dotfiles" }
--- a/playbooks/base/6_haertung.yml
+++ b/playbooks/base/6_haertung.yml
@ -3,7 +3,9 @@
    roles:
      - { role: mgrote.fail2ban, tags: "f2b" }
      - { role: mgrote.postfix, tags: "postfix" }
-      - { role: mgrote.deactivate_ssh_password_login, tags: "ssh" }
+      - { role: mgrote.deactivate_ssh_password_login,
+          tags: "ssh",
+          when: "not 'proxmox' in group_names" }
      - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt
          tags: "ufw",
          become: true,
--- a/playbooks/on-off/activate_ssh_password_login.yml
+++ b/playbooks/on-off/activate_ssh_password_login.yml
@ -0,0 +1,22 @@
+---
+- hosts: proxmox
+  become: yes
+
+  tasks:
+    - name: allow ssh login with password
+      become: yes
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: 'PasswordAuthentication no'
+        line: '#PasswordAuthentication yes'
+        state: present
+        validate: "/usr/sbin/sshd -T -f %s"
+      notify: restart_sshd
+
+  handlers:
+    - name: restart_sshd
+      become: yes
+      systemd:
+        name: sshd
+        enabled: yes
+        state: restarted