wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-06-07 15:43:54 +02:00
Code Issues Projects Releases Wiki Activity

skip-tags added. Fixed #121

Browse source
This commit is contained in:
Jack Ivanov 2016-10-28 21:00:11 +03:00
parent 6c66cb03c7
commit d052cb8e77
2 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
algo
View file

@ -2,6 +2,8 @@
set -e set -e
SKIP_TAGS="_null"
additional_roles () { additional_roles () {
read -p " read -p "
Do you want to apply security enhancements? Do you want to apply security enhancements?
@ -37,7 +39,7 @@ if [[ "$ssh_tunneling_enabled" =~ ^(y|Y)$ ]]; then ROLES+=" ssh_tunneling"; fi
deploy () { deploy () {
ansible-playbook deploy.yml -t "${ROLES// /,}" -e "${EXTRA_VARS}" ansible-playbook deploy.yml -t "${ROLES// /,}" -e "${EXTRA_VARS}" --skip-tags "${SKIP_TAGS// /,}"
} }
@ -88,7 +90,7 @@ Enter the number of your desired region:
12) do_region="blr1" ;; 12) do_region="blr1" ;;
esac esac
ROLES="digitalocean vpn" ROLES="digitalocean vpn cloud"
EXTRA_VARS="do_access_token=$do_access_token do_ssh_name=$do_ssh_name do_server_name=$do_server_name do_region=$do_region" EXTRA_VARS="do_access_token=$do_access_token do_ssh_name=$do_ssh_name do_server_name=$do_server_name do_region=$do_region"
} }
@ -145,7 +147,7 @@ Enter the number of your desired region:
12) region="sa-east-1" ;; 12) region="sa-east-1" ;;
esac esac
ROLES="ec2 vpn" ROLES="ec2 vpn cloud"
EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_server_name=$aws_server_name ssh_public_key=$ssh_public_key region=$region" EXTRA_VARS="aws_access_key=$aws_access_key aws_secret_key=$aws_secret_key aws_server_name=$aws_server_name ssh_public_key=$ssh_public_key region=$region"
} }
@ -198,7 +200,7 @@ Please choose the number of your zone. Press enter for default (#8) zone.
13) zone="asia-east1-c" ;; 13) zone="asia-east1-c" ;;
esac esac
ROLES="gce vpn" ROLES="gce vpn cloud"
EXTRA_VARS="credentials_file=$credentials_file server_name=$server_name ssh_public_key=$ssh_public_key zone=$zone" EXTRA_VARS="credentials_file=$credentials_file server_name=$server_name ssh_public_key=$ssh_public_key zone=$zone"
} }
@ -218,7 +220,7 @@ Enter the public IP address of your server: (IMPORTANT! This IP is used to verif
ROLES="local vpn" ROLES="local vpn"
EXTRA_VARS="server_ip=$server_ip server_user=$server_user IP_subject_alt_name=$IP_subject" EXTRA_VARS="server_ip=$server_ip server_user=$server_user IP_subject_alt_name=$IP_subject"
SKIP_TAGS+=" cloud"
} }
algo_provisioning () { algo_provisioning () {

8
roles/common/tasks/main.yml
View file

@ -12,6 +12,8 @@
args: args:
executable: /bin/bash executable: /bin/bash
register: reboot_required register: reboot_required
tags:
- cloud
- name: Reboot - name: Reboot
shell: sleep 2 && shutdown -r now "Ansible updates triggered" shell: sleep 2 && shutdown -r now "Ansible updates triggered"
@ -19,16 +21,22 @@
poll: 0 poll: 0
when: reboot_required is defined and reboot_required.stdout == 'required' when: reboot_required is defined and reboot_required.stdout == 'required'
ignore_errors: true ignore_errors: true
tags:
- cloud
- name: Wait for shutdown - name: Wait for shutdown
local_action: wait_for host={{ inventory_hostname }} port=22 state=stopped timeout=120 local_action: wait_for host={{ inventory_hostname }} port=22 state=stopped timeout=120
when: reboot_required is defined and reboot_required.stdout == 'required' when: reboot_required is defined and reboot_required.stdout == 'required'
become: false become: false
tags:
- cloud
- name: Wait until SSH becomes ready... - name: Wait until SSH becomes ready...
local_action: wait_for host={{ inventory_hostname }} port=22 state=started timeout=120 local_action: wait_for host={{ inventory_hostname }} port=22 state=started timeout=120
when: reboot_required is defined and reboot_required.stdout == 'required' when: reboot_required is defined and reboot_required.stdout == 'required'
become: false become: false
tags:
- cloud
- name: Disable MOTD on login and SSHD - name: Disable MOTD on login and SSHD
replace: dest="{{ item.file }}" regexp="{{ item.regexp }}" replace="{{ item.line }}" replace: dest="{{ item.file }}" regexp="{{ item.regexp }}" replace="{{ item.line }}"