mirror of
https://github.com/trailofbits/algo.git
synced 2025-08-15 09:13:01 +02:00
Add missing tags in common playbook
If the common playbook is invoked with the "cloud" tag, non-cloud tasks will be skipped. On GCE this causes "Install tools" to be skipped, apparmor-utils is not installed, and then the "Enforcing ipsec with apparmor" step fails.
This commit is contained in:
Kevin Cernekee
parent
4198696e1f
commit
fe0bbd7c76
1 changed files with 18 additions and 0 deletions
|
|
@ -2,9 +2,13 @@
|
||||||
|
|
||||||
- name: Gather Facts
|
- name: Gather Facts
|
||||||
setup:
|
setup:
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: Install software updates
|
- name: Install software updates
|
||||||
apt: update_cache=yes upgrade=dist
|
apt: update_cache=yes upgrade=dist
|
||||||
|
tags:
|
||||||
|
- cloud
|
||||||
|
|
||||||
- name: Check if reboot is required
|
- name: Check if reboot is required
|
||||||
shell: >
|
shell: >
|
||||||
|
|
@ -43,6 +47,8 @@
|
||||||
with_items:
|
with_items:
|
||||||
- { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' }
|
- { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/login' }
|
||||||
- { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' }
|
- { regexp: '^session.*optional.*pam_motd.so.*', line: '# MOTD DISABLED', file: '/etc/pam.d/sshd' }
|
||||||
|
tags:
|
||||||
|
- cloud
|
||||||
|
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
apt: name="{{ item }}" state=latest
|
apt: name="{{ item }}" state=latest
|
||||||
|
|
@ -55,24 +61,36 @@
|
||||||
- sendmail
|
- sendmail
|
||||||
- iptables-persistent
|
- iptables-persistent
|
||||||
- cgroup-tools
|
- cgroup-tools
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: Loopback for services configured
|
- name: Loopback for services configured
|
||||||
template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
|
template: src=10-loopback-services.cfg.j2 dest=/etc/network/interfaces.d/10-loopback-services.cfg
|
||||||
notify:
|
notify:
|
||||||
- restart loopback
|
- restart loopback
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: Loopback included into the network config
|
- name: Loopback included into the network config
|
||||||
lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
|
lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/10-loopback-services.cfg' state=present
|
||||||
notify:
|
notify:
|
||||||
- restart loopback
|
- restart loopback
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: Enable packet forwarding for IPv4
|
- name: Enable packet forwarding for IPv4
|
||||||
sysctl: name="{{ item }}" value=1
|
sysctl: name="{{ item }}" value=1
|
||||||
with_items:
|
with_items:
|
||||||
- net.ipv4.ip_forward
|
- net.ipv4.ip_forward
|
||||||
- net.ipv4.conf.all.forwarding
|
- net.ipv4.conf.all.forwarding
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: Enable packet forwarding for IPv6
|
- name: Enable packet forwarding for IPv6
|
||||||
sysctl: name=net.ipv6.conf.all.forwarding value=1
|
sysctl: name=net.ipv6.conf.all.forwarding value=1
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue