Rooba
/
mitogen
mirror of https://github.com/mitogen-hq/mitogen.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[stream-refactor] add descriptive task names to _container_prep

This commit is contained in:
David Wilson 2019-07-23 19:45:48 +01:00
parent fdf3484a2a
commit f0065d76d8
1 changed files with 51 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
tests/image_prep/_container_setup.yml
View File

@ -46,84 +46,101 @@
- when: ansible_virtualization_type != "docker" - when: ansible_virtualization_type != "docker"
meta: end_play meta: end_play
- apt: - name: Ensure requisite Debian packages are installed
apt:
name: "{{packages.common + packages[distro][ver]}}" name: "{{packages.common + packages[distro][ver]}}"
state: installed state: installed
update_cache: true update_cache: true
when: distro == "Debian" when: distro == "Debian"
- yum: - name: Ensure requisite Red Hat packaed are installed
yum:
name: "{{packages.common + packages[distro][ver]}}" name: "{{packages.common + packages[distro][ver]}}"
state: installed state: installed
update_cache: true update_cache: true
when: distro == "CentOS" when: distro == "CentOS"
- command: apt-get clean - name: Clean up apt cache
command: apt-get clean
when: distro == "Debian" when: distro == "Debian"
- command: yum clean all - name: Clean up apt package lists
when: distro == "CentOS" shell: rm -rf {{item}}/*
- shell: rm -rf {{item}}/*
with_items: with_items:
- /var/cache/apt - /var/cache/apt
- /var/lib/apt/lists - /var/lib/apt/lists
when: distro == "Debian"
- copy: - name: Clean up yum cache
command: yum clean all
when: distro == "CentOS"
- name: Enable UTF-8 locale on Debian
copy:
dest: /etc/locale.gen dest: /etc/locale.gen
content: | content: |
en_US.UTF-8 UTF-8 en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8
when: distro == "Debian" when: distro == "Debian"
- shell: locale-gen - name: Generate UTF-8 locale on Debian
shell: locale-gen
when: distro == "Debian" when: distro == "Debian"
- unarchive: - name: Install prebuilt 'doas' binary on Debian
unarchive:
dest: / dest: /
src: ../data/docker/doas-debian.tar.gz src: ../data/docker/doas-debian.tar.gz
when: distro == "Debian" when: distro == "Debian"
- file: - name: Make prebuilt 'doas' binary executable on Debian
file:
path: /usr/local/bin/doas path: /usr/local/bin/doas
mode: 'u=rwxs,go=rx' mode: 'u=rwxs,go=rx'
owner: root owner: root
group: root group: root
when: distro == "Debian" when: distro == "Debian"
- copy: - name: Install doas.conf on Debian
copy:
dest: /etc/doas.conf dest: /etc/doas.conf
content: | content: |
permit :mitogen__group permit :mitogen__group
permit :root permit :root
when: distro == "Debian" when: distro == "Debian"
# Vanilla Ansible needs simplejson on CentOS 5. - name: Vanilla Ansible needs simplejson on CentOS 5.
- shell: mkdir -p /usr/lib/python2.4/site-packages/simplejson/ shell: mkdir -p /usr/lib/python2.4/site-packages/simplejson/
when: distro == "CentOS" and ver == "5" when: distro == "CentOS" and ver == "5"
- synchronize: - name: Vanilla Ansible needs simplejson on CentOS 5.
synchronize:
dest: /usr/lib/python2.4/site-packages/simplejson/ dest: /usr/lib/python2.4/site-packages/simplejson/
src: ../../ansible_mitogen/compat/simplejson/ src: ../../ansible_mitogen/compat/simplejson/
when: distro == "CentOS" and ver == "5" when: distro == "CentOS" and ver == "5"
- user: - name: Set root user password and shell
user:
name: root name: root
password: "{{ 'rootpassword' | password_hash('sha256') }}" password: "{{ 'rootpassword' | password_hash('sha256') }}"
shell: /bin/bash shell: /bin/bash
- file: - name: Ensure /var/run/sshd exists
file:
path: /var/run/sshd path: /var/run/sshd
state: directory state: directory
- command: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key - name: Generate SSH host key
command: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
args: args:
creates: /etc/ssh/ssh_host_rsa_key creates: /etc/ssh/ssh_host_rsa_key
- group: - name: Ensure correct sudo group exists
group:
name: "{{sudo_group[distro]}}" name: "{{sudo_group[distro]}}"
- copy: - name: Ensure /etc/sentinel exists
copy:
dest: /etc/sentinel dest: /etc/sentinel
content: | content: |
i-am-mitogen-test-docker-image i-am-mitogen-test-docker-image
@ -138,7 +155,8 @@
path: /etc/sudoers.d path: /etc/sudoers.d
mode: 'u=rwx,go=' mode: 'u=rwx,go='
- blockinfile: - name: Install test-related sudo rules
blockinfile:
path: /etc/sudoers path: /etc/sudoers
block: | block: |
# https://www.toofishes.net/blog/trouble-sudoers-or-last-entry-wins/ # https://www.toofishes.net/blog/trouble-sudoers-or-last-entry-wins/
@ -150,31 +168,36 @@
Defaults>mitogen__require_tty requiretty Defaults>mitogen__require_tty requiretty
Defaults>mitogen__require_tty_pw_required requiretty,targetpw Defaults>mitogen__require_tty_pw_required requiretty,targetpw
# Prevent permission denied errors. - name: Prevent permission denied errors.
- file: file:
path: /etc/sudoers.d/README path: /etc/sudoers.d/README
state: absent state: absent
- lineinfile: - name: Install CentOS wheel sudo rule
lineinfile:
path: /etc/sudoers path: /etc/sudoers
line: "%wheel ALL=(ALL) ALL" line: "%wheel ALL=(ALL) ALL"
when: distro == "CentOS" when: distro == "CentOS"
- lineinfile: - name: Enable SSH banner
lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
line: Banner /etc/ssh/banner.txt line: Banner /etc/ssh/banner.txt
- lineinfile: - name: Allow remote SSH root login
lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
line: PermitRootLogin yes line: PermitRootLogin yes
regexp: '.*PermitRootLogin.*' regexp: '.*PermitRootLogin.*'
- lineinfile: - name: Allow remote SSH root login
lineinfile:
path: /etc/pam.d/sshd path: /etc/pam.d/sshd
regexp: '.*session.*required.*pam_loginuid.so' regexp: '.*session.*required.*pam_loginuid.so'
line: session optional pam_loginuid.so line: session optional pam_loginuid.so
- copy: - name: Install convenience script for running an straced Python
copy:
mode: 'u+rwx,go=rx' mode: 'u+rwx,go=rx'
dest: /usr/local/bin/pywrap dest: /usr/local/bin/pywrap
content: | content: |