diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml deleted file mode 100644 index d4a5e32fd6..0000000000 --- a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/ubuntu-jckservices.yml +++ /dev/null @@ -1,195 +0,0 @@ ---- -############################################### -# AdoptOpenJDK Ansible JCK svcs Playbook for: # -# -------- Ubuntu 16 (tested on x64) -------- # -############################################### - -- hosts: all - user: root - become: yes - tasks: - - block: - - name: Load AdoptOpenJDKs variable file - include_vars: variables/adoptopenjdk_variables.yml - - name: OS update -- apt-get upgrade - apt: upgrade=safe update_cache=yes - tags: patch_update - - name: Install JCK prerequisistes - apt: pkg={{ item }} state=latest - with_items: - - iptables-persistent - - ant - - ftpd - - gcc - - krb5-kdc - - krb5-admin-server - - pwgen - - tomcat8 - - unzip - tags: - # TODO: replace 'latest' with specified versions - - skip_ansible_lint - - - - name: Create Jenkins user - action: user name="{{ Jenkins_Username }}" state=present - ignore_errors: yes - tags: jenkins_user - - name: Set ssh key for jenkins user - authorized_key: - user: "{{ Jenkins_Username }}" - state: present - key: "{{ lookup('file', '{{ Jenkins_User_SSHKey }}') }}" - - name: Create FTP user with password - action: user name="{{ jckftp_Username }}" shell=/bin/false password={{ lookup('file', jckftp_Passwd) }} state=present - ignore_errors: yes - tags: ftp_user - - name: Create file for FTP access - copy: - content: "" - dest: "/home/{{ jckftp_Username }}/filename.txt" - force: no - owner: "{{ jckftp_Username }}" - mode: 0755 - - name: Copy krb5.conf - copy: - src: conf/krb5.conf - dest: /etc/krb5.conf - owner: root - group: root - mode: 0644 - backup: yes - - - name: Configure kerberos server - command: kdb5_util create -r ADOPTOPENJDK_NET -W -s -P `pwgen -1` - args: - creates: /etc/krb5kdc/principal.kadm5 - - - name: Run shell scripts - shell: "{{ item }}" - with_items: - - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTOPENJDK_NET" - - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptopenjdk.net@ADOPTOPENJDK_NET" - - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptopenjdk.net@ADOPTOPENJDK_NET" - - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi - args: - creates: krb5.jckusers.txt - tags: - # false positive for 'use shell only when shell is required' - # this whole piece should be rewritten to avoid 'bashsible' code style - - skip_ansible_lint - - - name: Start krb5-kdc service - service: - name: krb5-kdc - state: started - - name: Start krb5-admin-server service - service: - name: krb5-admin-server - state: started - - name: Start tomcat8 service - service: - name: tomcat8 - state: started - - name: Setup iptables - iptables: - chain: INPUT - ctstate: ESTABLISHED,RELATED - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - protocol: icmp - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - protocol: tcp - destination_port: 22 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - protocol: tcp - destination_port: 80 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 159.122.210.194 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 159.122.210.205 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 207.254.71.30 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 207.254.71.31 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 147.75.193.234 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 140.211.168.225 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 140.211.168.217 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 148.100.33.183 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 148.100.33.184 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 165.225.150.83 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - source: 169.55.170.68 - jump: ACCEPT - - name: Setup iptables - iptables: - chain: INPUT - jump: REJECT - - name: iptables_permanent - shell: iptables-save > /etc/iptables/rules.v4 - - name: Add cron job to check for updates - cron: name="Check for Updates every Sunday at 5am" - weekday="6" - minute="0" - hour="5" - user=root - job="/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade" - state=present - # If your users are set to lock out after some retries you'll need this: - # - pamd: - # name: common-auth - # type: auth - # control: required - # module_path: pam_tally2.so - # new_type: auth - # new_control: "[success=1 default=ignore]" - # new_module_path: pam_succeed_if.so - # module_arguments: "user in jckftp" - # state: before diff --git a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml b/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml deleted file mode 100644 index 943a286aff..0000000000 --- a/ansible/playbooks/AdoptOpenJDK_Services_Playbooks/variables/adoptopenjdk_variables.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# AdoptOpenJDK variables file -Jenkins_User_SSHKey: /Vendor_Files/keys/id_rsa.pub -Zeus_User_SSHKey: /Vendor_Files/keys/zeus.key -Nagios_User_SSHKey: /Vendor_Files/keys/nagios.key -Jenkins_Username: jenkins -Nagios_Plugins: Enabled -Slack_Notification: Disabled -Superuser_Account: Enabled -jckftp_Username: jckftp -jckftp_Passwd: /Vendor_Files/passwords/ftp -api_server_crt: /Vendor_Files/api_certs/server.crt -api_server_key: /Vendor_Files/api_certs/server.key diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/FTP_User/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/FTP_User/tasks/main.yml new file mode 100644 index 0000000000..7f7530eb8b --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/FTP_User/tasks/main.yml @@ -0,0 +1,14 @@ +--- +############ +# FTP User # +############ +- name: Create FTP user with password + action: user name="{{ jckftp_Username }}" shell=/bin/false password="{{ jckftp_Passwd }}" state=present + +- name: Create file for FTP access + copy: + content: "" + dest: "/home/{{ jckftp_Username }}/filename.txt" + force: no + owner: "{{ jckftp_Username }}" + mode: 0755 \ No newline at end of file diff --git a/ansible/playbooks/conf/krb5.conf b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/conf/krb5.conf similarity index 80% rename from ansible/playbooks/conf/krb5.conf rename to ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/conf/krb5.conf index ee5bfcbd4b..dea8ff46b8 100644 --- a/ansible/playbooks/conf/krb5.conf +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/conf/krb5.conf @@ -1,5 +1,5 @@ [libdefaults] - default_realm = ADOPTOPENJDK_NET + default_realm = ADOPTIUM_NET # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are @@ -16,13 +16,13 @@ # permitted_enctypes = des3-hmac-sha1 [realms] - ADOPTOPENJDK_NET = { - kdc = jckservics.adoptopenjdk.net - admin_server = jckservices.adoptopenjdk.net + ADOPTIUM_NET = { + kdc = jckservices.adoptium.net + admin_server = jckservices.adoptium.net } [domain_realm] - adoptopenjdk.net = ADOPTOPENJDK_NET + adoptium.net = ADOPTIUM_NET [logging] default = SYSLOG diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml new file mode 100644 index 0000000000..9b9ee440df --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Kerberos/tasks/main.yml @@ -0,0 +1,49 @@ +--- +################## +# Kerberos Setup # +################## +- name: Install Kerberos prerequisistes + apt: pkg={{ item }} state=latest + with_items: + - krb5-kdc + - krb5-admin-server + - pwgen + tags: dependencies + +- name: Copy krb5.conf + copy: + src: conf/krb5.conf + dest: /etc/krb5.conf + owner: root + group: root + mode: 0644 + backup: yes + +- name: Configure kerberos server + shell: kdb5_util create -r ADOPTIUM_NET -W -s -P `pwgen -1` + args: + creates: /var/lib/krb5kdc/principal.kadm5 + +- name: Run shell scripts + shell: "{{ item }}" + with_items: + - kadmin.local -q "addprinc -pw `pwgen -1` admin/admin@ADOPTIUM_NET" + - kadmin.local -q "addprinc -pw user1 user1/jckservices.adoptopenjdk.net@ADOPTIUM_NET" + - kadmin.local -q "addprinc -pw user2 user2/jckservices.adoptopenjdk.net@ADOPTIUM_NET" + - kadmin.local -q getprincs | egrep '^admin/admin@|^user1/|^user2/' > krb5.jckusers.txt; if test $(wc -l < krb5.jckusers.txt) -ne 3; then echo Wrong number of users - expected 3:; cat krb5.jckusers.txt; rm krb5.jckusers.txt; exit 1; fi + args: + creates: krb5.jckusers.txt + tags: + # false positive for 'use shell only when shell is required' + # this whole piece should be rewritten to avoid 'bashsible' code style + - skip_ansible_lint + +- name: Start krb5-kdc service + service: + name: krb5-kdc + state: started + +- name: Start krb5-admin-server service + service: + name: krb5-admin-server + state: started \ No newline at end of file diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml new file mode 100644 index 0000000000..2fd33ebe2c --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/ubuntu-jckservices.yml @@ -0,0 +1,50 @@ +--- +############################################### +# AdoptOpenJDK Ansible JCK svcs Playbook for: # +# -------- Ubuntu 20 (tested on x64) -------- # +############################################### + +- hosts: all + gather_facts: yes + tasks: + - block: + - name: Load AdoptOpenJDKs variable file + include_vars: group_vars/all/adoptopenjdk_variables.yml + + - name: Set hostname to jckservices.adoptium.net + hostname: + name: jckservices.adoptium.net + tags: hostname + + - name: OS update -- apt-get upgrade + apt: upgrade=safe update_cache=yes + tags: patch_update + + - name: Install JCK prerequisistes + apt: pkg={{ item }} state=latest + with_items: + - ant + - ftpd + - gcc + - tomcat9 + - unzip + tags: dependencies + + - name: Start tomcat9 service + service: + name: tomcat9 + state: started + tags: tomcat + + ######### + # Roles # + ######### + roles: + - Debug + - role: Get_Vendor_Files + tags: [vendor_files, adoptopenjdk, jenkins_user] + - role: FTP_User + tags: ftp_user + - role: Kerberos + tags: kerberos + - Crontab \ No newline at end of file