Merge pull request #480 from shaderecker/ansible-updates

Ansible updates

bin/hpfeeds_optin.sh

@@ -78,9 +78,9 @@ myENABLE=$myENABLE
 myHOST=$myHOST
 myPORT=$myPORT
 myCHANNEL=$myCHANNEL
+myCERT=$myCERT
 myIDENT=$myIDENT
 mySECRET=$mySECRET
-myCERT=$myCERT
 myFORMAT=$myFORMAT
 EOF
 }

cloud/ansible/README.md

@@ -50,20 +50,14 @@ For other OSes and Distros have a look at the official [Ansible Documentation](h
 
 <a name="agent-forwarding"></a>
 ## Agent Forwarding
-Agent Forwarding must be enabled in order to let Ansible do its work.  
+If you run the Ansible Playbook remotely on your Ansible Master Server, Agent Forwarding must be enabled in order to let Ansible connect to newly created machines.  
 - On Linux or macOS:  
   - Create or edit `~/.ssh/config`
-  - If you run the Ansible Playbook remotely on your Ansible Master Server:
     ```
     Host ANSIBLE_MASTER_IP
     ForwardAgent yes
     ```
-  - If you run the Ansible Playbook locally, enable it for all hosts, as this includes newly generated T-Pots:
-    ```
-    Host *
-    ForwardAgent yes
-    ```
-- On Windows using Putty for connecting to your Ansible Master Server:  
+- On Windows using Putty:  
 ![Putty Agent Forwarding](doc/putty_agent_forwarding.png)
 
 <a name="preparation"></a>

cloud/ansible/openstack/ansible.cfg

@@ -3,3 +3,4 @@ host_key_checking = false
 
 [ssh_connection]
 scp_if_ssh = true
+ssh_args = -o ServerAliveInterval=60

cloud/ansible/openstack/deploy_tpot.yaml

@@ -1,8 +1,6 @@
 - name: Check host prerequisites
   hosts: localhost
   become: yes
-  become_user: root
-  become_method: sudo
   roles:
     - check
 
@@ -15,8 +13,6 @@
   hosts: TPOT
   remote_user: linux
   become: yes
-  become_user: root
-  become_method: sudo
   gather_facts: no
   roles:
     - install

cloud/ansible/openstack/roles/check/tasks/main.yaml

@@ -1,28 +1,17 @@
-- name: Install pwgen
+- name: Install dependencies
   package:
-    name: pwgen
-    state: present
-
-- name: Install setuptools
-  package:
-    name: python-setuptools
-    state: present
-
-- name: Install pip
-  package:
-    name: python-pip
+    name:
+      - pwgen
+      - python-setuptools
+      - python-pip
     state: present
 
 - name: Install openstacksdk
   pip:
     name: openstacksdk
 
-- name: Set fact for agent forwarding
-  set_fact:
-    agent_forwarding: "{{ lookup('env','SSH_AUTH_SOCK') }}"
-
 - name: Check if agent forwarding is enabled
   fail:
     msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
   ignore_errors: yes
-  when: agent_forwarding == ""
+  when: lookup('env','SSH_AUTH_SOCK') == ""

cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml

@@ -9,5 +9,5 @@
 - name: Patching tpot.yml with custom ews configuration file
   lineinfile:
     path: /opt/tpot/etc/tpot.yml
-    insertafter: '/opt/ewsposter/ews.ip'
-    line: '     - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg'
+    insertafter: "/opt/ewsposter/ews.ip"
+    line: "     - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"

cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml

@@ -1,10 +1,12 @@
 - name: Copy hpfeeds configuration file
-  template:
-    src: ../templates/hpfeeds.cfg
+  copy:
+    src: ../files/hpfeeds.cfg
     dest: /data/ews/conf
-    owner: root
-    group: root
-    mode: 0644
+    owner: tpot
+    group: tpot
+    mode: 0770
+  register: config
 
 - name: Applying hpfeeds settings
   command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
+  when: config.changed == true

cloud/ansible/openstack/roles/deploy/tasks/main.yaml

@@ -5,6 +5,7 @@
 - name: Import OpenStack authentication variables
   include_vars:
     file: roles/deploy/vars/os_auth.yaml
+  no_log: true
 
 - name: Create security group
   os_security_group:

cloud/ansible/openstack/roles/install/tasks/main.yaml

@@ -1,7 +1,5 @@
 - name: Waiting for SSH connection
   wait_for_connection:
-    delay: 30
-    timeout: 300
 
 - name: Gathering facts
   setup:
@@ -14,16 +12,15 @@
 - name: Prepare to set user password 
   set_fact:
     user_name: "{{ ansible_user }}"
-    user_password: "{{ user_password }}"
     user_salt: "s0mew1ck3dTpoT"
+  no_log: true
 
-- name: Changing password for user {{ user_name }} to {{ user_password }}
+- name: Changing password for user {{ user_name }}
   user:
    name: "{{ ansible_user }}"
    password: "{{ user_password | password_hash('sha512', user_salt) }}"
    state: present
    shell: /bin/bash
-   update_password: always
 
 - name: Copy T-Pot configuration file
   template:
@@ -33,7 +30,7 @@
     group: root
     mode: 0644
 
-- name: Install T-Pot on instance -  be patient, this might take 15 to 30 minutes depending on the connection speed. No further output is given.
+- name: Install T-Pot on instance -  be patient, this might take 15 to 30 minutes depending on the connection speed.
   command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
 
 - name: Delete T-Pot configuration file

cloud/ansible/openstack/roles/reboot/tasks/main.yaml

@@ -1,6 +1,7 @@
-- name: Finally rebooting T-Pot in one minute
-  shell: /sbin/shutdown -r -t 1
-  become: true
+- name: Finally rebooting T-Pot
+  command: shutdown -r now
+  async: 1
+  poll: 0
 
 - name: Next login options
   debug: