-
Notifications
You must be signed in to change notification settings - Fork 15
/
remediate_rhel8.yml
44 lines (40 loc) · 1.09 KB
/
remediate_rhel8.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
---
- name: Wait for connection...
ansible.builtin.wait_for_connection:
connect_timeout: 20
sleep: 5
delay: 5
timeout: 300
- name: Check for leapp utility
ansible.builtin.stat:
path: /usr/bin/leapp
register: leapp_utility_check
- name: Configure firewalld
ansible.builtin.lineinfile:
path: "/etc/firewalld/firewalld.conf"
regex: "^(#)?{{ item.key }}"
line: "{{ item.key }}={{ item.value }}"
state: present
loop:
- {key: "AllowZoneDrifting", value: "no"}
notify:
- Restart firewalld
- name: Check VDO devices if present # noqa command-instead-of-module
ansible.builtin.shell: |
set -o pipefail
leapp answer --section check_vdo.confirm=True
args:
executable: /bin/bash
when: leapp_utility_check.stat.exists
- name: Configure sshd
ansible.builtin.lineinfile:
path: "/etc/ssh/sshd_config"
regex: "^(#)?{{ item.key }}"
line: "{{ item.key }} {{ item.value }}"
state: present
loop:
- {key: "PermitRootLogin", value: "prohibit-password"}
- {key: "PasswordAuthentication", value: "no"}
notify:
- Restart sshd
...