add option to remove motd from pam stack

This commit is contained in:
Robert Kaussow 2019-06-15 15:27:03 +02:00
parent 8026d71e2a
commit bedf637c4e
6 changed files with 166 additions and 36 deletions

69
.drone.jsonnet Normal file
View File

@ -0,0 +1,69 @@
local AnsibleVersions(version="latest", package="ansible") = {
name: "ansible-" + version,
image: "python:3.7",
pull: "always",
environment: {
PY_COLORS: 1
},
commands: [
"pip install " + package + " ansible-later~=0.2.0 -qq",
"git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy",
"ansible-later -c ~/policy/config.yml"
],
depends_on: [
"clone",
],
};
local PipelineLinting = {
kind: "pipeline",
name: "linting",
platform: {
os: "linux",
arch: "amd64",
},
steps: [
AnsibleVersions(version="latest", package="ansible"),
AnsibleVersions(version="master", package="git+https://github.com/ansible/ansible.git@devel"),
],
trigger: {
ref: ["refs/heads/master", "refs/tags/**", "refs/pull/**"],
},
};
local PipelineNotifications = {
kind: "pipeline",
name: "notifications",
platform: {
os: "linux",
arch: "amd64",
},
clone: {
disable: true,
},
steps: [
{
name: "matrix",
image: "plugins/matrix",
settings: {
homeserver: "https://matrix.rknet.org",
roomid: "MtidqQXWWAtQcByBhH:rknet.org",
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}",
username: { "from_secret": "matrix_username" },
password: { "from_secret": "matrix_password" },
},
},
],
depends_on: [
"linting",
],
trigger: {
status: [ "success", "failure" ],
ref: ["refs/heads/master", "refs/tags/**"],
},
};
[
PipelineLinting,
PipelineNotifications,
]

View File

@ -1,42 +1,78 @@
--- ---
kind: pipeline kind: pipeline
name: default name: linting
platform:
os: linux
arch: amd64
steps: steps:
- name: ansible-latest - name: ansible-latest
image: python:2.7 pull: always
pull: always image: python:3.7
commands: commands:
- pip install ansible ansible-later -q - pip install ansible ansible-later~=0.2.0 -qq
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - ansible-later -c ~/policy/config.yml
depends_on: environment:
- clone PY_COLORS: 1
depends_on:
- clone
- name: ansible-master - name: ansible-master
image: python:2.7 pull: always
pull: always image: python:3.7
commands: commands:
- pip install ansible ansible-later -q - "pip install git+https://github.com/ansible/ansible.git@devel ansible-later~=0.2.0 -qq"
- git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy - git clone https://gitea.rknet.org/ansible/ansible-later-policy.git ~/policy
- git ls-files *[^LICENSE,.md] | xargs ansible-later -c ~/policy/config.ini - ansible-later -c ~/policy/config.yml
depends_on: environment:
- clone PY_COLORS: 1
depends_on:
- clone
- name: notify trigger:
image: plugins/matrix ref:
settings: - refs/heads/master
homeserver: https://matrix.rknet.org - "refs/tags/**"
roomid: MtidqQXWWAtQcByBhH:rknet.org - "refs/pull/**"
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
username: ---
from_secret: matrix_username kind: pipeline
password: name: notifications
from_secret: matrix_password
depends_on: platform:
- ansible-latest os: linux
- ansible-master arch: amd64
when:
status: clone:
- success disable: true
- failure
steps:
- name: matrix
image: plugins/matrix
settings:
homeserver: https://matrix.rknet.org
password:
from_secret: matrix_password
roomid: MtidqQXWWAtQcByBhH:rknet.org
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
username:
from_secret: matrix_username
trigger:
ref:
- refs/heads/master
- "refs/tags/**"
status:
- success
- failure
depends_on:
- linting
---
kind: signature
hmac: f0dacf2b7fedb9f3338bb76008ea0b02f0a71f0beed26f03e8f1224d14a22e49
...

8
.gitignore vendored
View File

@ -1,3 +1,11 @@
# ---> Ansible # ---> Ansible
*.retry *.retry
filter/plugins/
library
# ---> Python
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

View File

@ -5,6 +5,8 @@ pve_tls_enabled: False
pve_tls_cert_source: mycert.pem pve_tls_cert_source: mycert.pem
pve_tls_key_source: mykey.pem pve_tls_key_source: mykey.pem
pve_pamd_motd_enabled: True
pve_nginx_vhost_enabled: False pve_nginx_vhost_enabled: False
pve_server_name: pve.example.com pve_server_name: pve.example.com
pve_server_ip: 127.0.0.1 pve_server_ip: 127.0.0.1

View File

@ -1,4 +1,5 @@
--- ---
- import_tasks: pam.yml
- import_tasks: auth.yml - import_tasks: auth.yml
- import_tasks: tls.yml - import_tasks: tls.yml
when: pve_tls_enabled when: pve_tls_enabled

14
tasks/pam.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: Remove motd from oam stack
pamd:
name: "{{ item.name }}"
type: "{{ item.type }}"
control: "{{ item.control }}"
module_path: "{{ item.path }}"
state: absent
loop:
- { name: 'login', type: 'session', control: 'optional', path: 'pam_motd.so' }
- { name: 'sshd', type: 'session', control: 'optional', path: 'pam_motd.so' }
become: True
become_user: root
when: not pve_pamd_motd_enabled | bool