From 546e7e0bb34e85ebad18c55b5e673d5ed7692339 Mon Sep 17 00:00:00 2001 From: Brandon Shipley Date: Wed, 21 Sep 2022 03:22:13 -0700 Subject: [PATCH] set defaults - rc version 5.1.2, remove hardneing task, should be separate concern not in this role --- defaults/main.yml | 20 ++++---------- tasks/harden.yml | 11 -------- tasks/main.yml | 6 ---- tasks/ssh_port_fallback.yml | 55 ------------------------------------- 4 files changed, 6 insertions(+), 86 deletions(-) delete mode 100644 tasks/harden.yml delete mode 100644 tasks/ssh_port_fallback.yml diff --git a/defaults/main.yml b/defaults/main.yml index 6aa5e86..44264bd 100755 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,18 +1,10 @@ --- -# harden by default -harden_os: true - -# latest as of 7/7/2022 -rc_version: 4.8.1 - -# WIP to get to 5.0 -mongo_version: 4.2 - -# WIP to get to 5.0 -prev_mongo_version: 4.2 +# latest as of 9/12/2022 +rc_version: 5.1.2 +mongo_version: 5.0 +prev_mongo_version: 5.0 # if true set feature compability version to prev_mongo_version -set_feature_compat_version: true - +set_feature_compat_version: false # backup by default - saves to /home/{{ main_user }}/rocketchat/data/dump/2015-07-09T16:59:26Z" (iso8601 of current date) -backup_db: true \ No newline at end of file +backup_db: false \ No newline at end of file diff --git a/tasks/harden.yml b/tasks/harden.yml deleted file mode 100644 index a6a9b28..0000000 --- a/tasks/harden.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -# harden the ubuntu server via ubuntu2004_cis -- name: 'Use ubuntu2004_cis role' - include_role: - name: ubuntu2004_cis - tags: harden - -- name: 'Include fail2ban/install using apt' - apt: name=fail2ban state=latest update_cache=yes force_apt_get=yes - tags: harden diff --git a/tasks/main.yml b/tasks/main.yml index c78bb86..ab5dbca 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,5 @@ --- # tasks file for setting up a rocketchat server on ubuntu20.04 -- include: ssh_port_fallback.yml - -- include: harden.yml -# become: true - when: harden_os - tags: harden - include: docker.yml tags: install-docker diff --git a/tasks/ssh_port_fallback.yml b/tasks/ssh_port_fallback.yml deleted file mode 100644 index 785e53e..0000000 --- a/tasks/ssh_port_fallback.yml +++ /dev/null @@ -1,55 +0,0 @@ ---- -# -# https://gist.github.com/triplepoint/1ad6c6060c0f12112403d98180bcf0b4 -# -# This task list is intended to be imported by playbooks, before any -# other tasks are performed. It lets us determine whether the configured SSH -# port is available, and lets us fall back to the default port if necessary. -# -# The use case here is when a role in the playbook is configured to change the -# sshd port, but the first time the role is executed the host is still -# listening on the default port. With this check in place, we can fall back -# to the default port on the first run, and then on subsequent runs use the -# configured port. -# -# Be advised that running this task list in a `gather_facts: false` state as -# required means simple failures can go unexplained. For example, if python2 -# is not available, the `wait_for_connection` calls will just time out without -# explanation. -# -# Execute these tasks as the first thing in a playbook like so: -# - hosts: some-host-group -# gather_facts: false -# tasks: -# - import_tasks: _sshd_port_juggling.yml - -- name: SSH Port Juggle | define the fallback default SSH port - set_fact: - _default_ssh_port: 22 - -- name: SSH Port Juggle | Try configured ansible_port {{ ansible_port }} - wait_for_connection: - timeout: 10 - ignore_errors: true - register: _ssh_port_result - -- name: SSH Port Juggle | Set the ansible_port to the fallback default port {{ _default_ssh_port }} - set_fact: - ansible_port: "{{ _default_ssh_port }}" - when: - - _ssh_port_result is failed - -- name: SSH Port Juggle | Check fallback default port {{ ansible_port }} - wait_for_connection: - timeout: 10 - ignore_errors: true - register: _ssh_port_default_result - when: - - _ssh_port_result is failed - -- name: SSH Port Juggle | Fail - fail: msg="Neither the configured ansible_port {{ ansible_port }} nor the fallback port {{ _default_ssh_port }} were reachable" - when: - - _ssh_port_result is failed - - _ssh_port_default_result is defined - - _ssh_port_default_result is failed