ansible: Extract k5login role

Signed-off-by: Anders Kaseorg <[email protected]>

Author: andersk

ansible/roles/k5login/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: reload ssh
+  service: name=ssh state=reloaded

ansible/roles/k5login/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: Enable GSSAPIAuthentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '(?i)^#?\s*GSSAPIAuthentication\s'
+    line: GSSAPIAuthentication yes
+  notify: reload ssh
+- name: Disable PasswordAuthentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '(?i)^#?\s*PasswordAuthentication\s'
+    line: PasswordAuthentication no
+  notify: reload ssh
+- name: Update k5login
+  copy:
+    dest: /root/.k5login
+    content: |
+      {% for maintainer in maintainers %}
+      {{ maintainer.username }}/[email protected]
+      {% endfor %}

ansible/scripts-directors.yml

@@ -48,23 +48,12 @@
       - reconfigure munin-node
       - setup
   roles:
+  - k5login
   - ldirectord-status
   - lvs-iptables
   - lvs-lighttpd
   - munin-node
   tasks:
-  - name: Enable GSSAPIAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*GSSAPIAuthentication\s'
-      line: GSSAPIAuthentication yes
-    notify: reload ssh
-  - name: Disable PasswordAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*PasswordAuthentication\s'
-      line: PasswordAuthentication no
-    notify: reload ssh
   - name: Configure rsyslog
     copy:
       dest: /etc/rsyslog.d/scripts-syslog-client.conf
@@ -111,13 +100,6 @@
       dest: /etc/nagios/nrpe_local.cfg
       src: files/nrpe_local.cfg
     notify: restart nrpe
-  - name: Update k5login
-    copy:
-      dest: /root/.k5login
-      content: |
-        {% for maintainer in maintainers %}
-        {{ maintainer.username }}/[email protected]
-        {% endfor %}
   - name: Update /etc/aliases
     lineinfile:
       path: /etc/aliases
@@ -179,8 +161,6 @@
       dest: /etc/ha.d/ldirectord.cf
       src: files/ldirectord.cf
   handlers:
-  - name: reload ssh
-    service: name=ssh state=reloaded
   - name: restart rsyslog
     service: name=rsyslog state=restarted
   - name: newaliases

ansible/scripts-syslog.yml

@@ -1,5 +1,7 @@
 - hosts: scripts-syslogs
   serial: 1
+  roles:
+  - k5login
   tasks:
   - name: Configure Kerberos
     debconf: name=krb5-config question=krb5-config/default_realm vtype=string value=ATHENA.MIT.EDU
@@ -17,25 +19,6 @@
     - libzephyr4-krb5
     - zephyr-clients
     - aptitude
-  - name: Update k5login
-    copy:
-      dest: /root/.k5login
-      content: |
-        {% for maintainer in maintainers %}
-        {{ maintainer.username }}/[email protected]
-        {% endfor %}
-  - name: Enable GSSAPIAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*GSSAPIAuthentication\s'
-      line: GSSAPIAuthentication yes
-    notify: reload ssh
-  - name: Disable PasswordAuthentication
-    lineinfile:
-      path: /etc/ssh/sshd_config
-      regexp: '(?i)^#?\s*PasswordAuthentication\s'
-      line: PasswordAuthentication no
-    notify: reload ssh
   - name: Update /etc/aliases
     lineinfile:
       path: /etc/aliases
@@ -104,8 +87,6 @@
     notify: restart rsyslog
 
   handlers:
-  - name: reload ssh
-    service: name=ssh state=reloaded
   - name: newaliases
     command: newaliases
   - name: reload systemd