Code Review / ta / infra-ansible.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
FIX: More security hardening
[ta/infra-ansible.git] / infra-ansible.spec
diff --git a/infra-ansible.spec b/infra-ansible.spec
index 42c045e..85ad64d 100644 (file)
--- a/infra-ansible.spec
+++ b/infra-ansible.spec
@@ -15,7 +15,7 @@
 
 Name:           infra-ansible
 Version:        %{_version}
-Release:        1%{?dist}
+Release:        13%{?dist}
 Summary:        Contains ansible playbook and roles for Akraino rec blueprint
 License:        %{_platform_licence}
 Source0:        %{name}-%{version}.tar.gz
@@ -76,6 +76,7 @@ ln -sf %{_playbooks_path}/rpm-database.yml                   %{buildroot}/%{_pro
 ln -sf %{_playbooks_path}/single_node_storage.yml            %{buildroot}/%{_provisioning_path}
 ln -sf %{_playbooks_path}/ceph-deploy.yml                    %{buildroot}/%{_provisioning_path}
 ln -sf %{_playbooks_path}/baremetal-interface-config.yml     %{buildroot}/%{_provisioning_path}
+ln -sf %{_playbooks_path}/ntp-check.yml                      %{buildroot}/%{_provisioning_path}
 
 # Create links for the postconfig phase
 mkdir -p %{buildroot}/%{_postconfig_path}
@@ -100,7 +101,6 @@ ln -sf %{_playbooks_path}/disable-old-node-rsyslog.yml                %{buildroo
 ln -sf %{_playbooks_path}/enablecmagent.yml                           %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/haproxy-install.yml                         %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/ipv6-config.yml                             %{buildroot}/%{_postconfig_path}
-ln -sf %{_playbooks_path}/kernel-core-handling.yml                    %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/motd.yml                                    %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/hostcli.yml                                 %{buildroot}/%{_postconfig_path}
 ln -sf %{_playbooks_path}/oom.yml                                     %{buildroot}/%{_postconfig_path}
@@ -123,6 +123,7 @@ ln -sf /opt/config-encoder-macros %{buildroot}%{_roles_path}/access-management/t
 mkdir -p %{buildroot}/usr/lib/systemd/system/
 cp systemd/finalize-bootstrap.service %{buildroot}/usr/lib/systemd/system/
 cp systemd/sriov.service %{buildroot}/usr/lib/systemd/system
+cp systemd/report-installation-success.service %{buildroot}/usr/lib/systemd/system
 
 mkdir -p %{buildroot}/opt/ansible-change_kernel_cmdline/
 cp systemd/finalize-bootstrap.sh %{buildroot}/opt/ansible-change_kernel_cmdline/
@@ -131,6 +132,8 @@ mkdir -p %{buildroot}/opt/sriov
 cp systemd/sriov.sh %{buildroot}/opt/sriov
 
 %files
+%attr(0755,root,root) %{_playbooks_path}/report-installation-progress
+%attr(0755,root,root) %{_playbooks_path}/report-installation-success.sh
 %defattr(0644,root,root,0755)
 /root/dev_tools
 %{_playbooks_path}/*
@@ -149,6 +152,10 @@ cp systemd/sriov.sh %{buildroot}/opt/sriov
 for role in /usr/share/ceph-ansible/roles/*; do
   ln -sf $role /etc/ansible/roles/
 done
+mkdir -p /etc/ansible/roles/plugins/library
+for module in /usr/share/ceph-ansible/library/*.py*; do
+  ln -sf $module /etc/ansible/roles/plugins/library
+done
 systemctl enable sriov
 
 %preun
This repository contains all the generic deployment playbooks, which configure services running directly on the host. Includes playbooks for disk partitioning, Ceph configuration, hardening, security, SSH, operating system level user management etc.