From: Baha Mesleh Date: Tue, 3 Sep 2019 13:14:51 +0000 (+0300) Subject: Enabled recovery for ntpd when it fails. X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Finfra-ansible.git;a=commitdiff_plain;h=e697efd10739167c5d4517db1a93a23a28a7e68f Enabled recovery for ntpd when it fails. Signed-off-by: Baha Mesleh Change-Id: I93f4e6938c6d75cf624ca502f961e497af3b1cd6 --- diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml index 48e6df6..e60942e 100644 --- a/playbooks/monitoring.yml +++ b/playbooks/monitoring.yml @@ -22,3 +22,13 @@ become_user: root roles: - monitoring + +- name: Harden services + hosts: [ base ] + become: yes + become_method: sudo + become_user: root + tasks: + - include_role: + name: monitoring + tasks_from: harden_services.yml diff --git a/roles/monitoring/tasks/harden_services.yml b/roles/monitoring/tasks/harden_services.yml new file mode 100644 index 0000000..243538e --- /dev/null +++ b/roles/monitoring/tasks/harden_services.yml @@ -0,0 +1,38 @@ +# Copyright 2019 Nokia + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +- name: Define services to be hardened + set_fact: + hardened_services: [ ntpd ] + +- name: Create hardening hooks + file: + path: "/etc/systemd/system/{{item}}.service.d" + state: directory + mode: '0755' + with_items: "{{hardened_services}}" + +- name: Create the monitoring template + template: + src: monitor.conf.j2 + dest: "/etc/systemd/system/{{item}}.service.d/monitor.conf" + mode: '0640' + with_items: "{{hardened_services}}" + +- name: Start services + systemd: + state: started + enabled: yes + daemon_reload: yes + name: "{{item}}" + with_items: "{{hardened_services}}"