Merge pull request #3 from itsumma/develop

ubuntu 16.04 support

README.md

@@ -30,12 +30,17 @@ bastion host setup scripts.
 
 ## Requirements
 
-* Fresh CentOS 7 setup
+* Fresh CentOS 7 or Ubuntu 16.04 setup
 * [Ansible](http://docs.ansible.com/ansible/intro_installation.html) 2.3+ for
 install or update
 
 ## INSTALL
 
+for ubuntu only:
+```
+# apt update; apt install python python-pip python-dev -y
+```
+
 edit
 
 `ansible/hosts.ini`
@@ -53,7 +58,7 @@ and restart server
 
 append to
 
-`/etc/bashrc`
+`/etc/bashrc` or `/etc/bash.bashrc` for ubuntu:
 ```
 if [ -f /opt/auth/shared/bash.sh ]; then
     source /opt/auth/shared/bash.sh;
@@ -92,9 +97,10 @@ systemctl status sshd
 ```
 
 ### OTP
+
 append to
 
-`/etc/pam.d/sshd`
+`/etc/pam.d/sshd` or `/etc/pam.d/common-auth` for ubuntu
 ```
 auth       required     pam_oath.so usersfile=/etc/oath/users.oath window=20 digits=6
 ```
@@ -130,7 +136,11 @@ systemctl status sshd
 
 #### load auth environment
 ```
-# source /opt/auth/shared/bash.sh;
+# source /etc/bashrc
+
+## OR
+
+# source /etc/bash.bashrc
 ```
 
 #### add user
@@ -174,7 +184,7 @@ Persistent connection - for easy connection reopen without OTP and password prom
 
 append to
 
-`/etc/bashrc`
+`/etc/bashrc` or `/etc/bash.bashrc` for ubuntu:
 ```
 ISOLATE_BACKEND=redis; # or zabbix
 export ISOLATE_BACKEND;

ansible/main.yml

@@ -1,4 +1,14 @@
 ---
+- name: Ubuntu 16.04 workarounds
+  gather_facts: no
+  connection: local
+  hosts: all
+  tasks:
+  - name: Installing Python...
+    shell: "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l root {{ ansible_ssh_host }} 'apt-get clean ; apt-get update ; apt-get -y install python python-dev python-pip python-simplejson'"
+    when: ubuntu_1604 | default(False)
+    tags: always
+
 - name: Auth host setup...
   gather_facts: yes
   become_user: root

ansible/roles/auth/tasks/main.yml

@@ -14,8 +14,8 @@
   - pam2fa
   - pam-2fa
 
-- include: nginx.yml
-  tags: nginx
+#- include: nginx.yml
+#  tags: nginx
 
 - include: auth-deploy.yml
   tags: auth-deploy

ansible/roles/auth/tasks/pam-2fa.yml

@@ -5,6 +5,22 @@
   - liboath
   - gen-oath-safe
   - pam_oath
+  when: ansible_distribution == "CentOS"
 
 - name: Ensure oath etc dir exist...
   file: dest=/etc/oath state=directory owner=root group=root mode=0700
+  when: ansible_distribution == "CentOS"
+
+#- apt_repository:
+#    repo: 'ppa:yubico/stable'
+#  when: ansible_distribution == "Ubuntu"
+#
+- name: Installing libpam-yubico from PPA...
+  apt: name={{ item }} state=present update_cache=yes
+  with_items:
+  - libpam-oath
+  - liboath0
+  - liboath-dev
+  - oathtool
+  when: ansible_distribution == "Ubuntu"
+

ansible/roles/auth/tasks/redis.yml

@@ -10,9 +10,30 @@
   yum: name={{ item }} state=present update_cache=yes
   with_items:
   - redis
+  when: ansible_distribution == "CentOS"
+
+- apt_repository:
+    repo: 'ppa:chris-lea/redis-server'
+  when: ansible_distribution == "Ubuntu"
+
+- name: Install Redis via apt...
+  apt: name={{ item }} state=present update_cache=yes
+  with_items:
+  - redis-server
+  when: ansible_distribution == "Ubuntu"
 
 - name: Apply Redis configs...
-  template: src=redis.conf dest=/etc/redis.conf owner=root group=redis mode=0640
+  template: src=redis_centos.conf dest=/etc/redis.conf owner=root group=redis mode=0640
+  when: ansible_distribution == "CentOS"
+
+- name: Apply Redis configs...
+  template: src=redis_ubuntu.conf dest=/etc/redis/redis.conf owner=root group=redis mode=0640
+  when: ansible_distribution == "Ubuntu"
 
 - name: Restart Redis...
   service: name=redis state=restarted enabled=yes
+  when: ansible_distribution == "CentOS"
+
+- name: Restart Redis...
+  systemd: daemon_reload=yes state=restarted name=redis-server enabled=yes
+  when: ansible_distribution == "Ubuntu"