feat: add data-production

mission-apprentissage · Jun 6, 2024 · e1379dc · e1379dc
1 parent 5189881
commit e1379dc
Show file tree

Hide file tree

Showing 4 changed files with 228 additions and 183 deletions.
diff --git a/.github/workflows/batch_setup.yml b/.github/workflows/batch_setup.yml
@@ -6,7 +6,7 @@ on:
         description: JSON product array
         type: string
         required: true
-        default: '["api", "bal", "lba", "monitoring", "tdb", "vpn", "contrat"]'
+        default: '["api", "bal", "lba", "monitoring", "tdb", "vpn", "contrat", "data"]'
       environments:
         description: JSON environment array
         type: string
@@ -33,14 +33,20 @@ jobs:
             environment: pentest
           - product: vpn
             environment: pentest
+          - product: data
+            environment: pentest
           - product: monitoring
             environment: recette
           - product: vpn
             environment: recette
+          - product: data
+            environment: recette
           - product: monitoring
             environment: preview
           - product: vpn
             environment: preview
+          - product: data
+            environment: preview
     name: Setup ${{ matrix.product }} on ${{ matrix.environment }}
     uses: "./.github/workflows/_setup.yml"
     with:

diff --git a/.infra/ansible/setup/tasks/configure-auth.yml b/.infra/ansible/setup/tasks/configure-auth.yml
@@ -12,20 +12,37 @@
   shell:
     cmd: sshd -t
 
-- name: Install pam packages
-  apt:
-    name: [ 'libpam-cracklib' ]
-
 - name: Ensure group "mna" exists
   group:
     name: mna
     state: present
 
-- name: Set password policy
-  lineinfile:
-    path: /etc/pam.d/common-password
-    regexp: "pam_cracklib.so"
-    line: "password   requisite   pam_cracklib.so retry=3 minlen=14 difok=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1"
+- name: Setup password policy in Ubuntu 22.04
+  when: ansible_facts['distribution_major_version'] == '22'
+  block:
+    - name: Install pam packages
+      apt:
+        name: [ 'libpam-cracklib' ]
+
+    - name: Set password policy
+      lineinfile:
+        path: /etc/pam.d/common-password
+        regexp: "pam_cracklib.so"
+        line: "password   requisite   pam_cracklib.so retry=3 minlen=14 difok=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1"
+
+# cracklib is deprecated and removed in Ubuntu 24.04
+- name: Setup password policy in Ubuntu 24.04
+  when: ansible_facts['distribution_major_version'] == '24'
+  block:
+    - name: Install pam packages
+      apt:
+        name: [ 'libpam-pwquality' ]
+
+    - name: Set password policy
+      lineinfile:
+        path: /etc/pam.d/common-password
+        regexp: "pam_pwquality.so"
+        line: "password   requisite   pam_pwquality.so retry=3 minlen=14 difok=3 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1"
 
 - name: Set umask=077 for root user
   lineinfile: