Felix Nehrke
7297892e18
Since I don't have multiple terraform steps anymore it simply doesn't make sense to me anymore to split all tasks into separate folders. Instead I try to be as clear as possible in the README to make it easy to follow the structure in the future without too much headache.
51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
- name: Set facts for target SSH-connection
|
|
set_fact:
|
|
target_ansible_port: "{{ ansible_port }}"
|
|
|
|
- name: Check if SSH-connection is already adjusted
|
|
ping:
|
|
ignore_errors: "yes"
|
|
ignore_unreachable: "yes"
|
|
register: target_ssh
|
|
|
|
- name: Set ansible_port to 22 when SSH-connection is not adjusted
|
|
set_fact:
|
|
ansible_port: "22"
|
|
when: target_ssh.unreachable is defined and
|
|
target_ssh.unreachable == True
|
|
|
|
- name: Check if initial SSH-connection is active
|
|
ping:
|
|
when: target_ssh.unreachable is defined and
|
|
target_ssh.unreachable == True
|
|
|
|
- name: Set SSH-port to 1022
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?\s*Port\s+[0-9]+$'
|
|
line: Port 1022
|
|
notify: "Restart sshd"
|
|
when: target_ssh.unreachable is defined and
|
|
target_ssh.unreachable == True
|
|
|
|
- name: Reset ansible_port to configured value
|
|
set_fact:
|
|
ansible_port: "{{ target_ansible_port }}"
|
|
when: target_ssh.unreachable is defined and
|
|
target_ssh.unreachable == True
|
|
|
|
- name: Run deferred setup to gather facts
|
|
setup:
|
|
|
|
- name: Ensure routable.d path to masquerade ips
|
|
file:
|
|
path: "{{ ip_masquerade_path }}"
|
|
state: directory
|
|
|
|
- name: Configure NAT to masquerade ips
|
|
template:
|
|
src: ip-masquerade.sh.j2
|
|
dest: "{{ ip_masquerade_path }}/{{ ip_masquerade_script }}"
|
|
mode: u=rwx,g=rx,o=rx
|
|
notify: "Start ip-masquerade"
|