42 lines
912 B
YAML
42 lines
912 B
YAML
|
---
|
||
|
|
|
||
|
|
- name: Check munge dir
|
||
|
|
file:
|
||
|
|
path: /etc/munge
|
||
|
|
owner: munge
|
||
|
|
group: munge
|
||
|
|
mode: 0700
|
||
|
|
state: directory
|
||
|
|
|
||
|
|
- name: Install munge key
|
||
|
|
action:
|
||
|
|
module: decode
|
||
|
|
args:
|
||
|
|
content: "{{ munge_key }}"
|
||
|
|
dest: /etc/munge/munge.key
|
||
|
|
filter: base64
|
||
|
|
owner: munge
|
||
|
|
group: munge
|
||
|
|
mode: 0400
|
||
|
|
|
||
|
|
# /var/log on Ubuntu 14.04+ is group writable, which causes munge to refuse to start
|
||
|
|
# NOTE: This is fixed in munge 0.5.12
|
||
|
|
- name: Check /var/log permissions
|
||
|
|
stat:
|
||
|
|
path: /var/log
|
||
|
|
register: stat_var_log
|
||
|
|
when: ansible_distribution == "Ubuntu"
|
||
|
|
|
||
|
|
- name: Force munge to start with "insecure" /var/log permissions
|
||
|
|
lineinfile:
|
||
|
|
dest: /etc/default/munge
|
||
|
|
line: 'OPTIONS="--force"'
|
||
|
|
regexp: ^OPTIONS=
|
||
|
|
when: ansible_distribution == "Ubuntu" and stat_var_log.stat.wgrp
|
||
|
|
|
||
|
|
- name: Ensure Munge is enabled and running
|
||
|
|
service:
|
||
|
|
name: munge
|
||
|
|
enabled: yes
|
||
|
|
state: started
|