Thank you for reading this post, don't forget to subscribe!
данная роль установит proftpd и добавит виртуального пользователя или реального.
создаём структуру директорий:
mkdir -p /etc/ansible/{playbooks/roles_play,roles/proftpd/{handlers,tasks,templates}}
cat /etc/ansible/roles/proftpd/handlers/main.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 |
--- - name: enable and start proftpd service: name=proftpd state=restarted enabled=yes - name: restart proftpd service: name=proftpd state=restarted |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/add-logs.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
- name: Add logs for proftpd blockinfile: dest: /etc/proftpd.conf marker: "# {mark} ANSIBLE MANAGED BLOCK logs" block: | LogFormat write "%h %l %u %t "%r" %s %b" SystemLog /var/log/proftpd/proftpd.log TransferLog /var/log/proftpd/xfer.log ExtendedLog /var/log/proftpd/access.log WRITE,READ write ExtendedLog /var/log/proftpd/auth.log AUTH auth state: present - name: create log files file: path: "{{item}}" state: touch with_items: - /var/log/proftpd/proftpd.log - /var/log/proftpd/xfer.log - /var/log/proftpd/access.log - /var/log/proftpd/auth.log |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/add-to-hosts.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 |
- name: Add '{{ ansible_default_ipv4.address }}' to /etc/hosts lineinfile: dest: /etc/hosts state: present line: '{{ ansible_default_ipv4.address }} {{ ansible_hostname }}' |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/add-to-shells.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 |
- name: Add '{{ user_shell }}' to /etc/shells lineinfile: dest: /etc/shells state: present line: '{{ user_shell }}' |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/installepelrepo.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 |
- name: Install EPEL repo. yum: name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm state: present - name: Import EPEL GPG key. rpm_key: key: /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }} state: present |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/install-proftpd.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 11 |
- name: Installing proftpd become: yes yum: name: "{{item}}" state: present with_items: - proftpd - proftpd-utils notify: - enable and start proftpd |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/real-user.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
- name: add real user for ftp "{{ user_name }}" and home dir "{{ user_dir }}" user: name: "{{ user_name }}" shell: "{{ user_shell }}" home: "{{ user_dir }}" password: "{{ user_pass | password_hash('sha512') }}" state: present - name: change /etc/proftpd.conf if it was set for virtual user replace: dest: /etc/proftpd.conf regexp: '^#AuthOrder' replace: 'AuthOrder' - name: remove parameters from config if it use vurtual user blockinfile: dest: /etc/proftpd.conf marker: "# {mark} ANSIBLE MANAGED BLOCK config-virtual-user" block: | RequireValidShell off AuthUserFile /etc/proftpd.d/ftpd.passwd AuthPAM off LoadModule mod_auth_file.c AuthOrder mod_auth_file.c state: absent |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/virtual-user.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
- name: add real user if it not exist user: name: "{{ user_name }}" state: present register: webserver_user_registered - name: change /etc/proftpd.conf if it was set for real user replace: dest: /etc/proftpd.conf regexp: '^AuthOrder' replace: '#AuthOrder' - name: add parameters to config for use vurtual user blockinfile: dest: /etc/proftpd.conf marker: "# {mark} ANSIBLE MANAGED BLOCK config-virtual-user" block: | RequireValidShell off AuthUserFile /etc/proftpd.d/ftpd.passwd AuthPAM off LoadModule mod_auth_file.c AuthOrder mod_auth_file.c state: present - name: create dir /etc/proftpd.d/ file: path: /etc/proftpd.d state: directory - name: create file /etc/proftpd.d/ftpd.passwd file: path: /etc/proftpd.d/ftpd.passwd state: touch - name: create virtual user "{{ virtual_user_name }}" under real user "{{ user_name }}" and home dir "{{ user_dir }}" shell: echo {{ user_pass }} | ftpasswd --passwd --file=/etc/proftpd.d/ftpd.passwd --name={{ virtual_user_name }} --uid={{ webserver_user_registered.uid }} --gid={{ webserver_user_registered.group }} --home={{ user_dir }} --shell={{ user_shell }} --stdin |
[/codesyntax]
cat /etc/ansible/roles/proftpd/tasks/main.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
--- - import_tasks: installepelrepo.yml tags: epel - import_tasks: add-to-hosts.yml tags: /etc/hosts - import_tasks: add-to-shells.yml tags: /etc/shells - import_tasks: install-proftpd.yml tags: proftpd - import_tasks: add-logs.yml tags: logs - import_tasks: real-user.yml tags: real-user when: type_real_virtual_user == 'real' - import_tasks: virtual-user.yml tags: virtual-user when: type_real_virtual_user == 'virtual' |
[/codesyntax]
cat /etc/ansible/playbooks/roles_play/proftpd.yml
[codesyntax lang="php" blockstate="collapsed"]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
--- - hosts: 192.168.1.170 become: true ignore_errors: yes become_method: sudo gather_facts: yes vars: - type_real_virtual_user: virtual - user_name: test - virtual_user_name: 2vtest - user_dir: /var/2test - user_pass: test - user_shell: /sbin/nologin roles: - proftpd # tasks: # - include_role: # name: name1 # name: name2 |
[/codesyntax]
type_real_virtual_user - здесь мы задаём тип:
real - означает, что подключение будет осуществляться под реальным пользователем.
virtual - означает, что подключение будет осуществляться под виртуальным пользователем.
user_name - имя реального пользователя
virtual_user_name - имя виртуального пользователя, который будет работать под id реального пользователя.
user_dir - пользовательская директория
user_pass - пароль пользователя
user_shell - шел пользователя, я ставлю /sbin/nologin для того чтобы под этим пользователем нельзя было подключиться по ssh