Commit a7174ae8 authored by Tobias Winchen's avatar Tobias Winchen
Browse files

Fixed location specific privilige escalation

parent ce7475f2
......@@ -2,7 +2,6 @@
- name: Ensure access of all nodes to docker registry
hosts: all
gather_facts: yes
become: yes
tasks:
- name: Make sure cert directory exists
file:
......
......@@ -5,7 +5,6 @@
- name: Ensure docker-py is installed
hosts: all
become: yes
tasks:
- apt:
name:
......@@ -18,7 +17,6 @@
- name: Ensure data_base_path exists and is writeable
hosts: all
become: yes
tasks:
- file:
path: "{{ data_base_path }}"
......
---
# The core setup or effelsberg:
#
- name: basic configuraton
import_playbook: basic_configuration/main.yml
vars:
ansible_user: root
- name: use logspout to centralize logging
hosts: all
......
......@@ -35,6 +35,8 @@ docker_registry_data_path: "/beegfsEDD/edd_docker_registry"
# Tweak to use the correct python version depending on the used ansible version.
ansible_python_interpreter: auto_legacy_silent
# use sudo
#ansible_become: no
# Network configuration
#######################
......
......@@ -4,7 +4,6 @@
path: "{{ docker_registry_data_path }}/cert"
state: directory
recurse: yes
become: yes
tags:
- baremetal
......@@ -13,7 +12,6 @@
copy:
src: files/registry.key
dest: "{{ docker_registry_data_path }}/cert"
become: yes
tags:
- baremetal
......@@ -26,8 +24,6 @@
email_address: twinchen@mpifr-bonn.mpg.de
common_name: "{{ docker_registry }}"
subject_alt_name: "IP:{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
become: yes
tags:
- baremetal
......@@ -37,7 +33,6 @@
privatekey_path: "{{ docker_registry_data_path }}/cert/registry.key"
csr_path: "{{ docker_registry_data_path }}/cert/registry.csr"
provider: selfsigned
become: yes
tags:
- baremetal
......
......@@ -2,6 +2,8 @@
- name: basic configuraton
import_playbook: basic_configuration/main.yml
vars:
ansible_user: root
- name: setup telescope status server connection
hosts: interface
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment