-
Notifications
You must be signed in to change notification settings - Fork 0
/
duo.yaml
140 lines (127 loc) · 6.11 KB
/
duo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# run this playbook in test mode:
# ansible-playbook --inventory localhost, --check --diff duo.yaml
# creates ~/.ansible directory for temporary storage
- name: install Duo
hosts: all
connection: local # do not use ssh
gather_facts: no # save time
vars: # local to this playbook
duo_packages:
- duo_unix
tasks:
- name: install trusted Duo repo GPG key
# from https://duo.com/DUO-GPG-PUBLIC-KEY.asc
copy:
dest: /etc/pki/rpm-gpg/RPM-GPG-KEY-Duo
content: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQINBGKXnlEBEACt6PO6539t9fcvGxXqgsEyBo63+nrLDkhD6PF7SLl/PxkE0DG8
EqWWAI1GJb+3UMvZcf+R+1TvsjviA+CVTiScgiQvq8FZZjGEziq5oN30qoZJ3Akk
cPZJYWQryZaj7MK0Dimnaf6kBEFz3jbvwroJsUNes/A3r2F3xOo/s4s9f7bVvzhl
WkeawWlg0xLAZtfz/y+q7U1I6B7iDodNQQM1uNHQNBOjaCdgIU2TmXDwL0OruD3F
W6pY6u/yrtu/6RV/9632NQtVsRUbf07Di7gVZ4Zs90Sxl7AbwuaglGV+jtFcGGag
9Ziu8imyI0vV99lEJbgglyVIG64zfvGDfFK+ap4KACbfn4s14zdphdmSHcynCSRr
fPx0gQu/KqFT9ZZ5KstjVEVDqT4twlSAt+RDvVwslYve+CpDvk9+28mfP6uk5+he
UMp3pD9dBSS0nhAt2JYeIoQd4zmPf7Ed5Y3Wy+PMNXk0Y3YRPWPg/1MDP655GtEK
ayn3jab4uwauQHJp7TyH8TpOdIo9luwod4crSHap8fdtfPN4QXEiOB9QWP+4KGys
1dxmF98T1ay0FWwlqGP3DgEDCcMMwddEVIXL9tgStpUvgfO/5ZrDXsgUlSfYswwr
RkB/SE2/apG4BBOzQmJFQ67jY6nzxkj06IXGrQRNDzQeu/1pQs2sw8VezQARAQAB
tDJEdW8gU2VjdXJpdHkgUGFja2FnZSBTaWduaW5nIDxkZXZAZHVvc2VjdXJpdHku
Y29tPokCPwQTAQoAKQUCYpeeUQIbAwUJEswDAAcLCQgHAwIBBhUIAgkKCwQWAgMB
Ah4BAheAAAoJEEtEzj3/aWFyR1sP/1WS026x5XTadUMKsoI+otRQ0RIuIHWCX2/q
iW7n9zX5+h+vA8jrw6umkN2ShKRhybOuDx5KOjiB3jyb4R44KJKF59LGzvR2tQb5
CWmM+r6K2Sti8EhrfHlR3lIxthg2Y7XOXJP1Ddg+UF2CuQD1uK1NXOCre6N+SWZh
WlhgEqS+NlyK5IbhrptlqOwjEssiqjVpLxENQnqQajuLTtGy6NQB0PuydIsDlTH/
vB8bogSdMkPuLTClU8kK4EkGGu1TXn4/9cbNTswYAgEBGoQ27iG2o1410p18v1EX
t+aBGyqh8mPFwMMupWAkp5gOpluvGZ1d13bp0trzalj5oxbhqlLyL3u9lHJdLPMn
HX5tR6LkO6IvUd2O5WEH/QcbutFgen7bh/JXKOaSm+aGHSq9W2hF3ZTJloDoyPVk
39gIrCBa1yE/MjF6LwNMj3bBKAZhoHKSaElL6vWsSHk/XmrA/eC/KT5vAb48y1ht
/kBI4coB/h99BQBkIBBEQJvRhpFu0ExyKk5rE+xVL8yE7AkMDj13d+l2Cs6B0cB5
UWFutODTvzrZCRJAN+Dd6QE2qHtXFHk5KnLBNZnUeLMwO7SLnGc8+HYsWw8ddGt5
q5MoauEt6mNxDpT435lghWiqYsT6efhTNA1wcQLi6XPpOGFwnAg3VGKOku/g5C29
FiDf7x47uQINBGKXnlEBEADnOEzXIhfTZqLUaNdrPS+HWmJOPHC0Y0KcUXSwSpOg
k540/4tYuVy/9F+LuUz8C4giwqNi6UVFqiZONRrnDhCk/QhI410rGX1j9vzJ0hYR
UagUO1jX60KmG8S3JIeIL1oq9YFODBfKLMaiEsqIMDsdCpBta3ZgdtteGW9U2BxF
0a0VUeEvnsa2GZSF7IyiRIQFJjcVqtcP8eLpsPOqhg+cTn/Uf2+xzSRotc+gyKQ4
l49+9CMiv/qN1XgF5Skz0Ms8cJ0iGKWiPT3vFzoKTRGPKVz7URaH/lOY2agTJlZz
T8HoAlA+7Treb7Mp7PdiLtDnKDrphEmp5g/y6ze+uywq5PgjDwwMJxx9GCjRECg6
TNidOX08yqZ6pK0lmoqQTnZdcdiKTfwYQkP8E6DiP2hhDV94AmuBLNkDu5C6JfM/
8LKCfdZ3ShWSPrQm9TzLVSwIaS+dKws0MwXgqP1XOuub+WWS1Onzkb3e7ZHIHCJp
12gpZlkKCxm6HVsMzVOxx2TKYV5BYdnMYhIstoK2jUKiHpPgfwTgle9ZvAhqXYwl
U3jIGh5bGhb9dssKygxkRVpoiU6Wa3PDyXMkv9pgds+rgB5DrPGWacvI5o87fJl1
8rxEY3X47rxnuqdrkuPg13kxJrnpBbtZgVEzyi4G9nTHzwoios3QV53fru8QnSU1
KwARAQABiQIlBBgBCgAPBQJil55RAhsMBQkSzAMAAAoJEEtEzj3/aWFyu6gP/3XJ
BewHcpjnmm4h8nRshB3BlpXlKgC72z472FQvPJlZk80uNXp+9AibzkbTibXqI202
4+NtfR+84feMUV7VoY3HPJjf7rFstapiGOyAzQm9qeX5yuK+RZPsQjk2ua69iCvz
CV5gK3Hhmmq9cRd7MvIJlEIAPcFSiBLSmsuBS+zmjZ81+2ApAU44fAEsWPmEPGmn
zvx8PUhThg4AScrTXuRxx8Mn0lUeqCEcTD781BwqBH+ziK5m3VlDlXNG8l6PUDDd
vF3BYkNijkwMGFymsaoaO5RB9yLTzesO4ozQcQnO9IubVO6OQRIhwYYU7qqfzRQ8
JD77NUGv0nruCUsBayktmBdGnjWapKhZRKYsGtHtaISgXFq/4cR9ZLuL0NBo9dXs
9ybYtWbM7wJLcm+AIv6Wf4a6HRAvXK/V66qbJsWsMfpUuFfgCuZQ0POyAJ3eu2tN
R/twtIG3f31vJ4aaK7TGAWt4YYklGW/bIgvxq4dzBFvBhucFwlF4bKSX9NBhGY7+
ciqRpNy8+N0g2vvtfM3T9+wfBG+zMUmTlV+VG1D2/I9pIAQENcEX5anTQXfq//tR
4RJa5y+vrIH5Lgcnw7d+eFbiJBOJM/2S871q7ztau+CoCYipttKZJeicyizZx6pk
8Xba5r0FqbA/IsmUeAGuhfSRO96v5YnfiF1tmPsZ
=KqQg
-----END PGP PUBLIC KEY BLOCK-----
backup: yes
owner: '0'
group: '0'
mode: 0644
# use this to make check mode work better
- name: is Duo repo GPG key file present?
stat:
path: /etc/pki/rpm-gpg/RPM-GPG-KEY-Duo
get_attributes: no # save time
get_checksum: no # save time
get_mime: no # save time
register: duo_repo_key_file
- name: is Duo repo GPG key already imported?
command: rpm -q --quiet gpg-pubkey-ff696172-62979e51
args:
warn: no # ok to use rpm instead of yum in module
check_mode: no # pretend we are not in check mode so command is always run
changed_when: false # no side effects
failed_when: false # ok for key to be not imported
register: have_duo_repo_key
- name: import Duo repo GPG key into rpm database
command: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Duo
args:
warn: no # ok to use rpm instead of yum in module
check_mode: no # pretend we are not in check mode so command is always run
changed_when: have_duo_repo_key.rc != 0
when:
- have_duo_repo_key.rc != 0
- duo_repo_key_file.stat.exists
- name: configure Duo repo
copy:
dest: /etc/yum.repos.d/duosecurity.repo
content: |
[duosecurity]
name=Duo Security Repository
baseurl=https://pkg.duosecurity.com/CentOS/$releasever/$basearch
enabled=1
gpgcheck=1
backup: yes
owner: '0'
group: '0'
mode: 0644
# use this to make check mode work better
- name: is Duo repo file installed?
stat:
path: /etc/yum.repos.d/duosecurity.repo
get_attributes: no # save time
get_checksum: no # save time
get_mime: no # save time
register: duo_repo_file
- name: install Duo packages
yum:
name: "{{ duo_packages }}"
state: present
when:
- have_duo_repo_key.rc == 0
- duo_repo_file.stat.exists
# - name: print all Ansible variables
# debug:
# var: vars