mirror of
https://bitbucket.org/atlassian/dc-deployments-automation.git
synced 2025-12-13 16:33:08 -06:00
6151f01534
Add support for Amazon Linux 2022 * first pass at basic AL2022 support * unpin git version on AL2022 * resolve a few package issues/discrepancies * fix non-Amazon distro support * fix missing nfs.service symlink on AL2022 * remove Ubuntu/Debian install task from aws_common (no existing ubuntu dependency tasks) * add amazonlinux:2022 to list of images for testing via molecule * install amazon-cloudwatch-agent from package sources instead of direct RPM on AL2022; add workaround for missing group * fix typo in task name * add mising amazonlinux:2022 test for product_install role * al2022 -> al2023 * al2023 ships with rpm-installed versions of setuptools and distlib that aren't removable and older than what pipenv requires; use py3.11 instead Approved-by: Vadym Kovalskiy Approved-by: Eugene Ivantsov Approved-by: Yurii Kuzan
23 lines
754 B
YAML
23 lines
754 B
YAML
---
|
|
|
|
- name: Install Amazon-Linux-2-specific support packages
|
|
ansible.builtin.yum:
|
|
name:
|
|
- dejavu-sans-fonts
|
|
- file
|
|
- git-{{ git_version }}
|
|
- libxml2
|
|
- shadow-utils
|
|
vars:
|
|
ansible_python_interpreter: /usr/bin/python2
|
|
|
|
- name: Limit the SSH ciphers
|
|
ansible.builtin.lineinfile:
|
|
path: "/etc/ssh/sshd_config"
|
|
# Drop insecure ciphers, currently 3des-cbc only. You can get the
|
|
# full list with `sshd -T | grep -i ciphers`
|
|
regexp: '^[Cc]iphers'
|
|
line: "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc"
|
|
insertbefore: "BOF"
|
|
ignore_errors: yes # No sshd == no problem
|