-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathcheck-instance.yml
68 lines (60 loc) · 2.37 KB
/
check-instance.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- hosts: dbasm
gather_facts: false
pre_tasks:
- name: Verify that Ansible on control node meets the version requirements
assert:
that: "ansible_version.full is version_compare('2.8', '>=')"
fail_msg: "You must update Ansible to at least 2.8 to use these playbooks"
success_msg: "Ansible version is {{ ansible_version.full }}, continuing"
- block:
- name: Confirm JSON parsing works
assert:
that: "{{ '{}' | json_query('[0]') == None }}"
rescue:
- name: Check for JSON parse failure
fail:
msg: "You probably need to install Python jmespath on the control node"
tasks:
- name: Test connectivity to target instance via ping
ping:
register: pingrc
- name: Abort if ping module fails
assert:
that: "pingrc.ping == 'pong'"
fail_msg: >-
The instance does not have an usable python distribution
success_msg: >-
The instance has an usable python installation, continuing
- name: Collect facts from target
setup:
- name: Test privilege escalation on target
raw: sudo -u root whoami
register: rawrc
changed_when: false
- name: Fail if unable to sudo to root on target
assert:
that: "'root' in rawrc.stdout_lines"
fail_msg: "The account {{ ansible_user }} used to connect does not have sudo privileges to root"
success_msg: "The account {{ ansible_user }} used to connect has sudo root privileges, continuing"
- name: Check for Python installation
raw: test -e /usr/bin/python || test -e /usr/bin/python3
changed_when: false
failed_when: false
register: check_python
- name: Install Python if required
raw: sudo yum -y install python3
when: check_python.rc != 0