Merge pull request #721 from cisagov/improvement/create_more_director…

…ies_at_build_time Create the `/etc/cyhy` directory at AMI build time
cisagov · Nov 16, 2023 · 8ffd68b · 8ffd68b
2 parents 958b6c2 + afbe339
commit 8ffd68b
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 33 deletions.
diff --git a/ansible/roles/cyhy_commander/tasks/main.yml b/ansible/roles/cyhy_commander/tasks/main.yml
@@ -10,17 +10,6 @@
     mode: 0600
     owner: cyhy
 
-#
-# Create the cyhy directory in etc for commander conf
-#
-- name: Create the /etc/cyhy directory
-  ansible.builtin.file:
-    group: cyhy
-    mode: 0755
-    owner: cyhy
-    path: /etc/cyhy
-    state: directory
-
 #
 # Copy the cyhy-commander conf file
 #

diff --git a/ansible/roles/cyhy_dashboard/tasks/main.yml b/ansible/roles/cyhy_dashboard/tasks/main.yml
@@ -1,14 +1,11 @@
 ---
-- name: Create needed directories
+- name: Create the /var/cyhy/web directory
   ansible.builtin.file:
     group: cyhy
     mode: 0750
     owner: cyhy
-    path: "{{ item }}"
+    path: /var/cyhy/web
     state: directory
-  loop:
-    - /etc/cyhy
-    - /var/cyhy/web
 
 - name: Create secret key file for webd
   ansible.builtin.file:

diff --git a/ansible/roles/cyhy_reporter/tasks/main.yml b/ansible/roles/cyhy_reporter/tasks/main.yml
@@ -2,12 +2,6 @@
 #
 # Set up /etc/cyhy/cyhy.conf
 #
-- name: Create the /etc/cyhy directory
-  ansible.builtin.file:
-    mode: 0755
-    path: /etc/cyhy
-    state: directory
-
 - name: Create /etc/cyhy/cyhy.conf
   ansible.builtin.template:
     dest: /etc/cyhy/cyhy.conf

diff --git a/ansible/roles/nessus/tasks/main.yml b/ansible/roles/nessus/tasks/main.yml
@@ -94,14 +94,6 @@
         name: nessusd
         state: started
 
-- name: Create /etc/cyhy directory
-  ansible.builtin.file:
-    group: cyhy
-    mode: 0750
-    owner: cyhy
-    path: /etc/cyhy
-    state: directory
-
 - name: Create the configuration file for Nessus API access
   ansible.builtin.template:
     dest: /etc/cyhy/nessus_api.yml

diff --git a/packer/ansible/create_credentials_directory.yml b/packer/ansible/create_credentials_directory.yml
@@ -0,0 +1,15 @@
+---
+- hosts: cyhy_commander,cyhy_dashboard,cyhy_reporter,nessus
+  name: Create the directory used for cyhy-commander, cyhy-core, and Nessus credentials
+  become: yes
+  become_method: ansible.builtin.sudo
+  tasks:
+    - name: Create the /etc/cyhy directory
+      ansible.builtin.file:
+        group: "{{ cyhy_user_username }}"
+        mode: 0750
+        owner: "{{ cyhy_user_username }}"
+        path: /etc/cyhy
+        state: directory
+  vars_files:
+    - vars/cyhy_user.yml
diff --git a/packer/ansible/create_cyhy_user.yml b/packer/ansible/create_cyhy_user.yml
@@ -9,9 +9,9 @@
     - name: Create the cyhy user
       ansible.builtin.user:
         home: /var/cyhy
-        name: cyhy
+        name: "{{ cyhy_user_username }}"
         shell: /bin/bash
-        uid: 2048
+        uid: "{{ cyhy_user_uid }}"
       register: user_info
 
     - name: Modify permissions on the home directory
@@ -22,4 +22,6 @@
     - name: Add the SSH public key as an authorized key
       ansible.posix.authorized_key:
         key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOreUDnms12MPI0gh7K+YGaESYgC2TY1zA+kSK/g+n5+ cyhy
-        user: cyhy
+        user: "{{ cyhy_user_username }}"
+  vars_files:
+    - vars/cyhy_user.yml
diff --git a/packer/ansible/playbook.yml b/packer/ansible/playbook.yml
@@ -8,6 +8,9 @@
 - name: Import cyhy user creation playbook
   ansible.builtin.import_playbook: create_cyhy_user.yml
 
+- name: Import credentials directory creation playbook
+  ansible.builtin.import_playbook: create_credentials_directory.yml
+
 - name: Import the nmap host playbook
   ansible.builtin.import_playbook: nmap.yml
 

diff --git a/packer/ansible/vars/cyhy_user.yml b/packer/ansible/vars/cyhy_user.yml
@@ -0,0 +1,4 @@
+---
+# CyHy user information
+cyhy_user_uid: 2048
+cyhy_user_username: cyhy