fccoelho's questions

I am creating an ansible rolke for configure ssh security on servers, following the documentation. Here is my YAML configuration file:

---
- name: Enable SSH security
  hosts: webservers
  tasks:
      - name: Ensure SSH is installed
        apt:
          name: openssh-server
          state: present

      - name: Configure SSH to disable password authentication
        lineinfile:
          path: /etc/ssh/sshd_config
          regexp: '^#?PasswordAuthentication'
          line: 'PasswordAuthentication no'
        notify: Restart SSH

      - name: Ensure public key authentication is enabled
        lineinfile:
          path: /etc/ssh/sshd_config
          regexp: '^#?PubkeyAuthentication'
          line: 'PubkeyAuthentication yes'
        notify: Restart SSH

      - name: Disable root SSH access
        lineinfile:
          path: /etc/ssh/sshd_config
          regexp: '^#?PermitRootLogin'
          line: 'PermitRootLogin no'
        notify: Restart SSH

  handlers:
      - name: Restart SSH
        service:
          name: ssh
          state: restarted

It seem correct and well formatted, however when I run the playbook, I get this error:

SSH password: 
BECOME password[defaults to SSH password]: 
ERROR! conflicting action statements: hosts, tasks

The error appears to be in '/<full path>/Hetzner/roles/ssh_security/tasks/main.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
- name: Enable SSH security
  ^ here

The Pycharm IDE yaml parser does not accuse this error. What could be wrong in this configuration?

I am trying to access kibana from a remote machine through an SSH tunnel:

ssh -f user@elastichost -L 5601:elastichost:5601 -N

My remote browser just times out with a "waiting for a response". Is there a reason why this should not work?

I am setting up CKAN, a pylons application according to these instructions: http://packages.python.org/ckan/deployment.html

But when I point to the server (no DNS setup yet) using IP or hostname, I only see apache's greeting page, sugesting the ckan app is not being loaded.

here is my mod_wsgi script:

import os
instance_dir = '/home/flavio/var/srvc/ckan.emap.fgv.br'
config_file = 'ckan.emap.fgv.br.ini'
pyenv_bin_dir = os.path.join(instance_dir, 'pyenv', 'bin')
activate_this = os.path.join(pyenv_bin_dir, 'activate_this.py')
execfile(activate_this, dict(__file__=activate_this))
from paste.deploy import loadapp
config_filepath = os.path.join(instance_dir, config_file)
from paste.script.util.logging_config import fileConfig
fileConfig(config_filepath)
application = loadapp('config:%s' % config_filepath)

here is my virtual host configuration:

<VirtualHost *:80>

ServerName dck093

ServerAlias dck093

WSGIScriptAlias / /home/flavio/var/srvc/ckan.emap.fgv.br/pyenv/bin/ckan.emap.fgv.br.py
# pass authorization info on (needed for rest api)
WSGIPassAuthorization On

ErrorLog /var/log/apache2/ckan.emap.fgv.br.error.log
CustomLog /var/log/apache2/ckan.emap.fgv.br.custom.log combined
<Directory /home/flavio/var/srvc/ckan.emap.fgv.br/pyenv/bin>
    Order deny,allow
    Allow from all
</Directory>
</VirtualHost>

I try to disable the 000-default site (with a2dissite), but that dind't help.After doing this I get an Internal server error page, but no log message. Can anyone point out what am I missing?