Last active
August 29, 2015 14:19
-
-
Save IsoLinearCHiP/2558d79d9f2aa25cd7c6 to your computer and use it in GitHub Desktop.
initial setup of ansible access
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [defaults] | |
| # without "merge" you cant have defaults for the group | |
| hash_behaviour=merge |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # host_vars/target-host-alias_example | |
| # make sure you specify the username you configured in vss_setup.ansibleuser | |
| ansible_ssh_user: ansible | |
| vss_setup: | |
| password: "initialpassword" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Hosts that need to be setup for ansible first | |
| [setup] | |
| ## include hosts to be setup here following this pattern: | |
| ## target-host-alias ansible_ssh_port=22 ansible_ssh_host=target-host-fqdn |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # roles/vss-setup/defaults/main.yml | |
| vss_setup: | |
| # this is the username of the user created by VSS with a generated password you were told | |
| user: user | |
| # if you allways have the same password uncomment and set here | |
| # password: | |
| # the default location of you public key (relative to the inventory file?) | |
| keyfile: mypublickey.pub | |
| # the name of the ansible remote management user to create | |
| # (it gets passwordeless sudo and the above ssh key is used for access) | |
| ansibleuser: ansible |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # roles/vss-setup/taks/main.yml | |
| # This role will do some initial setup for VSS servers | |
| - debug: msg="Don't forget to define vss_setup.user with user so this workflow can run" | |
| - debug: msg="Your user is {{ vss_setup.user }}" | |
| - debug: msg="Your keyfile is {{ vss_setup.keyfile }}" | |
| - pause: prompt="only continue if the above values are correct" | |
| - name: Setup | create user | |
| user: name={{ vss_setup.ansibleuser }} shell=/bin/bash createhome=yes state=present comment="remote ansible user" | |
| sudo: true | |
| ## - name: Setup | set user password | |
| ## shell: usermod -p $(echo '{{ createpassword }}' | openssl passwd -1 -stdin) {{ createuser }} | |
| ## sudo: true | |
| - name: Setup | authorized key upload | |
| authorized_key: user={{ vss_setup.ansibleuser }} | |
| key="{{ lookup('file', vss_setup.keyfile ) }}" | |
| manage_dir=no | |
| sudo: true | |
| - name: Sudoers | update sudoers file and validate | |
| lineinfile: > | |
| dest=/etc/sudoers | |
| insertafter=EOF | |
| line="{{ vss_setup.ansibleuser }} ALL=(ALL) NOPASSWD: ALL" | |
| regexp="{{ vss_setup.ansibleuser }} ALL=\(ALL\) NOPASSWD: ALL" | |
| state=present | |
| sudo: true | |
| ## not fully tested, but might work | |
| # - name: Setup | disable password login for some users part 1 | |
| # lineinfile: > | |
| # dest=/etc/ssh/sshd_config | |
| # insertafter=EOF | |
| # regexp='Match User {{ item }}' | |
| # line='Match User {{ item }}' | |
| # validate='/usr/sbin/sshd -T -f %s' | |
| # state=present | |
| # with_items: | |
| # - root | |
| # - "{{ vss_setup.user }}" | |
| # - "{{ vss_setup.ansibleuser }}" | |
| # sudo: yes | |
| # | |
| # - name: Setup | disable password login for some users part 2 | |
| # lineinfile: > | |
| # dest=/etc/ssh/sshd_config | |
| # insertafter='Match User {{ item }}' | |
| # regexp='^PasswordAuthentication no # for user {{ item }}$' | |
| # line='PasswordAuthentication no # for user {{ item }}' | |
| # validate='/usr/sbin/sshd -T -f %s' | |
| # state=present | |
| # with_items: | |
| # - root | |
| # - "{{ vss_setup.user }}" | |
| # - "{{ vss_setup.ansibleuser }}" | |
| # sudo: yes |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: setup | |
| vars: | |
| - ansible_sudo_pass: "{{vss_setup.password}}" | |
| - ansible_ssh_pass: "{{vss_setup.password}}" | |
| - ansible_ssh_user: "{{vss_setup.user}}" | |
| roles: | |
| - vss-setup | |
| tasks: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment