FEATURE: Simple playbook for configuring Ansible user implement. One host, simple vault, script to run it. Task creates user, grants sudo
This commit is contained in:
@@ -0,0 +1,7 @@
|
||||
---
|
||||
# Password for Ansible user
|
||||
ansible_become_password: p@a$$word
|
||||
# SSH key for Ansible user
|
||||
ansible_ssh_key: $$h_key
|
||||
# Password for the default unprivileged user
|
||||
user_password: p@a$$word
|
||||
@@ -0,0 +1,21 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66633664323430633839313237323961383861313238613533373836343632623630373236363931
|
||||
3938336530333965623137333061383430306630333936340a393334613631346536666435303536
|
||||
63623437393938303032333431386433383532313663303164633639383966666331666639316161
|
||||
3934336133623933660a343636303735333838326536636534356234363333393533633534333065
|
||||
32363862336233363932376233623935616230613761663564623830623436626166646164366630
|
||||
65316266313538643762333438653938613362666266633834323236383062653466373935656666
|
||||
61363239386535316136346539653964646533653566616430373764633763646665616135323137
|
||||
33333064323464643837343139363638313266353136636637646132376232653962383662643365
|
||||
64373364393165303562653131663061316266333737643561613936353036346239646666646132
|
||||
38656334303861623966626233366336303264366439666231353465663361613835643030333736
|
||||
62366265393339333832386537353635323838323062333163323364643964323838396332636133
|
||||
32373136646265613962313636343738363430646130653339626434623362326662323839393366
|
||||
32366634623631366362343231316664356539306664313235626461326463376166356435663065
|
||||
63323863376236623030656466383562366366316662306332383036633335636138633038323830
|
||||
34383162373966663666303130623364666535353738656433636463396534653735393362303633
|
||||
38306132396533356262353837366532316631643864313033353564626663366166316431303735
|
||||
33623965613337613838396165373363363331636132336466633236646331636239393766323662
|
||||
37376332343534346438366566623930663737663566373965313934333337373630663738613163
|
||||
31383937343534356537326636386133646466303235303966313363623530346535383531643164
|
||||
66353839383966336331
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
physical:
|
||||
vars_files:
|
||||
../../data/secrets.yaml
|
||||
hosts:
|
||||
192.168.0.5:
|
||||
ansible_become_password: "{{ ansible_become_password }}"
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Basic Proxmox guest deployment
|
||||
hosts: all
|
||||
remote_user: root
|
||||
roles:
|
||||
- ../roles/0_basic_postinstall
|
||||
vars_files:
|
||||
../data/secrets.yaml
|
||||
vars:
|
||||
ansible_user_passwd_hash: "{{ ansible_become_password | password_hash('sha512', 's3edscrj45e6r') }}"
|
||||
user_passwd_hash: "{{ user_password | password_hash('sha512', 's3ed6123jhgcr') }}"
|
||||
|
||||
handlers:
|
||||
- name: restart sshd
|
||||
service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
@@ -0,0 +1,41 @@
|
||||
---
|
||||
## Installing packages
|
||||
- name: Install sudo on apt systems
|
||||
when: (ansible_facts['distribution'] == "Debian") or
|
||||
(ansible_facts['distribution'] == "Ubuntu")
|
||||
apt:
|
||||
name:
|
||||
- sudo
|
||||
update-cache: yes
|
||||
|
||||
- name: Update Alpine packages
|
||||
when: (ansible_facts['distribution'] == "Alpine")
|
||||
command: /sbin/apk update
|
||||
|
||||
- name: Install sudo package on Alpine
|
||||
when: (ansible_facts['distribution'] == "Alpine")
|
||||
command: /sbin/apk add sudo
|
||||
|
||||
|
||||
## Creating and setting up the ansible user
|
||||
## First, create sshusers group to grant ssh access
|
||||
- name: Ensure group "sshusers" exists
|
||||
ansible.builtin.group:
|
||||
name: sshusers
|
||||
state: present
|
||||
|
||||
## Add the user to its own group, sshusers (for ssh access) and sudo (gain root access)
|
||||
- name: Create a new user with a password for Ansible
|
||||
user:
|
||||
name: ansible
|
||||
password: "{{ ansible_user_passwd_hash }}"
|
||||
|
||||
groups: ansible,sshusers,sudo
|
||||
append: yes
|
||||
|
||||
## Since password authentication in SSH will be disabled, we need to add an authorized key
|
||||
- name: Set authorized key taken from file
|
||||
ansible.posix.authorized_key:
|
||||
user: ansible
|
||||
state: present
|
||||
key: "{{ ansible_ssh_key }}"
|
||||
@@ -0,0 +1,3 @@
|
||||
---
|
||||
- name: Create and set up Ansible user and environment
|
||||
ansible.builtin.include_tasks: prepare_ansible_user.yaml
|
||||
@@ -0,0 +1,2 @@
|
||||
#!/bin/sh
|
||||
ansible-playbook -i inventory/deploy/hosts.yaml playbooks/deploy.yaml --private-key ~/.ssh/ansible_key
|
||||
Reference in New Issue
Block a user