Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 197362151f | |||
| 45d134003f | |||
| 6a7952e571 | |||
| 72f30a3400 | |||
| f0b33a8b57 |
+1
-1
@@ -1,3 +1,3 @@
|
|||||||
# ---> Ansible
|
# ---> Ansible
|
||||||
*.retry
|
*.retry
|
||||||
|
data/secret/
|
||||||
@@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
# Password for Ansible user
|
||||||
|
ansible_become_password: p@a$$word
|
||||||
|
# SSH key for Ansible user
|
||||||
|
ansible_ssh_key: $$h_key
|
||||||
|
# Password for the default unprivileged user
|
||||||
|
user_password: p@a$$word
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
66633664323430633839313237323961383861313238613533373836343632623630373236363931
|
||||||
|
3938336530333965623137333061383430306630333936340a393334613631346536666435303536
|
||||||
|
63623437393938303032333431386433383532313663303164633639383966666331666639316161
|
||||||
|
3934336133623933660a343636303735333838326536636534356234363333393533633534333065
|
||||||
|
32363862336233363932376233623935616230613761663564623830623436626166646164366630
|
||||||
|
65316266313538643762333438653938613362666266633834323236383062653466373935656666
|
||||||
|
61363239386535316136346539653964646533653566616430373764633763646665616135323137
|
||||||
|
33333064323464643837343139363638313266353136636637646132376232653962383662643365
|
||||||
|
64373364393165303562653131663061316266333737643561613936353036346239646666646132
|
||||||
|
38656334303861623966626233366336303264366439666231353465663361613835643030333736
|
||||||
|
62366265393339333832386537353635323838323062333163323364643964323838396332636133
|
||||||
|
32373136646265613962313636343738363430646130653339626434623362326662323839393366
|
||||||
|
32366634623631366362343231316664356539306664313235626461326463376166356435663065
|
||||||
|
63323863376236623030656466383562366366316662306332383036633335636138633038323830
|
||||||
|
34383162373966663666303130623364666535353738656433636463396534653735393362303633
|
||||||
|
38306132396533356262353837366532316631643864313033353564626663366166316431303735
|
||||||
|
33623965613337613838396165373363363331636132336466633236646331636239393766323662
|
||||||
|
37376332343534346438366566623930663737663566373965313934333337373630663738613163
|
||||||
|
31383937343534356537326636386133646466303235303966313363623530346535383531643164
|
||||||
|
66353839383966336331
|
||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
physical:
|
||||||
|
hosts:
|
||||||
|
192.168.0.5:
|
||||||
|
ansible_become_password: "{{ ansible_become_password }}"
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
|
||||||
@@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
- name: Basic Proxmox guest deployment
|
||||||
|
hosts: all
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- ../roles/0_basic_postinstall
|
||||||
|
vars_files:
|
||||||
|
../data/secret/secrets.yaml
|
||||||
|
vars:
|
||||||
|
ansible_user_passwd_hash: "{{ ansible_become_password | password_hash('sha512', 's3edscrj45e6r') }}"
|
||||||
|
user_passwd_hash: "{{ user_password | password_hash('sha512', 's3ed6123jhgcr') }}"
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: restart sshd
|
||||||
|
service:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
- name: Create and set up Ansible user and environment
|
||||||
|
ansible.builtin.include_tasks: prepare_ansible_user.yaml
|
||||||
@@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
## Installing packages
|
||||||
|
- name: Install sudo on apt systems
|
||||||
|
when: (ansible_facts['distribution'] == "Debian") or
|
||||||
|
(ansible_facts['distribution'] == "Ubuntu")
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- sudo
|
||||||
|
update-cache: yes
|
||||||
|
|
||||||
|
- name: Update Alpine packages
|
||||||
|
when: (ansible_facts['distribution'] == "Alpine")
|
||||||
|
command: /sbin/apk update
|
||||||
|
|
||||||
|
- name: Install sudo package on Alpine
|
||||||
|
when: (ansible_facts['distribution'] == "Alpine")
|
||||||
|
command: /sbin/apk add sudo
|
||||||
|
|
||||||
|
|
||||||
|
## Creating and setting up the ansible user
|
||||||
|
## First, create sshusers group to grant ssh access
|
||||||
|
- name: Ensure group "sshusers" exists
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: sshusers
|
||||||
|
state: present
|
||||||
|
|
||||||
|
## Add the user to sshusers (for ssh access) and sudo (gain root access)
|
||||||
|
- name: Create a new user with a password for Ansible
|
||||||
|
user:
|
||||||
|
name: ansible
|
||||||
|
password: "{{ ansible_user_passwd_hash }}"
|
||||||
|
|
||||||
|
groups: sshusers,sudo
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
## Since password authentication in SSH will be disabled, we need to add an authorized key
|
||||||
|
- name: Set authorized key taken from file
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: ansible
|
||||||
|
state: present
|
||||||
|
key: "{{ ansible_ssh_key }}"
|
||||||
Executable
+4
@@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
ansible-playbook -i inventory/deploy/hosts.yaml playbooks/deploy.yaml \
|
||||||
|
--private-key data/secret/ansible_key \
|
||||||
|
--vault-password-file data/secret/.vault_pass
|
||||||
Reference in New Issue
Block a user