---- name: Setup non-root User gather_facts: no hosts: undercloud any_err

1. ---
2. - name: Setup non-root User
3. gather_facts: no
4. hosts: undercloud
5. any_errors_fatal: true
6. # Ensure root access for this
7. become: yes
8. become_user: root
9. vars:
10. local_undercloud_pubkey: "{{ inventory_dir }}/id_rsa_undercloud.pub"
11. default_privatekey: "~/.ssh/id_rsa"
12. default_pubkey: "{{ default_privatekey }}.pub"
13.  
14. tasks:
15. - name: sudoers no tty
16. lineinfile:
17. dest: /etc/sudoers
18. state: absent
19. regexp: 'Defaults\s+requiretty'
20.  
21. - name: create default user
22. user:
23. name: "{{ install.user.name }}"
24. state: present
25. password: "{{ install.user.password | password_hash('sha512') }}"
26.  
27. - name: add user to sudoers
28. lineinfile:
29. dest: "/etc/sudoers"
30. line: "{{ install.user.name }} ALL=(root) NOPASSWD:ALL"
31.  
32. - name: create .ssh direcotry for non-root user
33. file:
34. path: "{{ default_privatekey | dirname }}"
35. state: directory
36. become_user: "{{ install.user.name }}"
37. become: yes
38.  
39. - block:
40. - name: inject local private key to undercloud
41. copy:
42. src: "{{ ansible_ssh_private_key_file }}"
43. dest: "{{ default_privatekey }}"
44. mode: 0600
45. force: yes
46. register: key_injection
47. become_user: "{{ install.user.name }}"
48. become: yes
49.  
50.  
51. - name: Retrieve public key from private key
52. shell: "ssh-keygen -y -f {{ default_privatekey }} > {{ default_pubkey }}"
53. become_user: "{{ install.user.name }}"
54. become: yes
55.  
56. - name: Retrieve public key from private key to localhost
57. fetch:
58. src: "{{ default_pubkey }}"
59. dest: "{{ local_undercloud_pubkey }}"
60. flat: yes
61. become_user: "{{ install.user.name }}"
62. become: yes
63.  
64. # - name: Retrieve public key from private key to localhost
65. # shell: "ssh-keygen -y -f {{ ansible_ssh_private_key_file }} > {{ local_undercloud_pubkey }}"
66. # delegate_to: localhost
67. # become: no
68.  
69. rescue:
70. - name: inject local SSH keys to undercloud
71. copy:
72. src: "{{ item }}"
73. dest: "{{ item }}"
74. mode: 0600
75. force: yes
76. with_items:
77. - "{{ default_privatekey }}"
78. - "{{ default_pubkey }}"
79. become_user: "{{ install.user.name }}"
80. become: yes
81.  
82. - set_fact:
83. src_publickey: "{{ (key_injection|success) | ternary(local_undercloud_pubkey, local_pubkey) }}"
84.  
85. - set_fact:
86. publickey: "{{ lookup('file', src_publickey) }}"
87.  
88. - name: set up authorized_keys for non root user
89. authorized_key:
90. user: "{{ install.user.name }}"
91. key: "{{ publickey }}"
92.  
93. - name: Update hosts user
94. add_host:
95. name: "{{ inventory_hostname }}"
96. ansible_ssh_user: "{{ install.user.name }}"
97.  
98. - name: update inventory file
99. hosts: localhost
100. gather_facts: no
101. tags: always
102. roles:
103. - role: inventory-update
104. inventory_file_name: 'hosts-install'