Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- - linode:
- api_key: 'longStringFromLinodeApi'
- name: linode-test1
- plan: 1
- datacenter: 2
- distribution: 99
- password: 'superSecureRootPassword'
- private_ip: yes
- ssh_pub_key: 'ssh-rsa qwerty'
- swap: 768
- wait: yes
- wait_timeout: 600
- state: present
- register: linode_node
- - include: bootstrap.yml
- when: linode_node.changed
- name: base | local ansible user | create user
- user:
- name: "{{ local_ansible_user }}"
- group: "{{ local_ansible_group }}"
- home: "/home/{{ local_ansible_user }}"
- state: present
- generate_ssh_key: "{{ local_ansible_generate_key }}"
- ssh_key_bits: 4096
- ssh_key_type: rsa
- tags:
- - ansible
- - local_user
- - name: base | local ansible user | provision authorised keys
- authorized_key:
- user: "{{ local_ansible_user }}"
- state: present
- key: "{{ item }}"
- with_items: "{{ local_ansible_authorised_keys }}"
- tags:
- - ansible
- - authorised_keys
- - name: openssh | server | create configuration
- template:
- src: sshd_config.j2
- dest: /etc/ssh/sshd_config
- owner: root
- group: root
- mode: "0640"
- validate: "/usr/sbin/sshd -tf %s"
- notify:
- - openssh | server | restart
- tags:
- - ssh
- - openssh
- [targets]
- other1.example.com ansible_connection=ssh ansible_ssh_user=root # new host
- other2.example.com ansible_connection=ssh ansible_ssh_user=user # bootstrapped host
- - hosts: all
- remote_user: root
- gather_facts: no
- tasks:
- - name: Check ansible user
- command: ssh -q -o BatchMode=yes -o ConnectTimeout=3 ansible@{{ inventory_hostname }} "echo OK"
- delegate_to: 127.0.0.1
- changed_when: false
- failed_when: false
- register: check_ansible_user
- - block:
- - name: Create Ansible user
- user:
- name: ansible
- comment: "Ansible user"
- password: $6$u3GdHI6FzXL01U9q$LENkJYHcA/NbnXAoJ1jzj.n3a7X6W35rj2TU1kSx4cDtgOEV9S6UboZ4BQ414UDjVvpaQhTt8sXVtkPvOuNt.0
- shell: /bin/bash
- - name: Add authorized key
- authorized_key:
- user: ansible
- key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- exclusive: yes
- - name: Allow sudo for ansible
- copy:
- content: ansible ALL=(ALL) ALL
- dest: /etc/sudoers.d/ansible
- mode: 0600
- when: check_ansible_user | failed
- - hosts: all
- remote_user: ansible
- become: yes
- roles:
- - ...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement