API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 20th, 2017
87
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.37 KB | None | 0 0
raw download clone embed print report
  1. - linode:
  2. api_key: 'longStringFromLinodeApi'
  3. name: linode-test1
  4. plan: 1
  5. datacenter: 2
  6. distribution: 99
  7. password: 'superSecureRootPassword'
  8. private_ip: yes
  9. ssh_pub_key: 'ssh-rsa qwerty'
  10. swap: 768
  11. wait: yes
  12. wait_timeout: 600
  13. state: present
  14. register: linode_node
  15.  
  16. - include: bootstrap.yml
  17. when: linode_node.changed
  18.  
  19. name: base | local ansible user | create user
  20. user:
  21. name: "{{ local_ansible_user }}"
  22. group: "{{ local_ansible_group }}"
  23. home: "/home/{{ local_ansible_user }}"
  24. state: present
  25. generate_ssh_key: "{{ local_ansible_generate_key }}"
  26. ssh_key_bits: 4096
  27. ssh_key_type: rsa
  28. tags:
  29. - ansible
  30. - local_user
  31.  
  32. - name: base | local ansible user | provision authorised keys
  33. authorized_key:
  34. user: "{{ local_ansible_user }}"
  35. state: present
  36. key: "{{ item }}"
  37. with_items: "{{ local_ansible_authorised_keys }}"
  38. tags:
  39. - ansible
  40. - authorised_keys
  41.  
  42. - name: openssh | server | create configuration
  43. template:
  44. src: sshd_config.j2
  45. dest: /etc/ssh/sshd_config
  46. owner: root
  47. group: root
  48. mode: "0640"
  49. validate: "/usr/sbin/sshd -tf %s"
  50. notify:
  51. - openssh | server | restart
  52. tags:
  53. - ssh
  54. - openssh
  55.  
  56. [targets]
  57.  
  58. other1.example.com ansible_connection=ssh ansible_ssh_user=root # new host
  59. other2.example.com ansible_connection=ssh ansible_ssh_user=user # bootstrapped host
  60.  
  61. - hosts: all
  62. remote_user: root
  63. gather_facts: no
  64. tasks:
  65. - name: Check ansible user
  66. command: ssh -q -o BatchMode=yes -o ConnectTimeout=3 ansible@{{ inventory_hostname }} "echo OK"
  67. delegate_to: 127.0.0.1
  68. changed_when: false
  69. failed_when: false
  70. register: check_ansible_user
  71. - block:
  72. - name: Create Ansible user
  73. user:
  74. name: ansible
  75. comment: "Ansible user"
  76. password: $6$u3GdHI6FzXL01U9q$LENkJYHcA/NbnXAoJ1jzj.n3a7X6W35rj2TU1kSx4cDtgOEV9S6UboZ4BQ414UDjVvpaQhTt8sXVtkPvOuNt.0
  77. shell: /bin/bash
  78. - name: Add authorized key
  79. authorized_key:
  80. user: ansible
  81. key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
  82. exclusive: yes
  83. - name: Allow sudo for ansible
  84. copy:
  85. content: ansible ALL=(ALL) ALL
  86. dest: /etc/sudoers.d/ansible
  87. mode: 0600
  88. when: check_ansible_user | failed
  89.  
  90. - hosts: all
  91. remote_user: ansible
  92. become: yes
  93. roles:
  94. - ...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!