Bootstrap ansible user

2025-05-07 17:21:35 +02:00 · 2025-05-07 17:21:35 +02:00 · 7b4c04008d
parent 773256edec
commit 7b4c04008d
6 changed files with 54 additions and 0 deletions
--- a/ansible/bootstrap.yml
+++ b/ansible/bootstrap.yml
@ -0,0 +1,37 @@
+- hosts: all
+  become: yes
+  tasks:
+    - name: Add the ansible group
+      group:
+        name: ansible
+        gid: 1100
+        state: present
+
+  
+  
+    - name: Add the ansible user as a system user
+      user:
+        name: ansible
+        uid: 1100
+        group: ansible
+        # Directly generate hash 
+        # https://www.lisenet.com/2019/ansible-generate-crypted-passwords-for-the-user-module/
+        password: "{{ ansible_crypted_password | password_hash('sha512') }}"
+        shell: /bin/bash 
+        system: yes
+        home: /srv/ansible
+        state: present
+
+    - name: Set ansible user as sudoer
+      copy:
+        content: "ansible ALL = (ALL) NOPASSWD:ALL"
+        dest: /etc/sudoers.d/ansible
+        owner: root
+        group: root
+        mode: 0440
+
+    - name: Create the .ssh directory
+      file: path=/srv/ansible/.ssh owner=ansible group=ansible mode=0700 state=directory
+
+    - name: Add the mandatory ssh keys to the ansible user
+      template: src=library/templates/ansible_auth_keys.j2 dest=/srv/ansible/.ssh/authorized_keys owner=ansible group=ansible mode=0600
--- a/ansible/controller.yml
+++ b/ansible/controller.yml
@ -0,0 +1 @@
+controller.yml
--- a/ansible/inventories/main-lab/group_vars/all/all.yml
+++ b/ansible/inventories/main-lab/group_vars/all/all.yml
@ -0,0 +1 @@
+ansible_user: ansible
--- a/ansible/inventories/main-lab/group_vars/all/vault.yml
+++ b/ansible/inventories/main-lab/group_vars/all/vault.yml
@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+61393961306333653235623830613237633236393333343663613032653136373237316361643439
+3033653166663836363961663535396631653336653264330a643131393433376239633933613661
+34346235343936313434646533653261653334356239636431323338383538393964313666636233
+6235623436656430390a316639343438366436643935373162613135323034626339393539323433
+36363630643163666632306234386664323166373638353339663563333232663135383531336266
+3231326238326136323536383434383134313739643239623964
--- a/ansible/library/templates/ansible_auth_keys.j2
+++ b/ansible/library/templates/ansible_auth_keys.j2
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNhKFcJ6T08sn7kTTLf+rO9HEvgOvqfhv5HQ2sRf2tFYfjfCb0zHKnMkgW+sy5gMU10Lyx1r7juXCvqRC955uIM97m1B1Xc6sVqASVKuGPhCKfhxEaMAyBcWFdE+HYbCOPYVN+JMrcwWfbblwiZTtK1OCqaEUvDDI7cFeU68noXwggEp46T48eqMUdi541D9Y+BVx9HYAo6OCQz0+6eXwxJL+tpRcAAXIMMWv362CYHoOgIU45R7xVSMLY1k/HLrcEAblwxEaSpduCH5cWUXZE/56IyxpvP44BxZkVhNdqJLmg4hxBQWhoMNYiTZxbLay3W2TwBCM111cAtUx4M/jQ== fabio@pc-fabio
--- a/ansible/site.yaml
+++ b/ansible/site.yaml
@ -0,0 +1,7 @@
+---
+#- import_playbook: dbservers.yml
+
+- name: Basic check nodes
+  hosts: all
+  roles: 
+    - common
				`@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNhKFcJ6T08sn7kTTLf+rO9HEvgOvqfhv5HQ2sRf2tFYfjfCb0zHKnMkgW+sy5gMU10Lyx1r7juXCvqRC955uIM97m1B1Xc6sVqASVKuGPhCKfhxEaMAyBcWFdE+HYbCOPYVN+JMrcwWfbblwiZTtK1OCqaEUvDDI7cFeU68noXwggEp46T48eqMUdi541D9Y+BVx9HYAo6OCQz0+6eXwxJL+tpRcAAXIMMWv362CYHoOgIU45R7xVSMLY1k/HLrcEAblwxEaSpduCH5cWUXZE/56IyxpvP44BxZkVhNdqJLmg4hxBQWhoMNYiTZxbLay3W2TwBCM111cAtUx4M/jQ== fabio@pc-fabio`