forked from ISTI-ansible-roles/ansible-roles
Merge branch 'master' of gitorious.research-infrastructures.eu:infrastructure-management/ansible-playbooks
This commit is contained in:
commit
3f0205cf34
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
dependencies:
|
||||
- ../../library/roles/tomcat-multiple-instances
|
||||
- ../../library/roles/nginx
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
ipa_server_install: False
|
||||
ipa_server_use_dns: True
|
||||
|
||||
ipa_server_domain: example.org
|
||||
ipa_server_realm: '{{ ipa_server_domain | upper }}'
|
||||
|
||||
ipa_server_packages:
|
||||
- ipa-server
|
||||
|
||||
ipa_server_dns_packages:
|
||||
- ipa-server-dns
|
||||
|
||||
ipa_installation_options: '--external-cert-file=/etc/pki/ipa/{{ ipa_letsencrypt_ca_filename }} --external-cert-file={{ letsencrypt_acme_certs_dir }}/fullchain --external-cert=file={{ letsencrypt_acme_certs_dir }}/privkey -r {{ ipa_server_realm }} -n {{ ipa_server_domain }} -a {{ ipa_admin_password }} -p {{ ipa_manager_password }} --hostname={{ ansible_fqdn }} -U --setup-dns --no-forwarders --no-reverse --zonemgr=s2i2s-master@isti.cnr.it'
|
||||
|
||||
ipa_ssl_letsencrypt_managed: True
|
||||
ipa_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
|
@ -0,0 +1,47 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
||||
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
||||
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
||||
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
||||
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
||||
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
||||
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
||||
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
||||
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
||||
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
||||
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
||||
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
||||
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
||||
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
||||
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
||||
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
||||
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
||||
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
||||
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
||||
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
|
||||
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
|
||||
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
|
||||
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
|
||||
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
|
||||
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
|
||||
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
|
||||
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
|
||||
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
|
||||
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
|
||||
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
|
||||
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
|
||||
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
|
||||
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
|
||||
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
- block:
|
||||
# - name: Create the acme hooks directory if it does not yet exist
|
||||
# file: dest={{ letsencrypt_acme_services_scripts_dir }} state=directory owner=root group=root
|
||||
|
||||
# - name: Install a script that fix the letsencrypt certificate for ipa and then reload the service
|
||||
# template: src=ipa-letsencrypt-acmetool.sh dest={{ letsencrypt_acme_services_scripts_dir }}/ipa owner=root group=root mode=4555
|
||||
|
||||
- name: Create the ipa certificate directory
|
||||
file: dest=/etc/pki/ipa state=directory owner=root group=root mode=0750
|
||||
|
||||
- name: Install the Letsencrypt CA file with both the root and the trusted CAs
|
||||
copy: src={{ ipa_letsencrypt_ca_filename }} dest=/etc/pki/ipa/{{ ipa_letsencrypt_ca_filename }} mode=0444
|
||||
|
||||
when:
|
||||
- ipa_ssl_letsencrypt_managed
|
||||
- letsencrypt_acme_install
|
||||
tags: [ 'ipa', 'letsencrypt', 'ipa_letsencrypt' ]
|
||||
|
||||
- block:
|
||||
- name: Install the FreeIPA server packages
|
||||
yum: pkg={{ ipa_server_packages }} state=present
|
||||
|
||||
- name: Install the FreeIPA DNS server packages
|
||||
yum: pkg={{ ipa_server_dns_packages }} state=present
|
||||
|
||||
when:
|
||||
- ipa_server_install
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
tags: [ 'ipa' ]
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
motd_setup: True
|
||||
|
||||
motd_additional_text: "\nThis host runs services\n"
|
||||
|
||||
deb_motd_packages:
|
||||
- update-notifier-common
|
||||
- landscape-common
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- block:
|
||||
- name: Install the packages that manage the dynamic motd file on debian based distributions
|
||||
apt: pkg={{ deb_motd_packages }} state=present update_cache=yes cache_valid_time=3600
|
||||
register: motd_pkgs
|
||||
|
||||
- name: Install our motd template file on debian based distributions
|
||||
template: src=motd.j2 dest=/etc/static-motd owner=root group=root mode=0644
|
||||
|
||||
- name: Install the dynamic merge script of the motd file on debian based distributions
|
||||
template: src=update_motd.j2 dest=/etc/update-motd.d/05-motd-message owner=root group=root mode=0755
|
||||
|
||||
- name: Initialise the motd prompt on debian based distributions
|
||||
command: run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic
|
||||
when: motd_pkgs is changed
|
||||
|
||||
tags: motd
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- import_tasks: deb_motd.yml
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- import_tasks: rh_motd.yml
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
|
@ -0,0 +1,6 @@
|
|||
- block:
|
||||
- name: Install our motd template file on RH/CentOS based distributions
|
||||
template: src=motd.j2 dest=/etc/motd owner=root group=root mode=0644
|
||||
|
||||
tags: motd
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
{{ motd_additional_text }}
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
cat /etc/static-motd
|
||||
|
||||
exit 0
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
additional_data_directories:
|
||||
- { name: '{{ d4science_user_home }}', perms: 0755, create: False, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rX' }
|
||||
- { name: '{{ d4science_user_home }}/tomcat/lib/logback.xml', perms: 0644, create: False, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' }
|
||||
- { name: '/etc/default/tomcat-instance-{{ smartgears_http_port }}', perms: 0644, create: False, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rX' }
|
||||
- { name: '/etc/default/tomcat-instance-{{ smartgears_http_port }}.local', perms: 0644, create: False, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rX' }
|
||||
- { name: '/var/log', create: False, perms: 0755, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rX' }
|
|
@ -21,10 +21,24 @@
|
|||
file: path={{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }} state=absent
|
||||
notify: Restart smartgears
|
||||
when: uri_resolver_download is changed
|
||||
|
||||
- name: Copy the uri-resolver war file into the webapps directory
|
||||
copy: src={{ smartgears_downloads_dir }}/{{ uri_resolver_file }} dest={{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }}.{{ uri_resolver_extension }} remote_src=yes force=yes
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Create the uri-resolver webapp directory
|
||||
file: dest={{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }} state=directory
|
||||
when: uri_resolver_download
|
||||
|
||||
- name: Unarchive the uri_resolver war file
|
||||
unarchive: copy=no src={{ smartgears_downloads_dir }}/{{ uri_resolver_file }} dest={{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }}
|
||||
args:
|
||||
creates: '{{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }}/WEB-INF/web.xml'
|
||||
notify: Restart smartgears
|
||||
|
||||
- name: Install the uri_resolver web.xml template
|
||||
template: src=uri-resolver-web.xml.j2 dest={{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }}/WEB-INF/web.xml mode=0440
|
||||
notify: Restart smartgears
|
||||
|
||||
# - name: Copy the uri-resolver war file into the webapps directory
|
||||
# copy: src={{ smartgears_downloads_dir }}/{{ uri_resolver_file }} dest={{ smartgears_instance_path }}/webapps/{{ uri_resolver_name }}.{{ uri_resolver_extension }} remote_src=yes force=yes
|
||||
# notify: Restart smartgears
|
||||
|
||||
become: True
|
||||
become_user: '{{ d4science_user }}'
|
||||
|
|
|
@ -132,10 +132,14 @@ additional_ca_dest_dir: /usr/local/share/ca-certificates
|
|||
# - { file: "local-ca.crt", dest_file: '{{ additional_ca_dest_dir }}/infn-ca.crt' }
|
||||
|
||||
#
|
||||
default_security_limits:
|
||||
root_security_limits:
|
||||
- { domain: 'root', l_item: 'nofile', type: 'soft', value: '8192' }
|
||||
- { domain: 'root', l_item: 'nofile', type: 'hard', value: '8192' }
|
||||
|
||||
users_security_limits: []
|
||||
|
||||
default_security_limits: '{{ root_security_limits }}'
|
||||
|
||||
# default_rsyslog_custom_rules:
|
||||
# - ':msg, contains, "icmp6_send: no reply to icmp error" ~'
|
||||
# - ':msg, contains, "[PYTHON] Can\'t call the metric handler function for" ~'
|
||||
|
|
|
@ -5,6 +5,7 @@ dependencies:
|
|||
- role: '../../library/roles/deb-set-hostname'
|
||||
- role: '../../library/roles/deb-set-locale'
|
||||
- role: '../../library/roles/timezone'
|
||||
- role: '../../library/roles/motd'
|
||||
- role: '../../library/roles/linux-kernel-sysctl'
|
||||
- role: '../../library/roles/sshd_config'
|
||||
- role: '../../library/roles/fail2ban'
|
||||
|
|
|
@ -3,8 +3,13 @@
|
|||
lineinfile: dest=/etc/pam.d/su line="session required pam_limits.so" insertafter="^#\ \(Replaces\ the\ use\ of\ /etc/limits.*$"
|
||||
tags: [ 'su', 'pam_limits']
|
||||
|
||||
- name: Change the default security limits
|
||||
pam_limits: domain={{ item.domain }} limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
|
||||
with_items: '{{ default_security_limits }}'
|
||||
- name: Change the root user security limits
|
||||
pam_limits: domain=root limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
|
||||
with_items: '{{ root_security_limits }}'
|
||||
tags: [ 'su', 'pam_limits']
|
||||
|
||||
- name: Change other users security limits
|
||||
pam_limits: domain={{ item.domain }} limit_type={{ item.type }} limit_item={{ item.l_item }} value={{ item.value }}
|
||||
with_items: '{{ users_security_limits }}'
|
||||
tags: [ 'su', 'pam_limits']
|
||||
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
service_sudoers_group: adminsu
|
||||
|
||||
common_users_group: service_g
|
||||
# Define the following if you want some directories readable and writable by the common group but outside the default app data dirs
|
||||
#additional_data_directories:
|
||||
# - { name: '/data/1', perms: 0755, create: True, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' }
|
||||
# - { name: '/data/2', create: False, perms: 0755, owner: 'root', group: '{{ common_users_group }}', aclperms: 'rwX' }
|
||||
# - { name: '/data/bah', create: False, perms: 0644, aclperms: 'rw' }
|
||||
|
||||
# Define the following array when you want to add commands to the sudoers file
|
||||
#service_sudo_commands:
|
||||
# - /etc/init.d/virtuoso-opensource-7
|
||||
# - /sbin/reboot
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- '../../library/roles/users'
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- block:
|
||||
- name: Create the common group used to setup acls
|
||||
group: name={{ common_users_group }} state=present system=yes
|
||||
when: additional_data_directories is defined
|
||||
|
||||
- name: Add selected users to the commong group
|
||||
user: name={{ item.login }} groups={{ common_users_group }} append=yes
|
||||
with_items: '{{ users_system_users | default([]) }}'
|
||||
when: additional_data_directories is defined
|
||||
|
||||
- name: Create the users additional data dirs
|
||||
file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }}
|
||||
with_items: '{{ additional_data_directories | default([]) }}'
|
||||
when: item.create and not item.file
|
||||
|
||||
- name: Set the read/write/access permissions on the users additional data dirs
|
||||
acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present recursive=yes
|
||||
with_items: '{{ additional_data_directories | default([]) }}'
|
||||
|
||||
- name: Set the default read/write/access permissions on the users additional data dirs
|
||||
acl: name={{ item.name }} entity={{ common_users_group }} etype=group permissions={{ item.aclperms | default('rwX') }} state=present default=yes recursive=yes
|
||||
with_items: '{{ additional_data_directories | default([]) }}'
|
||||
|
||||
tags: [ 'users', 'users_acl' ]
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- import_tasks: sudoers-groups.yml
|
||||
- import_tasks: sudo-config.yml
|
||||
- import_tasks: common-users-data-dirs.yml
|
||||
when: additional_data_directories is defined
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Install the sudoers config that allows users to execute some privileged commands
|
||||
template: src=service-sudoers.j2 dest=/etc/sudoers.d/service-group owner=root group=root mode=0440
|
||||
when: service_sudo_commands is defined
|
||||
tags: [ 'service', 'sudo', 'users' ]
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- block:
|
||||
- name: Add the additional service groups
|
||||
group: name={{ item }} state=present
|
||||
with_items:
|
||||
- '{{ service_sudoers_group }}'
|
||||
|
||||
- name: Add selected users to the limited sudoers group
|
||||
user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
|
||||
with_items: '{{ users_system_users | default([]) }}'
|
||||
when: item.limited_sudoers_user
|
||||
|
||||
- name: Remove selected users to the limited sudoers group
|
||||
user: name={{ item.login }} groups={{ service_sudoers_group }} append=yes
|
||||
with_items: '{{ users_system_users | default([]) }}'
|
||||
when: not item.limited_sudoers_user
|
||||
|
||||
tags: [ 'services', 'users' ]
|
|
@ -0,0 +1,2 @@
|
|||
%{{ service_sudoers_group }} ALL=(ALL) NOPASSWD: {% for cmd in service_sudo_commands %}{{ cmd }}{% if not loop.last %}, {% endif %}{% endfor %}
|
||||
|
|
@ -5,7 +5,9 @@
|
|||
# Users can have sudo privileges if the 'admin' property is 'true'
|
||||
# admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true'
|
||||
|
||||
users_sudoers_group: sudo
|
||||
deb_users_sudoers_group: sudo
|
||||
rh_users_sudoers_group: wheel
|
||||
users_sudoers_group: '{{ deb_users_sudoers_group }}'
|
||||
users_sudoers_create_group: False
|
||||
users_sudoers_create_sudo_conf: False
|
||||
users_home_dir: /home
|
||||
|
|
|
@ -22,10 +22,37 @@
|
|||
with_items: '{{ users_system_users | default([]) }}'
|
||||
when: item.ssh_key is defined
|
||||
|
||||
- name: Add the admin users to the sudoers group
|
||||
user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes
|
||||
- name: Add the admin users to the sudoers group on debian based systems
|
||||
user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes
|
||||
with_items: '{{ users_system_users | default([]) }}'
|
||||
when: item.admin
|
||||
when:
|
||||
- item.admin
|
||||
- ansible_distribution_file_variety == "Debian"
|
||||
|
||||
- name: Permit sudo without password
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%{{ deb_users_sudoers_group }}\s'
|
||||
line: '%{{ deb_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL'
|
||||
when: ansible_distribution_file_variety == "Debian"
|
||||
tags: [ 'users', 'sudo_wheel' ]
|
||||
|
||||
- name: Add the admin users to the sudoers group on rh/centos systems
|
||||
user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes
|
||||
with_items: '{{ users_system_users | default([]) }}'
|
||||
when:
|
||||
- item.admin
|
||||
- ansible_distribution_file_variety == "RedHat"
|
||||
|
||||
- name: Permit sudo without password
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%{{ rh_users_sudoers_group }}\s'
|
||||
line: '%{{ rh_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL'
|
||||
when: ansible_distribution_file_variety == "RedHat"
|
||||
tags: [ 'users', 'sudo_wheel' ]
|
||||
|
||||
- name: ensure that the users can login with their ssh keys as root if we want ensure direct access
|
||||
authorized_key: user=root key="{{ item.ssh_key }}" state=present
|
||||
|
|
Loading…
Reference in New Issue