--- - import_playbook: playbook_ssh_known_host.yml - name: Configure jumpbox hosts: - all gather_facts: yes vars_files: - vars/jumpbox.yml tasks: - name: Install useful packages package: name: "{{ packages }}" state: present become: true become_method: sudo - name: Install pip useful packages pip: name: "{{ pip_packages }}" executable: "{{ pip_exe | default(omit, true) }}" state: present extra_args: "{{ pip_args }}" - name: Update ssh config block: - name: Modify sshd config lineinfile: path: /etc/ssh/sshd_config regexp: '^MaxStartups.*' line: MaxStartups 100:30:100 - name: Modify ssh config lineinfile: path: /etc/ssh/ssh_config regexp: '^ServerAliveInterval.*' line: ServerAliveInterval 60 - name: Restart service ssh service: name: sshd state: restarted become: true become_method: sudo - name: Determine existing users shell: 'cut -d: -f1 /etc/passwd | grep d*-local' register: existing_users failed_when: false - name: Create username list set_fact: new_usernames: "{{ new_usernames | default([]) }} + ['{{item.username}}']" loop: "{{ users }}" - name: Update users block: - name: Delete removed users user: name: "{{ item }}" remove: true force: true state: absent loop: "{{ existing_users.stdout_lines | default([]) }}" when: item not in new_usernames - name: Create local user accounts user: name: "{{ item.username }}" password: "{{ item.passwd | password_hash('sha512') }}" loop: "{{ users }}" - name: Add authorized keys authorized_key: user: "{{ item.username }}" key: "{{ item.pubkey }}" loop: "{{ users }}" - name: Ensure sudoers.d exist file: path: "/etc/sudoers.d/" state: directory owner: root group: root - name: Create user sudoers files template: src: sudoers.j2 dest: "/etc/sudoers.d/99-users" owner: root group: root mode: '0640' become: true become_method: sudo no_log: True ...