askadm
/
ansible.infra.services
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Repos with recipes to deploy some infrastructure services
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
3 Revīzijas
1 Atzars
145 KiB
 
 
Koks: 82b5f34d84
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '82b5f34d84'
${ noResults }
ansible.infra.services/playbook_jumpbox.yml

97 rindas
2.5 KiB
Neapstrādāts Vainot Vēsture 

  1. ---

  2. - import_playbook: playbook_ssh_known_host.yml

  3. - name: Configure jumpbox

  4.   hosts:

  5.     - all

  6.   gather_facts: yes

  7.   vars_files:

  8.     - vars/jumpbox.yml

  9.   tasks:

  10.     - name: Install useful packages

  11.       package:

  12.         name: "{{ packages }}"

  13.         state: present

  14.       become: true

  15.       become_method: sudo

  16. 

  17.     - name: Install pip useful packages

  18.       pip:

  19.         name: "{{ pip_packages }}"

  20.         executable: "{{ pip_exe | default(omit, true) }}"

  21.         state: present

  22.         extra_args: "{{ pip_args }}"

  23. 

  24.     - name: Update ssh config

  25.       block:

  26.         - name: Modify sshd config

  27.           lineinfile: 

  28.             path: /etc/ssh/sshd_config

  29.             regexp: '^MaxStartups.*'

  30.             line: MaxStartups 100:30:100

  31. 

  32.         - name: Modify ssh config

  33.           lineinfile: 

  34.             path: /etc/ssh/ssh_config

  35.             regexp: '^ServerAliveInterval.*'

  36.             line: ServerAliveInterval 60

  37. 

  38.         - name: Restart service ssh

  39.           service:

  40.             name: sshd

  41.             state: restarted

  42.       become: true

  43.       become_method: sudo

  44. 

  45.     - name: Determine existing users

  46.       shell: 'cut -d: -f1 /etc/passwd | grep d*-local'

  47.       register: existing_users

  48.       failed_when: false

  49.     

  50.     - name: Create username list

  51.       set_fact:

  52.         new_usernames: "{{ new_usernames | default([]) }} + ['{{item.username}}']"

  53.       loop: "{{ users }}"

  54. 

  55.     - name: Update users

  56.       block:

  57.         - name: Delete removed users

  58.           user:

  59.             name: "{{ item }}"

  60.             remove: true

  61.             force: true

  62.             state: absent

  63.           loop: "{{ existing_users.stdout_lines | default([]) }}"

  64.           when: item not in new_usernames

  65. 

  66.         - name: Create local user accounts

  67.           user:

  68.             name: "{{ item.username }}"

  69.             password: "{{ item.passwd | password_hash('sha512') }}"

  70.           loop: "{{ users }}"

  71.           

  72.         - name: Add authorized keys

  73.           authorized_key:

  74.             user: "{{ item.username }}"

  75.             key: "{{ item.pubkey }}"

  76.           loop: "{{ users }}"

  77. 

  78.         - name: Ensure sudoers.d exist

  79.           file:

  80.             path: "/etc/sudoers.d/"

  81.             state: directory

  82.             owner: root

  83.             group: root

  84. 

  85.         - name: Create user sudoers files

  86.           template:

  87.             src: sudoers.j2

  88.             dest: "/etc/sudoers.d/99-users"

  89.             owner: root

  90.             group: root

  91.             mode: '0640'

  92. 

  93.       become: true

  94.       become_method: sudo

  95.       no_log: True

  96. ...