commit 48f14d7a8120b08646ecec9e8459075a0af2009b
parent 510d181754d2c0f4e3a4b19bea2f253ad775d632
Author: Andreas Gruhler <andreas.gruhler@adfinis-sygroup.ch>
Date: Thu, 22 Aug 2019 21:49:07 +0200
passwordless login
Diffstat:
5 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/Readme.md b/Readme.md
@@ -77,7 +77,10 @@ It is necessary to run ansible, because the IP address of the hosts cannot be re
Run the playbook:
```
-ansible-playbook playbook.yml -i inventory
+# build ssh config from qemu-config.yml
+ansible-playbook playbook.yml -i inventory -l local
+# set hostname, restart networking, modify users and keys
+ansible-playbook playbook.yml -i inventory -l qemu
```
## 5 Troubleshooting, Tips & Tricks
diff --git a/ansible/defaults/all.yml b/ansible/defaults/all.yml
@@ -12,6 +12,9 @@ ssh_identity_file: '../ssh/id_rsa'
ssh_proxy_jump: proxyhost
ssh_include_config: '~/.ssh/config'
+# allow sudo/wheel users to execute any command without password
+ssh_passwordless_login: no
+
# example of adding additional users
# additional_users:
# - name: user1
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -82,3 +82,13 @@
key: '{{ lookup("file", item.authorized_key) }}'
loop: '{{ additional_users }}'
when: item.authorized_key | default(false, true)
+
+ - name: set passwordless login
+ lineinfile:
+ path: /etc/sudoers
+ state: present
+ regexp: '^%{{ sudo_group }}'
+ line: '%{{ sudo_group }} ALL=(ALL) NOPASSWD: ALL'
+ validate: 'visudo -cf %s'
+ when: ssh_passwordless_login
+ become: yes
diff --git a/ansible/vars/Debian.yml b/ansible/vars/Debian.yml
@@ -0,0 +1,4 @@
+---
+
+# group of sudo users
+sudo_group: sudo
+\ No newline at end of file
diff --git a/ansible/vars/RedHat.yml b/ansible/vars/RedHat.yml
@@ -0,0 +1,4 @@
+---
+
+# group of sudo users
+sudo_group: wheel
+\ No newline at end of file
