commit 609bcd4bea004797ca3b6ef719cfe4dc403b9d39
parent 48f14d7a8120b08646ecec9e8459075a0af2009b
Author: Andreas Gruhler <andreas.gruhler@adfinis-sygroup.ch>
Date: Thu, 22 Aug 2019 22:10:10 +0200
become
Diffstat:
2 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/ansible/defaults/all.yml b/ansible/defaults/all.yml
@@ -24,6 +24,6 @@ ssh_passwordless_login: no
# generate_ssh_key: yes
# # mutually exclusive with generate_ssh_key above
# # lets you reuse an existing ssh key
-# #ssh_key: '../ssh/id_rsa'
+# #ssh_key: '{{ ssh_identity_file }}'
# # adds this key as authorized key
# sauthorized_key: '~/.ssh/id_rsa.pub'
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -1,12 +1,11 @@
---
-# local task that generates an ssh onfig to connect to VMs
+# local tasks to generate ssh config
# - input/requires: './qemu-config.yml'
- hosts: local
vars:
qemu_config: "{{ lookup('file', 'qemu-config.yml') | from_yaml }}"
tasks:
-
- name: get ips for invenotry hostnames
include_tasks: 'get-ips.yml'
loop_control:
@@ -23,24 +22,37 @@
src: 'templates/config.j2'
dest: '../ssh/config'
+# remote tasks to set hostname, add users and keys
- hosts: qemu
tasks:
+ - name: include os specific vars
+ include_vars: '{{ item }}'
+ with_first_found:
+ - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml'
+ - '{{ ansible_os_family }}.yml'
+
+ - name: remote user information message
+ debug:
+ msg: 'Running tasks on remote host as user "{{ ansible_user }}"'
+
- name: set hostname
command: 'hostnamectl set-hostname {{ inventory_hostname }}'
register: hostname_update
+ become: yes
- name: restart network to register hostname with dns server
service:
name: network
state: restarted
when: hostname_update.changed
+ become: yes
- name: set ssh private key
copy:
src: '{{ ssh_identity_file }}'
dest: '{{ ansible_env.HOME }}/.ssh/id_rsa'
- owner: '{{ ssh_user }}'
- group: '{{ ssh_user }}'
+ owner: '{{ ansible_user }}'
+ group: '{{ ansible_user }}'
mode: '0600'
- name: add additional users
@@ -50,6 +62,7 @@
groups: '{{ item.additional_groups }}'
append: yes
loop: '{{ additional_users }}'
+ become: yes
- name: generate additional users ssh keys
user:
@@ -57,6 +70,7 @@
generate_ssh_key: '{{ item.generate_ssh_key }}'
loop: '{{ additional_users }}'
when: item.generate_ssh_key | default(false, true) and not item.ssh_key | default(false, true)
+ become: yes
- name: ensure ssh directory for additional users exists
file:
@@ -64,16 +78,18 @@
state: directory
mode: '0700'
loop: '{{ additional_users }}'
+ become: yes
- name: set additional users ssh keys from existing key
copy:
- src: '{{ ssh_identity_file }}'
+ src: '{{ item.ssh_key }}'
dest: '/home/{{ item.name }}/.ssh/id_rsa'
owner: '{{ item.name }}'
group: '{{ item.name }}'
mode: '0600'
loop: '{{ additional_users }}'
when: item.ssh_key | default(false, true) and not item.generate_ssh_key | default(false, true)
+ become: yes
- name: set authorized key for user
authorized_key:
@@ -82,6 +98,7 @@
key: '{{ lookup("file", item.authorized_key) }}'
loop: '{{ additional_users }}'
when: item.authorized_key | default(false, true)
+ become: yes
- name: set passwordless login
lineinfile:
@@ -91,4 +108,4 @@
line: '%{{ sudo_group }} ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
when: ssh_passwordless_login
- become: yes
+ become: yes
+\ No newline at end of file
