playbook.yml (4259B)
1 --- 2 3 # Local tasks to generate ssh config 4 # Input/requires: './qemu-config.yml' 5 - hosts: local 6 vars: 7 qemu_config: "{{ lookup('file', 'qemu-config.yml') | from_yaml }}" 8 tasks: 9 - name: create ssh config 10 template: 11 src: 'templates/config.j2' 12 dest: '../ssh/config' 13 14 # remote tasks to set hostname, add users and keys 15 - hosts: qemu 16 tasks: 17 - name: include os specific vars 18 include_vars: '{{ item }}' 19 with_first_found: 20 - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' 21 - '{{ ansible_os_family }}.yml' 22 23 - name: remote user information message 24 debug: 25 msg: 'Running tasks on remote host as user "{{ ansible_user }}"' 26 27 - name: set hostname 28 command: 'hostnamectl set-hostname {{ inventory_hostname }}' 29 register: hostname_update 30 become: yes 31 32 - name: restart network to register hostname with dns server 33 service: 34 name: network 35 state: restarted 36 when: hostname_update.changed 37 ignore_errors: yes 38 become: yes 39 40 - name: restart NetworkManager to register hostname with dns server 41 service: 42 name: NetworkManager 43 state: restarted 44 when: hostname_update.changed 45 ignore_errors: yes 46 become: yes 47 48 - name: set ssh private key 49 copy: 50 src: '{{ ssh_identity_file }}' 51 dest: '{{ ansible_env.HOME }}/.ssh/id_rsa' 52 owner: '{{ ansible_user }}' 53 group: '{{ ansible_user }}' 54 mode: '0600' 55 56 - block: 57 - name: add additional users 58 user: 59 name: '{{ item.name }}' 60 shell: /bin/bash 61 groups: '{{ item.additional_groups }}' 62 append: yes 63 loop: '{{ additional_users }}' 64 become: yes 65 66 - name: generate additional users ssh keys 67 user: 68 name: '{{ item.name }}' 69 generate_ssh_key: '{{ item.generate_ssh_key }}' 70 loop: '{{ additional_users }}' 71 when: item.generate_ssh_key | default(false, true) and not item.ssh_key | default(false, true) 72 become: yes 73 74 - name: ensure ssh directory for additional users exists 75 file: 76 path: '/home/{{ item.name }}/.ssh' 77 state: directory 78 mode: '0700' 79 loop: '{{ additional_users }}' 80 become: yes 81 82 - name: set additional users ssh keys from existing key 83 copy: 84 src: '{{ item.ssh_key }}' 85 dest: '/home/{{ item.name }}/.ssh/id_rsa' 86 owner: '{{ item.name }}' 87 group: '{{ item.name }}' 88 mode: '0600' 89 loop: '{{ additional_users }}' 90 when: item.ssh_key | default(false, true) and not item.generate_ssh_key | default(false, true) 91 become: yes 92 93 - name: set authorized key for user 94 authorized_key: 95 user: '{{ item.name }}' 96 state: present 97 key: '{{ lookup("file", item.authorized_key) }}' 98 loop: '{{ additional_users }}' 99 when: item.authorized_key | default(false, true) 100 become: yes 101 102 - name: fix ssh user dir permissions 103 ansible.builtin.file: 104 path: '/home/{{ item.name }}/.ssh' 105 state: directory 106 recurse: yes 107 owner: '{{ item.name }}' 108 group: '{{ item.name }}' 109 loop: '{{ additional_users }}' 110 become: yes 111 when: additional_users | default(false, true) 112 # endblock add additional users 113 114 - name: set passwordless login 115 lineinfile: 116 path: /etc/sudoers 117 state: present 118 regexp: '^%{{ sudo_group }}' 119 line: '%{{ sudo_group }} ALL=(ALL) NOPASSWD: ALL' 120 validate: 'visudo -cf %s' 121 when: ssh_passwordless_login | default(false, true) 122 become: yes 123 124 - block: 125 - name: disable ipv4 localhost resolver 126 replace: 127 path: '{{ item.file }}' 128 regexp: '^127\.0\.0\.1 {{ item.fqdn }}(.*)$' 129 replace: '#127.0.0.1 {{ item.fqdn }}\1' 130 loop: '{{ host_files }}' 131 132 - name: disable ipv6 localhost resolver 133 replace: 134 path: '{{ item.file }}' 135 regexp: '^::1 {{ item.fqdn }}(.*)$' 136 replace: '#::1 {{ item.fqdn }}\1' 137 loop: '{{ host_files }}' 138 when: cloud_init_disable_localhost_resolver