jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 08:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-13 23:00

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-13 23:00:23 +01:00
parent 48a37b3126
commit b5d29ac05d
5 changed files with 42 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/common/defaults/main.yml
View File

@@ -109,4 +109,17 @@ system_rc_local_shutdown_base_cmd: []
system_rc_local_shutdown_extra_cmd: []
system_rc_local_shutdown_cmd: "{{ system_rc_local_shutdown_base_cmd + system_rc_local_shutdown_extra_cmd }}"
# Optional : if system_ansible_ssh_keys is set (to a list of public SSH keys)
# it'll configure the keys for the ansible user. If not set, you have to configure it manually
# or with the ssh_users / ssh_extra_users
# system_ansible_ssh_keys: []
# if set, will add the following options to the ssh keys for ansible
system_ansible_ssh_keys_options:
- no-X11-forwarding
- no-agent-forwarding
- no-pty
# If set, will restrict the ansible ssh keys to the configured IP.
# An empty list means no restriction
system_ansible_src_ip: []
...

26
roles/common/tasks/ansible.yml Normal file
View File

@@ -0,0 +1,26 @@
---
- name: Deploy SSH keys for the ansible account
authorized_key:
user: ansible
key: "{{ system_ansible_ssh_keys | join(\"\n\") }}"
key_options: "{{ system_ansible_ssh_keys_options | join(',') }}"
exclusive: True
when:
- system_ansible_ssh_keys is defined
- system_ansible_ssh_keys | length > 0
- system_ansible_src_ip is not defined or system_ansible_src_ip | length < 1
tags: system
- name: Deploy SSH keys for the ansible account (with source IP restriction)
authorized_key:
user: ansible
key: "{{ system_ansible_ssh_keys | join(\"\n\") }}"
key_options: "from=\"{{ system_ansible_src_ip | join(',') }}\",{{ system_ansible_ssh_keys_options | join(',') }}"
exclusive: True
when:
- system_ansible_ssh_keys is defined
- system_ansible_ssh_keys | length > 0
- system_ansible_src_ip is defined
- system_ansible_src_ip | length > 0
tags: system

1
roles/common/tasks/main.yml
View File

@@ -17,6 +17,7 @@
- ansible_os_family == 'RedHat'
- include_tasks: mail.yml
- include_tasks: system.yml
- include_tasks: ansible.yml
- include_tasks: hardware.yml
when: ansible_virtualization_role == 'host'
- include_tasks: guest.yml