jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-04-23 21:53:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-13 23:00

Browse Source
This commit is contained in:
Daniel Berteaud 2021-12-13 23:00:23 +01:00
parent 48a37b3126
commit b5d29ac05d
5 changed files with 42 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
roles/common/defaults/main.yml
View File

@ -109,4 +109,17 @@ system_rc_local_shutdown_base_cmd: []
system_rc_local_shutdown_extra_cmd: [] system_rc_local_shutdown_extra_cmd: []
system_rc_local_shutdown_cmd: "{{ system_rc_local_shutdown_base_cmd + system_rc_local_shutdown_extra_cmd }}" system_rc_local_shutdown_cmd: "{{ system_rc_local_shutdown_base_cmd + system_rc_local_shutdown_extra_cmd }}"
# Optional : if system_ansible_ssh_keys is set (to a list of public SSH keys)
# it'll configure the keys for the ansible user. If not set, you have to configure it manually
# or with the ssh_users / ssh_extra_users
# system_ansible_ssh_keys: []
# if set, will add the following options to the ssh keys for ansible
system_ansible_ssh_keys_options:
- no-X11-forwarding
- no-agent-forwarding
- no-pty
# If set, will restrict the ansible ssh keys to the configured IP.
# An empty list means no restriction
system_ansible_src_ip: []
... ...

26
roles/common/tasks/ansible.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Deploy SSH keys for the ansible account
authorized_key:
user: ansible
key: "{{ system_ansible_ssh_keys | join(\"\n\") }}"
key_options: "{{ system_ansible_ssh_keys_options | join(',') }}"
exclusive: True
when:
- system_ansible_ssh_keys is defined
- system_ansible_ssh_keys | length > 0
- system_ansible_src_ip is not defined or system_ansible_src_ip | length < 1
tags: system
- name: Deploy SSH keys for the ansible account (with source IP restriction)
authorized_key:
user: ansible
key: "{{ system_ansible_ssh_keys | join(\"\n\") }}"
key_options: "from=\"{{ system_ansible_src_ip | join(',') }}\",{{ system_ansible_ssh_keys_options | join(',') }}"
exclusive: True
when:
- system_ansible_ssh_keys is defined
- system_ansible_ssh_keys | length > 0
- system_ansible_src_ip is defined
- system_ansible_src_ip | length > 0
tags: system

1
roles/common/tasks/main.yml
View File

@ -17,6 +17,7 @@
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
- include_tasks: mail.yml - include_tasks: mail.yml
- include_tasks: system.yml - include_tasks: system.yml
- include_tasks: ansible.yml
- include_tasks: hardware.yml - include_tasks: hardware.yml
when: ansible_virtualization_role == 'host' when: ansible_virtualization_role == 'host'
- include_tasks: guest.yml - include_tasks: guest.yml

1
roles/ssh/defaults/main.yml
View File

@ -34,6 +34,7 @@ sshd_password_auth: True
# #
# User configuration # User configuration
ssh_users: []
#ssh_users: #ssh_users:
# - name: dani # - name: dani
# create_user: False # create_user: False

3
roles/ssh/tasks/conf.yml
View File

@ -56,13 +56,12 @@
- name: Deploy ssh user keys - name: Deploy ssh user keys
authorized_key: authorized_key:
user: "{{ item.name }}" user: "{{ item.name }}"
key: "{{ item.ssh_keys| default([]) | join(\"\n\") }}" key: "{{ item.ssh_keys | default([]) | flatten | join(\"\n\") }}"
key_options: "{{ item.key_options | default([]) | join(',') }}" key_options: "{{ item.key_options | default([]) | join(',') }}"
path: "{{ item.keys_file | default('/etc/ssh/authorized_keys/' ~ item.name ~ '/authorized_keys') }}" path: "{{ item.keys_file | default('/etc/ssh/authorized_keys/' ~ item.name ~ '/authorized_keys') }}"
manage_dir: False manage_dir: False
exclusive: True exclusive: True
ignore_errors: True # Needed eg, if LDAP isn't available on first run ignore_errors: True # Needed eg, if LDAP isn't available on first run
#when: item.ssh_keys is defined
loop: "{{ ssh_users }}" loop: "{{ ssh_users }}"
tags: ssh tags: ssh