stationgroup/ansible-experiments
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

config users shell/ssh

Browse source
This commit is contained in:
Vincent V.d Kussen 2018-08-13 16:02:31 +02:00
parent 47ef7a7045
commit f12466dead
12 changed files with 184 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
ansible.cfg Normal file
View file

@ -0,0 +1,16 @@
[ssh_connection]
[defaults]
retry_files_enabled = False
retry_files_save_path = /tmp/
inventory=./hosts
host_key_checking=False
gathering = smart
#stdout_callback=skippy
[privilege_escalation]
become=True
become_method=sudo
become_user=root
#become_ask_pass=False

1
hosts Normal file
View file

@ -0,0 +1 @@
10.106.116.157

4
roles/users/defaults/main.yml Normal file
View file

@ -0,0 +1,4 @@
default_freebsd_shell: "/bin/csh"
default_linux_shell: "/bin/bash"
default_shell_lines:
- SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh

1
roles/users/files/keys/remember/key1.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXf

1
roles/users/files/keys/test/key2.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd

10
roles/users/tasks/main.yml
View file

@ -1,8 +1,4 @@
--- ---
- name: Ensure groups exist - include_tasks: set_facts.yml
group: - include_tasks: users.yml
name: "{{ item.name }}" - include_tasks: ssh_config.yml
gid: "{{ item.gid | default(ommit) }}"
state: present
with_items: groups

8
roles/users/tasks/set_facts.yml Normal file
View file

@ -0,0 +1,8 @@
- set_fact:
default_shell: "{{ default_freebsd_shell }}"
when: ansible_os_family == 'FreeBSD'
- set_fact:
default_shell: "{{ default_linux_shell }}"
when: ansible_os_family == 'Debian'

38
roles/users/tasks/ssh_config.yml Normal file
View file

@ -0,0 +1,38 @@
- name: Ensure .ssh folder is created
file:
path: "/home/{{item.name}}/.ssh"
state: directory
mode: 0600
with_items:
- "{{ users }}"
- name: Check if user has ~/.ssh/config
stat:
path: "/home/{{ item.name }}/.ssh/config"
with_items: "{{ users }}"
register: sshconfig
#- name: debug items
# debug:
# msg: "{{ item.item.name }} {{item.stat}}"
# with_items:
# - "{{ sshconfig.results }}"
- name: Create ~/.ssh/config when absent
file:
path: "/home/{{ item.item.name }}/.ssh/config"
owner: "{{ item.item.name }}"
mode: 0600
state: touch
when: item.stat.exists == False
with_items:
- "{{ sshconfig.results }}"
no_log: True
- name: Configure ~/.ssh/config
template:
src: ssh.config.j2
dest: "/home/{{ item.name }}/.ssh/config"
owner: "{{ item.name }}"
with_items:
- "{{ users }}"

88
roles/users/tasks/users.yml Normal file
View file

@ -0,0 +1,88 @@
---
- name: Ensure groups exist
group:
name: "{{ item.name }}"
gid: "{{ item.gid | default(omit) }}"
state: present
with_items: "{{ user_groups }}"
- name: Ensure users exist
user:
name: "{{ item.name }}"
id: "{{ item.id | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
shell: "{{ item.shell | default(default_shell) }}"
state: present
no_log: True
with_items: "{{ users }}"
- name: Configure authorized_keys
authorized_key:
user: "{{ item.0.name }}"
key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}"
state: "{{ item.1.state | default(present) }}"
with_subelements:
- "{{ users }}"
- keys
#- name: debug
# debug:
# msg: "{{ item.0 }} - {{ item.1 }}"
# with_nested:
# - "{{ users }}"
# - "{{ users | map(attribute='shell_lines') | list }}"
# when: ansible_os_family == 'Debian' and item.1 is defined
- name: check vars
debug:
msg: "{{ item.0.name }} --- {{ item.1 }}"
with_subelements:
- "{{ users }}"
- shell_lines
- skip_missing: true
when: ansible_os_family == 'Debian'
- name: Add Ansible comment in bashrc
lineinfile:
path: "/home/{{ item.name }}/.bashrc"
line: "## Ansible managed below this line ###########"
insertafter: EOF
state: present
with_items:
- "{{ users }}"
when: ansible_os_family == 'Debian'
- name: Configure bashrc
lineinfile:
path: "/home/{{ item.0.name }}/.bashrc"
line: "{{ item.1.line }}"
insertafter: "^## Ansible managed below this line"
state: "{{ item.1.state }}"
with_subelements:
- "{{ users }}"
- shell_lines
- skip_missing: true
when: ansible_os_family == 'Debian'
- name: Add Ansible comment in cshrc
lineinfile:
path: "/home/{{ item.0.name }}/.bashrc"
line: "## Ansible managed blow this line ###########"
insertafter: EOF
state: present
with_items:
- "{{ users }}"
when: ansible_os_family == 'FreeBSD'
- name: Configure cshrc
lineinfile:
path: "/home/{{ item.0.name }}/.cshrc"
line: "{{ item.1.line }}"
insertafter: EOF
state: "{{ item.1.state }}"
with_subelements:
- "{{ users }}"
- shell_lines
- skip_missing: true
when: ansible_os_family == 'FreeBSD'

6
roles/users/templates/ssh.config.j2 Normal file
View file

@ -0,0 +1,6 @@
host blabla
hostname {{ ansible_hostname }}
User {{ item.name }}
RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
ServerAliveInterval 10

27
roles/users/vars/main.yml
View file

@ -1,12 +1,21 @@
--- ---
groups: user_groups:
- - name: remember
users: users:
- remember - name: remember
- direct keys:
- degree - file: key1
- sand state: present
- grief shell_lines:
- jam - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh"
- king state: present
- line: "line2"
state: absent
- name: test
keys:
- file: key2
state: absent
# shell_lines:
# - "line1"
# - "line2"

0
site.yml
View file