Role: svc_acct
Basic service account ssh key management setup
This commit is contained in:
parent
1af655b390
commit
17c666ff97
@ -1,3 +1,3 @@
|
||||
[defaults]
|
||||
inventory = ./hosts
|
||||
inventory = ./hosts.yaml
|
||||
remote_user = ubuntu
|
||||
|
||||
5
ANSIBLE/group_vars/all.yaml
Normal file
5
ANSIBLE/group_vars/all.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
svc_acct_name: "ubuntu"
|
||||
svc_acct_keys:
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital"
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= telos@anothermouse.com"
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com "
|
||||
@ -1,8 +0,0 @@
|
||||
[web]
|
||||
monitor.telos.digital
|
||||
|
||||
[eoq]
|
||||
eoq.telos.digital
|
||||
|
||||
[monitor]
|
||||
monitor.telos.digital
|
||||
27
ANSIBLE/hosts.yml
Normal file
27
ANSIBLE/hosts.yml
Normal file
@ -0,0 +1,27 @@
|
||||
web:
|
||||
hosts:
|
||||
monitor.telos.digital:
|
||||
eoq:
|
||||
hosts:
|
||||
eoq.telos.digital:
|
||||
site_name: eoq.telos.digital
|
||||
site_root: /var/www/html
|
||||
admin_email: peter.edmond@telos.digital
|
||||
php_version: 8.3
|
||||
#These are not used but can be used to customise the php-fpm environment if required.
|
||||
php_upload_max_filesize: 20M
|
||||
php_post_max_size: 25M
|
||||
php_memory_limit: 128M
|
||||
php_max_execution_time: 60
|
||||
monitor:
|
||||
hosts:
|
||||
monitor.telos.digital:
|
||||
site_name: monitor.telos.digital
|
||||
site_root: /var/www/html
|
||||
admin_email: peter.edmond@telos.digital
|
||||
php_version: 8.3
|
||||
#These are not used but can be used to customise the php-fpm environment if required.
|
||||
php_upload_max_filesize: 20M
|
||||
php_post_max_size: 25M
|
||||
php_memory_limit: 128M
|
||||
php_max_execution_time: 60
|
||||
2
ANSIBLE/roles/svc_acct/defaults/main.yml
Normal file
2
ANSIBLE/roles/svc_acct/defaults/main.yml
Normal file
@ -0,0 +1,2 @@
|
||||
svc_acct_name: "root"
|
||||
svc_acct_keys: ""
|
||||
44
ANSIBLE/roles/svc_acct/tasks/main.yml
Normal file
44
ANSIBLE/roles/svc_acct/tasks/main.yml
Normal file
@ -0,0 +1,44 @@
|
||||
- name: Add Local User
|
||||
user:
|
||||
name: "{{ svc_acct_name }}"
|
||||
comment: General Service Account
|
||||
password_lock: true
|
||||
shell: "/bin/bash"
|
||||
create_home: true
|
||||
- name: Wheel Group
|
||||
when: ansible_facts['os_family'] == "RedHat"
|
||||
user:
|
||||
name: servicelink
|
||||
groups: wheel
|
||||
append: true
|
||||
- name: sudo Group
|
||||
when: ansible_facts['distribution'] == "Ubuntu"
|
||||
user:
|
||||
name: "{{ svc_acct_name }}"
|
||||
groups: sudo
|
||||
append: true
|
||||
- name: Make servicelink sudo Passwordless
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL"
|
||||
validate: /usr/sbin/visudo -cf %s
|
||||
- name: "Make .ssh dir"
|
||||
file:
|
||||
path: "/home/{{ svc_acct_name }}/.ssh/"
|
||||
state: directory
|
||||
owner: "{{ svc_acct_name }}"
|
||||
group: "{{ svc_acct_name }}"
|
||||
mode: "0700"
|
||||
- name: Make Authorised Key
|
||||
file:
|
||||
path: "/home/{{ svc_acct_name }}/.ssh/authorized_keys"
|
||||
# state: touch
|
||||
owner: "{{ svc_acct_name }}"
|
||||
group: "{{ svc_acct_name }}"
|
||||
mode: "0600"
|
||||
- name: Add Publickey
|
||||
lineinfile:
|
||||
path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys"
|
||||
line: "{{ item }}"
|
||||
loop: "{{ svc_acct_keys }}"
|
||||
14
ANSIBLE/test.yml
Normal file
14
ANSIBLE/test.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
|
||||
- name: Test roles
|
||||
hosts: eoq
|
||||
become: true
|
||||
gather_facts: true
|
||||
vars_files:
|
||||
- group_vars/all.yaml
|
||||
roles:
|
||||
- svc_acct
|
||||
tasks:
|
||||
- ansible.builtin.debug:
|
||||
msg: "Finished"
|
||||
name: "Finished mgs"
|
||||
Loading…
x
Reference in New Issue
Block a user