Add task to setup passwordless sudo for user

This commit is contained in:
Adw8 2024-09-26 10:16:47 +05:30 committed by nabarun
parent 1b5458cd79
commit 3af7f61dfa
3 changed files with 58 additions and 20 deletions

View File

@ -39,7 +39,27 @@ To get started, follow the [installation](../README.md#installation) guide to se
# } # }
``` ```
- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions: - Setup `user-vars.yml` using the example file
```bash
cd vars
cp user-vars.example.yml user-vars.yml
```
- Edit the following vars:
```bash
# name of the user you want to setup on the target host
username: ""
# password of the user you want to setup on the target host
password: ""
# path to the ssh key on your machine
path_to_ssh_key: "
```
- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions:
```bash ```bash
ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }'

View File

@ -59,12 +59,16 @@
ignore_errors: yes ignore_errors: yes
- name: Sign a dummy string using gpg-key - name: Sign a dummy string using gpg-key
shell: echo "This is a dummy string." | gpg --batch --yes --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign - shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
- name: Run vault-rekey.sh - name: Run vault-rekey.sh
shell: bash .vault/vault-rekey.sh shell: bash .vault/vault-rekey.sh
args: args:
chdir: "service-provider-template" chdir: "service-provider-template"
register: rekey_result
until: rekey_result.stderr == ""
retries: 5
delay: 5
- name: Ensure the target directory exists - name: Ensure the target directory exists
file: file:
@ -163,13 +167,10 @@
command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
args: args:
chdir: "{{ ansible_env.HOME }}/service-provider-template" chdir: "{{ ansible_env.HOME }}/service-provider-template"
environment:
- name: Install Stack Orchestrator ANSIBLE_HOST_KEY_CHECKING: "False"
command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so
args:
chdir: "{{ ansible_env.HOME }}/service-provider-template"
- name: Deploy Kubernetes - name: Deploy Kubernetes
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }}
args: args:
chdir: "{{ ansible_env.HOME }}/service-provider-template" chdir: "{{ ansible_env.HOME }}/service-provider-template"

View File

@ -2,12 +2,16 @@
hosts: "{{ target_host }}" hosts: "{{ target_host }}"
become: yes become: yes
vars_files:
- vars/user-vars.yml
tasks: tasks:
- name: Set unique hostname - name: Set unique hostname
hostname: hostname:
name: "{{ inventory_hostname }}" name: "{{ inventory_hostname }}"
when: ansible_hostname != inventory_hostname when: ansible_hostname != inventory_hostname
# TODO: Move installation to k8s playbook
- name: Install additional packages - name: Install additional packages
apt: apt:
name: name:
@ -78,26 +82,39 @@
- /var/lib/snapd - /var/lib/snapd
become: yes become: yes
# TODO: Make username and password configurable - name: Create a user
- name: Create a user `dev`
user: user:
name: dev name: "{{ username }}"
password: "{{ 'so-service-provider' | password_hash('sha512') }}" password: "{{ '{{ password }}' | password_hash('sha512') }}"
shell: /bin/zsh shell: /bin/bash
state: present state: present
- name: Add dev user to sudoers group - name: Add user to sudoers group
user: user:
name: dev name: "{{ username }}"
groups: sudo groups: sudo
append: yes append: yes
- name: Ensure .ssh directory exists for 'dev' user - name: Ensure .ssh directory exists for user
file: file:
path: /home/dev/.ssh path: /home/"{{ username }}"/.ssh
state: directory state: directory
owner: dev owner: "{{ username }}"
group: dev group: "{{ username }}"
mode: '0700' mode: '0700'
# TODO: Add tasks to setup passwordless sudo for the user - name: Copy SSH public key to authorized_keys
copy:
src: "{{ path_to_ssh_key }}"
dest: /home/{{ username }}/.ssh/authorized_keys
owner: "{{ username }}"
group: "{{ username }}"
mode: '0600'
- name: Add user to sudoers for passwordless sudo
lineinfile:
path: /etc/sudoers
state: present
regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL'
line: '{{ username }} ALL=(ALL) NOPASSWD:ALL'
validate: 'visudo -cf %s'