Add ansible playbook to automate service provider setup #10
@ -39,7 +39,27 @@ To get started, follow the [installation](../README.md#installation) guide to se
|
||||
# }
|
||||
```
|
||||
|
||||
- Execute the `setup-user.yml` Ansible playbook to create a user `dev` with sudo permissions:
|
||||
- Setup `user-vars.yml` using the example file
|
||||
|
||||
```bash
|
||||
cd vars
|
||||
cp user-vars.example.yml user-vars.yml
|
||||
```
|
||||
|
||||
- Edit the following vars:
|
||||
|
||||
```bash
|
||||
# name of the user you want to setup on the target host
|
||||
username: ""
|
||||
|
||||
# password of the user you want to setup on the target host
|
||||
password: ""
|
||||
|
||||
# path to the ssh key on your machine
|
||||
path_to_ssh_key: "
|
||||
```
|
||||
|
||||
- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions:
|
||||
|
||||
```bash
|
||||
ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }'
|
||||
|
@ -59,12 +59,16 @@
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Sign a dummy string using gpg-key
|
||||
shell: echo "This is a dummy string." | gpg --batch --yes --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
|
||||
shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign -
|
||||
|
||||
- name: Run vault-rekey.sh
|
||||
shell: bash .vault/vault-rekey.sh
|
||||
args:
|
||||
chdir: "service-provider-template"
|
||||
register: rekey_result
|
||||
until: rekey_result.stderr == ""
|
||||
retries: 5
|
||||
delay: 5
|
||||
|
||||
- name: Ensure the target directory exists
|
||||
file:
|
||||
@ -163,13 +167,10 @@
|
||||
command: ansible-playbook -i hosts site.yml --tags=firewalld,nginx
|
||||
args:
|
||||
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||
|
||||
- name: Install Stack Orchestrator
|
||||
command: ansible-playbook -i hosts site.yml --tags=so --limit=so --user so
|
||||
args:
|
||||
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||
environment:
|
||||
ANSIBLE_HOST_KEY_CHECKING: "False"
|
||||
|
||||
- name: Deploy Kubernetes
|
||||
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user so
|
||||
command: ansible-playbook -i hosts site.yml --tags=k8s --limit={{ org_id }}_{{ location_id }} --user {{ ansible_user }}
|
||||
args:
|
||||
chdir: "{{ ansible_env.HOME }}/service-provider-template"
|
||||
|
@ -2,12 +2,16 @@
|
||||
hosts: "{{ target_host }}"
|
||||
become: yes
|
||||
|
||||
vars_files:
|
||||
- vars/user-vars.yml
|
||||
|
||||
tasks:
|
||||
- name: Set unique hostname
|
||||
hostname:
|
||||
name: "{{ inventory_hostname }}"
|
||||
when: ansible_hostname != inventory_hostname
|
||||
|
||||
# TODO: Move installation to k8s playbook
|
||||
- name: Install additional packages
|
||||
apt:
|
||||
name:
|
||||
@ -78,26 +82,39 @@
|
||||
- /var/lib/snapd
|
||||
become: yes
|
||||
|
||||
# TODO: Make username and password configurable
|
||||
- name: Create a user `dev`
|
||||
- name: Create a user
|
||||
user:
|
||||
name: dev
|
||||
password: "{{ 'so-service-provider' | password_hash('sha512') }}"
|
||||
shell: /bin/zsh
|
||||
name: "{{ username }}"
|
||||
password: "{{ '{{ password }}' | password_hash('sha512') }}"
|
||||
shell: /bin/bash
|
||||
state: present
|
||||
|
||||
- name: Add dev user to sudoers group
|
||||
- name: Add user to sudoers group
|
||||
user:
|
||||
name: dev
|
||||
name: "{{ username }}"
|
||||
groups: sudo
|
||||
append: yes
|
||||
|
||||
- name: Ensure .ssh directory exists for 'dev' user
|
||||
- name: Ensure .ssh directory exists for user
|
||||
file:
|
||||
path: /home/dev/.ssh
|
||||
path: /home/"{{ username }}"/.ssh
|
||||
state: directory
|
||||
owner: dev
|
||||
group: dev
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
mode: '0700'
|
||||
|
||||
# TODO: Add tasks to setup passwordless sudo for the user
|
||||
- name: Copy SSH public key to authorized_keys
|
||||
copy:
|
||||
src: "{{ path_to_ssh_key }}"
|
||||
dest: /home/{{ username }}/.ssh/authorized_keys
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
mode: '0600'
|
||||
|
||||
- name: Add user to sudoers for passwordless sudo
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL'
|
||||
line: '{{ username }} ALL=(ALL) NOPASSWD:ALL'
|
||||
validate: 'visudo -cf %s'
|
||||
|
Loading…
Reference in New Issue
Block a user