From 45d0b5019e7ab009325c3e0fe3b23c2f47b541a5 Mon Sep 17 00:00:00 2001
From: Sven Velt <sven@velt.de>
Date: Sat, 9 Oct 2021 23:14:03 +0200
Subject: [PATCH] Add service user, use more variables

---
 README.md                |  9 ++++---
 create_inventory_lxc.yml | 57 ++++++++++++++++++++++++++++++++++------
 hosts.example            | 24 +++++++++++------
 3 files changed, 71 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 8a151c9..2e04a91 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,8 @@
 # Prepare_Workshop
 
-Prepare Ansible workshop
-
-Set up host machine(s) and create LXContainers defined in inventory
+Prepare Ansible workshop
+
+Set up host machine(s) and create LXContainers defined in inventory
+
+For local LXContainers `ansible-playbook` must be called as "root". `--become` does NOT work!
+
diff --git a/create_inventory_lxc.yml b/create_inventory_lxc.yml
index 6f05ef9..430c302 100644
--- a/create_inventory_lxc.yml
+++ b/create_inventory_lxc.yml
@@ -8,6 +8,14 @@
   vars:
     # List(!) of SSH keys for authorized_keys. Set here or in group_vars/all.yml
     #ssh_keys: []
+    #
+    # root password, default: "root"
+    #root_password: root
+    #
+    # Normal user account (with sudo)
+    #service_username: service
+    #service_password: {{ service_username }}
+    #service_ssh_keys: {{ ssh_keys }}
 
     cmdline_python:
       alpine:
@@ -69,7 +77,47 @@
 
 
     - name: Set root password
-      shell: "echo root:root | chpasswd -c SHA256"
+      shell: "echo root:{{ root_password|default('root') }} | chpasswd -c SHA256"
+
+
+    - name: Add SSH keys
+      authorized_key:
+        user: root
+        key: "{{ item }}"
+      loop: "{{ ssh_keys }}"
+
+
+    - name: "[BLOCK] when 'service_username' is set"
+      when: service_username is defined
+      block:
+
+        - name: 'Add normal user "{{ service_username }}"'
+          user:
+            name: "{{ service_username }}"
+
+
+        - name: 'Set password for user "{{ service_username }}"'
+          shell: "echo {{ service_username }}:{{ service_password|default(service_username) }} | chpasswd -c SHA256"
+
+
+        - name: Add SSH keys
+          authorized_key:
+            user: "{{ service_username }}"
+            key: "{{ item }}"
+          loop: "{{ ssh_keys_service|default(ssh_keys) }}"
+
+
+        - name: Install sudo
+          package:
+            name: sudo
+
+
+        - name: Add sudo line for service
+          lineinfile:
+            path: /etc/sudoers
+            regexp: "^service"
+            line: "{{ service_username }} ALL=(ALL:ALL) NOPASSWD: ALL"
+            backup: yes
 
 
     - name: Install SSH
@@ -100,13 +148,6 @@
       ignore_errors: yes
 
 
-    - name: Add SSH keys
-      authorized_key:
-        user: root
-        key: "{{ item }}"
-      loop: "{{ ssh_keys }}"
-
-
 
   handlers:
 
diff --git a/hosts.example b/hosts.example
index 23561a9..dda1076 100644
--- a/hosts.example
+++ b/hosts.example
@@ -16,18 +16,22 @@ debian-host-remote	ansible_host=192.168.1.42
 ############################################################
 
 [containers_local]
-lxc-local-alpine3B	os_d=alpine	os_r=3.11
-lxc-local-alpine3C	os_d=alpine	os_r=3.12
-lxc-local-alpine3D	os_d=alpine	os_r=3.13
+lxc-local-alpine3b	os_d=alpine	os_r=3.11
+lxc-local-alpine3c	os_d=alpine	os_r=3.12
+lxc-local-alpine3d	os_d=alpine	os_r=3.13
+lxc-local-alpine3e	os_d=alpine	os_r=3.14
 lxc-local-debian9	os_d=debian	os_r=stretch
 lxc-local-debian10	os_d=debian	os_r=buster
+lxc-local-debian11	os_d=debian	os_r=bullseye
 lxc-local-devuan9	os_d=devuan	os_r=ascii
 lxc-local-devuan10	os_d=devuan	os_r=beowulf
 lxc-local-centos7	os_d=centos	os_r=7		ansible_python_interpreter=/usr/bin/python
 lxc-local-centos8	os_d=centos	os_r=8
-lxc-local-fedora32	os_d=fedora	os_r=32
 lxc-local-fedora33	os_d=fedora	os_r=33
+lxc-local-fedora34	os_d=fedora	os_r=34
+lxc-local-fedora35	os_d=fedora	os_r=35
 lxc-local-suse152	os_d=opensuse	os_r=15.2
+lxc-local-suse153	os_d=opensuse	os_r=15.3
 lxc-local-ubu1604	os_d=ubuntu	os_r=xenial
 lxc-local-ubu1804	os_d=ubuntu	os_r=bionic
 lxc-local-ubu2004	os_d=ubuntu	os_r=focal
@@ -42,18 +46,22 @@ ansible_connection = lxc
 ############################################################
 
 [containers_remote]
-lxc-remote-alpine3B	os_d=alpine	os_r=3.11
-lxc-remote-alpine3C	os_d=alpine	os_r=3.12
-lxc-remote-alpine3D	os_d=alpine	os_r=3.13
+lxc-remote-alpine3b	os_d=alpine	os_r=3.11
+lxc-remote-alpine3c	os_d=alpine	os_r=3.12
+lxc-remote-alpine3d	os_d=alpine	os_r=3.13
+lxc-remote-alpine3e	os_d=alpine	os_r=3.14
 lxc-remote-debian9	os_d=debian	os_r=stretch
 lxc-remote-debian10	os_d=debian	os_r=buster
+lxc-remote-debian11	os_d=debian	os_r=bullseye
 lxc-remote-devuan9	os_d=devuan	os_r=ascii
 lxc-remote-devuan10	os_d=devuan	os_r=beowulf
 lxc-remote-centos7	os_d=centos	os_r=7		ansible_python_interpreter=/usr/bin/python
 lxc-remote-centos8	os_d=centos	os_r=8
-lxc-remote-fedora32	os_d=fedora	os_r=32
 lxc-remote-fedora33	os_d=fedora	os_r=33
+lxc-remote-fedora34	os_d=fedora	os_r=34
+lxc-remote-fedora33	os_d=fedora	os_r=35
 lxc-remote-suse152	os_d=opensuse	os_r=15.2
+lxc-remote-suse153	os_d=opensuse	os_r=15.3
 lxc-remote-ubu1604	os_d=ubuntu	os_r=xenial
 lxc-remote-ubu1804	os_d=ubuntu	os_r=bionic
 lxc-remote-ubu2004	os_d=ubuntu	os_r=focal