Add service user, use more variables
This commit is contained in:
Sven Velt
parent
348a71508b
commit
45d0b5019e
|
|
@ -1,5 +1,8 @@
|
||||||
# Prepare_Workshop
|
# Prepare_Workshop
|
||||||
|
|
||||||
Prepare Ansible workshop
|
Prepare Ansible workshop
|
||||||
|
|
||||||
Set up host machine(s) and create LXContainers defined in inventory
|
Set up host machine(s) and create LXContainers defined in inventory
|
||||||
|
|
||||||
|
For local LXContainers `ansible-playbook` must be called as "root". `--become` does NOT work!
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,14 @@
|
||||||
vars:
|
vars:
|
||||||
# List(!) of SSH keys for authorized_keys. Set here or in group_vars/all.yml
|
# List(!) of SSH keys for authorized_keys. Set here or in group_vars/all.yml
|
||||||
#ssh_keys: []
|
#ssh_keys: []
|
||||||
|
#
|
||||||
|
# root password, default: "root"
|
||||||
|
#root_password: root
|
||||||
|
#
|
||||||
|
# Normal user account (with sudo)
|
||||||
|
#service_username: service
|
||||||
|
#service_password: {{ service_username }}
|
||||||
|
#service_ssh_keys: {{ ssh_keys }}
|
||||||
|
|
||||||
cmdline_python:
|
cmdline_python:
|
||||||
alpine:
|
alpine:
|
||||||
|
|
@ -69,7 +77,47 @@
|
||||||
|
|
||||||
|
|
||||||
- name: Set root password
|
- name: Set root password
|
||||||
shell: "echo root:root | chpasswd -c SHA256"
|
shell: "echo root:{{ root_password|default('root') }} | chpasswd -c SHA256"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Add SSH keys
|
||||||
|
authorized_key:
|
||||||
|
user: root
|
||||||
|
key: "{{ item }}"
|
||||||
|
loop: "{{ ssh_keys }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: "[BLOCK] when 'service_username' is set"
|
||||||
|
when: service_username is defined
|
||||||
|
block:
|
||||||
|
|
||||||
|
- name: 'Add normal user "{{ service_username }}"'
|
||||||
|
user:
|
||||||
|
name: "{{ service_username }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: 'Set password for user "{{ service_username }}"'
|
||||||
|
shell: "echo {{ service_username }}:{{ service_password|default(service_username) }} | chpasswd -c SHA256"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Add SSH keys
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ service_username }}"
|
||||||
|
key: "{{ item }}"
|
||||||
|
loop: "{{ ssh_keys_service|default(ssh_keys) }}"
|
||||||
|
|
||||||
|
|
||||||
|
- name: Install sudo
|
||||||
|
package:
|
||||||
|
name: sudo
|
||||||
|
|
||||||
|
|
||||||
|
- name: Add sudo line for service
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
regexp: "^service"
|
||||||
|
line: "{{ service_username }} ALL=(ALL:ALL) NOPASSWD: ALL"
|
||||||
|
backup: yes
|
||||||
|
|
||||||
|
|
||||||
- name: Install SSH
|
- name: Install SSH
|
||||||
|
|
@ -100,13 +148,6 @@
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
|
|
||||||
|
|
||||||
- name: Add SSH keys
|
|
||||||
authorized_key:
|
|
||||||
user: root
|
|
||||||
key: "{{ item }}"
|
|
||||||
loop: "{{ ssh_keys }}"
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,18 +16,22 @@ debian-host-remote ansible_host=192.168.1.42
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
[containers_local]
|
[containers_local]
|
||||||
lxc-local-alpine3B os_d=alpine os_r=3.11
|
lxc-local-alpine3b os_d=alpine os_r=3.11
|
||||||
lxc-local-alpine3C os_d=alpine os_r=3.12
|
lxc-local-alpine3c os_d=alpine os_r=3.12
|
||||||
lxc-local-alpine3D os_d=alpine os_r=3.13
|
lxc-local-alpine3d os_d=alpine os_r=3.13
|
||||||
|
lxc-local-alpine3e os_d=alpine os_r=3.14
|
||||||
lxc-local-debian9 os_d=debian os_r=stretch
|
lxc-local-debian9 os_d=debian os_r=stretch
|
||||||
lxc-local-debian10 os_d=debian os_r=buster
|
lxc-local-debian10 os_d=debian os_r=buster
|
||||||
|
lxc-local-debian11 os_d=debian os_r=bullseye
|
||||||
lxc-local-devuan9 os_d=devuan os_r=ascii
|
lxc-local-devuan9 os_d=devuan os_r=ascii
|
||||||
lxc-local-devuan10 os_d=devuan os_r=beowulf
|
lxc-local-devuan10 os_d=devuan os_r=beowulf
|
||||||
lxc-local-centos7 os_d=centos os_r=7 ansible_python_interpreter=/usr/bin/python
|
lxc-local-centos7 os_d=centos os_r=7 ansible_python_interpreter=/usr/bin/python
|
||||||
lxc-local-centos8 os_d=centos os_r=8
|
lxc-local-centos8 os_d=centos os_r=8
|
||||||
lxc-local-fedora32 os_d=fedora os_r=32
|
|
||||||
lxc-local-fedora33 os_d=fedora os_r=33
|
lxc-local-fedora33 os_d=fedora os_r=33
|
||||||
|
lxc-local-fedora34 os_d=fedora os_r=34
|
||||||
|
lxc-local-fedora35 os_d=fedora os_r=35
|
||||||
lxc-local-suse152 os_d=opensuse os_r=15.2
|
lxc-local-suse152 os_d=opensuse os_r=15.2
|
||||||
|
lxc-local-suse153 os_d=opensuse os_r=15.3
|
||||||
lxc-local-ubu1604 os_d=ubuntu os_r=xenial
|
lxc-local-ubu1604 os_d=ubuntu os_r=xenial
|
||||||
lxc-local-ubu1804 os_d=ubuntu os_r=bionic
|
lxc-local-ubu1804 os_d=ubuntu os_r=bionic
|
||||||
lxc-local-ubu2004 os_d=ubuntu os_r=focal
|
lxc-local-ubu2004 os_d=ubuntu os_r=focal
|
||||||
|
|
@ -42,18 +46,22 @@ ansible_connection = lxc
|
||||||
############################################################
|
############################################################
|
||||||
|
|
||||||
[containers_remote]
|
[containers_remote]
|
||||||
lxc-remote-alpine3B os_d=alpine os_r=3.11
|
lxc-remote-alpine3b os_d=alpine os_r=3.11
|
||||||
lxc-remote-alpine3C os_d=alpine os_r=3.12
|
lxc-remote-alpine3c os_d=alpine os_r=3.12
|
||||||
lxc-remote-alpine3D os_d=alpine os_r=3.13
|
lxc-remote-alpine3d os_d=alpine os_r=3.13
|
||||||
|
lxc-remote-alpine3e os_d=alpine os_r=3.14
|
||||||
lxc-remote-debian9 os_d=debian os_r=stretch
|
lxc-remote-debian9 os_d=debian os_r=stretch
|
||||||
lxc-remote-debian10 os_d=debian os_r=buster
|
lxc-remote-debian10 os_d=debian os_r=buster
|
||||||
|
lxc-remote-debian11 os_d=debian os_r=bullseye
|
||||||
lxc-remote-devuan9 os_d=devuan os_r=ascii
|
lxc-remote-devuan9 os_d=devuan os_r=ascii
|
||||||
lxc-remote-devuan10 os_d=devuan os_r=beowulf
|
lxc-remote-devuan10 os_d=devuan os_r=beowulf
|
||||||
lxc-remote-centos7 os_d=centos os_r=7 ansible_python_interpreter=/usr/bin/python
|
lxc-remote-centos7 os_d=centos os_r=7 ansible_python_interpreter=/usr/bin/python
|
||||||
lxc-remote-centos8 os_d=centos os_r=8
|
lxc-remote-centos8 os_d=centos os_r=8
|
||||||
lxc-remote-fedora32 os_d=fedora os_r=32
|
|
||||||
lxc-remote-fedora33 os_d=fedora os_r=33
|
lxc-remote-fedora33 os_d=fedora os_r=33
|
||||||
|
lxc-remote-fedora34 os_d=fedora os_r=34
|
||||||
|
lxc-remote-fedora33 os_d=fedora os_r=35
|
||||||
lxc-remote-suse152 os_d=opensuse os_r=15.2
|
lxc-remote-suse152 os_d=opensuse os_r=15.2
|
||||||
|
lxc-remote-suse153 os_d=opensuse os_r=15.3
|
||||||
lxc-remote-ubu1604 os_d=ubuntu os_r=xenial
|
lxc-remote-ubu1604 os_d=ubuntu os_r=xenial
|
||||||
lxc-remote-ubu1804 os_d=ubuntu os_r=bionic
|
lxc-remote-ubu1804 os_d=ubuntu os_r=bionic
|
||||||
lxc-remote-ubu2004 os_d=ubuntu os_r=focal
|
lxc-remote-ubu2004 os_d=ubuntu os_r=focal
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue