Add service user, use more variables

2021-10-09 23:14:03 +02:00 · 2021-10-09 23:14:03 +02:00 · 45d0b5019e
parent 348a71508b
commit 45d0b5019e
3 changed files with 71 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -1,5 +1,8 @@
 # Prepare_Workshop

-Prepare Ansible workshop
-
-Set up host machine(s) and create LXContainers defined in inventory
+Prepare Ansible workshop
+
+Set up host machine(s) and create LXContainers defined in inventory
+
+For local LXContainers `ansible-playbook` must be called as "root". `--become` does NOT work!
+
--- a/create_inventory_lxc.yml
+++ b/create_inventory_lxc.yml
@ -8,6 +8,14 @@
  vars:
    # List(!) of SSH keys for authorized_keys. Set here or in group_vars/all.yml
    #ssh_keys: []
+    #
+    # root password, default: "root"
+    #root_password: root
+    #
+    # Normal user account (with sudo)
+    #service_username: service
+    #service_password: {{ service_username }}
+    #service_ssh_keys: {{ ssh_keys }}

    cmdline_python:
      alpine:
@ -69,7 +77,47 @@


    - name: Set root password
-      shell: "echo root:root | chpasswd -c SHA256"
+      shell: "echo root:{{ root_password|default('root') }} | chpasswd -c SHA256"
+
+
+    - name: Add SSH keys
+      authorized_key:
+        user: root
+        key: "{{ item }}"
+      loop: "{{ ssh_keys }}"
+
+
+    - name: "[BLOCK] when 'service_username' is set"
+      when: service_username is defined
+      block:
+
+        - name: 'Add normal user "{{ service_username }}"'
+          user:
+            name: "{{ service_username }}"
+
+
+        - name: 'Set password for user "{{ service_username }}"'
+          shell: "echo {{ service_username }}:{{ service_password|default(service_username) }} | chpasswd -c SHA256"
+
+
+        - name: Add SSH keys
+          authorized_key:
+            user: "{{ service_username }}"
+            key: "{{ item }}"
+          loop: "{{ ssh_keys_service|default(ssh_keys) }}"
+
+
+        - name: Install sudo
+          package:
+            name: sudo
+
+
+        - name: Add sudo line for service
+          lineinfile:
+            path: /etc/sudoers
+            regexp: "^service"
+            line: "{{ service_username }} ALL=(ALL:ALL) NOPASSWD: ALL"
+            backup: yes


    - name: Install SSH
@ -100,13 +148,6 @@
      ignore_errors: yes


-    - name: Add SSH keys
-      authorized_key:
-        user: root
-        key: "{{ item }}"
-      loop: "{{ ssh_keys }}"
-
-

  handlers:

--- a/hosts.example
+++ b/hosts.example
@ -16,18 +16,22 @@ debian-host-remote	ansible_host=192.168.1.42
 ############################################################

 [containers_local]
-lxc-local-alpine3B	os_d=alpine	os_r=3.11
-lxc-local-alpine3C	os_d=alpine	os_r=3.12
-lxc-local-alpine3D	os_d=alpine	os_r=3.13
+lxc-local-alpine3b	os_d=alpine	os_r=3.11
+lxc-local-alpine3c	os_d=alpine	os_r=3.12
+lxc-local-alpine3d	os_d=alpine	os_r=3.13
+lxc-local-alpine3e	os_d=alpine	os_r=3.14
 lxc-local-debian9	os_d=debian	os_r=stretch
 lxc-local-debian10	os_d=debian	os_r=buster
+lxc-local-debian11	os_d=debian	os_r=bullseye
 lxc-local-devuan9	os_d=devuan	os_r=ascii
 lxc-local-devuan10	os_d=devuan	os_r=beowulf
 lxc-local-centos7	os_d=centos	os_r=7		ansible_python_interpreter=/usr/bin/python
 lxc-local-centos8	os_d=centos	os_r=8
-lxc-local-fedora32	os_d=fedora	os_r=32
 lxc-local-fedora33	os_d=fedora	os_r=33
+lxc-local-fedora34	os_d=fedora	os_r=34
+lxc-local-fedora35	os_d=fedora	os_r=35
 lxc-local-suse152	os_d=opensuse	os_r=15.2
+lxc-local-suse153	os_d=opensuse	os_r=15.3
 lxc-local-ubu1604	os_d=ubuntu	os_r=xenial
 lxc-local-ubu1804	os_d=ubuntu	os_r=bionic
 lxc-local-ubu2004	os_d=ubuntu	os_r=focal
@ -42,18 +46,22 @@ ansible_connection = lxc
 ############################################################

 [containers_remote]
-lxc-remote-alpine3B	os_d=alpine	os_r=3.11
-lxc-remote-alpine3C	os_d=alpine	os_r=3.12
-lxc-remote-alpine3D	os_d=alpine	os_r=3.13
+lxc-remote-alpine3b	os_d=alpine	os_r=3.11
+lxc-remote-alpine3c	os_d=alpine	os_r=3.12
+lxc-remote-alpine3d	os_d=alpine	os_r=3.13
+lxc-remote-alpine3e	os_d=alpine	os_r=3.14
 lxc-remote-debian9	os_d=debian	os_r=stretch
 lxc-remote-debian10	os_d=debian	os_r=buster
+lxc-remote-debian11	os_d=debian	os_r=bullseye
 lxc-remote-devuan9	os_d=devuan	os_r=ascii
 lxc-remote-devuan10	os_d=devuan	os_r=beowulf
 lxc-remote-centos7	os_d=centos	os_r=7		ansible_python_interpreter=/usr/bin/python
 lxc-remote-centos8	os_d=centos	os_r=8
-lxc-remote-fedora32	os_d=fedora	os_r=32
 lxc-remote-fedora33	os_d=fedora	os_r=33
+lxc-remote-fedora34	os_d=fedora	os_r=34
+lxc-remote-fedora33	os_d=fedora	os_r=35
 lxc-remote-suse152	os_d=opensuse	os_r=15.2
+lxc-remote-suse153	os_d=opensuse	os_r=15.3
 lxc-remote-ubu1604	os_d=ubuntu	os_r=xenial
 lxc-remote-ubu1804	os_d=ubuntu	os_r=bionic
 lxc-remote-ubu2004	os_d=ubuntu	os_r=focal