50 lines
1.1 KiB
YAML
50 lines
1.1 KiB
YAML
- include_vars: vault.yml
|
|
|
|
- name: Add ansible user with bash shell
|
|
user:
|
|
name: ansible
|
|
shell: /bin/bash
|
|
comment: "Ansible"
|
|
state: present
|
|
|
|
- name: Create ansible home-directory
|
|
file:
|
|
path: /home/ansible
|
|
owner: ansible
|
|
group: ansible
|
|
mode: 0700
|
|
state: directory
|
|
|
|
- name: Create HOME/.ssh dir for ansible user
|
|
file:
|
|
path: /home/ansible/.ssh
|
|
owner: ansible
|
|
group: ansible
|
|
mode: 0700
|
|
state: directory
|
|
|
|
- name: Copy the Ansible global key
|
|
copy:
|
|
src: "id_ecdsa"
|
|
dest: "/home/ansible/.ssh/id_ecdsa"
|
|
force: no
|
|
when: "'management' in group_names"
|
|
|
|
- set_fact:
|
|
all_keys: "{{ vault_ssh_keys | join('\n') }}"
|
|
|
|
- set_fact:
|
|
all_keys: "{{ all_keys + '\n' + vault_ansible_dtap_key }}"
|
|
when: "'dtap-all' in group_names"
|
|
|
|
- name: Add authorized key for Ansible user
|
|
authorized_key:
|
|
user: ansible
|
|
exclusive: yes
|
|
key: "{{ all_keys }}"
|
|
key_options: 'from="127.0.0.1,{{ di_common_ansible_ssh_key_from_ips }}"'
|
|
|
|
- name: Add ansible to the sudoers
|
|
lineinfile: "dest=/etc/sudoers state=present regexp='^ansible' line='ansible ALL=(ALL) NOPASSWD: ALL'"
|
|
become: true
|