36 lines
1.6 KiB
YAML
36 lines
1.6 KiB
YAML
---
|
|
|
|
# Intended to be run once for every new server to secure the ssh connection allowing the team access
|
|
# with their public keys. This script will lock itself out from every server it is run on.
|
|
# Further playbooks are intended to be run by logging in as one of the created users.
|
|
# It also ensures python2 is installed as it's necessary for the modules used in this playbook at
|
|
# the time of this writing.
|
|
|
|
# The used login data depends on the used server provider. In most cases the ansible_user will be
|
|
# root, but we can't safely assume anything.
|
|
# The following line is an example for securing a new vagrant maching, after running `vagrant up`:
|
|
# ansible-playbook first_run.yml -i hosts -u vagrant --private-key='~/.vagrant.d/insecure_private_key'
|
|
# For real providers it could look like:
|
|
# ansible-playbook first_run.yml -i hosts -u root --private-key='~/.ssh/id_rsa'
|
|
# If you don't have a ssh-key on the server and the server expects password authentication use:
|
|
# ansible-playbook first_run.yml -i hosts -u root --ask-pass
|
|
|
|
- hosts: all
|
|
|
|
vars:
|
|
|
|
# created with:
|
|
#
|
|
# echo -n 'E*********%' | ansible-vault encrypt_string --stdin-name 'ansible_become_password'
|
|
#
|
|
ansible_become_password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
34396433383837666135346136643137633333316131633235353039613361626631346434653636
|
|
6431366536663636323537633965306135343239626434660a386663353837396263333035356365
|
|
32636236383566316565383137613232353066313032373430643631303433616265323566663165
|
|
3539316363386538370a353937613535313538366562616334313566366332393532616630636133
|
|
6562
|
|
|
|
roles:
|
|
- common
|