181 lines
4.7 KiB
YAML
181 lines
4.7 KiB
YAML
---
|
|
|
|
# ---
|
|
# - default user/groups
|
|
# ---
|
|
|
|
- name: (users.yml) Ensure default groups exists
|
|
group:
|
|
name: '{{ item.name }}'
|
|
state: present
|
|
gid: '{{ item.group_id | default(omit) }}'
|
|
with_items: '{{ default_user }}'
|
|
when: item.group_id is defined
|
|
tags:
|
|
- groups-exists
|
|
|
|
- name: (users.yml) Ensure default users exists
|
|
user:
|
|
name: '{{ item.name }}'
|
|
state: present
|
|
uid: '{{ item.user_id | default(omit) }}'
|
|
group: '{{ item.name | default(omit) }}'
|
|
home: '{{ item.home | default(omit) }}'
|
|
shell: '{{ item.shell|d("/bin/bash") }}'
|
|
password: "{{ item.password }}"
|
|
update_password: on_create
|
|
with_items: '{{ default_user }}'
|
|
tags:
|
|
- users-exists
|
|
|
|
- name: (users.yml) Ensure authorized_key files for default users are present
|
|
authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
key: "{{ item.1 }}"
|
|
state: present
|
|
with_subelements:
|
|
- '{{ default_user }}'
|
|
- ssh_keys
|
|
tags:
|
|
- authorized_key
|
|
|
|
# ---
|
|
# - extra user/groups
|
|
# ---
|
|
|
|
- name: (users.yml) Ensure extra groups exists
|
|
group:
|
|
name: '{{ item.name }}'
|
|
state: present
|
|
gid: '{{ item.group_id | default(omit) }}'
|
|
with_items: '{{ extra_user }}'
|
|
when:
|
|
- extra_user is defined and extra_user|length > 0
|
|
- item.group_id is defined
|
|
tags:
|
|
- groups-exists
|
|
|
|
- name: (users.yml) Ensure extra users exists
|
|
user:
|
|
name: '{{ item.name }}'
|
|
state: present
|
|
uid: '{{ item.user_id | default(omit) }}'
|
|
group: '{{ item.name | default(omit) }}'
|
|
home: '{{ item.home | default(omit) }}'
|
|
shell: '{{ item.shell|d("/bin/bash") }}'
|
|
password: "{{ item.password }}"
|
|
update_password: on_create
|
|
with_items: '{{ extra_user }}'
|
|
when: extra_user is defined and extra_user|length > 0
|
|
tags:
|
|
- users-exists
|
|
|
|
- name: (users.yml) Ensure authorized_key files for extra users are present
|
|
authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
key: "{{ item.1 }}"
|
|
state: present
|
|
with_subelements:
|
|
- '{{ extra_user }}'
|
|
- ssh_keys
|
|
when: extra_user is defined and extra_user|length > 0
|
|
tags:
|
|
- authorized_key
|
|
|
|
|
|
# ---
|
|
# - Take care backup host has rsa key to connect via ssh to the other hosts
|
|
# ---
|
|
|
|
- name: (users.yml) Copy ssh rsa private key to user root of backup server
|
|
copy:
|
|
src: '{{ item.priv_key_src }}'
|
|
dest: '{{ item.priv_key_dest }}'
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
with_items: '{{ ssh_keypair_backup_server }}'
|
|
when:
|
|
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
|
|
- insert_ssh_keypair_backup_server|bool
|
|
tags:
|
|
- insert-ssh-keypair-backup-server
|
|
- keypair-backup-server
|
|
|
|
|
|
- name: (users.yml) Copy ssh rsa public key to user root of backup server
|
|
copy:
|
|
src: '{{ item.pub_key_src }}'
|
|
dest: '{{ item.pub_key_dest }}'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
with_items: '{{ ssh_keypair_backup_server }}'
|
|
when:
|
|
- ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
|
|
- insert_ssh_keypair_backup_server|bool
|
|
tags:
|
|
- insert-ssh-keypair-backup-server
|
|
- keypair-backup-server
|
|
|
|
|
|
- name: (users.yml) Ensure user back has public rsa key of backup server
|
|
authorized_key:
|
|
user: "{{ item.backup_user }}"
|
|
key: "{{ lookup('file', item.pub_key_src) }}"
|
|
state: present
|
|
with_items: '{{ ssh_keypair_backup_server }}'
|
|
when: ssh_keypair_backup_server is defined and ssh_keypair_backup_server|length > 0
|
|
tags:
|
|
- authorized_key
|
|
- keypair-backup-server
|
|
|
|
|
|
# ---
|
|
# - Allow connection via ssh to backup host
|
|
# ---
|
|
|
|
- name: (users.yml) Copy default ed25519 ssh private key to user root
|
|
copy:
|
|
src: '{{ item.priv_key_src }}'
|
|
dest: '{{ item.priv_key_dest }}'
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
#when: groups['oopen_server']|string is search(inventory_hostname)
|
|
when:
|
|
- insert_root_ssh_keypair|bool
|
|
- groups['backup_server']|string is not search(inventory_hostname)
|
|
with_items: '{{ root_ssh_keypair }}'
|
|
tags:
|
|
- insert_root_ssh_keypair
|
|
- root-defaut-ssh-keypair
|
|
|
|
- name: (users.yml) Copy default ed25519 ssh public key to user root
|
|
copy:
|
|
src: '{{ item.pub_key_src }}'
|
|
dest: '{{ item.pub_key_dest }}'
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
with_items: '{{ root_ssh_keypair }}'
|
|
#when: groups['oopen_server']|string is search(inventory_hostname)
|
|
when:
|
|
- insert_root_ssh_keypair|bool
|
|
- groups['backup_server']|string is not search(inventory_hostname)
|
|
tags:
|
|
- insert_root_ssh_keypair
|
|
- root-defaut-ssh-keypair
|
|
|
|
- name: (users.yml) Ensure authorized_key (root) on backup hosts contains public key
|
|
authorized_key:
|
|
user: root
|
|
key: "{{ lookup('file', item.pub_key_src) }}"
|
|
state: present
|
|
with_items: '{{ root_ssh_keypair }}'
|
|
when: inventory_hostname == item.target
|
|
tags:
|
|
- authorized_key
|
|
- root-defaut-ssh-keypair
|
|
|