Skip to content

Javier Franco / admin_ansible_user

Go to a project
Toggle navigation
Toggle navigation pinning
70bfe160 by Javier Franco
Options

first commit

0 parents
Inline Side-by-side
Showing 4 changed files with 105 additions and 0 deletions
ansible.cfg 0 → 100644
1 [defaults]
2 inventory = hosts
3 #remote_user = root
4 retry_file_enabled = false
5 module_name = shell
6 nocows = 1
7 stdout_callback = debug
8 roles_path = roles
9 #log_path = log/ansible.log
10 remote_tmp = /tmp/
11 host_key_checking = false
12 #callback_whitelist = profile_tasks # ansible.log timestamp
13 #command_warnings = False
14
15
16
17 #interpreter_python = /usr/bin/python
18
19
20 [privilege_escalation]
21 #become = true
22 #become_method = sudo
23 #become_user = root
hosts 0 → 100644
1 [elk]
2 kibana ansible_host=10.9.3.68
3 elastic01 ansible_host=10.9.3.69
4 elastic02 ansible_host=10.9.3.70
5
6 [camundadesa]
7 tlbicam01.vue.gov.py
8 tcam01.vue.gov.py
9 tcam02.vue.gov.py
10
11 [camundaprod]
12 plbicam01.vue.gov.py
13 pcam01.vue.gov.py
14 pcam02.vue.gov.py
15
16 [jbossdesa]
17 mtapp01.vue.gov.py
18 mtapp02.vue.gov.py
19 mtjbmaster01.vue.gov.py
20 mtlbi01.vue.gov.py
21
22 [nginxdesa]
23 mtglb01.vue.gov.py
24
25
26 [jbossprod]
27 mpapp01.vue.gov.py
28 mpapp02.vue.gov.py
29 mpjbmaster01.vue.gov.py
30 mplbi01.vue.gov.py
31
32 [nginxprod]
33 mpglb01.vue.gov.py
34
id_rsa.pub 0 → 100644
1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcmKDLOYZiKX04CxM6pGBxroUzAZr4kFK2T5FLTY/rNlrS0llzXTBB0cQCaXmHEiv3m51LikqQNMNMkH56OJrnEHl37D50fWEJixWNwLOiVElRW13t4TjaKv6dEa8dQKXvSRZyGm9Mn6vmk0g8OcnVKaHzp7oioc83SOzkQqcrrhSLKTJSAdE9PfBhrWnt7tImGgcP3NnWqfBAol4jou1xUYSzRsrVtElfJ62zjm0fUbP4O0aeWMuKsF8O04MQciBZNhjIvMjynQyenjU0jzJPcMqwxmkKNScJ4dx5w+5sTyD2+L8amrPPTRdhLUYwH9NQ9vtVn+Uu1z8M33sWFYqdPpoDjVPCP53d4+dLw/Zlby4yWLEYkfOZR97CNuh0B3R5vRvEy7sVQdNJmV/JnqdaUdwK7RBOxZ/iQogxJrYw9rRw+KQh7uNtKhgV2MMEAKy2EujRoYbBWLuenLo1MLS0knIf2IOkscH7SPtyn3oI5iTKdwrDFICMeE8GgM5v2gk= ansible@awx.vue.gov.py
main.yml 0 → 100644
1 ---
2 - name: Playbook para agregar usuario ansible
3 hosts: "{{ target | default('all') }}" # todos los nodos a administrar
4 become: true
5 vars:
6 ansible_local_user: ansible
7 tasks:
8 - name: asegurarse que existe el grupo {{ ansible_local_user }}
9 group:
10 name: "{{ ansible_local_user }}"
11 state: present
12 system: yes
13
14 - name: add {{ ansible_local_user }} sudoers file
15 copy:
16 content: "%{{ ansible_local_user }} ALL=(ALL) NOPASSWD: ALL"
17 dest: /etc/sudoers.d/{{ ansible_local_user }}
18 validate: '/usr/sbin/visudo -cf %s'
19 mode: '0440'
20
21 - name: add user {{ ansible_local_user }}
22 user:
23 name: "{{ ansible_local_user }}"
24 group: "{{ ansible_local_user }}"
25 home: "/home/{{ ansible_local_user }}/"
26 shell: /bin/bash
27 state: present
28 expires: -1
29 system: yes
30 password: "$6$o1V2XCTCdSuzEgnN$Qphuv/imqP6ZlHEXX1uVVm.zqr/DS5XrtmyBfYG.XUFyrkWLcl9SPssUWAwQ5L.c49a5hJOugpBDanT/Rakv8."
31 notify:
32 - ansible password does not expires
33
34 - name: Set ssh keybase login
35 authorized_key:
36 user: "{{ ansible_local_user }}"
37 path: /home/{{ ansible_local_user }}/.ssh/authorized_keys
38 key: "{{ item }}"
39 with_file:
40 - id_rsa.pub
41 tags:
42 - ssh_keybase_login
43
44 handlers:
45 - name: ansible password does not expires
46 command: "chage -m -1 -M -1 -W -1 -E -1 {{ ansible_local_user }}"
47 ...
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!