-
Notifications
You must be signed in to change notification settings - Fork 3
/
bootstrap.yml
100 lines (81 loc) · 2.73 KB
/
bootstrap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
---
#
# time ansible-playbook -i inventario bootstrap.yml --limit alpha
- hosts: all
vars:
initial_devops_password: "debian"
initial_root_password: "debian"
tasks:
- name: bootstrap | agrega SSH host key
ping:
environment:
ANSIBLE_HOST_KEY_CHECKING: False
- name: bootstrap | verifica usuario de conexion al nodo
command: id
- name: bootstrap | verifica usuario de conexion al nodo puede pasar a root
command: id
become: True
- name: bootstrap | crea grupo para usuario devops
group:
name: "{{ devops_user_name }}"
gid: "{{ devops_user_uid }}"
state: present
become: True
- name: bootstrap | crea cuenta usuario devops
user:
name: "{{ devops_user_name }}"
uid: "{{ devops_user_uid }}"
group: "{{ devops_user_name }}"
createhome: True
password: "{{ initial_devops_password | password_hash('sha512') }}"
update_password: on_create
shell: /bin/bash
state: present
become: True
- name: bootstrap | paquete sudo esta instalado
apt:
name: sudo
become: True
- name: bootstrap | cuenta devops pertenece a grupo sudo
user:
name: "{{ devops_user_name }}"
groups: sudo
append: yes
become: True
- name: bootstrap | cuentas en grupo sudo no necesitan ingresar su password
lineinfile:
path: /etc/sudoers
regexp: "^%ADMIN ALL="
line: "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
validate: "/usr/sbin/visudo -cf %s"
state: present
become: True
- name: all | /etc/environment
template:
src: environment.j2
dest: /etc/environment
owner: root
group: root
mode: '0644'
become: true
##
# Ejemplo con Bash y con Ansible
# IP=192.168.11.12 ; ssh-keygen -f ~/.ssh/known_hosts" -R "${IP}" ; ssh-keyscan -H ${IP} >> ~/.ssh/known_hosts ; sshpass -p debian ssh-copy-id root@${IP}
- name: bootstrap | masajeo SSH para entrar con clave publica
shell: |
ssh-keygen -f ~/.ssh/known_hosts -R {{ ansible_default_ipv4.address }}
ssh-keyscan -H {{ ansible_default_ipv4.address }} >> ~/.ssh/known_hosts
sshpass -p {{ initial_root_password }} ssh-copy-id root@{{ ansible_default_ipv4.address }} # para equipos a controlar como root
sshpass -p {{ initial_devops_password }} ssh-copy-id {{ devops_user_name }}@{{ ansible_default_ipv4.address }} # solo para equipos propios
delegate_to: localhost
##
## En caso de nodos que se vana usar como escritorios, asegurar los dos gustos siguientes:
##
# - name: bootstrap | escritorio Mate instalado
# apt:
# name: ubuntu-mate-desktop
# become: True
# - name: bootstrap | escritorio LXDE instalado
# apt:
# name: lubuntu-desktop
# become: True