Ansible: Difference between revisions

From DWIKI
m (ansible configuration management)
No edit summary
Line 20: Line 20:
Edit/create ~root/.ssh/authorized_keys and add:
Edit/create ~root/.ssh/authorized_keys and add:
  from="ip.of.ansible.server" <paste public key here>
  from="ip.of.ansible.server" <paste public key here>
=Scripts/playbooks=
==Maintain useraccounts==
<pre>
---
- name: remove users
  user: name=exuser state=absent force=yes groups=''
  with_dict: accounts
  tags:
    - delusers
- name: sync group
  group:
    name: sync
    gid: 999
    state: "present"
- name: fix homedir rights
  lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"
- name: useraccounts
  user:
    name: "{{ item.key \}\}"
    comment: "{{ item.value.name }}"
    uid: "{{ item.value.uid }}"
    state: "present"
    shell: "/bin/bash"
    groups: sudo
  with_dict: accounts
  tags:
    - accounts
- name: userpasswords
  user:
    name: "{{ item.key \}\}"
    password: "\{\{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) \}\}"
  with_dict: accounts
#ssh keys
- name: userkeys
  authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
  with_dict: accounts
  tags:
    - keys
- name: nofoobar
  user: name=foobar state=absent remove=yes
  tags:
    - foobar
</pre>                                         


=FAQ=
=FAQ=

Revision as of 16:20, 5 March 2016

Configuration management

Links


Quickstart

On server as root create key:

ssh-keygen

(go for defaults) and then get content of ~/.ssh/id_rsa.pub in your copypastebuffer

On 'clients' edit /etc/ssh/sshd_config to

PermitRootLogin without-password

and restart sshd

Edit/create ~root/.ssh/authorized_keys and add:

from="ip.of.ansible.server" <paste public key here>

Scripts/playbooks

Maintain useraccounts

 ---

 - name: remove users
  user: name=exuser state=absent force=yes groups=''
  with_dict: accounts
  tags:
    - delusers

 - name: sync group
  group:
    name: sync
    gid: 999
    state: "present"

 - name: fix homedir rights
  lineinfile: dest=/etc/login.defs regexp=^UMASK line="UMASK 007"

 - name: useraccounts
  user:
    name: "{{ item.key \}\}"
    comment: "{{ item.value.name }}"
    uid: "{{ item.value.uid }}"
    state: "present"
    shell: "/bin/bash"
    groups: sudo
  with_dict: accounts
  tags:
    - accounts

 - name: userpasswords
  user:
    name: "{{ item.key \}\}"
    password: "\{\{ lookup('csvfile',item.key + ' file=/etc/shadow delimiter=: col=1' ) \}\}"
  with_dict: accounts

#ssh keys
 - name: userkeys
  authorized_key: user={{ item.key }} key="{{ lookup('file','/home/' + item.key + '/.ssh/authorized_keys' ) }}" exclusive=yes
  with_dict: accounts
  tags:
    - keys

 - name: nofoobar
  user: name=foobar state=absent remove=yes
  tags:
    - foobar
 


FAQ

Show all host variables

ansible -m setup <hostname>

Syntax highlighting for ansible

Drop the files in ~/vim/bundle and in .vimrc:

call pathogen#infect()
call pathogen#helptags()