-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathansible-setup-clients.yml
73 lines (66 loc) · 2.27 KB
/
ansible-setup-clients.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
###
###
# Ansible setup new clients
#
# Changelogs:
# - v1: 23/05/2021 - initial release
# - v2: 29/08/2021 - removed uid
# - v3: 15/09/2024 - updated tasks name, dropped CentOS
###
###
# Pre-requisite:
# - Create an inventory file with the following contents:
# [all]
# <ip address of client>
#
# Usage: ansible-playbook ansible-setup-clients.yml --extra-vars "host=<ip address> remote_ansible_user=<ansible user>" -i <path to ansible host file> -u <existing remote user> -k -K
---
- name: Ansible setup new clients
hosts: all
become: yes
become_user: root
# Default variables
vars:
remote_ansible_user: "ansibleusr"
ssh_pri_key: "/root/.ssh/id_rsa"
ssh_pub_key: "/root/.ssh/id_rsa.pub"
ssh_port: 22
tasks:
- name: Create Ansible Remote User {{ remote_ansible_user }} for Ubuntu or Debian
ansible.builtin.user:
name: "{{ remote_ansible_user }}"
comment: "Ansible Automation"
group: sudo
password: '*'
expires: -1
home: /home/{{ remote_ansible_user }}
state: present
when: ansible_distribution=="Ubuntu" or ansible_distribution=="Debian"
- name: Create Ansible Remote User {{ remote_ansible_user }} for Red Hat or Rocky Linux
ansible.builtin.user:
name: "{{ remote_ansible_user }}"
comment: "Ansible Automation"
group: wheel
password: '*'
expires: -1
home: /home/{{ remote_ansible_user }}
state: present
when: ansible_distribution=="RedHat" or ansible_distribution=="Rocky"
- name: Set sudo for {{ remote_ansible_user }}
ansible.builtin.copy:
dest: /etc/sudoers.d/{{ remote_ansible_user }}
content: '{{ remote_ansible_user }} ALL=(ALL) NOPASSWD: ALL'
owner: root
group: root
mode: '0440'
validate: /sbin/visudo -csf %s
- name: Set authorized key for {{ remote_ansible_user }}
ansible.posix.authorized_key:
user: "{{ remote_ansible_user }}"
state: present
key: "{{ lookup('file', '{{ ssh_pub_key }}') }}"
- name: Test SSH Public Key authentication for {{ remote_ansible_user }}
ansible.builtin.shell: ssh -i {{ ssh_pri_key }} -p {{ ssh_port }} {{ remote_ansible_user }}@{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}
args:
executable: /bin/bash
delegate_to: localhost