From 7f67fa4c600fc678e27b052f880d1c322aed61d1 Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Tue, 7 Aug 2018 20:22:55 +0200 Subject: [PATCH 01/48] initial commit --- README.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..d425545 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +https://github.com/stationgroup/ansible-experiments/issues/9 From 47ef7a7045a6495c1a4f5764f8c3127ccb4811a1 Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Tue, 7 Aug 2018 21:23:08 +0200 Subject: [PATCH 02/48] initial work users role --- roles/users/tasks/main.yml | 8 ++++++++ roles/users/vars/main.yml | 12 ++++++++++++ site.yaml | 7 +++++++ site.yml | 0 4 files changed, 27 insertions(+) create mode 100644 roles/users/tasks/main.yml create mode 100644 roles/users/vars/main.yml create mode 100644 site.yaml create mode 100644 site.yml diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml new file mode 100644 index 0000000..a6e09a9 --- /dev/null +++ b/roles/users/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Ensure groups exist + group: + name: "{{ item.name }}" + gid: "{{ item.gid | default(ommit) }}" + state: present + with_items: groups + diff --git a/roles/users/vars/main.yml b/roles/users/vars/main.yml new file mode 100644 index 0000000..330de7c --- /dev/null +++ b/roles/users/vars/main.yml @@ -0,0 +1,12 @@ +--- +groups: + - + +users: + - remember + - direct + - degree + - sand + - grief + - jam + - king diff --git a/site.yaml b/site.yaml new file mode 100644 index 0000000..413203b --- /dev/null +++ b/site.yaml @@ -0,0 +1,7 @@ +--- +- name: Manage user configuration + hosts: all + remote_user: root + roles: + - users + diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..e69de29 From f12466dead8402628e11f84688efddd4c3596e0a Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Mon, 13 Aug 2018 16:02:31 +0200 Subject: [PATCH 03/48] config users shell/ssh --- ansible.cfg | 16 +++++ hosts | 1 + roles/users/defaults/main.yml | 4 ++ roles/users/files/keys/remember/key1.pub | 1 + roles/users/files/keys/test/key2.pub | 1 + roles/users/tasks/main.yml | 10 +-- roles/users/tasks/set_facts.yml | 8 +++ roles/users/tasks/ssh_config.yml | 38 ++++++++++ roles/users/tasks/users.yml | 88 ++++++++++++++++++++++++ roles/users/templates/ssh.config.j2 | 6 ++ roles/users/vars/main.yml | 27 +++++--- site.yml | 0 12 files changed, 184 insertions(+), 16 deletions(-) create mode 100644 ansible.cfg create mode 100644 hosts create mode 100644 roles/users/defaults/main.yml create mode 100644 roles/users/files/keys/remember/key1.pub create mode 100644 roles/users/files/keys/test/key2.pub create mode 100644 roles/users/tasks/set_facts.yml create mode 100644 roles/users/tasks/ssh_config.yml create mode 100644 roles/users/tasks/users.yml create mode 100644 roles/users/templates/ssh.config.j2 delete mode 100644 site.yml diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..de6e4f8 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,16 @@ +[ssh_connection] + +[defaults] +retry_files_enabled = False +retry_files_save_path = /tmp/ +inventory=./hosts +host_key_checking=False +gathering = smart +#stdout_callback=skippy + +[privilege_escalation] +become=True +become_method=sudo +become_user=root +#become_ask_pass=False + diff --git a/hosts b/hosts new file mode 100644 index 0000000..3171e7a --- /dev/null +++ b/hosts @@ -0,0 +1 @@ +10.106.116.157 diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml new file mode 100644 index 0000000..4389d95 --- /dev/null +++ b/roles/users/defaults/main.yml @@ -0,0 +1,4 @@ +default_freebsd_shell: "/bin/csh" +default_linux_shell: "/bin/bash" +default_shell_lines: + - SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh diff --git a/roles/users/files/keys/remember/key1.pub b/roles/users/files/keys/remember/key1.pub new file mode 100644 index 0000000..3013f1a --- /dev/null +++ b/roles/users/files/keys/remember/key1.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXf diff --git a/roles/users/files/keys/test/key2.pub b/roles/users/files/keys/test/key2.pub new file mode 100644 index 0000000..88ca4dd --- /dev/null +++ b/roles/users/files/keys/test/key2.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index a6e09a9..0904bb2 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -1,8 +1,4 @@ --- -- name: Ensure groups exist - group: - name: "{{ item.name }}" - gid: "{{ item.gid | default(ommit) }}" - state: present - with_items: groups - +- include_tasks: set_facts.yml +- include_tasks: users.yml +- include_tasks: ssh_config.yml diff --git a/roles/users/tasks/set_facts.yml b/roles/users/tasks/set_facts.yml new file mode 100644 index 0000000..4124706 --- /dev/null +++ b/roles/users/tasks/set_facts.yml @@ -0,0 +1,8 @@ +- set_fact: + default_shell: "{{ default_freebsd_shell }}" + when: ansible_os_family == 'FreeBSD' + +- set_fact: + default_shell: "{{ default_linux_shell }}" + when: ansible_os_family == 'Debian' + diff --git a/roles/users/tasks/ssh_config.yml b/roles/users/tasks/ssh_config.yml new file mode 100644 index 0000000..dbb9649 --- /dev/null +++ b/roles/users/tasks/ssh_config.yml @@ -0,0 +1,38 @@ +- name: Ensure .ssh folder is created + file: + path: "/home/{{item.name}}/.ssh" + state: directory + mode: 0600 + with_items: + - "{{ users }}" + +- name: Check if user has ~/.ssh/config + stat: + path: "/home/{{ item.name }}/.ssh/config" + with_items: "{{ users }}" + register: sshconfig + +#- name: debug items +# debug: +# msg: "{{ item.item.name }} {{item.stat}}" +# with_items: +# - "{{ sshconfig.results }}" + +- name: Create ~/.ssh/config when absent + file: + path: "/home/{{ item.item.name }}/.ssh/config" + owner: "{{ item.item.name }}" + mode: 0600 + state: touch + when: item.stat.exists == False + with_items: + - "{{ sshconfig.results }}" + no_log: True + +- name: Configure ~/.ssh/config + template: + src: ssh.config.j2 + dest: "/home/{{ item.name }}/.ssh/config" + owner: "{{ item.name }}" + with_items: + - "{{ users }}" diff --git a/roles/users/tasks/users.yml b/roles/users/tasks/users.yml new file mode 100644 index 0000000..0ec6149 --- /dev/null +++ b/roles/users/tasks/users.yml @@ -0,0 +1,88 @@ +--- +- name: Ensure groups exist + group: + name: "{{ item.name }}" + gid: "{{ item.gid | default(omit) }}" + state: present + with_items: "{{ user_groups }}" + +- name: Ensure users exist + user: + name: "{{ item.name }}" + id: "{{ item.id | default(omit) }}" + groups: "{{ item.groups | default(omit) }}" + shell: "{{ item.shell | default(default_shell) }}" + state: present + no_log: True + with_items: "{{ users }}" + +- name: Configure authorized_keys + authorized_key: + user: "{{ item.0.name }}" + key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" + state: "{{ item.1.state | default(present) }}" + with_subelements: + - "{{ users }}" + - keys + +#- name: debug +# debug: +# msg: "{{ item.0 }} - {{ item.1 }}" +# with_nested: +# - "{{ users }}" +# - "{{ users | map(attribute='shell_lines') | list }}" +# when: ansible_os_family == 'Debian' and item.1 is defined + +- name: check vars + debug: + msg: "{{ item.0.name }} --- {{ item.1 }}" + with_subelements: + - "{{ users }}" + - shell_lines + - skip_missing: true + when: ansible_os_family == 'Debian' + +- name: Add Ansible comment in bashrc + lineinfile: + path: "/home/{{ item.name }}/.bashrc" + line: "## Ansible managed below this line ###########" + insertafter: EOF + state: present + with_items: + - "{{ users }}" + when: ansible_os_family == 'Debian' + +- name: Configure bashrc + lineinfile: + path: "/home/{{ item.0.name }}/.bashrc" + line: "{{ item.1.line }}" + insertafter: "^## Ansible managed below this line" + state: "{{ item.1.state }}" + with_subelements: + - "{{ users }}" + - shell_lines + - skip_missing: true + when: ansible_os_family == 'Debian' + +- name: Add Ansible comment in cshrc + lineinfile: + path: "/home/{{ item.0.name }}/.bashrc" + line: "## Ansible managed blow this line ###########" + insertafter: EOF + state: present + with_items: + - "{{ users }}" + when: ansible_os_family == 'FreeBSD' + +- name: Configure cshrc + lineinfile: + path: "/home/{{ item.0.name }}/.cshrc" + line: "{{ item.1.line }}" + insertafter: EOF + state: "{{ item.1.state }}" + with_subelements: + - "{{ users }}" + - shell_lines + - skip_missing: true + when: ansible_os_family == 'FreeBSD' + diff --git a/roles/users/templates/ssh.config.j2 b/roles/users/templates/ssh.config.j2 new file mode 100644 index 0000000..e770b37 --- /dev/null +++ b/roles/users/templates/ssh.config.j2 @@ -0,0 +1,6 @@ +host blabla + hostname {{ ansible_hostname }} + User {{ item.name }} + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + ServerAliveInterval 10 diff --git a/roles/users/vars/main.yml b/roles/users/vars/main.yml index 330de7c..f30fee5 100644 --- a/roles/users/vars/main.yml +++ b/roles/users/vars/main.yml @@ -1,12 +1,21 @@ --- -groups: - - +user_groups: + - name: remember users: - - remember - - direct - - degree - - sand - - grief - - jam - - king + - name: remember + keys: + - file: key1 + state: present + shell_lines: + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present + - line: "line2" + state: absent + - name: test + keys: + - file: key2 + state: absent + # shell_lines: + # - "line1" + # - "line2" diff --git a/site.yml b/site.yml deleted file mode 100644 index e69de29..0000000 From a96d82d5ed4a4e8bb5f1556c0257c1e8bddaef90 Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Wed, 15 Aug 2018 20:35:23 +0200 Subject: [PATCH 04/48] ssh-config role / docs / updated user config --- README.md | 56 ++++++++++++++++++++++ ansible.cfg | 3 +- group_vars/all | 38 +++++++++++++++ hosts | 3 +- roles/ssh-config/defaults/main.yml | 0 roles/ssh-config/tasks/main.yml | 44 +++++++++++++++++ roles/users/tasks/ssh_config.yml | 73 ++++++++++++++++++----------- roles/users/tasks/users.yml | 64 +++++-------------------- roles/users/templates/ssh.config.j2 | 6 --- roles/users/vars/main.yml | 54 ++++++++++++--------- site.yaml | 1 + 11 files changed, 233 insertions(+), 109 deletions(-) create mode 100644 group_vars/all create mode 100644 roles/ssh-config/defaults/main.yml create mode 100644 roles/ssh-config/tasks/main.yml delete mode 100644 roles/users/templates/ssh.config.j2 diff --git a/README.md b/README.md index d425545..98b748c 100644 --- a/README.md +++ b/README.md @@ -1 +1,57 @@ +# Users +Ansible role to create/configure users on Linux/FreeBSD + +## Variables +| user_groups | +| --- | +| name | name of the group | +| gid | group ID | +| state | whether the group shoud be created or removed | +| users | + +## Default variables +The default shells depending on the OS are: + +- Linux: `/bin/bash` +- FreeBSD: `/bin/cshrc` + +This is defined in the `defaults` section of the **users roles** + + +## Example Playbook + +``` +user_groups: + - name: mygroup + gid: 700 + + +users: + - name: remember + state: present + password: "blabla" + groups: + - mygroup + uid: 1100 + keys: + - file: key1 + state: present + shell_lines: + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present + - line: "alias ls='ls lah'" + state: present + - name: test + keys: + - file: key2 + state: absent + shell_lines: + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: absent +``` +## Using the Role +### Adding user + +### Configure users' shell + https://github.com/stationgroup/ansible-experiments/issues/9 diff --git a/ansible.cfg b/ansible.cfg index de6e4f8..83a7ce4 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -6,7 +6,8 @@ retry_files_save_path = /tmp/ inventory=./hosts host_key_checking=False gathering = smart -#stdout_callback=skippy +#stdout_callback=unixy +stdout_callback=debug [privilege_escalation] become=True diff --git a/group_vars/all b/group_vars/all new file mode 100644 index 0000000..cca3099 --- /dev/null +++ b/group_vars/all @@ -0,0 +1,38 @@ +--- +user_groups: + - name: mygroup + gid: 700 + - name: mysecondgroup + gid: 702 + state: absent + + +users: + - name: remember + state: present + password: "blabla" + groups: + - mygroup + uid: 1100 + keys: + - file: key1 + state: present + shell_lines: + - line: "testline" + state: present + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present + - line: "alias ls='ls lah'" + state: present + ssh_config: + - ServerAliveInterval: 10 + - name: test + keys: + - file: key2 + state: absent + shell_lines: + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present +# ssh_config: +# - host: "{{ ansible_hostname }}" +# hostname: "{{ ansible_hostname }}" diff --git a/hosts b/hosts index 3171e7a..0d9fc62 100644 --- a/hosts +++ b/hosts @@ -1 +1,2 @@ -10.106.116.157 +10.106.116.157 ssh_short_name=host1 +10.106.116.139 ssh_short_name=host2 diff --git a/roles/ssh-config/defaults/main.yml b/roles/ssh-config/defaults/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/ssh-config/tasks/main.yml b/roles/ssh-config/tasks/main.yml new file mode 100644 index 0000000..0211c42 --- /dev/null +++ b/roles/ssh-config/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: Check if user has ~/.ssh/config + stat: + path: "/home/{{ item.name }}/.ssh/config" + with_items: "{{ users }}" + register: sshconfig + + +- name: Create ~/.ssh/config when absent + file: + path: "/home/{{ item.item.name }}/.ssh/config" + owner: "{{ item.item.name }}" + group: "{{ item.item.name }}" + mode: 0600 + state: touch + when: item.stat.exists == False + with_items: + - "{{ sshconfig.results }}" + no_log: True + + +- name: Configure ~/.ssh/config + blockinfile: + path: "/home/{{ item.0.name }}/.ssh/config" + owner: "{{ item.0.name }}" + group: "{{ item.0.name }}" + mode: 0600 + marker: "# {mark} ANSIBLE MANAGED BLOCK" + content: | + {% for host in groups['all'] -%} + Host {{ hostvars[host]['ssh_short_name'] }} + Hostname {{ hostvars[host]['inventory_hostname'] }} + RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + {% for k,v in item.1.items() %} + {% if k|lower != "host" and k|lower != "hostname" %} + {{k}} {{v}} + {% endif %} + {% endfor %} + {% endfor %} + with_subelements: + - "{{ users }}" + - ssh_config + - skip_missing: true diff --git a/roles/users/tasks/ssh_config.yml b/roles/users/tasks/ssh_config.yml index dbb9649..78d6c85 100644 --- a/roles/users/tasks/ssh_config.yml +++ b/roles/users/tasks/ssh_config.yml @@ -2,37 +2,56 @@ file: path: "/home/{{item.name}}/.ssh" state: directory - mode: 0600 + mode: 0700 + owner: "{{ item.name }}" + group: "{{ item.name }}" with_items: - "{{ users }}" -- name: Check if user has ~/.ssh/config - stat: - path: "/home/{{ item.name }}/.ssh/config" - with_items: "{{ users }}" - register: sshconfig -#- name: debug items -# debug: -# msg: "{{ item.item.name }} {{item.stat}}" +- name: Configure authorized_keys + authorized_key: + user: "{{ item.0.name }}" + key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" + state: "{{ item.1.state | default('present') }}" + with_subelements: + - "{{ users }}" + - keys + + +#- name: Check if user has ~/.ssh/config +# stat: +# path: "/home/{{ item.name }}/.ssh/config" +# with_items: "{{ users }}" +# register: sshconfig +# +# +#- name: Create ~/.ssh/config when absent +# file: +# path: "/home/{{ item.item.name }}/.ssh/config" +# owner: "{{ item.item.name }}" +# group: "{{ item.item.name }}" +# mode: 0600 +# state: touch +# when: item.stat.exists == False # with_items: # - "{{ sshconfig.results }}" +# no_log: True +# +#- name: Configure ~/.ssh/config +# blockinfile: +# path: "/home/{{ item.name }}/.ssh/config" +# owner: "{{ item.name }}" +# group: "{{ item.name }}" +# mode: 0600 +# marker: "# {mark} ANSIBLE MANAGED BLOCK" +# content: | +# host {{ ansible_hostname }} +# hostname {{ ansible_hostname }} +# User {{ item.name }} +# RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent +# RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh +# ServerAliveInterval 10 +# with_items: +# - "{{ users }}" -- name: Create ~/.ssh/config when absent - file: - path: "/home/{{ item.item.name }}/.ssh/config" - owner: "{{ item.item.name }}" - mode: 0600 - state: touch - when: item.stat.exists == False - with_items: - - "{{ sshconfig.results }}" - no_log: True - -- name: Configure ~/.ssh/config - template: - src: ssh.config.j2 - dest: "/home/{{ item.name }}/.ssh/config" - owner: "{{ item.name }}" - with_items: - - "{{ users }}" diff --git a/roles/users/tasks/users.yml b/roles/users/tasks/users.yml index 0ec6149..c1ae595 100644 --- a/roles/users/tasks/users.yml +++ b/roles/users/tasks/users.yml @@ -3,83 +3,41 @@ group: name: "{{ item.name }}" gid: "{{ item.gid | default(omit) }}" - state: present + state: "{{ item.state | default('present') }}" with_items: "{{ user_groups }}" + - name: Ensure users exist user: name: "{{ item.name }}" - id: "{{ item.id | default(omit) }}" + state: "{{ item.state | default('present') }}" + password: "{{ item.password | default(omit) }}" groups: "{{ item.groups | default(omit) }}" + uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default(default_shell) }}" - state: present - no_log: True + append: yes + #no_log: True with_items: "{{ users }}" -- name: Configure authorized_keys - authorized_key: - user: "{{ item.0.name }}" - key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" - state: "{{ item.1.state | default(present) }}" - with_subelements: - - "{{ users }}" - - keys - -#- name: debug -# debug: -# msg: "{{ item.0 }} - {{ item.1 }}" -# with_nested: -# - "{{ users }}" -# - "{{ users | map(attribute='shell_lines') | list }}" -# when: ansible_os_family == 'Debian' and item.1 is defined - -- name: check vars - debug: - msg: "{{ item.0.name }} --- {{ item.1 }}" - with_subelements: - - "{{ users }}" - - shell_lines - - skip_missing: true - when: ansible_os_family == 'Debian' - -- name: Add Ansible comment in bashrc - lineinfile: - path: "/home/{{ item.name }}/.bashrc" - line: "## Ansible managed below this line ###########" - insertafter: EOF - state: present - with_items: - - "{{ users }}" - when: ansible_os_family == 'Debian' - name: Configure bashrc lineinfile: path: "/home/{{ item.0.name }}/.bashrc" line: "{{ item.1.line }}" - insertafter: "^## Ansible managed below this line" - state: "{{ item.1.state }}" + state: "{{ item.1.state | default('present') }}" + backup: yes with_subelements: - "{{ users }}" - shell_lines - skip_missing: true when: ansible_os_family == 'Debian' - -- name: Add Ansible comment in cshrc - lineinfile: - path: "/home/{{ item.0.name }}/.bashrc" - line: "## Ansible managed blow this line ###########" - insertafter: EOF - state: present - with_items: - - "{{ users }}" - when: ansible_os_family == 'FreeBSD' + - name: Configure cshrc lineinfile: path: "/home/{{ item.0.name }}/.cshrc" line: "{{ item.1.line }}" - insertafter: EOF - state: "{{ item.1.state }}" + state: "{{ item.1.state | default('present')}}" with_subelements: - "{{ users }}" - shell_lines diff --git a/roles/users/templates/ssh.config.j2 b/roles/users/templates/ssh.config.j2 deleted file mode 100644 index e770b37..0000000 --- a/roles/users/templates/ssh.config.j2 +++ /dev/null @@ -1,6 +0,0 @@ -host blabla - hostname {{ ansible_hostname }} - User {{ item.name }} - RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent - RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh - ServerAliveInterval 10 diff --git a/roles/users/vars/main.yml b/roles/users/vars/main.yml index f30fee5..ce6a2f4 100644 --- a/roles/users/vars/main.yml +++ b/roles/users/vars/main.yml @@ -1,21 +1,33 @@ ---- -user_groups: - - name: remember - -users: - - name: remember - keys: - - file: key1 - state: present - shell_lines: - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" - state: present - - line: "line2" - state: absent - - name: test - keys: - - file: key2 - state: absent - # shell_lines: - # - "line1" - # - "line2" +#--- +#user_groups: +# - name: mygroup +# gid: 700 +# - name: mysecondgroup +# gid: 702 +# state: absent +# +# +#users: +# - name: remember +# state: present +# password: "blabla" +# groups: +# - mygroup +# uid: 1100 +# keys: +# - file: key1 +# state: present +# shell_lines: +# - line: "testline" +# state: present +# - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" +# state: present +# - line: "alias ls='ls lah'" +# state: present +# - name: test +# keys: +# - file: key2 +# state: absent +# shell_lines: +# - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" +# state: present diff --git a/site.yaml b/site.yaml index 413203b..dfc1b26 100644 --- a/site.yaml +++ b/site.yaml @@ -4,4 +4,5 @@ remote_user: root roles: - users + - ssh-config From 935d660a1d73f5e3bfb48bcf85f4907b2338616a Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Wed, 15 Aug 2018 20:37:02 +0200 Subject: [PATCH 05/48] markdown column --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 98b748c..f70f7f5 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@ Ansible role to create/configure users on Linux/FreeBSD ## Variables -| user_groups | -| --- | +| user_groups | | +| --- |---| | name | name of the group | | gid | group ID | | state | whether the group shoud be created or removed | From c1ab857680f705bcebf9ecf36d69c3f5d802a2eb Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Fri, 17 Aug 2018 20:37:45 +0200 Subject: [PATCH 06/48] add docs --- README.md | 60 ++------------------ group_vars/all | 3 - roles/ssh-config/README.md | 89 +++++++++++++++++++++++++++++ roles/users/README.md | 109 ++++++++++++++++++++++++++++++++++++ roles/users/tasks/users.yml | 2 +- 5 files changed, 205 insertions(+), 58 deletions(-) create mode 100644 roles/ssh-config/README.md create mode 100644 roles/users/README.md diff --git a/README.md b/README.md index f70f7f5..a791366 100644 --- a/README.md +++ b/README.md @@ -1,57 +1,9 @@ -# Users -Ansible role to create/configure users on Linux/FreeBSD +# Users and ssh-configAnsible roles +This repo contains 2 roles: -## Variables -| user_groups | | -| --- |---| -| name | name of the group | -| gid | group ID | -| state | whether the group shoud be created or removed | -| users | +- **users**: Add users and configure `.bashrc` and `authorized_keys` +- **ssh-config**: Configures a user's `~/.ssh/config` -## Default variables -The default shells depending on the OS are: +Both roles make use of the same _users_ variable and are created to give users the freedom to add their own configuration outside of Ansible. -- Linux: `/bin/bash` -- FreeBSD: `/bin/cshrc` - -This is defined in the `defaults` section of the **users roles** - - -## Example Playbook - -``` -user_groups: - - name: mygroup - gid: 700 - - -users: - - name: remember - state: present - password: "blabla" - groups: - - mygroup - uid: 1100 - keys: - - file: key1 - state: present - shell_lines: - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" - state: present - - line: "alias ls='ls lah'" - state: present - - name: test - keys: - - file: key2 - state: absent - shell_lines: - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" - state: absent -``` -## Using the Role -### Adding user - -### Configure users' shell - -https://github.com/stationgroup/ansible-experiments/issues/9 +Detailed configuration can be found in the README files inside the role's folders. diff --git a/group_vars/all b/group_vars/all index cca3099..3271db4 100644 --- a/group_vars/all +++ b/group_vars/all @@ -33,6 +33,3 @@ users: shell_lines: - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" state: present -# ssh_config: -# - host: "{{ ansible_hostname }}" -# hostname: "{{ ansible_hostname }}" diff --git a/roles/ssh-config/README.md b/roles/ssh-config/README.md new file mode 100644 index 0000000..d071612 --- /dev/null +++ b/roles/ssh-config/README.md @@ -0,0 +1,89 @@ +# ssh-config +Ansible role to configure a user's `~/.ssh/config` file. This will add a +configuration in the ssh config file for each host in the inventory. + +**NOTE: this role works in conjunction with the _users_ variable** + +## Variables + +| _variable name_ | Description | +| ---: |--- | +| ssh_short_name | host identifier name in the ssh config.
This should be added to the _host variables_ | +| ssh_config | name of the key in the *users* variable. Contains a list of +key/value items| + +## Example: + +**Host inventory** +``` +10.106.116.157 ssh_short_name=host1 +10.106.116.139 ssh_short_name=host2 +``` + +**Variables** +populate the *ssh_config* key. +``` +users: + - name: remember + state: present + password: "blabla" + groups: + - mygroup + uid: 1100 + keys: + - file: key1 + state: present + shell_lines: + - line: "testline" + state: present + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present + - line: "alias ls='ls lah'" + state: present + ssh_config: + - ServerAliveInterval: 10 +``` + +**Result:** +``` +# BEGIN ANSIBLE MANAGED BLOCK +Host host1 + Hostname 10.106.116.157 + RemoteForward /home/remember/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/remember/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + ServerAliveInterval 10 +Host host2 + Hostname 10.106.116.139 + RemoteForward /home/remember/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/remember/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + ServerAliveInterval 10 +# END ANSIBLE MANAGED BLOCK + +``` + +**Break down** + +The host identifier is populated with the `ssh_short_name` host variable. +``` +Host host1 +``` + +The `Hostname` is populated with the `inventory_hostname` variable +``` +Hostname 10.106.116.139 +``` + +These lines are added by default: +``` +RemoteForward /home/remember/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent +RemoteForward /home/remember/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh +``` + +Everything below this is populated with the key/values defined in the +`ssh_config` list of the `users` variable + +``` +ServerAliveInterval 10 +``` + + diff --git a/roles/users/README.md b/roles/users/README.md new file mode 100644 index 0000000..48ddc36 --- /dev/null +++ b/roles/users/README.md @@ -0,0 +1,109 @@ +# Users +Ansible roles to create/configure users on Linux/FreeBSD. + +## Variables +| user_groups | | | +| ---: |--- |--- | +| name | name of the group | Data type | +| gid | Optionally set the group ID | int | +| state | whether the group shoud be created or removed | present/absent | + + +| users | | | +| ---: |---| ---| +| _variable name_ | Description | Data type | +| name | username | string | +| state | whether the user should be created or removed | present/absent | +| password | string of an encrypted value(1) | string | +| groups | additional groups the user should belong to | list | +| uid | optionally specify a user id | int | +| keys | list of dictionaries | list | +| shell_lines | list of dictionaries | list | + +(1) https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module +## Default variables +The default shells depending on the OS are: + +- Linux: `/bin/bash` +- FreeBSD: `/bin/cshrc` + +This is defined in the `defaults` section of the **users** role + + +## Example inventory +``` +user_groups: + - name: mygroup + gid: 700 + + +users: + - name: remember + state: present + password: "blabla" + groups: + - mygroup + uid: 1100 + keys: + - file: key1 + state: present + shell_lines: + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present + - line: "alias ls='ls lah'" + state: present + - name: test + keys: + - file: key2 + state: absent + shell_lines: + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: absent +``` +## Using the Role +### Example Playbook +``` +--- +- name: Manage user configuration + hosts: all + remote_user: root + roles: + - users +``` +### Configure a user's ssh keys +For every user a directory matching the username should be created under the _keys_ folder in the role's _files_ folder. In this folder the user's ssh keys can be stored. + +``` +├── files +│   └── keys +│   ├── remember +│   │   └── key1.pub +│   └── test +│   └── key2.pub +``` +The name of the file holding the key should match the name in the _users_ variable + +``` + keys: + - file: key1 + state: present +``` + +### Configure a user's shell +This role allows you to add or remove lines to a user's `.bashrc` or `cshrc` file. Since this is not based on a template that overwrites the complete file, users can still add their own configuration too. + +Add items to the **shell_lines** key in the **users** variable. Each item exists of a _line_ and _state_ key. + +Example: +``` +shell_lines: + - line: "testline" + state: absent + - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + state: present + - line: "alias ls='ls lah'" + state: present +``` + + + diff --git a/roles/users/tasks/users.yml b/roles/users/tasks/users.yml index c1ae595..f2254b8 100644 --- a/roles/users/tasks/users.yml +++ b/roles/users/tasks/users.yml @@ -16,7 +16,7 @@ uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default(default_shell) }}" append: yes - #no_log: True + no_log: True with_items: "{{ users }}" From caa1e1fa651756370190ae7bd1215191badc8b21 Mon Sep 17 00:00:00 2001 From: "Vincent V.d Kussen" Date: Sat, 18 Aug 2018 10:13:25 +0200 Subject: [PATCH 07/48] testing with FreeBSD on ec2 --- hosts | 5 +++-- roles/users/tasks/ssh_config.yml | 37 -------------------------------- roles/users/tasks/users.yml | 2 +- site.yaml | 2 +- 4 files changed, 5 insertions(+), 41 deletions(-) diff --git a/hosts b/hosts index 0d9fc62..17d4bc8 100644 --- a/hosts +++ b/hosts @@ -1,2 +1,3 @@ -10.106.116.157 ssh_short_name=host1 -10.106.116.139 ssh_short_name=host2 +10.106.116.157 ssh_short_name=host1 ansible_user=root +10.106.116.139 ssh_short_name=host2 ansible_user=root +34.242.108.38 ssh_short_name=freebsd1 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 diff --git a/roles/users/tasks/ssh_config.yml b/roles/users/tasks/ssh_config.yml index 78d6c85..a79ac71 100644 --- a/roles/users/tasks/ssh_config.yml +++ b/roles/users/tasks/ssh_config.yml @@ -18,40 +18,3 @@ - "{{ users }}" - keys - -#- name: Check if user has ~/.ssh/config -# stat: -# path: "/home/{{ item.name }}/.ssh/config" -# with_items: "{{ users }}" -# register: sshconfig -# -# -#- name: Create ~/.ssh/config when absent -# file: -# path: "/home/{{ item.item.name }}/.ssh/config" -# owner: "{{ item.item.name }}" -# group: "{{ item.item.name }}" -# mode: 0600 -# state: touch -# when: item.stat.exists == False -# with_items: -# - "{{ sshconfig.results }}" -# no_log: True -# -#- name: Configure ~/.ssh/config -# blockinfile: -# path: "/home/{{ item.name }}/.ssh/config" -# owner: "{{ item.name }}" -# group: "{{ item.name }}" -# mode: 0600 -# marker: "# {mark} ANSIBLE MANAGED BLOCK" -# content: | -# host {{ ansible_hostname }} -# hostname {{ ansible_hostname }} -# User {{ item.name }} -# RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent -# RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh -# ServerAliveInterval 10 -# with_items: -# - "{{ users }}" - diff --git a/roles/users/tasks/users.yml b/roles/users/tasks/users.yml index f2254b8..72a7e9a 100644 --- a/roles/users/tasks/users.yml +++ b/roles/users/tasks/users.yml @@ -16,7 +16,7 @@ uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default(default_shell) }}" append: yes - no_log: True + no_log: True with_items: "{{ users }}" diff --git a/site.yaml b/site.yaml index dfc1b26..9fe41ea 100644 --- a/site.yaml +++ b/site.yaml @@ -1,7 +1,7 @@ --- - name: Manage user configuration hosts: all - remote_user: root + # remote_user: root roles: - users - ssh-config From c53f50222089fd918ec901c4eba839eacc9de066 Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Sat, 18 Aug 2018 14:07:19 +0200 Subject: [PATCH 08/48] make distinction between bash and csh shell config --- .../group_vars/all | 6 +-- .../roles/users/README.md | 11 ++--- .../roles/users/defaults/main.yml | 40 ++++++++++++++++++- .../roles/users/tasks/users.yml | 4 +- 4 files changed, 49 insertions(+), 12 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/group_vars/all b/add-users-groups-authorized_keys-dot-files/group_vars/all index 3271db4..e8d42db 100644 --- a/add-users-groups-authorized_keys-dot-files/group_vars/all +++ b/add-users-groups-authorized_keys-dot-files/group_vars/all @@ -17,7 +17,7 @@ users: keys: - file: key1 state: present - shell_lines: + bash_lines: - line: "testline" state: present - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" @@ -30,6 +30,6 @@ users: keys: - file: key2 state: absent - shell_lines: - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + csh_lines: + - line: "alias ls ls -lah" state: present diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/README.md b/add-users-groups-authorized_keys-dot-files/roles/users/README.md index 48ddc36..5f4d964 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/users/README.md @@ -11,14 +11,15 @@ Ansible roles to create/configure users on Linux/FreeBSD. | users | | | | ---: |---| ---| -| _variable name_ | Description | Data type | +| _variable name_ | Description | Data type | | name | username | string | | state | whether the user should be created or removed | present/absent | | password | string of an encrypted value(1) | string | | groups | additional groups the user should belong to | list | | uid | optionally specify a user id | int | | keys | list of dictionaries | list | -| shell_lines | list of dictionaries | list | +| bash_lines | configure lines in .bashrc | list | +| csh_lines | configure lines in .cshrc | list | (1) https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module ## Default variables @@ -47,7 +48,7 @@ users: keys: - file: key1 state: present - shell_lines: + bash_lines: - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" state: present - line: "alias ls='ls lah'" @@ -56,8 +57,8 @@ users: keys: - file: key2 state: absent - shell_lines: - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + csh_lines: + - line: "ls ls -lah" state: absent ``` ## Using the Role diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml b/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml index 4389d95..6577b10 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml @@ -1,4 +1,40 @@ default_freebsd_shell: "/bin/csh" default_linux_shell: "/bin/bash" -default_shell_lines: - - SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh + + +# Example variables +#--- +#user_groups: +# - name: mygroup +# gid: 700 +# - name: mysecondgroup +# gid: 702 +# state: absent +# +# +#users: +# - name: remember +# state: present +# password: "blabla" +# groups: +# - mygroup +# uid: 1100 +# keys: +# - file: key1 +# state: present +# bash_lines: +# - line: "testline" +# state: present +# - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" +# state: present +# - line: "alias ls='ls lah'" +# state: present +# ssh_config: +# - ServerAliveInterval: 10 +# - name: test +# keys: +# - file: key2 +# state: absent +# csh_lines: +# - line: "alias ls ls -lah" +# state: present diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml index 72a7e9a..2ebbfc3 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml @@ -28,7 +28,7 @@ backup: yes with_subelements: - "{{ users }}" - - shell_lines + - bash_lines - skip_missing: true when: ansible_os_family == 'Debian' @@ -40,7 +40,7 @@ state: "{{ item.1.state | default('present')}}" with_subelements: - "{{ users }}" - - shell_lines + - csh_lines - skip_missing: true when: ansible_os_family == 'FreeBSD' From 59749462c0eb66f9dc53744d8e45fffcbd202a5e Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Sun, 26 Aug 2018 15:10:15 +0200 Subject: [PATCH 09/48] required varaibles / remove append group / blocks in shell --- .../ansible.cfg | 4 +- .../group_vars/all | 15 +++- .../roles/ssh-config/tasks/main.yml | 3 +- .../roles/users/README.md | 25 ++++++ .../roles/users/tasks/main.yml | 7 ++ .../roles/users/tasks/set_facts.yml | 18 ++++ .../roles/users/tasks/ssh_config.yml | 3 + .../roles/users/tasks/users.yml | 83 +++++++++++++++++-- 8 files changed, 145 insertions(+), 13 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/ansible.cfg b/add-users-groups-authorized_keys-dot-files/ansible.cfg index 83a7ce4..6efa305 100644 --- a/add-users-groups-authorized_keys-dot-files/ansible.cfg +++ b/add-users-groups-authorized_keys-dot-files/ansible.cfg @@ -6,8 +6,8 @@ retry_files_save_path = /tmp/ inventory=./hosts host_key_checking=False gathering = smart -#stdout_callback=unixy -stdout_callback=debug +stdout_callback=unixy +#stdout_callback=debug [privilege_escalation] become=True diff --git a/add-users-groups-authorized_keys-dot-files/group_vars/all b/add-users-groups-authorized_keys-dot-files/group_vars/all index e8d42db..c8e37a5 100644 --- a/add-users-groups-authorized_keys-dot-files/group_vars/all +++ b/add-users-groups-authorized_keys-dot-files/group_vars/all @@ -5,28 +5,39 @@ user_groups: - name: mysecondgroup gid: 702 state: absent + - name: admin + gid: 703 + state: present users: - name: remember - state: present + state: present password: "blabla" groups: - mygroup + - admin uid: 1100 + enable_sudo: false keys: - file: key1 state: present bash_lines: - - line: "testline" + - line: "#testline" state: present - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" state: present - line: "alias ls='ls lah'" state: present + bash_blocks: + - content: | + #testing + #multiline + state: absent ssh_config: - ServerAliveInterval: 10 - name: test + state: present keys: - file: key2 state: absent diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index 0211c42..ef8a5bf 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -13,7 +13,7 @@ group: "{{ item.item.name }}" mode: 0600 state: touch - when: item.stat.exists == False + when: item.stat.exists == False and item.item.state == "present" with_items: - "{{ sshconfig.results }}" no_log: True @@ -42,3 +42,4 @@ - "{{ users }}" - ssh_config - skip_missing: true + when: item.0.state == "present" diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/README.md b/add-users-groups-authorized_keys-dot-files/roles/users/README.md index 5f4d964..bf5f62f 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/users/README.md @@ -17,11 +17,15 @@ Ansible roles to create/configure users on Linux/FreeBSD. | password | string of an encrypted value(1) | string | | groups | additional groups the user should belong to | list | | uid | optionally specify a user id | int | +| enable_sudo | Enable passwordless sudo for the given user | bool | | keys | list of dictionaries | list | | bash_lines | configure lines in .bashrc | list | +| bash_blocks | configure lines in .bashrc | list | | csh_lines | configure lines in .cshrc | list | +| csh__blocks | configure lines in .cshrc | list | (1) https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module + ## Default variables The default shells depending on the OS are: @@ -45,6 +49,7 @@ users: groups: - mygroup uid: 1100 + enable_sudo: true keys: - file: key1 state: present @@ -53,7 +58,13 @@ users: state: present - line: "alias ls='ls lah'" state: present + bash_blocks: + - content: | + #testing + #multiline + state: present - name: test + enable_sudo: false keys: - file: key2 state: absent @@ -95,6 +106,9 @@ This role allows you to add or remove lines to a user's `.bashrc` or `cshrc` fil Add items to the **shell_lines** key in the **users** variable. Each item exists of a _line_ and _state_ key. +**lines** + +Use _lines_ if you want to make sure a single line is present or not. Example: ``` shell_lines: @@ -106,5 +120,16 @@ shell_lines: state: present ``` +**blocks** +use blocks if you want to make sure a number of lines that belong together are +present or not. +Example: +``` +bash_blocks: + - content: | + if [ condition ]; then + do something + state: present +``` diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml index 0904bb2..b3a54e4 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/main.yml @@ -1,4 +1,11 @@ --- +- name: Check for required variables + fail: + msg: "Variable: 'users.name' or 'users.state' NOT defined!" + with_items: "{{ users }}" + when: item.state is not defined or item.name is not defined + + - include_tasks: set_facts.yml - include_tasks: users.yml - include_tasks: ssh_config.yml diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml index 4124706..9bc332f 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/set_facts.yml @@ -1,3 +1,4 @@ +# Set default shell - set_fact: default_shell: "{{ default_freebsd_shell }}" when: ansible_os_family == 'FreeBSD' @@ -6,3 +7,20 @@ default_shell: "{{ default_linux_shell }}" when: ansible_os_family == 'Debian' +# Set sudoers path +- set_fact: + sudoers_path: /usr/local/etc/sudoers.d + when: ansible_os_family == 'FreeBSD' + +- set_fact: + sudoers_path: /etc/sudoers.d + when: ansible_os_family == 'Debian' + +# Set sudo config path +- set_fact: + sudo_config_path: /usr/local/etc/sudoers + when: ansible_os_family == 'FreeBSD' + +- set_fact: + sudo_config_path: /etc/sudoers + when: ansible_os_family == 'Debian' diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml index a79ac71..52b1c81 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml @@ -1,3 +1,4 @@ + - name: Ensure .ssh folder is created file: path: "/home/{{item.name}}/.ssh" @@ -7,6 +8,7 @@ group: "{{ item.name }}" with_items: - "{{ users }}" + when: item.state == "present" - name: Configure authorized_keys @@ -17,4 +19,5 @@ with_subelements: - "{{ users }}" - keys + when: item.0.state is defined and item.0.state == "present" diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml index 2ebbfc3..2df15e0 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml @@ -1,5 +1,5 @@ --- -- name: Ensure groups exist +- name: Add/Remove group group: name: "{{ item.name }}" gid: "{{ item.gid | default(omit) }}" @@ -7,7 +7,7 @@ with_items: "{{ user_groups }}" -- name: Ensure users exist +- name: Add/Remove user user: name: "{{ item.name }}" state: "{{ item.state | default('present') }}" @@ -15,12 +15,12 @@ groups: "{{ item.groups | default(omit) }}" uid: "{{ item.uid | default(omit) }}" shell: "{{ item.shell | default(default_shell) }}" - append: yes - no_log: True + remove: yes + no_log: False with_items: "{{ users }}" -- name: Configure bashrc +- name: Configure bashrc lines lineinfile: path: "/home/{{ item.0.name }}/.bashrc" line: "{{ item.1.line }}" @@ -30,17 +30,84 @@ - "{{ users }}" - bash_lines - skip_missing: true - when: ansible_os_family == 'Debian' + when: ansible_os_family == 'Debian' and item.0.state == "present" +- name: Configure bashrc blocks + blockinfile: + path: "/home/{{ item.0.name }}/.bashrc" + content: "{{ item.1.content }}" + marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}" + state: "{{ item.1.state | default('present') }}" + backup: yes + with_subelements: + - "{{ users }}" + - bash_blocks + - skip_missing: true + when: ansible_os_family == 'Debian' and item.0.state == "present" + loop_control: + index_var: listitem -- name: Configure cshrc +- name: Configure cshrc lines lineinfile: path: "/home/{{ item.0.name }}/.cshrc" line: "{{ item.1.line }}" state: "{{ item.1.state | default('present')}}" + backup: yes with_subelements: - "{{ users }}" - csh_lines - skip_missing: true - when: ansible_os_family == 'FreeBSD' + when: ansible_os_family == 'FreeBSD' and item.0.state == "present" + +- name: Configure cshrc blocks + blockinfile: + path: "/home/{{ item.0.name }}/.cshrc" + content: "{{ item.1.conent }}" + marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}" + state: "{{ item.1.state | default('present')}}" + backup: yes + with_subelements: + - "{{ users }}" + - csh_blocks + - skip_missing: true + when: ansible_os_family == 'FreeBSD' and item.0.state == "present" + loop_control: + index_var: listitem + +- name: Ensure sudo is installed (Debian) + apt: + name: sudo + update_cache: yes + cache_valid_time: "{{ apt_cache_valid | default('86400') }}" + when: ansible_os_family == "Debian" + +- name: Ensure sudo is installed (FreeBSD) + portinstall: + name: sudo + state: present + when: ansible_os_family == "FreeBSD" + +- name: Enable sudo for user + lineinfile: + path: "{{ sudoers_path }}/{{ item.name }}" + line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL" + state: present + create: true + when: item.enable_sudo is defined and item.enable_sudo == true + with_items: "{{ users }}" + +- name: Disable sudo for user + file: + path: "{{ sudoers_path }}/{{ item.name }}" + state: absent + when: item.enable_sudo is defined and item.enable_sudo == false + with_items: "{{ users }}" + +- name: Include sudoers.d + lineinfile: + dest: "{{ sudo_config_path }}" + state: present + regexp: '^\#includedir {{ sudoers_path }}' + line: '#includedir {{ sudoers_path }}' + validate: 'visudo -cf %s' From 522c9a6fe942ff64bb66b38f80b11b718d3235cf Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 14:49:09 -0700 Subject: [PATCH 10/48] Create README.md --- add-users-groups-authorized_keys-dot-files/roles/README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 add-users-groups-authorized_keys-dot-files/roles/README.md diff --git a/add-users-groups-authorized_keys-dot-files/roles/README.md b/add-users-groups-authorized_keys-dot-files/roles/README.md new file mode 100644 index 0000000..fa9b450 --- /dev/null +++ b/add-users-groups-authorized_keys-dot-files/roles/README.md @@ -0,0 +1,3 @@ +### You can safely ignore `ssh-config/` and focus on all your user managment needs via [`users/`][1] and the [README.md][1] in there. + +[1]: https://github.com/stationgroup/ansible-experiments/tree/master/add-users-groups-authorized_keys-dot-files/roles/users From f0cbef4b196fceca355d593da5984be549a84087 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 14:49:39 -0700 Subject: [PATCH 11/48] Update README.md --- add-users-groups-authorized_keys-dot-files/roles/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/README.md b/add-users-groups-authorized_keys-dot-files/roles/README.md index fa9b450..6e22ce6 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/README.md @@ -1,3 +1,5 @@ -### You can safely ignore `ssh-config/` and focus on all your user managment needs via [`users/`][1] and the [README.md][1] in there. +# NOTICE + +You can safely ignore `ssh-config/` and focus on all your user managment needs via [`users/`][1] and the [README.md][1] in there. [1]: https://github.com/stationgroup/ansible-experiments/tree/master/add-users-groups-authorized_keys-dot-files/roles/users From f4f7233e296917e75ddb3e548a14b0675881cb95 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 14:51:29 -0700 Subject: [PATCH 12/48] fix url so it doesn't favor github --- add-users-groups-authorized_keys-dot-files/roles/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/README.md b/add-users-groups-authorized_keys-dot-files/roles/README.md index 6e22ce6..b5ffb66 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/README.md @@ -2,4 +2,4 @@ You can safely ignore `ssh-config/` and focus on all your user managment needs via [`users/`][1] and the [README.md][1] in there. -[1]: https://github.com/stationgroup/ansible-experiments/tree/master/add-users-groups-authorized_keys-dot-files/roles/users +[1]: users/ From 84ef01af84114e358f20e24d6b4fd74fcc7247a8 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 14:55:04 -0700 Subject: [PATCH 13/48] =?UTF-8?q?Thanks=20@srgvg=20and=20@vincentvdk!=20?= =?UTF-8?q?=F0=9F=8E=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../README.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/add-users-groups-authorized_keys-dot-files/README.md b/add-users-groups-authorized_keys-dot-files/README.md index a791366..b06c576 100644 --- a/add-users-groups-authorized_keys-dot-files/README.md +++ b/add-users-groups-authorized_keys-dot-files/README.md @@ -7,3 +7,47 @@ This repo contains 2 roles: Both roles make use of the same _users_ variable and are created to give users the freedom to add their own configuration outside of Ansible. Detailed configuration can be found in the README files inside the role's folders. + +## Contributors + +Thanks goes to these wonderful people: + + +| [
Serge van Ginderachter](https://github.com/srgvg)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=srgvg) | [
Bryan Black](https://bringyourwallet.com)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=reelsense) | [
Vincent Van der Kussen](https://github.com/vincentvdk)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=vincentvdk) | +| :---: | :---: | :---: | + + + +Contributions of any kind are welcome! + + +# Top Supporters + +Monthly supporters only. + +Amount | Supporter Name | Supporter Domain +-----------|---------------------------|------------------------ +$50/month | [Tugger Hosting][thgh] | [tuggerhosting.com][th] + +[reelsense]: https://github.com/reelsense +[byw]: http://frothymix.info +[thgh]: https://github.com/TuggerHosting +[th]: https://tuggerhosting.com/ +[ydn]: https://yelladognetworks.com + + +## Support Development + +### **[Support Now](https://reelsense.tv/donate)** + + +## Community Discussion + +Text and voice chat on the public mumble server. + +**Join the Public Mumble** + +Server: `pub.bringyourwallet.com` + +Port: `64738` + From 834c29b20054181c5ff7a180d87fcbbeb8761055 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 14:59:45 -0700 Subject: [PATCH 14/48] rearrange contributors --- add-users-groups-authorized_keys-dot-files/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/README.md b/add-users-groups-authorized_keys-dot-files/README.md index b06c576..fef5773 100644 --- a/add-users-groups-authorized_keys-dot-files/README.md +++ b/add-users-groups-authorized_keys-dot-files/README.md @@ -13,7 +13,7 @@ Detailed configuration can be found in the README files inside the role's folder Thanks goes to these wonderful people: -| [
Serge van Ginderachter](https://github.com/srgvg)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=srgvg) | [
Bryan Black](https://bringyourwallet.com)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=reelsense) | [
Vincent Van der Kussen](https://github.com/vincentvdk)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=vincentvdk) | +| [
Serge van Ginderachter](https://github.com/srgvg)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=srgvg) | [
Vincent Van der Kussen](https://github.com/vincentvdk)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=vincentvdk) | [
Bryan Black](https://bringyourwallet.com)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=reelsense) | :---: | :---: | :---: | From f8b2ecf8d8dc4c289e7cb975600914d535234bc9 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 15:02:51 -0700 Subject: [PATCH 15/48] fix donate url --- add-users-groups-authorized_keys-dot-files/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/README.md b/add-users-groups-authorized_keys-dot-files/README.md index fef5773..c488069 100644 --- a/add-users-groups-authorized_keys-dot-files/README.md +++ b/add-users-groups-authorized_keys-dot-files/README.md @@ -38,7 +38,7 @@ $50/month | [Tugger Hosting][thgh] | [tuggerhosting.com][th] ## Support Development -### **[Support Now](https://reelsense.tv/donate)** +### **[Support Now](https://bringyourwallet.com/donate)** ## Community Discussion From 80df2cc8b6324cfc1550d70600ee3c42d07f7c9b Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 15:03:11 -0700 Subject: [PATCH 16/48] update donate url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a444ec9..ca55cde 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ $50/month | [Tugger Hosting][thgh] | [tuggerhosting.com][th] ## Support Development -### **[Support Now](https://reelsense.tv/donate)** +### **[Support Now](https://bringyourwallet.com/donate)** ## Community Discussion From 4f93ca4946704485c458031efff99c69618793f9 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 15:04:23 -0700 Subject: [PATCH 17/48] Thanks @srgvg and @vincentvdk --- cleanup_ami_snapshots/README.md | 43 +++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/cleanup_ami_snapshots/README.md b/cleanup_ami_snapshots/README.md index 5884409..d28a197 100644 --- a/cleanup_ami_snapshots/README.md +++ b/cleanup_ami_snapshots/README.md @@ -138,3 +138,46 @@ Info about the cleanup actions are kept in a log file (default: 2018-06-09T08:10:58Z AMI CLEANUP - Removed snapshots: snap-0b4d8ef6c1bc098d1 2018-06-09T08:10:58Z AMI CLEANUP - Removed snapshots: snap-09c25bbe838912ced ``` + +## Contributors + +Thanks goes to these wonderful people: + + +| [
Serge van Ginderachter](https://github.com/srgvg)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=srgvg) | [
Vincent Van der Kussen](https://github.com/vincentvdk)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=vincentvdk) | [
Bryan Black](https://bringyourwallet.com)
[📖](https://github.com/stationgroup/ansible-experiments/commits?author=reelsense) +| :---: | :---: | :---: | + + + +Contributions of any kind are welcome! + + +# Top Supporters + +Monthly supporters only. + +Amount | Supporter Name | Supporter Domain +-----------|---------------------------|------------------------ +$50/month | [Tugger Hosting][thgh] | [tuggerhosting.com][th] + +[reelsense]: https://github.com/reelsense +[byw]: http://frothymix.info +[thgh]: https://github.com/TuggerHosting +[th]: https://tuggerhosting.com/ +[ydn]: https://yelladognetworks.com + + +## Support Development + +### **[Support Now](https://bringyourwallet.com/donate)** + + +## Community Discussion + +Text and voice chat on the public mumble server. + +**Join the Public Mumble** + +Server: `pub.bringyourwallet.com` + +Port: `64738` From ef4083e64e49939989411abdb2a34e718eae7467 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 15:21:21 -0700 Subject: [PATCH 18/48] add feature checklist and update example gif --- README.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ca55cde..816d4f8 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,20 @@ # ansible-experiments :microscope: Ansible experimentation -![](https://thumbs.gfycat.com/FalseGranularDogwoodclubgall-size_restricted.gif) +### What can these playbooks do? -### [Use _Ansible_ to install OS updates](/package_updates) +Features | Ubuntu | Debian | FreeBSD | +-------------------------------------------------|--------|--------|---------| +💾 [Update packages and OS][pkg_upd] | ✅ | ✅ | ✅ | +☁️ [Make & Cleanup EC2 AMI snapshots][ami] | ✅ | ✅ | ✅ | +🎛 [User account and dot file management][usr_mgmt] | ✅ | ✅ | ✅ | +[pkg_upd]: /package_updates +[ami]: /cleanup_ami_snapshots +[usr_mgmt]: /add-users-groups-authorized_keys-dot-files + +![](https://cdn.ipfu.org/git/assets/gif/shell-ansible-experiments.gif) ## Contributors From b49c265e1d8b4e99643347d50a83f7994d6229b1 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 15:31:01 -0700 Subject: [PATCH 19/48] add thanks and rule before gif --- README.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 816d4f8..8a9f6e7 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,11 @@ -# ansible-experiments -:microscope: Ansible experimentation +# Ansible Playbook Experiments +Paid for by [Bryan Black](https://bringyourwallet.com/donate), for the benefit of all lazy sysadmin. [What's ansible?](https://docs.ansible.com/) -### What can these playbooks do? +Special thanks to the helpful devs that contributed their expertise. + + +## What can these playbooks do? Features | Ubuntu | Debian | FreeBSD | -------------------------------------------------|--------|--------|---------| @@ -14,6 +17,7 @@ Features | Ubuntu | Debian | FreeBSD | [ami]: /cleanup_ami_snapshots [usr_mgmt]: /add-users-groups-authorized_keys-dot-files +--- ![](https://cdn.ipfu.org/git/assets/gif/shell-ansible-experiments.gif) ## Contributors From 190f5b8562f22e67e5c06c58892c1dded1dbe424 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sun, 2 Sep 2018 15:36:14 -0700 Subject: [PATCH 20/48] typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8a9f6e7..21f6c2b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Ansible Playbook Experiments -Paid for by [Bryan Black](https://bringyourwallet.com/donate), for the benefit of all lazy sysadmin. [What's ansible?](https://docs.ansible.com/) +Paid for by [Bryan Black](https://bringyourwallet.com/donate), for the benefit of all lazy sysadmins. [What's ansible?](https://docs.ansible.com/) Special thanks to the helpful devs that contributed their expertise. From a03c4a6b18f6dc6dde39f4e85237ab3e070fd0ef Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 3 Sep 2018 03:44:58 -0700 Subject: [PATCH 21/48] ${HOME} typo --- add-users-groups-authorized_keys-dot-files/group_vars/all | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/group_vars/all b/add-users-groups-authorized_keys-dot-files/group_vars/all index c8e37a5..02bf11e 100644 --- a/add-users-groups-authorized_keys-dot-files/group_vars/all +++ b/add-users-groups-authorized_keys-dot-files/group_vars/all @@ -25,7 +25,7 @@ users: bash_lines: - line: "#testline" state: present - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' state: present - line: "alias ls='ls lah'" state: present From 11fa15fc3b01b155a13fea203d73b98cf9cde7e0 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 3 Sep 2018 03:47:09 -0700 Subject: [PATCH 22/48] fix ${HOME} typo --- .../roles/users/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml b/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml index 6577b10..f8534aa 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/defaults/main.yml @@ -25,7 +25,7 @@ default_linux_shell: "/bin/bash" # bash_lines: # - line: "testline" # state: present -# - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" +# - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' # state: present # - line: "alias ls='ls lah'" # state: present From 8e1b0812f26caf4ae882d09ccf00bc7a170715e0 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 3 Sep 2018 03:47:53 -0700 Subject: [PATCH 23/48] fix ${HOME} typo --- .../roles/users/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/README.md b/add-users-groups-authorized_keys-dot-files/roles/users/README.md index bf5f62f..e692bee 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/users/README.md @@ -114,7 +114,7 @@ Example: shell_lines: - line: "testline" state: absent - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' state: present - line: "alias ls='ls lah'" state: present From 63c5cb817b99f70270cd9417d43ea580354d8089 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 3 Sep 2018 03:49:41 -0700 Subject: [PATCH 24/48] fix ${HOME} typo --- .../roles/users/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/vars/main.yml b/add-users-groups-authorized_keys-dot-files/roles/users/vars/main.yml index ce6a2f4..bdb99e9 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/vars/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/vars/main.yml @@ -20,7 +20,7 @@ # shell_lines: # - line: "testline" # state: present -# - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" +# - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' # state: present # - line: "alias ls='ls lah'" # state: present @@ -29,5 +29,5 @@ # - file: key2 # state: absent # shell_lines: -# - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" +# - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' # state: present From f425969a79a23f5526e88085b640b2e1f0b35c3f Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 3 Sep 2018 03:50:49 -0700 Subject: [PATCH 25/48] fix ${HOME} typo --- .../roles/users/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/README.md b/add-users-groups-authorized_keys-dot-files/roles/users/README.md index e692bee..3e9fdfc 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/users/README.md @@ -54,7 +54,7 @@ users: - file: key1 state: present bash_lines: - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' state: present - line: "alias ls='ls lah'" state: present From e291ce2c9e4bf0a4b8e32245e759c6966ba43e1a Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 3 Sep 2018 14:54:17 -0700 Subject: [PATCH 26/48] fix ${HOME} typo --- .../roles/ssh-config/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md index d071612..deeb6f7 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md @@ -36,7 +36,7 @@ users: shell_lines: - line: "testline" state: present - - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh" + - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"' state: present - line: "alias ls='ls lah'" state: present From 1985da804305ae9719b0cac737cdd4cd8071a327 Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Thu, 13 Sep 2018 07:50:32 +0200 Subject: [PATCH 27/48] Fix #11 --- .../group_vars/all | 3 +- .../hosts | 6 +- .../roles/ssh-config/tasks/main.yml | 59 +++++++++++++++---- 3 files changed, 51 insertions(+), 17 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/group_vars/all b/add-users-groups-authorized_keys-dot-files/group_vars/all index 02bf11e..be5a4aa 100644 --- a/add-users-groups-authorized_keys-dot-files/group_vars/all +++ b/add-users-groups-authorized_keys-dot-files/group_vars/all @@ -35,7 +35,8 @@ users: #multiline state: absent ssh_config: - - ServerAliveInterval: 10 + - line: "ServerAliveInterval: 10" + - line: "Compression no" - name: test state: present keys: diff --git a/add-users-groups-authorized_keys-dot-files/hosts b/add-users-groups-authorized_keys-dot-files/hosts index 17d4bc8..a0967ee 100644 --- a/add-users-groups-authorized_keys-dot-files/hosts +++ b/add-users-groups-authorized_keys-dot-files/hosts @@ -1,3 +1,3 @@ -10.106.116.157 ssh_short_name=host1 ansible_user=root -10.106.116.139 ssh_short_name=host2 ansible_user=root -34.242.108.38 ssh_short_name=freebsd1 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 +10.106.116.157 ansible_user=root +10.106.116.139 ansible_user=root +#34.242.108.38 ssh_short_name=freebsd1 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index ef8a5bf..bacf50a 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -19,27 +19,60 @@ no_log: True +- name: CHECK VARS + debug: + msg: "{{ item.1 }}" + with_subelements: + - "{{ users }}" + - ssh_config + - skip_missing: true + when: item.0.state == "present" + - name: Configure ~/.ssh/config blockinfile: - path: "/home/{{ item.0.name }}/.ssh/config" - owner: "{{ item.0.name }}" - group: "{{ item.0.name }}" + #path: "/home/{{ item.0.name }}/.ssh/config" + path: "/home/{{ item.name }}/.ssh/config" + #owner: "{{ item.0.name }}" + owner: "{{ item.name }}" + #group: "{{ item.0.name }}" + group: "{{ item.name }}" mode: 0600 marker: "# {mark} ANSIBLE MANAGED BLOCK" content: | {% for host in groups['all'] -%} - Host {{ hostvars[host]['ssh_short_name'] }} + Host {{ hostvars[host]['ansible_hostname'] }} Hostname {{ hostvars[host]['inventory_hostname'] }} - RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent - RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh - {% for k,v in item.1.items() %} - {% if k|lower != "host" and k|lower != "hostname" %} - {{k}} {{v}} - {% endif %} + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + {% for item in item.ssh_config %} + {{ item.line }} {% endfor %} {% endfor %} - with_subelements: + with_items: - "{{ users }}" - - ssh_config - skip_missing: true - when: item.0.state == "present" + when: item.ssh_config is defined and item.state == "present" + +#- name: Configure ~/.ssh/config +# blockinfile: +# path: "/home/{{ item.0.name }}/.ssh/config" +# owner: "{{ item.0.name }}" +# group: "{{ item.0.name }}" +# mode: 0600 +# marker: "# {mark} ANSIBLE MANAGED BLOCK" +# content: | +# {% for host in groups['all'] -%} +# Host {{ hostvars[host]['ssh_short_name'] }} +# Hostname {{ hostvars[host]['inventory_hostname'] }} +# RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent +# RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh +# {% for k,v in item.1.items() %} +# {% if k|lower != "host" and k|lower != "hostname" %} +# {{k}} {{v}} +# {% endif %} +# {% endfor %} +# {% endfor %} +# with_dict: +# - "{{ users }}" +# - skip_missing: true +# when: item.0.state == "present" From 9e5b35532653a8792701796e4336a9e3401f9943 Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Thu, 13 Sep 2018 08:48:34 +0200 Subject: [PATCH 28/48] remove comment block --- .../roles/ssh-config/tasks/main.yml | 23 ------------------- 1 file changed, 23 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index bacf50a..2b22aea 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -53,26 +53,3 @@ - skip_missing: true when: item.ssh_config is defined and item.state == "present" -#- name: Configure ~/.ssh/config -# blockinfile: -# path: "/home/{{ item.0.name }}/.ssh/config" -# owner: "{{ item.0.name }}" -# group: "{{ item.0.name }}" -# mode: 0600 -# marker: "# {mark} ANSIBLE MANAGED BLOCK" -# content: | -# {% for host in groups['all'] -%} -# Host {{ hostvars[host]['ssh_short_name'] }} -# Hostname {{ hostvars[host]['inventory_hostname'] }} -# RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent -# RemoteForward /home/{{ item.0.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh -# {% for k,v in item.1.items() %} -# {% if k|lower != "host" and k|lower != "hostname" %} -# {{k}} {{v}} -# {% endif %} -# {% endfor %} -# {% endfor %} -# with_dict: -# - "{{ users }}" -# - skip_missing: true -# when: item.0.state == "present" From 07db990c35eb516929b30c4f47d02303340b1ace Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Wed, 19 Sep 2018 12:31:44 -0700 Subject: [PATCH 29/48] consistence with PR #12 https://github.com/stationgroup/ansible-experiments/pull/12 --- .../roles/ssh-config/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md index deeb6f7..afd8ab5 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md @@ -41,7 +41,8 @@ users: - line: "alias ls='ls lah'" state: present ssh_config: - - ServerAliveInterval: 10 + - line: "ServerAliveInterval: 10" + - line: "Compression no" ``` **Result:** From 76ee1db759f4d1e2ecbb47e4e95517bad72d54ed Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Wed, 19 Sep 2018 12:55:45 -0700 Subject: [PATCH 30/48] fix another typo --- .../roles/users/tasks/users.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml index 2df15e0..aa4eb1f 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml @@ -62,7 +62,7 @@ - name: Configure cshrc blocks blockinfile: path: "/home/{{ item.0.name }}/.cshrc" - content: "{{ item.1.conent }}" + content: "{{ item.1.content }}" marker: "# {mark} ANSIBLE managed content. Block item #{{ listitem }}" state: "{{ item.1.state | default('present')}}" backup: yes From 164536462ab85b9165de32992a6f0ed24c242548 Mon Sep 17 00:00:00 2001 From: Vincent Van der Kussen Date: Tue, 2 Oct 2018 19:38:23 +0200 Subject: [PATCH 31/48] don't create users depending on OS --- .../ansible.cfg | 2 +- .../group_vars/all | 19 ++++++++++++ .../hosts | 2 ++ .../roles/ssh-config/tasks/main.yml | 14 ++++++--- .../roles/users/files/keys/freebsd/key2.pub | 1 + .../roles/users/files/keys/ubuntu/key2.pub | 1 + .../roles/users/tasks/ssh_config.yml | 29 ++++++++++++++++--- .../roles/users/tasks/users.yml | 15 +++++++++- 8 files changed, 73 insertions(+), 10 deletions(-) create mode 100644 add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub create mode 100644 add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub diff --git a/add-users-groups-authorized_keys-dot-files/ansible.cfg b/add-users-groups-authorized_keys-dot-files/ansible.cfg index 6efa305..f4923f1 100644 --- a/add-users-groups-authorized_keys-dot-files/ansible.cfg +++ b/add-users-groups-authorized_keys-dot-files/ansible.cfg @@ -6,7 +6,7 @@ retry_files_save_path = /tmp/ inventory=./hosts host_key_checking=False gathering = smart -stdout_callback=unixy +#stdout_callback=unixy #stdout_callback=debug [privilege_escalation] diff --git a/add-users-groups-authorized_keys-dot-files/group_vars/all b/add-users-groups-authorized_keys-dot-files/group_vars/all index be5a4aa..a345002 100644 --- a/add-users-groups-authorized_keys-dot-files/group_vars/all +++ b/add-users-groups-authorized_keys-dot-files/group_vars/all @@ -45,3 +45,22 @@ users: csh_lines: - line: "alias ls ls -lah" state: present + - name: freebsd + state: present + keys: + - file: key2 + state: present + csh_lines: + - line: "alias ls ls -lah" + state: present + - name: ubuntu + state: present + keys: + - file: key2 + state: absent + bash_lines: + - line: "alias ls ls -lah" + state: present + ssh_config: + - line: "ServerAliveInterval: 10" + - line: "Compression no" diff --git a/add-users-groups-authorized_keys-dot-files/hosts b/add-users-groups-authorized_keys-dot-files/hosts index a0967ee..9eb28db 100644 --- a/add-users-groups-authorized_keys-dot-files/hosts +++ b/add-users-groups-authorized_keys-dot-files/hosts @@ -1,3 +1,5 @@ 10.106.116.157 ansible_user=root 10.106.116.139 ansible_user=root #34.242.108.38 ssh_short_name=freebsd1 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 +34.242.147.18 ansible_user=ubuntu +34.241.111.239 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index 2b22aea..7c12f4d 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -1,10 +1,15 @@ --- -- name: Check if user has ~/.ssh/config +- name: Check if user has ~/.ssh/config | Debian/Ubuntu systems. stat: path: "/home/{{ item.name }}/.ssh/config" with_items: "{{ users }}" register: sshconfig + when: item.name != 'freebsd' and ansible_os_family == 'Debian' +- name: debug + debug: "{{ item.item.name }}" + with_items: + - "{{ sshconfig.results }}" - name: Create ~/.ssh/config when absent file: @@ -13,10 +18,10 @@ group: "{{ item.item.name }}" mode: 0600 state: touch - when: item.stat.exists == False and item.item.state == "present" + when: item.stat is defined and item.stat.exists == False and item.item.state == "present" with_items: - "{{ sshconfig.results }}" - no_log: True + #no_log: True - name: CHECK VARS @@ -51,5 +56,6 @@ with_items: - "{{ users }}" - skip_missing: true - when: item.ssh_config is defined and item.state == "present" + when: item.ssh_config is defined and item.state == "present" and item.name != 'freebsd' and ansible_os_family == 'Debian' + diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub b/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub new file mode 100644 index 0000000..88ca4dd --- /dev/null +++ b/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub b/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub new file mode 100644 index 0000000..88ca4dd --- /dev/null +++ b/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml index 52b1c81..2e40bae 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml @@ -1,5 +1,5 @@ -- name: Ensure .ssh folder is created +- name: Ensure .ssh folder is created | Debian/Ubuntu systems file: path: "/home/{{item.name}}/.ssh" state: directory @@ -8,10 +8,10 @@ group: "{{ item.name }}" with_items: - "{{ users }}" - when: item.state == "present" + when: item.state == "present" and item.name != 'freebsd' and ansible_os_family == 'Debian' -- name: Configure authorized_keys +- name: Configure authorized_keys | Debian/Ubuntu systems authorized_key: user: "{{ item.0.name }}" key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" @@ -19,5 +19,26 @@ with_subelements: - "{{ users }}" - keys - when: item.0.state is defined and item.0.state == "present" + when: item.0.state is defined and item.0.state == "present" and item.0.name != 'freebsd' and ansible_os_family == 'Debian' +- name: Ensure .ssh folder is created | FreeBSD systems + file: + path: "/home/{{item.name}}/.ssh" + state: directory + mode: 0700 + owner: "{{ item.name }}" + group: "{{ item.name }}" + with_items: + - "{{ users }}" + when: item.state == "present" and item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' + + +- name: Configure authorized_keys | FreeBSD systems + authorized_key: + user: "{{ item.0.name }}" + key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" + state: "{{ item.1.state | default('present') }}" + with_subelements: + - "{{ users }}" + - keys + when: item.0.state is defined and item.0.state == "present" and item.0.name != 'ubuntu' and ansible_os_family == 'FreeBSD' diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml index aa4eb1f..22a4a90 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml @@ -7,7 +7,7 @@ with_items: "{{ user_groups }}" -- name: Add/Remove user +- name: Add/Remove user(s) on Ubuntu systems user: name: "{{ item.name }}" state: "{{ item.state | default('present') }}" @@ -18,7 +18,20 @@ remove: yes no_log: False with_items: "{{ users }}" + when: item.name != 'freebsd' and ansible_os_family == 'Debian' +- name: Add/Remove user(s) on FreeBSD systems + user: + name: "{{ item.name }}" + state: "{{ item.state | default('present') }}" + password: "{{ item.password | default(omit) }}" + groups: "{{ item.groups | default(omit) }}" + uid: "{{ item.uid | default(omit) }}" + shell: "{{ item.shell | default(default_shell) }}" + remove: yes + no_log: False + with_items: "{{ users }}" + when: item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' - name: Configure bashrc lines lineinfile: From 17d3f699a0834634455737a56c83306bf491c1a4 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 15:10:30 -0700 Subject: [PATCH 32/48] leaving it --- .../ansible.cfg | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 add-users-groups-authorized_keys-dot-files/ansible.cfg diff --git a/add-users-groups-authorized_keys-dot-files/ansible.cfg b/add-users-groups-authorized_keys-dot-files/ansible.cfg deleted file mode 100644 index f4923f1..0000000 --- a/add-users-groups-authorized_keys-dot-files/ansible.cfg +++ /dev/null @@ -1,17 +0,0 @@ -[ssh_connection] - -[defaults] -retry_files_enabled = False -retry_files_save_path = /tmp/ -inventory=./hosts -host_key_checking=False -gathering = smart -#stdout_callback=unixy -#stdout_callback=debug - -[privilege_escalation] -become=True -become_method=sudo -become_user=root -#become_ask_pass=False - From 24431d9a8faf9799e880ad0bf569f826f2c04e1c Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 15:28:35 -0700 Subject: [PATCH 33/48] Revert "leaving it" This reverts commit 17d3f699a0834634455737a56c83306bf491c1a4. --- .../ansible.cfg | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 add-users-groups-authorized_keys-dot-files/ansible.cfg diff --git a/add-users-groups-authorized_keys-dot-files/ansible.cfg b/add-users-groups-authorized_keys-dot-files/ansible.cfg new file mode 100644 index 0000000..f4923f1 --- /dev/null +++ b/add-users-groups-authorized_keys-dot-files/ansible.cfg @@ -0,0 +1,17 @@ +[ssh_connection] + +[defaults] +retry_files_enabled = False +retry_files_save_path = /tmp/ +inventory=./hosts +host_key_checking=False +gathering = smart +#stdout_callback=unixy +#stdout_callback=debug + +[privilege_escalation] +become=True +become_method=sudo +become_user=root +#become_ask_pass=False + From 84fd00c37c73f6d0eb7870b0b0079d79db2108bc Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:18:39 -0700 Subject: [PATCH 34/48] Update hosts --- add-users-groups-authorized_keys-dot-files/hosts | 2 -- 1 file changed, 2 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/hosts b/add-users-groups-authorized_keys-dot-files/hosts index 9eb28db..a0967ee 100644 --- a/add-users-groups-authorized_keys-dot-files/hosts +++ b/add-users-groups-authorized_keys-dot-files/hosts @@ -1,5 +1,3 @@ 10.106.116.157 ansible_user=root 10.106.116.139 ansible_user=root #34.242.108.38 ssh_short_name=freebsd1 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 -34.242.147.18 ansible_user=ubuntu -34.241.111.239 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7 From 81ad87f241061782783924403d6f8cb4918eedb0 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:18:51 -0700 Subject: [PATCH 35/48] Update ansible.cfg --- add-users-groups-authorized_keys-dot-files/ansible.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/ansible.cfg b/add-users-groups-authorized_keys-dot-files/ansible.cfg index f4923f1..6efa305 100644 --- a/add-users-groups-authorized_keys-dot-files/ansible.cfg +++ b/add-users-groups-authorized_keys-dot-files/ansible.cfg @@ -6,7 +6,7 @@ retry_files_save_path = /tmp/ inventory=./hosts host_key_checking=False gathering = smart -#stdout_callback=unixy +stdout_callback=unixy #stdout_callback=debug [privilege_escalation] From 81d6d4e8ff866bcbf94ddbc2857653bee3290688 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:29:28 -0700 Subject: [PATCH 36/48] fixing incorrect username, not what was requested https://github.com/stationgroup/ansible-experiments/issues/13#issue-361852126 This is still missing `vagrant`. --- .../roles/users/tasks/users.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml index 22a4a90..bec7871 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml @@ -18,7 +18,7 @@ remove: yes no_log: False with_items: "{{ users }}" - when: item.name != 'freebsd' and ansible_os_family == 'Debian' + when: item.name != 'ec2-user' and ansible_os_family == 'Debian' - name: Add/Remove user(s) on FreeBSD systems user: From 5d4c7f9f55a08dd6dcf811599bea3f159975b4cb Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:31:22 -0700 Subject: [PATCH 37/48] fixing incorrect username https://github.com/stationgroup/ansible-experiments/issues/13#issue-361852126 --- .../roles/ssh-config/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index 7c12f4d..0625e2b 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -4,7 +4,7 @@ path: "/home/{{ item.name }}/.ssh/config" with_items: "{{ users }}" register: sshconfig - when: item.name != 'freebsd' and ansible_os_family == 'Debian' + when: item.name != 'ec2-user' and ansible_os_family == 'Debian' - name: debug debug: "{{ item.item.name }}" @@ -56,6 +56,6 @@ with_items: - "{{ users }}" - skip_missing: true - when: item.ssh_config is defined and item.state == "present" and item.name != 'freebsd' and ansible_os_family == 'Debian' + when: item.ssh_config is defined and item.state == "present" and item.name != 'ec2-user' and ansible_os_family == 'Debian' From ec611b20302b13bd80631d799525c313a9282949 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:32:45 -0700 Subject: [PATCH 38/48] fixing incorrect user name --- .../roles/users/tasks/ssh_config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml index 2e40bae..7f56fc7 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml @@ -8,7 +8,7 @@ group: "{{ item.name }}" with_items: - "{{ users }}" - when: item.state == "present" and item.name != 'freebsd' and ansible_os_family == 'Debian' + when: item.state == "present" and item.name != 'ec2-user' and ansible_os_family == 'Debian' - name: Configure authorized_keys | Debian/Ubuntu systems @@ -19,7 +19,7 @@ with_subelements: - "{{ users }}" - keys - when: item.0.state is defined and item.0.state == "present" and item.0.name != 'freebsd' and ansible_os_family == 'Debian' + when: item.0.state is defined and item.0.state == "present" and item.0.name != 'ec2-user' and ansible_os_family == 'Debian' - name: Ensure .ssh folder is created | FreeBSD systems file: From 64ce20d9b62f00f939ca268a213066bffaba6a87 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:37:08 -0700 Subject: [PATCH 39/48] Update all --- .../group_vars/all | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/add-users-groups-authorized_keys-dot-files/group_vars/all b/add-users-groups-authorized_keys-dot-files/group_vars/all index a345002..be5a4aa 100644 --- a/add-users-groups-authorized_keys-dot-files/group_vars/all +++ b/add-users-groups-authorized_keys-dot-files/group_vars/all @@ -45,22 +45,3 @@ users: csh_lines: - line: "alias ls ls -lah" state: present - - name: freebsd - state: present - keys: - - file: key2 - state: present - csh_lines: - - line: "alias ls ls -lah" - state: present - - name: ubuntu - state: present - keys: - - file: key2 - state: absent - bash_lines: - - line: "alias ls ls -lah" - state: present - ssh_config: - - line: "ServerAliveInterval: 10" - - line: "Compression no" From 881f3b4e1ffb2e61d9164528a217fa6926bca1ad Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:42:13 -0700 Subject: [PATCH 40/48] Update main.yml --- .../roles/ssh-config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index 0625e2b..d36f0c7 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -21,7 +21,7 @@ when: item.stat is defined and item.stat.exists == False and item.item.state == "present" with_items: - "{{ sshconfig.results }}" - #no_log: True + no_log: True - name: CHECK VARS From acc7a2a2a6678fea6a80f150cfbdcd0e89eed36f Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:43:19 -0700 Subject: [PATCH 41/48] Delete key2.pub --- .../roles/users/files/keys/freebsd/key2.pub | 1 - 1 file changed, 1 deletion(-) delete mode 100644 add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub b/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub deleted file mode 100644 index 88ca4dd..0000000 --- a/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/freebsd/key2.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd From e0f1ab4984c39ad0987ab495512a205f4b75a2f1 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 8 Oct 2018 17:43:26 -0700 Subject: [PATCH 42/48] Delete key2.pub --- .../roles/users/files/keys/ubuntu/key2.pub | 1 - 1 file changed, 1 deletion(-) delete mode 100644 add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub b/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub deleted file mode 100644 index 88ca4dd..0000000 --- a/add-users-groups-authorized_keys-dot-files/roles/users/files/keys/ubuntu/key2.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd From b4cd66f75d52c514975cb5bebe33ba8b5808a597 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sat, 20 Oct 2018 18:16:48 -0700 Subject: [PATCH 43/48] freebsd fix --- .../roles/ssh-config/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index d36f0c7..2b2c8c2 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -5,6 +5,13 @@ with_items: "{{ users }}" register: sshconfig when: item.name != 'ec2-user' and ansible_os_family == 'Debian' + +- name: Check if user has ~/.ssh/config | FreeBSD systems. + stat: + path: "/home/{{ item.name }}/.ssh/config" + with_items: "{{ users }}" + register: sshconfig + when: item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' - name: debug debug: "{{ item.item.name }}" From 870157577912473838b9db07e4652656b4558a97 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Sat, 20 Oct 2018 18:18:32 -0700 Subject: [PATCH 44/48] freebsd fix --- .../roles/ssh-config/tasks/main.yml | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index 2b2c8c2..dc66fc8 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -65,4 +65,27 @@ - skip_missing: true when: item.ssh_config is defined and item.state == "present" and item.name != 'ec2-user' and ansible_os_family == 'Debian' - +- name: Configure ~/.ssh/config FreeBSD + blockinfile: + #path: "/home/{{ item.0.name }}/.ssh/config" + path: "/home/{{ item.name }}/.ssh/config" + #owner: "{{ item.0.name }}" + owner: "{{ item.name }}" + #group: "{{ item.0.name }}" + group: "{{ item.name }}" + mode: 0600 + marker: "# {mark} ANSIBLE MANAGED BLOCK" + content: | + {% for host in groups['all'] -%} + Host {{ hostvars[host]['ansible_hostname'] }} + Hostname {{ hostvars[host]['inventory_hostname'] }} + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + {% for item in item.ssh_config %} + {{ item.line }} + {% endfor %} + {% endfor %} + with_items: + - "{{ users }}" + - skip_missing: true + when: item.ssh_config is defined and item.state == "present" and item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' From 649d137ad245663de63b9687eba88b9afd0924d5 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 22 Oct 2018 11:56:56 -0700 Subject: [PATCH 45/48] fix no_log spacing --- .../roles/ssh-config/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index dc66fc8..09cea52 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -28,7 +28,7 @@ when: item.stat is defined and item.stat.exists == False and item.item.state == "present" with_items: - "{{ sshconfig.results }}" - no_log: True + no_log: True - name: CHECK VARS From 06978b60d4f6fb36d6492b07ab6cf81d355a0971 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 22 Oct 2018 13:11:32 -0700 Subject: [PATCH 46/48] Create remember --- .../roles/users/files/sudoers/remember/remember | 1 + 1 file changed, 1 insertion(+) create mode 100644 add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/remember/remember diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/remember/remember b/add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/remember/remember new file mode 100644 index 0000000..7282d90 --- /dev/null +++ b/add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/remember/remember @@ -0,0 +1 @@ +remember ALL=(ALL) NOPASSWD:ALL From aaf2f75d6654cd7f090b5ff89ad9e9c83e5c3220 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Mon, 22 Oct 2018 13:11:50 -0700 Subject: [PATCH 47/48] Create test --- .../roles/users/files/sudoers/test/test | 1 + 1 file changed, 1 insertion(+) create mode 100644 add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/test/test diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/test/test b/add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/test/test new file mode 100644 index 0000000..9293fdf --- /dev/null +++ b/add-users-groups-authorized_keys-dot-files/roles/users/files/sudoers/test/test @@ -0,0 +1 @@ +test ALL=(ALL) NOPASSWD:ALL From 7bfac9599d734882131b382000b12a8cd80eb058 Mon Sep 17 00:00:00 2001 From: Bryan Black Date: Thu, 28 May 2020 18:09:08 -0700 Subject: [PATCH 48/48] fix cleanup AMI Snapshots. Bug fixed https://github.com/ansible/ansible/issues/39541 --- cleanup_ami_snapshots/cleanup-ami-snapshots.yaml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/cleanup_ami_snapshots/cleanup-ami-snapshots.yaml b/cleanup_ami_snapshots/cleanup-ami-snapshots.yaml index f4d36f3..5711670 100644 --- a/cleanup_ami_snapshots/cleanup-ami-snapshots.yaml +++ b/cleanup_ami_snapshots/cleanup-ami-snapshots.yaml @@ -22,7 +22,7 @@ when: not aws_region_env_var - name: Gather facts about all AMIs with given tag. - ec2_ami_facts: + ec2_ami_info: profile: "{{ aws_profile }}" owners: self filters: "{{ ami_tag }}" @@ -59,8 +59,7 @@ profile: "{{ aws_profile }}" image_id: "{{ oldest_ami.image_id }}" state: absent - # Bug in deleting snapshots : https://github.com/ansible/ansible/issues/39541 - #delete_snapshot: yes + delete_snapshot: yes when: ami_list.images - name: LOG action @@ -69,14 +68,6 @@ dest: "{{ log_destination }}" when: ami_list.images - - name: Cleanup AMI snapshots - ec2_snapshot: - profile: "{{ aws_profile }}" - snapshot_id: "{{ item.ebs.snapshot_id }}" - state: absent - with_items: "{{ oldest_ami.block_device_mappings }}" - when: ami_list.images - - name: LOG action lineinfile: line: "{{ ansible_date_time.iso8601 }} AMI CLEANUP - Removed snapshots: {{ item.ebs.snapshot_id }}"