• R/O
  • SSH

manifest: Commit

A service to replicate and serve requests for site configurations based on site ID, public IP, and the on-site lead contact's OTP.


Commit MetaInfo

Révision08a67b57b10d407a22b0a6e7287069e5461f5595 (tree)
l'heure2021-10-14 22:43:50
AuteurS. Seago <sseago-dev@proj...>
CommiterS. Seago

Message de Log

Move ansible content to a more appropriate place

Change Summary

Modification

diff -r 0ea9895801fb -r 08a67b57b10d ansible/roles/common/tasks/main.yml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/roles/common/tasks/main.yml Thu Oct 14 08:43:50 2021 -0500
@@ -0,0 +1,25 @@
1+- name: Update current packages
2+ ansible.builtin.apt:
3+ update_cache: yes
4+ cache_valid_time: 1800
5+ name: "*"
6+ state: latest
7+ fail_on_autoremove: yes
8+
9+- name: Make sure the automation group exists
10+ ansible.builtin.user:
11+ name: {{ automation_user }}
12+ state: presents
13+ gid: 2520
14+
15+- name: Make sure the automation user exists
16+ ansible.builtin.user:
17+ name: {{ automation_user }}
18+ comment: Project Celadon Automation User
19+ uid: 2520
20+ state: present
21+ group: {{ automation_user }}
22+ create_home: yes
23+ shell: /bin/bash
24+ generate_ssh_key: yes
25+
diff -r 0ea9895801fb -r 08a67b57b10d ansible/roles/dns/tasks/main.yml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/roles/dns/tasks/main.yml Thu Oct 14 08:43:50 2021 -0500
@@ -0,0 +1,21 @@
1+---
2+- name: Remove existing Resolve section
3+ replace:
4+ path: /etc/systemd/resolved.conf
5+ regexp: '^\[Resolve\][^[]+'
6+ replace: ''
7+ backup: yes
8+
9+- name: Set external DNS on base system to 9.9.9.9
10+ community.general.ini_file:
11+ path: /etc/systemd/resolved.conf
12+ section: Resolve
13+ option: DNS
14+ value: 9.9.9.9
15+
16+- name: Disable DNS Stub Listener
17+ community.general.ini_file:
18+ path: /etc/systemd/resolved.conf
19+ section: Resolve
20+ option: DNSStubListener
21+ value: no
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d ansible/site_prep.yml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/site_prep.yml Thu Oct 14 08:43:50 2021 -0500
@@ -0,0 +1,12 @@
1+---
2+- hosts: manifest
3+ become: true
4+ tasks:
5+ - name: Import common role
6+ import: common
7+
8+ - name: Import sudo role
9+ import: sudo
10+
11+ - name: Import dns role
12+ import: dns
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d ansible/sudo/files/ansible_sudoer
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/sudo/files/ansible_sudoer Thu Oct 14 08:43:50 2021 -0500
@@ -0,0 +1,1 @@
1+celadon-admin ALL=(ALL) NOPASSWD:ALL
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d ansible/sudo/tasks/main.yml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/sudo/tasks/main.yml Thu Oct 14 08:43:50 2021 -0500
@@ -0,0 +1,15 @@
1+- name: Copy SSH key for automation user
2+ tags: always,users,"automation user"
3+ authorized_key:
4+ user: "{{ automation_user }}"
5+ state: present
6+ key: "{{ key_path }}"
7+ register: copy_ssh_key
8+
9+- name: Enable sudo without password for automation user
10+ tags: always,users,"automation user"
11+ copy:
12+ src: ansible_sudoer
13+ dest: /etc/sudoers.d/"{{ automation_user }}"
14+ owner: root
15+ group: root
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d ansible/sudo/vars/main.yml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/ansible/sudo/vars/main.yml Thu Oct 14 08:43:50 2021 -0500
@@ -0,0 +1,3 @@
1+automation_user: celadon-robot
2+automation_pass: {{ garbage }}
3+key_path: ~/.ssh/id_ed25519.pub
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d container/ansible/roles/common/tasks/main.yml
--- a/container/ansible/roles/common/tasks/main.yml Thu Oct 14 08:41:22 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
1-- name: Update current packages
2- ansible.builtin.apt:
3- update_cache: yes
4- cache_valid_time: 1800
5- name: "*"
6- state: latest
7- fail_on_autoremove: yes
8-
9-- name: Make sure the automation group exists
10- ansible.builtin.user:
11- name: {{ automation_user }}
12- state: presents
13- gid: 2520
14-
15-- name: Make sure the automation user exists
16- ansible.builtin.user:
17- name: {{ automation_user }}
18- comment: Project Celadon Automation User
19- uid: 2520
20- state: present
21- group: {{ automation_user }}
22- create_home: yes
23- shell: /bin/bash
24- generate_ssh_key: yes
25-
diff -r 0ea9895801fb -r 08a67b57b10d container/ansible/roles/dns/tasks/main.yml
--- a/container/ansible/roles/dns/tasks/main.yml Thu Oct 14 08:41:22 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
1----
2-- name: Remove existing Resolve section
3- replace:
4- path: /etc/systemd/resolved.conf
5- regexp: '^\[Resolve\][^[]+'
6- replace: ''
7- backup: yes
8-
9-- name: Set external DNS on base system to 9.9.9.9
10- community.general.ini_file:
11- path: /etc/systemd/resolved.conf
12- section: Resolve
13- option: DNS
14- value: 9.9.9.9
15-
16-- name: Disable DNS Stub Listener
17- community.general.ini_file:
18- path: /etc/systemd/resolved.conf
19- section: Resolve
20- option: DNSStubListener
21- value: no
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d container/ansible/site_prep.yml
--- a/container/ansible/site_prep.yml Thu Oct 14 08:41:22 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
1----
2-- hosts: manifest
3- become: true
4- tasks:
5- - name: Import common role
6- import: common
7-
8- - name: Import sudo role
9- import: sudo
10-
11- - name: Import dns role
12- import: dns
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d container/ansible/sudo/files/ansible_sudoer
--- a/container/ansible/sudo/files/ansible_sudoer Thu Oct 14 08:41:22 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
1-celadon-admin ALL=(ALL) NOPASSWD:ALL
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d container/ansible/sudo/tasks/main.yml
--- a/container/ansible/sudo/tasks/main.yml Thu Oct 14 08:41:22 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
1-- name: Copy SSH key for automation user
2- tags: always,users,"automation user"
3- authorized_key:
4- user: "{{ automation_user }}"
5- state: present
6- key: "{{ key_path }}"
7- register: copy_ssh_key
8-
9-- name: Enable sudo without password for automation user
10- tags: always,users,"automation user"
11- copy:
12- src: ansible_sudoer
13- dest: /etc/sudoers.d/"{{ automation_user }}"
14- owner: root
15- group: root
\ No newline at end of file
diff -r 0ea9895801fb -r 08a67b57b10d container/ansible/sudo/vars/main.yml
--- a/container/ansible/sudo/vars/main.yml Thu Oct 14 08:41:22 2021 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
1-automation_user: celadon-robot
2-automation_pass: {{ garbage }}
3-key_path: ~/.ssh/id_ed25519.pub
\ No newline at end of file
Afficher sur ancien navigateur de dépôt.