A new playbook for setting up the ansible user and sudo settings.

author Andrew Schoen <aschoen@redhat.com>

Thu, 16 Apr 2015 15:05:24 +0000 (10:05 -0500)

committer Andrew Schoen <aschoen@redhat.com>

Thu, 16 Apr 2015 15:05:24 +0000 (10:05 -0500)
author Andrew Schoen <aschoen@redhat.com>
Thu, 16 Apr 2015 15:05:24 +0000 (10:05 -0500)
committer Andrew Schoen <aschoen@redhat.com>
Thu, 16 Apr 2015 15:05:24 +0000 (10:05 -0500)
diff --git a/ansible_managed.yml b/ansible_managed.yml

new file mode 100644 (file)

index 0000000..fa40292
--- /dev/null
+++ b/ansible_managed.yml
@@ -0,0 +1,10 @@
+---
+# a playbook to create the necessary users, groups and
+# sudoer settings needed for ansible to manage a node.
+- hosts: all
+  # assuming the nodes we run this on will most likely
+  # have an ubuntu user already created.
+  vars:
+    ansible_ssh_user: ubuntu
+  roles:
+    - ansible-managed
diff --git a/roles/ansible-managed/tasks/main.yml b/roles/ansible-managed/tasks/main.yml

new file mode 100644 (file)

index 0000000..50856e5
--- /dev/null
+++ b/roles/ansible-managed/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Create the sudo group.
+  group:
+    name: sudo
+    state: present
+
+- name: Create the ansible user.
+  user:
+    name: "{{ ansible_user }}"
+    group: sudo
+
+- name: Create the cephlab_sudo sudoers.d file.
+  template:
+    src: cephlab_sudo
+    dest: /etc/sudoers.d/cephlab_sudo
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+
+- name: Add authorized keys for the ansible user.
+  authorized_key: 
+    user: "{{ ansible_user }}"
+    key: "{{ item }}"
+  with_items: ssh_keys
diff --git a/roles/ansible-managed/templates/cephlab_sudo b/roles/ansible-managed/templates/cephlab_sudo

new file mode 100644 (file)

index 0000000..6febac3
--- /dev/null
+++ b/roles/ansible-managed/templates/cephlab_sudo
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+%sudo ALL=(ALL) NOPASSWD: ALL
+# For ansible pipelining
+Defaults !requiretty
+Defaults visiblepw
diff --git a/roles/cobbler/defaults/main.yml b/roles/cobbler/defaults/main.yml

index 6c061f97a0becd74a708f09770453c4c54f1acc5..eee958f9a82bf7f0350e179accec85b1fdd0dc42 100644 (file)
--- a/roles/cobbler/defaults/main.yml
+++ b/roles/cobbler/defaults/main.yml
@@ -1,7 +1,4 @@
  ---
-# cobbler sets up the user that ansible will use
-ansible_user: cm
-
  kickstarts:
    - cephlab_trusty.preseed
    - cephlab_rhel.ks
author	Andrew Schoen <aschoen@redhat.com>
	Thu, 16 Apr 2015 15:05:24 +0000 (10:05 -0500)
committer	Andrew Schoen <aschoen@redhat.com>
	Thu, 16 Apr 2015 15:05:24 +0000 (10:05 -0500)
ansible_managed.yml	[new file with mode: 0644]	patch \| blob
roles/ansible-managed/tasks/main.yml	[new file with mode: 0644]	patch \| blob
roles/ansible-managed/templates/cephlab_sudo	[new file with mode: 0644]	patch \| blob
roles/cobbler/defaults/main.yml		patch \| blob \| history