From 5a560250f10513037e3b67b427f5714ce519f975 Mon Sep 17 00:00:00 2001 From: James Hackett Date: Tue, 5 Dec 2023 04:47:29 +0000 Subject: [PATCH] Add Johnson host to ansible hosts.sample (#13) --- ansible/README.md | 10 ++++++++++ ansible/hosts.sample | 2 ++ ansible/redbrick-ansible.yml | 12 ++++++------ ansible/roles/ssh/defaults/main.yml | 9 ++++++--- ansible/roles/ssh/tasks/main.yml | 2 ++ 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index 827b539..0a493de 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -14,6 +14,16 @@ $ ansible-playbook -i hosts redbrick-ansible.yml This command assumes `hosts` is your hosts file, you can copy the sample host file and modify the credentials in `group_vars` +## Examples + +### Adding new users to aperture + +When you want to add a new user to all of the aperture servers, run the below command. You'll also need to edit [`roles/ssh/defaults/main.yml`](./roles/ssh/defaults/main.yml`). + +``` +ansible-playbook -i hosts redbrick-ansible.yml -e "created_users_pass=hellothere" +``` + ## Contributing Please add all roles into the `roles` directory, following the same directory structure. diff --git a/ansible/hosts.sample b/ansible/hosts.sample index 0774650..dd75c9f 100644 --- a/ansible/hosts.sample +++ b/ansible/hosts.sample @@ -1,8 +1,10 @@ glados ansible_host=10.10.0.4 wheatley ansible_host=10.10.0.5 chell ansible_host=10.10.0.6 +johnson ansible_host=10.10.0.7 [nomad] glados wheatley chell + diff --git a/ansible/redbrick-ansible.yml b/ansible/redbrick-ansible.yml index 78cebfa..8691f7f 100644 --- a/ansible/redbrick-ansible.yml +++ b/ansible/redbrick-ansible.yml @@ -8,12 +8,12 @@ roles: - { role: git-compare-head } # Prevent execution on out-of-date or divergent branches -# - name: Redbrick general management -# hosts: all -# roles: -#- { role: apt } # update all packages, equivalent to `apt update && apt upgrade` -#- { role: ssh } # add users defined in roles/defaults/main.yml -#- { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail` +- name: Redbrick general management + hosts: all + roles: + - { role: apt } # update all packages, equivalent to `apt update && apt upgrade` + - { role: ssh } # add users defined in roles/defaults/main.yml + - { role: fail2ban } # add and configure fail2ban with jail file located in `templates/fail2ban.jail` # - name: Configure Nomad & Consul # hosts: nomad diff --git a/ansible/roles/ssh/defaults/main.yml b/ansible/roles/ssh/defaults/main.yml index 222959b..09849f1 100644 --- a/ansible/roles/ssh/defaults/main.yml +++ b/ansible/roles/ssh/defaults/main.yml @@ -2,9 +2,12 @@ # a current listing of all admins who have ssh access to Redbrick. github_users: - - user: distro - # omitting account variable won't add any github keys to the user. - account: DistroByte + - user: mojito # user account + account: DistroByte # github account + groups: ["sudo"] # list of groups + passwordless_sudo: true + - user: jameson + account: wizzdom groups: ["sudo"] passwordless_sudo: true diff --git a/ansible/roles/ssh/tasks/main.yml b/ansible/roles/ssh/tasks/main.yml index 8238273..57e7567 100644 --- a/ansible/roles/ssh/tasks/main.yml +++ b/ansible/roles/ssh/tasks/main.yml @@ -14,6 +14,8 @@ append: yes home: /home/{{ item.user | default(item) }} state: present + password: "{{ created_users_pass }}" + update_password: "on_create" with_items: "{{ github_users }}" - name: Ensure authorized_keys for GitHub user accounts are present