LecygneNoir
/
ansible-configz
mirror of https://github.com/theonlydoo/configz
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Browse Source

sortie du deploiement de clef ssh du role common vers un role dedie, avec utilisation de dictionnaires au lieu de liste pour utiliser la possibilite d'ansible de merger des dictionnaire. WARN : transformez votre variable admin_ssh_keys en dictionnaire ! (cd README)

master
victor héry 6 years ago
parent
1f9875fa1d
commit
f66203ba86
5 changed files with 42 additions and 11 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -1
      README.md
  2. +1
    -0
      postint-full.yml
  3. +1
    -0
      postint.yml
  4. +0
    -10
      roles/common/tasks/main.yml
  5. +34
    -0
      roles/ssh-keys/tasks/main.yml

+ 6
- 1
README.md View File

@ -16,6 +16,10 @@ Yet another ansible's playbook repository
* Common
* provides **common** configuration
* https://github.com/nojhan/liquidprompt <3
* SSH keys
* provides ssh keys deployement and blacklist
* possibility to use dictionnaries to list keys
* possibility to deploy different pools of keys on different servers with ansible hash_behaviour = merge
* Update
* allow install all update on hosts (tag normal)
* allow update specific packages from list (tags packages)
@ -77,7 +81,8 @@ Yet another ansible's playbook repository
```yaml
---
admin_ssh_keys: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian
admin_ssh_keys:
0: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZXK3ufonx+zNQ1x6cSWuUWckB/xf9sKZ+mRgY5SPXzqrxSkqNSmr9JQ6xzvhxKEVcFWsi50op1WWtRo3HG3p3+EHKXeCyzt5QnczDlVOoQbB8kgI0byKcvXux1inL4/Q4DbVLUbDFnynD/C5aAyYMYePahMxR+AQr60DD+7Ty6pcEVih1wwHIlxWziY1EF6sEzQwz/PiTxWIZkKHl/WPGagS9Pp/5nQfdZy0AS/JqbzNyMEg51+XedADuqseV4GXDzrzDYLJXJFv1PFVJxRWLrjChKrUMqyszUySkZMr5YSPXlsV0bi+0xivYEsXvIkLORV96JTZosYbV+0aFKDPv root@debian
default_packages_debian: htop

+ 1
- 0
postint-full.yml View File

@ -8,6 +8,7 @@
roles:
- common
- ssh-keys
- xymon-client
- rudder-node

+ 1
- 0
postint.yml View File

@ -8,5 +8,6 @@
roles:
- common
- ssh-keys
# vim: set textwidth=0 ft=yaml ts=2 sw=2 expandtab:

+ 0
- 10
roles/common/tasks/main.yml View File

@ -10,10 +10,6 @@
when: ansible_distribution == 'Debian'
# Check mandatory variables
- name: Check vars
fail: msg="Missing variable admin_ssh_keys"
when: admin_ssh_keys is not defined
- name: Check vars
fail: msg="Missing variable default_packages_debian"
when: default_packages_debian is not defined
@ -30,12 +26,6 @@
fail: msg="Missing variable disable_ipv6"
when: disable_ipv6 is not defined
# SSH
- name: Deploy SSH keys
tags: ssh_keys
authorized_key: user=root key="{{item}}"
with_items: "{{ admin_ssh_keys }}"
# Packages
- name: Install default packages Debian.

+ 34
- 0
roles/ssh-keys/tasks/main.yml View File

@ -0,0 +1,34 @@
---
# Synchronization des clefs SSH avec option de suppression via admin_blacklist_ssh_keys
# En utilisant la variable hash_behaviour = merge dans la configuration ansible,
# permet de deployer differentes clefs sur differentes serveurs en mergeant les dictionnaire
- name: Check vars
fail:
msg: "Missing variable admin_ssh_keys"
tags: ssh_keys
when: admin_ssh_keys is not defined
- name: Install libselinux-python needed for centos
tags: ssh_keys
yum:
name: libselinux-python
state: installed
when: ansible_distribution == 'CentOS'
- name: Remove old SSH keys
tags: ssh_keys
authorized_key:
user: root
key: "{{ item.value }}"
state: absent
with_dict: "{{ admin_blacklist_ssh_keys }}"
when: admin_blacklist_ssh_keys is defined
- name: Deploy SSH keys
tags: ssh_keys
authorized_key:
user: root
key: "{{ item.value }}"
state: present
with_dict: "{{ admin_ssh_keys }}"

Write Preview
Loading…
Cancel
Save