Ревізії setup-ansible.md

Gjorret ревизій цього gist 8 months ago. До ревизії

1 file changed, 18 insertions

setup-ansible.md

			@@ -15,6 +15,24 @@ echo 'ansible ALL=(ALL) NOPASSWD: ALL' \| sudo tee /etc/sudoers.d/ansible
15	15		sudo chmod 440 /etc/sudoers.d/ansible
16	16		```
17	17
	18	+	# Deploy runbook
	19	+	Run the following runbook with e.g.
	20	+	```sh
	21	+	ansible-playbook -i hosts.ini default-installation.yml
	22	+	```
	23	+
	24	+	# hosts.ini
	25	+	```yaml
	26	+	root@ansible:~/ansible# cat hosts.ini
	27	+	[logservers]
	28	+	log1.h0me.dk ansible_user=ansible
	29	+	log2.h0me.dk ansible_user=ansible
	30	+	log3.h0me.dk ansible_user=ansible
	31	+	log4.h0me.dk ansible_user=ansible
	32	+	log5.h0me.dk ansible_user=ansible
	33	+	log6.h0me.dk ansible_user=ansible
	34	+	```
	35	+
18	36		# Default ansible runbook:
19	37		Just an example of simple runbook.
20	38		Requires .zshrc file

Gjorret ревизій цього gist 8 months ago. До ревизії

1 file changed, 99 insertions

setup-ansible.md(файл створено)

		@@ -0,0 +1,99 @@
1	+	# Account
2	+	Run this on the server end server to add ansible user with outpassword, ssh key only.
3	+	```sh
4	+	sudo adduser --disabled-password --gecos "" ansible
5	+	sudo usermod -aG sudo ansible
6	+	sudo mkdir -p /home/ansible/.ssh
7	+	sudo chown ansible:ansible /home/ansible/.ssh
8	+	sudo chmod 700 /home/ansible/.ssh
9	+	echo '<ssh-key>
10	+	' \| sudo tee /home/ansible/.ssh/authorized_keys
11	+	sudo chown ansible:ansible /home/ansible/.ssh/authorized_keys
12	+	sudo chmod 600 /home/ansible/.ssh/authorized_keys
13	+	sudo passwd -l ansible
14	+	echo 'ansible ALL=(ALL) NOPASSWD: ALL' \| sudo tee /etc/sudoers.d/ansible
15	+	sudo chmod 440 /etc/sudoers.d/ansible
16	+	```
17	+
18	+	# Default ansible runbook:
19	+	Just an example of simple runbook.
20	+	Requires .zshrc file
21	+
22	+	```yaml
23	+	root@ansible:~/ansible# cat default-installation.yml
24	+	- name: Install default stuff
25	+	hosts: logservers,otherservers
26	+	become: true
27	+	tasks:
28	+	- name: Update APT package cache
29	+	apt:
30	+	update_cache: yes
31	+	cache_valid_time: 3600 # Only re-check if cache is older than 1 hour
32	+
33	+	- name: Upgrade all packages
34	+	apt:
35	+	upgrade: dist
36	+
37	+	- name: Autoremove unused packages
38	+	apt:
39	+	autoremove: yes
40	+
41	+	- name: Install apps with apt
42	+	apt:
43	+	name:
44	+	- ipcalc
45	+	- zsh
46	+	- fortune
47	+	- cowsay
48	+	- chroma
49	+	- python3-pygments
50	+	- tmux
51	+	- qemu-guest-agent
52	+	# - default-jdk
53	+
54	+	state: present
55	+	update_cache: true
56	+
57	+	- name: Set zsh as default shell for rasmus
58	+	user:
59	+	name: rasmus
60	+	shell: /usr/bin/zsh
61	+
62	+	- name: Install oh-my-zsh for rasmus (root install method)
63	+	shell: \|
64	+	curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh \| bash -s -- --unattended
65	+	args:
66	+	chdir: /home/rasmus
67	+	executable: /bin/bash
68	+	creates: /home/rasmus/.oh-my-zsh
69	+	environment:
70	+	HOME: /home/rasmus
71	+
72	+	- name: Fix ownership of oh-my-zsh files for rasmus
73	+	file:
74	+	path: /home/rasmus/.oh-my-zsh
75	+	state: directory
76	+	recurse: true
77	+	owner: rasmus
78	+	group: rasmus
79	+
80	+	- name: Copy custom .zshrc to rasmus' home
81	+	copy:
82	+	src: files/zshrc
83	+	dest: /home/rasmus/.zshrc
84	+	owner: rasmus
85	+	group: rasmus
86	+	mode: '0644'
87	+
88	+	- name: Ensure .ssh directory exists for rasmus
89	+	file:
90	+	path: /home/rasmus/.ssh
91	+	state: directory
92	+	owner: rasmus
93	+	group: rasmus
94	+	mode: '0700'
95	+
96	+	- name: Add SSH keys from laptop and workstation to rasmus' authorized_keys
97	+	authorized_key:
98	+	user: rasmus
99	+	```

Новіше Пізніше