Reorganize, add cockpit role

2019-10-11 14:08:22 -05:00 · 2019-10-11 14:08:22 -05:00 · 86562b3ccc
commit 86562b3ccc
parent 52fd78e28b
9 changed files with 58 additions and 7 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,6 +1,5 @@
 [defaults]
-#inventory = hosts
-inventory = ec2.py
+inventory = inventory
 remote_user = ubuntu
 private_key_file = ~/.ssh/ansible
 ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
--- a/provision.yml
+++ b/provision.yml
@ -4,9 +4,8 @@
 - hosts: ec2
  roles:
    - common
- hosts: tag_userlogon_true
+- hosts: tag_role_cockpit
  roles:
    - user
- hosts: tag_ansiblehost_true
-  roles:
    - ansiblehost
+    - cockpit
--- a/inventory/ec2.ini
+++ b/inventory/ec2.ini
--- a/inventory/ec2.py
+++ b/inventory/ec2.py
--- a/roles/cockpit/files/ansiblekey
+++ b/roles/cockpit/files/ansiblekey
@ -0,0 +1 @@
+../../ansiblehost/files/ansiblekey
--- a/roles/cockpit/meta/main.yml
+++ b/roles/cockpit/meta/main.yml
@ -0,0 +1,2 @@
+---
+allow_duplicates: no
--- a/roles/cockpit/tasks/main.yml
+++ b/roles/cockpit/tasks/main.yml
@ -0,0 +1,23 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Install Cockpit-required packages via apt
+  apt:
+    name: "{{ packages }}"
+  vars:
+    packages:
+    - cockpit
+  become: true
+- name: Copy Ansible private key
+  copy:
+    src: "{{ role_path }}/files/ansiblekey"
+    dest: ~/.ssh/id_rsa
+    mode: 0600
+  become: true
+  become_user: cockpit
+- name: Add configs for all EC2 instances
+  # TODO: https://docs.ansible.com/ansible/latest/modules/template_module.html
+  debug:
+    msg: "{{ item }}"
+  with_inventory_hostnames:
+    - ec2
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -15,3 +15,18 @@
    packages:
    - vim
  become: true
+- name: Assure Cockpit user
+  user:
+    name: cockpit
+    shell: /bin/bash
+    groups: sudo
+    append: yes
+  become: yes
+- name: Authorize key for Cockpit user
+  authorized_key:
+    user: cockpit
+    state: present
+    manage_dir: yes
+    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= salt@dsk-cstm-0"
+  become: yes
+  become_user: cockpit
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@ -1,11 +1,23 @@
 #!/usr/bin/ansible-playbook
 # vim:ft=ansible:
 ---
- name: Initialize user salt
+- name: Assure user salt
+  vars:
+    salt_pass: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        37666131343936663962386535343939373161343337383436613961303637376136633736353533
+        3366623536646563383563373265313134663464396231370a303033353661336436386561366139
+        30393536393634653566646636366436656435623534626266343632313336336336346131383361
+        3366343932383930350a383637646261373135376138633533306530306339316235353262356135
+        34626466363266616265653064333365663663306330666632343864373335626265323230633331
+        33623431633665353964623437636231623366383733626266353162633762373035376638663936
+        62383065653836366431316461663862393130653761643937376565366435646665313961663534
+        64303363653631653433343361616635373966326433663466636164613062343561333036613937
+        35616666633737356331653632323639373330396433366639326466373639313630
  user:
    name: salt
    shell: /bin/bash
-    password: "***REMOVED***"
+    password: "{{ salt_pass }}"
    groups: sudo
    append: yes
  become: yes