From 8f15bf4f2bfc96fecbdc34ce0d8677779058e0a9 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 16 Jun 2020 10:04:54 -0500 Subject: [PATCH] Make some tweaks, actually add our Ansible user --- localhost-deploy.sh | 7 ++++--- roles/common/tasks/ansibleuser.yml | 7 +++++++ roles/common/templates/90-ansible.cfg | 3 +++ 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 roles/common/templates/90-ansible.cfg diff --git a/localhost-deploy.sh b/localhost-deploy.sh index 7f4b4b3..9bb9d6f 100755 --- a/localhost-deploy.sh +++ b/localhost-deploy.sh @@ -1,6 +1,7 @@ -#! /bin/sh +#! /bin/bash # -# deploy.sh +# localhost-deploy.sh +# Deploys configs for local machine and only local machine # Copyright (C) 2020 Vintage Salt # # Distributed under terms of the MIT license. @@ -11,5 +12,5 @@ if ! command -v ansible > /dev/null 2>&1; then sudo apt-get install python3-pip python3-setuptools -y sudo pip3 install ansible fi -ansible-playbook home.yml --ask-vault-pass --ask-become-pass "$@" +ansible-playbook site.yml -l "$HOSTNAME" -e "ansible_user=$USER" --ask-become-pass --ask-vault-pass "$@" diff --git a/roles/common/tasks/ansibleuser.yml b/roles/common/tasks/ansibleuser.yml index abf52ab..8282f14 100644 --- a/roles/common/tasks/ansibleuser.yml +++ b/roles/common/tasks/ansibleuser.yml @@ -8,8 +8,15 @@ groups: sudo password_lock: yes system: yes + become: yes - name: Add Ansible key to user authorized_key: user: ansible manage_dir: yes key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= ansible" + - name: Add Ansible user sudoers rule + template: + src: 90-ansible.cfg + dest: "/etc/sudoers.d/90-ansible.cfg + mode: "0440" + become: yes diff --git a/roles/common/templates/90-ansible.cfg b/roles/common/templates/90-ansible.cfg new file mode 100644 index 0000000..809567b --- /dev/null +++ b/roles/common/templates/90-ansible.cfg @@ -0,0 +1,3 @@ +# Managed by Ansible + +ansible ALL=(ALL) NOPASSWD:ALL