Working on basics
This commit is contained in:
parent
ad70b4aca0
commit
9cc70a00e6
21
README.md
Normal file
21
README.md
Normal file
@ -0,0 +1,21 @@
|
||||
# Salt's Ansible Repository
|
||||
|
||||
Useful for management across all of 9iron, thefuck, and desu.
|
||||
|
||||
## Deployment
|
||||
|
||||
Adding a new server will require the following be fulfilled:
|
||||
|
||||
* The server is accessible from the Ansible host;
|
||||
|
||||
* The server has a user named `ansible` which:
|
||||
|
||||
* Accepts the public key located in `contrib/desu.pub`; and
|
||||
|
||||
* Has passwordless sudo capabilities as root
|
||||
|
||||
* The server is added to `inventory/hosts.yml` in an appropriate place; and
|
||||
|
||||
* The server is running Ubuntu 18.04 or greater (20.04 recommended)
|
||||
|
||||
From there, running the playbook `site.yml` should get the machine up to snuff. To automate the host-local steps, use the script file `contrib/bootstrap.sh`.
|
15
ansible.cfg
Normal file
15
ansible.cfg
Normal file
@ -0,0 +1,15 @@
|
||||
[defaults]
|
||||
interpreter_python = python3
|
||||
inventory = inventory
|
||||
roles_path = roles
|
||||
private_key_file = ~/.ssh/desu
|
||||
host_key_checking = false # I'm constantly spinning machines up and down; no time for this
|
||||
#ask_become_pass = true
|
||||
#ask_vault_pass = true
|
||||
command_warnings = true
|
||||
#deprecation_warnings = false
|
||||
system_warnings = true
|
||||
|
||||
[ssh_connection]
|
||||
pipelining = true
|
||||
ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
|
52
contrib/bootstrap.sh
Executable file
52
contrib/bootstrap.sh
Executable file
@ -0,0 +1,52 @@
|
||||
#! /bin/sh
|
||||
#
|
||||
# bootstrap.sh
|
||||
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
||||
#
|
||||
# Distributed under terms of the MIT license.
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
if [ "$(id -u)" != "0" ]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [ -f "./desu.pub" ]; then
|
||||
echo "The public key \"desu.pub\" must sit in PWD. cd to contrib"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
echo "Adding ansible user..."
|
||||
|
||||
if ! useradd ansible > /dev/null 2>&1; then
|
||||
err=$?
|
||||
case $err in
|
||||
0)
|
||||
;;
|
||||
9)
|
||||
echo "Continuing..."
|
||||
;;
|
||||
*)
|
||||
echo "Encountered error $err adding user ansible"
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
echo "Adding key..."
|
||||
|
||||
mkdir -p ~ansible/.ssh
|
||||
cat ./desu.pub > ~ansible/.ssh/authorized_keys
|
||||
|
||||
echo "Fixing perms..."
|
||||
|
||||
chmod 0600 ~ansible/.ssh/authorized_keys
|
||||
chown -R ansible. ~ansible/.ssh
|
||||
cat > /etc/sudoers.d/50-ansible << EOF
|
||||
ansible ALL=(ALL:ALL) NOPASSWD:ALL
|
||||
EOF
|
||||
|
||||
echo "Done!"
|
||||
|
1
contrib/desu.pub
Normal file
1
contrib/desu.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible
|
9
inventory/hosts.yml
Normal file
9
inventory/hosts.yml
Normal file
@ -0,0 +1,9 @@
|
||||
# vim:ft=ansible:
|
||||
all:
|
||||
vars:
|
||||
ansible_user: ansible
|
||||
children:
|
||||
web:
|
||||
hosts:
|
||||
web1.test.desu.ltd:
|
||||
ansible_host: 192.168.122.214
|
4
roles/common/tasks/main.yml
Normal file
4
roles/common/tasks/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
- name: configure basic packages
|
||||
include_tasks: packages.yml
|
26
roles/common/tasks/packages.yml
Normal file
26
roles/common/tasks/packages.yml
Normal file
@ -0,0 +1,26 @@
|
||||
#!/usr/bin/ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
- name: configure packages via apt
|
||||
block:
|
||||
- name: update apt packages
|
||||
apt: upgrade=yes update_cache=yes cache_valid_time=86400
|
||||
- name: install basic packages
|
||||
apt:
|
||||
name:
|
||||
- acl
|
||||
- apt-file
|
||||
- aptitude
|
||||
- awscli
|
||||
- htop
|
||||
- ncdu
|
||||
- net-tools
|
||||
- openssh-server
|
||||
- pwgen
|
||||
- python3-apt
|
||||
- screen
|
||||
- vim
|
||||
- whois
|
||||
- name: remove basic packages
|
||||
apt: state=absent name=unattended-upgrades
|
||||
become: yes
|
||||
when: ansible_os_family == "Debian"
|
Loading…
Reference in New Issue
Block a user