From 9cc70a00e6509d58326939cd04a2b9238d2d7180 Mon Sep 17 00:00:00 2001 From: Salt Date: Sat, 17 Oct 2020 00:21:57 -0500 Subject: [PATCH] Working on basics --- README.md | 21 +++++++++++++ ansible.cfg | 15 ++++++++++ contrib/bootstrap.sh | 52 +++++++++++++++++++++++++++++++++ contrib/desu.pub | 1 + inventory/hosts.yml | 9 ++++++ roles/common/tasks/main.yml | 4 +++ roles/common/tasks/packages.yml | 26 +++++++++++++++++ site.yml | 5 ++++ 8 files changed, 133 insertions(+) create mode 100644 README.md create mode 100644 ansible.cfg create mode 100755 contrib/bootstrap.sh create mode 100644 contrib/desu.pub create mode 100644 inventory/hosts.yml create mode 100644 roles/common/tasks/main.yml create mode 100644 roles/common/tasks/packages.yml create mode 100755 site.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..0f6dd03 --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +# Salt's Ansible Repository + +Useful for management across all of 9iron, thefuck, and desu. + +## Deployment + +Adding a new server will require the following be fulfilled: + +* The server is accessible from the Ansible host; + +* The server has a user named `ansible` which: + + * Accepts the public key located in `contrib/desu.pub`; and + + * Has passwordless sudo capabilities as root + +* The server is added to `inventory/hosts.yml` in an appropriate place; and + +* The server is running Ubuntu 18.04 or greater (20.04 recommended) + +From there, running the playbook `site.yml` should get the machine up to snuff. To automate the host-local steps, use the script file `contrib/bootstrap.sh`. diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..da26a1c --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,15 @@ +[defaults] +interpreter_python = python3 +inventory = inventory +roles_path = roles +private_key_file = ~/.ssh/desu +host_key_checking = false # I'm constantly spinning machines up and down; no time for this +#ask_become_pass = true +#ask_vault_pass = true +command_warnings = true +#deprecation_warnings = false +system_warnings = true + +[ssh_connection] +pipelining = true +ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no diff --git a/contrib/bootstrap.sh b/contrib/bootstrap.sh new file mode 100755 index 0000000..8f7de25 --- /dev/null +++ b/contrib/bootstrap.sh @@ -0,0 +1,52 @@ +#! /bin/sh +# +# bootstrap.sh +# Copyright (C) 2020 Vintage Salt +# +# Distributed under terms of the MIT license. +# + +set -e + +if [ "$(id -u)" != "0" ]; then + echo "This script must be run as root" + exit 1 +fi + +if ! [ -f "./desu.pub" ]; then + echo "The public key \"desu.pub\" must sit in PWD. cd to contrib" + exit 2 +fi + +echo "Adding ansible user..." + +if ! useradd ansible > /dev/null 2>&1; then + err=$? + case $err in + 0) + ;; + 9) + echo "Continuing..." + ;; + *) + echo "Encountered error $err adding user ansible" + exit 3 + ;; + esac +fi + +echo "Adding key..." + +mkdir -p ~ansible/.ssh +cat ./desu.pub > ~ansible/.ssh/authorized_keys + +echo "Fixing perms..." + +chmod 0600 ~ansible/.ssh/authorized_keys +chown -R ansible. ~ansible/.ssh +cat > /etc/sudoers.d/50-ansible << EOF +ansible ALL=(ALL:ALL) NOPASSWD:ALL +EOF + +echo "Done!" + diff --git a/contrib/desu.pub b/contrib/desu.pub new file mode 100644 index 0000000..544a989 --- /dev/null +++ b/contrib/desu.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible diff --git a/inventory/hosts.yml b/inventory/hosts.yml new file mode 100644 index 0000000..d2dd938 --- /dev/null +++ b/inventory/hosts.yml @@ -0,0 +1,9 @@ +# vim:ft=ansible: +all: + vars: + ansible_user: ansible + children: + web: + hosts: + web1.test.desu.ltd: + ansible_host: 192.168.122.214 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..15675c7 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,4 @@ +#!/usr/bin/ansible-playbook +# vim:ft=ansible: +- name: configure basic packages + include_tasks: packages.yml diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml new file mode 100644 index 0000000..00a3097 --- /dev/null +++ b/roles/common/tasks/packages.yml @@ -0,0 +1,26 @@ +#!/usr/bin/ansible-playbook +# vim:ft=ansible: +- name: configure packages via apt + block: + - name: update apt packages + apt: upgrade=yes update_cache=yes cache_valid_time=86400 + - name: install basic packages + apt: + name: + - acl + - apt-file + - aptitude + - awscli + - htop + - ncdu + - net-tools + - openssh-server + - pwgen + - python3-apt + - screen + - vim + - whois + - name: remove basic packages + apt: state=absent name=unattended-upgrades + become: yes + when: ansible_os_family == "Debian" diff --git a/site.yml b/site.yml new file mode 100755 index 0000000..1e9a74d --- /dev/null +++ b/site.yml @@ -0,0 +1,5 @@ +#!/usr/bin/env ansible-playbook +# vim:ft=ansible: +- hosts: all + roles: + - role: common