Working on basics
This commit is contained in:
parent
ad70b4aca0
commit
9cc70a00e6
21
README.md
Normal file
21
README.md
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
# Salt's Ansible Repository
|
||||||
|
|
||||||
|
Useful for management across all of 9iron, thefuck, and desu.
|
||||||
|
|
||||||
|
## Deployment
|
||||||
|
|
||||||
|
Adding a new server will require the following be fulfilled:
|
||||||
|
|
||||||
|
* The server is accessible from the Ansible host;
|
||||||
|
|
||||||
|
* The server has a user named `ansible` which:
|
||||||
|
|
||||||
|
* Accepts the public key located in `contrib/desu.pub`; and
|
||||||
|
|
||||||
|
* Has passwordless sudo capabilities as root
|
||||||
|
|
||||||
|
* The server is added to `inventory/hosts.yml` in an appropriate place; and
|
||||||
|
|
||||||
|
* The server is running Ubuntu 18.04 or greater (20.04 recommended)
|
||||||
|
|
||||||
|
From there, running the playbook `site.yml` should get the machine up to snuff. To automate the host-local steps, use the script file `contrib/bootstrap.sh`.
|
15
ansible.cfg
Normal file
15
ansible.cfg
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
[defaults]
|
||||||
|
interpreter_python = python3
|
||||||
|
inventory = inventory
|
||||||
|
roles_path = roles
|
||||||
|
private_key_file = ~/.ssh/desu
|
||||||
|
host_key_checking = false # I'm constantly spinning machines up and down; no time for this
|
||||||
|
#ask_become_pass = true
|
||||||
|
#ask_vault_pass = true
|
||||||
|
command_warnings = true
|
||||||
|
#deprecation_warnings = false
|
||||||
|
system_warnings = true
|
||||||
|
|
||||||
|
[ssh_connection]
|
||||||
|
pipelining = true
|
||||||
|
ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
|
52
contrib/bootstrap.sh
Executable file
52
contrib/bootstrap.sh
Executable file
@ -0,0 +1,52 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# bootstrap.sh
|
||||||
|
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
|
||||||
|
#
|
||||||
|
# Distributed under terms of the MIT license.
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ "$(id -u)" != "0" ]; then
|
||||||
|
echo "This script must be run as root"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! [ -f "./desu.pub" ]; then
|
||||||
|
echo "The public key \"desu.pub\" must sit in PWD. cd to contrib"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Adding ansible user..."
|
||||||
|
|
||||||
|
if ! useradd ansible > /dev/null 2>&1; then
|
||||||
|
err=$?
|
||||||
|
case $err in
|
||||||
|
0)
|
||||||
|
;;
|
||||||
|
9)
|
||||||
|
echo "Continuing..."
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Encountered error $err adding user ansible"
|
||||||
|
exit 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Adding key..."
|
||||||
|
|
||||||
|
mkdir -p ~ansible/.ssh
|
||||||
|
cat ./desu.pub > ~ansible/.ssh/authorized_keys
|
||||||
|
|
||||||
|
echo "Fixing perms..."
|
||||||
|
|
||||||
|
chmod 0600 ~ansible/.ssh/authorized_keys
|
||||||
|
chown -R ansible. ~ansible/.ssh
|
||||||
|
cat > /etc/sudoers.d/50-ansible << EOF
|
||||||
|
ansible ALL=(ALL:ALL) NOPASSWD:ALL
|
||||||
|
EOF
|
||||||
|
|
||||||
|
echo "Done!"
|
||||||
|
|
1
contrib/desu.pub
Normal file
1
contrib/desu.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible
|
9
inventory/hosts.yml
Normal file
9
inventory/hosts.yml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
# vim:ft=ansible:
|
||||||
|
all:
|
||||||
|
vars:
|
||||||
|
ansible_user: ansible
|
||||||
|
children:
|
||||||
|
web:
|
||||||
|
hosts:
|
||||||
|
web1.test.desu.ltd:
|
||||||
|
ansible_host: 192.168.122.214
|
4
roles/common/tasks/main.yml
Normal file
4
roles/common/tasks/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/bin/ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: configure basic packages
|
||||||
|
include_tasks: packages.yml
|
26
roles/common/tasks/packages.yml
Normal file
26
roles/common/tasks/packages.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#!/usr/bin/ansible-playbook
|
||||||
|
# vim:ft=ansible:
|
||||||
|
- name: configure packages via apt
|
||||||
|
block:
|
||||||
|
- name: update apt packages
|
||||||
|
apt: upgrade=yes update_cache=yes cache_valid_time=86400
|
||||||
|
- name: install basic packages
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- acl
|
||||||
|
- apt-file
|
||||||
|
- aptitude
|
||||||
|
- awscli
|
||||||
|
- htop
|
||||||
|
- ncdu
|
||||||
|
- net-tools
|
||||||
|
- openssh-server
|
||||||
|
- pwgen
|
||||||
|
- python3-apt
|
||||||
|
- screen
|
||||||
|
- vim
|
||||||
|
- whois
|
||||||
|
- name: remove basic packages
|
||||||
|
apt: state=absent name=unattended-upgrades
|
||||||
|
become: yes
|
||||||
|
when: ansible_os_family == "Debian"
|
Loading…
Reference in New Issue
Block a user