update_hosts.yml with motd, login page and rsyslog config

2021-12-22 15:12:51 -05:00
parent ebae058a0b
commit 14f8936790
16 changed files with 589 additions and 5 deletions
--- a/ansible-5/playbooks/bootstrap.yaml
+++ b/ansible-5/playbooks/bootstrap.yaml
@@ -5,6 +5,9 @@
  gather_facts: false
 #  become: true

+  vars:
+    authorized_ssh_keys:
+
  pre_tasks:
 #    - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
    - setup: # aka gather_facts
@@ -37,14 +40,58 @@
        uid: "1001"
        groups:
          - sudo
-#        generate_ssh_key: yes
-#        ssh_keys:
-#          - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024"
+
+    - name: Add the user 'richard'
+      become: true
+      ansible.builtin.user:
+        name: richard
+        state: present
+        shell: /bin/bash
+        create_home: yes
+        password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
+        uid: "1000"
+        groups:
+          - sudo

    - name: Add the authorized key for 'ansible'
      become: true
      ansible.posix.authorized_key:
        user: ansible
        state: present
-        key: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024"
-#        key: "{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}"
+        exclusive: yes
+        key: !vault |
+           $ANSIBLE_VAULT;1.1;AES256
+           64646433313163316163633030333230653437336365363433656332323463376233306162316139
+           6531393536343433653164666162373930393630376564310a393232323031633037313335356432
+           62323763663334393339366537393931613161323537323030623234633631613030623864663162
+           3331373335326664310a313233306233373932323138343866623836646132363135653064636635
+           35616130343963663633623634626434633366393862376562393963343935623236313736656635
+           39343033306163343337313365393635306364653234343031373432346238366162313864616264
+           35313263646331303939376232383062323138373535633739393935396434313230613764363536
+           62346364326130386636353435626162636530353634316234386633613333626266353665356239
+           34626339333733333530373830623764613136363337653061663436633639346532306663303930
+           33313638363939373364373739396330666332353232663661373263373036636634323765633032
+           64346134356161383333313665356463363332613237313032656236303130323936333266333732
+           39656435356234353262373430633331316265316236386564326364616565666364666535353864
+           66313031366566396339333338333338386161303130303361396263396562623231313463623864
+           62666132613033633733336434373161316664626531336363306664373131303937383066363066
+           636534343631376365633666316534663932
+
+    - name: Add the authorized key for 'richard'
+      become: true
+      ansible.posix.authorized_key:
+        user: richard
+        state: present
+#        key: "{{ lookup('file', '/home/richard/.ssh/id_rsa.pub') }}"
+        key: "{{ item }}"
+      with_file:
+        - '/home/richard/.ssh/id_rsa.pub'
+
+    - name: add ansible to sudoers
+      become: true
+      lineinfile:
+        dest: /etc/sudoers
+        state: present
+        regexp: '^ansible ALL='
+        line: 'ansible ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
--- a/ansible-5/playbooks/update_hosts.yaml
+++ b/ansible-5/playbooks/update_hosts.yaml
@@ -0,0 +1,16 @@
+---
+# update the managed host machines
+
+- name: updates
+  hosts: managed
+  gather_facts: true
+
+  vars:
+
+  roles:
+    - role: common
+      become: true
+    - role: rsyslog
+      become: true
+
+  tasks: