update ns.xai-corp.net and managed_setup

2017-05-22 23:37:43 -04:00
parent b0c52090a8
commit 3866d4c17b
8 changed files with 100 additions and 32 deletions
--- a/managed_setup.yml
+++ b/managed_setup.yml
@@ -0,0 +1,60 @@
+# playbook for all managed hosts
+
+# ansible-playbook managed_setup.yml -v --ask-become -u richard --ask-pass
+
+
+- hosts: managed
+#  remote_user: ansible
+  gather_facts: yes
+  become: true
+
+  vars:
+    - users:
+      - name: "ansible"
+        state: present
+        shell: /bin/bash
+        createhome: yes
+        generate_ssh_key: yes
+        password: "$6$7z7PfYwduXom0o73$DEiy3K15URNNjmKkOQIwx8/mFKArUNYkFn8D/4q6t/eP9hf1X9jnG4YuSjI7q1Dnp1HwukZUxZY7cF2JK5DO/."
+        ssh_keys:
+          - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024"
+        uid: "1001"
+        groups:
+          - sudo
+      - name: "richard"
+        state: present
+        shell: /bin/bash
+        createhome: yes
+        generate_ssh_key: yes
+        password: "$6$yNKLUxX0$lxy/jaJI7cKCq5j.KondUalu9r96gUeRR//5qciZ/RX9z9PGSpbU9j7OsxaOzqV5uLeQ9ouIe8quo/2YqKE46/"
+        ssh_keys:
+          - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAmJSdmj03d4fnZUuRByevPDNiReEk1fRL+7F9WPCo5zn+r5Oj84HXxd4P03DNXeGSBYmUAnsTqYEGdkjkpSrKfMm9bv8amL7hUC+Mzb+wOmXmyX1cw/SearYCBQRCz1s5p7I9+PO7XWaC0VJ99LUm1Bp4JM149U5X0Y3M2j2XV+0= RSA-1024
+        uid: "1000"
+        groups:
+          - sudo
+    - users_groups:
+
+    - datadog_api_key: ca0faf176c4aedd4f547ed7cf85615eb
+
+  # prepare python for ansible
+  pre_tasks:
+    - raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
+    - setup: # aka gather_facts
+    - name: Creates .ssh directory
+      file: path=~/.ssh state=directory mode=600
+
+    - debug: var=ansible_os_family
+
+  roles:
+    - novuso.users
+    - user-richard
+#    - Datadog.datadog #does not support armhf architecture. should switch to fluentd or logstash
+
+  tasks:
+    - name: add ansible to sudoers
+      lineinfile:
+        dest: /etc/sudoers
+        state: present
+        regexp: '^ansible ALL='
+        line: 'ansible ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'