[root] split root play and deploy root password

2021-02-22 09:18:39 +01:00 · 2021-02-22 09:18:39 +01:00 · f5e7405188
parent 0c3e56fc2c
commit f5e7405188
7 changed files with 59 additions and 36 deletions
--- a/group_vars/all/root.yml
+++ b/group_vars/all/root.yml
@ -0,0 +1,3 @@
+---
+glob_root:
+  passwd_hash: '{{ vault.root_passwd_hash }}'
--- a/plays/baie.yml
+++ b/plays/baie.yml
@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: baie
+  roles:
+    - baie
--- a/plays/root.yml
+++ b/plays/root.yml
@ -20,35 +20,16 @@
        insertafter: '127.0.0.1 localhost'
      when: check_mirror.found == 0

- hosts: baie
-  roles:
-    - baie
-
 - hosts: virtu
  roles:
    - proxmox-apt-sources

 - hosts: server
-  vars:
-    # # Will be in /usr/scripts/
-    # crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
-
-    ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
-    # crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
  roles:
    - debian-apt-sources
-    - common-tools
-    - sudo
-    - ntp-client
-    # - crans-scripts
-    - root-config
-    - ssh_known_hosts
-
- hosts: crans_vm
-  roles:
-    - qemu-guest-agent
-    - serial-tty

+- import_playbook: baie.yml
+- import_playbook: utilities.yml
 - import_playbook: slapd.yml

 - hosts: server
@ -61,21 +42,8 @@
  roles:
    - home-nounous

- hosts: server,!virtu
-  roles:
-    - openssh
-
- hosts: crans_vm
-  tasks:
-    - name: Remove cloud-init
-      apt:
-        name: cloud-init
-        state: absent
-        purge: true
-      register: apt_result
-      retries: 3
-      until: apt_result is succeeded
-
+- import_playbook: scripts.yml
+- import_playbook: vm-setup.yml
 - import_playbook: borgbackup_client.yml
 - import_playbook: monitoring.yml
 - import_playbook: network_interfaces.yml
--- a/plays/scripts.yml
+++ b/plays/scripts.yml
@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: server
+  vars:
+    crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
+  roles:
+    - crans-scripts
--- a/plays/utilities.yml
+++ b/plays/utilities.yml
@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: server
+  vars:
+    root: '{{ glob_root | default({}) | combine(loc_root | default({})) }}'
+    ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
+  roles:
+    - root
+    - common-tools
+    - sudo
+    - ntp-client
+    - root-config
+    - ssh_known_hosts
+
+- hosts: server,!virtu
+  roles:
+    - openssh
--- a/plays/vm_setup
+++ b/plays/vm_setup
@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_vm
+  roles:
+    - qemu-guest-agent
+    - serial-tty
+
+- hosts: crans_vm
+  tasks:
+    - name: Remove cloud-init
+      apt:
+        name: cloud-init
+        state: absent
+        purge: true
+      register: apt_result
+      retries: 3
+      until: apt_result is succeeded
--- a/roles/root/tasks/main.yml
+++ b/roles/root/tasks/main.yml
@ -0,0 +1,6 @@
+---
+- name: Deploys root password hash
+  replace:
+    path: /etc/shadow
+    regexp: '^root:[^:]*:'
+    replace: 'root:{{ root.passwd_hash }}:'