crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[root] split root play and deploy root password

certbot_on_virtu
_shirenn 2021-02-22 09:18:39 +01:00 committed by ynerant
parent 0c3e56fc2c
commit f5e7405188
7 changed files with 59 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all/root.yml 100644
View File

@ -0,0 +1,3 @@
---
glob_root:
passwd_hash: '{{ vault.root_passwd_hash }}'

5
plays/baie.yml 100755
View File

@ -0,0 +1,5 @@
#!/usr/bin/env ansible-playbook
---
- hosts: baie
roles:
- baie

40
plays/root.yml
View File

@ -20,35 +20,16 @@
insertafter: '127.0.0.1 localhost' insertafter: '127.0.0.1 localhost'
when: check_mirror.found == 0 when: check_mirror.found == 0
- hosts: baie
roles:
- baie
- hosts: virtu - hosts: virtu
roles: roles:
- proxmox-apt-sources - proxmox-apt-sources
- hosts: server - hosts: server
vars:
# # Will be in /usr/scripts/
# crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
# crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
roles: roles:
- debian-apt-sources - debian-apt-sources
- common-tools
- sudo
- ntp-client
# - crans-scripts
- root-config
- ssh_known_hosts
- hosts: crans_vm
roles:
- qemu-guest-agent
- serial-tty
- import_playbook: baie.yml
- import_playbook: utilities.yml
- import_playbook: slapd.yml - import_playbook: slapd.yml
- hosts: server - hosts: server
@ -61,21 +42,8 @@
roles: roles:
- home-nounous - home-nounous
- hosts: server,!virtu - import_playbook: scripts.yml
roles: - import_playbook: vm-setup.yml
- openssh
- hosts: crans_vm
tasks:
- name: Remove cloud-init
apt:
name: cloud-init
state: absent
purge: true
register: apt_result
retries: 3
until: apt_result is succeeded
- import_playbook: borgbackup_client.yml - import_playbook: borgbackup_client.yml
- import_playbook: monitoring.yml - import_playbook: monitoring.yml
- import_playbook: network_interfaces.yml - import_playbook: network_interfaces.yml

7
plays/scripts.yml 100755
View File

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: server
vars:
crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
roles:
- crans-scripts

17
plays/utilities.yml 100755
View File

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
- hosts: server
vars:
root: '{{ glob_root | default({}) | combine(loc_root | default({})) }}'
ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
roles:
- root
- common-tools
- sudo
- ntp-client
- root-config
- ssh_known_hosts
- hosts: server,!virtu
roles:
- openssh

17
plays/vm_setup 100755
View File

@ -0,0 +1,17 @@
#!/usr/bin/env ansible-playbook
---
- hosts: crans_vm
roles:
- qemu-guest-agent
- serial-tty
- hosts: crans_vm
tasks:
- name: Remove cloud-init
apt:
name: cloud-init
state: absent
purge: true
register: apt_result
retries: 3
until: apt_result is succeeded

6
roles/root/tasks/main.yml 100644
View File

@ -0,0 +1,6 @@
---
- name: Deploys root password hash
replace:
path: /etc/shadow
regexp: '^root:[^:]*:'
replace: 'root:{{ root.passwd_hash }}:'