-
Notifications
You must be signed in to change notification settings - Fork 1
/
install-ansible-prereqs.yml
119 lines (101 loc) · 4.02 KB
/
install-ansible-prereqs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
# deploy ssh key and make sudo work without password
# install 'sshpass' package first on your local system
# ssh -o UserKnownHostsFile=./known_hosts <user>@<host>
# ansible all --ask-pass --ssh-common-args='-o UserKnownHostsFile=./known_hosts' -m ping -i <host>, -u <username>
# ^^^ the comma is required
# ansible-playbook -i <host>, -u <username> --ask-pass --ask-become-pass --ssh-common-args='-o UserKnownHostsFile=./known_hosts' install-ansible-prereqs.yml
# ^^^ the comma is required
# rm -f ./known_hosts
- hosts: all
become: no
gather_facts: False
tasks:
- name: create ssh directory
file: path=.ssh state=directory mode=0700
# this will OVERWRITE existing ssh keys!
- name: install ssh key
copy: src=~/.ssh/id_rsa.pub dest=.ssh/authorized_keys mode=0700
# FIXME: Debian versus Red Hat
- hosts: all
# will be selected on a per-task basis, to accomodate different methods
become: no
tasks:
- block:
- name: install sudo (Red Hat)
yum: name={{ item }} state=present
with_items:
- sudo
become: true
become_method: su
become_user: root
- name: add user to 'wheel' group (Red Hat)
user:
name: "{{ ansible_user }}"
group: wheel
become: true
become_method: su
become_user: root
- name: add group to /etc/sudoers file without password (Red Hat)
# this will overwrite the first line which starts with %wheel
lineinfile: "dest=/etc/sudoers state=present regexp='^%wheel' line='%wheel ALL=(ALL) NOPASSWD: ALL'"
become: true
become_method: sudo
become_user: root
when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
- block:
- name: read /etc/group entries
shell: "/usr/bin/getent group | grep ^sudo{{':'}} | cut -f4 -d{{':'}}"
register: etc_group
changed_when: false
- name: Split group members
set_fact:
etc_group_members: "{{ etc_group.stdout.split(',') }}"
changed_when: false
- block:
# the current user is not in /etc/group in the sudo group
# we assume that 'su' works
- name: install sudo (Debian)
apt: name={{ item }} state=present
with_items:
- sudo
become: true
become_method: su
become_user: root
- name: add user to 'sudo' group (Debian)
user:
name: "{{ ansible_user }}"
group: sudo
become: true
become_method: su
become_user: root
- name: add group to /etc/sudoers file without password (Debian)
# this will overwrite the first line which starts with %sudo
lineinfile: "dest=/etc/sudoers state=present regexp='^%sudo' line='%sudo ALL=(ALL) NOPASSWD: ALL'"
become: true
become_method: su
become_user: root
when: ansible_user not in etc_group_members
- block:
# the current user is already in /etc/group in the sudo group
# we assume that 'sudo' works, but maybe with password
- name: add group to /etc/sudoers file without password (Debian)
# this will overwrite the first line which starts with %sudo
lineinfile: "dest=/etc/sudoers state=present regexp='^%sudo' line='%sudo ALL=(ALL) NOPASSWD: ALL'"
become: true
become_method: sudo
become_user: root
when: ansible_user in etc_group_members
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
- name: create .bash_history if not exist
copy:
dest: /home/{{ ansible_user }}/.bash_history
content: ""
force: no
become: false
- name: add sudo line to bash history
lineinfile:
dest: /home/{{ ansible_user }}/.bash_history
line: "sudo /bin/bash --login"
state: "present"
become: false