replaced photon bootstrap script
This commit is contained in:
parent
c63e9d9538
commit
d37f6a4e45
|
@ -9,30 +9,66 @@
|
|||
repo: "https://github.com/freifunk-mwu/backend-scripts.git"
|
||||
accept_hostkey: yes
|
||||
|
||||
- name: generate host key
|
||||
shell: python3 ~/clones/backend-scripts/bootstrap_git_all.py
|
||||
args:
|
||||
creates: ~/.ssh/{{ansible_hostname}}_rsa
|
||||
register: keypair
|
||||
#- name: generate host key
|
||||
# shell: python3 ~/clones/backend-scripts/bootstrap_git_all.py
|
||||
# args:
|
||||
# creates: ~/.ssh/{{ansible_hostname}}_rsa
|
||||
# register: keypair
|
||||
|
||||
- block: # replaces backend script bootstrap_git_all.py
|
||||
- name: generate host key
|
||||
command: ssh-keygen -t ed25519 -N "" -f {{ansible_hostname}}_rsa
|
||||
args:
|
||||
chdir: ~/.ssh
|
||||
creates: ~/.ssh/{{ansible_hostname}}_rsa
|
||||
register: keypair
|
||||
|
||||
- name: generate ssh config entry
|
||||
blockinfile:
|
||||
block: |
|
||||
Host github_mwu
|
||||
User git
|
||||
Hostname github.com
|
||||
PreferredAuthentications publickey
|
||||
IdentityFile ~/.ssh/{{ansible_hostname}}_rsa
|
||||
create: yes
|
||||
dest: ~/.ssh/config
|
||||
marker: "# {mark} ANSIBLE MANAGED BLOCK github_mwu"
|
||||
mode: 0640
|
||||
|
||||
- name: change git user name
|
||||
git_config:
|
||||
scope: global
|
||||
name: "user.name"
|
||||
value: "{{ansible_hostname}}"
|
||||
|
||||
- name: change git user email
|
||||
git_config:
|
||||
scope: global
|
||||
name: "user.email"
|
||||
value: "{{ansible_hostname}}@{{ansible_fqdn}}"
|
||||
|
||||
# block end
|
||||
|
||||
# FIXME: activate with ansible 2.2 ...
|
||||
#- block:
|
||||
# - name: read new pubkey
|
||||
# shell: cat ~/.ssh/{{ansible_hostname}}_rsa.pub
|
||||
# register: ssh_pub_key
|
||||
#
|
||||
# - name: read existing secret from spinat
|
||||
# shell: cat ~/.ssh/spinat_rsa
|
||||
# register: github_access_token
|
||||
# delegate_to: spinat.freifunk-mwu.de
|
||||
#
|
||||
# - name: register new pubkey with github freifunkmwu account
|
||||
# github_key:
|
||||
# name: "Server {{ansible_hostname}}"
|
||||
# token: "{{github_access_token.stdout}}"
|
||||
# pubkey: "{{ssh_pub_key.stdout}}"
|
||||
#
|
||||
# when: keypair.changed
|
||||
- block:
|
||||
- name: read new pubkey
|
||||
shell: cat ~/.ssh/{{ansible_hostname}}_rsa.pub
|
||||
register: ssh_pub_key
|
||||
|
||||
- name: read existing token from spinat
|
||||
shell: cat ~/.ssh/github-ansible-token
|
||||
register: github_access_token
|
||||
delegate_to: spinat.freifunk-mwu.de
|
||||
|
||||
- name: register new pubkey with github freifunkmwu account
|
||||
github_key:
|
||||
name: "Server {{ansible_hostname}} automatic test"
|
||||
token: "{{github_access_token.stdout}}"
|
||||
pubkey: "{{ssh_pub_key.stdout}}"
|
||||
force: no
|
||||
|
||||
when: keypair.changed
|
||||
|
||||
- name: manage crontab - PATH
|
||||
cron: env=yes name=PATH value="/home/admin/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
|
||||
|
|
Loading…
Reference in a new issue