some tweaks

2016-08-12 00:39:25 +02:00 · 2016-08-12 00:39:25 +02:00 · dcfd7a1aa4
commit dcfd7a1aa4
parent 39e6f7d0f2
3 changed files with 42 additions and 3 deletions
--- a/loctevm-reset-prereq.inc.yml
+++ b/loctevm-reset-prereq.inc.yml
@ -6,6 +6,36 @@
 - name: prepare escalation
  set_fact: ansible_become_pass=bloed ansible_ssh_pass=bloed

+#- name: ensure absence of local known-hosts entry FIXME remove here
+#  known_hosts: host={{ansible_host}} state=absent
+#  delegate_to: 127.0.0.1  # local action
+
+#- name: do dummy commit to ensure known host key
+#  command: ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no hein@{{ansible_host}} true
+#  delegate_to: 127.0.0.1  # local action
+#  changed_when: False
+#  failed_when: False
+
 - name: ensure admin user
  user: comment="FFMWU Administrator" name=admin shell=/bin/bash state=present
  become: True
+
+- name: ensure users ssh key to admin user
+  authorized_key: user=admin key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+  become: True
+
+- name: ensure users ssh key to bootstrap user
+  authorized_key: user=hein key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+- name: ensure no-pw sudo capability for admin and bootstrap user
+  lineinfile:
+    create: yes
+    dest: /etc/sudoers.d/ffmwu
+    line: "admin,hein ALL = (root) NOPASSWD: ALL"
+    mode: 0440
+    validate: visudo -c -f %s
+  become: True
+
+- name: from this point on prevent pw for bootstrap user
+  user: user=hein password=X
+  become: True
--- a/loctevm-reset-vm.inc.yml
+++ b/loctevm-reset-vm.inc.yml
@ -3,7 +3,6 @@
 - name: find already defined local VMs
  virt: command=list_vms
  delegate_to: 127.0.0.1  # local action
-#  become: True
  register: vms

 - block:
@ -13,6 +12,10 @@
      dest: "{{ vm_path }}/loctevm.xml"
    delegate_to: 127.0.0.1  # local action

+  - name: ensure absence of outdated local known-hosts entry
+    known_hosts: host={{ansible_host}} state=absent
+    delegate_to: 127.0.0.1  # local action
+
  - name: define VM
    virt:
      command: define
@ -20,5 +23,11 @@
      xml: "{{ lookup('file',vm_path ~ '/loctevm.xml') }}"
    delegate_to: 127.0.0.1  # local action

+  - name: do dummy connect to ensure new local known host entry
+    command: ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no hein@{{ansible_host}} true
+    delegate_to: 127.0.0.1  # local action
+    changed_when: False
+    failed_when: False
+
  when: not inventory_hostname in vms.list_vms
  # block end
--- a/loctevm-reset.yml
+++ b/loctevm-reset.yml
@ -16,7 +16,7 @@
    delegate_to: 127.0.0.1  # local action

  - name: ensure image file  # FIXME: change to rm + recreate
-    command: fallocate -l 10G {{ vm_path }}/loctevm.img  # 15G? size?
+    command: fallocate -l 5G {{ vm_path }}/loctevm.img  # 15G? size?
    args:
      creates: "{{ vm_path }}/loctevm.img"
    delegate_to: 127.0.0.1  # local action
@ -41,7 +41,7 @@
    delegate_to: 127.0.0.1  # local action

  - name: wait for port 80 to appear (after reboot after OS installation)
-    wait_for: host={{ansible_host}} port=80 state=started timeout=300
+    wait_for: host={{ansible_host}} port=80 state=started timeout=900
    delegate_to: 127.0.0.1  # local action

 - hosts: test-vms