some tweaks
This commit is contained in:
parent
39e6f7d0f2
commit
dcfd7a1aa4
3 changed files with 42 additions and 3 deletions
|
@ -6,6 +6,36 @@
|
||||||
- name: prepare escalation
|
- name: prepare escalation
|
||||||
set_fact: ansible_become_pass=bloed ansible_ssh_pass=bloed
|
set_fact: ansible_become_pass=bloed ansible_ssh_pass=bloed
|
||||||
|
|
||||||
|
#- name: ensure absence of local known-hosts entry FIXME remove here
|
||||||
|
# known_hosts: host={{ansible_host}} state=absent
|
||||||
|
# delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
#- name: do dummy commit to ensure known host key
|
||||||
|
# command: ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no hein@{{ansible_host}} true
|
||||||
|
# delegate_to: 127.0.0.1 # local action
|
||||||
|
# changed_when: False
|
||||||
|
# failed_when: False
|
||||||
|
|
||||||
- name: ensure admin user
|
- name: ensure admin user
|
||||||
user: comment="FFMWU Administrator" name=admin shell=/bin/bash state=present
|
user: comment="FFMWU Administrator" name=admin shell=/bin/bash state=present
|
||||||
become: True
|
become: True
|
||||||
|
|
||||||
|
- name: ensure users ssh key to admin user
|
||||||
|
authorized_key: user=admin key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: ensure users ssh key to bootstrap user
|
||||||
|
authorized_key: user=hein key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||||||
|
|
||||||
|
- name: ensure no-pw sudo capability for admin and bootstrap user
|
||||||
|
lineinfile:
|
||||||
|
create: yes
|
||||||
|
dest: /etc/sudoers.d/ffmwu
|
||||||
|
line: "admin,hein ALL = (root) NOPASSWD: ALL"
|
||||||
|
mode: 0440
|
||||||
|
validate: visudo -c -f %s
|
||||||
|
become: True
|
||||||
|
|
||||||
|
- name: from this point on prevent pw for bootstrap user
|
||||||
|
user: user=hein password=X
|
||||||
|
become: True
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
- name: find already defined local VMs
|
- name: find already defined local VMs
|
||||||
virt: command=list_vms
|
virt: command=list_vms
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
# become: True
|
|
||||||
register: vms
|
register: vms
|
||||||
|
|
||||||
- block:
|
- block:
|
||||||
|
@ -13,6 +12,10 @@
|
||||||
dest: "{{ vm_path }}/loctevm.xml"
|
dest: "{{ vm_path }}/loctevm.xml"
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: ensure absence of outdated local known-hosts entry
|
||||||
|
known_hosts: host={{ansible_host}} state=absent
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
- name: define VM
|
- name: define VM
|
||||||
virt:
|
virt:
|
||||||
command: define
|
command: define
|
||||||
|
@ -20,5 +23,11 @@
|
||||||
xml: "{{ lookup('file',vm_path ~ '/loctevm.xml') }}"
|
xml: "{{ lookup('file',vm_path ~ '/loctevm.xml') }}"
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
|
- name: do dummy connect to ensure new local known host entry
|
||||||
|
command: ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no hein@{{ansible_host}} true
|
||||||
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
changed_when: False
|
||||||
|
failed_when: False
|
||||||
|
|
||||||
when: not inventory_hostname in vms.list_vms
|
when: not inventory_hostname in vms.list_vms
|
||||||
# block end
|
# block end
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
- name: ensure image file # FIXME: change to rm + recreate
|
- name: ensure image file # FIXME: change to rm + recreate
|
||||||
command: fallocate -l 10G {{ vm_path }}/loctevm.img # 15G? size?
|
command: fallocate -l 5G {{ vm_path }}/loctevm.img # 15G? size?
|
||||||
args:
|
args:
|
||||||
creates: "{{ vm_path }}/loctevm.img"
|
creates: "{{ vm_path }}/loctevm.img"
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
@ -41,7 +41,7 @@
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
- name: wait for port 80 to appear (after reboot after OS installation)
|
- name: wait for port 80 to appear (after reboot after OS installation)
|
||||||
wait_for: host={{ansible_host}} port=80 state=started timeout=300
|
wait_for: host={{ansible_host}} port=80 state=started timeout=900
|
||||||
delegate_to: 127.0.0.1 # local action
|
delegate_to: 127.0.0.1 # local action
|
||||||
|
|
||||||
- hosts: test-vms
|
- hosts: test-vms
|
||||||
|
|
Loading…
Reference in a new issue