skylab/skylab-ansible
Archived
2
0
Fork 0
Code Pull Requests Releases Activity

Update access targets to be optional parameter

Browse Source 
Add server role to iridium
This commit is contained in:
Ethan Paul
2021-11-15 19:53:19 -05:00
parent be9c658589
commit 0c95df3066
3 changed files with 55 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
inventory.yaml
View File

@@ -24,6 +24,8 @@ en1:
ansible_host: 10.42.101.200 ansible_host: 10.42.101.200
skylab_description: Local Monitor Node skylab_description: Local Monitor Node
skylab_targets: [network] skylab_targets: [network]
skylab_roles:
- server
children: children:

89
playbooks/update.yaml
View File

@@ -47,6 +47,7 @@
state: present state: present
update_cache: true update_cache: true
- name: Update unix accounts - name: Update unix accounts
hosts: linux hosts: linux
tags: tags:
@@ -75,38 +76,55 @@
cmd: 'grep "{{ skylab_group.name }}:" /etc/group | cut --delimiter : --fields 4 | tr "," "\n"' cmd: 'grep "{{ skylab_group.name }}:" /etc/group | cut --delimiter : --fields 4 | tr "," "\n"'
register: _existing_skylab_accounts register: _existing_skylab_accounts
- name: Delete removed user accounts - name: Determine deleted skylab users
become: true vars:
_deleted_accounts: []
when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid')) when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid'))
ansible.builtin.user: ansible.builtin.set_fact:
name: "{{ item }}" _deleted_accounts: "{{ _deleted_accounts + [item] }}"
state: absent
loop: "{{ _existing_skylab_accounts.stdout_lines }}" loop: "{{ _existing_skylab_accounts.stdout_lines }}"
- name: Delete removed user groups - name: Delete accounts
become: true when: _deleted_accounts | default(false)
when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid')) block:
ansible.builtin.group: - name: Delete removed user accounts
name: "{{ item }}" become: true
state: absent ansible.builtin.user:
loop: "{{ _existing_skylab_accounts.stdout_lines }}" name: "{{ item }}"
state: absent
loop: "{{ _deleted_accounts }}"
- name: Delete removed user home directories - name: Delete removed user groups
become: true become: true
when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid')) ansible.builtin.group:
ansible.builtin.file: name: "{{ item }}"
path: "/home/{{ item }}" state: absent
state: absent loop: "{{ _deleted_accounts }}"
loop: "{{ _existing_skylab_accounts.stdout_lines }}"
- name: Delete removed user home directories
become: true
ansible.builtin.file:
path: "/home/{{ item }}"
state: absent
loop: "{{ _deleted_accounts }}"
- name: Determine active users
when: item.targets | default([]) | intersect(skylab_targets)
vars:
_active_accounts: []
ansible.builtin.set_fact:
_active_accounts: "{{ _active_accounts + [item] }}"
loop: "{{ skylab_accounts }}"
loop_control:
label: "{{ item.uid }},{{ item.name }}"
- name: Create account groups - name: Create account groups
when: item.targets | intersect(skylab_targets)
become: true become: true
ansible.builtin.group: ansible.builtin.group:
name: "{{ item.name }}" name: "{{ item.name }}"
gid: "{{ item.uid }}" gid: "{{ item.uid }}"
state: present state: present
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
@@ -119,12 +137,11 @@
skylab_group_admin.name if item.admin | default(false) else '', skylab_group_admin.name if item.admin | default(false) else '',
skylab_group_automation.name if item.service | default(false) else '', skylab_group_automation.name if item.service | default(false) else '',
]}) }}" ]}) }}"
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
- name: Create accounts - name: Create accounts
when: item.targets | intersect(skylab_targets)
become: true become: true
ansible.builtin.user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
@@ -136,7 +153,7 @@
system: "{{ item.service | default(false) }}" system: "{{ item.service | default(false) }}"
generate_ssh_key: false generate_ssh_key: false
password: "{{ item.password }}" password: "{{ item.password }}"
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
@@ -148,17 +165,10 @@
group: "{{ item.name }}" group: "{{ item.name }}"
owner: "{{ item.name }}" owner: "{{ item.name }}"
mode: 0700 mode: 0700
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
- name: Enforce root password
become: true
ansible.builtin.user:
name: root
password: "{{ skylab_root_password }}"
state: present
- name: Create SSH directory - name: Create SSH directory
become: true become: true
ansible.builtin.file: ansible.builtin.file:
@@ -167,31 +177,36 @@
group: "{{ item.name }}" group: "{{ item.name }}"
state: directory state: directory
mode: 0700 mode: 0700
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
- name: Update authorized keys - name: Update authorized keys
become: true become: true
when: item.targets | intersect(skylab_targets)
ansible.builtin.authorized_key: ansible.builtin.authorized_key:
user: "{{ item.name }}" user: "{{ item.name }}"
key: "{{ skylab_ssh_keys[item.name] | join('\n') }}" key: "{{ skylab_ssh_keys[item.name] | join('\n') }}"
state: present state: present
exclusive: true exclusive: true
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
- name: Enforce ownership of authorized keys - name: Enforce ownership of authorized keys
become: true become: true
when: item.targets | intersect(skylab_targets)
ansible.builtin.file: ansible.builtin.file:
path: /home/{{ item.name }}/.ssh/authorized_keys path: /home/{{ item.name }}/.ssh/authorized_keys
state: file state: file
owner: "{{ item.name }}" owner: "{{ item.name }}"
group: "{{ item.name }}" group: "{{ item.name }}"
mode: 0400 mode: 0400
loop: "{{ skylab_accounts }}" loop: "{{ _active_accounts }}"
loop_control: loop_control:
label: "{{ item.uid }},{{ item.name }}" label: "{{ item.uid }},{{ item.name }}"
- name: Enforce root password
become: true
ansible.builtin.user:
name: root
password: "{{ skylab_root_password }}"
state: present

2
roles/swarm/tasks/configure.yaml
View File

@@ -39,7 +39,7 @@
- name: Add administrators to docker group - name: Add administrators to docker group
become: true become: true
when: item.admin | default(false) and 'cluster' in item.targets when: item.admin | default(false) and 'cluster' in (item.targets | default([]))
ansible.builtin.user: ansible.builtin.user:
name: "{{ item.name }}" name: "{{ item.name }}"
group: "{{ item.name }}" group: "{{ item.name }}"