vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dedicated ansible user and dedicated sssd playbook

Browse Source
This commit is contained in:
vincent 2022-11-06 19:14:27 +01:00
parent 9fe27b845c
commit aed8122aba
5 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/group_vars/all/sssd
View File

@ -5,5 +5,5 @@ ldap_uri: "ldaps://ldap.ducamps.win"
ldap_sudo_search_base: "ou=sudoers,dc=ducamps,dc=win" ldap_sudo_search_base: "ou=sudoers,dc=ducamps,dc=win"
ldap_default_bind_dn : "uid=vaultserviceaccount,cn=users,dc=ducamps,dc=win" ldap_default_bind_dn : "uid=vaultserviceaccount,cn=users,dc=ducamps,dc=win"
ldap_password : "{{lookup('hashi_vault', 'secret=secrets/data/ansible/other:vaulserviceaccount')}}" ldap_password : "{{lookup('hashi_vault', 'secret=secrets/data/ansible/other:vaulserviceaccount')}}"
userPassword: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/user:userPassword')}}"

5
ansible/makefile
View File

@ -3,10 +3,7 @@ requirements:
ansible-galaxy install -g -r roles/requirements.yml ansible-galaxy install -g -r roles/requirements.yml
deploy_production: deploy_production:
ansible-playbook site.yml -i production ansible-playbook site.yml -i production -u ansible
deploy_staging:
ansible-playbook site.yml -i staging
generate-token: generate-token:
@echo export VAULT_TOKEN=`vault token create -policy=ansible -field="token" -period 6h` @echo export VAULT_TOKEN=`vault token create -policy=ansible -field="token" -period 6h`

2
ansible/molecule/default/molecule.yml
View File

@ -25,7 +25,7 @@ platforms:
provisioner: provisioner:
name: ansible name: ansible
connection_options: connection_options:
ansible_ssh_user: vincent ansible_ssh_user: ansible
ansible_become: true ansible_become: true
env: env:
ANSIBLE_CONFIG: ../../ansible.cfg ANSIBLE_CONFIG: ../../ansible.cfg

23
ansible/playbooks/sssd.yml Normal file
View File

@ -0,0 +1,23 @@
---
- hosts: all
roles:
- role: ansible-role-sssd
become: True
tasks:
- name: simulate login
stat:
path: "/home/{{user.name}}"
become: true
become_user: "{{user.name}}"
when: sssd_configure == true
- name: create profil
user:
name: "{{user.name}}" # required. Name of the user to create, remove or modify.
create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
uid: "{{ user.uid }}"
shell: /bin/bash
when: sssd_configure is not defined or sssd_configure == false

1
ansible/site.yml
View File

@ -1,4 +1,5 @@
--- ---
- import_playbook: playbooks/sssd.yml
- import_playbook: playbooks/server.yml - import_playbook: playbooks/server.yml
- import_playbook: playbooks/wireguard.yml - import_playbook: playbooks/wireguard.yml
- import_playbook: playbooks/HashicorpStack.yml - import_playbook: playbooks/HashicorpStack.yml