wiki v1

User Tools

Site Tools

Trace: old_pages exclusao ansible_cisco_ips_ssh create_vms_vagrant zmprov vsfpt_debian-7 ansible_lab01 inst-conf nismap vms_config
wikiv1:vms_config

Configuração das VMs

vms-config.yaml
- name: MVs config base
  hosts: all
  tasks:
    - name: Testing entries in the /etc/hosts file
      lineinfile:
        path: /etc/hosts
        line: "10.240.0.200 ansible-server.juntotelecom.com.br  ansible-server"
      register: etc_hosts_result

    - name: Clear file /etc/hosts
      when: etc_hosts_result is changed
      shell: echo '' > /etc/hosts
      register: etc_hosts_clear
      tags: hosts

    - name: Config file /etc/hosts
      when: etc_hosts_clear is succeeded
      lineinfile:
        path: /etc/hosts
        line: "{{ item.ip }}  {{ item.fqdn }} {{ item.alias }}"
      with_items:
        - { ip: '127.0.0.1', fqdn: 'localhost.localdomain', alias: 'localhost' }
        - { ip: '10.240.0.200', fqdn: 'ansible-server.juntotelecom.com.br', alias: 'ansible-server' }
        - { ip: '10.240.0.201', fqdn: 'ub-vm-01.juntotelecom.com.br', alias: 'ub-vm-01' }
        - { ip: '10.240.0.202', fqdn: 'ol-vm-02.juntotelecom.com.br', alias: 'ol-vm-02' }
        - { ip: '10.240.0.203', fqdn: 'de-vm-03.juntotelecom.com.br', alias: 'de-vm-03' }

    - name: Add User
      user:
        name: suporte
        comment: "Suporte JuntoTelecom"
        shell: /bin/bash
        password: $1$Jd0cyBxz$NMyEIiuVgXCsO2WFCcRvU0

    - name: Create .ssh for the new user
      file:
        mode: 0700
        owner: suporte
        group: suporte
        path: /home/suporte/.ssh
        state: directory

    - name: Copy authorized_keys to new user's .ssh folder
      ansible.builtin.copy:
        src: /etc/keys/sshkey.pub
        dest: /home/suporte/.ssh/authorized_keys
        owner: suporte
        group: suporte
        mode: 0644

    - name: Add user to sudo
      ansible.builtin.lineinfile:
        path: /etc/sudoers.d/suporte
        line: 'suporte ALL=(ALL) NOPASSWD: ALL'
        mode: 0440
        create: yes
        validate: /usr/sbin/visudo -cf %s

    - name: Disable password login
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config
        regexp: "^PasswordAuthentication"
        line: "PasswordAuthentication no"

    - name: SSH restart
      ansible.builtin.service:
        name: sshd
        state: restarted
$ sudo ansible-playbook --syntax-check vms-config.yaml
 
playbook: vms-config.yaml
$ sudo ansible debian -m shell -a "getent passwd | egrep suporte"
de-vm-03 | CHANGED | rc=0 >>
suporte:x:1001:1001:Suporte JuntoTelecom:/home/suporte:/bin/bash
$ sudo ansible oracle -m shell -e 'ansible_python_interpreter=/usr/bin/python3.9' -a "getent passwd | egrep suporte"
ol-vm-02 | CHANGED | rc=0 >>
suporte:x:1001:1001:Suporte JuntoTelecom:/home/suporte:/bin/bash

Referências

  1. Hardening SSH With Ansible
  2. Ansible role to create a new user and disable root
  3. ansible.builtin.copy module – Copy files to remote locations
  4. How to Use Ansible Create User Functionality in Linux
  5. Ansible – add user to sudo
  6. Parallel Provisioning with Vagrant and Ansible
wikiv1/vms_config.txt · Last modified: by 127.0.0.1