update
This commit is contained in:
havelight-ee
@@ -50,7 +50,7 @@
|
|||||||
- name: "joonsoopark"
|
- name: "joonsoopark"
|
||||||
ip: "10.20.142.33"
|
ip: "10.20.142.33"
|
||||||
description: "박준수"
|
description: "박준수"
|
||||||
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuOwXy+Cl84IwrIbNb2bEJZUn08EjUpnAVVphB/kYr"
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeOzKeL4ZUXw0lEHDZoBsp7M3oobrBI0sWBHdpk0X0T"
|
||||||
|
|
||||||
- name: "baekchan1024"
|
- name: "baekchan1024"
|
||||||
ip: "10.20.142.39"
|
ip: "10.20.142.39"
|
||||||
|
|||||||
@@ -1,38 +1,3 @@
|
|||||||
[host]
|
[host]
|
||||||
10.10.43.111
|
10.10.43.[100:101] ansible_user=root
|
||||||
10.10.43.112
|
10.10.43.[110:147]
|
||||||
10.10.43.113
|
|
||||||
10.10.43.114
|
|
||||||
10.10.43.115
|
|
||||||
10.10.43.116
|
|
||||||
10.10.43.117
|
|
||||||
10.10.43.118
|
|
||||||
10.10.43.119
|
|
||||||
10.10.43.120
|
|
||||||
10.10.43.121
|
|
||||||
10.10.43.122
|
|
||||||
10.10.43.123
|
|
||||||
10.10.43.124
|
|
||||||
10.10.43.125
|
|
||||||
10.10.43.126
|
|
||||||
10.10.43.127
|
|
||||||
10.10.43.128
|
|
||||||
10.10.43.129
|
|
||||||
10.10.43.130
|
|
||||||
10.10.43.131
|
|
||||||
10.10.43.132
|
|
||||||
10.10.43.133
|
|
||||||
10.10.43.134
|
|
||||||
10.10.43.135
|
|
||||||
10.10.43.136
|
|
||||||
10.10.43.137
|
|
||||||
10.10.43.138
|
|
||||||
10.10.43.140
|
|
||||||
10.10.43.141
|
|
||||||
10.10.43.142
|
|
||||||
10.10.43.143
|
|
||||||
10.10.43.144
|
|
||||||
10.10.43.145
|
|
||||||
10.10.43.146
|
|
||||||
10.10.43.147
|
|
||||||
#10.10.43.148
|
|
||||||
|
|||||||
@@ -41,3 +41,8 @@ crictl_file_group: root
|
|||||||
# temp
|
# temp
|
||||||
username: root
|
username: root
|
||||||
password: saasadmin1234
|
password: saasadmin1234
|
||||||
|
|
||||||
|
# common user flag
|
||||||
|
common_user: False
|
||||||
|
|
||||||
|
pause_time: 1
|
||||||
|
|||||||
@@ -1,9 +1,6 @@
|
|||||||
---
|
---
|
||||||
- include: login_defs.yml
|
- pause:
|
||||||
tags: login_defs
|
seconds: "{{ pause_time }}"
|
||||||
|
|
||||||
- include: pam.yml
|
|
||||||
tags: pam
|
|
||||||
|
|
||||||
- include: sshd_config.yml
|
- include: sshd_config.yml
|
||||||
tags: sshd_config
|
tags: sshd_config
|
||||||
@@ -11,14 +8,5 @@
|
|||||||
- include: sudoers.yml
|
- include: sudoers.yml
|
||||||
tags: sudoers
|
tags: sudoers
|
||||||
|
|
||||||
- include: profile.yml
|
|
||||||
tags: profile
|
|
||||||
|
|
||||||
- include: banner.yml
|
|
||||||
tags: banner
|
|
||||||
|
|
||||||
- include: crictl.yml
|
|
||||||
tags: crictl
|
|
||||||
|
|
||||||
- include: admin_set.yml
|
- include: admin_set.yml
|
||||||
tags: admin_set
|
tags: admin_set
|
||||||
|
|||||||
@@ -1,4 +1,15 @@
|
|||||||
---
|
---
|
||||||
|
- name: Get all ssh sessions
|
||||||
|
shell: ps -ef | grep sshd | grep -v root | grep -v "{{ ansible_user }}" | awk '{print $2}'
|
||||||
|
register: ssh_sessions
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: Terminate ssh sessions
|
||||||
|
shell: kill -9 {{ item }}
|
||||||
|
with_items: "{{ ssh_sessions.stdout_lines }}"
|
||||||
|
when: ssh_sessions is defined
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
- name: "Create devops group"
|
- name: "Create devops group"
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: "devops"
|
name: "devops"
|
||||||
@@ -28,10 +39,9 @@
|
|||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
when:
|
when:
|
||||||
- item.name is defined
|
- item.name is defined
|
||||||
- item.key is defined
|
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: user change
|
- name: "admin user password change"
|
||||||
user:
|
user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
password: "{{ password | password_hash('sha512') }}"
|
password: "{{ password | password_hash('sha512') }}"
|
||||||
@@ -39,10 +49,9 @@
|
|||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
when:
|
when:
|
||||||
- item.name is defined
|
- item.name is defined
|
||||||
- item.key is defined
|
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: key add
|
- name: "Add admin user key"
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ item.name }}"
|
user: "{{ item.name }}"
|
||||||
state: present
|
state: present
|
||||||
@@ -51,6 +60,7 @@
|
|||||||
when:
|
when:
|
||||||
- item.name is defined
|
- item.name is defined
|
||||||
- item.key is defined
|
- item.key is defined
|
||||||
|
- common_user == True
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
|
|
||||||
@@ -64,10 +74,10 @@
|
|||||||
with_items: "{{ allow_users }}"
|
with_items: "{{ allow_users }}"
|
||||||
when:
|
when:
|
||||||
- item.name is defined
|
- item.name is defined
|
||||||
- item.key is defined
|
- common_user == True
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: user change
|
- name: "Change common user password change"
|
||||||
user:
|
user:
|
||||||
name: "{{ item.name }}"
|
name: "{{ item.name }}"
|
||||||
password: "{{ password | password_hash('sha512') }}"
|
password: "{{ password | password_hash('sha512') }}"
|
||||||
@@ -75,10 +85,10 @@
|
|||||||
with_items: "{{ allow_users }}"
|
with_items: "{{ allow_users }}"
|
||||||
when:
|
when:
|
||||||
- item.name is defined
|
- item.name is defined
|
||||||
- item.key is defined
|
- common_user == True
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: key add
|
- name: "Add common user key"
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ item.name }}"
|
user: "{{ item.name }}"
|
||||||
state: present
|
state: present
|
||||||
@@ -87,9 +97,11 @@
|
|||||||
when:
|
when:
|
||||||
- item.name is defined
|
- item.name is defined
|
||||||
- item.key is defined
|
- item.key is defined
|
||||||
|
- common_user == True
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
|
|
||||||
- name: "Setting sudoers allow users"
|
- name: "Setting sudoers allow users"
|
||||||
template:
|
template:
|
||||||
src: sudoers_users.j2
|
src: sudoers_users.j2
|
||||||
dest: "/etc/sudoers.d/sudoers_users"
|
dest: "/etc/sudoers.d/sudoers_users"
|
||||||
|
ignore_errors: true
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
dev2-iac ALL=(ALL) NOPASSWD: ALL
|
||||||
{% if allow_users is defined %}
|
{% if allow_users is defined %}
|
||||||
{% for user in admin_users %}
|
{% for user in admin_users %}
|
||||||
{{ user.name }} ALL=(ALL) NOPASSWD: ALL
|
{{ user.name }} ALL=(ALL) NOPASSWD: ALL
|
||||||
|
|||||||
16
ansible/test.yaml
Normal file
16
ansible/test.yaml
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
tasks:
|
||||||
|
- name: Create a new user
|
||||||
|
user:
|
||||||
|
name: dev2-iac
|
||||||
|
password: "{{ 'saasadmin1234' | password_hash('sha512') }}"
|
||||||
|
group: sudo
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
- name: Set authorized key taken from file
|
||||||
|
authorized_key:
|
||||||
|
user: dev2-iac
|
||||||
|
state: present
|
||||||
|
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsiN0I8B3UmB1mVBxVpvrSF5j0vrwUggngVrlplW8iJLllSBwarHzmSpMWv3eQtb9QQ/HKyOsS3j6UkbQK2aJ6jGeK2pQUkbb6KdMc9OrS/ILWysritcBJ3rUuITwOMvekQHtq+yKshap3uw/8ZEiM1Xn0MxVGhpAZsWbotf9n6ntmsMDXkRSQnYU5T2y4hkWlYImPkIasmbDFVkxi0Wz7I7pUX4hG3l6NJegXWO6n4OcpXxm26oZUtmpqrNRipUIUglM5xp4+YlQhu3FIa/aEZ+fuE9xnSZ8gCYnmPKwJ7AKKkEUruSTA3vhBnlh5rFYgSg5NkVte2RjdPg1SYZCTUXVwE9bbIzeGiXJ9vSe1/bhacpLeLgg48H6SSVInoCmen6W4Oo4/QlekXMBCuxfRwH2pO2K84gEKAAD0hUHBEf0Eh4rIi3K2oUdDCnMv5CD3lqiBn49hFB+bBdk+kxFNNx9iSDciFc91lIjz2IW8FO//+iLO7DEBZMrz/B8bJQ0="
|
||||||
2
ansible/test_inventory
Normal file
2
ansible/test_inventory
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
[host]
|
||||||
|
10.10.43.111
|
||||||
Reference in New Issue
Block a user