efc7424e26
This requires us to use a bootstrap user account to add the Kayobe user and group with an authorised SSH key. All subsequent SSH access uses this new user.
33 lines
1.0 KiB
YAML
33 lines
1.0 KiB
YAML
---
|
|
- name: Ensure the Kayobe Ansible user account exists
|
|
hosts: seed:controllers
|
|
vars:
|
|
ansible_user: "{{ seed_vm_bootstrap_user if inventory_hostname in groups['seed'] else controller_bootstrap_user }}"
|
|
tasks:
|
|
- name: Ensure the Kayobe Ansible group exists
|
|
group:
|
|
name: "{{ kayobe_ansible_user }}"
|
|
state: present
|
|
become: True
|
|
|
|
- name: Ensure the Kayobe Ansible user account exists
|
|
user:
|
|
name: "{{ kayobe_ansible_user }}"
|
|
group: "{{ kayobe_ansible_user }}"
|
|
comment: "Kayobe Ansible SSH access"
|
|
state: present
|
|
become: True
|
|
|
|
- name: Ensure the Kayobe Ansible user has passwordless sudo
|
|
copy:
|
|
content: "{{ kayobe_ansible_user }} ALL=(ALL) NOPASSWD: ALL"
|
|
dest: "/etc/sudoers.d/kayobe-ansible-user"
|
|
mode: 0440
|
|
become: True
|
|
|
|
- name: Ensure the Kayobe Ansible user has authorized our SSH key
|
|
authorized_key:
|
|
user: "{{ kayobe_ansible_user }}"
|
|
key: "{{ lookup('file', ssh_public_key_path) }}"
|
|
become: True
|