Skip to content
Extraits de code Groupes Projets
Sélectionner une révision Git
  • master
  • v1.1.19
  • v1.1.18
  • v1.1.17
  • v1.1.16
  • v1.1.15
  • v1.1.14
  • v1.1.13
  • v1.1.12
  • v1.1.11
  • v1.1.10
  • v1.1.9
  • v1.1.8
  • v1.1.7
  • v1.1.6
  • v1.1.5
  • v1.1.4
  • v1.1.3
  • v1.1.2
  • v1.1.1
  • v1.1.0
21 résultats

init_server

  • Cloner avec SSH
  • Cloner avec HTTPS
    • Nom Dernière validation Dernière mise à jour
    defaults
    files
    handlers
    meta
    tasks
    templates
    vars
    .ansible-lint
    .yamllint
    LICENSE
    README.md
    README.md

    init_server

    This role initializes a server with the following actions :

    • upgrade packages
    • remove unecessary packages / files
    • create users
    • configure sudoers
    • configure sshd
    • collect facts

    Requirements

    This role mostly uses mainly ansible.builtin modules but also authorized_key and sysctl from ansible.posix collection

    Role Variables

    This role uses variables necessary for initialization of the server retrieved from inventory:

    • inventory_hostname and inventory_hostname_short : hostname to be set on the server

    Variables from default directory :

    • host_user : user to be created on the server
    • host_password : user password
    • ssh_public_key : public SSH key to be used (in ed25519 format)
    • default_sshd_port : sshd port on which sshd daemon listens (10022 by default)
    • host_admin_user : admin user (root or ubuntu) - used to configure sudoers (root by default)

    Variables from vars directory (OS specific):

    • OS specific :
      • packages_to_remove : list of packages that we want to remove from default delivered servers
      • files_to_remove : list of files / directories to remove from default delivered servers
      • users_to_remove : list of users to remove from default delivered servers
    • Global :
      • default_ssh_public_keys : ssh_public_key + extra_public_key (if exists)
      • sysctl_disable_ipv6_keys : sysctl entries to activate to disable ipv6

    This role also makes use of variables gathered from facts :

    • ansible_os_family : Family of Operating System (Debian or RedHat)

    This role also configures backup servers where daily facts should be pushed :

    • backup_sftp_user : user to be configured on backup server used to push facts
    • These backup servers should be in group backup_server (if none then corresponding tasks do nothing)
    • These backup servers should have the following variables defined in host_vars :
      • host_server_public_key : public key of backup server
      • host_server_known_entry : hashed host to be added to known_hosts

    OPTIONAL variables (tasks will not be executed if not defined) :

    • extra_public_key : extra public keys to be allowed for created user
    • host_user2 / host_password2 / host_user2_pubkey (OPTIONAL) : allows creation of a second user with specific public key

    Dependencies

    None

    Example Playbook

    For initialization (until non privileged user and SSHD are configured) : - hosts: all become: true gather_facts: true roles: - { role: init_server, tags: init } vars: - { ansible_become_pass: "toor"} - { ansible_user: "root" } - { ansible_password: "toor" } - { ansible_port: 22 } - { host_user: testuser } - { host_password: testusernotsocomplicatedpassword } - { ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0wmN/Cr3JXqmLW7u+g9pTh+wyqDHpSQEIQczXkVx9q testuser }

    For upgrade (once non privileged user and SSHD are configured): - hosts: all become: true roles: - { role: init_server, tags: init } vars: - { host_user: testuser } - { host_password: testusernotsocomplicatedpassword } - { ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0wmN/Cr3JXqmLW7u+g9pTh+wyqDHpSQEIQczXkVx9q testuser }

    License

    AGPL-3

    Author Information

    Le Filament (https://le-filament.com)