Get inithost to work with Ansible 1.9.x

0285a328 · jurgenhaas · 74e389ae · 0285a328 · 0285a328 · 0285a328
Commit 0285a328 authored 9 years ago by jurgenhaas
--- a/inithost.sh
+++ b/inithost.sh
+#!/bin/bash
+
+cd $( cd $(dirname $(realpath $0)) ; pwd )
+
+if [ "$2" == "" ]
+  then
+    echo "Usage"
+    echo "inithost.sh HOST IP"
+    exit 101;
+fi
+HOST=$1
+IP=$2
+shift
+shift
+
+./ansible-playbook.sh inithost --ask-pass --extra-vars="host=$HOST inithostip=$IP" --tags="prepare" "$@"
+./ansible-playbook.sh inithost --extra-vars="host=$HOST inithostip=$IP distribute_keys=true" --tags="config" "$@"
--- a/inithost.yml
+++ b/inithost.yml
+##
+# Ansible playbook for initializing a host for further easy access
+
+---
+# file: inithost.yml
+
+- name: "Prepare 1"
+  hosts: "{{ host }}"
+  connection: local
+  gather_facts: false
+  sudo: no
+  tags:
+    - prepare
+  tasks:
+    - name: "InitHost | Remove previous entries from known_hosts"
+      shell: "ssh-keygen -R {{ item }}"
+      with_items:
+        - '{{ inithostip }}'
+        - '{{ host }}'
+    - name: "InitHost | Copy root id to new host"
+      shell: "ssh-copy-id -i root@{{ inithostip }} -o PasswordAuthentication=yes -o PubkeyAuthentication=no"
+      register: inithost_ssh_copy_id
+      changed_when: "inithost_ssh_copy_id.rc != 0"
+      failed_when: false
+
+- name: "Prepare 2"
+  hosts: "{{ host }}"
+  connection: local
+  gather_facts: false
+  sudo: yes
+  tags:
+    - prepare
+  tasks:
+    - name: "InitHost | Include new host into /etc/hosts"
+      lineinfile:
+        dest=/etc/hosts
+        regexp="^{{ inithostip }} "
+        line={{ inithostip }} {{ host }}
+
+- name: "Setup first user"
+  hosts: "{{ host }}"
+  gather_facts: false
+  user: root
+  tags:
+    - prepare
+  vars:
+    first_user:
+      - name: "{{ lookup('env','USER') }}"
+        password: "{{ ansible_sudo_pass|password_hash('sha512') }}"
+  tasks:
+    - name: "InitHost | Create first user"
+      user:
+        name={{ item.name }}
+        password={{ item.password }}
+        group=root
+        groups=root,sudo,www-data
+        home=/home/{{ item.name }}
+        shell=/bin/bash
+        generate_ssh_key=yes
+        ssh_key_bits=2048
+      with_items: first_user
+    - name: "InitHost | install user's public key for desktop-to-server communication"
+      authorized_key:
+        user={{ item.name }}
+        key="{{ lookup('file', inventory_dir + '/files/keys/' + item.name + '.d2s.pub') }}"
+      with_items: first_user
+    # TODO: Move the following to common role and make it conditional
+    #- name: "InitHost | Remove console-kit-daemon"
+    #  shell: mv console-kit-daemon console-kit-daemon.off chdir=/usr/sbin
+    #  ignore_errors: true
+
+- name: "Security setup"
+  hosts: "{{ host }}"
+  sudo: yes
+  tags:
+    - config
+  roles:
+    - common
+
+- name: "Upload keys"
+  hosts: "all"
+  sudo: yes
+  tags:
+    - config
+  roles:
+    - { role: common, when: ignore_these_tasks is defined }
+    - { role: commonauth }
--- a/list.yml
+++ b/list.yml
@@ -9,4 +9,4 @@
  hosts: all
  tasks:
    - name: Print IP
-      debug: msg="{{ ansible_default_ipv4.address }}"
+      debug: msg={{ ansible_default_ipv4.address|default(static_ipv4) }}
--- a/validate.yml
+++ b/validate.yml
@@ -18,7 +18,7 @@

    #- name: "Test"
    #  run_once: true
-    #  debug: msg="{{ ansible_hash_behaviour }}"
+    #  debug: msg={{ ansible_hash_behaviour }}

 # TODO: make sure hash_behaviour is set to merge