Last active
December 20, 2017 14:53
-
-
Save StephenBrown2/e7f7adf9f1df8250db64a2b2c8918be3 to your computer and use it in GitHub Desktop.
rs-playbook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: all | |
vars_prompt: | |
- name: user_name | |
prompt: "What is your real name?" | |
private: no | |
- name: user_phone | |
prompt: "What is your Rackspace phone number?" | |
private: no | |
- name: default_dc | |
prompt: "Default datacenter (dfw1, ord1, iad3, lon3, lon5, hkg1, syd2)" | |
private: no | |
- name: sso_user | |
prompt: "Rackspace SSO" | |
private: no | |
- name: int_user | |
prompt: "Intensive SSO" | |
private: no | |
- name: local_pass | |
prompt: "Local user password" | |
private: yes | |
encrypt: "sha512_crypt" | |
confirm: yes | |
salt_size: 7 | |
vars: | |
- default_region: "{{ default_dc[:-1] }}" | |
- do_upgrade: false | |
tasks: | |
- name: Use Ubuntu codename if we are on Linux Mint | |
command: awk -F= '/UBUNTU_CODENAME/{print $2}' /etc/os-release | |
register: ubuntu_codename | |
when: ansible_lsb.id == 'LinuxMint' | |
- set_fact: | |
ansible_lsb: | |
codename: "{{ ubuntu_codename.stdout }}" | |
description: "{{ ansible_lsb.description }}" | |
id: "{{ ansible_lsb.id }}" | |
major_release: "{{ ansible_lsb.major_release }}" | |
release: "{{ ansible_lsb.release }}" | |
when: ansible_lsb.id == 'LinuxMint' | |
- name: Ensure aptitude is installed | |
apt: | |
name: aptitude | |
state: present | |
- name: Ensure flatpak is installed | |
apt: | |
name: flatpak | |
state: present | |
register: flatpak_installed | |
ignore_errors: yes | |
- name: Configure flathub repo | |
command: "flatpak remote-add --if-not-exists flathub https://flathub.org/repo/" | |
register: flathub_configured | |
when: flatpak_installed|succeeded | |
- name: Remove ansible source lists | |
shell: rm -rf /etc/apt/sources.list.d/*ansible* | |
- name: Add ansible PPA | |
apt_repository: | |
repo: 'ppa:ansible/ansible' | |
codename: "{{ ansible_lsb.codename }}" | |
state: present | |
- name: Add remmina-next PPA | |
apt_repository: | |
repo: 'ppa:remmina-ppa-team/remmina-next' | |
codename: "{{ ansible_lsb.codename }}" | |
state: present | |
- name: Add Rackspace IAW apt repository | |
apt_repository: | |
repo: deb [trusted=yes] https://iaw.rax.io/apt stable main | |
filename: rackspace | |
state: present | |
- name: Install rs-linux-support-tools | |
apt: | |
update_cache: yes | |
allow_unauthenticated: yes | |
name: "{{ item }}" | |
state: latest | |
with_items: | |
- rs-linux-support-tools | |
- authnet | |
- expect | |
- python3-hammertime | |
- raxcfg | |
- rdpwin | |
- sshuttle | |
- storagetools | |
- name: Install freerdp and remmina | |
apt: | |
name: "{{ item }}" | |
state: latest | |
with_items: | |
- freerdp # freerdp2 for ubuntu >= 17.04 | |
- remmina | |
- remmina-plugin-rdp | |
- name: Ensure Vidyo is not installed | |
apt: | |
name: vidyodesktop | |
state: absent | |
- name: Check if Zoom is installed | |
apt: | |
name: zoom | |
register: zoom_installed | |
ignore_errors: yes | |
- name: Install Zoom .deb package from zoom.us | |
apt: | |
deb: https://zoom.us/client/latest/zoom_amd64.deb | |
when: zoom_installed.changed or zoom_installed|failed | |
register: zoom_remote | |
- name: Fix Zoom dependencies | |
command: apt-get -fy install | |
when: zoom_remote.changed | |
- name: Install Slack flatpak | |
command: flatpak install -y flathub com.slack.Slack | |
when: flathub_configured|succeeded | |
- name: Add user | |
user: | |
name: "{{ sso_user }}" | |
generate_ssh_key: yes | |
ssh_key_bits: 2048 | |
password: "{{ local_pass }}" | |
comment: "{{ user_name}},,{{ user_phone }},," | |
- name: Get user passwd info | |
getent: | |
database: passwd | |
key: "{{ sso_user }}" | |
split: ':' | |
register: user_passwd | |
- name: Add admin group | |
group: | |
name: admin | |
- name: Add user to admin group | |
user: | |
name: "{{ sso_user }}" | |
groups: admin | |
append: yes | |
- name: Stop mintwelcome screen from popping up | |
file: | |
path: "{{ item.key }}" | |
state: "{{ item.value }}" | |
owner: "{{ sso_user }}" | |
group: "{{ sso_user }}" | |
mode: "u=rwX,g=rwX,o=rX" | |
with_dict: | |
/home/{{ sso_user }}/.linuxmint/mintwelcome: directory | |
/home/{{ sso_user }}/.linuxmint/mintwelcome/norun.flag: touch | |
when: ansible_lsb.id == 'LinuxMint' | |
- name: Set raxcfg config details | |
ini_file: | |
path: /home/{{ sso_user }}/.config/rackspace/raxcfg.ini | |
section: raxcommon | |
option: "{{ item.key }}" | |
value: "{{ item.value }}" | |
mode: "u=rw,g=r,o=r" | |
with_dict: | |
rax_sso: "{{ sso_user }}" | |
rax_int_sso: "{{ int_user }}" | |
rax_default_dc: "{{ default_dc }}" | |
rax_default_region: "{{ default_region }}" | |
rax_default_sshcfg: /home/{{ sso_user }}/.ssh/config | |
rax_default_sshkey: /home/{{ sso_user }}/.ssh/id_rsa | |
rax_default_sshpub: /home/{{ sso_user }}/.ssh/id_rsa.pub | |
rax_cloud_apikey: "" | |
rax_cloud_ddi: "" | |
rax_cloud_password: "" | |
rax_cloud_username: "" | |
rax_ssh_args: "" | |
- name: Fix ownership | |
file: | |
path: /home/{{ sso_user }}/.config | |
owner: "{{ sso_user }}" | |
group: "{{ sso_user }}" | |
recurse: true | |
state: directory | |
mode: "u=rwX,g=rX,o=rX" | |
- name: Generate other raxcfg config files (sh, json, yaml) | |
command: /usr/bin/generate_raxcfg.py --inifile /home/{{ sso_user }}/.config/rackspace/raxcfg.ini --skip-prompts | |
become: true | |
become_user: "{{ sso_user }}" | |
- name: Get ssltool-cli | |
get_url: | |
url: https://ssltool.rackspace.com/cli/ssltool-cli | |
dest: /usr/local/bin/ssltool-cli | |
mode: "u=rwx,g=rx,o=rx" | |
- name: Acquire RS SSL certificates | |
shell: echo 'yes' | /usr/local/bin/ssltool-cli rscerts | |
- name: Install rscerts in system share | |
command: /usr/sbin/update-ca-certificates | |
- name: Install libnss3-tools | |
apt: | |
name: libnss3-tools | |
- name: Register Firefox profile path | |
find: | |
file_type: directory | |
patterns: '*.default' | |
paths: /home/demo1234/.mozilla/firefox | |
register: firefox_profiles | |
- name: Install rscerts in Firefox profile certdb | |
shell: certutil -A -n {{ item.key | quote }} -t 'CT,c,c' -i '/usr/local/share/ca-certificates/{{ item.value }}' -d {{ firefox_profiles.files[0].path | quote }} | |
with_dict: | |
"Rackspace Root CA 1": 'rs_root_ca_1.crt' | |
"Rackspace Issuing CA 1": 'rs_issuing_ca_1.crt' | |
"Rackspace CA Level 1": 'rs_ca_level1.crt' | |
"ORD1CA01": 'ord1_rs_ca_01.crt' | |
"LON3CA01": 'lon3_rs_ca_01.crt' | |
"Rackspace Internal Root CA": 'rs_internal_ca.crt' | |
- name: Touch Firefox prefs | |
file: | |
path: "{{ firefox_profiles.files[0].path | quote }}/prefs.js" | |
mode: "u=rw,g=rw,o=rw" | |
state: touch | |
- name: Set Firefox homepage(s) | |
lineinfile: | |
path: "{{ firefox_profiles.files[0].path | quote }}/prefs.js" | |
regexp: '\"browser\.startup\.homepage\"' | |
line: 'user_pref("browser.startup.homepage", "https://fission.rax.io/|https://ssltool.rackspace.com/|https://core.rackspace.com");' | |
- name: Acquire nuclear agent | |
get_url: | |
url: https://fission.rax.io/GoNuclearAgent/go-nuclear-agent-current-linux-amd64 | |
dest: /usr/local/bin/go-nuclear-agent-current-linux-amd64 | |
mode: "u=rwx,g=rx,o=rx" | |
- name: Set up systemd service | |
copy: | |
dest: /etc/systemd/system/go-nuclear-agent.service | |
content: | | |
[Unit] | |
Description=Local Agent for Fission/ControlRod | |
[Service] | |
KillMode=process | |
ExecStart=/usr/local/bin/go-nuclear-agent-current-linux-amd64 | |
WorkingDirectory=/home/{{ sso_user }}/ | |
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | |
Environment="DISPLAY=:0" | |
Environment="XAUTHORITY=/home/{{ sso_user }}/.Xauthority" | |
# Note: user units follow default.target only | |
[Install] | |
WantedBy=default.target | |
- name: Enable nuclear agent service | |
service: | |
name: go-nuclear-agent.service | |
enabled: yes | |
state: started | |
- name: Grab Violentmonkey | |
get_url: | |
url: https://addons.mozilla.org/firefox/downloads/file/797312/violentmonkey-2.8.22-an+fx.xpi | |
dest: /home/demo1234/.mozilla/extensions/{aecec67f-0d10-4fa7-b7c7-609a2db280cf}.xpi | |
owner: "{{ sso_user }}" | |
group: "{{ sso_user }}" | |
- name: Copy Firefox profile to new user | |
synchronize: | |
src: /home/demo1234/.mozilla/ | |
dest: /home/{{ sso_user }}/.mozilla/ | |
delete: yes | |
recursive: yes | |
delegate_to: "{{ inventory_hostname }}" | |
- name: Change ownership of Firefox profile | |
file: | |
path: /home/{{ sso_user }}/.mozilla | |
state: directory | |
owner: "{{ sso_user }}" | |
group: "{{ sso_user }}" | |
recurse: yes | |
- name: Copy userscripts.zip to new user home dir | |
synchronize: | |
src: /home/demo1234/userscripts.zip | |
dest: /home/{{ sso_user }}/userscripts.zip | |
delegate_to: "{{ inventory_hostname }}" | |
- name: Change ownership of userscripts.zip | |
file: | |
path: /home/{{ sso_user }}/userscripts.zip | |
owner: "{{ sso_user }}" | |
group: "{{ sso_user }}" | |
delegate_to: "{{ inventory_hostname }}" | |
- name: Set SSH Config | |
copy: | |
dest: /home/{{ sso_user }}/.ssh/config | |
content: | | |
# RSA Logins: helpful links that match your preferred HostName below. | |
# You will need to make sure you are authenticated to the endpoint | |
# in your datacenter, otherwise you won't be able to connect. | |
# https://rax.io/auth-dfw1 | |
# https://rax.io/auth-hkg1 | |
# https://rax.io/auth-iad3 | |
# https://rax.io/auth-lon3 | |
# https://rax.io/auth-lon5 | |
# https://rax.io/auth-ord1 | |
# https://rax.io/auth-syd2 | |
# Common settings for all connections | |
ForwardAgent yes | |
ForwardX11Trusted yes | |
GSSAPIAuthentication no | |
HashKnownHosts yes | |
IdentitiesOnly yes | |
IdentityFile ~/.ssh/id_rsa | |
ServerAliveInterval 300 | |
StrictHostKeyChecking no | |
TCPKeepAlive yes | |
VerifyHostKeyDNS no | |
VisualHostKey yes | |
Host cbast.{{ default_dc }}.corp.rackspace.net cbast bast bastion | |
HostName cbast.{{ default_dc }}.corp.rackspace.net | |
ProxyCommand none | |
User {{ sso_user }} | |
ControlMaster auto | |
ControlPath ~/.ssh/master-%r@%h:%p | |
# | |
# Most techs run a terminal permanently open to the bastion | |
# which serves as the MUX socket; if you do not do this, | |
# uncomment the below to have the first MUX created tossed | |
# into the background instead (man ssh -> "-O ctl_cmd") | |
ControlPersist 10h | |
Host * | |
ProxyCommand ssh -A cbast.{{ default_dc }}.corp.rackspace.net 'nc %h %p' | |
owner: "{{ sso_user }}" | |
group: "{{ sso_user }}" | |
mode: "u=rw,g=,o=" | |
- name: Slurp SSH Public key | |
slurp: | |
src: "/home/{{ sso_user }}/.ssh/id_rsa.pub" | |
register: ssh_pubkey | |
- name: Disable demo user in greeter | |
ini_file: | |
path: /etc/lightdm/users.conf | |
section: UserList | |
option: hidden-users | |
value: nobody nobody4 noaccess demo1234 | |
- name: Disable Guest session in greeter | |
ini_file: | |
path: /etc/lightdm/lightdm.conf.d/70-linuxmint.conf | |
section: SeatDefaults | |
option: allow-guest | |
value: false | |
- name: Update all packages to the latest version | |
apt: | |
upgrade: yes | |
when: do_upgrade | |
- name: Please add the following key to your rackerapp profile | |
debug: | |
msg: "{{ ssh_pubkey['content'] | b64decode | trim }}" | |
- name: Instructions for adding SSH key in RackerApp | |
debug: | |
msg: "Go to: rackerapp.rackspace.com -> My Profile -> Edit Your Information [Top Right] -> Key goes in Balabit SSH Public Key." | |
- name: To set up user scripts | |
debug: | |
msg: > | |
Once Violentmonkey is installed, open the preferences here: | |
moz-extension://19c8293d-28c4-482c-9c05-59de9f36678e/options/index.html#?t=Settings | |
and import the userscripts.zip included in your home directory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment