Using a playbook you can do it this way:
- name: Sudo user Creation
hosts: web
remote_user: root
tasks:
- name: create sudo user
user: name="{{base_user}}"
state=present
createhome=yes
groups="sudo"
append=yes
shell=/bin/bash
comment="Comment"
- name: Set up authorized keys for the sudo user
authorized_key:
user: "{{base_user}}"
key: "{{github_keys}}"
If you need to manually add a user called web you can do
useradd web -m -s /bin/bash
And then you can add him to the group www-data like so:
adduser web www-data
If you like to add a password you do it so:
passwd web
If you do not appreciate passwords and want to use SSH keys you can block password access at
/etc/ssh/sshd_config.
To add keys you will need an .ssh directory and inside of it authorized_keys as file:
ssh user@domain.com
mkdir .ssh
chmod 700 .ssh/
chown web:www-data .ssh/
cd .ssh/
touch authorized_keys
nano authorized_keys # Add you keys
chown web:www-data authorized_keys
chmod 600 authorized_keys
If at a later stage you would like to shut down ssh access for root on your local box do the following:
ssh laravel@ip
Then on the remote do:
sudo su
nano /etc/ssh/sshd_config
Make sure you set root access to no to secure the box
PermitRootLogin no
Then you need to restart the SSH server:
service ssh restart
And log off as root and exit box as laravel:
exit
exit
Then make sure SSH agent forwarding is working to forward the SSH key to access the repository. Add the following to ~/.ssh/config
:
Host *
ForwardAgent yes
I am using * as the Host as called "Laravel" + ip address did not work. May be a configuration issue on my part that can be changed later on. Also, to make sure the ssh agent is running and your ssh key is included you can run:
eval `ssh-agent -s`
ssh-add
https://gist.github.com/pogorelov-ss/41893e17c7c4776d4d57
#test SSH agent forwarding
- shell: echo "Client= [$SSH_CLIENT] Sock= [$SSH_AUTH_SOCK]"
remote_user: laravel
register: myecho
- debug: msg="{{myecho.stdout}}"
- shell: ssh-add -l
become: no
register: myecho
- debug: msg="{{myecho.stdout}}"
# - shell: ssh -T -vvvv git@github.com
# register: myecho
# - debug: msg="{{myecho.stdout}}"
- name: Get app from Github
remote_user: laravel
git:
repo="{{repo_url}}"
dest=repo/myproject.git
accept_hostkey=yes
force=yes
bare=yes
update=yes
version="{{ git_branch }}"
- name: Create project folder
remote_user: root
file: path=/var/www/{{ project_folder }}
owner={{ www_user }}
group={{ www_user }}
mode=0775
state=directory
- name: checkout app to project folder
environment:
GIT_WORK_TREE: /var/www/{{ project_folder }}
shell:
git checkout {{ git_branch}} -f
chdir=/home/{{base_user}}/repo/myproject.git