Created
February 22, 2019 14:17
-
-
Save oneryalcin/f32195cbc95d2dd4e9c93f4d15b857d9 to your computer and use it in GitHub Desktop.
Ansible 2.7 compatible Playbook that deploys a new user with sudo rights and passwordless login to remote server. It also disables root user and password authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######### ansible.cfg FILE ############ | |
[defaults] | |
inventory = ./dev | |
######### DEV FILE ############ | |
# Dev file | |
[servers] | |
server01 | |
[servers:vars] | |
ansible_user=root | |
ansible_python_interpreter=/usr/bin/python3 | |
######### main yml file ############ | |
--- | |
- hosts: all | |
become: true | |
gather_facts: true | |
roles: | |
- user_setup | |
######### VARS FILE in user_setup role ############ | |
--- | |
# vars file for system-setup | |
deploy_user: Enter the user here | |
######### TASKS FILE in user_setup role ############ | |
--- | |
# tasks file for system-setup | |
- name: Make sure whe have a 'wheel' group | |
group: | |
name: wheel | |
state: present | |
- name: Allow 'wheel' group to have passwordless sudo | |
lineinfile: | |
dest: /etc/sudoers | |
state: present | |
regexp: '^%wheel' | |
line: '%wheel ALL=(ALL) NOPASSWD: ALL' | |
validate: 'visudo -cf %s' | |
- name: Create a new user {{ deploy_user }} with sudo rights | |
user: | |
name: "{{ deploy_user }}" | |
state: present | |
createhome: yes | |
comment: "Charta User" | |
groups: wheel | |
shell: /bin/bash | |
# password: "{{ deploy_pass | password_hash('sha512') }}" | |
generate_ssh_key: yes | |
ssh_key_bits: 2048 | |
ssh_key_file: .ssh/id_rsa | |
- name: Deploy SSH Key for {{ deploy_user }} | |
authorized_key: | |
user: "{{ deploy_user }}" | |
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" | |
state: present | |
- name: Disable Password Authentication | |
lineinfile: | |
path: /etc/ssh/sshd_config | |
regexp: '^PasswordAuthentication' | |
line: "PasswordAuthentication no" | |
state: present | |
backup: yes | |
notify: | |
- restart ssh | |
- name: Disable Root Login | |
lineinfile: | |
path: /etc/ssh/sshd_config | |
regexp: '^PermitRootLogin' | |
line: "PermitRootLogin no" | |
state: present | |
backup: yes | |
notify: | |
- restart ssh | |
######### HANDLERS FILE in user_setup role ############ | |
# handlers file for system-setup | |
- name: restart ssh | |
service: | |
name: sshd | |
state: restarted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment