Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
bootstrap a freebsd 9.2 host with ansible. it requires a password for the root user to be set for which it will prompt you (-k). you must use the paramiko transport to allow password based login. based on https://gist.github.com/illenseer/6390361
---
# run this with ansible-playbook -i ansible_hosts bootstrap.yml -k -c paramiko
- hosts: jails_host
gather_facts: false
remote_user: root
tasks:
- name: install pkgng
raw: "pkg_info | grep -v 'pkg-' > /dev/null ; if $? pkg_add -r pkg; rehash ; pkg2ng; echo 'WITH_PKGNG=yes' >> /etc/make.conf; echo 'packagesite: http://pkgbeta.freebsd.org/freebsd%3A9%3Ax86%3A64/latest' >> /usr/local/etc/pkg.conf; pkg update ; pkg upgrade -y"
- name: install python27
raw: "pkg install -y python27"
- name: add ansible ssh-key
authorized_key: user=root key="{{ item }}"
with_file:
- ~/.ssh/identity.pub
@dch

This comment has been minimized.

Copy link

commented Jun 9, 2014

Here's a couple of other tricks that may be useful:

# bootstraps a remote node to respect ansible's authority

---
- hosts: bootstrap
  user: root
  gather_facts: no
  tasks:
    - name: bootstrap pkg tool
      raw: /usr/sbin/pkg -N
      register: pkg
      ignore_errors: True
    - raw: /usr/bin/env ASSUME_ALWAYS_YES=1 /usr/sbin/pkg bootstrap -f
      when: pkg|failed

    - name: install python
      raw: /usr/sbin/pkg install -y python27

    - name: run inventory
      setup:

    - name: create ansible user if missing
      user: name=ansible password=* createhome=yes system=yes state=present uid=998

    - name: enable key-based ssh access for ansible user
      authorized_key: user=ansible
                      key="{{ item }}"
      with_file:
        - /sync/keys/ssh/skunkwerks_ansible_20130625.pub
        - /sync/keys/ssh/skunkwerks_dch_20121025.pub

    - name: install sudo
      pkgng: name=sudo state=present

    - name: allow wheel and ansible to sudo
      copy:
        content: "# ansible managed\n%wheel ALL=(ALL) NOPASSWD: ALL\n%ansible ALL=(ALL) NOPASSWD: ALL\n"
        dest: /usr/local/etc/sudoers.d/ansible
        validate: 'visudo -cf %s'

    - name: install mosh
      pkgng: name=net/mosh state=present

    - name: disable sshd root login
      lineinfile:
        destfile: /etc/ssh/sshd_config
        regexp: '^PermitRootLogin'
        line: 'PermitRootLogin no'
        state: present
        insertafter: '^#PermitRootLogin' 
        validate: '/usr/sbin/sshd -T -f %s'
      notify:
      - restart sshd

    - name: use Port 2200 only
      lineinfile:
        destfile: /etc/ssh/sshd_config
        regexp: '^Port'
        line: 'Port 2200'
        state: present
        insertafter: '^#Port'
        validate: '/usr/sbin/sshd -T -f %s'
      notify:
      - restart sshd

    - name: run inventory
      setup:

  handlers:
    - name: restart sshd
      service: name=sshd state=restarted
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.