3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
16 - name: Create Sudo user and ssh key pair for it.
18 name: "{{ sudo_user }}"
19 password: "{{ sudo_user_password }}"
22 ssh_key_file: .ssh/id_rsa
26 - name: Add to sudoer list
28 content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL"
29 dest: "/etc/sudoers.d/{{ sudo_user }}"
32 - name: Fetch the generated public ssh key
34 src: "/home/{{ sudo_user }}/.ssh/id_rsa.pub"
35 dest: "/tmp/id_rsa.pub"
37 when: inventory_hostname == groups['all'][0]
41 - name: Ensure sudo user's new public ssh key is in authorized_keys
43 user: "{{ sudo_user }}"
44 key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
50 - name: Populate authorized keys from config to sudo user
52 user: "{{ sudo_user }}"
53 key: "{{ sudo_user_authorized_keys | join('\n') }}"
56 - configured-authorized-keys
58 - name: Ensure there is a private key /etc/userconfig/id_rsa in virtual env. Provide read permissions to all users
60 path: "/etc/userconfig/id_rsa"
62 when: facter_virtual == "kvm"
64 - name: Ensure root has a .ssh directory
71 when: facter_virtual == "kvm"
73 - name: Copy /etc/userconfig/id_rsa /root/.ssh/id_rsa
75 src: /etc/userconfig/id_rsa
76 dest: /root/.ssh/id_rsa
80 when: facter_virtual == "kvm"
82 - name: Default http config listens on port 80, comment it.
84 path: "/etc/httpd/conf/httpd.conf"