From a6ddee3b7d7ca882772677013c7e02bb7a27a526 Mon Sep 17 00:00:00 2001 From: boom2 Date: Tue, 19 Dec 2023 22:23:26 -0500 Subject: - removed backup files - add .gitignore - journal entries on slack packages - add two new ansible playbooks on create/update users --- .../system/08-playbook-add-gpg-keys.yml~ | 5 -- ...9-playbook-copy-system-files-on-controller.yml~ | 81 ---------------------- .../system/09-playbook-copy-system-files.yml~ | 32 --------- .../10-playbook-copy-system-files-on-node.yml~ | 25 ------- .../system/11-playbook-herd-new-host.yml~ | 5 -- ansible-practice/system/12-replace-text.yml~ | 15 ---- ansible-practice/system/13-create-update-user.yml~ | 8 --- .../system/13_1-create-update-user-with-prompt.yml | 73 +++++++++++++++++++ .../13_2-create-update-user-authorized_key.yml | 29 ++++++++ ansible-practice/system/14-verify-user.yml~ | 19 ----- 10 files changed, 102 insertions(+), 190 deletions(-) delete mode 100644 ansible-practice/system/08-playbook-add-gpg-keys.yml~ delete mode 100644 ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~ delete mode 100644 ansible-practice/system/09-playbook-copy-system-files.yml~ delete mode 100644 ansible-practice/system/10-playbook-copy-system-files-on-node.yml~ delete mode 100644 ansible-practice/system/11-playbook-herd-new-host.yml~ delete mode 100644 ansible-practice/system/12-replace-text.yml~ delete mode 100644 ansible-practice/system/13-create-update-user.yml~ create mode 100644 ansible-practice/system/13_1-create-update-user-with-prompt.yml create mode 100644 ansible-practice/system/13_2-create-update-user-authorized_key.yml delete mode 100644 ansible-practice/system/14-verify-user.yml~ (limited to 'ansible-practice') diff --git a/ansible-practice/system/08-playbook-add-gpg-keys.yml~ b/ansible-practice/system/08-playbook-add-gpg-keys.yml~ deleted file mode 100644 index 889d146..0000000 --- a/ansible-practice/system/08-playbook-add-gpg-keys.yml~ +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: "08 - custom ansible - add slackware-related gpg keys to users keychain" - hosts: localhost - roles: - - bash_config \ No newline at end of file diff --git a/ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~ b/ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~ deleted file mode 100644 index 90ca529..0000000 --- a/ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~ +++ /dev/null @@ -1,81 +0,0 @@ -# create backup copies of system files on control node -# -# https://www.freekb.net/Article?id=759 -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html -# https://phoenixnap.com/kb/ansible-check-if-file-exists -# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#registering-variables -# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html -# -# https://www.howtouselinux.com/post/ansible-copy-module-examples-to-copy-file-to-remote-server -# -# -# had to run the command like so: -# -# ansible-playbook 09-playbook-copy-system-files.yml --ask-become-pass -# -# -or- -# -# ansible-playbook 09-playbook-copy-system-files.yml -K -# -# -or- -# -# ansible-playbook 09-playbook-copy-system-files.yml --become -K -# - ---- -- name: "09 - custom ansible - backup system files" - hosts: localhost - tasks: - - name: check backup directory status - ansible.builtin.stat: - path: "{{ backup_etc_dir }}" - register: backup_dir - tags: ['backup_dir_status'] - - - name: create backup directory if it does not exist - ansible.builtin.file: - path: "{{ backup_etc_dir }}" - state: directory - when: backup_dir.stat.isdir is not defined - tags: ['create_backup_dir'] - -#- name: Print a debug message -# ansible.builtin.debug: -# msg: "isdir isn't defined (path doesn't exist)" -# when: backup_dir.stat.islnk is not defined - -# - name: backup '/etc/fstab' -# ansible.builtin.copy: -# src: /etc/fstab -# remote_src: true -# dest: "{{ backup_etc_dir }}/fstab" -## backup: true -# when: backup_dir.stat.isdir is defined -# delegate_to: localhost -# run_once: true -# tags: ['fstab'] - -# - name: backup '/etc/fstab' locally -# ansible.builtin.shell: sudo cp -a /etc/fstab {{ backup_etc_dir }}/ -# delegate_to: localhost -# run_once: true -# when: backup_dir.stat.isdir is defined -# tags: ['fstab'] - - - name: backup special '/etc/' files locally - ansible.builtin.shell: | - sudo cp -a /etc/hosts.allow {{ backup_etc_dir }}/ - cp -a /etc/hosts.deny {{ backup_etc_dir }}/ - cp -a /etc/inetd.conf {{ backup_etc_dir }}/ - cp -a /etc/sudoers {{ backup_etc_dir }}/ - cp -a /etc/hosts {{ backup_etc_dir }}/ - cp -a /etc/fstab {{ backup_etc_dir }}/ - cp -a /etc/inittab {{ backup_etc_dir }}/ - exit 0 - delegate_to: localhost - run_once: true - when: backup_dir.stat.isdir is defined - tags: ['fstab'] - diff --git a/ansible-practice/system/09-playbook-copy-system-files.yml~ b/ansible-practice/system/09-playbook-copy-system-files.yml~ deleted file mode 100644 index 17b0f00..0000000 --- a/ansible-practice/system/09-playbook-copy-system-files.yml~ +++ /dev/null @@ -1,32 +0,0 @@ -# reboot a host -# https://www.freekb.net/Article?id=3078 -# https://www.freekb.net/Article?id=2395 -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html -# -# - will need to find another option for reboot cuz this was a wonky behavior from ansible -# - it asked me to enter my passphrase 5 times before actually took properly -# -# had to run the command like so: -# -# ansible-playbook 11-playbook-reboot.yml --ask-become-pass -# -# -or- -# -# ansible-playbook 11-playbook-reboot.yml -K -# -# -or- -# -# ansible-playbook 11-playbook-reboot.yml --become -K -# - ---- -- name: "08 - custom ansible - backup system files" - hosts: all - tasks: - - name: reboot a host - ansible.builtin.reboot: - msg: "reboot initiated by ansible" - connect_timeout: 5 - post_reboot_delay: 30 - become: yes -... \ No newline at end of file diff --git a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml~ b/ansible-practice/system/10-playbook-copy-system-files-on-node.yml~ deleted file mode 100644 index 460dd21..0000000 --- a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml~ +++ /dev/null @@ -1,25 +0,0 @@ -# create backup copies of system files on control node -# -# https://www.freekb.net/Article?id=759 -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html -# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html -# https://phoenixnap.com/kb/ansible-check-if-file-exists -# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#registering-variables -# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html -# -# https://www.howtouselinux.com/post/ansible-copy-module-examples-to-copy-file-to-remote-server -# -# -# had to run the command like so: -# -# ansible-playbook 10-playbook-copy-system-files-on-node.yml --ask-become-pass -# -# -or- -# -# ansible-playbook 10-playbook-copy-system-files-on-node.yml -K -# -# -or- -# -# ansible-playbook 10-playbook-copy-system-files-on-node.yml --become -K -# diff --git a/ansible-practice/system/11-playbook-herd-new-host.yml~ b/ansible-practice/system/11-playbook-herd-new-host.yml~ deleted file mode 100644 index 6ffe1ea..0000000 --- a/ansible-practice/system/11-playbook-herd-new-host.yml~ +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: "11 - custom ansible - herd new host" - hosts: localhost - roles: - - bash_config \ No newline at end of file diff --git a/ansible-practice/system/12-replace-text.yml~ b/ansible-practice/system/12-replace-text.yml~ deleted file mode 100644 index 1848ea6..0000000 --- a/ansible-practice/system/12-replace-text.yml~ +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: "12 - custom ansible - replace text" - hosts: dev - tasks: - - name: update slackpg blacklist - ansible.builtin.replace: - path: "{{ backup_etc_dir }}/blacklist" - # regexp: '^#(kernel-.+)$' - # replace: '\1' - regexp: "kernel" - replace: "kerneldaryll" - owner: root - group: root - backup: yes - tags: ['slackpkg_blacklist'] diff --git a/ansible-practice/system/13-create-update-user.yml~ b/ansible-practice/system/13-create-update-user.yml~ deleted file mode 100644 index d7fc422..0000000 --- a/ansible-practice/system/13-create-update-user.yml~ +++ /dev/null @@ -1,8 +0,0 @@ -# -# https://www.howtouselinux.com/post/create-user-with-ansible -# ---- -- name: "13 - custom ansible - create/update user" - hosts: dev - become: yes # Run tasks with root/sudo privileges - tasks: diff --git a/ansible-practice/system/13_1-create-update-user-with-prompt.yml b/ansible-practice/system/13_1-create-update-user-with-prompt.yml new file mode 100644 index 0000000..7bd0760 --- /dev/null +++ b/ansible-practice/system/13_1-create-update-user-with-prompt.yml @@ -0,0 +1,73 @@ +# +# https://www.howtouselinux.com/post/create-user-with-ansible +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html +# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html +# https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html +# https://www.codesandnotes.be/2020/01/13/generate-ssh-keys-using-ansible/ +# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html +# +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html +# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/find_module.html +# +# https://stackoverflow.com/questions/4411457/how-do-i-verify-check-test-validate-my-ssh-passphrase +# +# - an issue i found while trying to update a user's ssh key +# - although the docs state that this can be done...it did not work for me ! +# - the only thing that worked was to remove previous keys and then add new ones +# +# +--- +- name: "13.1 -- custom ansible - create/update user with a prompt" + hosts: dev + become: yes # Run tasks with root/sudo privileges + vars: + username: testuser1 + + vars_prompt: + - name: "passphrase" + prompt: "enter the passphrase for the ssh key" + + tasks: +# - name: backup users ssh keys +# ansible.builtin.shell: | +# sudo mv /home/{{ username }}/.ssh/id_ed25519 /home/{{ username }}/.ssh/id_ed25519_BAK +# mv /home/{{ username }}/.ssh/id_ed25519.pub /home/{{ username }}/.ssh/id_ed25519.pub_BAK +# exit 0 +# tags: ['backup_ssh_files'] + + - name: find files to delete w/ wildcard + ansible.builtin.find: + path: /home/{{ username }}/.ssh + patterns: 'id_ed25519*' + register: ssh_keys + + - name: remove users ssh keys + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + with_items: "{{ ssh_keys.files }}" + tags: ['remove_ssh_files'] + + - name: update user + ansible.builtin.user: + name: "{{ username }}" + state: present # ensure the user is present + generate_ssh_key: true + force: true + ssh_key_type: ed25519 + ssh_key_passphrase: "{{ passphrase }}" + ssh_key_file: .ssh/id_ed25519 + tags: ['update_user'] + +# +# received the following when running this playbook: +# +# TASK [create user] ************************************************* +# +# [DEPRECATION WARNING]: Encryption using the Python crypt module is +# deprecated. The Python crypt module is deprecated and will be removed +# from Python 3.13. Install the passlib library for continued encryption +# functionality. This feature will be removed in version +# 2.17. Deprecation warnings can be disabled by setting +# deprecation_warnings=False in ansible.cfg. +# diff --git a/ansible-practice/system/13_2-create-update-user-authorized_key.yml b/ansible-practice/system/13_2-create-update-user-authorized_key.yml new file mode 100644 index 0000000..c046fe9 --- /dev/null +++ b/ansible-practice/system/13_2-create-update-user-authorized_key.yml @@ -0,0 +1,29 @@ +# +# https://www.codesandnotes.be/2020/01/13/generate-ssh-keys-using-ansible/ +# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html +# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_lookups.html +# +# - i couldnt really understand why we would use this module 'after' we created the +# 'testuser' w/ an ssh key. +# +# tldr; you don't !!!! +# +# - the correct way to use this is if u have a list of users and their public keys +# stored on the controller node. then when you create a managed node +# you can loop thru creating new users on it and add their public keys to that +# new node in a playbook. +# +--- +- name: "13.2 -- custom ansible - create/update user with a prompt" + hosts: dev + become: yes # Run tasks with root/sudo privileges + vars: + username: testuser1 + ssh_path: "keys/{{ username }}/id_ed25519.pub" + + tasks: + - name: set authorized key taken from file + ansible.posix.authorized_key: + user: "{{ username }}" + state: present # ensure the user is present + key: "{{ lookup('file', ssh_path) }}" diff --git a/ansible-practice/system/14-verify-user.yml~ b/ansible-practice/system/14-verify-user.yml~ deleted file mode 100644 index 4be4c36..0000000 --- a/ansible-practice/system/14-verify-user.yml~ +++ /dev/null @@ -1,19 +0,0 @@ -# -# https://www.howtouselinux.com/post/create-user-with-ansible -# ---- -- name: "14 - custom ansible - verifyl user" - hosts: dev - become: yes # Run tasks with root/sudo privileges - - tasks: - - name: check if user exists - ansible.builtin.shell: - register: user_check - ignore_errors: true - - - name: display user information - ansible.builtin.debug: - msg: "user '{{ username }}' exists !" - when: user_check.rc == 0 - -- cgit v1.2.3-54-g00ecf