From f5e74051880a59372e16c2bf36a6dc9f4f12c548 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 22 Feb 2021 09:18:39 +0100
Subject: [PATCH] [root] split root play and deploy root password
---
group_vars/all/root.yml | 3 +++
plays/baie.yml | 5 +++++
plays/root.yml | 40 ++++-----------------------------------
plays/scripts.yml | 7 +++++++
plays/utilities.yml | 17 +++++++++++++++++
plays/vm_setup | 17 +++++++++++++++++
roles/root/tasks/main.yml | 6 ++++++
7 files changed, 59 insertions(+), 36 deletions(-)
create mode 100644 group_vars/all/root.yml
create mode 100755 plays/baie.yml
create mode 100755 plays/scripts.yml
create mode 100755 plays/utilities.yml
create mode 100755 plays/vm_setup
create mode 100644 roles/root/tasks/main.yml
diff --git a/group_vars/all/root.yml b/group_vars/all/root.yml
new file mode 100644
index 00000000..da303bfc
--- /dev/null
+++ b/group_vars/all/root.yml
@@ -0,0 +1,3 @@
+---
+glob_root:
+ passwd_hash: '{{ vault.root_passwd_hash }}'
diff --git a/plays/baie.yml b/plays/baie.yml
new file mode 100755
index 00000000..298fd46d
--- /dev/null
+++ b/plays/baie.yml
@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: baie
+ roles:
+ - baie
diff --git a/plays/root.yml b/plays/root.yml
index 2f0fbcfb..bac65694 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -20,35 +20,16 @@
insertafter: '127.0.0.1 localhost'
when: check_mirror.found == 0
-- hosts: baie
- roles:
- - baie
-
- hosts: virtu
roles:
- proxmox-apt-sources
- hosts: server
- vars:
- # # Will be in /usr/scripts/
- # crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
-
- ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
- # crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
roles:
- debian-apt-sources
- - common-tools
- - sudo
- - ntp-client
- # - crans-scripts
- - root-config
- - ssh_known_hosts
-
-- hosts: crans_vm
- roles:
- - qemu-guest-agent
- - serial-tty
+- import_playbook: baie.yml
+- import_playbook: utilities.yml
- import_playbook: slapd.yml
- hosts: server
@@ -61,21 +42,8 @@
roles:
- home-nounous
-- hosts: server,!virtu
- roles:
- - openssh
-
-- hosts: crans_vm
- tasks:
- - name: Remove cloud-init
- apt:
- name: cloud-init
- state: absent
- purge: true
- register: apt_result
- retries: 3
- until: apt_result is succeeded
-
+- import_playbook: scripts.yml
+- import_playbook: vm-setup.yml
- import_playbook: borgbackup_client.yml
- import_playbook: monitoring.yml
- import_playbook: network_interfaces.yml
diff --git a/plays/scripts.yml b/plays/scripts.yml
new file mode 100755
index 00000000..4683280a
--- /dev/null
+++ b/plays/scripts.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: server
+ vars:
+ crans_scripts: '{{ glob_crans_scripts | combine(loc_crans_scripts | default({})) }}'
+ roles:
+ - crans-scripts
diff --git a/plays/utilities.yml b/plays/utilities.yml
new file mode 100755
index 00000000..97a3cedb
--- /dev/null
+++ b/plays/utilities.yml
@@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: server
+ vars:
+ root: '{{ glob_root | default({}) | combine(loc_root | default({})) }}'
+ ntp_client: '{{ glob_ntp_client | combine(loc_ntp_client | default({})) }}'
+ roles:
+ - root
+ - common-tools
+ - sudo
+ - ntp-client
+ - root-config
+ - ssh_known_hosts
+
+- hosts: server,!virtu
+ roles:
+ - openssh
diff --git a/plays/vm_setup b/plays/vm_setup
new file mode 100755
index 00000000..13cd8c9c
--- /dev/null
+++ b/plays/vm_setup
@@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_vm
+ roles:
+ - qemu-guest-agent
+ - serial-tty
+
+- hosts: crans_vm
+ tasks:
+ - name: Remove cloud-init
+ apt:
+ name: cloud-init
+ state: absent
+ purge: true
+ register: apt_result
+ retries: 3
+ until: apt_result is succeeded
diff --git a/roles/root/tasks/main.yml b/roles/root/tasks/main.yml
new file mode 100644
index 00000000..721309f3
--- /dev/null
+++ b/roles/root/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Deploys root password hash
+ replace:
+ path: /etc/shadow
+ regexp: '^root:[^:]*:'
+ replace: 'root:{{ root.passwd_hash }}:'
--
GitLab