3889c2e01c
Optional Ansible playbook for preparing a host for running Kargo. This includes creation of a user account, some basic packages, and sysctl values required to allow CNI networking on a libvirt network.
46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
---
|
|
- name: Create user {{ k8s_deployment_user }}
|
|
user:
|
|
name: "{{ k8s_deployment_user }}"
|
|
groups: adm
|
|
shell: /bin/bash
|
|
|
|
- name: Ensure that .ssh exists
|
|
file:
|
|
path: "/home/{{ k8s_deployment_user }}/.ssh"
|
|
state: directory
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
|
|
- name: Configure sudo for deployment user
|
|
copy:
|
|
content: |
|
|
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
|
|
dest: "/etc/sudoers.d/55-k8s-deployment"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Write private SSH key
|
|
copy:
|
|
src: "{{ k8s_deployment_user_pkey_path }}"
|
|
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
|
|
mode: 0400
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
when: k8s_deployment_user_pkey_path is defined
|
|
|
|
- name: Write public SSH key
|
|
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
|
|
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
args:
|
|
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
when: k8s_deployment_user_pkey_path is defined
|
|
|
|
- name: Fix ssh-pub-key permissions
|
|
file:
|
|
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
mode: 0600
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
when: k8s_deployment_user_pkey_path is defined
|