7516fe142f
* Ansible: move to Ansible 3.4.0 which uses ansible-base 2.10.10 * Docs: add a note about ansible upgrade post 2.9.x * CI: ensure ansible is removed before ansible 3.x is installed to avoid pip failures * Ansible: use newer ansible-lint * Fix ansible-lint 5.0.11 found issues * syntax issues * risky-file-permissions * var-naming * role-name * molecule tests * Mitogen: use 0.3.0rc1 which adds support for ansible 2.10+ * Pin ansible-base to 2.10.11 to get package fix on RHEL8
47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
---
|
|
- name: Create user {{ k8s_deployment_user }}
|
|
user:
|
|
name: "{{ k8s_deployment_user }}"
|
|
groups: adm
|
|
shell: /bin/bash
|
|
|
|
- name: Ensure that .ssh exists
|
|
file:
|
|
path: "/home/{{ k8s_deployment_user }}/.ssh"
|
|
state: directory
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
mode: 0700
|
|
|
|
- name: Configure sudo for deployment user
|
|
copy:
|
|
content: |
|
|
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
|
|
dest: "/etc/sudoers.d/55-k8s-deployment"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Write private SSH key
|
|
copy:
|
|
src: "{{ k8s_deployment_user_pkey_path }}"
|
|
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
|
|
mode: 0400
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
when: k8s_deployment_user_pkey_path is defined
|
|
|
|
- name: Write public SSH key
|
|
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
|
|
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
args:
|
|
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
when: k8s_deployment_user_pkey_path is defined
|
|
|
|
- name: Fix ssh-pub-key permissions
|
|
file:
|
|
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
mode: 0600
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
when: k8s_deployment_user_pkey_path is defined
|