From d1e4062604fdf9ff97959e396f6be4aac2c33478 Mon Sep 17 00:00:00 2001 From: Yujun Zhang Date: Wed, 23 Nov 2016 16:02:35 +0800 Subject: Reorganize the inventory - update server name and spec - group servers by usage - assign roles for each group - rename role ssh to user Change-Id: Ibc0a599adfabee296510f140319889775d9ae6cc Signed-off-by: Yujun Zhang --- opt/servers/roles/ssh/defaults/main.yml | 6 ---- opt/servers/roles/ssh/files/serena.authorized_keys | 1 - opt/servers/roles/ssh/files/taseer.authorized_keys | 1 - opt/servers/roles/ssh/files/yujunz.authorized_keys | 3 -- .../roles/ssh/files/zhifeng.authorized_keys | 1 - opt/servers/roles/ssh/tasks/main.yml | 29 ------------------ opt/servers/roles/user/defaults/main.yml | 6 ++++ .../roles/user/files/serena.authorized_keys | 1 + opt/servers/roles/user/files/sudoers.d-qtip | 2 ++ .../roles/user/files/taseer.authorized_keys | 1 + .../roles/user/files/yujunz.authorized_keys | 3 ++ .../roles/user/files/zhifeng.authorized_keys | 1 + opt/servers/roles/user/tasks/main.yml | 35 ++++++++++++++++++++++ 13 files changed, 49 insertions(+), 41 deletions(-) delete mode 100644 opt/servers/roles/ssh/defaults/main.yml delete mode 100644 opt/servers/roles/ssh/files/serena.authorized_keys delete mode 100644 opt/servers/roles/ssh/files/taseer.authorized_keys delete mode 100644 opt/servers/roles/ssh/files/yujunz.authorized_keys delete mode 100644 opt/servers/roles/ssh/files/zhifeng.authorized_keys delete mode 100644 opt/servers/roles/ssh/tasks/main.yml create mode 100644 opt/servers/roles/user/defaults/main.yml create mode 100644 opt/servers/roles/user/files/serena.authorized_keys create mode 100644 opt/servers/roles/user/files/sudoers.d-qtip create mode 100644 opt/servers/roles/user/files/taseer.authorized_keys create mode 100644 opt/servers/roles/user/files/yujunz.authorized_keys create mode 100644 opt/servers/roles/user/files/zhifeng.authorized_keys create mode 100644 opt/servers/roles/user/tasks/main.yml (limited to 'opt/servers/roles') diff --git a/opt/servers/roles/ssh/defaults/main.yml b/opt/servers/roles/ssh/defaults/main.yml deleted file mode 100644 index 41ee9853..00000000 --- a/opt/servers/roles/ssh/defaults/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -users: - - { name: yujunz, comment: "Yujun Zhang " } - - { name: taseer, comment: "Taseer Ahmed " } - - { name: serena, comment: "Serena Feng " } - - { name: zhifeng, comment: "Zhifeng Jiang" } diff --git a/opt/servers/roles/ssh/files/serena.authorized_keys b/opt/servers/roles/ssh/files/serena.authorized_keys deleted file mode 100644 index 5cdbfe00..00000000 --- a/opt/servers/roles/ssh/files/serena.authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYlLrMOPxwLNQvLpxXVLYXQCxNkaKfVWt7u9k+6T0SU7VNuT8e1VoTk6b/iVWyXQ4j1hW4sNroTucqZjl+8V2z2nYgpEMIy6jBuehlKP2LJ9v/p98/OBVVxgEnRJGzFYIeO/GKBLMaUu43OkCO2Ef67qKeISeNP5/ewUR12YCUHQg5GkGYnDL3fFd7SiVDkYPEXQvHfi85beGOuPwDTjbKoKbF9WATIIzJSPUmslGjFRpKqM8AQLGWEyTeklU7H4ddRqaKxe6DGbpTLJM2rCMF8W91097nmiOKEnuxi6vJKTmyX81BZXi48ugCRh3942ONYRH8W7dBegrvRY3kyAtH root@gsmdev-VirtualBox diff --git a/opt/servers/roles/ssh/files/taseer.authorized_keys b/opt/servers/roles/ssh/files/taseer.authorized_keys deleted file mode 100644 index 2efb95e8..00000000 --- a/opt/servers/roles/ssh/files/taseer.authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCxCG9Z+8rBLQiJ9yt+RzRkAZZQIlou83e899Kkuf/UgXd+1TUgIu4AJUDvayrorTxk2kw7ra+DoysEa2NBkLL6FNnG+NpYV+XTaG+Z3tvp4l62ROV+5+O4soiWtBroRghQPDkrpiTQuFJ7/BKQt9bKZYPb3t2bxCLeFVWtUzCpFDIj6wDPGwDeTLnLMPtQNQtIlgPV+XGAet17rNSrm7EcDzqdDQcdZFmfeH5YvBsY9ZO+qwcbelEpMBWPsyEMU6OgwTqUj7mm3o+Quew35y13Zrhf+GAx5ZMXho/Cpjp1TzognDkwAFpFzZG7zWSNexXrD15Wzgyae2cl/vD75I7 taseer@123.org \ No newline at end of file diff --git a/opt/servers/roles/ssh/files/yujunz.authorized_keys b/opt/servers/roles/ssh/files/yujunz.authorized_keys deleted file mode 100644 index 83ed540d..00000000 --- a/opt/servers/roles/ssh/files/yujunz.authorized_keys +++ /dev/null @@ -1,3 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0o+WARhbI5DeZK9eiZKVprY3oQ910npo/EPFI9prfpN7zeF0UA4TwT9rqsrwFgRQeJkKvbDTOPt5Ox9vLIEnxT4PdirvrYNxtyJHHfbL4ZxKemYhBi2BA6CAbI3f9CR+dtbfOBxtTpXAj1Y5oA9y59o1hqHpuVmM8dBpcQt/ELdYCHZ0khxft5WaSOURsslTZN18bikVX9WHlKflVyRA8efxqzTZ4w5ufHl1Fv9i/G0u7iGbUtvlI8X7+Z+ePuysZhHKErQSGfv2NybDi+r8xM5hL2LYXxjAu0PV58olUl1SX40OY9yA2Yx+PVzIGhv6EQ8snUFnsoMy0ZIbQ+ysB yujunz@silver.mbp -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDs9VhmmGg0c7FTLMtoZlPue4N1DdSCh6r6YssmEY3e1GHPXJTGGTX7QKXEBlWd7EXq+uedwN+lU9C/FClwneP0M+4vprgqdmUcmlCoSI/RffQAymcuGbxvfptNcLpBApHn4C+e93H/5ryaypaG+6n8WtbDZDtvWgn2ZJY6hDdJSw6Y++C+zDI0QliTsrCHmnGnYcRuDWUNgaiERvW3cvpeF5duFJcDZ0NtMl2UjeGMYL0JU6YfIOIeeFwD0Su86Nf3RtoKF+RzO4LcrGLvywzM7C/iCncIdj6GZjpVBYnB5U6YUh8VqLjHVHjmjTpAjmsWcc8NnwNG9rHDbG6nrGWd yujunz@silver - diff --git a/opt/servers/roles/ssh/files/zhifeng.authorized_keys b/opt/servers/roles/ssh/files/zhifeng.authorized_keys deleted file mode 100644 index 195cfdca..00000000 --- a/opt/servers/roles/ssh/files/zhifeng.authorized_keys +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuck9a5uUXLtzlTaCYhwcLDffFH8o5ldhU4iKr0D4KaXlFfUsKD7VyHN+Zck3HBWTB4U7X9FEeFINtp2v2aoY8n74TS4LUGT8yqRYLyvsh2LgrhE4ouRvYgWlrZGice2x6ZZrcGM4uoGTC/lUHEvMDGDkDxUCfhxlFWcrplCUMcgd1V/5U14s0ufDgLGyEhXWWXFW4pNoqKBEGZNChBSvnq+NvOD7I4jgStUm9REooOp/VPpubH/6mSvDSTokCvrgWSCaNpcDqLCUjhwpoT/D1oFzEd4jBfPSV3jva+eAKPE2r/dnudQR5NR8T/eUz25YRGeJfrjDP6cMgXJoG43IXQ== root@fuel.domain.tld diff --git a/opt/servers/roles/ssh/tasks/main.yml b/opt/servers/roles/ssh/tasks/main.yml deleted file mode 100644 index 48318485..00000000 --- a/opt/servers/roles/ssh/tasks/main.yml +++ /dev/null @@ -1,29 +0,0 @@ -- name: add group qtip - become: true - group: name=qtip state=present -- name: add users for ssh access - become: true - user: - name: "{{ item.name }}" - comment: "{{ item.comment }}" - groups: "qtip" - append: yes - with_items: "{{ users }}" -- name: create .ssh directory - become: true - file: - path: "/home/{{ item.name }}/.ssh" - state: directory - owner: "{{ item.name }}" - group: "{{ item.name }}" - mode: 0700 - with_items: "{{ users }}" -- name: authorize public key - become: true - copy: - src: "{{ item.name }}.authorized_keys" - dest: "/home/{{ item.name }}/.ssh/authorized_keys" - owner: "{{ item.name }}" - group: "{{ item.name }}" - mode: 0600 - with_items: "{{ users }}" diff --git a/opt/servers/roles/user/defaults/main.yml b/opt/servers/roles/user/defaults/main.yml new file mode 100644 index 00000000..41ee9853 --- /dev/null +++ b/opt/servers/roles/user/defaults/main.yml @@ -0,0 +1,6 @@ +--- +users: + - { name: yujunz, comment: "Yujun Zhang " } + - { name: taseer, comment: "Taseer Ahmed " } + - { name: serena, comment: "Serena Feng " } + - { name: zhifeng, comment: "Zhifeng Jiang" } diff --git a/opt/servers/roles/user/files/serena.authorized_keys b/opt/servers/roles/user/files/serena.authorized_keys new file mode 100644 index 00000000..5cdbfe00 --- /dev/null +++ b/opt/servers/roles/user/files/serena.authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYlLrMOPxwLNQvLpxXVLYXQCxNkaKfVWt7u9k+6T0SU7VNuT8e1VoTk6b/iVWyXQ4j1hW4sNroTucqZjl+8V2z2nYgpEMIy6jBuehlKP2LJ9v/p98/OBVVxgEnRJGzFYIeO/GKBLMaUu43OkCO2Ef67qKeISeNP5/ewUR12YCUHQg5GkGYnDL3fFd7SiVDkYPEXQvHfi85beGOuPwDTjbKoKbF9WATIIzJSPUmslGjFRpKqM8AQLGWEyTeklU7H4ddRqaKxe6DGbpTLJM2rCMF8W91097nmiOKEnuxi6vJKTmyX81BZXi48ugCRh3942ONYRH8W7dBegrvRY3kyAtH root@gsmdev-VirtualBox diff --git a/opt/servers/roles/user/files/sudoers.d-qtip b/opt/servers/roles/user/files/sudoers.d-qtip new file mode 100644 index 00000000..e96d278a --- /dev/null +++ b/opt/servers/roles/user/files/sudoers.d-qtip @@ -0,0 +1,2 @@ +# Group rules for qtip-contributors +%qtip ALL=(ALL) NOPASSWD:ALL diff --git a/opt/servers/roles/user/files/taseer.authorized_keys b/opt/servers/roles/user/files/taseer.authorized_keys new file mode 100644 index 00000000..2efb95e8 --- /dev/null +++ b/opt/servers/roles/user/files/taseer.authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCxCG9Z+8rBLQiJ9yt+RzRkAZZQIlou83e899Kkuf/UgXd+1TUgIu4AJUDvayrorTxk2kw7ra+DoysEa2NBkLL6FNnG+NpYV+XTaG+Z3tvp4l62ROV+5+O4soiWtBroRghQPDkrpiTQuFJ7/BKQt9bKZYPb3t2bxCLeFVWtUzCpFDIj6wDPGwDeTLnLMPtQNQtIlgPV+XGAet17rNSrm7EcDzqdDQcdZFmfeH5YvBsY9ZO+qwcbelEpMBWPsyEMU6OgwTqUj7mm3o+Quew35y13Zrhf+GAx5ZMXho/Cpjp1TzognDkwAFpFzZG7zWSNexXrD15Wzgyae2cl/vD75I7 taseer@123.org \ No newline at end of file diff --git a/opt/servers/roles/user/files/yujunz.authorized_keys b/opt/servers/roles/user/files/yujunz.authorized_keys new file mode 100644 index 00000000..83ed540d --- /dev/null +++ b/opt/servers/roles/user/files/yujunz.authorized_keys @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0o+WARhbI5DeZK9eiZKVprY3oQ910npo/EPFI9prfpN7zeF0UA4TwT9rqsrwFgRQeJkKvbDTOPt5Ox9vLIEnxT4PdirvrYNxtyJHHfbL4ZxKemYhBi2BA6CAbI3f9CR+dtbfOBxtTpXAj1Y5oA9y59o1hqHpuVmM8dBpcQt/ELdYCHZ0khxft5WaSOURsslTZN18bikVX9WHlKflVyRA8efxqzTZ4w5ufHl1Fv9i/G0u7iGbUtvlI8X7+Z+ePuysZhHKErQSGfv2NybDi+r8xM5hL2LYXxjAu0PV58olUl1SX40OY9yA2Yx+PVzIGhv6EQ8snUFnsoMy0ZIbQ+ysB yujunz@silver.mbp +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDs9VhmmGg0c7FTLMtoZlPue4N1DdSCh6r6YssmEY3e1GHPXJTGGTX7QKXEBlWd7EXq+uedwN+lU9C/FClwneP0M+4vprgqdmUcmlCoSI/RffQAymcuGbxvfptNcLpBApHn4C+e93H/5ryaypaG+6n8WtbDZDtvWgn2ZJY6hDdJSw6Y++C+zDI0QliTsrCHmnGnYcRuDWUNgaiERvW3cvpeF5duFJcDZ0NtMl2UjeGMYL0JU6YfIOIeeFwD0Su86Nf3RtoKF+RzO4LcrGLvywzM7C/iCncIdj6GZjpVBYnB5U6YUh8VqLjHVHjmjTpAjmsWcc8NnwNG9rHDbG6nrGWd yujunz@silver + diff --git a/opt/servers/roles/user/files/zhifeng.authorized_keys b/opt/servers/roles/user/files/zhifeng.authorized_keys new file mode 100644 index 00000000..195cfdca --- /dev/null +++ b/opt/servers/roles/user/files/zhifeng.authorized_keys @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuck9a5uUXLtzlTaCYhwcLDffFH8o5ldhU4iKr0D4KaXlFfUsKD7VyHN+Zck3HBWTB4U7X9FEeFINtp2v2aoY8n74TS4LUGT8yqRYLyvsh2LgrhE4ouRvYgWlrZGice2x6ZZrcGM4uoGTC/lUHEvMDGDkDxUCfhxlFWcrplCUMcgd1V/5U14s0ufDgLGyEhXWWXFW4pNoqKBEGZNChBSvnq+NvOD7I4jgStUm9REooOp/VPpubH/6mSvDSTokCvrgWSCaNpcDqLCUjhwpoT/D1oFzEd4jBfPSV3jva+eAKPE2r/dnudQR5NR8T/eUz25YRGeJfrjDP6cMgXJoG43IXQ== root@fuel.domain.tld diff --git a/opt/servers/roles/user/tasks/main.yml b/opt/servers/roles/user/tasks/main.yml new file mode 100644 index 00000000..b1b5be9b --- /dev/null +++ b/opt/servers/roles/user/tasks/main.yml @@ -0,0 +1,35 @@ +- name: add group qtip + become: true + group: name=qtip state=present +- name: add qtip to sudoers without password + become: true + file: + src: sudoers.d-qtip + dest: /etc/sudoers.d/50-qtip + mode: 0440 +- name: add users for ssh access + become: true + user: + name: "{{ item.name }}" + comment: "{{ item.comment }}" + groups: "qtip" + append: yes + with_items: "{{ users }}" +- name: create .ssh directory + become: true + file: + path: "/home/{{ item.name }}/.ssh" + state: directory + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0700 + with_items: "{{ users }}" +- name: authorize public key + become: true + copy: + src: "{{ item.name }}.authorized_keys" + dest: "/home/{{ item.name }}/.ssh/authorized_keys" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: 0600 + with_items: "{{ users }}" -- cgit 1.2.3-korg