jmlrt · April 14, 2016 21:57
diff --git a/ansible-bootstrap.yml b/ansible-bootstrap.yml
 ---
 - hosts: ansible
  vars:
    local_user: {{ user }}
    ansible_private_key: ansible.pem
    ansible_public_key: ansible.pub
  become: yes

  tasks:
  - name: ensure ansible and passlib are installed
    pip: name={{ item }} state=present
    with_items:
      - ansible
      - passlib
  - name: ensure apt cache is updated
    apt: update_cache=yes cache_valid_time=3600
  - name: ensure sshpass is installed
    apt: name=sshpass state=present
  - name: ensure .ssh directory exists
    file: path=/home/{{ local_user }}/.ssh state=directory mode=0700 owner={{ local_user }}
  - name: ensure ansible private key exists
    copy: src=./files/{{ ansible_private_key }} dest=/home/{{ local_user }}/.ssh/{{ ansible_private_key }} mode=0600 owner={{ local_user }} backup=yes
  - name: ensure ansible public key exists
    copy: src=./files/{{ ansible_public_key }} dest=/home/{{ local_user }}/.ssh/{{ ansible_public_key }} mode=0600 owner={{ local_user }} backup=yes

 - hosts: all
  vars:
    remote_user: ansible
    ansible_public_key: ansible.pub
  become: yes

  tasks:
  - name: ensure apt cache is updated
    apt: update_cache=yes cache_valid_time=3600
  - name: ensure ssh server and sudo are installed
    apt: name={{ item }}
    with_items:
      - openssh-server
      - sudo
  - name: ensure ansible user exists
    user: name={{ remote_user }} state=present
  - name: ensure SSH user connection is enabled
    lineinfile: dest=/etc/ssh/sshd_config state=present regexp='AllowUsers {{ remote_user }}' line='AllowUsers {{ remote_user }}'
    notify: restart ssh
  - name: ensure ansible public key exists
    authorized_key: user={{ remote_user }} key="{{ lookup('file', './files/{{ ansible_public_key }}') }}" state=present manage_dir=yes
  - name: ensure user can do sudo commands
    lineinfile: dest=/etc/sudoers state=present regexp='^{{ remote_user }} ALL\=' line='{{ remote_user }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s'

  handlers:
  - name: restart ssh
    service: name=ssh state=restarted
	---
	- hosts: ansible
	vars:
	local_user: {{ user }}
	ansible_private_key: ansible.pem
	ansible_public_key: ansible.pub
	become: yes

	tasks:
	- name: ensure ansible and passlib are installed
	pip: name={{ item }} state=present
	with_items:
	- ansible
	- passlib
	- name: ensure apt cache is updated
	apt: update_cache=yes cache_valid_time=3600
	- name: ensure sshpass is installed
	apt: name=sshpass state=present
	- name: ensure .ssh directory exists
	file: path=/home/{{ local_user }}/.ssh state=directory mode=0700 owner={{ local_user }}
	- name: ensure ansible private key exists
	copy: src=./files/{{ ansible_private_key }} dest=/home/{{ local_user }}/.ssh/{{ ansible_private_key }} mode=0600 owner={{ local_user }} backup=yes
	- name: ensure ansible public key exists
	copy: src=./files/{{ ansible_public_key }} dest=/home/{{ local_user }}/.ssh/{{ ansible_public_key }} mode=0600 owner={{ local_user }} backup=yes

	- hosts: all
	vars:
	remote_user: ansible
	ansible_public_key: ansible.pub
	become: yes

	tasks:
	- name: ensure apt cache is updated
	apt: update_cache=yes cache_valid_time=3600
	- name: ensure ssh server and sudo are installed
	apt: name={{ item }}
	with_items:
	- openssh-server
	- sudo
	- name: ensure ansible user exists
	user: name={{ remote_user }} state=present
	- name: ensure SSH user connection is enabled
	lineinfile: dest=/etc/ssh/sshd_config state=present regexp='AllowUsers {{ remote_user }}' line='AllowUsers {{ remote_user }}'
	notify: restart ssh
	- name: ensure ansible public key exists
	authorized_key: user={{ remote_user }} key="{{ lookup('file', './files/{{ ansible_public_key }}') }}" state=present manage_dir=yes
	- name: ensure user can do sudo commands
	lineinfile: dest=/etc/sudoers state=present regexp='^{{ remote_user }} ALL\=' line='{{ remote_user }} ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s'

	handlers:
	- name: restart ssh
	service: name=ssh state=restarted