admin/skato-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 3 Releases Wiki Activity

Compare commits

base: admin:5d99bf51da0093157753f61ef05148bff7b4dd84
Branches Tags
admin:main admin:streamlined_staging
...
compare: admin:0e0120588a2bdb9899dbb9768bb79283e41480f4
Branches Tags
admin:streamlined_staging admin:main

3 Commits
5d99bf51da ... 0e0120588a

Author SHA1 Message Date
Alex Tavarez
0e0120588a fix: managed to create SSH key content list from SSH public key path list, fixed retrieval of IP based on instance name and IP preferences 2026-06-03 15:07:59 -04:00
Alex Tavarez
9cdbd7f70f changed SSH key file search strings to accord with SSH key basename changes 2026-06-03 14:58:50 -04:00
Alex Tavarez
a6d4293d43 added TODOs related to change of attribute names for package entries in package groups 2026-06-03 14:51:33 -04:00
5 changed files with 46 additions and 19 deletions
Expand all files Collapse all files

10
group_vars/armitage.yml
View File

@@ -14,13 +14,16 @@ instance: armitage
operating_system: ~ operating_system: ~
# <list[<str>]> of control node or local SSH key basenames # <list[<str>]> of control node or local SSH key basenames
ssh_keys: ssh_keys:
- id_ed25519_localhost - ed25519@sukaato.hikiki
- ecdsa@sukaato.hikiki
# <list<dict>> list of administrative users (in Linux, users that can use "sudo") # <list<dict>> list of administrative users (in Linux, users that can use "sudo")
admins: admins:
- username: admin # <str> arbitrary valid user name - username: admin # <str> arbitrary valid user name
services: ~ # <list[<str>]> if linux system user, assocated servce services: ~ # <list[<str>]> if linux system user, assocated servce
# <list[<str>]> list of control node or local SSH key basenames for this user # <list[<str>]> list of control node or local SSH key basenames for this user
ssh_keys: "{{ keys }}" ssh_keys:
- ecdsa-37851076-sk@sukaato.hikiki
- ecdsa-37851072-sk@sukaato.hikiki
# <str<vault?>> hashed (and maybe salted) password # <str<vault?>> hashed (and maybe salted) password
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
@@ -33,6 +36,9 @@ admins:
62656663336536373262623062633563646434646431303137306438633937323764633334396539 62656663336536373262623062633563646434646431303137306438633937323764633334396539
64353734613662663063343966356562326661626436663430623430663766343030646333306634 64353734613662663063343966356562326661626436663430623430663766343030646333306634
32353839313235313339353431323837356537336231366564313431313462613333 32353839313235313339353431323837356537336231366564313431313462613333
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
# and edit 'roles/init-server/install-pks.yml' accordngly
# <dict[<str>:<dict>]> package groups
pkgs: pkgs:
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories # <dict[<str>:<dict>]> representing package groups installed by package manager via repositories
mngr: mngr:

2
group_vars/homeserver.yml
View File

@@ -9,6 +9,8 @@ instance: ""
operating_system: ~ operating_system: ~
# <list[<str>]> of control node or local SSH key basenames # <list[<str>]> of control node or local SSH key basenames
ssh_keys: [] ssh_keys: []
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
# and edit 'roles/init-server/install-pks.yml' accordngly
# <dict[<str>:<dict>]> package groups # <dict[<str>:<dict>]> package groups
pkgs: pkgs:
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories # <dict[<str>:<dict>]> representing package groups installed by package manager via repositories

10
group_vars/sukaato.yml
View File

@@ -25,16 +25,16 @@ origin: us-east
operating_system: linode/debian13 operating_system: linode/debian13
# <list[<str>]> list of control node or local SSH key basenames for root user # <list[<str>]> list of control node or local SSH key basenames for root user
ssh_keys: ssh_keys:
- id_ecdsa-sha2_sukaato_miniyubikey - ed25519@sukaato.hikiki
- id_ecdsa-sha2_sukaato_yubikey - ecdsa@sukaato.hikiki
# <list<dict>> list of administrative users (in Linux, users that can use "sudo") # <list<dict>> list of administrative users (in Linux, users that can use "sudo")
admins: admins:
- username: senpai # <str> arbitrary valid user name - username: senpai # <str> arbitrary valid user name
services: ~ # <list[<str>]> if linux system user, assocated servce services: ~ # <list[<str>]> if linux system user, assocated servce
# <list[<str>]> list of control node or local SSH key basenames for this user # <list[<str>]> list of control node or local SSH key basenames for this user
ssh_keys: ssh_keys:
- id_ed25519_sukaato_yubikey - ecdsa-37851076-sk@sukaato.hikiki
- id_ed25519_sukaato_miniyubikey - ecdsa-37851072-sk@sukaato.hikiki
# <str<vault?>> hashed (and maybe salted) password # <str<vault?>> hashed (and maybe salted) password
password: !vault | password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
@@ -47,6 +47,8 @@ admins:
63316665653032653533656464336566626166333834653539343961666136653234356362333966 63316665653032653533656464336566626166333834653539343961666136653234356362333966
39313436363935303430393966653762326463616264373739333638373337643666623531383064 39313436363935303430393966653762326463616264373739333638373337643666623531383064
66353136383666626566643666663761313437396137383063373033366336663731 66353136383666626566643666663761313437396137383063373033366336663731
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
# and edit 'roles/init-server/install-pks.yml' accordngly
# <dict[<str>:<dict>]> package groups # <dict[<str>:<dict>]> package groups
pkgs: pkgs:
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories # <dict[<str>:<dict>]> representing package groups installed by package manager via repositories

2
group_vars/vps.yml
View File

@@ -10,6 +10,8 @@ origin: ""
operating_system: ~ operating_system: ~
# <list[<str>]> of control node or local SSH key basenames # <list[<str>]> of control node or local SSH key basenames
ssh_keys: [] ssh_keys: []
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
# and edit 'roles/init-server/install-pks.yml' accordngly
# <dict[<str>:<dict>]> package groups # <dict[<str>:<dict>]> package groups
pkgs: pkgs:
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories # <dict[<str>:<dict>]> representing package groups installed by package manager via repositories

41
roles/init-server/tasks/spawn.yml
View File

@@ -2,14 +2,22 @@
--- ---
# tasks file for roles/init-vps # tasks file for roles/init-vps
# @NOTE server deployment method is based on task tags compiled herein # @NOTE server deployment method is based on task tags compiled herein
# @TODO review 'loop' task attribute return values and make compliant changes
- name: Finding SSH public keys for root - name: Finding SSH public keys for root
delegate_facts: true
delegate_to: localhost
ansible.builtin.find: ansible.builtin.find:
paths: "{{ cnode_homedir | default('/home/' ~ ansible_user ~ '/.ssh') }}" # @TODO define 'cnode_homedir' in playbook paths: "{{ local_facts['user_dir'] }}/.ssh" # @TODO define 'cnode_homedir' in playbook
patterns: "{{ ['^'] | product(keys) | map('join') | list }}" patterns: "{{ ['^'] | product(ssh_keys) | map('join') | list }}"
file_type: file file_type: file
use_regex: true use_regex: true
register: ssh_keypairs register: ssh_keypairs
- name: Reducing SSH key-pair results to list of SSH public key paths
ansible.builtin.set_fact:
root_pubkey_paths: "{{ ssh_keypairs.files | selectattr('path', 'search', '\\.pub$') | map(attribute='path') | list }}"
- name: Converting SSH public key paths to their file contents
ansible.builtin.set_fact:
root_pubkeys: "{{ root_pubkeys | default([]) + [lookup('file', item)] }}"
loop: "{{ root_pubkey_paths }}"
- name: Bootstrapping VPS - name: Bootstrapping VPS
block: block:
- name: Creating VPS via Linode VPS service API - name: Creating VPS via Linode VPS service API
@@ -24,11 +32,11 @@
region: "{{ origin }}" region: "{{ origin }}"
private_ip: true private_ip: true
root_pass: "{{ password }}" root_pass: "{{ password }}"
authorized_keys: "{{ ssh_keypairs.files | selectattr('path', 'search', '\\.pub$') | map(attribute='path') | map('lookup', 'file') | list }}" authorized_keys: "{{ root_pubkeys }}"
state: present state: present
register: new_instance register: new_instance
- name: Waiting for that VPS to come online - name: Waiting for that VPS to come online
delegate_to: "{{ new_instance.instance[ip_pref][0] }}" delegate_to: "{{ item }}"
delegate_facts: true delegate_facts: true
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
delay: 20 delay: 20
@@ -36,6 +44,7 @@
vars: vars:
ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook
ansible_user: root ansible_user: root
loop: "{{ new_instance.instance[ip_pref] }}"
tags: tags:
- linode - linode
tags: tags:
@@ -50,34 +59,40 @@
tags: tags:
- unimplemented - unimplemented
- name: Waiting for that server to come online - name: Waiting for that server to come online
delegate_to: "{{ hostvars[instance]['ansible_default_' ~ ip_pref].address }}" delegate_to: "{{ item }}"
delegate_facts: true delegate_facts: true
remote_user: root remote_user: root
when: item is ansible.utils['ip_pref']
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
delay: 20 delay: 20
timeout: 300 timeout: 300
vars: vars:
ansible_user: root ansible_user: root
loop: "{{ groups[instance] | default(hostvars[instance]) }}"
- name: Checking if that server has required operating system - name: Checking if that server has required operating system
delegate_to: "{{ hostvars[instance]['ansible_default_' ~ ip_pref].address }}" delegate_to: "{{ item }}"
delegate_facts: true delegate_facts: true
remote_user: root remote_user: root
when: ansible_facts["system"] != "Linux" when: ansible_facts["system"] != "Linux" and item is ansible.utils['ip_pref']
ansible.builtin.fail: ansible.builtin.fail:
msg: Unsupported operating system found msg: Unsupported operating system found
vars: vars:
ansible_user: root ansible_user: root
loop: "{{ groups[instance] | default(hostvars[instance]) }}"
- name: Checking if that server has required Linux distro - name: Checking if that server has required Linux distro
delegate_to: "{{ hostvars[instance]['ansible_default_' ~ ip_pref].address }}" delegate_to: "{{ item }}"
delegate_facts: true delegate_facts: true
remote_user: root remote_user: root
when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" and item is ansible.utils['ip_pref']
ansible.builtin.fail: ansible.builtin.fail:
msg: Unsupported Linux distro found msg: Unsupported Linux distro found
vars: vars:
ansible_user: root ansible_user: root
loop: "{{ groups[instance] | default(hostvars[instance]) }}"
# @TODO find way to incorporate use of 'groups[instance] | default(hostvars[instance]' for
# looping without loop nesting in below task
- name: Providing authorized keys for server root account - name: Providing authorized keys for server root account
delegate_to: "{{ hostvars[instance]['ansible_default_' ~ ip_pref].address }}" delegate_to: "{{ (groups[instance] | default(hostvars[instance]))[0] }}"
delegate_facts: true delegate_facts: true
remote_user: root remote_user: root
ansible.posix.authorized_key: ansible.posix.authorized_key:
@@ -85,7 +100,7 @@
key: "{{ lookup('file', item) }}" key: "{{ lookup('file', item) }}"
state: present state: present
vars: vars:
ansible_root: root ansible_user: root
loop: "{{ ssh_keypairs.files | selectattr('path', 'search', '\\.pub$') | map(attribute='path') | list }}" loop: "{{ root_pubkey_paths }}"
tags: tags:
- lan - lan