ansible_bastion-server
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
group_vars
roles
README.md
ansible.cfg
hosts
pre.yml
prod.yml

README.md

ansible_bastion-server

nm_diagram_061316_a1

Environment

  • Amazon Linux/CentOS
  • localhost

Specification

  • u have to run localhost
  • User management is done with ansible
  • You can sudo belong to the adachin group
  • Operating so that initial password is managed by ansible but changed
    • Ansible adds to add a password when new user is created
  • Make ssh key
  • If you do not specify a key you are asked for Google Auth's login password and Linux user password (2-step verification)

Create temporary password

Add a temporary password at group_vars/all.

$ grub-crypt --sha-512

Add user

  • user.yml

user Since there is a module to be created and a part to set the public key, add it.

  - { name: 'name', pass: "{{ PASS }}", updatepass: 'on_create', shell: '/bin/bash', state: 'present', remove: 'no' }
→add

  - { user: 'name', key: 'sshxxxxxxxxxxxxxxxxxxxxxxx' }
→add

Apply

$ git pull
$ ansible-playbook -i hosts pre.yml -KDC
$ ansible-playbook -i hosts pre.yml -KD
$ sudo passwd -e username

Delete user

  • user.yml
 - { name: 'name', pass: "{{ PASS }}", groups: 'adachin', shell: '/bin/bash', state: 'absent', remove: 'yes' }
  • Apply
$ git pull
$ ansible-playbook -i hosts pre.yml -KDC
$ ansible-playbook -i hosts pre.yml -KD
$ sudo passwd -e username
  • Delete code user
 - { name: 'name', pass: "{{ PASS }}", groups: 'adachin', shell: '/bin/bash', state: 'absent', remove: 'yes' }
→delete

  - { user: 'name', key: 'sshxxxxxxxxxxxxxxxxxxxxxxxxxx' }
→delete