casa 14/02/23

adhoc

@@ -0,0 +1,5 @@
+#!/bin/bash
+ansible all -m user -a 'name="automation" state=present' -u root -k
+ansible all -m file -a 'name=/home/automation/.ssh state=directory owner=automation group=automation' -u root -k
+ansible all -m copy -a 'src=/root/.ssh/id_rsa.pub dest=/home/automation/.ssh/authorized_keys owner=automation group=automation mode=0600' -u root -k
+ansible all -m copy -a "content='automation ALL=(ALL) NOPASSWD:ALL' dest=/etc/sudoers.d/automation" -u root -k

ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+inventory: inventory
+remote_user: automation
+forks: 50
+
+[privilege_escalation]
+become: false

inventory

@@ -0,0 +1,7 @@
+[proxy]
+servera
+[webservers]
+serverb
+serverc
+[database]
+serverd

motd.yml

@@ -0,0 +1,20 @@
+- name: motd yaml
+  hosts: all
+  become: true
+  gather_facts: false
+  tasks:
+    - name: motd for proxy
+      copy:
+        dest: /etc/motd
+        content: 'Wellcome to HAProxy server'
+      when: inventory_hostname in groups['proxy'] 
+    - name: motd for webservers
+      copy:
+        dest: /etc/motd
+        content: 'Wellcome to Apache server'
+      when: inventory_hostname in groups['webservers']
+    - name: motd for websevers
+      copy:
+        dest: /etc/motd
+        content: 'Wellcome to MySQL server'
+      when: inventory_hostname in groups['database']

regular_tasks.yml

@@ -0,0 +1,14 @@
+- name: regular tasks
+  hosts: proxy
+  gather_facts: no
+  tasks:
+    - name: create cron job
+      cron:
+#        minute: 00
+#        hour: *
+#        day: *
+#        month: *
+        job: 'date >> /var/log/tim.log'
+        name: horly date command
+        special_time: hourly
+        state: present

secret.yml

@@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+32613962373230656266343730643366353739646432383031636131313934353438303332383634
+6661393462663837623766336136623863383135623730340a613235333539616562343032346361
+31346664666536336432646137333332616430393466356330383138383366393632336630306234
+3065636263653538610a333862306538366236633335316331313834346138366262653236613830
+37316338646531653930663230396661316339363936343139376531666361303337653730323533
+66613730663561303063653639393431336236623435616238613132386665383135656130666561
+316566653531623464643530336633383564

sshd.yml

@@ -0,0 +1,26 @@
+- name: sshd yaml
+  hosts: all
+  become: true
+  gather_facts: false
+  tasks:
+    - name: sshd is installed
+      yum:
+        name: openssh-server
+        state: latest
+    - name: sshd is enabled and started
+      service:
+        name: sshd
+        state: started
+        enabled: yes
+    - name: banner
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        line: 'Banner /etc/motd'
+    - name: X11Fordw
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        line: 'X11Forwarding yes'
+    - name: MaxAuthTries
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        line: 'MaxAuthTries 3'

users.yml

@@ -0,0 +1,29 @@
+- name: create users in webserver
+  hosts: webservers
+  gather_facts: no
+  become: true
+  vars_files:
+    - secret.yml
+    - user_list.yml
+  tasks: 
+    - name: create user 
+      user:
+        name: "{{ item.username }}"
+        uid: "{{ item.uid }}"
+      loop: "{{ users }}"
+      when: ( item.uid >= 1000) and ( item.uid < 2000)
+
+- name: create users in database
+  hosts: database
+  gather_facts: no
+  become: true
+  vars_files:
+    - secret.yml
+    - user_list.yml
+  tasks: 
+    - name: create user 
+      user:
+        name: "{{ item.username }}"
+        uid: "{{ item.uid }}"
+      loop: "{{ users }}"
+      when: ( item.uid >= 2000) and ( item.uid < 3000)

vars/user_list.yml

@@ -0,0 +1,9 @@
+users:
+  - username: alice
+    uid: 1201
+  - username: vincent
+    uid: 1202
+  - username: sandy
+    uid: 2201
+  - username: patrick
+    uid: 2202

vault_key

@@ -0,0 +1 @@
+devops