managed

Overview Versions Insights

managed ?

It is a role to create SSH user to manage hosts with Ansible or One Time Password SSH with HashiCorp.

The created user account doesn't have a password.

By default, the user has the full sudo without need to enter a password.

Limited option specifies what command is allowed.

Requirements

Ubuntu 18.04
CentOS 7.3

Role Variables

By default, these 3 variables are used:

manager_local_ssh_key_path: "~/.ssh/id_rsa.pub"

The local path of the public SSH key.
managed_name: managed

The username used to manage Ansible hosts
managed_generate_local_ssh_key: False

Don't generate local SSH key

The additional variables are

limited: True

Allow only limited command to be executed with sudo without a password.
limited_sudo: ['reboot','kill']

List of all command to be executed with sudo without a password

Example Playbook

To installing this role from ansible-galaxy

ansible-galaxy install laurent_kling.managed

Including an example of how to use it with required variables :

---
- name: create the user "managed" with sudo without password
  hosts: clients
  become: true

  roles:
    - role: laurent_kling.managed

With the Limited option to run command "reboot" & "kill" with sudo without a password

---
- name: create the user "managed" with sudo without a password for reboot & kill only
  hosts: clients
  become: true

  roles:
    - role: laurent_kling.managed
      limited: True
      limited_sudo:
      - "reboot"
      - "kill"

When used in conjunction with the role laurent_kling.vault-otp to setup One Time Password SSH with HashiCorp.

---
- name: create the user "managed" with full access with OTP SSH with HashiCorp
  hosts: clients
  become: true

  roles:
    - laurent_kling.managed
    - laurent_kling.vault-otp
      vault_addr: https://vault:8200
      ssh_mount_point: ssh
      vault_ca_cert_file: vault.crt