ssh: gitlab-user für docker + housekeeping

2021-02-05 12:52:23 +01:00 · 2021-02-05 12:52:23 +01:00 · 9f1db30565
commit 9f1db30565
parent a933607236
5 changed files with 17 additions and 6 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -47,9 +47,9 @@
  ### ryandaniels.create_users
  users:
    - username: mg
-      password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
+      password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
      update_password: on_create
-      ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
+      ssh_key: "{{ lookup('keepass', 'mg_ssh_pubkey', 'password') }}"  #generieren: ssh-keygen -o; für putty  andern https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ggcs/Change_private_key_format_for_Putty/Change_private_key_format_for_Putty.html#section2
      use_sudo: yes
      use_sudo_nopass: yes
      user_state: present
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -18,9 +18,20 @@
  ### ryandaniels.create_users
  users:
  - username: mg
-    password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
+    password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
    update_password: on_create
-    ssh_key: "{{ lookup('keepass', 'ssh_pubkey_mg', 'password') }}"
+    ssh_key: "{{ lookup('keepass', 'mg_ssh_pubkey', 'password') }}"
+    use_sudo: yes
+    use_sudo_nopass: yes
+    user_state: present
+    groups: ssh, sudo, docker
+    servers:
+      - production
+      - test
+  - username: gitlab-user
+    password: "{{ lookup('keepass', 'gitlab_user_linux_password_hash', 'password') }}"
+    update_password: on_create
+    ssh_key: "{{ lookup('keepass', 'gitlab_user_ssh_pubkey', 'password') }}"
    use_sudo: yes
    use_sudo_nopass: yes
    user_state: present
--- a/keepass_db.kdbx
+++ b/keepass_db.kdbx
--- a/playbooks/base/1_bootstrap.yml
+++ b/playbooks/base/1_bootstrap.yml
@ -28,6 +28,6 @@
        user:
          name: mg
          update_password: always
-          password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
+          password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"

 # Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
--- a/playbooks/on-off/set_password_mg.yml
+++ b/playbooks/on-off/set_password_mg.yml
@ -6,7 +6,7 @@
      user:
        name: mg
        update_password: always
-        password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}" #hier muss der hash rein
+        password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" #hier muss der hash rein

 # Hash erstellen
 # python -c 'import crypt,getpass; print(getpass.getpass("Name: ")+":"+crypt.crypt(getpass.getpass(),crypt.mksalt(crypt.METHOD_SHA512)))'