This role sets the environment on ansible hosts (machines managed by ansible) by creating a common user and setting needed keys.
- Creates a user to all the hosts groups (master_node and nodes)
- Adds him in sudoer group
- Configures sudo without password
- Creates ed25519 ssh key on master node
- Defines the authorized_keys file
- Add all nodes to the known_hosts file (in the master node)
- Defines a custom name for the ssh keys
This role requires root access, so either run it in a playbook with a global become: yes
, or invoke the role in your playbook like:
- hosts: master_node:nodes
roles:
- role: ansible-role-ssh
become: yes
Note that you can also set the become: yes
value in the ansible.cfg file, but use a local file located in the same directory as your playbook.
We use interactive input (prompt) for the user password. The benefit is that the password is automatically encrypted in SHA-512 by default (see the example playbook).
Other values are available :
bcrypt
md5_crypt
sha256_crypt
sha512_crypt
More information here.
Although this node is used as a simple control node to connect to the clients, It is unique and used to create the ssh keys. Then, the public key is sent to the client nodes.
If the ansible playbook is launched again (by adding some new client nodes), the keys are not generated again.
These nodes are the clients nodes. The master node can connect to them (by using the user account created by this role) without being prompted for a user and a password.
User configuration, the user can be set as a sudo user :
# User configuration.
usr_name: "user"
usr_dir: "/home/{{ usr_name }}"
is_usr_sudo: false
SSH configuration (with custom key names) :
ssh_dir: "{{ usr_dir }}/.ssh"
ssh_priv_key: "{{ ssh_dir }}/{{ usr_name }}"
ssh_pub_key: "{{ ssh_priv_key }}.pub"
The role is divided into different tasks, the tasks/main.yml
file include these tasks :
---
# User configuration.
- include_tasks: user.yml
# Setup/install tasks.
- include_tasks: create_key.yml
- include_tasks: setup_key.yml
# SSH configuration.
- include_tasks: ssh.yml
- hosts: master_node:nodes
become: yes
roles:
- ansible-role-ssh
vars_prompt:
- name: usr_passwd
prompt: Enter user password
unsafe: yes
private: yes
encrypt: sha512_crypt
confirm: yes
[master_node]
node1
[nodes]
node2
node3
node4
node5