view | history | commit | commitdiff
Guillaume Coré
2019-03-26 e3b95869c8ab456daebfa7de751d55c0ddf7523f
commit | author | age
1dfa4a 1 #vim: set ft=ansible:
WK 2 ---
3 # tasks file for bastion
4
5 ######################### Setting up a bastion host to use student/r3dh4t1! to access
6
7 # Enable SSH Login with UserID/Password
c7d808 8 # needs a parameter:
15a09b 9 # - student_password: <password to be set for user student>
c7d808 10 # Add User student with password {{ student_password }}! and home directory /home/student
1dfa4a 11 # Allow sudo for user student
WK 12
5f2907 13 - name: Check that student_password was passed to the role
7b5be0 14   fail:
S 15     msg: "Password needs to be provided to the role as parameter 'student_password'"
16   when:
3c2721 17     - student_password is not defined
c7d808 18
250142 19 - name: Create user
1dfa4a 20   user:
250142 21     name: "{{ student_name }}"
5f2907 22     password: "{{ student_password|password_hash('sha512') }}"
1dfa4a 23     comment: GTPE Student
WK 24     group: users
25     groups: wheel
26     shell: /bin/bash
27     state: present
28
1937fb 29 - name: Add student public key
GC 30   authorized_key:
31     user: "{{ student_name }}"
32     key: "{{ student_key }}"
33   when: student_key is defined
34
2ea7cb 35 - name: Enable password authentication
1dfa4a 36   lineinfile:
2ea7cb 37     line: PasswordAuthentication yes
303056 38     regexp: '^ *PasswordAuthentication'
becdf4 39     path: /etc/ssh/sshd_config
1dfa4a 40
e3b958 41 - name: Populate authorized_key
GC 42   authorized_key:
43     user: "{{ student_name }}"
44     key: "{{ student_key }}"
45   when: student_key is defined
46
1dfa4a 47 - name: Allow passwordless sudo
WK 48   lineinfile:
49     path: '/etc/sudoers'
50     state: present
250142 51     line: "{{ student_name }}         ALL=(ALL)       NOPASSWD: ALL"
62c7a4 52     insertafter: '^ec2-user'
1dfa4a 53
WK 54 - name: Restart sshd
55   service:
56     name: sshd
57     state: restarted