commit | author | age
|
1dfa4a
|
1 |
#vim: set ft=ansible: |
WK |
2 |
--- |
|
3 |
# tasks file for bastion |
|
4 |
|
|
5 |
######################### Setting up a bastion host to use student/r3dh4t1! to access |
|
6 |
|
|
7 |
# Enable SSH Login with UserID/Password |
c7d808
|
8 |
# needs a parameter: |
15a09b
|
9 |
# - student_password: <password to be set for user student> |
c7d808
|
10 |
# Add User student with password {{ student_password }}! and home directory /home/student |
1dfa4a
|
11 |
# Allow sudo for user student |
WK |
12 |
|
5f2907
|
13 |
- name: Check that student_password was passed to the role |
7b5be0
|
14 |
fail: |
S |
15 |
msg: "Password needs to be provided to the role as parameter 'student_password'" |
|
16 |
when: |
3c2721
|
17 |
- student_password is not defined |
c7d808
|
18 |
|
250142
|
19 |
- name: Create user |
1dfa4a
|
20 |
user: |
250142
|
21 |
name: "{{ student_name }}" |
5f2907
|
22 |
password: "{{ student_password|password_hash('sha512') }}" |
1dfa4a
|
23 |
comment: GTPE Student |
WK |
24 |
group: users |
|
25 |
groups: wheel |
|
26 |
shell: /bin/bash |
|
27 |
state: present |
|
28 |
|
1937fb
|
29 |
- name: Add student public key |
GC |
30 |
authorized_key: |
|
31 |
user: "{{ student_name }}" |
|
32 |
key: "{{ student_key }}" |
|
33 |
when: student_key is defined |
|
34 |
|
2ea7cb
|
35 |
- name: Enable password authentication |
1dfa4a
|
36 |
lineinfile: |
2ea7cb
|
37 |
line: PasswordAuthentication yes |
303056
|
38 |
regexp: '^ *PasswordAuthentication' |
becdf4
|
39 |
path: /etc/ssh/sshd_config |
1dfa4a
|
40 |
|
e3b958
|
41 |
- name: Populate authorized_key |
GC |
42 |
authorized_key: |
|
43 |
user: "{{ student_name }}" |
|
44 |
key: "{{ student_key }}" |
|
45 |
when: student_key is defined |
|
46 |
|
1dfa4a
|
47 |
- name: Allow passwordless sudo |
WK |
48 |
lineinfile: |
|
49 |
path: '/etc/sudoers' |
|
50 |
state: present |
250142
|
51 |
line: "{{ student_name }} ALL=(ALL) NOPASSWD: ALL" |
62c7a4
|
52 |
insertafter: '^ec2-user' |
1dfa4a
|
53 |
|
WK |
54 |
- name: Restart sshd |
|
55 |
service: |
|
56 |
name: sshd |
|
57 |
state: restarted |