diff options
author | Quentin <quentin@deuxfleurs.fr> | 2020-02-16 20:05:47 +0100 |
---|---|---|
committer | Quentin <quentin@deuxfleurs.fr> | 2020-02-16 20:05:47 +0100 |
commit | ea32facca263f3b3b5e12dd3193625d2ac2b7b9e (patch) | |
tree | a2fe6cd9a6e4b556fb49a209074c4ef2a96a64cc /ansible | |
parent | cbd12c18779e6ecb0587ba06c256ffb930f35e67 (diff) | |
download | infrastructure-ea32facca263f3b3b5e12dd3193625d2ac2b7b9e.tar.gz infrastructure-ea32facca263f3b3b5e12dd3193625d2ac2b7b9e.zip |
Safer Ansible
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/cluster_nodes.yml | 10 | ||||
-rw-r--r-- | ansible/roles/common/tasks/main.yml | 9 | ||||
-rw-r--r-- | ansible/roles/users/vars/main.yml | 10 |
3 files changed, 17 insertions, 12 deletions
diff --git a/ansible/cluster_nodes.yml b/ansible/cluster_nodes.yml index 2fc0eb6..94521e6 100644 --- a/ansible/cluster_nodes.yml +++ b/ansible/cluster_nodes.yml @@ -9,8 +9,9 @@ - role: users tags: account - - role: network - tags: net +# UNSAFE +# - role: network +# tags: net - role: consul tags: kv @@ -18,5 +19,6 @@ - role: nomad tags: orchestrator - - role: storage - tags: sto +# UNSAFE +# - role: storage +# tags: sto diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml index 3ffc105..b4d00bb 100644 --- a/ansible/roles/common/tasks/main.yml +++ b/ansible/roles/common/tasks/main.yml @@ -40,3 +40,12 @@ - strace - sudo state: present + +- name: "Passwordless sudo" + lineinfile: + path: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' + diff --git a/ansible/roles/users/vars/main.yml b/ansible/roles/users/vars/main.yml index fc0ef4a..e2734e3 100644 --- a/ansible/roles/users/vars/main.yml +++ b/ansible/roles/users/vars/main.yml @@ -11,13 +11,7 @@ active_users: ssh_keys: - 'alex-key1.pub' - - username: 'erwan' - ssh_keys: - - 'erwan-key1.pub' - - - username: 'valentin' - ssh_keys: - - 'valentin-key1.pub' - disabled_users: - 'john.doe' + - 'erwan' + - 'valentin' |