2021-06-10 13:07:48 +00:00
|
|
|
- name: Set root password
|
|
|
|
ansible.builtin.user:
|
|
|
|
name: root
|
2023-01-02 20:20:08 +00:00
|
|
|
password: "{{ vapp['metacluster.password'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
|
2021-06-10 13:07:48 +00:00
|
|
|
generate_ssh_key: yes
|
|
|
|
ssh_key_bits: 2048
|
|
|
|
ssh_key_file: .ssh/id_rsa
|
2022-07-20 06:40:18 +00:00
|
|
|
|
2021-06-14 10:31:01 +00:00
|
|
|
- name: Save root SSH publickey
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /root/.ssh/authorized_keys
|
2022-06-27 08:55:17 +00:00
|
|
|
line: "{{ vapp['guestinfo.rootsshkey'] }}"
|
2022-07-20 06:40:18 +00:00
|
|
|
|
2021-06-14 10:31:01 +00:00
|
|
|
- name: Disable SSH password authentication
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
path: /etc/ssh/sshd_config
|
|
|
|
regex: "{{ item.regex }}"
|
|
|
|
line: "{{ item.line }}"
|
|
|
|
state: "{{ item.state }}"
|
|
|
|
loop:
|
2022-07-20 06:40:18 +00:00
|
|
|
- regex: '^#PasswordAuthentication'
|
|
|
|
line: 'PasswordAuthentication no'
|
|
|
|
state: present
|
|
|
|
- regex: '^PasswordAuthentication yes'
|
|
|
|
line: 'PasswordAuthentication yes'
|
|
|
|
state: absent
|
2022-09-07 07:46:36 +00:00
|
|
|
loop_control:
|
2023-01-25 09:28:28 +00:00
|
|
|
label: "{{ '[' ~ item.regex ~ '] ' ~ item.state }}"
|
2022-07-20 06:40:18 +00:00
|
|
|
|
|
|
|
- name: Create dedicated SSH keypair
|
|
|
|
community.crypto.openssh_keypair:
|
|
|
|
path: /root/.ssh/git_rsa_id
|
|
|
|
register: gitops_sshkey
|
|
|
|
|
2021-06-10 15:08:07 +00:00
|
|
|
- name: Delete 'ubuntu' user
|
|
|
|
ansible.builtin.user:
|
|
|
|
name: ubuntu
|
|
|
|
state: absent
|
|
|
|
remove: yes
|