initial commit
This commit is contained in:
commit
909cbe2dec
3
.gitignore
vendored
Normal file
3
.gitignore
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
secrets.yml
|
||||
*.retry
|
||||
*.pyc
|
15
README.md
Normal file
15
README.md
Normal file
@ -0,0 +1,15 @@
|
||||
# ssh keys repository
|
||||
|
||||
The `users.yml` playbook contains users and public keys.
|
||||
The playbook uses `/etc/hosts` as a database for hosts to install the keys on.
|
||||
|
||||
## usage:
|
||||
|
||||
* Make changes to a local checkout of this repo.
|
||||
* `git commit` the changes, `git push` and `git pull` on xcat.
|
||||
* on xcat:
|
||||
|
||||
```bash
|
||||
git pull
|
||||
ansible-playbook users.yml # this will install the users on all hosts in /etc/hosts.
|
||||
```
|
2
ansible.cfg
Normal file
2
ansible.cfg
Normal file
@ -0,0 +1,2 @@
|
||||
[defaults]
|
||||
hostfile = hosts.py
|
59
hosts.py
Executable file
59
hosts.py
Executable file
@ -0,0 +1,59 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
import argparse
|
||||
import json
|
||||
import sys
|
||||
|
||||
|
||||
def get_hosts(hosts_file='/etc/hosts'):
|
||||
'''
|
||||
Get the hostsnames from /etc/hosts.
|
||||
Returns: A set of hostnames.
|
||||
'''
|
||||
rv = []
|
||||
with open(hosts_file, 'r') as f:
|
||||
for line in f:
|
||||
if line == '\n':
|
||||
continue
|
||||
if line[0] == '#':
|
||||
continue
|
||||
rv.append(line.split()[1])
|
||||
rv = set(rv)
|
||||
ignore = {'localhost', 'ip6-allnodes', 'ip6-allrouters'}
|
||||
return rv.difference(ignore)
|
||||
|
||||
|
||||
def get_args(args_list):
|
||||
"""
|
||||
Parse the arguments and make sure only
|
||||
that --list or --host is given, not both.
|
||||
"""
|
||||
parser = argparse.ArgumentParser(
|
||||
description='ansible inventory script parsing /etc/hosts')
|
||||
mutex_group = parser.add_mutually_exclusive_group(required=True)
|
||||
help_list = 'list all hosts from /etc/hosts'
|
||||
mutex_group.add_argument('--list', action='store_true', help=help_list)
|
||||
help_host = 'display variables for a host'
|
||||
mutex_group.add_argument('--host', help=help_host)
|
||||
return parser.parse_args(args_list)
|
||||
|
||||
|
||||
def main(args_list):
|
||||
"""
|
||||
Print a json list of the hosts if --list is given.
|
||||
Does not support host vars.
|
||||
Print an empty dictionary if --host is passed to remain valid.
|
||||
"""
|
||||
args = get_args(args_list)
|
||||
if args.list:
|
||||
print(json.dumps({
|
||||
'all': {
|
||||
'hosts': list(get_hosts()),
|
||||
}
|
||||
}))
|
||||
if args.host:
|
||||
print(json.dumps({}))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main(sys.argv[1:])
|
48
users.yml
Normal file
48
users.yml
Normal file
@ -0,0 +1,48 @@
|
||||
# SSH keys of HPC colleagues.
|
||||
# for more advanced examples, see:
|
||||
# http://docs.ansible.com/ansible/latest/authorized_key_module.html
|
||||
---
|
||||
- name: Initial setup
|
||||
hosts: all
|
||||
become: True
|
||||
|
||||
tasks:
|
||||
- group:
|
||||
name: admin
|
||||
state: present
|
||||
|
||||
- name: Passwordless sudo for admins
|
||||
lineinfile: dest=/etc/sudoers line="%admin ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||
|
||||
- user:
|
||||
name: wim
|
||||
comment: "Wim Nap"
|
||||
group: admin
|
||||
|
||||
- authorized_key:
|
||||
user: wim
|
||||
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPcJbucOFOFrPZwM1DKOvscYpDGYXKsgeh3/6skmZn/IhLWYHY6oanm4ifmY3kU0oNXpKgHR43x3JdkIRKmrEpYULspwdlj/ZKPYxFWhVaSTjJvmSJEgy7ET1xk+eVoKV1xRWm/BugWpbseFAOcI9ZwfH++S8JhfX6GgCIy06RUpM8EcFAWb/GO699ZnQ67qMxNdSWYHtK1zu+9svWgEzPk4zc2TihJsc7DxcfQCNfQ4vKH1Im3+QfG5bRtdyVl9yjbE+o4EWhPEWsTBgBosJfbqfywsuzibhTgyybR0Zzm4JN6Wh5wVazvNutAB291dIJt22XEx5tCyOAjLPybLy3 wim@wim-HP-Compaq-Elite-8300-MT'
|
||||
state: present
|
||||
|
||||
- user:
|
||||
name: egon
|
||||
comment: "Egon Rijpkema"
|
||||
group: admin
|
||||
|
||||
- authorized_key:
|
||||
user: egon
|
||||
key: '{{ item }}'
|
||||
state: present
|
||||
with_items:
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUBdTEHUj6MxvfEU7KcI+UPAvqJ9jGJ7hHm3e7XFTb9 egon@egon-pc'
|
||||
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDStPUPXkcu81onUm/le54JCu174yXJJDsthDr96Mv8irBVBWuy5FxnaASuDpmC4QE4s0UAIg1iq/SWrr8qdBQ4OVuYFiW0S7ZJvcoKr/40Wh+T5MeltGQfmkDp6kBsfaMSo6M4tF1c8i+XgOgxb4fxHYb8mFhseztRLx6McxJJJLB0nu+T12WQ01nl0XtwD+3EsZWfxRH0KA59VHZSe3Anc5z+Fm7WU+1Vzy6/pkiIhVReI1L6VVhZsIdSu3fQK6fHQcujtfuw6RKEpisZQqnxMUviWQ98yeQXHk6Nx840WCh3vvKveEAoC4Y/UEZa1TMe6PczfUaLjaidUkpulJsP egon@egon-pc'
|
||||
|
||||
- user:
|
||||
name: hopko
|
||||
comment: "Hopko Meijering"
|
||||
group: admin
|
||||
|
||||
- authorized_key:
|
||||
user: hopko
|
||||
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArQsJ0g/a5YOHlk7xcMpHNxiN+up4syzLZfgiICECET/SCDXUN4Xh3BlSWng8hMQMD5sNSADF4AghdLKfuqXG1MMSvzGSVTcRwiZ+Hq6YCoiinpQw0qu7LOZVZeoG8f7sGwhBqe0wKeyPe6Q7nRe0CXvM+aU4XfZz18O/d3mU1S7cEiue02MgH6ff6VTJFqOtLGpL1rILJn3t58N+2CCWxJwGplkp7hRJ9TnhQqCO+PN/p/4neusjembRu5lX+AKX1mv91WYURkxfLE3CWe9V9YJVG0lLgfXDMyghqkTwf8UsMHS5FBy8oTvuC55EhX+xm2Peo1lZlzy7t5Hg2fWYFQ== h.meijering@rug.nl'
|
||||
state: present
|
Reference in New Issue
Block a user