1
0
forked from HPC/HPCplaybooks

Compare commits

..

36 Commits

Author SHA1 Message Date
e05a683112 Update 'users.yml'
Add key's from Robin Teeninga
2019-12-09 10:55:25 +00:00
b75d75a615 Fix incorrect indent 2019-10-17 22:21:36 +00:00
431b4c4c2c Merge branch 'jpm/addition/ssh_keys' of HPC/HPCplaybooks into master 2019-09-24 07:37:54 +00:00
04b59e0c04 Add SSH keys 2019-09-24 09:11:59 +02:00
c8b01c64b0 Merge branch 'feature/disable-gogs' of HPC/HPCplaybooks into master 2019-01-28 15:51:26 +00:00
Egon Rijpkema
eb131d9318 Corrected typo. 2019-01-28 16:50:21 +01:00
3ef3b5c622 Merge branch 'feature/disable-gogs' of HPC/HPCplaybooks into master 2019-01-28 15:49:00 +00:00
Egon Rijpkema
11eea7b15a Move message 2019-01-28 16:48:23 +01:00
86944f6a32 Merge branch 'master' of p216149/HPCplaybooks into master 2019-01-28 15:28:32 +00:00
8d30514782 'users.yml' updaten 2019-01-28 15:21:29 +00:00
1ac7dd44c9 Merge branch 'master' of p219755/HPCplaybooks into master 2019-01-28 15:14:12 +00:00
p219755
14c9a646bf Update 'users.yml' 2019-01-28 15:09:22 +00:00
Egon Rijpkema
1872a4edcf Automatic updates and security reboots.
These are meant for hosts with a public ip.
2019-01-24 10:25:00 +01:00
Egon Rijpkema
82231aa8ba Added somewhat generic nod-exporter and cadvisor playbooks. 2019-01-02 13:34:52 +01:00
Egon Rijpkema
7fc312e523 Added nsswitch so that /etc/hosts file will work. 2018-12-21 12:51:01 +01:00
Egon Rijpkema
3bd13d018a Added a generic prometheus server role. 2018-12-21 11:59:40 +01:00
Egon Rijpkema
d68ec10d2c Setup log rotation for docker. 2018-10-23 11:09:45 +02:00
Egon Rijpkema
8be6056f96 Updated golang version 2018-10-16 10:46:23 +02:00
Egon Rijpkema
0622a319da Accidental capital. 2018-10-10 13:34:48 +02:00
Egon Rijpkema
253c438348 Added kees 2018-08-13 14:04:09 +02:00
Egon Rijpkema
678882be7b added playbook for stealth 2018-08-13 14:03:56 +02:00
Egon Rijpkema
0f81929a02 added wim laptop key 2018-07-10 10:33:38 +02:00
Egon Rijpkema
1ae9fece3b Added Robin 2018-06-27 17:14:01 +02:00
Egon Rijpkema
e07ad091ec Output more readable.
also changed depricated hostfile option.
2018-06-01 10:38:22 +02:00
Egon Rijpkema
c95251d7ee added meta to be used in other playbooks 2018-05-11 12:01:34 +02:00
Egon Rijpkema
593082f710 Added role for jwilder nginx proxy.
This is useful when you want to handle ssl or when you want to proxy
multiple containers on a single host.
2018-02-13 10:07:24 +01:00
Egon Rijpkema
4b91b61b66 Updated title 2018-02-12 16:44:49 +01:00
Egon Rijpkema
2ec22760af Added a node_exporter role initially built for...
peregrine.
2018-02-12 16:35:01 +01:00
Egon Rijpkema
e6cb2834c0 updated gitignore 2018-02-12 16:33:49 +01:00
Egon Rijpkema
86feea2819 Added ger. He should come up with a modern
key though.
2018-01-03 14:22:26 +01:00
Gogs
8539a02a2f Added Cristian 2017-10-03 13:49:29 +02:00
Egon Rijpkema
e8a5d6c922 fixed fokke's key 2017-10-03 10:58:59 +02:00
b16f0906e7 Resolved conflict by inserting my key as well 2017-09-27 16:16:53 +02:00
aa74c7a2bc Added Bob 2017-09-27 13:06:12 +02:00
4dc0c39e15 Added Fokke. 2017-09-04 15:09:52 +02:00
Egon Rijpkema
0316ab59a7 Added Alex. 2017-08-31 11:44:38 +02:00
35 changed files with 655 additions and 4 deletions

12
.gitignore vendored
View File

@ -1,3 +1,13 @@
secrets.yml
*.retry *.retry
*.pyc *.pyc
.vault_pass.txt
# ---> Vim
[._]*.s[a-w][a-z]
[._]s[a-w][a-z]
*.un~
Session.vim
.netrwhist
*~
*.swp
.vault_pass.txt
promtools/results

View File

@ -1,4 +1,6 @@
# ssh keys repository # HPC playbooks
This repository has been moved to [github](https://github.com/rug-cit-hpc/HPCplaybooks)
The `users.yml` playbook contains users and public keys. The `users.yml` playbook contains users and public keys.
The playbook uses `/etc/hosts` as a database for hosts to install the keys on. The playbook uses `/etc/hosts` as a database for hosts to install the keys on.

View File

@ -1,2 +1,4 @@
[defaults] [defaults]
hostfile = hosts.py inventory = hosts.py
stdout_callback = debug
vault_password_file = .vault_pass.txt

5
cadvisor.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: all
become: True
roles:
- cadvisor

1
meta/main.yml Normal file
View File

@ -0,0 +1 @@
---

6
nginx_proxy.yml Normal file
View File

@ -0,0 +1,6 @@
---
- hosts: all
become: True
roles:
- docker
- nginx-proxy

5
node-exporter.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: all
become: True
roles:
- cadvisor

5
node_exporter.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: all
become: True
roles:
- node_exporter

5
prometheus.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: all
become: True
roles:
- prom_server

22
promtools/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
FROM golang:1.11-stretch
MAINTAINER Egon Rijpkema <e.m.a.rijpkema@rug.nl>
RUN mkdir /results
RUN go get github.com/prometheus/node_exporter && \
cd ${GOPATH-$HOME/go}/src/github.com/prometheus/node_exporter && \
make && \
cp node_exporter /results
RUN go get github.com/robustperception/pushprox/proxy && \
cd ${GOPATH-$HOME/go}/src/github.com/robustperception/pushprox/proxy && \
go build && \
cp /go/bin/proxy /results
RUN go get github.com/robustperception/pushprox/client && \
cd ${GOPATH-$HOME/go}/src/github.com/robustperception/pushprox/client && \
go build && \
cp /go/bin/client /results
CMD /go/bin/proxy

34
promtools/addport.py Executable file
View File

@ -0,0 +1,34 @@
#!/usr/bin/env python3
'''
Pushprox: does not include the port number in its targets json
on the /clients endpoint. while Prometheus does seem to need it.
for more info see: https://github.com/RobustPerception/PushProx
'''
import json
from urllib import request
url = 'http://knyft.hpc.rug.nl:6060/clients'
outfile = 'targets.json'
data = json.loads(request.urlopen(url).read().decode('utf-8'))
targets = []
for node in data:
for target in node['targets']:
if target[-5:] != '9100':
target = '{}:9100'.format(target)
targets.append(target)
with open(outfile, 'w') as handle:
handle.write(json.dumps(
[{
"targets" : targets,
"labels": {
"env": "peregrine",
"job": "node"
}
}]
,indent=4 ))

6
promtools/build.sh Executable file
View File

@ -0,0 +1,6 @@
#!/bin/bash -ex
mkdir -p results
docker build . -t promtools
docker run -d --name promtools --rm promtools sleep 3
docker cp promtools:/results .

BIN
promtools/client Executable file

Binary file not shown.

BIN
promtools/proxy Executable file

Binary file not shown.

View File

@ -0,0 +1,25 @@
---
- name: Install service files.
template:
src: templates/cadvisor.service
dest: /etc/systemd/system/cadvisor.service
mode: 644
owner: root
group: root
tags:
- service-files
- name: install service files
command: systemctl daemon-reload
- name: enable service at boot
systemd:
name: cadvisor
enabled: yes
- name: make sure servcies are started.
systemd:
name: cadvisor.service
state: restarted
tags:
- start-service

View File

@ -0,0 +1,22 @@
[Unit]
Description=Prometheus container monitoring.
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--volume=/:/rootfs:ro \
--volume=/var/run:/var/run:rw \
--volume=/sys:/sys:ro \
--volume=/var/lib/docker/:/var/lib/docker:ro \
--volume=/dev/disk/:/dev/disk:ro \
--publish=8181:8080 \
google/cadvisor:latest
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,7 @@
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "10"
}
}

View File

@ -0,0 +1,31 @@
---
# Install Docker. Centos needs te be added.
- apt_key:
id: 58118E89F3A912897C070ADBF76221572C52609D
keyserver: hkp://p80.pool.sks-keyservers.net:80
state: present
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'
- apt_repository:
repo: deb https://apt.dockerproject.org/repo ubuntu-xenial main
update_cache: yes
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'
- name: install docker
apt: pkg={{ item }} state=latest
with_items:
- docker-engine
- python-docker
when: ansible_distribution == 'Ubuntu' and ansible_distribution_release == 'xenial'
- name: Setup log rotation.
copy:
src: files/daemon.json
dest: /etc/docker/daemon.json
tags: ['settings']
- name: make sure service is started
systemd:
name: docker.service
state: started

View File

@ -0,0 +1,20 @@
# Install a nginx reverse proxy with a systemd unit file.
# See https://github.com/jwilder/nginx-proxy
---
- name: install service file.
template:
src: templates/nginx-proxy.service
dest: /etc/systemd/system/nginx-proxy.service
mode: 644
owner: root
group: root
- command: systemctl daemon-reload
- name: start service at boot.
command: systemctl reenable nginx-proxy.service
- name: make sure service is started
systemd:
name: nginx-proxy.service
state: restarted

View File

@ -0,0 +1,16 @@
[Unit]
Description=nginx reverse proxy for docker containers.
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--rm -d -p 80:80 -p 443:443 -v /srv/certs:/etc/nginx/certs \
-v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,36 @@
---
- file:
path: /usr/local/prometheus
state: directory
mode: 0755
- name: Install node exporter
copy:
src: "{{ playbook_dir }}/promtools/results/node_exporter"
dest: /usr/local/prometheus/node_exporter
mode: 0755
- name: Install service files.
template:
src: templates/node-exporter.service
dest: /etc/systemd/system/node-exporter.service
mode: 644
owner: root
group: root
tags:
- service-files
- name: install service files
command: systemctl daemon-reload
- name: enable service at boot
systemd:
name: node-exporter
enabled: yes
- name: make sure servcies are started.
systemd:
name: node-exporter.service
state: restarted
tags:
- start-service

View File

@ -0,0 +1,16 @@
[Unit]
Description=prometheus node exporter
[Service]
TimeoutStartSec=0
Restart=always
ExecStart=/usr/local/prometheus/node_exporter \
--collector.filesystem.ignored-mount-points "^/(sys|proc|dev|host|etc)($|/)" \
{% if 'login' in role_names %}
--collector.filesystem.ignored-fs-types="^(sys|proc|auto|cgroup|devpts|ns|au|fuse\.lxc|mqueue|overlay)(fs|)$$"
{% else %}
--collector.filesystem.ignored-fs-types="^(sys|proc|auto|cgroup|devpts|ns|au|fuse\.lxc|mqueue|overlay|lustre)(fs|)$$"
{% endif %}
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,64 @@
---
- include_vars: vars/secrets.yml
- file:
path: "{{ item }}"
state: directory
mode: 0777
with_items:
- /srv/prometheus/etc/prometheus
- /srv/prometheus/prometheus
- name: Install prometheus.yml
template:
src: templates/etc/{{ item }}
dest: /srv/prometheus/etc/prometheus/{{ item }}
mode: 644
owner: root
group: root
with_items:
- prometheus.yml
- name: Install other settings files.
copy:
src: templates/etc/{{ item }}
dest: /srv/prometheus/etc/prometheus/{{ item }}
mode: 644
owner: root
group: root
with_items:
- alerting.rules
- targets.json
- name: Install nsswitch see https://github.com/jumanjiman/docker-ssllabs-scan/blob/6d9f48c9ac4f1df3eebef3ab28e2dd44a9ba4998/scanner/etc/nsswitch.conf
copy:
src: templates/etc/nsswitch.conf
dest: /srv/prometheus/etc/nsswitch.conf
mode: 644
owner: root
group: root
- name: Install service files.
template:
src: templates/prometheus.service
dest: /etc/systemd/system/prometheus.service
mode: 644
owner: root
group: root
tags:
- service-files
- name: install service files
command: systemctl daemon-reload
- name: enable service at boot
systemd:
name: prometheus.service
enabled: yes
- name: make sure servcies are started.
systemd:
name: prometheus.service
state: restarted
tags:
- start-service

View File

@ -0,0 +1,71 @@
groups:
- name: basic
rules:
- alert: InstanceDown
expr: up{job="node"} == 0
for: 10m
labels:
severity: page
annotations:
description: '{{ $labels.instance }} of job {{ $labels.job }} has been down
for more than 10 minutes.'
summary: Instance {{ $labels.instance }} down
- alert: Time not being synced
expr: node_timex_sync_status{job="node"} == 0
for: 5m
labels:
severity: page
annotations:
description: '{{ $labels.instance }} is not configured to sync its time with an external ntp server'
summary: Instance {{ $labels.instance }} no ntp configured.
- alert: clock wrong
expr: node_timex_offset_seconds{job="node"} > 1
for: 10m
labels:
severity: page
annotations:
description: '{{ $labels.instance }} has a clock offset > 1 second.'
summary: '{{ $labels.instance }} has clock drift.'
- alert: DiskWillFillIn8Hours
expr: predict_linear(node_filesystem_free{job="node",mountpoint!~"/tmp|/local|/target/gpfs3"}[2h], 8 * 3600) < 0
for: 2h
labels:
severity: page
annotations:
description: Instance {{ $labels.instance }} will fill up within 8 hours
summary: '{{ $labels.instance }} disk full'
- alert: DiskWillFillIn72Hours
expr: predict_linear(node_filesystem_free{job="node",mountpoint!~"/tmp|/local|/target/gpfs3"}[6h], 72 * 3600) < 0
for: 8h
labels:
severity: page
annotations:
description: Instance {{ $labels.instance }} will fill up within 72 hours
summary: '{{ $labels.instance }} disk almost full'
- alert: DiskFull
expr: node_filesystem_free{job="node",mountpoint!~"/tmp|/net|/cvmfs|/var/lib/nfs/rpc_pipefs|/cvmfs|/misc|/run/docker/netns/.+?|/cgroup.+?", fstype!~"fuse.+?"} < 5.24288e+06
for: 5m
labels:
severity: page
annotations:
description: Instance {{ $labels.instance }} has a full {{ $labels.mountpoint }}.
summary: '{{ $labels.instance }} Disk full'
- alert: tmpFull
expr: node_filesystem_free{job="node",mountpoint="/tmp"} < 5242880
for: 30m
labels:
severity: page
annotations:
description: Instance {{ $labels.instance }} Has a full /tmp
summary: '{{ $labels.instance }} /tmp full'
- alert: NodeRebooted
expr: delta(node_boot_time[1h]) > 10
for: 1m
labels:
severity: page
annotations:
description: Instance {{ $labels.instance }} has been rebooted.
summary: '{{ $labels.instance }} rebooted'
# - alert: TestAlert
# expr: probe_success{instance="195.169.22.220:11211",job="blackbox"} == 0
# for: 1m

View File

@ -0,0 +1,3 @@
# https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
# https://golang.org/pkg/net/
hosts: files dns

View File

@ -0,0 +1,55 @@
# my global config
global:
scrape_interval: 60s # By default, scrape targets every 15 seconds.
evaluation_interval: 60s # By default, scrape targets every 15 seconds.
# scrape_timeout is set to the global default (10s).
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: {{ ansible_hostname }}
# alert
alerting:
alertmanagers:
- scheme: http
static_configs:
- targets:
- "alertmanager.kube.hpc.rug.nl"
basic_auth:
username: hpc
password: {{ alertmanager_pass }}
# Load and evaluate rules in this file every 'evaluation_interval' seconds.
rule_files:
- '/etc/prometheus/alerting.rules'
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
# peregrine
- job_name: 'node'
scrape_interval: 120s
file_sd_configs:
- files:
- targets.json
# peregrine
- job_name: 'ipmi'
scrape_interval: 120s
file_sd_configs:
- files:
- ipmi-targets.json
# Scrape the cadvisor container exporter
- job_name: 'cadvisor'
scrape_interval: 60s
file_sd_configs:
- files:
- cadvisor.json

View File

@ -0,0 +1,10 @@
[
{
"targets": [
],
"labels": {
"env": "blank",
"job": "node"
}
}
]

View File

@ -0,0 +1,20 @@
[Unit]
Description=Prometheus monitoring
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker kill %n
ExecStartPre=-/usr/bin/docker rm %n
ExecStart=/usr/bin/docker run --name %n \
--network host \
-v /srv/prometheus/prometheus:/prometheus \
-v /srv/prometheus/etc/nsswitch.conf/etc/nsswitch.conf \
-v /srv/prometheus/etc/prometheus:/etc/prometheus \
prom/prometheus:v2.6.0 \
--storage.tsdb.retention 365d --config.file=/etc/prometheus/prometheus.yml \
--storage.tsdb.path=/prometheus --web.enable-lifecycle
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
35653034666233356434653337323037616464346462626436613836626633653661613162393235
3731313333396465616430306530653430353730636662350a326134643635636364363566313933
38303164616631316265393330343566383232333337386661643534356263323137616362393662
3636366636613934660a366631616666366331326331623261396435656533313563666464396439
38663533386634323933646166306666626533623730613363396639633638393864396264313836
39343132653439376361353462626332336134626661656236366636623932363638656530313966
616665383932306236346236633636623561

Binary file not shown.

View File

@ -0,0 +1,16 @@
---
- user:
name: kees
comment: "Kees Visser"
group: admin
- authorized_key:
user: kees
key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
state: present
- name: unpack stealth tarrball.
unarchive:
src: files/stealth-linux.tar
dest: /home/kees

16
security.yml Normal file
View File

@ -0,0 +1,16 @@
---
- name: Install roles needed for exposed hosts
hosts: all
become: true
roles:
- geerlingguy.repo-epel
- geerlingguy.security
tasks:
- cron:
name: Reboot to load new kernel.
weekday: 1
minute: 45
hour: 11
user: root
job: /bin/needs-restarting -r >/dev/null 2>&1 || /sbin/shutdown -r +60 "restarting to apply updates"
cron_file: reboot

5
stealth.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: all
become: True
roles:
- stealth

109
users.yml
View File

@ -21,8 +21,12 @@
- authorized_key: - authorized_key:
user: wim user: wim
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPcJbucOFOFrPZwM1DKOvscYpDGYXKsgeh3/6skmZn/IhLWYHY6oanm4ifmY3kU0oNXpKgHR43x3JdkIRKmrEpYULspwdlj/ZKPYxFWhVaSTjJvmSJEgy7ET1xk+eVoKV1xRWm/BugWpbseFAOcI9ZwfH++S8JhfX6GgCIy06RUpM8EcFAWb/GO699ZnQ67qMxNdSWYHtK1zu+9svWgEzPk4zc2TihJsc7DxcfQCNfQ4vKH1Im3+QfG5bRtdyVl9yjbE+o4EWhPEWsTBgBosJfbqfywsuzibhTgyybR0Zzm4JN6Wh5wVazvNutAB291dIJt22XEx5tCyOAjLPybLy3 wim@wim-HP-Compaq-Elite-8300-MT' key: '{{ item }}'
state: present state: present
with_items:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAilJDjQ8CIdM+5w0Q9ORXheq+hYgfPbcpJ1BoWvMxZrz2ahbamWEeLanWeGcHeQ6rEqTIXv7B3i7erkPHFo+vWUt4b/e1N1OEpuJMueGAn2cDiWbTI9KU+yNCMO8UF6wK8LWqLkUBLm0lpnylwYJDW0NCoVkANU2NJ0JkdzT/bpuAWJp3rs4H7na/EV5vZT/gllMihtIBwWfJNh1BF048PhUBs+l0MSRG8rYe2YcUF66h8btghzYsSqiETGnroVW0XKOHKjxVWO2z2+OkcHOc19zSK6EQMe0+TZFp8Jg3jPZ+4wWnmBv+Zgxg4eEQ8FvfHS7/5lnGF6YATV2cG6Nh9w== rsa-key-20180502'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPcJbucOFOFrPZwM1DKOvscYpDGYXKsgeh3/6skmZn/IhLWYHY6oanm4ifmY3kU0oNXpKgHR43x3JdkIRKmrEpYULspwdlj/ZKPYxFWhVaSTjJvmSJEgy7ET1xk+eVoKV1xRWm/BugWpbseFAOcI9ZwfH++S8JhfX6GgCIy06RUpM8EcFAWb/GO699ZnQ67qMxNdSWYHtK1zu+9svWgEzPk4zc2TihJsc7DxcfQCNfQ4vKH1Im3+QfG5bRtdyVl9yjbE+o4EWhPEWsTBgBosJfbqfywsuzibhTgyybR0Zzm4JN6Wh5wVazvNutAB291dIJt22XEx5tCyOAjLPybLy3 wim@wim-HP-Compaq-Elite-8300-MT'
- user: - user:
name: egon name: egon
@ -46,3 +50,106 @@
user: hopko user: hopko
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArQsJ0g/a5YOHlk7xcMpHNxiN+up4syzLZfgiICECET/SCDXUN4Xh3BlSWng8hMQMD5sNSADF4AghdLKfuqXG1MMSvzGSVTcRwiZ+Hq6YCoiinpQw0qu7LOZVZeoG8f7sGwhBqe0wKeyPe6Q7nRe0CXvM+aU4XfZz18O/d3mU1S7cEiue02MgH6ff6VTJFqOtLGpL1rILJn3t58N+2CCWxJwGplkp7hRJ9TnhQqCO+PN/p/4neusjembRu5lX+AKX1mv91WYURkxfLE3CWe9V9YJVG0lLgfXDMyghqkTwf8UsMHS5FBy8oTvuC55EhX+xm2Peo1lZlzy7t5Hg2fWYFQ== h.meijering@rug.nl' key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArQsJ0g/a5YOHlk7xcMpHNxiN+up4syzLZfgiICECET/SCDXUN4Xh3BlSWng8hMQMD5sNSADF4AghdLKfuqXG1MMSvzGSVTcRwiZ+Hq6YCoiinpQw0qu7LOZVZeoG8f7sGwhBqe0wKeyPe6Q7nRe0CXvM+aU4XfZz18O/d3mU1S7cEiue02MgH6ff6VTJFqOtLGpL1rILJn3t58N+2CCWxJwGplkp7hRJ9TnhQqCO+PN/p/4neusjembRu5lX+AKX1mv91WYURkxfLE3CWe9V9YJVG0lLgfXDMyghqkTwf8UsMHS5FBy8oTvuC55EhX+xm2Peo1lZlzy7t5Hg2fWYFQ== h.meijering@rug.nl'
state: present state: present
- user:
name: kees
comment: "Kees Visser"
group: admin
- authorized_key:
user: kees
key: 'ssh-dss AAAAB3NzaC1kc3MAAACBALg7GbHKk2jYPNXUgW69AKKnCALjroTtwCA0bt4zde1mavYNoQK8JY/pe4BSOQtsyo3JECYzmAZwoNbq8nJCh8ORf5tKs8njEykZ0n7BVWtCT/jh9EFPTFhFK864TdFVCvwtIafAL4kEVNvJ0wrJYa1mN/ds03HWliv+3Shj6x0dAAAAFQDxlwgId3zlrXiCfk3ciAHN5b2ScwAAAIEArZ3/Hg7FECh5Fjf7lnBQZW7sjG5OLZRJIZlj2/jYnvIRUrsN2XmebwO4Q5q7g7FLWlfbg+x2Lmv1OWf/zGd3U6aAx8M+d+nTWDtWpQNvcE99HlfOs9Q4Rzxx6ZOyaZn57lCva/nCmLe0DTPVB8rvocMmqe1r3n7/KgxxKttbWRUAAACAfH2y4JPt2AcVdHnHiibpQBtxK/9m6AEjsB/g02tMXHZletMs9jF6kGynan7xJqRqvWxkGS1ClHIUdt2uK6A6pbqOf2BwcBIxAdljLRrZOyvmW9KTqduHMemYv6xQnpNGb8moWq5V5FKiATvd/LB46O1zwZejJErfj70LRE98Hv4= stealth@operator'
state: present
- user:
name: alex
comment: "Alex Pothaar"
group: admin
- authorized_key:
user: alex
key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8v6azPTTY4q00JUqLaMo6lT1WONNS959muBgzfgwd2 alex@cit'
state: present
- user:
name: fokke
comment: "Fokke Dijkstra"
group: admin
state: present
- authorized_key:
user: fokke
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyYiso9uP84+Lzdp8O4VBvP9taN2PS8J9S93JPhDdS451EVeXj58sLQjA+YCbTKgJwNDkg38ya4GJZQIqLGEcZX2Yke3d+CP1Aab2e26wtaP3k/nwdpr3dsZJTa7rjf+qNrQVKvkjJApU0CNaFhTcd3I9k6AO0lVikdM0BZYP1/HeffA90lMgyB/vFkSAa5KISP2WfbkP06/b+g6eCMCzWZVCrI6wDjymB5GQGU9u3k/ucNAFVNk6EkuwQi1n2hwHaQlG3O2NqrjRFVA3KPMtrBlyY5oqfIHeErVCHk8+hHsm2UDuwB//zh+HJYVIpOKEp1JHV1ISK08pGd44fbOmBw== fokke@markol'
state: present
- user:
name: bob
comment: "Bob Dröge"
group: admin
- authorized_key:
user: bob
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIA3kaXuLTQ12lx0GocmbNKKarl3KTwTTQDG4S5RCu8Yyytub+CNs04OG2cXNHgW/7qKsVjIMphNj/gVJz//TeQvyiIGuHhezCQE291U6xzl/xbuDHUVvsBYKdCesEA/sHJc+cx1/gBPMIoT0jMITyJffHEaTw455aPRSWJ00jplJ4uyxeanNrJMGPiYD8mqY4ZJ3u6PovxLtnfBZqzb0s5zoGLU32SP3+hQrhvkU31+imfcXl8vaUyIrcRyDDAipHaruCgqH2A/NAT2MYf2QcRx8US6OWAP//CpW9sqjlG37BecPCXdYclNnqfC8qB+Q7+h+RgKTLqxD6w5p7yqRB bob@bob-XPS-13-9360'
state: present
- user:
name: cristian
comment: "Cristian A. Marocico"
group: admin
- authorized_key:
user: cristian
key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSwGsrMj9NqSukZKo1AP7phcKTbPf1v/uMCX2pyTtgOdz2gmFpw1ZvR7We8V/cnY+FegZ9ttkoIJ697uyDv0s8lf/5Iv291P696iLKrL9yrRdnCiuU7HwCqCIiJz0QrIm5/9bCRecRRn2LUrMPfCZz/s+FVoGpgWMwe1NPY+TzTNZ/De8YYt/rU/74TDuG8c/yjMDpjjxdrFtAnesNABrXZF7c5bwTUphFB5nPRamQPi/vZAACilLe2Mc75d8fh4UVITKJbM6KJjj3dRwmWiU03+hlKMaHm9gPUR8EClx7SsxCABC621RIVmYDEvoXbigM33rJ6O+kAJh5HvcJxHmF marocico@marocico-HP-Z230-Tower-Workstation'
state: present
- user:
name: jpm
comment: "J.P. Mc Farland"
group: admin
state: present
- authorized_key:
user: jpm
key: '{{ item }}'
state: present
with_items:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4Fpy1W97z/jODxBrP1YrIWCfP5tzegwEesGUcX5/Y2 j.p.mc.farland@rug.nl'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIEpnrjsbHr0uRWD9rxwnqp0f8wO5CzKOrv2s8n8CDSQsLJ0TBNpAsf0oniHVU2wwILsBX1tpjdKO22bE9nxStj7ySzuNZYsfaw03fNnM/tr0YKnbfujTcWp6U4MK+Qcf5mM7vtv/c1fkcG14cGeGusN6f3mVFoIX/ICid6orJWVnHBE077nCcMXO+ezeJS0jt7r6mC3WI+2FmF8ml8CGkpfHlEO6r5RK2LS4z5IoXJMLHodlWVmVIBVFWmUJnAAp0csFjScPajf5AK07VPrnGOCBFtlDS7ndNaVLJDSf+omiQrylXvfYlDUptsM0ZwiZDiBHpfN0CxOLbNIewYkS5IFzxvUPvzecCa2WAcOadNuQhBTxeNftVGg7A/7wXHeFnZ5srX2K1apUbbC1xTquFnng/LZB+o9pqhSaS2cXxNlun/Ha2uZeNFDgge8JhB5BD51AJFF9WXIkGcZetRJ2vG6XzJltc6rPBmK1VVfrVlphjUsKQrY+DFN7MCQs1WVhohrbJ+4iNYydBMMZ3rVuSr6Ksx+jv3H7d3ZdoFB+/GtaaRoPun3HucGWccrtvHezdm3Ibe6uO2ung1hU1ItnY1Cgp8b4yz0MO7Pfx3FQO9957PkQciNMdzyEnMhWl0OzUp2/AdQsUhlSgL+jNGzDpbcW8CZ1mo765lsXWaqtMSw== j.p.mc.farland@rug.nl'
- user:
name: ger
comment: "Ger Strikwerda"
group: admin
state: present
- authorized_key:
user: ger
key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJmWG8TpwHdU0DMEt6ItzwrV4cW4slwRAUWpaTgbCIor g.j.c.strikwerda@rug.nl'
state: present
- user:
name: robin
comment: "Robin Teeninga"
group: admin
state: present
- authorized_key:
user: robin
key: '{{ item }}'
state: present
with_items:
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXeVMbqjC0EKu8cmuxN+88l0TnzJUuRaFLufka2Mx9Adj8PtAZ4l9IP7f+O97ylbNQvci9DcC38NNe62b0ECutin3jUX9trvROYgxVMR/P89y139CSwWqBrHm29WLHdz9A0vO094HNzhp4xFVnblBUAFt3CCDIxvl59coV2bWgTykmVEoni9SSjqKgcC1hT0mIGcaDb428x9DsteJSakSNYwFbnbEbukA7Y5KQnbzaMl/h97C2FOsxiU5JZoiHgKNXCR5jkFsHzc3OEphXW1Ba4EnqsqUecpnfUr6OueFYR6a/q+AtIKVYT10lzCimXui/uf5zkntq1Kga/h3VtgmV root@robin-HP-Compaq-Elite-8300-MT'
- 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkiHonMN0PNdi/9yT8TzjWdFXWsL2csUwvZH0fbepSIo97bf/CBjv5n4/r/QjUEQjPFVgfdIeM490U1FIpUGaJZFGFTvG5FLEEOhzCaOWsrFK1t6wRRkIfu+ui8nnUGaY94zVRR/JD3zbnyE7DAHoYmX25eR2CkvQQaX1nWovA8zmDCsczI1tIjYilHgWTjIBYgAmWm+V9DQ2ctX4Nt9pNixJNEPO4g7NDijN7hmd9jWW5Ntt9XqKSie/U86WCl6It49ntXz3IGjh3bcrC6nWkTyypMBapB57HG/lfTkCZ+O5BN6TSzqsj82uvEz31vZJziAjQzYodZqtHxbut6lFsMLiuwBQL/Lb0PkFLAgfVpuCTMaOoNERE2kzALysfIV5x7r0wbhr3W8lVgluDn1hZ/ij2AdtTwtGyt7S5YBLMia6kGqt87RcBsEVPyUNWekuNBdOLDjnTTNpMW10WhUqpsoPQ5Su+PKyHY8T612AlZfYvZsYnFUPb0T6Y6AcK8HENVGgz2C2xUiDRAeiUq7XRGcUWBIEqLwG7qWtlLa1wJOyHOk3g2AaEBqmiXoOTmDrLb0lb6ZGlTfvZnEt5E70SlWEMU8d8qIAcWrSGnmWN/ynHKX1hYKbd2eMVCzp/vKNrOBJjUid+9cyFt2thu7URG7V+HZA7nj/Kx8FY9kDswE= rsa-key-laptop'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDJBGlfZOdvMQTZSR4WI9vA1PZcRGkbSR9cd1LiNEVM ed25519-key-laptop'
- user:
name: henkjan
comment: "Henk-Jan Zilverberg"
group: admin
state: present
- authorized_key:
user: henkjan
key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOKgVel0GbF67zZaVR0TFo82e5XeZOP1e3Ld3gIdaER h.j.zilverberg@rug.nl'
state: present