mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-03-31 14:24:16 +02:00
Optimized .mds and meta/main.yml for user-root. Also included user as meta for user-administrator
This commit is contained in:
parent
1689bdfdbc
commit
632b4e9b22
@ -25,3 +25,4 @@ galaxy_info:
|
||||
documentation: "https://s.veen.world/cymais"
|
||||
dependencies:
|
||||
- sudo
|
||||
- user
|
@ -1,21 +1,26 @@
|
||||
# Root User
|
||||
|
||||
## Description
|
||||
|
||||
This role manages the generation and handling of an SSH key for the [root user](https://en.wikipedia.org/wiki/Superuser) on a target system. It ensures that an SSH key is generated if one does not already exist and outputs the public key, enabling secure SSH access for the root user in automated environments.
|
||||
|
||||
## Overview
|
||||
This Ansible role is designed to manage the generation and handling of an SSH key for the root user on a target system. It ensures that an SSH key is generated if it does not already exist and displays the public key. This role is particularly useful for setting up secure SSH access for root users in automated environments.
|
||||
|
||||
## Role Variables
|
||||
- `run_once_user_root`: A variable to ensure that certain tasks are only run once. This is used for idempotency purposes.
|
||||
Optimized for secure system administration, this role performs the following tasks:
|
||||
- Verifies the existence of a root SSH public key.
|
||||
- Generates a new [RSA 4096-bit](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) SSH key pair for the root user if one is missing.
|
||||
- Displays and outputs the generated public SSH key.
|
||||
- Ensures that the key generation and display tasks run only once to maintain idempotency.
|
||||
- Facilitates secure remote access using best practices for [SSH](https://en.wikipedia.org/wiki/Secure_Shell).
|
||||
|
||||
## Tasks
|
||||
1. **Check if the SSH key for root already exists**: Verifies the existence of an SSH public key for the root user.
|
||||
2. **Generate a SSH key for root if it does not exist**: Generates a new SSH key pair (RSA 4096 bits) for the root user if it is not already present.
|
||||
3. **Display the public SSH key**: Outputs the content of the generated public SSH key.
|
||||
4. **Output the public SSH key**: Debug task to display the SSH public key in the Ansible output.
|
||||
5. **Run the user_root tasks once**: Sets a fact to ensure that the tasks for generating and displaying the key are executed only once.
|
||||
## Purpose
|
||||
|
||||
## Important Notes
|
||||
- Running this role will affect the root user's SSH configuration on the target system. Ensure you understand the implications of modifying root SSH keys.
|
||||
- Always test the role in a controlled environment before deploying to production.
|
||||
The primary purpose of this role is to enhance the security of the system by ensuring that a valid SSH key is available for the [root user](https://en.wikipedia.org/wiki/Superuser). By automating the generation and output of the public key, it reduces manual intervention and helps maintain a secure configuration for administrative access.
|
||||
|
||||
## Author
|
||||
This role was created by [Kevin Veen-Birkenbach](https://www.veen.world/)
|
||||
## Features
|
||||
|
||||
- **SSH Key Verification:** Checks whether a root SSH public key exists.
|
||||
- **SSH Key Generation:** Generates a new [RSA 4096-bit](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) SSH key pair for the root user if needed.
|
||||
- **Public Key Output:** Displays and outputs the generated public SSH key.
|
||||
- **Idempotency:** Ensures that key generation and output tasks execute only once.
|
||||
- **Secure Remote Access:** Facilitates secure remote access by providing a verified public key for use with [SSH](https://en.wikipedia.org/wiki/Secure_Shell).
|
||||
|
27
roles/user-root/meta/main.yml
Normal file
27
roles/user-root/meta/main.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: "Kevin Veen-Birkenbach"
|
||||
description: "Manages the generation and handling of an SSH key for the root user. This role ensures secure remote access by generating a new RSA 4096-bit key pair if one does not exist, and displays the public key for further use."
|
||||
license: "CyMaIS NonCommercial License (CNCL)"
|
||||
license_url: "https://s.veen.world/cncl"
|
||||
company: |
|
||||
Kevin Veen-Birkenbach
|
||||
Consulting & Coaching Solutions
|
||||
https://www.veen.world
|
||||
min_ansible_version: "2.9"
|
||||
platforms:
|
||||
- name: Linux
|
||||
versions:
|
||||
- all
|
||||
galaxy_tags:
|
||||
- ssh
|
||||
- root
|
||||
- administrator
|
||||
- security
|
||||
- user
|
||||
- configuration
|
||||
repository: "https://s.veen.world/cymais"
|
||||
issue_tracker_url: "https://s.veen.world/cymaisissues"
|
||||
documentation: "https://s.veen.world/cymais"
|
||||
dependencies:
|
||||
- user
|
Loading…
x
Reference in New Issue
Block a user