From a8c6e5b69f9e31bbb658c21e8939fbbb0c0d21b6 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 2 Jan 2024 09:11:53 +0100 Subject: [PATCH] Added user root --- roles/backup-remote-to-local/meta/main.yml | 1 + roles/user-root/README.md | 29 ++++++++++++++++++++++ roles/user-root/tasks/main.yml | 26 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 roles/user-root/README.md create mode 100644 roles/user-root/tasks/main.yml diff --git a/roles/backup-remote-to-local/meta/main.yml b/roles/backup-remote-to-local/meta/main.yml index a734813d..cab5e4a5 100644 --- a/roles/backup-remote-to-local/meta/main.yml +++ b/roles/backup-remote-to-local/meta/main.yml @@ -4,3 +4,4 @@ dependencies: - cleanup-backups-timer - cleanup-failed-docker-backups - system-maintenance-lock + - user-root diff --git a/roles/user-root/README.md b/roles/user-root/README.md new file mode 100644 index 00000000..d9f81b20 --- /dev/null +++ b/roles/user-root/README.md @@ -0,0 +1,29 @@ +Certainly! Below is a README file in English for an Ansible role that includes the tasks you've provided: +# Root User + +## Overview +This Ansible role is designed to manage the generation and handling of an SSH key for the root user on a target system. It ensures that an SSH key is generated if it does not already exist and displays the public key. This role is particularly useful for setting up secure SSH access for root users in automated environments. + +## Role Variables +- `run_once_user_root`: A variable to ensure that certain tasks are only run once. This is used for idempotency purposes. + +## Tasks +1. **Check if the SSH key for root already exists**: Verifies the existence of an SSH public key for the root user. +2. **Generate a SSH key for root if it does not exist**: Generates a new SSH key pair (RSA 4096 bits) for the root user if it is not already present. +3. **Display the public SSH key**: Outputs the content of the generated public SSH key. +4. **Output the public SSH key**: Debug task to display the SSH public key in the Ansible output. +5. **Run the user_root tasks once**: Sets a fact to ensure that the tasks for generating and displaying the key are executed only once. + +## Usage +To use this role, include it in your playbook and set any necessary variables in your playbook's `vars` section. Ensure you have the necessary permissions to execute tasks as the root user. + +```yaml +- hosts: servers + become: yes + roles: + - ssh_key_generator_root +``` + +## Important Notes +- Running this role will affect the root user's SSH configuration on the target system. Ensure you understand the implications of modifying root SSH keys. +- Always test the role in a controlled environment before deploying to production. diff --git a/roles/user-root/tasks/main.yml b/roles/user-root/tasks/main.yml new file mode 100644 index 00000000..77550134 --- /dev/null +++ b/roles/user-root/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Check if the SSH key for root already exists + ansible.builtin.stat: + path: "/root/.ssh/id_rsa.pub" + register: ssh_key + +- name: Generate a SSH key for root if it does not exist + ansible.builtin.openssh_keypair: + path: "/root/.ssh/id_rsa" + type: rsa + size: 4096 + when: not ssh_key.stat.exists and run_once_user_administrator is not defined + +- name: Display the public SSH key + command: cat /root/.ssh/id_rsa.pub + register: public_key + when: not ssh_key.stat.exists and run_once_user_administrator is not defined + +- name: Output the public SSH key + debug: + msg: "{{ public_key.stdout }}" + when: not ssh_key.stat.exists and run_once_user_administrator is not defined + +- name: run the user_administrator tasks once + set_fact: + run_once_user_administrator: true + when: run_once_user_administrator is not defined \ No newline at end of file