k8s-sig-cluster-lifecycleawskubesprayhigh-availabilityansiblekubernetes-clustergcekubernetesbare-metal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 lines
1.3 KiB
46 lines
1.3 KiB
---
|
|
- name: Create user {{ k8s_deployment_user }}
|
|
user:
|
|
name: "{{ k8s_deployment_user }}"
|
|
groups: adm
|
|
shell: /bin/bash
|
|
|
|
- name: Ensure that .ssh exists
|
|
file:
|
|
path: "/home/{{ k8s_deployment_user }}/.ssh"
|
|
state: directory
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
|
|
- name: Configure sudo for deployment user
|
|
copy:
|
|
content: |
|
|
%{{ k8s_deployment_user }} ALL=(ALL) NOPASSWD: ALL
|
|
dest: "/etc/sudoers.d/55-k8s-deployment"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
|
|
- name: Write private SSH key
|
|
copy:
|
|
src: "{{ k8s_deployment_user_pkey_path }}"
|
|
dest: "/home/{{ k8s_deployment_user }}/.ssh/id_rsa"
|
|
mode: 0400
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
when: k8s_deployment_user_pkey_path is defined
|
|
|
|
- name: Write public SSH key
|
|
shell: "ssh-keygen -y -f /home/{{ k8s_deployment_user }}/.ssh/id_rsa \
|
|
> /home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
args:
|
|
creates: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
when: k8s_deployment_user_pkey_path is defined
|
|
|
|
- name: Fix ssh-pub-key permissions
|
|
file:
|
|
path: "/home/{{ k8s_deployment_user }}/.ssh/authorized_keys"
|
|
mode: 0600
|
|
owner: "{{ k8s_deployment_user }}"
|
|
group: "{{ k8s_deployment_user }}"
|
|
when: k8s_deployment_user_pkey_path is defined
|