59 lines
1.6 KiB
YAML
59 lines
1.6 KiB
YAML
|
---
|
||
|
|
- name: Bootstrap Ansible SSH access from pvef to Slurm nodes
|
||
|
|
hosts: slurm_cluster
|
||
|
|
gather_facts: false
|
||
|
|
become: true
|
||
|
|
|
||
|
|
vars:
|
||
|
|
ansible_controller_pubkey: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_ed25519.pub') }}"
|
||
|
|
|
||
|
|
pre_tasks:
|
||
|
|
- name: Wait for SSH
|
||
|
|
ansible.builtin.wait_for_connection:
|
||
|
|
timeout: 30
|
||
|
|
|
||
|
|
- name: Install Python if missing - Debian/Ubuntu
|
||
|
|
ansible.builtin.raw: |
|
||
|
|
test -e /usr/bin/python3 || (apt-get update && apt-get install -y python3)
|
||
|
|
changed_when: false
|
||
|
|
|
||
|
|
tasks:
|
||
|
|
- name: Ensure sudo is installed
|
||
|
|
ansible.builtin.apt:
|
||
|
|
name:
|
||
|
|
- sudo
|
||
|
|
- openssh-server
|
||
|
|
state: present
|
||
|
|
update_cache: true
|
||
|
|
|
||
|
|
- name: Ensure SSH server is enabled and running
|
||
|
|
ansible.builtin.service:
|
||
|
|
name: ssh
|
||
|
|
state: started
|
||
|
|
enabled: true
|
||
|
|
|
||
|
|
- name: Ensure .ssh directory exists for login user
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: "/home/{{ ansible_user }}/.ssh"
|
||
|
|
state: directory
|
||
|
|
owner: "{{ ansible_user }}"
|
||
|
|
group: "{{ ansible_user }}"
|
||
|
|
mode: "0700"
|
||
|
|
|
||
|
|
- name: Add pvef root public key to login user's authorized_keys
|
||
|
|
ansible.builtin.authorized_key:
|
||
|
|
user: "{{ ansible_user }}"
|
||
|
|
key: "{{ ansible_controller_pubkey }}"
|
||
|
|
state: present
|
||
|
|
manage_dir: true
|
||
|
|
|
||
|
|
- name: Allow bootstrap login user passwordless sudo
|
||
|
|
ansible.builtin.copy:
|
||
|
|
dest: "/etc/sudoers.d/90-ansible-{{ ansible_user }}"
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: "0440"
|
||
|
|
content: |
|
||
|
|
{{ ansible_user }} ALL=(ALL) NOPASSWD:ALL
|
||
|
|
validate: "visudo -cf %s"
|