Created
February 26, 2021 16:33
-
-
Save psct/ed50d734aa5fdb668ff592f76f7e386a to your computer and use it in GitHub Desktop.
Prepare fresh Debian for ansible management by created user "ansible" in sudoers (needs public ssh-Key in PUBKEY)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # enable host for ansible | |
| set -e | |
| PUBKEY="" | |
| id -u ansible > /dev/null 2>&1 || \ | |
| adduser ansible --disabled-password \ | |
| --gecos "" --quiet | |
| mkdir -p /home/ansible/.ssh | |
| echo "$PUBKEY" \ | |
| > /home/ansible/.ssh/authorized_keys | |
| chown -R ansible /home/ansible/.ssh | |
| apt-get update | |
| apt-get install sudo | |
| grep -q ansible /etc/sudoers || \ | |
| echo "ansible ALL = (ALL) \ | |
| NOPASSWD: ALL" >> /etc/sudoers |
But then please also adapt the path in the grep command one line above ;)
grep -q ansible /etc/sudoers.d/ansible || \
echo "ansible ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
Even better: Use a variable for the path to avoid such mistakes...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
echo "ansible ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
is better. :-)