Email, RSS Follow
Email

Se utilizaron los módulos user para crear el usuario, authorized_key para distribuir la clave pública de BackupPc y lineinfile para modificar el sudoers.

Se generó un archivo backuppcClient.yml con el siguiente código:

---
- hosts: client1
  remote_user: admin
  become: yes
  vars:
    users:
      - "backuppc"
  tasks:
    - name: create user backuppc
      user:
        name: "{{ item }}"  
        shell: /bin/bash
      with_items: "{{ users }}"
    - name: Add public key in authorized_keys'
      authorized_key:
        user: "{{ item }}"
        key: "{{ lookup('file', 'id_rsa.pub') }}"
      with_items: "{{ users }}"
    - name: Add rsync without password in sudoers
      copy:
        content: "backuppc ALL=NOPASSWD: /usr/bin/rsync --server --sender * \n"
        dest: /etc/sudoers.d/backuppc
        backup: yes
        owner: root
        group: root
        mode: 0440
        validate: /usr/sbin/visudo -cf %s

El archivo id_rsa.pub contiene la clave pública del BackupPc.

El script se ejecuta de la siguiente manera:

admin@ansible:~$ ansible-playbook backuppcClient.yml -K
SUDO password: 
PLAY [192.168.0.100] *************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************
ok: [192.168.0.100]

TASK [Crear usuario BackupPc] **************************************************************************************************************************************************
ok: [192.168.0.100] => (item=backuppc)

TASK [Agregar clave pública al authorized_keys] **************************************************************************************************************************************************
ok: [192.168.0.100] => (item=backuppc)

TASK [Modificar archivo sudoers para ejecutar rsync sin contraseña] *************************************************************************************************************************
ok: [192.168.0.100]

PLAY RECAP **********************************************************************************************************************************************************************
192.168.0.100               : ok=4    changed=3    unreachable=0    failed=0   

admin@ansible:~$