Day three: enhance SSH security in two separate phases. Closes #3

2022-02-09 21:46:01 -05:00 · 2022-02-09 21:46:01 -05:00 · 197ac5d0ef
commit 197ac5d0ef
parent 198242e1d5
4 changed files with 166 additions and 0 deletions
--- a/day3_geninventory_phase2.sh
+++ b/day3_geninventory_phase2.sh
@ -0,0 +1,44 @@
+#
+#   Day 3 - Generate Inventory (Phase 2: tachyon user on obscure port)
+#   Requires linode-cli to be installed (`pip3 install linode-cli`)
+#   The hosts file generated requires ansible (`pip3 install ansible`)
+#   This will crush any ansible.cfg and hosts files in the current directory.
+
+# Default ansible group and linode label
+if [ -z "$CATEGORY" ]
+then
+    CATEGORY="UpskillChallengeNode"
+fi
+
+if [ -z "$ADMINUSER" ]
+then
+    ADMINUSER="tachyon"
+fi
+
+if [ -z "$NODESSHPORT" ]
+then
+    NODESSHPORT=22022
+fi
+
+# fetch IP address from Linode. Assumes one device (TODO: handle a swarm of them).
+NODEIP=$(linode-cli linodes list --format 'ipv4' --label "$CATEGORY" --text | tail -n 1)
+
+# create or clobber hosts file
+cat > hosts << EOF
+[$CATEGORY]
+$NODEIP:$NODESSHPORT   ansible_user=$ADMINUSER 
+
+[$CATEGORY:vars]
+ansible_ssh_user=$ADMINUSER
+ansible_become=yes
+ansible_become_user=root
+ansible_become_method=sudo
+EOF
+
+# create or clobber hosts file
+cat > ansible.cfg << EOF
+[defaults]
+inventory = $(pwd)/hosts
+EOF
+
+ansible "$CATEGORY" -m ping