diff --git a/hieradata/common.yaml b/hieradata/common.yaml index c2381f7..b7b1894 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -142,6 +142,7 @@ hiera_include: - timezone - networking - ssh::server + - profiles::accounts::rundeck profiles::ntp::client::ntp_role: 'roles::infra::ntp::server' profiles::ntp::client::use_ntp: 'region' @@ -305,6 +306,8 @@ sudo::configs: profiles::accounts::sysadmin::sshkeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net +profiles::accounts::rundeck::sshkeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD4F7VcorbGpyZzBFexz7c/o1JBscrl7hZU0UkWV7fq6YLizW0r6fOzD99hMwu1kdYCjPxbvuUSDEHfyBIp2EgLWU6wFVoufQqlMyOV85+ivQZUc1VNV+X9T+U4v3u/01hkAmlpXtbkwhMSR4Wi+tdABd04+D3CuMDM37mvnFmBBmi41X4Mr1rJhOQumn1XHQ7EYbsdw2mxfEVVeWpZIHz5BjNKSGzEIAYZbFt6s0Y7X3J5RT+Gjqmu043Tc8nNIUFlR9E10qd3Euf9RiBYxBx3z+yfOzJPBzWNBSHv1+PIbO5Mq+z5JaAfoFZO41L7nw+FjV6JJUCVLr6Vq+bCxyA7LW4Oq9ZahSrt/vrT0kTa0tA5U9bqK6e7pB//dm7PzoROtTq0XksV8RseA/fvIje20uaN1z9dynx+UcbszXu9pQ5GIg1o7b5DEi3OZHJwpgdudiCyEeR4+00G0z4PjpEMnTSMHAJ53WxtjzrPAOBnAmPE7hPu4coU+XrCWEXAvRMloJmca68e+zFX7VvFK82KVDuQ99vQ6w4X73IESKoLzyAVxpelwHaDG4fN+zqYfqubVQU1L5cUeYKxqm5r3Us6VvMaYs1ZMUmDGXHOq4FNhGUJYxSjkLvunM6qyAAJQCd6Pw/2TV3UQVerbouGOZaeBLvRguHWSbDrO99Zu+t87w== rundeck_runner networking::interface_defaults: ensure: present diff --git a/hieradata/roles/infra/automation/rundeck.eyaml b/hieradata/roles/infra/automation/rundeck.eyaml index d74d27a..b2247d4 100644 --- a/hieradata/roles/infra/automation/rundeck.eyaml +++ b/hieradata/roles/infra/automation/rundeck.eyaml @@ -3,3 +3,4 @@ vault::roleid: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAA mysql::db::rundeck::pass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAcWmZuTro0DNX8X/6DCJdmxm85hawng2cjSm/M26/sAzlr7i3XLIjg5TQc3BpeiKWZvQ2XZWygOEcW7g0bHH7FBS6XTXswDiLCf7ssd0DYL+eQbh4p6VijBKObug33fp4+YJaqGV7YRUNqBjXQv/SSmxFqbNaRahUqwbMidJCyjGNmfCfbSd9WxI4/8j0L38rjXR3/i+/xzgVIhgz/qymmw0rky6jN14YrwRIkdW6loMFzVd12tqdX9kh7UBdE7j58ntQgJSilQn2pLmQs6dgcXSOeIi8Sln4R0MfAtOQ1c6LoKMUdb7k8xEszpGbhX7sw51kpwvnL1LS6PQ+T8T9wDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDm1sAUc6LFtslrIuwk1JlJgDAngDM/0g4dpgyNOZDsvAU8OualEL6HZ2RFGfibteUc11wZzHkdFZlvHz2JZdO7Huo=] ldap_bindpass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAiE2zFn7rxZ4/oTX4JcuukoiC9Eno0GnsQLuVQCZscQNp+Bsi8QCA5SqiHmnMc0inhWPMlifze/0gBxopedMa+hR483tkOEaRqRNnOxehgmg8EWCAYgDwEoSwnoJZSHEI0NDugsO64R4AbqsDmh8iSaeFPdjplr0qhr4cx38xPaSf4B+jgABWaJ1JSoAcGtVlZbLljXzQXbzQNL9FjBWs6F8c/47BBmsImwy06d0OMNGsRvIndoRXBxrQAtQB1J5aIukeMmn6JbBRLGvGQfxRVywkHLrIM9UJYkgMif/1KkoWqg8ApKJFY6x7v+hgo//sVKf4aQ6nF7kov5v8y4VMDjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD6aDrZ76FYm/uLSsSknZeHgDA+G7Hf5BEK/x089V3/XKn82KLnCMdycU1FnDCUXJ5s0HhyjOzKA/vms4vWX4ssnec=] rundeck_admin_pass: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAKiifIR1lY5tD9p5FHwGkc8pOEQ3ZQhZZ/y50gr+jrlUq6I2Jmt+S72eo92eyN/Ej8y9ED5jIfqybs3qmy6p7Ln+6KK7z5+nICZGKhm7/02jmx9qRcfnOH/nm+i+qyugyHFD/xGvjnQkU8FGWK6qMBppNISWGLp8QhuhcYrHjv5ziaP+/Y/+iTlWcqGmIGVNVpRHFov0nXnVuqaAYhkZyFzMX0uBKgNikn3xhXT5mEO7thiqZjMmrTE7xotW39+t8pwcFQT0xAU97v7hVGwO7L9aS+lrCNX+Ex2HZUMC6XbHu6htQhlpOSK7d0mE8IVFpLJZ3Nff1ojV33Xbb+uFxEzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDZZ3+/SYor8LZYUX1h9Re1gDCnCli5nSNOIsLmczbqqIGI92JtCCmqggDyaDZ2VdOeKtgYDXaND+0u3d4ikxrW1tg=] +rundeck::ssh::private_key: ENC[PKCS7,MIIOrQYJKoZIhvcNAQcDoIIOnjCCDpoCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEACxXWHTyTWOt6X3N9wALrhHmIEMdUfTaV08gDTJV3epqNATCYvJrL/2d+pKJyneDqJlNJZnlk304zIrni0y7ntN+NvpYxm0MI5XuG6Gpk8frnOHDA8adi6TTKxVqqD+6OKwccbuD+JAkfAR2dAdwPsvmwoLS9+XzQqiKJUHSCWHZLsUEncA0OV0hX7VjirgYqmsbAUwjNqVu+7eOUVDJRFE841GSx2a1XJiTwOcFGKQVPx57dz0faqMl5wN/qpnA6ibTwWp4oOgQHMCV3N9EpuCZ2S/w/6MfvSYKmKqxI9jxRTkAs8HGFzrjEIQK4hZPgx/g+Njm4xV8TqeoBwam0CjCCDW4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEELDVLsiZadNqV7e0V39bgAqAgg1ApYfIiUQtYjPfy1mFcHAHDxfZr89e8Sfvj8j694KjoQWkEMDhF+PEWM04SYWo7FdxhUjjCBGwORLilJT//Nx+W+RrOr1NvAknooZxVSqKNkUiouogyDpeW8sWfHCznv7NbYdWzMKeVzncY20g09gx7tHA0JFP+a6gKrJapBqzR3uqNmzfRNItRH1t1zOWOJjlvneNEHn0/+hRDF+1vpUGDYgfKoYZv5AdQYBYaXNpzL21cqhFkKj4TlJv91pfn0ayVhJe/7NWXjxSEwWUvUueWwPRUC8HXtNQFO6+xSrQk/u+h17i8rutH3tdZYMriCPy6gubWP27c3S4Boxvj1JLHTWrNhg1Y44EQvz5ckloTmUBy0XZnlLqvPonUQwbTJjtZ5QVft18XabepsdglAZQS6JZeF9aTDpLs126pNUXCzWalRXyY3HVfk7xdyvKfdXZx1gg4xiJzfW88Hv8grdBipx0rCR91XYn2bzMLfr0E9fLO/HWtXiKbuwt5BJzYMCmVU8jLH+rK/w0y4/04DEI+2VJwWE/9SsVEI9BcqFoO6NhK1MD732DdVVbkaL/0pd/57Mjw+1Su5JaMCM+9OMAs+gQ8QJCrpVZ87pCQkdbG1cp7pOM/Cx/KZu553WGLXIc/OnAdesm6+u/gkcCFp0qEVNBTK4rO4abzLZQ1UFuGqTa3XwR5XVXofmnDnkcq3n6L+3tgQSIPQFuCzvxn1HgTOa9hDe5U9zyHx5+1vp6r/iF4D5tu5QtuS7/7t4UsrcRSZy76zFqQBRksBpQU2xeLBm267qmrucwecGzzAXhVmOYONTqVAHKJdem/mcSvtHigXLZge/BhUX1IvzbjKRbUGNB31Z1ZeCJXZJJQffk4TfNLuiJGMnXbW4OXZR6hatLARBfegyfJDiES06V7hCfmFjfZ4eZuyMa3gykq6TytFtcR7oEqxnn7CnqU2qk3SuLku0O1qKkwsFnhlpOkQpslUZgdhOzjHWn1+Lm5XbPNHaXCkudqZ4oQEJRYCuMicIBhk2Y9oBCwr9nzWIke/LaBQ+JaxwqC0rT8caV+QFp7vdy0DB9z0eVgEPH019ecFwDjqrWkiIfzAkAjXRyalh2Gvb21FVoHlf/I4ABtCGjP1nw8rHnWpXTKpXUJO3hWeqSMZLcmMjpL29qm8Rfhi5863pdq3J12Tb5wRNRYopYl6bscDqyr0pVz17W93Z/cacv5mdoGz2db1VHIUCcoSnfEj1vHjJWGYQjjKk5sDNRKy4sRiI03c53E6LD3XO7Njes7W8x82/A8nvK/006spx0E/DCC8olqemQVKR9/ZrlbUiN3xcB2bbjyVs8b+mW6wMq0Muki3EPip7Uu+tMcOXOnJojNOU8796/ZaChs3CEsicfEtaAexG2Wj5A58mPz2kOWnvnv80w+i7G5/f9SxIJAO7tYzx8qlrNv7HS+zFFCz2yKCdK4enaCLJj8q/RNQg2L9q7/Ha2vVl8fBxF12WuFTFhAUanL8NgjnfuTfYj1bqlnqgfgd6rwCRlStDp09X5FckyVyZuZd1yzbb5FP6x4IPxyxNw3tHlM0QFVxT6s7ujEac5ZnE4Bc+RLtvZu4droQx9/Ifi2r61KNN7CGFMS8nvA/rgwr25Q0R6H0bJg1ANejf8bv+QHW1iudrh5/D0NDjWZeuxafG0FGZTaKAhMllVmqCLikruzGNlwPmbbH6t5zPebOV0CYlMfjvTdEIL1mGACKnvLrd2EFOhF2PA5XXC7a3MGiz8hOUTICBVJV+pWTQQF+4EsBckFyEbhv1kutSj1N60TpwpfPcYcp83TgpYJ84BBFRlufXlP/rsABE/SBDvVzFpNvwQAse0Mcfxm2D/NnklVhWkT45+SS75aW5WnORsvushCJppTYVTy+w8MuA4MBTCgqjRDC1bzXSInRSRpEsCsKbWhcAiYjpcx02qtA0PqD6h9w20jQfa0kREb9ZAv5o3IeyUrLkZDLeZYLb2B7aSGv3JwaJ7M+q6LicNXcLZOw6MxnKJoWa7iITquUkjEyOKNELt1nQc7qM20fU2BPHFq4dEafHvoAW+wwzA35V1abr7DDHJb5Sw1bmII/mESG0Vji9BITPoqcsgVd1Db+8Y2GoxR2fMzjHTFp3Ueg1DGDJYTRi+vQ1j8yCrJtZHSI1k/dL/7S2j1GPbsdqvzRNUzK3lcG7YtcUap68nsTvghLDs8VMcdf2DXSy/BPeOPYo+LNfYQHfLCln/jug7sQZsEKNQusAVV5Xdl0nCT1zGGs6MXtbKEeKxAtE+KWfcGBvpsR3CLYdTqgFUF9cqvCY5qPytSjY7YKeXqIAleyJJUfEvuSIgqQAB8MPR5bHWNwFYGQx8Y397KCROtD4iWp2iNFV83TTb74+q9INeqKxroAE3TKlOK1qF7Qlf3YSXIOh7f9LAc+DYo4En8V9fFZpmrGVkYWrw7wAT1V32c/NGjRH6wItxwRxJyqaVGP2t4nP0QYl3Hda/IwuQ3kemi8ZnQEF0D5j5G9lp6/NCIBnQWZbVrfkDx9IFKEIFJ3ViwgkN9Od69rUnEokT//X56CeCgwmemGyPfC8Zu/fWkDHHOVOeTPZ7nExqNl+tOs55jVwhIxKTfTobW+Dq6IH0KM6+ByFLG5FMQXftRBoCd/YP+F2aRS2DOPYRgPBCY0C298tUuLoC9PyGpbJl4Oe4x9XLecRImatJrySMquY8uoB5awDhVTeU20sDPQALGDdEAZgAhx+DwOIbW981QWU/A2FPpfw9S3t/ybTyGJSqLJW+dtzeet0gXvwYZpTuU5I9Ym31JGKLz9Ah/yqkc9YZZGO+gM3GLos0rjUvbSZBm9QJhns2vgkCSVZPC5w6QO69KunW0zeik57jWa6FCD6KGVl/1woYc6A5Qos/YDxRPzUn4WoV7ZFU7OYMOYiUS29Ib5Bk0QZBCqTgn1cnhMHkF7canBDZ+9IwzRqKJ0q3fsjvFFoZBh2koEaRHr4oFOTDmGxirwk6y741fXj6ECUKMRewsWTo+IxhLHSVn4CDrqWb/thehHHPgPNJTHku4Yc03pdA2TpFSYxt1szCCJteHIT452bx4+KFvIWx3eLcN95uUJLOZzCfib2skz1c57wat6FxVqTDiSldSsbFcX1TRpvub5h9B7YpQFc6BB2/6SKPgSUlpIcZ/kLqzhJ0qeLw8NKO9jXxTnq9d1/NghC52PKoGlHRWxw4NzMVuptQY1HtvTjVQLJShnwJB/rzogFg7UtKf/p/q1ZtcBarSLrEZJkuoHn299oLno6XCeGuHIw6FsUxVQZ0iF/MVxa8wIi3EMKm91LNO4J0rQJTjbvcrAgVaJzoAJoywtiaHVOOHaza9m/OiaD1ensXdk+KLZ93wtPnv8thFmxTWJUMP4IfXkXEdKSShmdrLTO4baPwFVMCdIJXeIMHHqLmU3ZQfCVaYip6DWRxTBV0l3ziP+m4hVy1wH0HmeIGsZ8fl+1OrIB5w59H6JAmskbLBKMhE3PCZwHhuANOIEAHayOOzs3Hl34oAddaDiDG72RMrQBMrppGNAjadQYJEXI0PL5ACu9Xw2rrBX38C5YWxv0S5va41tm+1sudUX9cfr2VBKmkfPx8Iuq3gfkxgz8t1xrkXLDWH7ykhulELNb6TiRv7beeZniFvyO+yUsuJIpNPTOUU46HYCe0XO5j+KtUX7oV2yBcZdDVeyq+oN1xJ9tnPk8FIBD+GpCARxDO6X1KsT1qAy1onQ3sFwTJDdtm7xtk7vVVcdAxpD+VICv6FHlQQyq7WypuPwkfx2EmOaH7JL4mtAEsfaAk4vbzxdPorXlXAqQb1XhbGjueqZEiq5H/qqGt/IpuyGmV7sAi55E2z69BcSMPdJUGgxhftpq2WvmMAfU9I5EnOK3hITGJo9zsC1X8AgvUjQsj9bTzHeG2h0nz4/Ng1Rw25+iDdHVEE+lqKPYQJ0V17hFxzjOh+c18cskAOV0wsNqrEPYWqPOpMmM44r0GhnYIDsZBSbFcCtX/bEG4v1BZVnZYgMfR4IyyVE3tviKVL5dNI8L/gUfrhJr6NmfDNdL21oV153nVbTDNwJSXCrWsqBVe8rnZorsKUmhgVMOGChv0iSNMzu13gveTV0XRZW1Lcb5MfQBX/uPutMd0xVz0bwpdHZgvcWIlAAyBTyryrvx8wDlbI67FLzIjIVTyWPQ1563B0L1ldpz35Lf/IdTOnpg9LClbTlpoxw3Uko+LHIX4ciLX2/TMAFoN9MmgccsZoIQ3ifK5rDlJcarwb9UEbiZLwshFQ9ioKppmDcsp+6BYgqLi7jiTLy7l95BEvqIqHvkmGi2PbxsrKAIkZDOtBPMAhOYZ9daccbUlPMz4FMP1DqUv5TrJROuPCd76ptZm4z5IcBSFAbr/+d0SZh88ZgZaBC57QnEI4IipcO+3c72aIQvspkVqJLeOIKKgZaxCFBov+GcnvThnKxVoOk9UjWHbH8QXm+nf6qCmtFLAFdlZWO7cqDVLadQkaj2gnM5LlTgTKDyz53Y=] diff --git a/hieradata/roles/infra/automation/rundeck.yaml b/hieradata/roles/infra/automation/rundeck.yaml index ce6d2c2..f46abc1 100644 --- a/hieradata/roles/infra/automation/rundeck.yaml +++ b/hieradata/roles/infra/automation/rundeck.yaml @@ -3,6 +3,9 @@ hiera_include: - profiles::rundeck::server - profiles::nginx::simpleproxy +hiera_exclude: + - profiles::accounts::rundeck + profiles::packages::exclude: - jq diff --git a/site/profiles/manifests/accounts/rundeck.pp b/site/profiles/manifests/accounts/rundeck.pp new file mode 100644 index 0000000..0e7950e --- /dev/null +++ b/site/profiles/manifests/accounts/rundeck.pp @@ -0,0 +1,14 @@ +# create the rundeck user +class profiles::accounts::rundeck ( + Array[String] $sshkeys = [], +){ + profiles::base::account {'rundeck': + username => 'rundeck', + uid => 1100, + gid => 1100, + groups => ['adm', 'admins', 'systemd-journal'], + sshkeys => $sshkeys, + require => Group['admins'], + system => true, + } +} diff --git a/site/profiles/manifests/rundeck/server.pp b/site/profiles/manifests/rundeck/server.pp index 28f672a..4489e27 100644 --- a/site/profiles/manifests/rundeck/server.pp +++ b/site/profiles/manifests/rundeck/server.pp @@ -86,4 +86,20 @@ class profiles::rundeck::server ( create_resources('rundeck::config::aclpolicyfile', $acl_policies) create_resources('rundeck::config::project', $cli_projects) + + # create rundeck runner ssh key + file {'/var/lib/rundeck/.ssh/rundeck_id_rsa': + ensure => 'file', + owner => 'rundeck', + group => 'rundeck', + mode => '0600', + content => lookup('rundeck::ssh::private_key'), + } + file {'/var/lib/rundeck/.ssh/rundeck_id_rsa.pub': + ensure => 'file', + owner => 'rundeck', + group => 'rundeck', + mode => '0644', + content => lookup('profiles::accounts::rundeck::sshkeys'), + } }