Backup authorized keys before nuking

hosts
don't become while writing data to controller disk
2021-10-16 10:17:45 -04:00 · 2021-10-16 10:13:55 -04:00 · 2021-10-15 22:55:22 -04:00
2 changed files with 27 additions and 2 deletions
--- a/17
+++ b/17
@@ -0,0 +1,17 @@
+[forensics]
+10.8.2.12 ansible_user=administrator
+
+[database]
+10.8.2.3 ansible_user=administrator
+
+[workstations]
+10.8.1.10 ansible_user=administrator
+10.8.1.40 ansible_user=administrator
+
+[workstations:children]
+web
+
+[web]
+10.8.1.90 ansible_user=administrator
+
+
--- a/roles/immortal/tasks/main.yml
+++ b/roles/immortal/tasks/main.yml
@@ -31,6 +31,7 @@
        content: "{{lsblk_output.stdout}}"
        dest: "{{ inventory_hostname }}/lsblk.out"
      delegate_to: localhost
+      become: no

 - name: Collect netstat
  block:
@@ -43,7 +44,7 @@
        content: "{{netstat_output.stdout}}"
        dest: "{{ inventory_hostname }}/netstat.out"
      delegate_to: localhost
-
+      become: no
 - name: Collect process data
  block:
    - name: Run command
@@ -55,7 +56,7 @@
        content: "{{ps_output.stdout}}"
        dest: "{{ inventory_hostname }}/ps.out"
      delegate_to: localhost
-
+      become: no
 - name: Get users
  get_users:
    #min_uid: "{{ (ansible_os_family == 'RedHat') | ternary(500,1000) }}"
@@ -64,6 +65,13 @@
  become: yes
  register: users_list 

+- name: Backup all users authorized keys
+  fetch:
+    src: "{{item['dir']}}/.ssh/authorized_keys"
+    dest: "{{ inventory_hostname }}"
+  ignore_errors: yes
+  loop: "{{ users_list.users }}"
+
 - name: Give root exclusively the current controller user's SSH key
  ansible.posix.authorized_key:
    user: root
Author	SHA1	Message	Date
citty	d38e3ba4e0	Backup authorized keys before nuking	2021-10-16 10:17:45 -04:00
citty	752a9de6df	hosts	2021-10-16 10:13:55 -04:00
citty	5e2ad66dfb	don't become while writing data to controller disk	2021-10-15 22:55:22 -04:00