50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
---
|
||
- name: APT update + dist-upgrade (minimal + vault become)
|
||
hosts: debians
|
||
gather_facts: false
|
||
become: true
|
||
become_method: sudo
|
||
|
||
vars:
|
||
apt_update_timeout_seconds: 300
|
||
apt_http_timeout_seconds: 20
|
||
apt_force_ipv4: true
|
||
|
||
pre_tasks:
|
||
- name: Charger les variables vault (become_passwords)
|
||
ansible.builtin.include_vars:
|
||
file: "../group_vars/all/vault.yml"
|
||
name: vault_secrets
|
||
|
||
- name: Normaliser la map des mots de passe
|
||
ansible.builtin.set_fact:
|
||
_become_map: >-
|
||
{{ vault_secrets.become_passwords
|
||
if (vault_secrets is mapping and 'become_passwords' in vault_secrets)
|
||
else vault_secrets }}
|
||
|
||
- name: Vérifier que le mot de passe existe pour l’hôte courant
|
||
ansible.builtin.assert:
|
||
that:
|
||
- _become_map is mapping
|
||
- inventory_hostname in _become_map
|
||
fail_msg: >-
|
||
Mot de passe manquant pour {{ inventory_hostname }}.
|
||
Clés disponibles: {{ _become_map.keys() | list | sort | join(', ') }}
|
||
|
||
- name: Définir le mot de passe sudo (variable officielle)
|
||
ansible.builtin.set_fact:
|
||
ansible_become_password: "{{ _become_map[inventory_hostname] }}"
|
||
no_log: true
|
||
|
||
tasks:
|
||
|
||
- name: Déployer le script MOTD personnalisé
|
||
copy:
|
||
src: ../sources/99-motd # Chemin relatif depuis où tu exécutes le playbook
|
||
dest: /etc/update-motd.d/99-motd
|
||
owner: root
|
||
group: root
|
||
mode: '0755'
|
||
become: yes
|