From f41b4af98a726b01bd1db3be7323b0f32ee8fbb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Wed, 22 Jan 2025 16:00:21 +0100 Subject: [PATCH] ansible: add become_pass.sh, persistent connections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- ansible.cfg | 7 ++++++- ansible/become_pass.sh | 3 +++ ansible/group_vars/all.yml | 1 - 3 files changed, 9 insertions(+), 2 deletions(-) create mode 100755 ansible/become_pass.sh diff --git a/ansible.cfg b/ansible.cfg index bcae719..60c9a98 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -5,8 +5,10 @@ remote_user = admin inventory = ./ansible/terraform.py callback_plugins = ./ansible/callback_plugins lookup_plugins = ./ansible/lookup_plugins +become_password_file = ./ansible/become_pass.sh module_name = shell host_key_checking = false +use_persistent_connections = true # human-readable stdout/stderr results display stdout_callback = debug # Avoid default Python warnings @@ -21,6 +23,9 @@ become_user = root [ssh_connection] # this should speed up exection but might cause issues with sudo pipelining = True -control_path = /tmp/ansible-ssh-%%h-%%p-%%r # necessary for cloning private git repos ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o ConnectTimeout=360 + +[persistent_connection] +command_timeout = 60 +connect_retry_timeout = 30 diff --git a/ansible/become_pass.sh b/ansible/become_pass.sh new file mode 100755 index 0000000..ea799e0 --- /dev/null +++ b/ansible/become_pass.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +# Used via BECOME_PASSWORD_FILE to avoid re-evaluation on every task. +pass hosts/admin-pass diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 7c9522b..87e3121 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,6 +1,5 @@ --- # Passwords -ansible_become_password: '{{lookup("passwordstore", "hosts/admin-pass")}}' bootstrap__active_users_passwords: '{{ bootstrap__active_users | get_user_passwords }}' bootstrap__admin_pass: '{{lookup("vault", "users", field="admin", env="all", stage="all")}}' bootstrap__root_pass: '{{lookup("vault", "users", field="root", env="all", stage="all")}}'