tocproject.toc.host
Purpose
- Raw init of hosts
- Service user creation for Ansible.
- SSH daemon configuration
- Bare minimum system packages for a smooth Ansible management.
Note
If a host has not the 'host' role, then it's not a host...
Variables
```{include} ../../../../roles/host/README.md
## Role defaults
### Service user
* Service user profile
``` yaml
toc_host_service_user_name: "caretaker"
toc_host_service_user_shell: "/bin/bash"
toc_host_service_user_home: "/home/{{ toc_host_service_user_name }}"
toc_host_service_user_uid: "4200"
toc_host_service_user_gid: "4200"
-
Local directory to search for service user ssh key.
- See also: commons
-
Local absolute path to service user ssh private key.
- See also: commons
-
Local absolute path to service user ssh public key.
- See also: commons
-
List of ssh public key values to authorize for service user connection.
SSH daemon
toc_host_ssh:
allow_tcp_forwarding: "yes"
authorized_keys_file: "%h/.ssh/authorized_keys"
challenge_response_authentication: "yes"
client_alive_count_max: "2"
client_alive_interval: "300"
compression: "delayed"
gssapi_authentication: "no"
hostbased_authentication: "no"
ignore_rhosts: "yes"
listen_address: "0.0.0.0"
log_level: "INFO"
login_grace_time: "60"
password_authentication: "yes"
permit_empty_passwords: "no"
permit_root_login: "no"
protocol: "2"
pubkey_authentication: "yes"
strict_modes: "yes"
syslog_facility: "AUTH"
tcp_keep_alive: "yes"
use_pam: "no"
Feature flags
-
Default user for initial connection.
-
Local path to an ssh config file.
Configuring toc_host_init_user and toc_host_local_ssh_cfg will trigger role to replace All {{ toc_host_init_user }} occurences in ssh config file to the value of toc_host_init_user.
- If set to
true, role will end with areboottask.