You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This role installs and configures [OVH Cloud](https://www.ovh.com/world/)'s [the Bastion](https://github.com/ovh/the-bastion) secured jump host server. The ovhbastion role is based on the [official Bastion installation instructions](https://ovh.github.io/the-bastion/installation/basic.html). Please visit [the official Bastion documentation](https://ovh.github.io/the-bastion/index.html) for more information.
6
4
7
5
Once you run this role, [click here](https://ovh.github.io/the-bastion/using/basics.html) to view the next steps in configuring the Bastion.
@@ -11,6 +9,7 @@ Tested On
11
9
12
10
- Debian 8+
13
11
- Ubuntu 18+
12
+
- CentOS 8
14
13
15
14
Role Variables
16
15
--------------
@@ -21,10 +20,29 @@ Role Variables
21
20
#### Recommended
22
21
`bastion_name`: string with name of bastion host. the system's actual hostname is _not_ recommended\
23
22
`bastion_create_admin`: toggle creation of the superadmin account\
24
-
`bastion_superadmin_uname`: string with username for the bastion superadmin (if enabled)
23
+
`bastion_superadmin_uname`: string with username for the bastion superadmin (if enabled)\
24
+
`bastion_initial_users`: list of users to create after bastion setup\
25
+
`bastion_initial_groups`: list of groups to create after bastion setup
25
26
26
27
See `defaults/main.yml` for optional variables that can be set.
27
28
29
+
#### User detail
30
+
31
+
|attribute|type|description|required|
32
+
|---|---|---|---|
33
+
|name|string|name of the user to create|true|
34
+
|public_key|string|SSH ingress key for the bastion user. The key must be generated as either: <br/><ul><li>ed25519</li><li>ecdsa</li><li>rsa 4096 bits</li></ul>|true|
35
+
|hosts|list(string)|List of DNS records/IP addresses to grant initial access to|false|
36
+
|groups|list(string)|List of groups the new user should belong to (currently disabled)|false|
37
+
38
+
#### Group detail
39
+
40
+
|attribute|type|description|required|
41
+
|---|---|---|---|
42
+
|name|string|Group name|true|
43
+
|owner|string|Username of the group owner|true|
44
+
|hosts|list(string)|List of DNS records/IP addresses to grant initial access to|false|
0 commit comments