mirror of
https://github.com/roles-ansible/ansible_collection_users.git
synced 2024-08-16 10:29:50 +02:00
Create and delete users and pubkeys
+ create users and groups + delete them too + add ssh keys
This commit is contained in:
parent
e1cdffd631
commit
6c5b794e41
6 changed files with 107 additions and 5 deletions
|
@ -1,5 +1,31 @@
|
|||
---
|
||||
# Create ansible user
|
||||
# create users
|
||||
l3d_users__default_users: {}
|
||||
# - name: 'alice'
|
||||
# state: 'present'
|
||||
# shell: '/bin/bash'
|
||||
# create_home: true
|
||||
# admin: true
|
||||
# pubkeys: |
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
|
||||
# exklusive_pubkeys: true
|
||||
# password: "$Password_hash"
|
||||
# - name: 'bob'
|
||||
# state: 'present'
|
||||
# shell: '/bin/zsh'
|
||||
# admin: false
|
||||
# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
|
||||
# exklusive_pubkeys: false
|
||||
|
||||
l3d_users__local_users: {}
|
||||
# - name: 'charlie'
|
||||
# state: 'present'
|
||||
# admin: false
|
||||
# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
|
||||
|
||||
# Create ansible mamagement user
|
||||
l3d_users_user__create_ansible: true
|
||||
l3d_users_user__ansible_user_state: 'present'
|
||||
l3d_users_user__set_ansible_ssh_keys: false
|
||||
|
|
|
@ -4,7 +4,20 @@
|
|||
file: 'versioncheck.yml'
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Merge default and locale Users
|
||||
ansible.builtin.set_fact:
|
||||
_l3d_users_user__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}"
|
||||
|
||||
|
||||
- name: Create ansible user with superuser permissions
|
||||
ansible.builtin.include_tasks:
|
||||
file: 'user_ansible.yml'
|
||||
when: l3d_users_user__create_ansible | bool
|
||||
|
||||
- name: Create Groups and Users
|
||||
ansible.builtin.include_tasks:
|
||||
file: 'users.yml'
|
||||
|
||||
- name: Manage SSH public keys
|
||||
ansible.builtin.include_tasks:
|
||||
file: 'pubkeys.yml'
|
||||
|
|
12
roles/user/tasks/pubkeys.yml
Normal file
12
roles/user/tasks/pubkeys.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: Set SSH Public Keys for Users
|
||||
become: true
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
state: 'present'
|
||||
key: "{{ item.pubkeys | default() }}"
|
||||
exclusive: true
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'present'
|
|
@ -26,6 +26,11 @@
|
|||
|
||||
- name: Add admin keys to user ansible
|
||||
become: true
|
||||
ansible.builtin.debug:
|
||||
msg: "tbd."
|
||||
when: l3d_users_user__set_ansible_ssh_keys
|
||||
ansible.posix.authorized_key:
|
||||
user: 'ansible'
|
||||
state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
|
||||
key: "{{ item.pubkeys | default () }}"
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
when: item.admin | default(false) | bool
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
|
|
46
roles/user/tasks/users.yml
Normal file
46
roles/user/tasks/users.yml
Normal file
|
@ -0,0 +1,46 @@
|
|||
---
|
||||
- name: Create Groups for Users
|
||||
become: true
|
||||
ansible.builtin.group:
|
||||
name: "{{ item.name }}"
|
||||
state: 'present'
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'present'
|
||||
|
||||
- name: Create Accounts for Users
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
group: "{{ item.name }}"
|
||||
state: 'present'
|
||||
create_home: "{{ item.create_home | default(true) }}"
|
||||
comment: "User created by ansible"
|
||||
shell: "{{ item.shell | default('/bin/bash') }}"
|
||||
password: "{{ item.password | default() }}"
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'present'
|
||||
|
||||
- name: Remove Accounts for Users
|
||||
become: true
|
||||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
state: 'absent'
|
||||
remove: "{{ item.remove | default(false) }}"
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'absent' and item.remove | default(false) | bool
|
||||
|
||||
- name: Remove Groups for Users
|
||||
become: true
|
||||
ansible.builtin.group:
|
||||
name: "{{ item.name }}"
|
||||
state: 'absent'
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'absent' and item.remove | default(false) | bool
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
playbook_version_number: 3
|
||||
playbook_version_number: 4
|
||||
playbook_version_path: 'l3d.users.user.version'
|
||||
|
|
Loading…
Reference in a new issue