ISTI-ansible-roles
/
ansible-role-users
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add users to additional groups. Remove users.

This commit is contained in:
Andrea Dell'Amico 2023-09-21 12:40:02 +02:00
parent 0a9c233ca4
commit 23fa2c9f7d
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
meta/main.yml
View File

@ -1,25 +1,23 @@
galaxy_info:
author: Andrea Dell'Amico
description: Systems Architect
description: Role that manages users
company: ISTI-CNR
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning
namespace: adellam
role_name: users
license: EUPL 1.2+
min_ansible_version: "2.9"
min_ansible_version: 2.8
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: Ubuntu
versions:
- bionic
- focal
- jammy
- name: EL
versions:
- 7
- 8
- "7"
- "8"
- "9"
galaxy_tags:
- users

48
tasks/main.yml
View File

@ -18,10 +18,24 @@
when: users_additional_groups is defined | bool
tags: users
- block:
- name: Create users
user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }}
with_items: '{{ users_system_users }}'
- name: Manage the users of a system
tags: users
block:
- name: Manage the creation of deletion of users
ansible.builtin.user:
name: "{{ item.login }}"
group: "{{ item.group | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
append: true
comment: "{{ item.name }}"
home: "{{ item.home }}/{{ item.login }}"
createhome: "{{ item.createhome }}"
shell: "{{ item.shell }}"
password: "{{ item.password | default('*') }}"
update_password: "{{ item.update_password | default('on_create') }}"
state: "{{ item.state | default('present') }}"
loop: '{{ users_system_users }}'
no_log: true
- name: ensure that the users can login with their ssh keys
authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present
@ -58,13 +72,24 @@
- item.log_as_root is defined
- not item.log_as_root
when: users_system_users is defined
- name: Manage additional users
tags: users
- block:
block:
- name: Create additional users
user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }}
with_items: '{{ users_system_users_adjunct }}'
ansible.builtin.user:
name: "{{ item.login }}"
group: "{{ item.group | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
append: true
comment: "{{ item.name }}"
home: "{{ item.home }}/{{ item.login }}"
createhome: "{{ item.createhome }}"
shell: "{{ item.shell }}"
password: "{{ item.password | default('*') }}"
update_password: "{{ item.update_password | default('on_create') }}"
state: "{{ item.state | default('present') }}"
loop: '{{ users_system_users_adjunct }}'
no_log: true
- name: ensure that the additional users can login with their ssh keys
authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present
@ -85,7 +110,7 @@
- item.admin
- ansible_distribution_file_variety == "RedHat"
- name: ensure that the additional users can login with their ssh keys as root if we want ensure direct access
- name: Ensure that the additional users can login with their ssh keys as root if we want ensure direct access
authorized_key: user=root key="{{ item.ssh_key }}" state=present
with_items: '{{ users_system_users_adjunct }}'
when:
@ -101,9 +126,6 @@
- item.log_as_root is defined
- not item.log_as_root
when: users_system_users_adjunct is defined
tags: users
- block:
- name: Permit sudo without password on Deb based systems
lineinfile: