diff --git a/meta/main.yml b/meta/main.yml index 830d9c6..537bf85 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,25 +1,23 @@ galaxy_info: author: Andrea Dell'Amico - description: Systems Architect + description: Role that manages users company: ISTI-CNR - - issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning - + namespace: adellam + role_name: users license: EUPL 1.2+ + min_ansible_version: "2.9" - min_ansible_version: 2.8 - - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # platforms: - name: Ubuntu versions: - bionic + - focal + - jammy - name: EL versions: - - 7 - - 8 + - "7" + - "8" + - "9" galaxy_tags: - users diff --git a/tasks/main.yml b/tasks/main.yml index 38bef86..3f474ca 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -18,10 +18,24 @@ when: users_additional_groups is defined | bool tags: users -- block: - - name: Create users - user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }} - with_items: '{{ users_system_users }}' +- name: Manage the users of a system + tags: users + block: + - name: Manage the creation of deletion of users + ansible.builtin.user: + name: "{{ item.login }}" + group: "{{ item.group | default(omit) }}" + groups: "{{ item.groups | default(omit) }}" + append: true + comment: "{{ item.name }}" + home: "{{ item.home }}/{{ item.login }}" + createhome: "{{ item.createhome }}" + shell: "{{ item.shell }}" + password: "{{ item.password | default('*') }}" + update_password: "{{ item.update_password | default('on_create') }}" + state: "{{ item.state | default('present') }}" + loop: '{{ users_system_users }}' + no_log: true - name: ensure that the users can login with their ssh keys authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present @@ -58,13 +72,24 @@ - item.log_as_root is defined - not item.log_as_root - when: users_system_users is defined +- name: Manage additional users tags: users - -- block: + block: - name: Create additional users - user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }} - with_items: '{{ users_system_users_adjunct }}' + ansible.builtin.user: + name: "{{ item.login }}" + group: "{{ item.group | default(omit) }}" + groups: "{{ item.groups | default(omit) }}" + append: true + comment: "{{ item.name }}" + home: "{{ item.home }}/{{ item.login }}" + createhome: "{{ item.createhome }}" + shell: "{{ item.shell }}" + password: "{{ item.password | default('*') }}" + update_password: "{{ item.update_password | default('on_create') }}" + state: "{{ item.state | default('present') }}" + loop: '{{ users_system_users_adjunct }}' + no_log: true - name: ensure that the additional users can login with their ssh keys authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present @@ -85,7 +110,7 @@ - item.admin - ansible_distribution_file_variety == "RedHat" - - name: ensure that the additional users can login with their ssh keys as root if we want ensure direct access + - name: Ensure that the additional users can login with their ssh keys as root if we want ensure direct access authorized_key: user=root key="{{ item.ssh_key }}" state=present with_items: '{{ users_system_users_adjunct }}' when: @@ -101,9 +126,6 @@ - item.log_as_root is defined - not item.log_as_root - when: users_system_users_adjunct is defined - tags: users - - block: - name: Permit sudo without password on Deb based systems lineinfile: