ISTI-ansible-roles
/
ansible-role-users
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add users to additional groups. Remove users.

This commit is contained in:
Andrea Dell'Amico 2023-09-21 12:40:02 +02:00
parent 0a9c233ca4
commit 23fa2c9f7d
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
meta/main.yml
View File

@ -1,25 +1,23 @@
galaxy_info: galaxy_info:
author: Andrea Dell'Amico author: Andrea Dell'Amico
description: Systems Architect description: Role that manages users
company: ISTI-CNR company: ISTI-CNR
namespace: adellam
issue_tracker_url: https://redmine-s2i2s.isti.cnr.it/projects/provisioning role_name: users
license: EUPL 1.2+ license: EUPL 1.2+
min_ansible_version: "2.9"
min_ansible_version: 2.8
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms: platforms:
- name: Ubuntu - name: Ubuntu
versions: versions:
- bionic - bionic
- focal
- jammy
- name: EL - name: EL
versions: versions:
- 7 - "7"
- 8 - "8"
- "9"
galaxy_tags: galaxy_tags:
- users - users

48
tasks/main.yml
View File

@ -18,10 +18,24 @@
when: users_additional_groups is defined | bool when: users_additional_groups is defined | bool
tags: users tags: users
- block: - name: Manage the users of a system
- name: Create users tags: users
user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }} block:
with_items: '{{ users_system_users }}' - name: Manage the creation of deletion of users
ansible.builtin.user:
name: "{{ item.login }}"
group: "{{ item.group | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
append: true
comment: "{{ item.name }}"
home: "{{ item.home }}/{{ item.login }}"
createhome: "{{ item.createhome }}"
shell: "{{ item.shell }}"
password: "{{ item.password | default('*') }}"
update_password: "{{ item.update_password | default('on_create') }}"
state: "{{ item.state | default('present') }}"
loop: '{{ users_system_users }}'
no_log: true
- name: ensure that the users can login with their ssh keys - name: ensure that the users can login with their ssh keys
authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present
@ -58,13 +72,24 @@
- item.log_as_root is defined - item.log_as_root is defined
- not item.log_as_root - not item.log_as_root
when: users_system_users is defined - name: Manage additional users
tags: users tags: users
block:
- block:
- name: Create additional users - name: Create additional users
user: name={{ item.login }} group={{ item.group | default(omit) }} comment="{{ item.name }}" home={{ item.home }}/{{ item.login }} createhome={{ item.createhome }} shell={{ item.shell }} password={{ item.password | default('*') }} update_password={{ item.update_password | default('on_create') }} ansible.builtin.user:
with_items: '{{ users_system_users_adjunct }}' name: "{{ item.login }}"
group: "{{ item.group | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
append: true
comment: "{{ item.name }}"
home: "{{ item.home }}/{{ item.login }}"
createhome: "{{ item.createhome }}"
shell: "{{ item.shell }}"
password: "{{ item.password | default('*') }}"
update_password: "{{ item.update_password | default('on_create') }}"
state: "{{ item.state | default('present') }}"
loop: '{{ users_system_users_adjunct }}'
no_log: true
- name: ensure that the additional users can login with their ssh keys - name: ensure that the additional users can login with their ssh keys
authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present authorized_key: user="{{ item.login }}" key="{{ item.ssh_key }}" state=present
@ -85,7 +110,7 @@
- item.admin - item.admin
- ansible_distribution_file_variety == "RedHat" - ansible_distribution_file_variety == "RedHat"
- name: ensure that the additional users can login with their ssh keys as root if we want ensure direct access - name: Ensure that the additional users can login with their ssh keys as root if we want ensure direct access
authorized_key: user=root key="{{ item.ssh_key }}" state=present authorized_key: user=root key="{{ item.ssh_key }}" state=present
with_items: '{{ users_system_users_adjunct }}' with_items: '{{ users_system_users_adjunct }}'
when: when:
@ -101,9 +126,6 @@
- item.log_as_root is defined - item.log_as_root is defined
- not item.log_as_root - not item.log_as_root
when: users_system_users_adjunct is defined
tags: users
- block: - block:
- name: Permit sudo without password on Deb based systems - name: Permit sudo without password on Deb based systems
lineinfile: lineinfile: