From 7feadf3945e8f6d6722f7d12f95b3be33b5f0179 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 7 Oct 2015 17:01:22 +0200 Subject: [PATCH] library/roles/dnet_user_services_perms: Manage the creation of users that will run services other than the dnet ones. --- dnet_user_services_perms/defaults/main.yml | 7 +++++-- .../tasks/dnet-other-services-users.yml | 6 ++++++ dnet_user_services_perms/tasks/dnet-users-data-dirs.yml | 2 +- dnet_user_services_perms/tasks/main.yml | 2 ++ 4 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 dnet_user_services_perms/tasks/dnet-other-services-users.yml diff --git a/dnet_user_services_perms/defaults/main.yml b/dnet_user_services_perms/defaults/main.yml index c19ff74..7c7017c 100644 --- a/dnet_user_services_perms/defaults/main.yml +++ b/dnet_user_services_perms/defaults/main.yml @@ -11,10 +11,13 @@ dnet_log_directories: - /var/log/dnet - /var/log/dnet/search +#dnet_other_services_users: +# - { user: 'dli', home: '/var/lib/dli_portal', createhome: True, shell: '/bin/bash' } + # Define the following if you want some directories readable and writable by the dnet group but outside the dnet app data dirs #dnet_users_data_directories: -# - { name: '/data/1', perms: 0755, create: True } -# - { name: '/data/2', create: False, perms: 0755, file: False } +# - { name: '/data/1', perms: 0755, create: True, file: False, owner: 'root', group: 'dnet' } +# - { name: '/data/2', create: False, perms: 0755, file: False, owner: 'root', group: 'dnet' } # - { name: '/data/bah', create: False, perms: 0644, file: True } # Define the following array when you want to add commands to the sudoers file diff --git a/dnet_user_services_perms/tasks/dnet-other-services-users.yml b/dnet_user_services_perms/tasks/dnet-other-services-users.yml new file mode 100644 index 0000000..ca513f9 --- /dev/null +++ b/dnet_user_services_perms/tasks/dnet-other-services-users.yml @@ -0,0 +1,6 @@ +--- +- name: Create users needed to operate services other than the dnet ones + user: name={{ item.user }} comment="{{ item.user }}" home={{ item.home }} createhome={{ item.createhome }} shell={{ item.shell }} + with_items: dnet_other_services_users + when: dnet_other_services_users is defined + tags: [ 'users', 'dnet' ] diff --git a/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml b/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml index 92b63c9..ee87f0b 100644 --- a/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml +++ b/dnet_user_services_perms/tasks/dnet-users-data-dirs.yml @@ -1,6 +1,6 @@ --- - name: Create the users dnet data dirs - file: name={{ item.name }} state=directory owner=root group={{ dnet_group }} mode={{ item.perms }} + file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }} with_items: dnet_users_data_directories when: item.create and not item.file tags: [ 'dnet', 'users' ] diff --git a/dnet_user_services_perms/tasks/main.yml b/dnet_user_services_perms/tasks/main.yml index da09584..2198621 100644 --- a/dnet_user_services_perms/tasks/main.yml +++ b/dnet_user_services_perms/tasks/main.yml @@ -1,6 +1,8 @@ --- - include: dnet-groups.yml - include: sudo-config.yml +- include: dnet-other-services-users.yml + when: dnet_other_services_users is defined - include: dnet-data-dirs.yml when: dnet_standard_installation - include: dnet-users-data-dirs.yml