From 3f60962ec689e94cbbb867c39f4e0b510e1e14ed Mon Sep 17 00:00:00 2001 From: "cees@cloudvps.com" Date: Fri, 23 Mar 2018 17:08:14 +0100 Subject: [PATCH] user initial commit --- user/README.md | 71 +++++++++++++++++++++++++++++++ user/tasks/main.yml | 67 +++++++++++++++++++++++++++++ user/templates/authorized_keys.j2 | 5 +++ 3 files changed, 143 insertions(+) create mode 100644 user/README.md create mode 100644 user/tasks/main.yml create mode 100644 user/templates/authorized_keys.j2 diff --git a/user/README.md b/user/README.md new file mode 100644 index 0000000..e9ed654 --- /dev/null +++ b/user/README.md @@ -0,0 +1,71 @@ +# Role user + +A role to create users. + +# Usage + +Include in role: + +```yaml +- hosts: all + role: + - user + +``` + +In group_vars or host_vars: + +```yaml +group: + - groupname + +user: + - name: piet + password: "(See link below)" + home: /home/piet + createhome: yes + groups: automotive + state: present + shell: /bin/bash + generate_ssh_keys: yes + sshpubkey: "ssh-rsa AA...BB" + sshpubkeys: + - "ssh-rsa AA...BB" + - "ssh-rsa AA...BB" +``` + + +## Requirements / Dependencies + +* None + +## Supported system + +* Ubuntu + +## Installation + +No extra steps needed. + +## Role Variables + +|Name|Type|Description|Default| +|----|----|-----------|-------| +`name`|string|username|`-` +`password`|string|password|`-` +`update_password`|string|update_password|`on_create` +`home`|string|homefolder|`-` +`createhome`|bool|optional|`yes` +`groups`|string|optional|`users` +`state`|string|optional|`present` +`shell`|string|optional|`/bin/bash` +`generate_ssh_keys`|bool|optional|`no` +`sshpubkey`|string|optional|`"ssh-rsa AA...BB"` +`sshpubkeys`|list|optional|`"- ssh-rsa AA...BB"` + + +## Generate user password hash: + +pwgen -s -1 | tee pwd | mkpasswd -m sha-512 -s ;cat pwd + +http://docs.ansible.com/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module diff --git a/user/tasks/main.yml b/user/tasks/main.yml new file mode 100644 index 0000000..420a700 --- /dev/null +++ b/user/tasks/main.yml @@ -0,0 +1,67 @@ +--- + +- name: create groups + group: + name={{ item }} + with_items: '{{group}}' + when: group is defined + tags: user + +- name: create users + user: + name={{ item.name }} + password={{ item.password }} + home={{ item.home }} + createhome={{ item.createhome|default("yes") }} + groups={{ item.groups|default("users") }} + append=yes + state={{ item.state|default("present") }} + shell={{ item.shell|default("/bin/bash") }} + update_password={{ item.update_password|default("on_create") }} + generate_ssh_key={{ item.generate_ssh_key|default("yes") }} + with_items: '{{user}}' + when: user is defined + tags: user + +- name: create {{ item.home }}/.ssh/ + file: + path={{ item.home }}/.ssh + state=directory + group={{ item.name }} + owner={{ item.name }} + mode=0700 + with_items: '{{user}}' + when: user is defined and (item.sshpubkey is defined or item.sshpubkeys is defined) + ignore_errors: true + tags: user + +- name: create .ssh/authorized_keys + file: + path={{ item.home }}/.ssh/authorized_keys + state=touch + with_items: '{{user}}' + when: user is defined and item.sshpubkey is defined + ignore_errors: true + tags: user + +- name: add ssh-pub-key + lineinfile: + dest={{ item.home }}/.ssh/authorized_keys + line={{ item.sshpubkey }} + with_items: '{{user}}' + when: user is defined and item.sshpubkey is defined + ignore_errors: true + tags: user + +- name: add ssh-pub-key via template + template: + src=authorized_keys.j2 + dest={{ item.home }}/.ssh/authorized_keys + backup=yes + with_items: '{{user}}' + when: user is defined and item.sshpubkeys is defined + ignore_errors: true + tags: + - user + - sshpubkeys + diff --git a/user/templates/authorized_keys.j2 b/user/templates/authorized_keys.j2 new file mode 100644 index 0000000..64f725d --- /dev/null +++ b/user/templates/authorized_keys.j2 @@ -0,0 +1,5 @@ +{% set sshpubkeys = item.sshpubkeys|default(false) %} +{% for sshkey in sshpubkeys %} +{{ sshkey }} +{% endfor %} +