Browse Source

Migrate all user tasks to new user manage role

users
Lilian Roller 1 year ago
parent
commit
84433e8673
No account linked to committer's email address
3 changed files with 25 additions and 107 deletions
  1. +7
    -2
      README.md
  2. +11
    -0
      tasks/delete_keys.yml
  3. +7
    -105
      tasks/main.yml

+ 7
- 2
README.md View File

@@ -6,10 +6,16 @@ Ansible Rolle to manage and deploy ssh keys of admin and non-admin users
---------------
It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.<br/>
The following roles are tested in combination and work well - at least for the user [DO1JLR](https://github.com/do1jlr):
- [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git) *(will be created soon)*
- [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git)
- [github.com/chaos-bodensee/role-ssh_authorized_keys](https://github.com/chaos-bodensee/role-ssh_authorized_keys.git) *(this one)*
- [github.com/chaos-bodensee/role_sshd](https://github.com/chaos-bodensee/role_sshd.git)

```txt
Protipp:

Deploy the manage_users role *before* deploying the ssh keys.
If the user does not exist it is hard to add a ssh key for him!
```

Variables
---------
@@ -85,4 +91,3 @@ accounts:
ssh-keygen -t ed25519
```



+ 11
- 0
tasks/delete_keys.yml View File

@@ -6,6 +6,15 @@
path: '/root/.ssh/authorized_keys'
changed_when: False

- name: Create .ssh directory for root
become: yes
file:
path: '/root/.ssh'
state: directory
owner: root
group: root
mode: 'u=rwx,g=,o='

- name: delete ansible ssh keys
become: true
file:
@@ -14,3 +23,5 @@
ignore_errors: yes
failed_when: false
changed_when: False



+ 7
- 105
tasks/main.yml View File

@@ -2,80 +2,16 @@
- include_tasks: versioncheck.yml
when: submodules_versioncheck|bool

- name: Setup local users ssh keys
include_tasks: ssh_user.yml
with_dict: '{{ users }}'
loop_control:
loop_var: local_user_data

- include_tasks: delete_keys.yml
when: manage_all_keys | bool

- name: Create .ssh directory for root
become: yes
file:
path: '/root/.ssh'
state: directory
owner: root
group: root
mode: 'u=rwx,g=,o='

- name: Add admin group
become: yes
group:
name: 'admins'
state: present

- name: Add individual group
become: yes
group:
name: '{{ item }}'
state: present
with_items: '{{ accounts }}'

- name: Add local users
become: yes
user:
name: '{{ item }}'
shell: '/bin/bash'
groups: '{{ item }}'
append: no
with_items: '{{ accounts }}'
changed_when: false

- name: Copy .bashrc for local users
become: yes
copy:
src: 'files/home_environment/bashrc'
dest: '/home/{{ item }}/.bashrc'
owner: '{{ item }}'
group: '{{ item }}'
mode: 'u=rw,g=r,o='
with_items: '{{ accounts }}'
when: home_sweet_home|bool

- name: Add ansible user
become: yes
user:
name: 'ansible'
shell: '/bin/bash'
groups: 'admins'
append: yes

- name: Create .ssh directory for user ansible
become: yes
file:
path: '/home/ansible/.ssh'
state: directory
owner: ansible
group: admins
mode: 'u=rwx,g=,o='
changed_when: False

- name: Copy .bashrc for user ansible
become: yes
copy:
src: 'files/home_environment/bashrc'
dest: '/home/ansible/.bashrc'
owner: ansible
group: admins
mode: 'u=rw,g=r,o='

- name: Setup ssh keys for admins
- name: Setup ssh keys for admin users
include_tasks: ssh_root.yml
with_dict: '{{ users }}'
loop_control:
@@ -89,37 +25,3 @@
key: "{{ lookup('file', '{{ item }}') }}"
when: grant_special_ssh_root_access | bool
with_items: "{{ root_ssh_keys }}"

- name: Create /etc/sudoers.d directory
become: yes
file:
path: '/etc/sudoers.d'
state: directory
owner: root
group: root
mode: 'u=rwx,g=x,o=x'

- name: Copy sudoers file
become: yes
copy:
src: 'files/home_environment/sudoers'
dest: '/etc/sudoers.d/ansible'
owner: root
group: root
mode: 'u=r,g=r,o='
validate: /usr/sbin/visudo -cf %s

- name: adding existing user '{{ item }}' to group admins
become: yes
user:
name: '{{ item }}'
groups: admins
append: yes
with_items: '{{ admins }}'
changed_when: false

- name: Setup local users ssh keys
include_tasks: ssh_user.yml
with_dict: '{{ users }}'
loop_control:
loop_var: local_user_data

Loading…
Cancel
Save