From f1b471bc31614442831362bc48bf6b4efc8b4f85 Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 15 Jan 2023 11:05:39 +0100 Subject: [PATCH] feat: init role --- .yamllint | 33 ++++++++++++++++++++ README.md | 41 +++++++++++++++++++++++++ defaults/main.yml | 11 +++++++ handlers/main.yml | 2 ++ meta/main.yml | 53 ++++++++++++++++++++++++++++++++ molecule/default/INSTALL.rst | 15 +++++++++ molecule/default/converge.yml | 8 +++++ molecule/default/create.yml | 35 +++++++++++++++++++++ molecule/default/destroy.yml | 24 +++++++++++++++ molecule/default/molecule.yml | 11 +++++++ molecule/default/verify.yml | 10 ++++++ tasks/main.yml | 58 +++++++++++++++++++++++++++++++++++ templates/config.j2 | 52 +++++++++++++++++++++++++++++++ tests/inventory | 2 ++ tests/test.yml | 5 +++ vars/main.yml | 2 ++ 16 files changed, 362 insertions(+) create mode 100644 .yamllint create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 molecule/default/INSTALL.rst create mode 100644 molecule/default/converge.yml create mode 100644 molecule/default/create.yml create mode 100644 molecule/default/destroy.yml create mode 100644 molecule/default/molecule.yml create mode 100644 molecule/default/verify.yml create mode 100644 tasks/main.yml create mode 100644 templates/config.j2 create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/README.md b/README.md new file mode 100644 index 0000000..811c7d3 --- /dev/null +++ b/README.md @@ -0,0 +1,41 @@ +ansible-user +========= + +create user with ssh config + + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + +``` +include_role: + name: "ansible-user" +vars: + user_name: "toto" + user_home: "/home/toto" + user_groups: + - docker + - video + user_shell: "/bin/zsh" + user_authorized_key: + - key1 + - key2 + user_privatekey: + - keyname: id_toto + key: dzedfz + +``` + +License +------- + +BSD + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..494f179 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,11 @@ +--- +# defaults file for ansible-user +user_ldap: false +user_custom_host: [] +user_name: "" +user_password: "" +user_groups: [] +user_home: "/home/{{ user_name }}" +user_shell: "/bin/bash" +user_privatekey: [] +user_autorized_key: [] diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..e0a16e6 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for ssh_client diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..926466f --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + namespace: vincentdcmps + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/molecule/default/INSTALL.rst b/molecule/default/INSTALL.rst new file mode 100644 index 0000000..1b38d09 --- /dev/null +++ b/molecule/default/INSTALL.rst @@ -0,0 +1,15 @@ +*********************************** +Delegated driver installation guide +*********************************** + +Requirements +============ + +This driver is delegated to the developer. Up to the developer to implement +requirements. + +Install +======= + +This driver is delegated to the developer. Up to the developer to implement +requirements. diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..26a81a5 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,8 @@ +--- +- name: Converge + hosts: all + gather_facts: false + tasks: + - name: "Include vincentdcmps.ssh_client" + ansible.builtin.include_role: + name: "vincentdcmps.ssh_client" diff --git a/molecule/default/create.yml b/molecule/default/create.yml new file mode 100644 index 0000000..09489e3 --- /dev/null +++ b/molecule/default/create.yml @@ -0,0 +1,35 @@ +--- +- name: Create + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ molecule_no_log }}" + tasks: + + # TODO: Developer must implement and populate 'server' variable + + - when: server.changed | default(false) | bool + block: + - name: Populate instance config dict + ansible.builtin.set_fact: + instance_conf_dict: { + 'instance': "{{ }}", + 'address': "{{ }}", + 'user': "{{ }}", + 'port': "{{ }}", + 'identity_file': "{{ }}", } + with_items: "{{ server.results }}" + register: instance_config_dict + + - name: Convert instance config dict to a list + ansible.builtin.set_fact: + instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}" + + - name: Dump instance config + ansible.builtin.copy: + content: | + # Molecule managed + + {{ instance_conf | to_json | from_json | to_yaml }} + dest: "{{ molecule_instance_config }}" + mode: 0600 diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml new file mode 100644 index 0000000..dd6e220 --- /dev/null +++ b/molecule/default/destroy.yml @@ -0,0 +1,24 @@ +--- +- name: Destroy + hosts: localhost + connection: local + gather_facts: false + no_log: "{{ molecule_no_log }}" + tasks: + # Developer must implement. + + # Mandatory configuration for Molecule to function. + + - name: Populate instance config + ansible.builtin.set_fact: + instance_conf: {} + + - name: Dump instance config + ansible.builtin.copy: + content: | + # Molecule managed + + {{ instance_conf | to_json | from_json | to_yaml }} + dest: "{{ molecule_instance_config }}" + mode: 0600 + when: server.changed | default(false) | bool diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..74c8557 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,11 @@ +--- +dependency: + name: galaxy +driver: + name: delegated +platforms: + - name: instance +provisioner: + name: ansible +verifier: + name: ansible diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml new file mode 100644 index 0000000..e707420 --- /dev/null +++ b/molecule/default/verify.yml @@ -0,0 +1,10 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + gather_facts: false + tasks: + - name: Example assertion + ansible.builtin.assert: + that: true diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..1d9f84f --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# tasks file for ansible-user +- name: Print user name + ansible.builtin.debug: + msg: {{ user_name }} +- name: Create system user + become: true + ansible.builtin.user: + name: '{{ user_name }}' + system: true + password: "{{ user_password|default('') }}" + groups: "{{ user_groups | join(',') }}" + home: "{{ user_home | default('/') }}" + shell: "{{ user_shell | default('/usr/bin/nologin') }}" + when: user_name != "root" and not user_ldap +- name: simulate login + stat: + path: "/home/{{user.name}}" + become: true + become_user: "{{user.name}}" + when: user_ldap + +- name: Ensure .ssh exist for user + become: true + ansible.builtin.file: + state: directory + path: "{{ user_home | default('/') }}/.ssh" + owner: '{{ user_name }}' + mode: 0700 + +- name: Copy ssh config for user + become: true + ansible.builtin.template: + dest: "{{ user_home | default('/') }}/.ssh/config" + src: 'config.j2' + force: true + mode: '600' + selevel: s0 + owner: '{{ user_name }}' + + +- name: Install ssh private key + become: true + ansible.builtin.copy: + content: '{{ item.key }}' + dest: '{{ user_home}}/.ssh/{{ item.keyname }}' + mode: 0600 + owner: '{{ user_name }}' + with_items: '{{ user_privatekey }}' + +- name: Deploy SSH-Keys to remote host + ansible.posix.authorized_key: + user: '{{ user_name }}' + key: '{{ item }}' + exclusive: false + with_items: '{{ user_authorized_key }}' + + diff --git a/templates/config.j2 b/templates/config.j2 new file mode 100644 index 0000000..4f30269 --- /dev/null +++ b/templates/config.j2 @@ -0,0 +1,52 @@ +# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + + Host * + AddKeysToAgent yes + ForwardAgent yes +# ForwardX11 no +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# IdentityFile ~/.ssh/id_ecdsa +# IdentityFile ~/.ssh/id_ed25519 +# Port 22 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com +# RekeyLimit 1G 1h +{% for item in user_custom_host %} +Host {{ item.host }} + Hostname {{ item.host }} + User {{ item.user }} + IdentityFile {{ item.keyfile }} +{% endfor %} diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..4d83f75 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-user diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..1f4fc8c --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for ssh_client