ansible-roles/ansible-user
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: init role

Browse Source
This commit is contained in:
vincent 2023-01-15 11:05:39 +01:00
commit f1b471bc31
16 changed files with 362 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.yamllint Normal file
View File

@ -0,0 +1,33 @@
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable

41
README.md Normal file
View File

@ -0,0 +1,41 @@
ansible-user
=========
create user with ssh config
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
```
include_role:
name: "ansible-user"
vars:
user_name: "toto"
user_home: "/home/toto"
user_groups:
- docker
- video
user_shell: "/bin/zsh"
user_authorized_key:
- key1
- key2
user_privatekey:
- keyname: id_toto
key: dzedfz
```
License
-------
BSD

11
defaults/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
# defaults file for ansible-user
user_ldap: false
user_custom_host: []
user_name: ""
user_password: ""
user_groups: []
user_home: "/home/{{ user_name }}"
user_shell: "/bin/bash"
user_privatekey: []
user_autorized_key: []

2
handlers/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# handlers file for ssh_client

53
meta/main.yml Normal file
View File

@ -0,0 +1,53 @@
galaxy_info:
author: your name
namespace: vincentdcmps
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
# platforms:
# - name: Fedora
# versions:
# - all
# - 25
# - name: SomePlatform
# versions:
# - all
# - 1.0
# - 7
# - 99.99
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

15
molecule/default/INSTALL.rst Normal file
View File

@ -0,0 +1,15 @@
***********************************
Delegated driver installation guide
***********************************
Requirements
============
This driver is delegated to the developer. Up to the developer to implement
requirements.
Install
=======
This driver is delegated to the developer. Up to the developer to implement
requirements.

8
molecule/default/converge.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: "Include vincentdcmps.ssh_client"
ansible.builtin.include_role:
name: "vincentdcmps.ssh_client"

35
molecule/default/create.yml Normal file
View File

@ -0,0 +1,35 @@
---
- name: Create
hosts: localhost
connection: local
gather_facts: false
no_log: "{{ molecule_no_log }}"
tasks:
# TODO: Developer must implement and populate 'server' variable
- when: server.changed | default(false) | bool
block:
- name: Populate instance config dict
ansible.builtin.set_fact:
instance_conf_dict: {
'instance': "{{ }}",
'address': "{{ }}",
'user': "{{ }}",
'port': "{{ }}",
'identity_file': "{{ }}", }
with_items: "{{ server.results }}"
register: instance_config_dict
- name: Convert instance config dict to a list
ansible.builtin.set_fact:
instance_conf: "{{ instance_config_dict.results | map(attribute='ansible_facts.instance_conf_dict') | list }}"
- name: Dump instance config
ansible.builtin.copy:
content: |
# Molecule managed
{{ instance_conf | to_json | from_json | to_yaml }}
dest: "{{ molecule_instance_config }}"
mode: 0600

24
molecule/default/destroy.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Destroy
hosts: localhost
connection: local
gather_facts: false
no_log: "{{ molecule_no_log }}"
tasks:
# Developer must implement.
# Mandatory configuration for Molecule to function.
- name: Populate instance config
ansible.builtin.set_fact:
instance_conf: {}
- name: Dump instance config
ansible.builtin.copy:
content: |
# Molecule managed
{{ instance_conf | to_json | from_json | to_yaml }}
dest: "{{ molecule_instance_config }}"
mode: 0600
when: server.changed | default(false) | bool

11
molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,11 @@
---
dependency:
name: galaxy
driver:
name: delegated
platforms:
- name: instance
provisioner:
name: ansible
verifier:
name: ansible

10
molecule/default/verify.yml Normal file
View File

@ -0,0 +1,10 @@
---
# This is an example playbook to execute Ansible tests.
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Example assertion
ansible.builtin.assert:
that: true

58
tasks/main.yml Normal file
View File

@ -0,0 +1,58 @@
---
# tasks file for ansible-user
- name: Print user name
ansible.builtin.debug:
msg: {{ user_name }}
- name: Create system user
become: true
ansible.builtin.user:
name: '{{ user_name }}'
system: true
password: "{{ user_password|default('') }}"
groups: "{{ user_groups | join(',') }}"
home: "{{ user_home | default('/') }}"
shell: "{{ user_shell | default('/usr/bin/nologin') }}"
when: user_name != "root" and not user_ldap
- name: simulate login
stat:
path: "/home/{{user.name}}"
become: true
become_user: "{{user.name}}"
when: user_ldap
- name: Ensure .ssh exist for user
become: true
ansible.builtin.file:
state: directory
path: "{{ user_home | default('/') }}/.ssh"
owner: '{{ user_name }}'
mode: 0700
- name: Copy ssh config for user
become: true
ansible.builtin.template:
dest: "{{ user_home | default('/') }}/.ssh/config"
src: 'config.j2'
force: true
mode: '600'
selevel: s0
owner: '{{ user_name }}'
- name: Install ssh private key
become: true
ansible.builtin.copy:
content: '{{ item.key }}'
dest: '{{ user_home}}/.ssh/{{ item.keyname }}'
mode: 0600
owner: '{{ user_name }}'
with_items: '{{ user_privatekey }}'
- name: Deploy SSH-Keys to remote host
ansible.posix.authorized_key:
user: '{{ user_name }}'
key: '{{ item }}'
exclusive: false
with_items: '{{ user_authorized_key }}'

52
templates/config.j2 Normal file
View File

@ -0,0 +1,52 @@
# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
AddKeysToAgent yes
ForwardAgent yes
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
{% for item in user_custom_host %}
Host {{ item.host }}
Hostname {{ item.host }}
User {{ item.user }}
IdentityFile {{ item.keyfile }}
{% endfor %}

2
tests/inventory Normal file
View File

@ -0,0 +1,2 @@
localhost

5
tests/test.yml Normal file
View File

@ -0,0 +1,5 @@
---
- hosts: localhost
remote_user: root
roles:
- ansible-user

2
vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for ssh_client