dedicated ansible user and put out sssd role
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
vincent
parent
45cf522a89
commit
63ebc2878c
@ -3,4 +3,3 @@
|
||||
user:
|
||||
name: vincent
|
||||
uid: 1024
|
||||
userPassword: $6$GX8Mnp13vKWc1rye$HnFNZ/9oUg8K1rkaHJ1DKKk6IvWP0NP8K/dPOtLOfWjoVmQtx8MiF6eMEVJqjLZvCckDkg9AHjQzwQZfFGzED0
|
||||
|
||||
@ -67,10 +67,6 @@
|
||||
- 'ansible_distribution'
|
||||
- 'ansible_os_family'
|
||||
|
||||
- name: import sssd role for ldap support
|
||||
import_role:
|
||||
name: ansible-role-sssd
|
||||
|
||||
- name: zsh install
|
||||
package:
|
||||
state: present
|
||||
@ -90,26 +86,16 @@
|
||||
|
||||
- name: create profil
|
||||
user:
|
||||
name: "{{user.name}}" # required. Name of the user to create, remove or modify.
|
||||
name: "ansible" # required. Name of the user to create, remove or modify.
|
||||
create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
|
||||
password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
|
||||
system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
|
||||
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
|
||||
ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
|
||||
uid: "{{ user.uid }}"
|
||||
shell: /bin/bash
|
||||
when: sssd_configure is not defined or sssd_configure == false
|
||||
|
||||
- name: simulate login
|
||||
stat:
|
||||
path: "/home/{{user.name}}"
|
||||
become: true
|
||||
become_user: "{{user.name}}"
|
||||
when: sssd_configure == true
|
||||
|
||||
- name: set sudoers right
|
||||
lineinfile:
|
||||
dest: "/etc/sudoers.d/{{user.name}}"
|
||||
dest: "/etc/sudoers.d/ansible"
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
state: "present"
|
||||
@ -119,8 +105,8 @@
|
||||
mode: "0440"
|
||||
validate: 'visudo -cf "%s"'
|
||||
with_items:
|
||||
- regexp: '^{{user.name}}\s'
|
||||
line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
|
||||
- regexp: '^ansible\s'
|
||||
line: "ansible ALL = (ALL) NOPASSWD:ALL"
|
||||
|
||||
- name: Ensure /etc/sudoers includes /etc/sudoers.d
|
||||
lineinfile:
|
||||
@ -132,6 +118,6 @@
|
||||
|
||||
- name: Set authorized key taken from file
|
||||
authorized_key:
|
||||
user: "{{user.name}}"
|
||||
user: "ansible"
|
||||
state: present
|
||||
key: "{{ lookup('file', '/home/{{user.name}}/.ssh/id_rsa.pub') }}"
|
||||
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user