ansible-roles/ansible_bootstrap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

adapt role for LDAP

Browse Source
This commit is contained in:
vincent 2021-08-18 18:11:16 +02:00
parent 126d91202e
commit d81fb9153a
1 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
tasks/main.yml
View File

@ -59,16 +59,23 @@
- name: create profil - name: create profil
user: user:
name: "{{user.name}}" # required. Name of the user to create, remove or modify. name: "{{user.name}}" # required. Name of the user to create, remove or modify.
create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5. create_home: yes # not required. Unless set to C(no), a home directory will be made for the user when the account is created or if the home directory does not exist.,Changed from C(createhome) to C(create_home) in version 2.5.
password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values. password: "{{userPassword}}" # not required. Optionally set the user's password to this crypted value.,On macOS systems, this value has to be cleartext. Beware of security issues.,See U(https://docs.ansible.com/ansible/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module) for details on various ways to generate these password values.
system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users. system: no # not required. When creating an account C(state=present), setting this to C(yes) makes the user a system account. This setting cannot be changed on existing users.
state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated. state: present # not required. choices: absent;present. Whether the account should exist or not, taking action if the state is different from what is stated.
ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory. ssh_key_file: .ssh/id_rsa # not required. Optionally specify the SSH key filename. If this is a relative filename then it will be relative to the user's home directory.
uid: "{{ user.uid }}" uid: "{{ user.uid }}"
shell: /bin/bash shell: /bin/bash
when: sssd_configure is not defined or sssd_configure == false
- name: simulate login
stat:
path: "/home/{{user.name}}"
become: true
become_user: "{{user.name}}"
when: sssd_configure == true
- name : set sudoers right
lineinfile: lineinfile:
dest: '/etc/sudoers.d/{{user.name}}' dest: '/etc/sudoers.d/{{user.name}}'
regexp: '{{ item.regexp }}' regexp: '{{ item.regexp }}'
@ -80,16 +87,15 @@
mode: '0440' mode: '0440'
validate: 'visudo -cf "%s"' validate: 'visudo -cf "%s"'
with_items: with_items:
- regexp: '^%{{user.name}}\s' - regexp: '^{{user.name}}\s'
line: '%{{user.name}} ALL = (ALL) NOPASSWD:ALL' line: "{{user.name}} ALL = (ALL) NOPASSWD:ALL"
- name: Ensure /etc/sudoers includes /etc/sudoers.d - name: Ensure /etc/sudoers includes /etc/sudoers.d
lineinfile: lineinfile:
dest: '/etc/sudoers' dest: "/etc/sudoers"
regexp: '^#includedir\s+/etc/sudoers.d$' regexp: '^#includedir\s+/etc/sudoers.d$'
line: '#includedir /etc/sudoers.d' line: "#includedir /etc/sudoers.d"
state: 'present' state: "present"
validate: 'visudo -cf "%s"' validate: 'visudo -cf "%s"'