gitadmin
/
ansible-development-environment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-development-environ.../roles/users/README.md

236 lines
6.5 KiB
Markdown
Raw Blame History

users
=========
<img src="https://docs.ansible.com/ansible-tower/3.2.4/html_ja/installandreference/_static/images/logo_invert.png" width="10%" height="10%" alt="Ansible logo" align="right"/>
<a href="https://travis-ci.org/robertdebock/ansible-role-users"> <img src="https://travis-ci.org/robertdebock/ansible-role-users.svg?branch=master" alt="Build status"/></a> <img src="https://img.shields.io/ansible/role/d/29201"/> <img src="https://img.shields.io/ansible/quality/29201"/>
The purpose of this role is to add users and groups on your system.
Example Playbook
----------------
This example is taken from `molecule/resources/playbook.yml` and is tested on each push, pull request and release.
```yaml
---
- name: Converge
hosts: all
become: yes
gather_facts: yes
vars:
users_group_list:
- name: robertdb
gid: 1024
- name: users
- name: notgroup
state: absent
users_user_list:
- name: root
cron_allow: yes
- name: robertdb
comment: Robert de Bock
uid: 1024
group: robertdb
groups: users
cron_allow: yes
sudo_options: "ALL=(ALL) NOPASSWD: ALL"
authorized_key: "ssh-rsa ABC123"
- name: notuser
state: absent
- name: keyuser
manage_ssh_key: yes
- name: privkeyuser
manage_ssh_key: yes
copy_private_key: yes
- name: multiplekeys
authorized_keys:
- "ssh-rsa ABC1234"
- "ssh-rsa ABC12345"
- name: mixedkeys
authorized_key: "ssh-rsa ABC123456"
authorized_keys:
- "ssh-rsa ABC1234567"
- "ssh-rsa ABC12345678"
- name: passuser
password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
update_password: on_create
roles:
- robertdebock.users
```
The machine you are running this on, may need to be prepared, I use this playbook to ensure everything is in place to let the role work.
```yaml
---
- name: Prepare
hosts: all
gather_facts: no
become: yes
roles:
- robertdebock.bootstrap
- robertdebock.core_dependencies
```
Also see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.
Role Variables
--------------
These variables are set in `defaults/main.yml`:
```yaml
---
# defaults file for users
# The location to store ssh keys for user
users_ssh_key_directory: ssh_keys
# The default shell if not overwritten.
users_shell: /bin/bash
# manage cron permissions via /etc/cron.allow
users_cron_allow: true
# A list of groups and properties.
# users_group_list:
# - name: robertdb
# gid: 1024
# - name: notgroup
# state: absent
# A list of users and properties.
# users_user_list:
# - name: root
# cron_allow: yes
# - name: robertdb
# comment: Robert de Bock
# uid: 1024
# group: robertdb
# groups: users,wheel
# cron_allow: yes
# sudo_options: "ALL=(ALL) NOPASSWD: ALL"
# authorized_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5"
# authorized_keys:
# - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5"
# copy_private_key: yes
# - name: notuser
# state: absent
# - name: keyuser
# manage_ssh_key: yes
# - name: specificshell
# shell: "/bin/ksh"
```
Requirements
------------
- Access to a repository containing packages, likely on the internet.
- A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.)
The following roles can be installed to ensure all requirements are met, using `ansible-galaxy install -r requirements.yml`:
```yaml
---
- robertdebock.bootstrap
- robertdebock.core_dependencies
```
Context
-------
This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.
Here is an overview of related roles:
![dependencies](https://raw.githubusercontent.com/robertdebock/drawings/artifacts/users.png "Dependency")
Compatibility
-------------
This role has been tested on these [container images](https://hub.docker.com/):
|container|tags|
|---------|----|
|amazon|all|
|alpine|all|
|archlinux|all|
|debian|all|
|el|7, 8|
|fedora|all|
|opensuse|all|
|ubuntu|artful, bionic|
The minimum version of Ansible required is 2.8 but tests have been done to:
- The previous version, on version lower.
- The current version.
- The development version.
Testing
-------
[Unit tests](https://travis-ci.org/robertdebock/ansible-role-users) are done on every commit, pull request, release and periodically.
If you find issues, please register them in [GitHub](https://github.com/robertdebock/ansible-role-users/issues)
Testing is done using [Tox](https://tox.readthedocs.io/en/latest/) and [Molecule](https://github.com/ansible/molecule):
[Tox](https://tox.readthedocs.io/en/latest/) tests multiple ansible versions.
[Molecule](https://github.com/ansible/molecule) tests multiple distributions.
To test using the defaults (any installed ansible version, namespace: `robertdebock`, image: `fedora`, tag: `latest`):
```
molecule test
# Or select a specific image:
image=ubuntu molecule test
# Or select a specific image and a specific tag:
image="debian" tag="stable" tox
```
Or you can test multiple versions of Ansible, and select images:
Tox allows multiple versions of Ansible to be tested. To run the default (namespace: `robertdebock`, image: `fedora`, tag: `latest`) tests:
```
tox
# To run CentOS (namespace: `robertdebock`, tag: `latest`)
image="centos" tox
# Or customize more:
image="debian" tag="stable" tox
```
Modules
-------
This role uses the following modules:
```yaml
---
- authorized_key
- command
- copy
- file
- group
- include
- shell
- template
- user
```
License
-------
Apache-2.0
Author Information
------------------
[Robert de Bock](https://robertdebock.nl/)
Reference in New Issue View Git Blame Copy Permalink