gitadmin
/
ansible-development-environment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-development-environ.../roles/users/README.md

6.5 KiB
Raw Blame History

users

Ansible logo Build status

The purpose of this role is to add users and groups on your system.

Example Playbook

This example is taken from molecule/resources/playbook.yml and is tested on each push, pull request and release.

---
- name: Converge
  hosts: all
  become: yes
  gather_facts: yes

  vars:
    users_group_list:
      - name: robertdb
        gid: 1024
      - name: users
      - name: notgroup
        state: absent

    users_user_list:
      - name: root
        cron_allow: yes
      - name: robertdb
        comment: Robert de Bock
        uid: 1024
        group: robertdb
        groups: users
        cron_allow: yes
        sudo_options: "ALL=(ALL) NOPASSWD: ALL"
        authorized_key: "ssh-rsa ABC123"
      - name: notuser
        state: absent
      - name: keyuser
        manage_ssh_key: yes
      - name: privkeyuser
        manage_ssh_key: yes
        copy_private_key: yes
      - name: multiplekeys
        authorized_keys:
          - "ssh-rsa ABC1234"
          - "ssh-rsa ABC12345"
      - name: mixedkeys
        authorized_key: "ssh-rsa ABC123456"
        authorized_keys:
          - "ssh-rsa ABC1234567"
          - "ssh-rsa ABC12345678"
      - name: passuser
        password: "$6$mysecretsalt$qJbapG68nyRab3gxvKWPUcs2g3t0oMHSHMnSKecYNpSi3CuZm.GbBqXO8BE6EI6P1JUefhA0qvD7b5LSh./PU1"
        update_password: on_create

  roles:
    - robertdebock.users

The machine you are running this on, may need to be prepared, I use this playbook to ensure everything is in place to let the role work.

---
- name: Prepare
  hosts: all
  gather_facts: no
  become: yes

  roles:
    - robertdebock.bootstrap
    - robertdebock.core_dependencies

Also see a full explanation and example on how to use these roles.

Role Variables

These variables are set in defaults/main.yml:

---
# defaults file for users

# The location to store ssh keys for user
users_ssh_key_directory: ssh_keys

# The default shell if not overwritten.
users_shell: /bin/bash

# manage cron permissions via /etc/cron.allow
users_cron_allow: true

# A list of groups and properties.
# users_group_list:
#   - name: robertdb
#     gid: 1024
#   - name: notgroup
#     state: absent

# A list of users and properties.
# users_user_list:
#   - name: root
#     cron_allow: yes
#   - name: robertdb
#     comment: Robert de Bock
#     uid: 1024
#     group: robertdb
#     groups: users,wheel
#     cron_allow: yes
#     sudo_options: "ALL=(ALL) NOPASSWD: ALL"
#     authorized_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5"
#      authorized_keys:
#        - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWswOogkZz/ihQA0lENCwDwSzmtmBWtFwzIzDlfa+eb4rBt6rZBg7enKeMqYtStI/NDneBwZUFBDIMu5zJTbvg7A60/WDhWXZmU21tZnm8K7KREFYOUndc6h//QHig6IIaIwwBZHF1NgXLtZ0qrUUlNU5JSEhDJsObMlPHtE4vFP8twPnfc7hxAnYma5+knU6qTMCDvhBE5tGJdor4UGeAhu+SwSVDloYtt1vGTmnFn8M/OD/fRMksusPefxyshJ37jpB4jY/Z9vzaNHwcj33prwl1b/xRfxr/+KRJsyq+ZKs9u2TVw9g4p+XLdfDtzZ8thR2P3x3MFrZOdFmCbo/5"
#     copy_private_key: yes
#   - name: notuser
#     state: absent
#   - name: keyuser
#     manage_ssh_key: yes
#   - name: specificshell
#     shell: "/bin/ksh"

Requirements

  • Access to a repository containing packages, likely on the internet.
  • A recent version of Ansible. (Tests run on the current, previous and next release of Ansible.)

The following roles can be installed to ensure all requirements are met, using ansible-galaxy install -r requirements.yml:

---
- robertdebock.bootstrap
- robertdebock.core_dependencies

Context

This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.

Here is an overview of related roles: dependencies

Compatibility

This role has been tested on these container images:

container tags
amazon all
alpine all
archlinux all
debian all
el 7, 8
fedora all
opensuse all
ubuntu artful, bionic

The minimum version of Ansible required is 2.8 but tests have been done to:

  • The previous version, on version lower.
  • The current version.
  • The development version.

Testing

Unit tests are done on every commit, pull request, release and periodically.

If you find issues, please register them in GitHub

Testing is done using Tox and Molecule:

Tox tests multiple ansible versions. Molecule tests multiple distributions.

To test using the defaults (any installed ansible version, namespace: robertdebock, image: fedora, tag: latest):

molecule test

# Or select a specific image:
image=ubuntu molecule test
# Or select a specific image and a specific tag:
image="debian" tag="stable" tox

Or you can test multiple versions of Ansible, and select images: Tox allows multiple versions of Ansible to be tested. To run the default (namespace: robertdebock, image: fedora, tag: latest) tests:

tox

# To run CentOS (namespace: `robertdebock`, tag: `latest`)
image="centos" tox
# Or customize more:
image="debian" tag="stable" tox

Modules

This role uses the following modules:

---
- authorized_key
- command
- copy
- file
- group
- include
- shell
- template
- user

License

Apache-2.0

Author Information

Robert de Bock