aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/user_add/tasks/main.yaml
diff options
context:
space:
mode:
authorpmikus <pmikus@cisco.com>2021-04-08 10:44:18 +0000
committerPeter Mikus <pmikus@cisco.com>2021-04-08 11:17:15 +0000
commitdf5672b3d9c29b51397f4770eb992c9f3f3955ce (patch)
treeadb4cf36c9b680ebbc44c953391a0d21b986d6b7 /fdio.infra.ansible/roles/user_add/tasks/main.yaml
parent8018da98e0f362bc69fc9600fac222a86fd46b5e (diff)
Ansible git move
+ Better accessibility + Compliant with fdio.infra._function_ - function [pxe|terraform|ansible|vagrant] + dill==0.3.3 also applied on TBs - ci-man to follow today - Docs to be updated in separate patch Signed-off-by: pmikus <pmikus@cisco.com> Change-Id: Iff9eaa29d63044188cc8160db2d9b44b7635782a
Diffstat (limited to 'fdio.infra.ansible/roles/user_add/tasks/main.yaml')
-rw-r--r--fdio.infra.ansible/roles/user_add/tasks/main.yaml48
1 files changed, 48 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
new file mode 100644
index 0000000000..f980aff84d
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -0,0 +1,48 @@
+---
+# file: roles/user_add/tasks/main.yaml
+
+- name: Conf - Add User
+ user:
+ append: "{{ item.append | default(omit) }}"
+ createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
+ generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
+ groups: "{{ item.groups | join(',') if 'groups' in item else '' }}"
+ name: "{{ item.username }}"
+ password: "{{ item.password if item.password is defined else '!' }}"
+ shell: "{{ item.shell if item.shell is defined else users_shell }}"
+ state: present
+ with_items: "{{ users }}"
+ tags:
+ - user-add-conf
+
+- name: Conf - SSH keys
+ authorized_key:
+ user: "{{ item.0.username }}"
+ key: "{{ item.1 }}"
+ with_subelements:
+ - "{{ users }}"
+ - ssh_key
+ - skip_missing: yes
+ tags:
+ - user-add-conf
+
+- name: Conf - Allow Password Login
+ lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^PasswordAuthentication no"
+ line: "PasswordAuthentication yes"
+ notify:
+ - "Restart SSHd"
+ tags:
+ - user-add-conf
+
+- name: Conf - Add Visudo Entry
+ lineinfile:
+ dest: "/etc/sudoers"
+ state: present
+ line: "{{ item.username }} ALL=(ALL) NOPASSWD: ALL"
+ validate: "visudo -cf %s"
+ with_items: "{{ users }}"
+ tags:
+ - user-add-conf
+