From df5672b3d9c29b51397f4770eb992c9f3f3955ce Mon Sep 17 00:00:00 2001
From: pmikus <pmikus@cisco.com>
Date: Thu, 8 Apr 2021 10:44:18 +0000
Subject: Ansible git move

+ Better accessibility
+ Compliant with fdio.infra._function_
  - function [pxe|terraform|ansible|vagrant]
+ dill==0.3.3 also applied on TBs
  - ci-man to follow today
- Docs to be updated in separate patch

Signed-off-by: pmikus <pmikus@cisco.com>
Change-Id: Iff9eaa29d63044188cc8160db2d9b44b7635782a
---
 .../roles/user_add/defaults/main.yaml              | 11 +++++
 .../roles/user_add/handlers/main.yaml              |  7 ++++
 fdio.infra.ansible/roles/user_add/tasks/main.yaml  | 48 ++++++++++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 fdio.infra.ansible/roles/user_add/defaults/main.yaml
 create mode 100644 fdio.infra.ansible/roles/user_add/handlers/main.yaml
 create mode 100644 fdio.infra.ansible/roles/user_add/tasks/main.yaml

(limited to 'fdio.infra.ansible/roles/user_add')

diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
new file mode 100644
index 0000000000..56f5098f12
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
@@ -0,0 +1,11 @@
+---
+# file: roles/user_add/defaults/main.yaml
+
+# Default shell for a user if none is specified.
+users_shell: /bin/bash
+
+# Default create home dirs for new users.
+users_create_homedirs: true
+
+# Default list of users to create.
+users: []
diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
new file mode 100644
index 0000000000..960f573b48
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
@@ -0,0 +1,7 @@
+---
+# file: roles/user_add/handlers/main.yaml
+
+- name: Restart SSHd
+  service:
+    name: sshd
+    state: restarted
diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
new file mode 100644
index 0000000000..f980aff84d
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -0,0 +1,48 @@
+---
+# file: roles/user_add/tasks/main.yaml
+
+- name: Conf - Add User
+  user:
+    append: "{{ item.append | default(omit) }}"
+    createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
+    generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
+    groups: "{{ item.groups | join(',') if 'groups' in item else '' }}"
+    name: "{{ item.username }}"
+    password: "{{ item.password if item.password is defined else '!' }}"
+    shell: "{{ item.shell if item.shell is defined else users_shell }}"
+    state: present
+  with_items: "{{ users }}"
+  tags:
+    - user-add-conf
+
+- name: Conf - SSH keys
+  authorized_key:
+    user: "{{ item.0.username }}"
+    key: "{{ item.1 }}"
+  with_subelements:
+    - "{{ users }}"
+    - ssh_key
+    - skip_missing: yes
+  tags:
+    - user-add-conf
+
+- name: Conf - Allow Password Login
+  lineinfile:
+    dest: "/etc/ssh/sshd_config"
+    regexp: "^PasswordAuthentication no"
+    line: "PasswordAuthentication yes"
+  notify:
+    - "Restart SSHd"
+  tags:
+    - user-add-conf
+
+- name: Conf - Add Visudo Entry
+  lineinfile:
+    dest: "/etc/sudoers"
+    state: present
+    line: "{{ item.username }} ALL=(ALL) NOPASSWD: ALL"
+    validate: "visudo -cf %s"
+  with_items: "{{ users }}"
+  tags:
+    - user-add-conf
+
-- 
cgit 1.2.3-korg