xpk/ansible.role.users
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

enh: role now takes a list of users in the userlist variable

Browse Source
This commit is contained in:
xpk
2019-05-03 19:50:29 +08:00
parent f374207c92
commit 1ee5043781
3 changed files with 24 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+7 -13
View File
@@ -4,16 +4,9 @@ Create user and optionally put user into sudoers. By default, user is added to s
URL: https://xpk.headdesk.me/git/xpk/role.users URL: https://xpk.headdesk.me/git/xpk/role.users
## Required variables:
```
user:
name: john
group: clientadmin
sudoers: yes/no
```
## Usage: ## Usage:
Create a playbook like this Provide the userlist, group, and sudoers variables in a playbook, e.g:
``` ```
--- ---
- name: create user user1 - name: create user user1
@@ -22,10 +15,11 @@ Create a playbook like this
roles: roles:
- role: users - role: users
vars: vars:
user: userlist:
name: user1 - foo1
group: staff - foo2
sudoers: yes group: staff
sudoers: yes
``` ```
## Tested on ## Tested on
genpw.py
-14
View File
@@ -1,14 +0,0 @@
#!/usr/bin/env python3
import string
import crypt
import threading
from random import *
characters = string.ascii_letters + "~@#%^*()-_+=23456789"
def genOne():
password = "".join(choice(characters) for x in range(randint(12, 16)));
salt = crypt.mksalt(method=crypt.METHOD_SHA512);
print (password, "|", crypt.crypt(password,salt=salt));
for i in range(4):
threading.Thread(target=genOne, args=()).start()
tasks/main.yml
+17 -11
View File
@@ -3,25 +3,31 @@
name: ssh_access name: ssh_access
state: present state: present
- set_fact: - name: Create user
plain_pass: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigitsi length=15') }}"
- name: Create user {{ user.name }}
user: user:
name: "{{ user.name }}" name: "{{item}}"
shell: /bin/bash shell: /bin/bash
groups: "{{ user.group }},ssh_access" groups: "{{ group }},ssh_access"
password: "{{ plain_pass | password_hash('sha512') }}" password: "{{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15') | password_hash('sha512')}}"
with_items: "{{userlist}}"
- name: Add user to sudoers - name: Add user to sudoers
lineinfile: lineinfile:
path: "/etc/sudoers.d/{{ user.name }}" path: "/etc/sudoers.d/{{item}}"
create: yes create: yes
line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL" line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
mode: 0440 mode: 0440
when: user.sudoers when: sudoers
with_items: "{{userlist}}"
- name: Display generated password - name: Display generated password
debug: debug:
msg: "Generated password for {{ user.name }}: {{ plain_pass }}" msg: "Generated password for {{item}}: {{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15')}}"
with_items: "{{userlist}}"
- name: Remove password files created by ansible
file:
path: cred.{{item}}.pass
state: absent
with_items: "{{userlist}}"