xpk/ansible.role.users
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

enh: role now takes a list of users in the userlist variable

Browse Source
This commit is contained in:
xpk
2019-05-03 19:50:29 +08:00
parent f374207c92
commit 1ee5043781
3 changed files with 24 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+5 -11
View File
@@ -4,16 +4,9 @@ Create user and optionally put user into sudoers. By default, user is added to s
URL: https://xpk.headdesk.me/git/xpk/role.users
## Required variables:
```
user:
name: john
group: clientadmin
sudoers: yes/no
```
## Usage:
Create a playbook like this
Provide the userlist, group, and sudoers variables in a playbook, e.g:
```
---
- name: create user user1
@@ -22,8 +15,9 @@ Create a playbook like this
roles:
- role: users
vars:
user:
name: user1
userlist:
- foo1
- foo2
group: staff
sudoers: yes
```
genpw.py
-14
View File
@@ -1,14 +0,0 @@
#!/usr/bin/env python3
import string
import crypt
import threading
from random import *
characters = string.ascii_letters + "~@#%^*()-_+=23456789"
def genOne():
password = "".join(choice(characters) for x in range(randint(12, 16)));
salt = crypt.mksalt(method=crypt.METHOD_SHA512);
print (password, "|", crypt.crypt(password,salt=salt));
for i in range(4):
threading.Thread(target=genOne, args=()).start()
tasks/main.yml
+17 -11
View File
@@ -3,25 +3,31 @@
name: ssh_access
state: present
- set_fact:
plain_pass: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigitsi length=15') }}"
- name: Create user {{ user.name }}
- name: Create user
user:
name: "{{ user.name }}"
name: "{{item}}"
shell: /bin/bash
groups: "{{ user.group }},ssh_access"
password: "{{ plain_pass | password_hash('sha512') }}"
groups: "{{ group }},ssh_access"
password: "{{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15') | password_hash('sha512')}}"
with_items: "{{userlist}}"
- name: Add user to sudoers
lineinfile:
path: "/etc/sudoers.d/{{ user.name }}"
path: "/etc/sudoers.d/{{item}}"
create: yes
line: "{{ user.name }} ALL=(ALL) NOPASSWD: ALL"
line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
mode: 0440
when: user.sudoers
when: sudoers
with_items: "{{userlist}}"
- name: Display generated password
debug:
msg: "Generated password for {{ user.name }}: {{ plain_pass }}"
msg: "Generated password for {{item}}: {{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15')}}"
with_items: "{{userlist}}"
- name: Remove password files created by ansible
file:
path: cred.{{item}}.pass
state: absent
with_items: "{{userlist}}"